doc: announce 1.0.0 stable release

* Add a document that announces a stable "modern
  implementation"-only 1.0.0 release, with the following contents:
  - the scheduled release date
  - contents of release (metadata API, ngclient, no legacy code)
  - legacy code deprecation note (adr 2)
  - note about lack of repository tool (adr 10)
  - migration instructions

* Add "important notice" to head of main README, pointing to above
  document.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This commit is contained in:
Lukas Puehringer 2021-12-01 15:22:50 +01:00
parent 03cf3339ef
commit d06ca61570
2 changed files with 50 additions and 0 deletions

43
1.0.0-ANNOUNCEMENT.md Normal file
View file

@ -0,0 +1,43 @@
# Announcing TUF 1.0.0
In the past year we have made an effort to revise, redesign and rewrite this
python-tuf reference implementation, and we are very excited to announce a
stable 1.0.0 release scheduled for January 2022. The release *will* include:
- a modern low-level [*metadata
API*](https://theupdateframework.readthedocs.io/en/latest/api/tuf.api.html)
- a fully specification-compliant [*updater
client*](https://theupdateframework.readthedocs.io/en/latest/api/tuf.ngclient.html),
serving as a more robust and yet more flexible stand-in replacement
for the legacy client updater
As discussed in [ADR 2](docs/adr/0002-pre-1-0-deprecation-strategy.md), this
release *will not* include any legacy code, as its maintenance has become
infeasible for the python-tuf team. The pre-1.0.0 deprecation strategy from ADR
2 applies as follows:
> *Bugs reported with tuf versions prior to 1.0.0 will likely not be addressed
directly by tufs maintainers. Pull Requests to fix bugs in the last release
prior to 1.0.0 will be considered, and merged (subject to normal review
processes). Note that there may be delays due to the lack of developer resources
for reviewing such pull requests.*
For the reasons outlined in [ADR 10](docs/adr/0010-repository-library-design.md
), this release *will not yet* include a new *repository tool*. However, the new
*metadata API* makes it easy to replicate the desired functionality tailored to
the specific needs of any given repository (see *Migration* for details).
## Migration
Given the clean cut with the legacy reference implementation, we provide the
following migration support:
- detailed code documentation on
[https://theupdateframework.readthedocs.io](https://theupdateframework.readthedocs.io/)
- verbose [code examples](examples/) for *client updater* usage, and
repository-side operations based on the low-level *metadata API*
- individual migration support upon
[request](https://github.com/theupdateframework/python-tuf#contact)
- targeted migration support initiative for known users

View file

@ -6,6 +6,13 @@
[![CII](https://bestpractices.coreinfrastructure.org/projects/1351/badge)](https://bestpractices.coreinfrastructure.org/projects/1351)
[![PyPI](https://img.shields.io/pypi/v/tuf)](https://pypi.org/project/tuf/)
----------------------------
*__IMPORTANT NOTICE:__ A stable 1.0.0 release of the modern implementation only
is scheduled for January 2022. Please see the [*1.0.0
announcement*](1.0.0-ANNOUNCEMENT.md) page for more details about the release
and the deprecation of the legacy implementation, including migration
instructions.*
----------------------------
This repository is the **reference implementation** of
[The Update Framework (TUF)](https://theupdateframework.github.io/).