opentelemetry-collector
opentelemetry-collector copied to clipboard
open-telemetry
[chore][VERSIONING.md] Changing protocol support for security is allowed
Description
We have recently discussed bumping the minimum TLS version to follow security best practices.
Since we are about to stabilize configtls (see #10344), I raised the question of whether this would be a breaking change that should be done before 1.0.
I argue that we should be allowed to do this after 1.0 because:
- The Go 1 version compatibility doc states
Security. A security issue in the specification or implementation may come to light whose resolution requires breaking compatibility. We reserve the right to address such security issues.
- The Go team has made similar changes in the past for Go as a whole
While this is not a security issue but a security best practice, the golang/go issue seems to indicate that changes like this would be in the spirit of the Go 1 version compatibility promise.
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 92.46%. Comparing base (
3364ba1) to head (9c57337).
Additional details and impacted files
@@ Coverage Diff @@
## main #10460 +/- ##
=======================================
Coverage 92.46% 92.46%
=======================================
Files 390 390
Lines 18461 18461
=======================================
Hits 17070 17070
Misses 1036 1036
Partials 355 355
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}