Approving the release of V.2.1.0

Question

Approving the release of V.2.1.0

Closed this issue 2 years ago · 17 comments

The Uptane Standards group has set a release date for V.2.1.0 of May 15, 2023. To do so, we need the approval of a simple majority of active members. Your vote to approve can be posted here. If we do not receive enough votes prior to our Standards meeting on 5-9-23, a voice vote will be taken.

V.2.1.0 is a minor release containing no breaking changes. The changes it includes, which are detailed below, are largely wording clarifications. The most significant addition is referencing the Scudo option as an augmentation for supply chain security.

Specifically V.2.1.0 includes the following:

Added

A clearer definition of the term “conformant” as it applies to Uptane
A security policy that outlines how errata can be reported and how reports will be addressed.
A file stating that the Uptane Standard and Deployment Best Practices is licensed under Apache.
A mention of Scudo as an Uptane augmentation in the “Out of Scope” text in the Standard as a clarification of Uptane’s involvement in software supply chain security

Changed

The term “Uptane-compliant” to “Uptane-conformant” to clarify that the framework is a standard to follow rather than a regulation that must be adhered to.
Metadata distribution requirements for secondaries to allow more flexibility when there are no new downloads for a given ECU.
Relaxed the requirement that verification of Targets metadata be considered complete if the Directory repository indicates that there are no new targets.
Relaxed the requirement that the Director repository SHALL check the time sent in the ECU report to a SHOULD

Removed

All mentions of the Reference Implementation, which has now been clearly marked as obsolete.
The term “private key” to reduce confusion about the role of these keys.

If you approve this release, simply write the word "approve" as a comment in this thread.

mnm678 commented 2 years ago

I approve

iramcdonald commented 2 years ago

I approve

tkfu commented 2 years ago

approve

DaveNew02 commented 2 years ago

I approve

jhdalek55 commented 2 years ago

I approve

trishankatdatadog commented 2 years ago

Approve

JustinCappos commented 2 years ago

I approve

hexsecs commented 2 years ago

Approve

Answer 1 · 2023-05-01T12:01:36.000Z

Have we defined what an "active member" is? :) Do I still count? At any rate: approve.

Answer 2 · 2023-05-01T12:20:24.000Z

We have defined it in broad terms as someone "who regularly appears at bimonthly meetings, or participates in the preparation or review of pull requests, or engages in discussion of issues on the mailing list threads." You have continued to do the second one, so I would count you as such.

Answer 3 · 2023-05-08T15:27:07.000Z

We would appreciate comments and or your notes of approval by end of business today (6 p.m. EDT). Thanks.

Answer 4 · 2023-05-19T19:49:43.000Z

We need at least two more approvals before this can be released. Please review and respond.

Answer 5 · 2023-05-22T15:01:22.000Z

Hi, Thanks Lois! PLEASE send your approval of Uptane v2.1.0 soon! Cheers, - Ira *Ira McDonald (Musician / Software Architect)* *Chair - SAE Trust Anchors and Authentication TF* *Co-Chair - TCG Trusted Mobility Solutions WG* *Co-Chair - TCG Metadata Access Protocol SG* *Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF Designated Expert - IPP & Printer MIBBlue Roof Music / High North Inchttp://sites.google.com/site/blueroofmusic <http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc <http://sites.google.com/site/highnorthinc>mailto: ***@***.*** ***@***.***>(permanent) PO Box 221 Grand Marais, MI 49839 906-494-2434*

…

On Fri, May 19, 2023 at 3:49 PM Lois Anne DeLong ***@***.***> wrote: We need at least two more approvals before this can be released. Please review and respond. — Reply to this email directly, view it on GitHub <#252 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AE33UO2G4U5ICY2GPJ2YYKLXG7FGFANCNFSM6AAAAAAXRHESAI> . You are receiving this because you commented.Message ID: ***@***.***>

Answer 6 · 2023-05-31T17:02:30.000Z

@trishankatdatadog @JustinCappos @plapczyn can we please get this finalized---or let us know what needs fixing we are now officially a month over our planned release date.

Answer 7 · 2023-06-05T15:37:00.000Z

Thanks, Phil and Justin. Lois

…

On Mon, Jun 5, 2023 at 11:31 AM hexsecs ***@***.***> wrote: Approve — Reply to this email directly, view it on GitHub <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_uptane_uptane-2Dstandard_issues_252-23issuecomment-2D1577025017&d=DwMCaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=hgBKIqNYIOwzXeBjPUaKRw&m=ho9oxw9KMjhbjX7BlNGNQfPBWRENaavvfzmA3WQvgNOpgxXFVHIZbsqfm0ITKM2o&s=MqTWIYgzaC39-3VXe_0mtkpF804p3LIrvDwxcH0Q_x8&e=>, or unsubscribe <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ADPGUXZGCC2NU2KYVT2NN7DXJX3WHANCNFSM6AAAAAAXRHESAI&d=DwMCaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=hgBKIqNYIOwzXeBjPUaKRw&m=ho9oxw9KMjhbjX7BlNGNQfPBWRENaavvfzmA3WQvgNOpgxXFVHIZbsqfm0ITKM2o&s=47qQI8s9-cl50EiIKTIZWS1DqvkqFA4X1pk6J4U7nto&e=> . You are receiving this because you authored the thread.Message ID: ***@***.***>

Answer 8 · 2023-06-05T16:33:15.000Z

We have reached our simple majority of approvals and there have been no objections raised. Hence, V.2.1.0 is approved for release.

Answer 9 · 2023-06-26T21:26:23.000Z

V.2.1.0 has been approved. Thus, this issue is closed.