[openssl-project] Release strategy updates & other policies

Matt Caswell matt at openssl.org
Tue Sep 25 13:15:32 UTC 2018

On 25/09/18 14:09, Tim Hudson wrote:
> On Tue, Sep 25, 2018 at 11:02 PM Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
>     You're right on this one. I misread the diff.
> Not a problem - you are doing the look-at-what-we-did and how it would
> be impacted - and that is certainly what we should be doing - working
> through what impact this would have had.
> Semantic versioning is a major change in behaviour with a focus on the
> API being directly reflected in the versioning scheme.
> It does mean that a lot of how we have handled things in the past in
> terms of what was okay to go into a patch release changes.
> Patch release become*pure bug fix *with no API changes (of any form)
> releases and that is very different. 
> We have taken a relatively flexible interpretation - and put in a lot
> more than bug fixes into the letter (patch) releases - we have added
> upwards compatible API additions.
> It would also mean our LTS releases are MAJOR.MINOR - as the PATCH is
> the fixes we will apply - so it isn't part of the LTS designation as such.
> e.g. 5.0.x would be the marker - not 5.0.0 - so 5.0 in shorthand form. 

This is where we disagree. My proposal is that the LTS designation would
be 5 (not 5.0.x or 5.0.0). We would continue to do updates as we have
done except we would have to classify our changes on the LTS branch as
either API affecting (e.g. new accessor) or just a bug fix. If the
former then the new version becomes an update to the MINOR number,
otherwise it is an update to the PATCH number.

I think it is an absolute non-starter to disallow all API affecting
changes in an LTS release (or indeed any stable release).


More information about the openssl-project mailing list