Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release v??? #767

Closed
wants to merge 1 commit into from
Closed

Release v??? #767

wants to merge 1 commit into from

Conversation

lukpueh
Copy link
Member

@lukpueh lukpueh commented Apr 3, 2024

  • bump version in init.py
  • add changelog entry

@lukpueh
Release v0.32.0
b5dd50b 
- bump version in __init__.py
- add changelog entry

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
@jku
Copy link
Collaborator

jku commented Apr 4, 2024

Just so we remember:

This release should not happen

  • until users of python-tuf have had time to update to tuf 4.0
  • and maybe even until the main users of python-tuf have made a release

This is because especially tuf.ngclient users may not be direct securesystemslib users so may not pin the securesystemslib version.

@jku jku mentioned this pull request Apr 4, 2024
Closed
@jku
Copy link
Collaborator

jku commented Apr 8, 2024
edited
Loading

Just documenting some users:

  • python-tuf 4.0 caps securesystemslib < 0.32
  • tuf-on-ci 0.9 caps securesystemslib < 0.32
  • root-signing-staging has upgraded to tuf-on-ci 0.9 so caps securesystemslib < 0.32
  • sigstore-python main uses python-tuf 4.0, sigstore-python 2.1.5 caps securesystemslib
  • rstuf apparently already pins securesystemslib

@lukpueh
Copy link
Member Author

lukpueh commented Apr 11, 2024

Just documenting some users:

  • in-toto 2.3.0 caps securesystemslib < 0.32

lukpueh
lukpueh commented Apr 11, 2024
View reviewed changes
CHANGELOG.md
@@ -1,5 +1,19 @@
# Changelog

## securesystemslib v0.32.0
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we make this 1.0.0 already?

I submitted a host of PRs yesterday to remove all legacy code (#731). If we merge those, I think we are ready.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see why not, at least not immediately

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before we tag 1.0.0 we should remove disclaimers like this:

https://github.com/secure-systems-lab/securesystemslib/blame/main/docs/signer.rst#L62-L67

(there may be others)

@dennisvang dennisvang mentioned this pull request Apr 19, 2024
Merged
@jku
Copy link
Collaborator

jku commented Apr 29, 2024

This is something I would have like before 1.0: securesystemslib/py.typed and complete annotations for public api

Notes on that

  • leave _gpg and _vendor unannotated,

  • this is still a lot of work because of how hash and formats are written -- I guess we could just annotate them with "Any" (with the idea that it's better to get signer annotations used even if hash and formats are not).

  • there's still some missing annotations because we don't currently enable

      disallow_untyped_defs = True
  disallow_incomplete_defs = True

I think I would rather get a release out and then start improving that situation

@jku jku changed the title Release v0.32.0 Release v??? Apr 29, 2024
@jku jku mentioned this pull request Apr 29, 2024
Closed
This was referenced Apr 29, 2024
Merged
Merged
@jku
Copy link
Collaborator

jku commented May 2, 2024

superseded by #807

@jku jku closed this May 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jku jku jku left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lukpueh @jku