move to to major version 1

[jmgurney]

I would recommend that this project moves to major version 1.

Per semver (https://semver.org/):

Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.

This is a very bad guarantee for a security program like this.

[jedisct1]

The format is stable, and there are no reasons to change it, besides adding support for a PQ scheme, but that can be done without breaking backward compatibility.

Minisign has been here since 2015, and signatures from 2015 can still be verified with all current implementations.

The C implementation itself, I don't know :) It's very stable as well, and the common options to generate/verify signatures are unlikely to change.

Some other command-line flags are not very consistent with other implementations. This is fine, but maybe something that's still worth changing before a 1.0 tag is added. So please allow me to do so before committing to not being able to make any changes to the CLI ever ever.

[jedisct1]

There's a minimal self-contained implementation in Zig that only does verification. Maybe tagging that one 1.0 first would be reasonable. I'll see :)

[jmgurney]

It's not so much not being able to change the CLI, but ensuring that the existing CLI is stable, that is -V will always be verify or how to specify keys will remain the same. New options can be added, and new functionality as well in a 1.x updates.