Hey Vlad,
I thought about doing it per file originally and my biggest concern with that is it prevents deprecation of old versions in the code. A client would hopefully be able to state “supports >= vX” but if the delegations are allowed to lag further behind, it becomes very difficult for a client to do that and guarantee it will work reliably. Overall, it’s messy to allow drift in versions within a single repo so I’m not a fan, however...
If your suggestion is added, would it be reasonable to require a maximum drift, in which the oldest version considered valid for any role can be no more than X versions behind the root? I would suggest the maximum drift should be a static constant defined in the spec, not something left to the individual implementer, otherwise it doesn’t solve the problem.
Additionally, if we add your suggestion, I think it would make sense to implement some kind of version “inheritance” that follows the trust chain, i.e. if no version is defined, the role is considered to have the same version as the parent (targets, timestamp, and snapshot would inherit the root version, delegations would inherit the parent version). Also I think it would make sense to require no role can have a version _higher_ than the root.
What are your thoughts?
David