diff --git a/BRANCHES.md b/BRANCHES.md new file mode 100644 index 000000000..eb32a5263 --- /dev/null +++ b/BRANCHES.md @@ -0,0 +1,42 @@ +# Maintained branches + +At any point in time, we have a number of maintained branches consisting of: + +- the development branch: this is where new features lands, as well as bug + fixes and security fixes +- one or more LTS branches: these only get bug fixes and security fixes. + +We use [Semantic Versioning](https://semver.org/). In particular, we maintain +API compatibility in the development branch between major version changes. We +also maintain ABI compatibility within LTS branches; see the next section for +details. + +## Backwards Compatibility + +If you have code that's working and secure with Mbed TLS x.y.z, then you +should be able to re-compile it without modification with any later release +x.y'.z' with the same major version number, and your code will still build, be +secure, and work - unless it was relying on something that became insecure in +the meantime (for example, crypto that was found to be weak). In case security +comes in conflict with backwards compatibility, we will put security first, +but always attempt to provide a compatibility option. + +For the LTS branches, additionally we try very hard to also maintain ABI +compatibility (same definition as API except with re-linking instead of +re-compiling) and to avoid any increase in code size or RAM usage, or in the +minimum version of tools needed to build the code. The only exception, as +before, is in case those goals would conflict with fixing a security issue, we +will put security first but provide a compatibility option. (So far we never +had to break ABI compatibility in an LTS branch, but we occasionally had to +increase code size for a security fix.) + +## Currently maintained branches + +The following branches are currently maintained: + +- development (2.x.y releases) +- Mbed TLS 2.16, maintained until at least the end of 2021, see + +- Mbed TLS 2.7 - end of life in March 2021! + +Users are urged to always use the latest version of a maintained branch.