Discussion about semantic versioning:
In semantic versioning, patch version updates (0.x.Z) should only include backward compatible bug fixes, but the release of version 0.73.2 (https://github.com/dandi/dandi-cli/releases/tag/0.73.2) introduced a breaking change to the API key environment variable naming convention that broke existing functionality in downstream projects like neuroconv (catalystneuro/neuroconv#1587).
Previously, all DANDI instances used a single environment variable DANDI_API_KEY, but version 0.73.2 changed this to instance-specific variables (e.g., DANDI_API_KEY for main instance, EMBER_SANDBOX_API_KEY for ember-sandbox), causing authentication failures in existing automation and CI/CD pipelines without any backward compatibility fallback or deprecation period.
According to the semantic versioning specification (https://semver.org/), even in 0.x versions where "anything MAY change at any time," the distinction between minor (0.Y.0) and patch (0.x.Z) versions should still be maintained, with breaking changes requiring at least a minor version bump to 0.74.0 rather than a patch version 0.73.2.
What is the policy of dandi-cli on this? Was this intentional? am I minsterpreting this?
Discussion about semantic versioning:
In semantic versioning, patch version updates (0.x.Z) should only include backward compatible bug fixes, but the release of version 0.73.2 (https://github.com/dandi/dandi-cli/releases/tag/0.73.2) introduced a breaking change to the API key environment variable naming convention that broke existing functionality in downstream projects like neuroconv (catalystneuro/neuroconv#1587).
Previously, all DANDI instances used a single environment variable DANDI_API_KEY, but version 0.73.2 changed this to instance-specific variables (e.g., DANDI_API_KEY for main instance, EMBER_SANDBOX_API_KEY for ember-sandbox), causing authentication failures in existing automation and CI/CD pipelines without any backward compatibility fallback or deprecation period.
According to the semantic versioning specification (https://semver.org/), even in 0.x versions where "anything MAY change at any time," the distinction between minor (0.Y.0) and patch (0.x.Z) versions should still be maintained, with breaking changes requiring at least a minor version bump to 0.74.0 rather than a patch version 0.73.2.
What is the policy of dandi-cli on this? Was this intentional? am I minsterpreting this?