Hi George, All,
Thanks for the thoughts. Can I assume that you suggest to stay with option 1?
The semantic versioning was proposed several times and sounds reasonable because it gives a meaning to each version component so downstream projects could rely on it.
Yes, a version of a product represents some quality status but in my view that depends on convention. For downstream projects reference, TF-M issues releases periodically so a version represents a stable point in time and occasionally brings
new features / fixes.
Cheers,
Anton
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Gyorgy Szing via TF-M
Sent: 16 November 2020 08:17
To: tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: Re: [TF-M] Semantic versioning
Hi,
I miss something here. What is being discussed, what is the purpose of changing version numbering?
I have the feeling different people are talking about different sub-topics.
I think the most important purpose or having release numbers is to express quality. It could help on version numbers if quality would be defined cleaner.
/George
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Kevin Peng via TF-M
Sent: 16 November 2020 09:06
To: David Hu <David.Hu@arm.com>; David Wang <David.Wang@arm.com>; Anton Komlev <Anton.Komlev@arm.com>;
tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: Re: [TF-M] Semantic versioning
I would vote for Option 3, and “.2” - Backport the fixing patches to the existing v1.x.0 tag. –
This provides the flexibility to have a released version with critical fixes only.
If TF-M users want all the changes between the release and the fix they can take the master branch as well.
Best Regards,
Kevin
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of David Hu via TF-M
Sent: Monday, November 16, 2020 3:45 PM
To: David Wang <David.Wang@arm.com>;
tf-m@lists.trustedfirmware.org; Anton Komlev <Anton.Komlev@arm.com>
Cc: nd <nd@arm.com>
Subject: Re: [TF-M] Semantic versioning
Hi Anton,
Option 3 seems more reasonable to me.
Hi David,
I think we can leave tag v1.x.0 as it is and create a new tag v1.x.1 for this critical fix on master branch. It can be more easier to distinguish between tags.
Best regards,
Hu Ziji
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of David Wang via TF-M
Sent: Monday, November 16, 2020 2:53 PM
To: tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: Re: [TF-M] Semantic versioning
Hi Anton,
Option 3 is a good.
Just to clarify, for example, if v1.x.0 released, and we got a critical fix 2 months later. Then in your proposal, we:
Thanks.
Regards,
David Wang
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Kevin Townsend via TF-M
Sent: Saturday, November 14, 2020 3:45 AM
To: Anton Komlev <Anton.Komlev@arm.com>
Cc: nd <nd@arm.com>;
tf-m@lists.trustedfirmware.org
Subject: Re: [TF-M] Semantic versioning
Hi Anton,
Option 3 seems the most sensible to me for a project like TF-M at this stage.
Best regards,
Kevin
On Fri, 13 Nov 2020 at 20:19, Anton Komlev via TF-M <tf-m@lists.trustedfirmware.org> wrote:
Hi,
I would like to continue the discussion on TF-M semantic versioning started on the last tech forum.
Currently TF-M uses a loosely defined versioning schema with major and minor versions, following TF-A.
There are several calls to switch TF-M to semantic versioning.
Here is the reminder of the meaning: (https://semver.org/) v1.2.3 :
- MAJOR version when you make incompatible API changes,
- MINOR version when you add functionality in a backwards compatible manner, and
- PATCH version when you make backwards compatible bug fixes.
This is a good way to go for a mature project but TF-M will overkill from everyday re-versioning because of new patches. It was discussed on the forum and several options were proposed:
- Do nothing, reasonably bumping up versions on release time only.
- Use semantic versioning ignoring changes in PATCH by keeping it 0. So upcoming version could be: v1.2.0, next v1.3.0 and nothing in between.
- Use option 2 but change PATCH when critical code change delivered within release cadence like a security vulnerability fix to let down-stream project relay on a fixed version.
- Other ideas?
Personally I tend to follow option 3 but looking for the community input.
Thanks,
Anton.
--
TF-M mailing list
TF-M@lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m