Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How do we use semver to reference versions of the trees etc? #252

Closed
2 tasks
Tracked by #323
, #322
...
ahouseholder opened this issue Jun 27, 2023 · 6 comments
Closed
2 tasks
Tracked by #323
, #322
...

How do we use semver to reference versions of the trees etc? #252

ahouseholder opened this issue Jun 27, 2023 · 6 comments
Labels
bug Something isn't working enhancement New feature or request
Milestone
SSVC 2023Q4

Comments

@ahouseholder
Copy link
Contributor

ahouseholder commented Jun 27, 2023
edited
Loading

@j--- asks in a comment in #246

How do we use semver to reference versions of the trees etc?
One option is that each suggested tree inherits the version of SSVC? I didn't address this in https://github.com/CERTCC/SSVC/blob/main/doc/style-guide-how-to.
If we use SemVer, then I would imagine major versions break backwards compatibility by changing decision point definitions, changes to scope or other fundamental definitions, etc. Minor versions are meaningful changes to recommended decision trees? And then bug fixes are everything else?
Does this mean we need the version number represented within the file or file metadata somehow?

Originally posted by @j--- in #246 (comment)

Resolving this issue requires resolving the following items:
@ahouseholder ahouseholder mentioned this issue Jun 27, 2023
Closed
@j---
Copy link
Collaborator

j--- commented Jun 29, 2023

@jeroenh I feel like you might have productive thoughts on this question.

@jeroenh
Copy link
Contributor

jeroenh commented Jul 5, 2023

I think the reasoning you show there makes sense.

After a 2.0 version of something you usually get a better sense of where you're going and have some idea of the kind of things you still want to change, and a bigger update you want to do later that might be incompatible.
So as long as "users" of SSVC are not affected by a change in a big way, I would say that you use minor versions, and use major versions with incompatible changes.

I would recommend to add a summary of this outcome to the main README.md so that users are aware.

@j--- j--- self-assigned this Jul 10, 2023
@j--- j--- added bug Something isn't working enhancement New feature or request labels Jul 10, 2023
@j---
Copy link
Collaborator

j--- commented Jul 10, 2023

related to #261 , if we are going to move towards having many more example trees that are not strictly linked to a stakeholder, how do we name trees in general?

@ahouseholder
Copy link
Contributor Author

This issue is extended / possibly blocked by Discussion #289.

@ahouseholder ahouseholder mentioned this issue Aug 31, 2023
Closed
@ahouseholder ahouseholder added this to the SSVC 2023Q4 milestone Sep 27, 2023
@ahouseholder ahouseholder mentioned this issue Sep 29, 2023
Closed
2 tasks
@ahouseholder
Copy link
Contributor Author

ahouseholder commented Sep 29, 2023
edited
Loading

Depends on

@ahouseholder ahouseholder mentioned this issue Sep 29, 2023
Closed
2 tasks
@ahouseholder
Copy link
Contributor Author

fixed by

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
SSVC 2023Q4
Development

No branches or pull requests
3 participants
@jeroenh @ahouseholder @j---