libspdm icon indicating copy to clipboard operation
libspdm copied to clipboard
verified publisher icon DMTF

Removal of disclaimer that libspdm is not fit for production

Open raghuncstate opened this issue 1 year ago • 3 comments

libspdm readme known limitation states “This package is only the sample code to show the concept of SPDM and should not be considered fit for production.” This invites question on what changes would be required for it to be production worthy. Can we revisit removing this or modifying it to say something along the lines of "what quality bar it passes" and let users make decision on production worthiness? Or if we have a stronger stance t say the intent is to use it in production but without any liability, that might work too.

raghuncstate avatar Jul 12 '24 15:07 raghuncstate

There was a point when libspdm really shouldn't have been used in production, but that was conveyed through the version / tag number in addition to the disclaimer. I think now the disclaimer should just be removed and folks can evaluate the code and tests to see if it meets their production needs.

steven-bellock avatar Jul 12 '24 15:07 steven-bellock

@jyao1 did DMTF require the disclaimer or was that entirely your words?

steven-bellock avatar Jul 12 '24 15:07 steven-bellock

It is for initial version. I think we can remove it now.

jyao1 avatar Jul 12 '24 15:07 jyao1