Comments (6)
@koobs, the 0.11.3-release was git-tagged as sslibv0.11.3
, you can check the signatures on the release page over the corresponding files on PyPI. Or is the tag-name an issue?
@awwad, do you know why we switched to prefixing sslib
? AFICS the prevalent tag-formats are v<semver>
or just <semver>
.
from securesystemslib.
@lukpueh It's an issue with regard to automatic update detectors that downstreams use (incl FreeBSD) that look for either (or both) pure-version tags or name-version tags upstream to detect new versions.
The most standard convention that's easiest to predict/parse is: X.Y.X (no prefix/suffix)
from securesystemslib.
Okay, noted for upcoming releases, @koobs. Is there anything you need us to do for past releases?
Out of curiosity, do you (others?) not scan for v<semver>
release tags? They seem to be pretty common too (see e.g. this not yet released semver FAQ).
from securesystemslib.
Anything consistent is fine, as we can codify that prefix into the 'distribution version'. That aside I prefer prefix/suffix-less (and I see more python package upstreams dropping 'v' lately), but I won't die on that hill :)
from securesystemslib.
As far as past/future releases go, other than #166 it looks OK
from securesystemslib.
I made a mental note to go back to vX.Y.Z in future releases. And I also opened a ticket to make this a guideline (see secure-systems-lab/lab-guidelines#20). Thanks again for your valuable input, @koobs! Closing here...
from securesystemslib.
Related Issues (20)
- How should I load signers for immediate signing, e.g. in CLI? HOT 2
- Does `AWSSigner.import_()` really require scheme string? HOT 8
- "ecdsa-sha2-nistp256" wrongly used as default scheme for any "ecdsa" key
- signer api: clarify keyids in signatures HOT 2
- fix permisssions on check-upstream-ed25519 workflow
- ed25519 upstream has new commits
- ecdsa keytypes issue, again HOT 1
- Remove legacy interfaces/implementation HOT 3
- Auto-update pre-commit plugins HOT 4
- Issues for KubeCon EU contribfest HOT 2
- review default signer & key selection HOT 3
- AzureSigner: import_ may return *unsupported* ecdsa-sha2-nistp521 scheme
- AWSSigner: may return *incorrect* ecdsa-sha2-nistp512 scheme
- SSlibKey: consider stronger validation of keytype/scheme for keyval HOT 1
- SigstoreSigner is temporarily broken HOT 2
- gpg tests fail if a yubikey is connected HOT 3
- Get a CryptographyDeprecationWarning just calling generate_ecdsa_key() HOT 2
- CryptoSigner should expose private key bytes
- 1.0 release HOT 3
- VaultSigner test unexpectedly does not depend on environment variables
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from securesystemslib.