Semantic Versioning 2.0.0¶
Source: SemVer: https://semver.org/
Some language adapted for Game Warden usage
Semantic Versioning is a software release numbering system.
Semantic Versioning (which extends itself to a naming convention) exists such that you can tie or associate your containers with Semantic Versioning principles, with emphasis on the v.v.v three-position reference. The first position represents the MAJOR version. The next or middle position represents the MINOR version, and the final position represents the PATCH version. Please read the content below carefully to ensure compliance with these principles.
As a modification to our Game Warden process, your System Security Plan (SSP) currently only needs to be updated with every major release (or once a year) whichever comes first. You will be responsible for a major release update to the SSP, and the Game Warden team will track the yearly assessment point.
Refer to the documentation below to determine whether or not your release is MAJOR.
The remaining content, though slightly fine-tuned, originates from https://semver.org.
Relative to MAJOR.MINOR.PATCH, increment:
- MAJOR version when you make incompatible API changes.
- MINOR version when you add functionality in a backwards-compatible manner.
- PATCH version when you make backwards-compatible bug fixes.
Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
In the world of software management, there exists a dreaded place called dependency hell. The bigger your system grows and the more packages you integrate into your software, the more likely you are to find yourself, one day, in this pit of despair.
In systems with many dependencies, releasing new package versions can quickly become a nightmare. If the dependency specifications are too tight, you are in danger of version lock; the inability to upgrade a package without having to release new versions of every dependent package. If dependencies are specified too loosely, you will inevitably be bitten by version promiscuity – assuming compatibility with more future versions than reasonable. Dependency hell is where you are when version lock and/or version promiscuity prevent you from easily and safely moving your project forward.
As a solution to this problem, we propose a simple set of rules and requirements that dictate how version numbers are assigned and incremented. These rules are based on (but not necessarily limited to) pre-existing widespread common practices in use in both closed and open-source software. For this system to work, you first need to declare a public API. This may consist of documentation or be enforced by the code itself. In any event, it is important that this API be clear and precise. Once you identify your public API, you communicate changes to it with specific increments to your version number. Consider a version format, X.Y.Z (Major.Minor.Patch). For bug fixes not affecting the API, increment the PATCH version. For backwards-compatible API additions/changes, increment the MINOR version. For backwards-incompatible API changes, increment the MAJOR version.
We call this system Semantic Versioning. Under this scheme, version numbers (and the way they change) convey meaning about the underlying code and what has been modified from one version to the next.
Semantic Versioning Specification (SEMVER)¶
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” throughout this content must be interpreted as described in RFC 2119 .
- Software using Semantic Versioning MUST declare a public API. This API could be declared in the code itself or exist strictly in documentation. However you perform the action, it SHOULD be precise and comprehensive.
- A normal version number MUST take the form X.Y.Z where X, Y, and Z are non-negative integers and MUST NOT contain leading zeroes. X is the major version, Y is the minor version, and Z is the patch version. Each element MUST increase numerically. For instance: 1.9.0 -> 1.10.0 -> 1.11.0.
- Once a versioned package has been released, the contents of that version MUST NOT be modified. Any modifications MUST be released as a new version.
- Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.
- Version 1.0.0 defines the public API. The way the version number is incremented after this release is dependent on this public API, and how it changes.
- Patch version Z (x.y.Z | x > 0) MUST be incremented if only backwards-compatible bug fixes are introduced. A bug fix is defined as an internal change that fixes incorrect behavior.
- Minor version Y (x.Y.z | x > 0) MUST be incremented if new, backwards-compatible functionality is introduced to the public API. It MUST be incremented if any public API functionality is marked as deprecated. It MAY be incremented if substantial new functionality or improvements are introduced within the private code. It MAY include patch-level changes. Patch version MUST be reset to 0 when minor version is incremented.
- Major version X (X.y.z | X > 0) MUST be incremented if any backwards-incompatible changes are introduced to the public API. It MAY also include minor and patch level changes. Patch and minor versions MUST be reset to 0 when the major version is incremented.
- A pre-release version MAY be denoted by appending a hyphen and a series of dot-separated identifiers immediately following the patch version. Identifiers MUST comprise only ASCII alphanumerics and hyphens [0-9;A-Z;a-z;-]. Identifiers MUST NOT be empty. Numeric identifiers MUST NOT include leading zeros. Pre-release versions have a lower precedence than the associated normal version. A pre-release version indicates that the version is unstable and might not satisfy the intended compatibility requirements as denoted by its associated normal version. Examples: 1.0.0-alpha, 1.0.0-alpha.1, 1.0.0-0.3.7, 1.0.0-x.7.z.92, 1.0.0-x-y-z.–.
- Build metadata MAY be denoted by appending a plus sign and a series of dot-separated identifiers immediately following the patch or pre-release version. Identifiers MUST comprise only ASCII alphanumerics and hyphens [0-9;A-Z;a-z;-]. Identifiers MUST NOT be empty. Build metadata MUST be ignored when determining version precedence. Thus, two versions that differ only in the build metadata have the same precedence. Examples: 1.0.0-alpha-001, 1.0.0-20130313144700, 1.0.0-beta-exp.sha.5114f85, 1.0.0-21AF26D3—-117B344092BD.
- Precedence refers to how versions are compared to each other when ordered.
- Precedence MUST be calculated by separating the version into major, minor, patch and pre-release identifiers in that order. (Build metadata does not figure into precedence.)
- Precedence is determined by the first difference when comparing each of these identifiers from left to right as follows: Major, minor, and patch versions are always compared numerically.
- Example: 1.0.0 < 2.0.0 < 2.1.0 < 2.1.1.
- When major, minor, and patch are equal, a pre-release version has lower precedence than a normal version:
- Example: 1.0.0-alpha < 1.0.0.
- Precedence for two pre-release versions with the same major, minor, and patch version MUST be determined by comparing each dot-separated identifier from left to right until a difference is found as follows:
- Identifiers consisting of only digits are compared numerically.
- Identifiers with letters or hyphens are compared lexically in ASCII sort order.
- Numeric identifiers always have lower precedence than non-numeric identifiers.
- A larger set of pre-release fields has a higher precedence than a smaller set, if all preceding identifiers are equal.
- Example: 1.0.0-alpha < 1.0.0-alpha.1 < 1.0.0-alpha.beta < 1.0.0-beta < 1.0.0-beta.2 < 1.0.0-beta.11 < 1.0.0-rc.1 < 1.0.0.
Why Use Semantic Versioning?¶
This is not a new or revolutionary idea. In fact, you probably already perform similar actions. The problem is that close is not good enough. Without compliance to some sort of formal specification, version numbers are essentially useless for dependency management. By giving a name and clear definition to the above ideas, it becomes easy to communicate your intentions to your software users. Once these intentions are clear, flexible (but not too flexible) dependency specifications can finally be made.
A simple example will demonstrate how Semantic Versioning can make dependency hell a thing of the past. Consider a library called Firetruck. It requires a Semantically Versioned package named Ladder. At the time that Firetruck is created, Ladder is at version 3.1.0. Since Firetruck uses some functionality that was first introduced in 3.1.0, you can safely specify the Ladder dependency as greater than or equal to 3.1.0 but less than 4.0.0. Now, when Ladder version 3.1.1 and 3.2.0 become available, you can release them to your package management system and know that they will be compatible with existing dependent software.
As a responsible developer, you will – of course – want to verify that any package upgrades function as designed. The real world is a messy place; we can only be vigilant. What you can do is let Semantic Versioning provide you with a sane way to release and upgrade packages without having to roll new versions of dependent packages, saving you time and hassle.