Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/theupdateframework/specification

The Update Framework specification
https://github.com/theupdateframework/specification

Last synced: 4 days ago
JSON representation

The Update Framework specification

Awesome Lists containing this project

README 

        
The Update Framework specification

----------------------------------



- `latest stable `_

- `current draft `_

- `new changes since latest stable `_

- `release history `_



Contact

-------



Please contact us via our `mailing list

`_.



Questions, feedback, and suggestions are welcomed on this low volume mailing

list.  We strive to make the specification easy to implement, so if you come

across any inconsistencies or experience any difficulty, do let us know by

sending an email, or by reporting an issue in the `specification repo

`_.



License

-------



This work is distributed under the Community Specification License

Please see `LICENSE.md

`_.



Versioning

----------



The TUF specification uses `Semantic Versioning 2.0.0 `_

(semver) for its version numbers, and a gitflow-based release management:



- The 'master' branch of this repository always points to the latest stable

  version of the specification.

- The 'draft' branch of this repository always points to the latest development

  version of the specification and must always be based off of the latest

  'master' branch.

- Contributors must submit changes as pull requests against these branches,

  depending on the type of the change (see semver rules).

- For patch-type changes, pull requests may be submitted directly against the

  'master' branch.

- For major- and minor-type changes, pull requests must be submitted against

  the 'draft' branch.

- Maintainers may, from time to time, decide that the 'draft' branch is ready

  for a new major or minor release, and submit a pull request from 'draft'

  against 'master'.

- Before merging a branch with 'master' the 'last modified date' and 'version'

  in the specification header must be bumped.

- Merges with 'master' that originate from the 'draft' branch must bump either

  the major or minor version number.

- Merges with 'master' that originate from any other branch must bump the patch

  version number.

- Merges with 'master' must be followed by a git tag for the new version

  number.

- Merges with 'master' must be followed by a rebase of 'draft' onto 'master'.



Keep track of new TUF releases

------------------------------



There's a reusable workflow that can be used by projects to keep track of

new TUF specification releases. It automatically opens an issue to notify

the project in case the released version is different from what the project

states it supports.



The workflow, along with an example of how to use it, can be found at - `.github/workflows/check-latest-spec-version.yml

`_.



Acknowledgements

----------------



This project is managed by the Linux Foundation under the Cloud Native

Computing Foundation. The consensus builder for the TUF specification is

`Prof. Justin Cappos `_

of the `Secure Systems Lab `_ at

`New York University `_.

The `maintainers <./MAINTAINERS.md>`_ are comprised of collaborators from

academia and industry.



Contributors and maintainers are governed by the

`CNCF Community Code of Conduct `_.



We'd like to thank

Justin Samuel, Roger Dingledine, Nick Matthewson, Trishank Karthik Kuppusamy, and

all of the TAP authors for their contributions to the TUF spec.



This material is based upon work supported by the National Science Foundation

under Grant Nos. CNS-1345049 and CNS-0959138. Any opinions, findings, and

conclusions or recommendations expressed in this material are those of the

author(s) and do not necessarily reflect the views of the National Science

Foundation.