From c408549be3bd7c6fd0c3b50f84c67110b31b1c32 Mon Sep 17 00:00:00 2001 From: Lukas Puehringer Date: Wed, 1 Dec 2021 15:22:50 +0100 Subject: [PATCH] doc: announce 1.0.0 stable release * Add a document that announces a stable "modern implementation"-only 1.0.0 release, with the following contents: - the scheduled release date - contents of release (metadata API, ngclient, no legacy code) - legacy code deprecation note (adr 2) - note about lack of repository rool (adr 10) - migration instructions * Add "important notice" to head of main README, pointing to above document. Signed-off-by: Lukas Puehringer --- 1.0.0-ANNOUNCEMENT.md | 43 +++++++++++++++++++++++++++++++++++++++++++ README.md | 7 +++++++ 2 files changed, 50 insertions(+) create mode 100644 1.0.0-ANNOUNCEMENT.md diff --git a/1.0.0-ANNOUNCEMENT.md b/1.0.0-ANNOUNCEMENT.md new file mode 100644 index 0000000000..8d95c7bdb1 --- /dev/null +++ b/1.0.0-ANNOUNCEMENT.md @@ -0,0 +1,43 @@ +# Announcing TUF 1.0.0 + +In the past year we have made an effort to revise, redesign and rewrite this +python-tuf reference implementation, and we are very excited to announce a +stable 1.0.0 release scheduled for January 2022. The release *will* include: +- a modern low-level [*metadata + API*](https://theupdateframework.readthedocs.io/en/latest/api/tuf.api.html) +- a fully specification-compliant [*updater + client*](https://theupdateframework.readthedocs.io/en/latest/api/tuf.ngclient.html), + serving as a more robust and yet more flexible stand-in replacement + for the legacy client updater + +As discussed in [ADR 2](docs/adr/0002-pre-1-0-deprecation-strategy.md), this +release *will not* include any legacy code, as its maintenance has become +infeasible for the python-tuf team. The pre-1.0.0 deprecation strategy from ADR +2 applies as follows: + +> *Bugs reported with tuf versions prior to 1.0.0 will likely not be addressed +directly by tuf’s maintainers. Pull Requests to fix bugs in the last release +prior to 1.0.0 will be considered, and merged (subject to normal review +processes). Note that there may be delays due to the lack of developer resources +for reviewing such pull requests.* + +For the reasons outlined in [ADR 10](docs/adr/0010-repository-library-design.md +), this release *will not* include a new *repository tool*. However, the new +*metadata API* makes it easy to replicate the desired functionality tailored to +the specific needs of a any given repository (see *Migration* for details). + + + + +## Migration + +Given the clean cut with the legacy reference implementation, we provide the +following migration support: + +- detailed code documentation on + [https://theupdateframework.readthedocs.io](https://theupdateframework.readthedocs.io/) +- verbose [code examples](examples/) for *client updater* usage, and + repository-side operations based on the low-level *metadata API* +- individual migration support upon + [request](https://github.com/theupdateframework/python-tuf#contact) +- targeted migration support initiative for known users diff --git a/README.md b/README.md index 80a4f8ea5e..946244910c 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,13 @@ [![CII](https://bestpractices.coreinfrastructure.org/projects/1351/badge)](https://bestpractices.coreinfrastructure.org/projects/1351) [![PyPI](https://img.shields.io/pypi/v/tuf)](https://pypi.org/project/tuf/) +---------------------------- +*__IMPORTANT NOTICE:__ A stable 1.0.0 release of the modern implementation only +is scheduled for January 2022. Please see the [*1.0.0 +announcement*](1.0.0-ANNOUNCEMENT.md) page for more details about the release +and the deprecation of the legacy implementation, including migration +instructions.* + ---------------------------- This repository is the **reference implementation** of [The Update Framework (TUF)](https://theupdateframework.github.io/).