[WIP] Add metadata version to gittuf metadata

gittuf / gittuf

A security layer for Git repositories

https://gittuf.dev

Apache License 2.0

439 stars 28 forks source link

[WIP] Add metadata version to gittuf metadata #430

Open patzielinski opened 2 weeks ago

patzielinski commented 2 weeks ago

This PR adds a version field to the gittuf metadata to indicate what gittuf should expect when parsing metadata. This is useful for cases such as #326, where the underlying metadata is upgraded with a breaking change to support teams.

The TUF metadata has a metadata_version JSON property added for the root and targets metadata to signal what version said metadata aligns with.

JustinCappos commented 2 weeks ago

Semver seems to be the standard / expected.

One concern is whether it would match the gittuf client version number.

I would argue for something that clearly doesn't match the client version (and is hard to confuse with it) but which follows semver. Like spec 100.0.0