age,doc: document backwards compatibility policy

Fixes #216

age.go

@@ -35,6 +35,16 @@
 // encryption operations. If you need to tie into existing key management
 // infrastructure, you might want to consider implementing your own Recipient
 // and Identity.
+//
+// Backwards compatibility
+//
+// Files encrypted with a stable version (not alpha, beta, or release candidate)
+// of age, or with any v1.0.0 beta or release candidate, will decrypt with any
+// later versions of the v1 API. This might change in v2, in which case v1 will
+// be maintained with security fixes for compatibility with older files.
+//
+// If decrypting an older file poses a security risk, doing so might require an
+// explicit opt-in in the API.
 package age
 
 import (

doc/age.1.ronn

@@ -173,6 +173,24 @@ An encrypted file _can_ be linked to the SSH public key it was encrypted to.
 This is so that `age` can identify the correct SSH private key before
 requesting its password, if any.
 
+## EXIT STATUS
+
+`age` will exit 0 if and only if encryption or decryption are succesful for the
+full length of the input.
+
+If an error occurs during decryption, partial output might still be generated,
+but only if it was possible to securely authenticate it. No unauthenticathed
+output is ever released.
+
+## BACKWARDS COMPATIBILITY
+
+Files encrypted with a stable version (not alpha, beta, or release candidate) of
+`age`, or with any v1.0.0 beta or release candidate, will decrypt with any later
+version of the tool.
+
+If decrypting older files poses a security risk, doing so might cause an error
+by default, and a flag will be provided to force the operation.
+
 ## EXAMPLES
 
 Generate a new identity, encrypt data, and decrypt: