Add missing git tag for 0.11.3 release about securesystemslib HOT 6 CLOSED

@koobs, the 0.11.3-release was git-tagged as sslibv0.11.3, you can check the signatures on the release page over the corresponding files on PyPI. Or is the tag-name an issue?

@awwad, do you know why we switched to prefixing sslib? AFICS the prevalent tag-formats are v<semver> or just <semver>.

from securesystemslib.

@lukpueh It's an issue with regard to automatic update detectors that downstreams use (incl FreeBSD) that look for either (or both) pure-version tags or name-version tags upstream to detect new versions.

The most standard convention that's easiest to predict/parse is: X.Y.X (no prefix/suffix)

from securesystemslib.

Okay, noted for upcoming releases, @koobs. Is there anything you need us to do for past releases?

Out of curiosity, do you (others?) not scan for v<semver> release tags? They seem to be pretty common too (see e.g. this not yet released semver FAQ).

from securesystemslib.

Anything consistent is fine, as we can codify that prefix into the 'distribution version'. That aside I prefer prefix/suffix-less (and I see more python package upstreams dropping 'v' lately), but I won't die on that hill :)

from securesystemslib.

As far as past/future releases go, other than #166 it looks OK

from securesystemslib.

I made a mental note to go back to vX.Y.Z in future releases. And I also opened a ticket to make this a guideline (see secure-systems-lab/lab-guidelines#20). Thanks again for your valuable input, @koobs! Closing here...

from securesystemslib.