Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-think use of "Backwards Compatibility" and replace with something more appropriate #14

Closed
adityasaky opened this issue Jan 8, 2021 · 4 comments · Fixed by #19
Closed

Re-think use of "Backwards Compatibility" and replace with something more appropriate #14

adityasaky opened this issue Jan 8, 2021 · 4 comments · Fixed by #19

Comments

@adityasaky
Copy link
Member

@trishankatdatadog noted in #13 (comment) that the term "backwards compatible" could be misleading. "Legacy" and "Deprecated" were suggested as alternatives, and @MarkLodato said this replacement could occur in a standalone PR.
@adityasaky adityasaky mentioned this issue Jan 8, 2021
Merged
@trishankatdatadog
Copy link
Collaborator

Not to mention that we should more seriously think about backwards-compatibility in the first place. As it is, the spec is not at all backwards-compatible with older clients who may not have the luxury to update, and older repositories who may not have the luxury to maintain two different, incompatible versions of metadata.

@trishankatdatadog trishankatdatadog mentioned this issue Feb 4, 2021
Merged
@MarkLodato
Copy link
Collaborator

Hi Trishank. You bring up a very good point. After further thought, I don't think we need the "backwards compatibility mode" at all. It doesn't fill any known need, and we can always add such a feature in the future if/when it's needed. I'll send out a PR to remove it.

Originally, the intention of this mode was for two use cases:

  • New producer + old consumer. The thinking was that the producer can produce a "backwards compatible signature" and then some process afterward can convert to the old format. But why? Just have the producer generate the old format directly.
  • Old producer (or existing signature) + new consumer. The thinking was that these existing signatures can be transformed automatically into "backwards compatible signatures" and then consumed by the new consumer. But why? Just have the consumer support both formats. It's going to need to do this anyway for real backwards compatibility (as Trishank explained).

Thus, the feature doesn't seem to serve any real purpose. Removing it will reduce complexity.

@trishankatdatadog
Copy link
Collaborator

Hi Trishank. You bring up a very good point. After further thought, I don't think we need the "backwards compatibility mode" at all. It doesn't fill any known need, and we can always add such a feature in the future if/when it's needed. I'll send out a PR to remove it.

Originally, the intention of this mode was for two use cases:

  • New producer + old consumer. The thinking was that the producer can produce a "backwards compatible signature" and then some process afterward can convert to the old format. But why? Just have the producer generate the old format directly.
  • Old producer (or existing signature) + new consumer. The thinking was that these existing signatures can be transformed automatically into "backwards compatible signatures" and then consumed by the new consumer. But why? Just have the consumer support both formats. It's going to need to do this anyway for real backwards compatibility (as Trishank explained).

Thus, the feature doesn't seem to serve any real purpose. Removing it will reduce complexity.

I think I agree, but let me think about this a bit more with a demo.

MarkLodato added a commit to MarkLodato/dsse that referenced this issue Mar 1, 2021
@MarkLodato
Remove backwards compatibility mode.
f4a0a62 
This mode allowed for the old signature protocol to be represented in
the new data structure. However, there was no known use case for this.
True backwards compatibility requires supporting both protocol *and*
data structure. Thus, backwards compatibility can be handled at the
application (TUF or in-toto).

Fixes secure-systems-lab#14.
MarkLodato added a commit to MarkLodato/dsse that referenced this issue Mar 1, 2021
@MarkLodato
Remove backwards compatibility mode.
abe4661 
This mode allowed for the old signature protocol to be represented in
the new data structure. However, there was no known use case for this.
True backwards compatibility requires supporting both protocol *and*
data structure. Thus, backwards compatibility can be handled at the
application (TUF or in-toto).

Fixes secure-systems-lab#14.
@MarkLodato MarkLodato mentioned this issue Mar 1, 2021
Merged
@adityasaky
Copy link
Member Author

@trishankatdatadog Bump, do you have any thoughts? If this makes sense, we can likely merge #19...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove backwards compatibility mode. MarkLodato/dsse
3 participants
@MarkLodato @adityasaky @trishankatdatadog