Formalize and document backwards compatibility policy

FiloSottile / age

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

https://age-encryption.org

BSD 3-Clause "New" or "Revised" License

15.95k stars 482 forks source link

Formalize and document backwards compatibility policy #216

Closed FiloSottile closed 2 years ago

FiloSottile commented 3 years ago

We want age files to keep decrypting forever, but what that actually means around major versions, security upgrades, and CLI behavior needs formalizing. See #215.

FiloSottile commented 3 years ago

For the CLI, this should be documented in the man page. We want the CLI to be forever backwards compatible.

For the API, this should be documented in the package doc. The v1 API will be backwards compatible with files encrypted by the v1 API, but a v2 API might not. The v1 module version will be forever available and supported with security patches in that case.