Prepare for a 0.13.0 release

docs/CHANGELOG.md

@@ -1,5 +1,32 @@
 # Changelog
 
+## v0.13.0
+### Added
+* Add support for BLAKE hash functions (#993)
+* Don't list root metadata in snapshot metadata, per latest spec (#988)
+* Enable targets metadata to be generated without access to the target files (#1007, #1020)
+* Implement support for abstract files and directories (#1024, #1034)
+* Make lengths and hashes optional for timestamp and snapshot roles (#1031)
+
+### Changed
+* Revise requirements files to have layered requirements (#978, #982)
+* Update tutorial instructions (#981, #992) and documentation (#1054, #1001)
+* Replace hard-coded logger names (#989)
+* Fix target file path hashing to ensure paths are hashed as they appear in targets metadata (#1007)
+* Refactor code handling hashed bins (#1007, #1013, #1040, #1058)
+* Improve performance when delegating to a large number of hashed bins (#1012)
+* Improve path handling consistency when adding targets and paths (#1008)
+* Clarify error message and docstring for custom parameter of add_target() (#1027)
+* Ensure each key applies to signature threshold only once (#1091)
+
+## Fixed
+* Fix broken CI (#985)
+* Fix tests (#1029, #1064, #1067)
+* Fix loading of delegated targets during repository load (#1049, #1052, #1071)
+* Fix key loading in repo.py (#1066)
+* Remove redundant code in downloader (#1073)
+* Fix alarming logging in updater (#1092)
+
 ## v0.12.2
 * Fix incorrect threshold signature computation (#974)
 * Drop support for python 3.4 (#966)

docs/RELEASE.md

@@ -0,0 +1,29 @@
+# Release process
+
+* Ensure docs/CHANGELOG.md contains a one-line summary of each [notable
+  change](https://keepachangelog.com/) since the prior release
+* Update setup.py and `tuf/__init__.py` to the new version number vA.B.C
+* Test packaging, uploading to Test PyPI and installing from a virtual environment
+  * Remove existing dist build dirs
+  * Create source dist `python setup.py sdist`
+  * Create wheel (with 2 and 3 support) `python setup.py bdist_wheel --universal`
+  * Sign the dists `gpg --detach-sign -a dist/tuf-vA.B.C.tar.gz`
+  * Upload to test PyPI `twine upload --repository testpypi dist/*`
+  * Verify the uploaded package https://testpypi.python.org/pypi/tuf/
+* Create a PR with updated CHANGELOG.md and version bumps
+* Once the PR is merged, pull the updated `develop` branch locally
+* Create a signed tag matching the updated version number on the merge commit
+  `git tag --sign vA.B.C`
+* Create a new release on GitHub, copying the CHANGELOG.md entries for the release
+* Create a package for the formal release
+  * Remove existing dist build dirs
+  * Create source dist `python setup.py sdist`
+  * Create wheel (with 2 and 3 support) `python setup.py bdist_wheel --universal`
+  * Sign source dist `gpg --detach-sign -a dist/tuf-vA.B.C.tar.gz`
+  * Sign wheel `gpg --detach-sign -a dist/tuf-vA.B.C-py2.py3-none-any.whl`
+  * Upload to test PyPI `twine upload --repository testpypi dist/*`
+  * Verify the uploaded package https://testpypi.python.org/pypi/tuf/
+  * Upload to PyPI `twine upload dist/*`
+* Attach the signed dists to the release on GitHub
+* Announce the release on [#tuf on CNCF Slack](https://cloud-native.slack.com/archives/C8NMD3QJ3)
+* Ensure [POUF 1](https://github.com/theupdateframework/taps/blob/master/POUFs/reference-POUF/pouf1.md), for the reference implementation, is up-to-date

setup.py

@@ -78,7 +78,7 @@
 
 setup(
   name = 'tuf',
-  version = '0.12.2', # If updating version, also update it in tuf/__init__.py
+  version = '0.13.0', # If updating version, also update it in tuf/__init__.py
   description = 'A secure updater framework for Python',
   long_description = long_description,
   long_description_content_type='text/markdown',
@@ -108,6 +108,10 @@
     'Topic :: Security',
     'Topic :: Software Development'
   ],
+  project_urls={
+    'Source': 'https://github.com/theupdateframework/tuf',
+    'Issues': 'https://github.com/theupdateframework/tuf/issues'
+  },
   python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4",
   install_requires = [
     'iso8601>=0.1.12',

tuf/__init__.py

@@ -2,7 +2,7 @@
 # setup.py has it hard-coded separately.
 # Currently, when the version is changed, it must be set in both locations.
 # TODO: Single-source the version number.
-__version__ = "0.12.2"
+__version__ = "0.13.0"
 
 # This reference implementation produces metadata intended to conform to
 # version 1.0.0 of the TUF specification, and is expected to consume metadata