[Proposal] Set identifiers based on maturity level #175
Description
Note
This is being logged retroactively for posterity.
Problem
As an implementing project maintainer, it is difficult to quickly understand which criteria apply to a particular maturity level. As a result, I have more reading than I'd like to understand what I need to do for my particular situation.
Suggestion
Prior to the first official release, modify the identifier numbers to reflect the maturity level.
Examples:
- Update AC category to OSPS-AC-XXX numbering #168
- Update BR category to OSPS-BR-xxx numbering #169
- Update DO category to OSPS-DO-xxx numbering #170
- Update GV category to OSPS-GV-xxx numbering #171
- Update LE category to OSPS-LE-xxx numbering #172
- Update SA category to OSPS-SA-xxx numbering #173
- Update VM category to OSPS-VM-xxx numbering #174
Decision
Following much debate in PRs, public meetings, and Slack, the maintainer team has come to the following decision:
While maturity levels are intended to be firm, they are not permanent. Even with a mechanism to track ID changes— such as the replaced_by value proposed in PR #136— a given maturity level may change multiple times over months and years of feedback and changes in the technical landscape. This may, in time, cascade into an unintended complexity for end user implementations and control mapping activities.
To avoid this potential for unintended consequences, it is decided that ID values will be immutable in all cases.