doc: announce 1.0.0 stable release #1706
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| # Announcing TUF 1.0.0 | ||
|
|
||
| In the past year we have made an effort to revise, redesign and rewrite this | ||
| python-tuf reference implementation, and we are very excited to announce a | ||
| stable 1.0.0 release scheduled for January 2022. The release *will* include: | ||
| - a modern low-level [*metadata | ||
| API*](https://theupdateframework.readthedocs.io/en/latest/api/tuf.api.html) | ||
| - a fully specification-compliant [*updater | ||
| client*](https://theupdateframework.readthedocs.io/en/latest/api/tuf.ngclient.html), | ||
| serving as a more robust and yet more flexible stand-in replacement | ||
| for the legacy client updater | ||
|
|
||
| As discussed in [ADR 2](docs/adr/0002-pre-1-0-deprecation-strategy.md), this | ||
| release *will not* include any legacy code, as its maintenance has become | ||
| infeasible for the python-tuf team. The pre-1.0.0 deprecation strategy from ADR | ||
| 2 applies as follows: | ||
|
|
||
| > *Bugs reported with tuf versions prior to 1.0.0 will likely not be addressed | ||
| directly by tuf’s maintainers. Pull Requests to fix bugs in the last release | ||
| prior to 1.0.0 will be considered, and merged (subject to normal review | ||
| processes). Note that there may be delays due to the lack of developer resources | ||
| for reviewing such pull requests.* | ||
|
|
||
| For the reasons outlined in [ADR 10](docs/adr/0010-repository-library-design.md | ||
| ), this release *will not yet* include a new *repository tool*. However, the new | ||
| *metadata API* makes it easy to replicate the desired functionality tailored to | ||
| the specific needs of any given repository (see *Migration* for details). | ||
|
Comment on lines
+26
to
+27
Collaborator
There was a problem hiding this comment. I think if we are citing ADR10 then maybe we should mention something about the
Member
There was a problem hiding this comment. We don't think they'll be available (or at least not stable) by 1.0.0 so talking about them might be premature. But maybe it would make sense to mention that we do plan to offer more on the repository side soon, just not quite in 1.0.0 (this is in response to the earlier comments) |
||
|
|
||
|
|
||
|
|
||
|
|
||
| ## Migration | ||
|
|
||
| Given the clean cut with the legacy reference implementation, we provide the | ||
| following migration support: | ||
|
|
||
| - detailed code documentation on | ||
| [https://theupdateframework.readthedocs.io](https://theupdateframework.readthedocs.io/) | ||
| - verbose [code examples](examples/) for *client updater* usage, and | ||
| repository-side operations based on the low-level *metadata API* | ||
| - individual migration support upon | ||
| [request](https://github.com/theupdateframework/python-tuf#contact) | ||
| - targeted migration support initiative for known users | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,6 +6,13 @@ | |
| [](https://bestpractices.coreinfrastructure.org/projects/1351) | ||
| [](https://pypi.org/project/tuf/) | ||
|
|
||
| ---------------------------- | ||
| *__IMPORTANT NOTICE:__ A stable 1.0.0 release of the modern implementation only | ||
| is scheduled for January 2022. Please see the [*1.0.0 | ||
| announcement*](1.0.0-ANNOUNCEMENT.md) page for more details about the release | ||
| and the deprecation of the legacy implementation, including migration | ||
| instructions.* | ||
|
Contributor
There was a problem hiding this comment.
IMO, It sounds like we have a kind of documentation explaining how to migrate from current version to 1.0.0. Not sure if expressing as "migration instructions" fits here. That sounds more when you have a software/product/service and transparent steps to migrate, avoiding issues during this process. We are deprecating the client.py and repo.py, and we don't have a kind of migration instructions for it. We provide a new repository API and a new powerful Updater library to implement the new repository and client tool.
Collaborator
There was a problem hiding this comment. I think the idea here is that we want our current users using the old client and repository API to eventually migrate to the new code.
Member
Author
There was a problem hiding this comment. @kairoaraujo, I agree that the section at the bottom of the new document, which I'm referencing here, is not a migration guide in the strict sense and as you describe it, but it is a set of instructions that should help users to migrate from pre-1.0.0 to 1.0.0. I suggest we leave it for the lack of a better term, unless someone has a good idea. |
||
|
|
||
| ---------------------------- | ||
| This repository is the **reference implementation** of | ||
| [The Update Framework (TUF)](https://theupdateframework.github.io/). | ||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.