From 6bfc19a648dbccee1bb831f8edcdda1c8e1d2a6f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 20 Jun 2022 18:48:06 +0200
Subject: [PATCH] Backward compatibility: add a note about the configuration

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 BRANCHES.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/BRANCHES.md b/BRANCHES.md
index fcebd1cb30..f3da8820c9 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -24,6 +24,14 @@ undocumented features, then you should be able to re-compile it without
 modification with any later release x.y'.z' with the same major version
 number, and your code will still build, be secure, and work.
 
+Note that this guarantee only applies if you either use the default
+compile-time configuration (`mbedtls/config.h`) or the same modified
+compile-time configuration. Changing compile-time configuration options can
+result in an incompatible API or ABI, altough features will generally not
+affect independent features (for example, enabling or disabling a
+cryptographic algorithm does not break code that does not use that
+algorithm).
+
 There are rare exceptions: code that was relying on something that became
 insecure in the meantime (for example, crypto that was found to be weak) may
 need to be changed. In case security comes in conflict with backwards