mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
doc: announce 1.0.0 stable release
* Add a document that announces a stable "modern implementation"-only 1.0.0 release, with the following contents: - the scheduled release date - contents of release (metadata API, ngclient, no legacy code) - legacy code deprecation note (adr 2) - note about lack of repository tool (adr 10) - migration instructions * Add "important notice" to head of main README, pointing to above document. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This commit is contained in:
parent
03cf3339ef
commit
d06ca61570
2 changed files with 50 additions and 0 deletions
43
1.0.0-ANNOUNCEMENT.md
Normal file
43
1.0.0-ANNOUNCEMENT.md
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
# Announcing TUF 1.0.0
|
||||
|
||||
In the past year we have made an effort to revise, redesign and rewrite this
|
||||
python-tuf reference implementation, and we are very excited to announce a
|
||||
stable 1.0.0 release scheduled for January 2022. The release *will* include:
|
||||
- a modern low-level [*metadata
|
||||
API*](https://theupdateframework.readthedocs.io/en/latest/api/tuf.api.html)
|
||||
- a fully specification-compliant [*updater
|
||||
client*](https://theupdateframework.readthedocs.io/en/latest/api/tuf.ngclient.html),
|
||||
serving as a more robust and yet more flexible stand-in replacement
|
||||
for the legacy client updater
|
||||
|
||||
As discussed in [ADR 2](docs/adr/0002-pre-1-0-deprecation-strategy.md), this
|
||||
release *will not* include any legacy code, as its maintenance has become
|
||||
infeasible for the python-tuf team. The pre-1.0.0 deprecation strategy from ADR
|
||||
2 applies as follows:
|
||||
|
||||
> *Bugs reported with tuf versions prior to 1.0.0 will likely not be addressed
|
||||
directly by tuf’s maintainers. Pull Requests to fix bugs in the last release
|
||||
prior to 1.0.0 will be considered, and merged (subject to normal review
|
||||
processes). Note that there may be delays due to the lack of developer resources
|
||||
for reviewing such pull requests.*
|
||||
|
||||
For the reasons outlined in [ADR 10](docs/adr/0010-repository-library-design.md
|
||||
), this release *will not yet* include a new *repository tool*. However, the new
|
||||
*metadata API* makes it easy to replicate the desired functionality tailored to
|
||||
the specific needs of any given repository (see *Migration* for details).
|
||||
|
||||
|
||||
|
||||
|
||||
## Migration
|
||||
|
||||
Given the clean cut with the legacy reference implementation, we provide the
|
||||
following migration support:
|
||||
|
||||
- detailed code documentation on
|
||||
[https://theupdateframework.readthedocs.io](https://theupdateframework.readthedocs.io/)
|
||||
- verbose [code examples](examples/) for *client updater* usage, and
|
||||
repository-side operations based on the low-level *metadata API*
|
||||
- individual migration support upon
|
||||
[request](https://github.com/theupdateframework/python-tuf#contact)
|
||||
- targeted migration support initiative for known users
|
||||
|
|
@ -6,6 +6,13 @@
|
|||
[](https://bestpractices.coreinfrastructure.org/projects/1351)
|
||||
[](https://pypi.org/project/tuf/)
|
||||
|
||||
----------------------------
|
||||
*__IMPORTANT NOTICE:__ A stable 1.0.0 release of the modern implementation only
|
||||
is scheduled for January 2022. Please see the [*1.0.0
|
||||
announcement*](1.0.0-ANNOUNCEMENT.md) page for more details about the release
|
||||
and the deprecation of the legacy implementation, including migration
|
||||
instructions.*
|
||||
|
||||
----------------------------
|
||||
This repository is the **reference implementation** of
|
||||
[The Update Framework (TUF)](https://theupdateframework.github.io/).
|
||||
|
|
|
|||
Loading…
Reference in a new issue