59 <quotation>Similarly, a GNU package should not require the use of non-free software, including JavaScript, for the coordination of its development.</quotation> |
62 <quotation>Similarly, a GNU package should not require the use of non-free software, including JavaScript, for the coordination of its development.</quotation> |
60 </link> |
63 </link> |
61 </item> |
64 </item> |
62 <item> |
65 <item> |
63 <id>b3c0daaf-dcaf-49a8-ae38-40590456a315</id> |
66 <id>b3c0daaf-dcaf-49a8-ae38-40590456a315</id> |
|
67 <type>requirement</type> |
64 <text>Must not promote non-free (proprietary) software or services.</text> |
68 <text>Must not promote non-free (proprietary) software or services.</text> |
65 <link> |
69 <link> |
66 <url>https://www.gnu.org/prep/standards/standards.html#References</url> |
70 <url>https://www.gnu.org/prep/standards/standards.html#References</url> |
67 <type>compatible</type> |
71 <type>compatible</type> |
68 <title>GNU Coding Standards: References to Non-Free Software and Documentation</title> |
72 <title>GNU Coding Standards: References to Non-Free Software and Documentation</title> |
69 <quotation>A GNU program should not recommend, promote, or grant legitimacy to the use of any non-free program. Proprietary software is a social and ethical problem, and our aim is to put an end to that problem. We can’t stop some people from writing proprietary programs, or stop other people from using them, but we can and should refuse to advertise them to new potential customers, or to give the public the idea that their existence is ethical.</quotation> |
73 <quotation>A GNU program should not recommend, promote, or grant legitimacy to the use of any non-free program. Proprietary software is a social and ethical problem, and our aim is to put an end to that problem. We can’t stop some people from writing proprietary programs, or stop other people from using them, but we can and should refuse to advertise them to new potential customers, or to give the public the idea that their existence is ethical.</quotation> |
70 </link> |
74 </link> |
71 </item> |
75 </item> |
72 <item> |
76 <item> |
73 <id>b2fd5d2d-4d47-48e8-8abc-4b1aa94a7951</id> |
77 <id>b2fd5d2d-4d47-48e8-8abc-4b1aa94a7951</id> |
|
78 <type>recommendation</type> |
74 <text>Copyleft licenses (like GNU GPL or GNU Affero GPL) are strongly recommended because they guarantee software freedoms to every single end-user and prevent possibility that freedom vanishes somewhere in the distribution chain and the user can not benefit from the free software albeit the software is build on originally free source code.</text> |
79 <text>Copyleft licenses (like GNU GPL or GNU Affero GPL) are strongly recommended because they guarantee software freedoms to every single end-user and prevent possibility that freedom vanishes somewhere in the distribution chain and the user can not benefit from the free software albeit the software is build on originally free source code.</text> |
75 </item> |
80 </item> |
76 <item> |
81 <item> |
77 <id>c3599313-338b-428d-885f-964a443d76c6</id> |
82 <id>c3599313-338b-428d-885f-964a443d76c6</id> |
78 <!-- TODO: MUST + exception for older software --> |
83 <type>requirement</type> |
79 <text>The license must be compatible with GNU GPLv3 in order to allow mixing with the GPL code.</text> |
84 <text>The license must be compatible with GNU GPLv3 in order to allow mixing with the GPL code.</text> |
80 <text>The only exception is older software (created before this manifesto i.e. 2019) which is unable to change the license</text> |
85 <text>The only exception is older software (created before this manifesto i.e. 2019) which is unable to change the license</text> |
81 <text>due to the copyright owned by many authors who can not be reached anymore and who can not provide approval with the license upgrade.</text> |
86 <text>due to the copyright owned by many authors who can not be reached anymore and who can not provide approval with the license upgrade.</text> |
82 <text>Such software is called „Sane with exception“.</text> |
87 <text>Such software is called „Sane with exception“.</text> |
83 <!-- TODO: provide exact wording of the exception e.g. XYZ is „Sane software (with GPLv2 license exception)“ --> |
88 <!-- TODO: provide exact wording of the exception e.g. XYZ is „Sane software (with GPLv2 license exception)“ --> |
84 <note>Software versioned under GPLv2+ or GPLv3+ is compatible with GPLv3.</note> |
89 <note>Software versioned under GPLv2+ or GPLv3+ is compatible with GPLv3.</note> |
85 </item> |
90 </item> |
86 <item> |
91 <item> |
87 <id>f39b90ae-0054-467e-a9e2-43379b7c2331</id> |
92 <id>f39b90ae-0054-467e-a9e2-43379b7c2331</id> |
|
93 <type>requirement</type> |
88 <text>If the software is distributed with a hardware, the hardware must support installation of independently built software without any restrictions or requirements (e.g. digital signature from the original author).</text> |
94 <text>If the software is distributed with a hardware, the hardware must support installation of independently built software without any restrictions or requirements (e.g. digital signature from the original author).</text> |
89 </item> |
95 </item> |
90 </chapter> |
96 </chapter> |
91 |
97 |
92 <chapter> |
98 <chapter> |
93 <name>Documented</name> |
99 <name>Documented</name> |
94 <id>e1c828c5-0a4f-4948-9943-db1ae16a42d5</id> |
100 <id>e1c828c5-0a4f-4948-9943-db1ae16a42d5</id> |
95 <item> |
101 <item> |
96 <id>c63ea2ac-c255-4f3e-a0e2-b49d1e145347</id> |
102 <id>c63ea2ac-c255-4f3e-a0e2-b49d1e145347</id> |
|
103 <type>requirement</type> |
97 <text>At least basic documentation must be released under a free license (GNU FDL is recommended).</text> |
104 <text>At least basic documentation must be released under a free license (GNU FDL is recommended).</text> |
98 <link> |
105 <link> |
99 <url>https://www.gnu.org/prep/standards/standards.html#License-for-Manuals</url> |
106 <url>https://www.gnu.org/prep/standards/standards.html#License-for-Manuals</url> |
100 <type>compatible</type> |
107 <type>compatible</type> |
101 <title>GNU Coding Standards: License for Manuals</title> |
108 <title>GNU Coding Standards: License for Manuals</title> |
102 <quotation>Please use the GNU Free Documentation License for all GNU manuals that are more than a few pages long.</quotation> |
109 <quotation>Please use the GNU Free Documentation License for all GNU manuals that are more than a few pages long.</quotation> |
103 </link> |
110 </link> |
104 </item> |
111 </item> |
105 <item> |
112 <item> |
106 <id>fd8e3bbd-d46a-40fe-85a6-b902336456d4</id> |
113 <id>fd8e3bbd-d46a-40fe-85a6-b902336456d4</id> |
|
114 <type>requirement</type> |
107 <text>Every advertised feature must be properly documented. Undocumented features can not be considered as features from the user/customer point-of-view.</text> |
115 <text>Every advertised feature must be properly documented. Undocumented features can not be considered as features from the user/customer point-of-view.</text> |
108 </item> |
116 </item> |
109 <item> |
117 <item> |
110 <id>e4dede5b-059e-4e47-b03d-80142b8467f1</id> |
118 <id>e4dede5b-059e-4e47-b03d-80142b8467f1</id> |
|
119 <type>information</type> |
111 <text>There might be also other documentation/books released under any license and price.</text> |
120 <text>There might be also other documentation/books released under any license and price.</text> |
112 <link> |
121 <link> |
113 <url>https://www.gnu.org/prep/standards/standards.html#Reading-other-Manuals</url> |
122 <url>https://www.gnu.org/prep/standards/standards.html#Reading-other-Manuals</url> |
114 <type>related</type> |
123 <type>related</type> |
115 <title>GNU Coding Standards: Reading other Manuals</title> |
124 <title>GNU Coding Standards: Reading other Manuals</title> |
117 <quotation>It is ok to use these documents for reference, just as the author of a new algebra textbook can read other books on algebra.</quotation> |
126 <quotation>It is ok to use these documents for reference, just as the author of a new algebra textbook can read other books on algebra.</quotation> |
118 </link> |
127 </link> |
119 </item> |
128 </item> |
120 <item> |
129 <item> |
121 <id>c0df4d14-43f8-4b61-83c4-fb5896161aeb</id> |
130 <id>c0df4d14-43f8-4b61-83c4-fb5896161aeb</id> |
|
131 <type>requirement</type> |
122 <text>But average software engineer must be able to build and operate the software with just the free (basic) documentation.</text> |
132 <text>But average software engineer must be able to build and operate the software with just the free (basic) documentation.</text> |
123 <link> |
133 <link> |
124 <url>https://www.gnu.org/prep/standards/standards.html#Configuration</url> |
134 <url>https://www.gnu.org/prep/standards/standards.html#Configuration</url> |
125 <type>related</type> |
135 <type>related</type> |
126 <title>GNU Coding Standards: How Configuration Should Work</title> |
136 <title>GNU Coding Standards: How Configuration Should Work</title> |
127 <quotation>Each GNU distribution should come with a shell script named configure.</quotation> |
137 <quotation>Each GNU distribution should come with a shell script named configure.</quotation> |
128 </link> |
138 </link> |
129 </item> |
139 </item> |
130 <item> |
140 <item> |
131 <id>e6cd9c52-0e66-402c-930c-901fa66acd22</id> |
141 <id>e6cd9c52-0e66-402c-930c-901fa66acd22</id> |
|
142 <type>requirement</type> |
132 <text>There must be a free documentation with description of building and running the software on a fresh operating system installation including description of all dependencies.</text> |
143 <text>There must be a free documentation with description of building and running the software on a fresh operating system installation including description of all dependencies.</text> |
133 </item> |
144 </item> |
134 <!-- |
145 <!-- |
|
146 TODO: documentation target groups and big picture: |
135 <item><id></id><text>documentation should focus on all target groups: users, administrators, developers</text></item> |
147 <item><id></id><text>documentation should focus on all target groups: users, administrators, developers</text></item> |
136 <item><id></id><text>there must be a big picture and software architercure described</text></item> |
148 <item><id></id><text>there must be a big picture and software architercure described</text></item> |
137 --> |
149 --> |
138 </chapter> |
150 </chapter> |
139 |
151 |
140 <chapter> |
152 <chapter> |
141 <name>Semantic versioning and upgrades</name> |
153 <name>Semantic versioning and upgrades</name> |
142 <id>aa8bd952-842b-4391-aefe-d9b3750e432d</id> |
154 <id>aa8bd952-842b-4391-aefe-d9b3750e432d</id> |
143 <item> |
155 <item> |
144 <id>a8beddfc-11e3-4012-9f88-f79dc88eee16</id> |
156 <id>a8beddfc-11e3-4012-9f88-f79dc88eee16</id> |
|
157 <type>requirement</type> |
145 <text>Semantic versioning is required.</text> |
158 <text>Semantic versioning is required.</text> |
146 <text>The version number consists of three numbers: major.minor.pach.</text> |
159 <text>The version number consists of three numbers: major.minor.pach.</text> |
147 <text>Major version is incremented if there is an incompatible change.</text> |
160 <text>Major version is incremented if there is an incompatible change.</text> |
148 <text>Minor version is incremented if a feature is added in a compatible way.</text> |
161 <text>Minor version is incremented if a feature is added in a compatible way.</text> |
149 <text>Patch version is incremented if a bug is fixed in a compatible way.</text> |
162 <text>Patch version is incremented if a bug is fixed in a compatible way.</text> |
162 <quotation>You should identify each release with a pair of version numbers, a major version and a minor. We have no objection to using more than two numbers</quotation> |
175 <quotation>You should identify each release with a pair of version numbers, a major version and a minor. We have no objection to using more than two numbers</quotation> |
163 </link> |
176 </link> |
164 </item> |
177 </item> |
165 <item> |
178 <item> |
166 <id>cf557a11-b307-4c2f-a7b5-5d2485d23258</id> |
179 <id>cf557a11-b307-4c2f-a7b5-5d2485d23258</id> |
|
180 <type>requirement</type> |
167 <text>Once publicly released, the package must not be changed anymore – if a change (even a small fix) is needed, new version number must be assigned.</text> |
181 <text>Once publicly released, the package must not be changed anymore – if a change (even a small fix) is needed, new version number must be assigned.</text> |
168 </item> |
182 </item> |
169 <item> |
183 <item> |
170 <id>dd013325-bf22-43d3-9579-0e272e2ac344</id> |
184 <id>dd013325-bf22-43d3-9579-0e272e2ac344</id> |
|
185 <type>information</type> |
171 <text>APIs, file formats and protocols might (and usually should) be semantically versioned independently from the implementation.</text> |
186 <text>APIs, file formats and protocols might (and usually should) be semantically versioned independently from the implementation.</text> |
172 <note>In such case, there should be a table documenting which API/format/protocol version matches which implementation version.</note> |
187 <note>In such case, there should be a table documenting which API/format/protocol version matches which implementation version.</note> |
173 </item> |
188 </item> |
174 <item> |
189 <item> |
175 <id>dacb98cc-b558-4f0e-942d-e12004e45606</id> |
190 <id>dacb98cc-b558-4f0e-942d-e12004e45606</id> |
|
191 <type>recommendation</type> |
176 <text>The branching model in the version control system should reflect the semantic versioning.</text> |
192 <text>The branching model in the version control system should reflect the semantic versioning.</text> |
177 <text>The released version e.g. 2.3.1 should be tagged as v2.3.1 and be placed in the v_2.3 branch.</text> |
193 <text>The released version e.g. 2.3.1 should be tagged as v2.3.1 and be placed in the v_2.3 branch.</text> |
178 <text>Where the v_2.3 branch was forked from the v_2 branch – from the v2.3 tag.</text> |
194 <text>Where the v_2.3 branch was forked from the v_2 branch – from the v2.3 tag.</text> |
179 </item> |
195 </item> |
180 <item> |
196 <item> |
181 <id>ae33d206-4988-44ec-b8e2-3120019fcf2f</id> |
197 <id>ae33d206-4988-44ec-b8e2-3120019fcf2f</id> |
|
198 <type>recommendation</type> |
182 <text>Do not remove features unless they are really obsolete, unused or irreparably broken.</text> |
199 <text>Do not remove features unless they are really obsolete, unused or irreparably broken.</text> |
183 </item> |
200 </item> |
184 <item> |
201 <item> |
185 <id>c542336a-fce8-412c-a8dd-1328c1a884ec</id> |
202 <id>c542336a-fce8-412c-a8dd-1328c1a884ec</id> |
|
203 <type>information</type> |
186 <text>The user interface might be simplified or redesigned while preserving the features under the hood.</text> |
204 <text>The user interface might be simplified or redesigned while preserving the features under the hood.</text> |
187 </item> |
205 </item> |
188 <item> |
206 <item> |
189 <id>ba8fecf0-5c02-4fdf-abdc-2650d428f82a</id> |
207 <id>ba8fecf0-5c02-4fdf-abdc-2650d428f82a</id> |
|
208 <type>requirement</type> |
190 <text>Incompatible changes must be planned and announced in advance.</text> |
209 <text>Incompatible changes must be planned and announced in advance.</text> |
191 </item> |
210 </item> |
192 <item> |
211 <item> |
193 <id>f4826891-e732-45e8-b929-25d1182fa141</id> |
212 <id>f4826891-e732-45e8-b929-25d1182fa141</id> |
|
213 <type>requirement</type> |
194 <text>Upgrade scripts and upgrade documentation must be provided.</text> |
214 <text>Upgrade scripts and upgrade documentation must be provided.</text> |
195 </item> |
215 </item> |
196 </chapter> |
216 </chapter> |
197 |
217 |
198 <chapter> |
218 <chapter> |
199 <name>Interfaces, formats and protocols</name> |
219 <name>Interfaces, formats and protocols</name> |
200 <id>d34ce339-197c-44ee-9e5c-6d7e212f8c10</id> |
220 <id>d34ce339-197c-44ee-9e5c-6d7e212f8c10</id> |
201 <item> |
221 <item> |
202 <id>be4c72d1-c494-4c44-aeb4-c5847f5a3524</id> |
222 <id>be4c72d1-c494-4c44-aeb4-c5847f5a3524</id> |
|
223 <type>recommendation</type> |
203 <text>Open standards (protocols, formats) should be used if they exist.</text> |
224 <text>Open standards (protocols, formats) should be used if they exist.</text> |
204 </item> |
225 </item> |
205 <item> |
226 <item> |
206 <id>b2202690-8a6c-467f-a2b1-b154f470aa77</id> |
227 <id>b2202690-8a6c-467f-a2b1-b154f470aa77</id> |
|
228 <type>requirement</type> |
207 <text>Already existing open protocol/format must not be modified or extended in a way which effectively creates a proprietary protocol/format.</text> |
229 <text>Already existing open protocol/format must not be modified or extended in a way which effectively creates a proprietary protocol/format.</text> |
208 </item> |
230 </item> |
209 <item> |
231 <item> |
210 <id>dd206223-9525-4229-be2b-84b07c2b8244</id> |
232 <id>dd206223-9525-4229-be2b-84b07c2b8244</id> |
|
233 <type>information</type> |
211 <text>New open standards (specifications) should be defined and published if needed.</text> |
234 <text>New open standards (specifications) should be defined and published if needed.</text> |
212 <text>Such standards must be semantically versioned.</text> |
235 <text>Such standards must be semantically versioned.</text> |
213 </item> |
236 </item> |
214 <item> |
237 <item> |
215 <id>d341b78e-15b9-4077-8b48-9e54c93391ac</id> |
238 <id>d341b78e-15b9-4077-8b48-9e54c93391ac</id> |
|
239 <type>recommendation</type> |
216 <text>And they should be written in machine readable format (e.g. WSDL, WADL, ASN.1, XSD, Diameter dictionary, D-Bus) or at least formal language (Backus–Naur Form, EBNF etc.)</text> |
240 <text>And they should be written in machine readable format (e.g. WSDL, WADL, ASN.1, XSD, Diameter dictionary, D-Bus) or at least formal language (Backus–Naur Form, EBNF etc.)</text> |
217 </item> |
241 </item> |
218 <item> |
242 <item> |
219 <id>d61b3e31-bb9f-4333-87c8-9fb32f33a49d</id> |
243 <id>d61b3e31-bb9f-4333-87c8-9fb32f33a49d</id> |
|
244 <type>recommendation</type> |
220 <text>Also configuration should have machine readable description and the user should be able to test it by executing a command (validator).</text> |
245 <text>Also configuration should have machine readable description and the user should be able to test it by executing a command (validator).</text> |
221 </item> |
246 </item> |
222 </chapter> |
247 </chapter> |
223 |
248 |
224 <chapter> |
249 <chapter> |
225 <name>Modular architecture and extensibility</name> |
250 <name>Modular architecture and extensibility</name> |
226 <id>c56e7e86-e480-4a5d-8a47-ab155dcd59b1</id> |
251 <id>c56e7e86-e480-4a5d-8a47-ab155dcd59b1</id> |
227 <item> |
252 <item> |
228 <id>e50424e8-94f3-48aa-bf01-0ba984eb2349</id> |
253 <id>e50424e8-94f3-48aa-bf01-0ba984eb2349</id> |
|
254 <type>requirement</type> |
229 <text>Larger and multi-purpose software must be divided into smaller modules.</text> |
255 <text>Larger and multi-purpose software must be divided into smaller modules.</text> |
230 </item> |
256 </item> |
231 <item> |
257 <item> |
232 <id>e752efae-75c9-4620-aa14-65c4949a3609</id> |
258 <id>e752efae-75c9-4620-aa14-65c4949a3609</id> |
|
259 <type>requirement</type> |
233 <text>The modules must have defined dependencies (less = better).</text> |
260 <text>The modules must have defined dependencies (less = better).</text> |
234 <note>Dependencies needed to write an extension/module (i.e. header files, API classes/interfaces) should be as small as possible (do not require large codebase to write a mere plug-in).</note> |
261 <note>Dependencies needed to write an extension/module (i.e. header files, API classes/interfaces) should be as small as possible (do not require large codebase to write a mere plug-in).</note> |
235 <note>The required dependency should contain just interfaces (method/function signatures) and data structures but no implementation (executable code).</note> |
262 <note>The required dependency should contain just interfaces (method/function signatures) and data structures but no implementation (executable code).</note> |
236 </item> |
263 </item> |
237 <item> |
264 <item> |
238 <id>e9988ed0-d686-41a0-9f1e-3243ac5235d5</id> |
265 <id>e9988ed0-d686-41a0-9f1e-3243ac5235d5</id> |
|
266 <type>recommendation</type> |
239 <text>Particular modules should be compilable and executable (installable) independently.</text> |
267 <text>Particular modules should be compilable and executable (installable) independently.</text> |
240 <text>It should not be necessary to recompile the core and other modules if only one module is changed.</text> |
268 <text>It should not be necessary to recompile the core and other modules if only one module is changed.</text> |
241 <note>Whole system should be compilable (buildable) with only selected modules – must not require compilation or even distribution of all modules, if they are not necessary.</note> |
269 <note>Whole system should be compilable (buildable) with only selected modules – must not require compilation or even distribution of all modules, if they are not necessary.</note> |
242 <note>The goal is to reduce the complexity and the code footprint that comes into the play if the user needs only certain features.</note> |
270 <note>The goal is to reduce the complexity and the code footprint that comes into the play if the user needs only certain features.</note> |
243 </item> |
271 </item> |
244 <item> |
272 <item> |
245 <id>a7bc51ba-9832-4f75-983c-e75dc0801113</id> |
273 <id>a7bc51ba-9832-4f75-983c-e75dc0801113</id> |
|
274 <type>information</type> |
246 <text>Another good ways to extend and customize the software are:</text> |
275 <text>Another good ways to extend and customize the software are:</text> |
247 <text>configuration (XML, INI, RegExp, SQL, XSLT, XPath etc.) and</text> |
276 <text>configuration (XML, INI, RegExp, SQL, XSLT, XPath etc.) and</text> |
248 <text>scripting (Guile, Bash, Python, Lua, ECMA Script etc.)</text> |
277 <text>scripting (Guile, Bash, Python, Lua, ECMA Script etc.)</text> |
249 <link> |
278 <link> |
250 <url>https://www.gnu.org/prep/standards/standards.html#Source-Language</url> |
279 <url>https://www.gnu.org/prep/standards/standards.html#Source-Language</url> |
266 <chapter> |
295 <chapter> |
267 <name>Testable</name> |
296 <name>Testable</name> |
268 <id>a0376231-d53e-45fd-826f-47148721de3d</id> |
297 <id>a0376231-d53e-45fd-826f-47148721de3d</id> |
269 <item> |
298 <item> |
270 <id>d95dc118-7473-4f18-8b9e-35830a87b269</id> |
299 <id>d95dc118-7473-4f18-8b9e-35830a87b269</id> |
|
300 <type>recommendation</type> |
271 <text>there should be automated build-time complex tests for the package – feed the program with sample input and verify expected output</text> |
301 <text>there should be automated build-time complex tests for the package – feed the program with sample input and verify expected output</text> |
272 </item> |
302 </item> |
273 <item> |
303 <item> |
274 <id>a9f6725d-ddf1-41ee-96b4-15f3b851cb50</id> |
304 <id>a9f6725d-ddf1-41ee-96b4-15f3b851cb50</id> |
|
305 <type>recommendation</type> |
275 <text>there should be also automated runtime/postinstall tests – in order to verify that software was installed properly, all required dependencies are met and basic function is guaranteed – the program should report problem during its start (as a warning if it is not fatal), instead of unexpected failures during operation</text> |
306 <text>there should be also automated runtime/postinstall tests – in order to verify that software was installed properly, all required dependencies are met and basic function is guaranteed – the program should report problem during its start (as a warning if it is not fatal), instead of unexpected failures during operation</text> |
276 </item> |
307 </item> |
277 <item> |
308 <item> |
278 <id>d610c04b-cc44-48c7-b069-f41b90bdef0f</id> |
309 <id>d610c04b-cc44-48c7-b069-f41b90bdef0f</id> |
|
310 <type>recommendation</type> |
279 <text>unit tests are recommended for code parts that are internally complex (algorithms, important business logic) and have simple interfaces</text> |
311 <text>unit tests are recommended for code parts that are internally complex (algorithms, important business logic) and have simple interfaces</text> |
280 </item> |
312 </item> |
281 <item> |
313 <item> |
282 <id>e85baeda-8fcb-42d1-bb53-d7386a941ae7</id> |
314 <id>e85baeda-8fcb-42d1-bb53-d7386a941ae7</id> |
|
315 <type>recommendation</type> |
283 <text>each external interface should contain procedure/function that does nothing important or heavy, is idempotent and returns simple response which proves that the interface (connection) is working (e.g. echo, print version, status or current time); if authentication and authorization mechanisms are present, there should be one procedure/function callable anonymously and one that requires authorization</text> |
316 <text>each external interface should contain procedure/function that does nothing important or heavy, is idempotent and returns simple response which proves that the interface (connection) is working (e.g. echo, print version, status or current time); if authentication and authorization mechanisms are present, there should be one procedure/function callable anonymously and one that requires authorization</text> |
284 </item> |
317 </item> |
285 </chapter> |
318 </chapter> |
286 |
319 |
287 <chapter> |
320 <chapter> |
288 <name>Safe code and sustainability</name> |
321 <name>Safe code and sustainability</name> |
289 <id>f3afbaf2-0933-43d2-aed0-8dc568b9429f</id> |
322 <id>f3afbaf2-0933-43d2-aed0-8dc568b9429f</id> |
290 <item> |
323 <item> |
291 <id>a96206c9-3e69-483d-b575-6bab9dec4a30</id> |
324 <id>a96206c9-3e69-483d-b575-6bab9dec4a30</id> |
|
325 <type>requirement</type> |
292 <text>correctness, safety and readability is preferred to performance</text> |
326 <text>correctness, safety and readability is preferred to performance</text> |
293 </item> |
327 </item> |
294 <item> |
328 <item> |
295 <id>d8eba0dd-4305-44b9-80ea-4c38b6dfa633</id> |
329 <id>d8eba0dd-4305-44b9-80ea-4c38b6dfa633</id> |
|
330 <type>recommendation</type> |
296 <text>use strong data typing, declare preconditions and possible exceptions</text> |
331 <text>use strong data typing, declare preconditions and possible exceptions</text> |
297 </item> |
332 </item> |
298 <item> |
333 <item> |
299 <id>ebea0c16-f820-444d-a73c-3054ca6a38c8</id> |
334 <id>ebea0c16-f820-444d-a73c-3054ca6a38c8</id> |
|
335 <type>requirement</type> |
300 <text>data structures must be known and well documented – do not use undocumented map keys or properties</text> |
336 <text>data structures must be known and well documented – do not use undocumented map keys or properties</text> |
301 </item> |
337 </item> |
302 <item> |
338 <item> |
303 <id>e24e600e-6542-4664-8cf0-2d8c6feb6c13</id> |
339 <id>e24e600e-6542-4664-8cf0-2d8c6feb6c13</id> |
|
340 <type>recommendation</type> |
304 <text>code, comments and specification should be written in the same natural language</text> |
341 <text>code, comments and specification should be written in the same natural language</text> |
305 <link> |
342 <link> |
306 <url>https://www.gnu.org/prep/standards/standards.html#Comments</url> |
343 <url>https://www.gnu.org/prep/standards/standards.html#Comments</url> |
307 <type>related</type> |
344 <type>related</type> |
308 <title>GNU Coding Standards: Commenting Your Work</title> |
345 <title>GNU Coding Standards: Commenting Your Work</title> |
309 <quotation>Please write the comments in a GNU program in English, because English is the one language that nearly all programmers in all countries can read.</quotation> |
346 <quotation>Please write the comments in a GNU program in English, because English is the one language that nearly all programmers in all countries can read.</quotation> |
310 </link> |
347 </link> |
311 </item> |
348 </item> |
312 <item> |
349 <item> |
313 <id>fa92aa33-a69f-43b8-9051-9bfdcd3d293f</id> |
350 <id>fa92aa33-a69f-43b8-9051-9bfdcd3d293f</id> |
|
351 <type>recommendation</type> |
314 <text>there should be a dictionary of used terms, so whole team and also users and customers will speak the same language</text> |
352 <text>there should be a dictionary of used terms, so whole team and also users and customers will speak the same language</text> |
315 </item> |
353 </item> |
316 <item> |
354 <item> |
317 <id>b9345a0e-c672-45d3-b93b-8d0fb4ece8b3</id> |
355 <id>b9345a0e-c672-45d3-b93b-8d0fb4ece8b3</id> |
|
356 <type>recommendation</type> |
318 <text>fail fast – errors in the code should be reported during build time or at least on first execution – do not silently continue if given error would lead to failure later in another part of the code – bad weak coupling leads to difficult debugging</text> |
357 <text>fail fast – errors in the code should be reported during build time or at least on first execution – do not silently continue if given error would lead to failure later in another part of the code – bad weak coupling leads to difficult debugging</text> |
319 </item> |
358 </item> |
320 </chapter> |
359 </chapter> |
321 |
360 |
322 <chapter> |
361 <chapter> |
323 <name>Small code footprint</name> |
362 <name>Small code footprint</name> |
324 <id>ba8fbf3a-9254-4dd8-bb77-b0cd4907c6aa</id> |
363 <id>ba8fbf3a-9254-4dd8-bb77-b0cd4907c6aa</id> |
325 <item> |
364 <item> |
326 <id>f5389468-2f8a-43c8-884a-8df6bc844453</id> |
365 <id>f5389468-2f8a-43c8-884a-8df6bc844453</id> |
|
366 <type>recommendation</type> |
327 <text>less LOC (resp. cyclomatic complexity) = better</text> |
367 <text>less LOC (resp. cyclomatic complexity) = better</text> |
328 </item> |
368 </item> |
329 <item> |
369 <item> |
330 <id>b6b6c838-be6d-43d5-9f99-2098fa217c54</id> |
370 <id>b6b6c838-be6d-43d5-9f99-2098fa217c54</id> |
|
371 <type>recommendation</type> |
331 <text>reduce boilerplate and unused code</text> |
372 <text>reduce boilerplate and unused code</text> |
332 </item> |
373 </item> |
333 <item> |
374 <item> |
334 <id>b07fe0f0-2be7-4c1c-9b19-b671269c5e58</id> |
375 <id>b07fe0f0-2be7-4c1c-9b19-b671269c5e58</id> |
|
376 <type>recommendation</type> |
335 <text>use code generators (during build process, not to generate code to be manually edited and versioned)</text> |
377 <text>use code generators (during build process, not to generate code to be manually edited and versioned)</text> |
336 <link> |
378 <link> |
337 <url>https://www.gnu.org/prep/standards/standards.html#Releases</url> |
379 <url>https://www.gnu.org/prep/standards/standards.html#Releases</url> |
338 <type>compatible</type> |
380 <type>compatible</type> |
339 <title>GNU Coding Standards: Making Releases</title> |
381 <title>GNU Coding Standards: Making Releases</title> |
345 <chapter> |
387 <chapter> |
346 <name>Sane dependencies</name> |
388 <name>Sane dependencies</name> |
347 <id>afd8f6c7-8dac-4a83-a101-64f017ec7ada</id> |
389 <id>afd8f6c7-8dac-4a83-a101-64f017ec7ada</id> |
348 <item> |
390 <item> |
349 <id>c2d5a677-a721-40e3-b560-73afe76fe2b0</id> |
391 <id>c2d5a677-a721-40e3-b560-73afe76fe2b0</id> |
|
392 <type>recommendation</type> |
350 <text>avoid NIH and reuse code but also avoid dependency hell</text> |
393 <text>avoid NIH and reuse code but also avoid dependency hell</text> |
351 </item> |
394 </item> |
352 <item> |
395 <item> |
353 <id>d214987c-881c-450b-8544-82141866f541</id> |
396 <id>d214987c-881c-450b-8544-82141866f541</id> |
|
397 <type>requirement</type> |
354 <text>know your dependencies, know why they are required</text> |
398 <text>know your dependencies, know why they are required</text> |
355 </item> |
399 </item> |
356 <item> |
400 <item> |
357 <id>c8402612-e136-43b5-9209-f9800d2e94da</id> |
401 <id>c8402612-e136-43b5-9209-f9800d2e94da</id> |
|
402 <type>recommendation</type> |
358 <text>reduce dependencies to only necessary ones</text> |
403 <text>reduce dependencies to only necessary ones</text> |
359 </item> |
404 </item> |
360 <item> |
405 <item> |
361 <id>cbeb9a6b-7b64-4452-8caf-246c082a853d</id> |
406 <id>cbeb9a6b-7b64-4452-8caf-246c082a853d</id> |
|
407 <type>recommendation</type> |
362 <text>depend on small and useful libraries – not on bulky application packages or libraries with large transitive dependencies</text> |
408 <text>depend on small and useful libraries – not on bulky application packages or libraries with large transitive dependencies</text> |
363 </item> |
409 </item> |
364 <item> |
410 <item> |
365 <id>cbaf55be-8ffb-4109-9c83-083d1b3e793a</id> |
411 <id>cbaf55be-8ffb-4109-9c83-083d1b3e793a</id> |
|
412 <type>requirement</type> |
366 <text>if dependency on bulky application package is inevitable, add a layer of abstraction – create a generic interface and connector and allow others to replace the bulky package with their own sane implementation</text> |
413 <text>if dependency on bulky application package is inevitable, add a layer of abstraction – create a generic interface and connector and allow others to replace the bulky package with their own sane implementation</text> |
367 </item> |
414 </item> |
368 <item> |
415 <item> |
369 <id>d7655989-a5e4-4123-9147-3782fc05a5ee</id> |
416 <id>d7655989-a5e4-4123-9147-3782fc05a5ee</id> |
|
417 <type>recommendation</type> |
370 <text>helper tools:</text> |
418 <text>helper tools:</text> |
371 <item> |
419 <item> |
372 <id>a5307bc9-36ed-4d83-963a-30c5c67613aa</id> |
420 <id>a5307bc9-36ed-4d83-963a-30c5c67613aa</id> |
|
421 <type>recommendation</type> |
373 <text>if you e.g. use Bash and Perl during the build process, do not add also Python dependency, write it in Perl – or use Python instead of Perl.</text> |
422 <text>if you e.g. use Bash and Perl during the build process, do not add also Python dependency, write it in Perl – or use Python instead of Perl.</text> |
374 </item> |
423 </item> |
375 <item> |
424 <item> |
376 <id>b0237d84-7068-4b2b-bc28-ce5e0a0061e4</id> |
425 <id>b0237d84-7068-4b2b-bc28-ce5e0a0061e4</id> |
|
426 <type>recommendation</type> |
377 <text>Or if you use Java as your main language, consider not using Python/Perl for scripting and use Java for it</text> |
427 <text>Or if you use Java as your main language, consider not using Python/Perl for scripting and use Java for it</text> |
378 </item> |
428 </item> |
379 </item> |
429 </item> |
380 <item> |
430 <item> |
381 <id>a0f42ec9-5032-4f6d-a50a-4b7bddde77f0</id> |
431 <id>a0f42ec9-5032-4f6d-a50a-4b7bddde77f0</id> |
|
432 <type>requirement</type> |
382 <text>if possible, always depend on abstract interfaces, not on particular implementations</text> |
433 <text>if possible, always depend on abstract interfaces, not on particular implementations</text> |
383 </item> |
434 </item> |
384 <item> |
435 <item> |
385 <id>c5974dcd-4855-40c5-ad22-894c128ca1dc</id> |
436 <id>c5974dcd-4855-40c5-ad22-894c128ca1dc</id> |
|
437 <type>recommendation</type> |
386 <text>from the whole system point-of-view, Bootstrappable builds should be taken into account</text> |
438 <text>from the whole system point-of-view, Bootstrappable builds should be taken into account</text> |
387 <link> |
439 <link> |
388 <url>http://bootstrappable.org/</url> |
440 <url>http://bootstrappable.org/</url> |
389 <type>related</type> |
441 <type>related</type> |
390 <title>Bootstrappable builds</title> |
442 <title>Bootstrappable builds</title> |
395 <chapter> |
447 <chapter> |
396 <name>Easily auditable</name> |
448 <name>Easily auditable</name> |
397 <id>fb0c484b-d97a-4cb4-9b8f-04d386ef0f54</id> |
449 <id>fb0c484b-d97a-4cb4-9b8f-04d386ef0f54</id> |
398 <item> |
450 <item> |
399 <id>aeef6a5c-bafc-4fcf-9b21-5829e8a44c5e</id> |
451 <id>aeef6a5c-bafc-4fcf-9b21-5829e8a44c5e</id> |
|
452 <type>recommendation</type> |
400 <text>small code footprint and minimal dependencies makes it easy to do security audit</text> |
453 <text>small code footprint and minimal dependencies makes it easy to do security audit</text> |
401 </item> |
454 </item> |
402 <item> |
455 <item> |
403 <id>ab69d352-da68-40c2-a3e1-a8fd5c41ad0a</id> |
456 <id>ab69d352-da68-40c2-a3e1-a8fd5c41ad0a</id> |
|
457 <type>recommendation</type> |
404 <text>avoid ungrounded refactoring and reformatting – they make mess and noise in the version control system and impede the audit</text> |
458 <text>avoid ungrounded refactoring and reformatting – they make mess and noise in the version control system and impede the audit</text> |
|
459 <note>This rule is classified as a recommendation only because of the fact that past mistakes usually can not be reverted, which would disqualify the software forever. However it should be normally considered to be a requirement.</note> |
405 </item> |
460 </item> |
406 <item> |
461 <item> |
407 <id>e4db77b8-f145-4e43-bf8b-eb775b9352c8</id> |
462 <id>e4db77b8-f145-4e43-bf8b-eb775b9352c8</id> |
|
463 <type>information</type> |
408 <text>refactoring/reformatting changesets should be separated from substantive changes</text> |
464 <text>refactoring/reformatting changesets should be separated from substantive changes</text> |
409 </item> |
465 </item> |
410 </chapter> |
466 </chapter> |
411 |
467 |
412 <chapter> |
468 <chapter> |
413 <name>Reproducible builds</name> |
469 <name>Reproducible builds</name> |
414 <id>da6436f7-c352-4d52-915b-02d0d1880e40</id> |
470 <id>da6436f7-c352-4d52-915b-02d0d1880e40</id> |
415 <item> |
471 <item> |
416 <id>e5154815-eeae-4664-8883-a29a64eea325</id> |
472 <id>e5154815-eeae-4664-8883-a29a64eea325</id> |
|
473 <type>recommendation</type> |
417 <text>builds should be reproducible: same code/version → same binary package</text> |
474 <text>builds should be reproducible: same code/version → same binary package</text> |
418 </item> |
475 </item> |
419 <item> |
476 <item> |
420 <id>a3b0c164-4dde-4e33-b3be-5478d2a187e2</id> |
477 <id>a3b0c164-4dde-4e33-b3be-5478d2a187e2</id> |
|
478 <type>requirement</type> |
421 <text>if not, it should be documented, why and how build products might differ, and there should be plan/task to make it reproducible</text> |
479 <text>if not, it should be documented, why and how build products might differ, and there should be plan/task to make it reproducible</text> |
422 </item> |
480 </item> |
423 </chapter> |
481 </chapter> |
424 |
482 |
425 <chapter> |
483 <chapter> |
426 <name>Trustworthy packages and sources</name> |
484 <name>Trustworthy packages and sources</name> |
427 <id>e7ded437-aaa2-475a-9754-0b2d89394b24</id> |
485 <id>e7ded437-aaa2-475a-9754-0b2d89394b24</id> |
428 <item> |
486 <item> |
429 <id>a0d9322c-7d2b-4632-b543-7e0d75bb5f0b</id> |
487 <id>a0d9322c-7d2b-4632-b543-7e0d75bb5f0b</id> |
|
488 <type>requirement</type> |
430 <text>every released version (binary or source) must be cryptographically signed by the authors (GnuPG/OpenPGP is strongly recommended)</text> |
489 <text>every released version (binary or source) must be cryptographically signed by the authors (GnuPG/OpenPGP is strongly recommended)</text> |
431 </item> |
490 </item> |
432 <item> |
491 <item> |
433 <id>feb97ec0-c35c-49b8-b455-517a929b4a84</id> |
492 <id>feb97ec0-c35c-49b8-b455-517a929b4a84</id> |
|
493 <type>recommendation</type> |
434 <text>there should be also checksums/hashes for every released package</text> |
494 <text>there should be also checksums/hashes for every released package</text> |
435 </item> |
495 </item> |
436 <item> |
496 <item> |
437 <id>ff33e209-0460-4a43-997f-d6b32b73997b</id> |
497 <id>ff33e209-0460-4a43-997f-d6b32b73997b</id> |
|
498 <type>recommendation</type> |
438 <text>if HTTP is supported, HTTPS should also be – the attacker/eavesdropper should not even know what software/package/update is downloaded by the user</text> |
499 <text>if HTTP is supported, HTTPS should also be – the attacker/eavesdropper should not even know what software/package/update is downloaded by the user</text> |
439 </item> |
500 </item> |
440 <item> |
501 <item> |
441 <id>c1f83b3a-e564-4483-91de-9c08723efd13</id> |
502 <id>c1f83b3a-e564-4483-91de-9c08723efd13</id> |
|
503 <type>recommendation</type> |
442 <text>the attacker should not be able to suppress updates – the program must not be silent in such case and must warn the user that something possibly nasty and dangerous is happening</text> |
504 <text>the attacker should not be able to suppress updates – the program must not be silent in such case and must warn the user that something possibly nasty and dangerous is happening</text> |
443 </item> |
505 </item> |
444 <item> |
506 <item> |
445 <id>c6a755c9-a54e-4ffb-8f70-bfbd851b93c5</id> |
507 <id>c6a755c9-a54e-4ffb-8f70-bfbd851b93c5</id> |
|
508 <type>recommendation</type> |
446 <text>releases should be downloadable also (or exclusively) over BitTorrent or other P2P network</text> |
509 <text>releases should be downloadable also (or exclusively) over BitTorrent or other P2P network</text> |
447 </item> |
510 </item> |
448 <item> |
511 <item> |
449 <id>f9275c3c-2b09-4aec-ac28-76ff827d52ce</id> |
512 <id>f9275c3c-2b09-4aec-ac28-76ff827d52ce</id> |
|
513 <type>requirement</type> |
450 <text>source code repository must be accessible through an encrypted connection</text> |
514 <text>source code repository must be accessible through an encrypted connection</text> |
451 </item> |
515 </item> |
452 </chapter> |
516 </chapter> |
453 |
517 |
454 <chapter> |
518 <chapter> |
455 <name>Network interactions</name> |
519 <name>Network interactions</name> |
456 <id>d3edb71b-8668-4290-a669-19694956e3aa</id> |
520 <id>d3edb71b-8668-4290-a669-19694956e3aa</id> |
457 <item> |
521 <item> |
458 <id>c967092e-09e9-4c68-90bf-aa8cb441f7dc</id> |
522 <id>c967092e-09e9-4c68-90bf-aa8cb441f7dc</id> |
|
523 <type>requirement</type> |
459 <text>Network connectivity must not be required during build – the build must be possible completely offline.</text> |
524 <text>Network connectivity must not be required during build – the build must be possible completely offline.</text> |
460 <text>All dependencies must be downloadable and documented including secure hashes or preferably cryptographic signatures.</text> |
525 <text>All dependencies must be downloadable and documented including secure hashes or preferably cryptographic signatures.</text> |
461 <note>It should be straightforward to collect all dependencies transfer them in space or time and build the software (e.g. on another computer or in next decade).</note> |
526 <note>It should be straightforward to collect all dependencies transfer them in space or time and build the software (e.g. on another computer or in next decade).</note> |
462 </item> |
527 </item> |
463 <item> |
528 <item> |
464 <id>b5515d33-1531-4361-8baf-a99ca461e763</id> |
529 <id>b5515d33-1531-4361-8baf-a99ca461e763</id> |
|
530 <type>requirement</type> |
465 <text>If dependencies are optionally automatically downloaded during or before build, the packaging system must cryptographically verify that that they are undamaged.</text> |
531 <text>If dependencies are optionally automatically downloaded during or before build, the packaging system must cryptographically verify that that they are undamaged.</text> |
466 <note>So it should not be possible to endanger the user by MITM attack.</note> |
532 <note>So it should not be possible to endanger the user by MITM attack.</note> |
467 </item> |
533 </item> |
468 <item> |
534 <item> |
469 <id>f700413a-fde1-460c-8633-76985e98007c</id> |
535 <id>f700413a-fde1-460c-8633-76985e98007c</id> |
|
536 <type>requirement</type> |
470 <text>Avoid unwanted network interactions during runtime.</text> |
537 <text>Avoid unwanted network interactions during runtime.</text> |
471 <text>There must be no „call home“ or update-checks without user's explicit consent.</text> |
538 <text>There must be no „call home“ or update-checks without user's explicit consent.</text> |
472 </item> |
539 </item> |
473 <item> |
540 <item> |
474 <id>f55c2ebd-c3ba-44f7-ae92-06f679780ec7</id> |
541 <id>f55c2ebd-c3ba-44f7-ae92-06f679780ec7</id> |
|
542 <type>requirement</type> |
475 <text>If any network connection is used, it must be by default cryptographically secured against MITM attacks.</text> |
543 <text>If any network connection is used, it must be by default cryptographically secured against MITM attacks.</text> |
476 <note>It might be possible to disable the encryption on user's explicit request (in order to get better performance on a trusted private network).</note> |
544 <note>It might be possible to disable the encryption on user's explicit request (in order to get better performance on a trusted private network).</note> |
477 <note>For debugging and testing purposes it is better to allow dumping the private/session keys rather than disabling the encryption.</note> |
545 <note>For debugging and testing purposes it is better to allow dumping the private/session keys rather than disabling the encryption.</note> |
478 <note>In special cases (like small microcontrollers without cryptographic capability connected to a trusted private network), it is possible to have no encryption at all, but the user must be properly informed about this issue and potential risks.</note> |
546 <note>In special cases (like small microcontrollers without cryptographic capability connected to a trusted private network), it is possible to have no encryption at all, but the user must be properly informed about this issue and potential risks.</note> |
479 </item> |
547 </item> |
493 <quotation>Internationalization is the process of designing a software application so that it can be adapted to various languages and regions without engineering changes. Localization is the process of adapting internationalized software for a specific region or language by translating text and adding locale-specific components.</quotation> |
562 <quotation>Internationalization is the process of designing a software application so that it can be adapted to various languages and regions without engineering changes. Localization is the process of adapting internationalized software for a specific region or language by translating text and adding locale-specific components.</quotation> |
494 </link> |
563 </link> |
495 </item> |
564 </item> |
496 <item> |
565 <item> |
497 <id>ad2f572b-497b-4523-b435-f9752fd1518a</id> |
566 <id>ad2f572b-497b-4523-b435-f9752fd1518a</id> |
|
567 <type>recommendation</type> |
498 <text>It should be possible to localize the user interface independently from the original author by creating an additionally installable language pack.</text> |
568 <text>It should be possible to localize the user interface independently from the original author by creating an additionally installable language pack.</text> |
499 </item> |
569 </item> |
500 <item> |
570 <item> |
501 <id>c3827486-6bf5-45c0-9a6d-61ad659d8ba1</id> |
571 <id>c3827486-6bf5-45c0-9a6d-61ad659d8ba1</id> |
|
572 <type>recommendation</type> |
502 <text>GNU Gettext or other standard framework (like Java resource bundles) should be used.</text> |
573 <text>GNU Gettext or other standard framework (like Java resource bundles) should be used.</text> |
503 <link> |
574 <link> |
504 <url>https://www.gnu.org/prep/standards/standards.html#Internationalization</url> |
575 <url>https://www.gnu.org/prep/standards/standards.html#Internationalization</url> |
505 <type>compatible</type> |
576 <type>compatible</type> |
506 <title>GNU Coding Standards: Internationalization</title> |
577 <title>GNU Coding Standards: Internationalization</title> |
507 <quotation>GNU has a library called GNU gettext that makes it easy to translate the messages in a program into various languages. You should use this library in every program.</quotation> |
578 <quotation>GNU has a library called GNU gettext that makes it easy to translate the messages in a program into various languages. You should use this library in every program.</quotation> |
508 </link> |
579 </link> |
509 </item> |
580 </item> |
510 <item> |
581 <item> |
511 <id>a57f4fc8-1f64-46e2-a91d-3a598c37f2e9</id> |
582 <id>a57f4fc8-1f64-46e2-a91d-3a598c37f2e9</id> |
|
583 <type>recommendation</type> |
512 <text>Error messages should have assigned unique error codes, so it is possible to find relevant information regardless the current locale.</text> |
584 <text>Error messages should have assigned unique error codes, so it is possible to find relevant information regardless the current locale.</text> |
513 </item> |
585 </item> |
514 <!-- GEC is recommended for such unique error identifiers --> |
586 <!-- GEC is recommended for such unique error identifiers --> |
515 <item> |
587 <item> |
516 <id>eba92867-5c1b-45b6-943a-a3fa6ea67e38</id> |
588 <id>eba92867-5c1b-45b6-943a-a3fa6ea67e38</id> |
|
589 <type>requirement</type> |
517 <text>Data formats and protocols must be language/locale independent.</text> |
590 <text>Data formats and protocols must be language/locale independent.</text> |
518 <item> |
591 <item> |
519 <id>fee73fee-4940-47ac-84b6-15646f5f61c7</id> |
592 <id>fee73fee-4940-47ac-84b6-15646f5f61c7</id> |
|
593 <type>requirement</type> |
520 <text>e.g. use decimal point instead of comma and no thousand separators for numbers, use standardized date formats</text> |
594 <text>e.g. use decimal point instead of comma and no thousand separators for numbers, use standardized date formats</text> |
521 </item> |
595 </item> |
522 <item> |
596 <item> |
523 <id>f1a00487-ed89-4443-99b5-63ab4c635690</id> |
597 <id>f1a00487-ed89-4443-99b5-63ab4c635690</id> |
|
598 <type>requirement</type> |
524 <text>in general: everything that is expected to be machine-readable or machine-generated must be independent from the current locale</text> |
599 <text>in general: everything that is expected to be machine-readable or machine-generated must be independent from the current locale</text> |
525 </item> |
600 </item> |
526 </item> |
601 </item> |
527 <item> |
602 <item> |
528 <id>e6603e06-0b2c-439e-82ce-45f9744b2ef8</id> |
603 <id>e6603e06-0b2c-439e-82ce-45f9744b2ef8</id> |
|
604 <type>requirement</type> |
529 <text>Character encoding:</text> |
605 <text>Character encoding:</text> |
530 <item> |
606 <item> |
531 <id>abd42a7f-bd4b-4034-98ee-85a33094b5c1</id> |
607 <id>abd42a7f-bd4b-4034-98ee-85a33094b5c1</id> |
|
608 <type>recommendation</type> |
|
609 <!-- TODO: requirement? --> |
532 <text>The software should always be aware of it and do not just blindly use current platform's default.</text> |
610 <text>The software should always be aware of it and do not just blindly use current platform's default.</text> |
533 <note>The other side might run on different platform with different default. Or a file might be opened later on different platform.</note> |
611 <note>The other side might run on different platform with different default. Or a file might be opened later on different platform.</note> |
534 </item> |
612 </item> |
535 <item> |
613 <item> |
536 <id>abd48eae-d287-4729-80ee-52dd018b0ba7</id> |
614 <id>abd48eae-d287-4729-80ee-52dd018b0ba7</id> |
|
615 <type>requirement</type> |
537 <text>If given software/format/protocol has some default encoding, it must be clearly defined in its specification and this default must not be changed without changing the major version number.</text> |
616 <text>If given software/format/protocol has some default encoding, it must be clearly defined in its specification and this default must not be changed without changing the major version number.</text> |
538 </item> |
617 </item> |
539 <item> |
618 <item> |
540 <id>c9f4d9f4-f959-48ad-bc68-6720dd4596e3</id> |
619 <id>c9f4d9f4-f959-48ad-bc68-6720dd4596e3</id> |
|
620 <type>requirement</type> |
541 <text>If there is no default, the encoding must be specified in the metadata attached (e.g. protocol headers, extended attributes on filesystem) to the actual data or at least at the beginning of the data (like declaration in XML format).</text> |
621 <text>If there is no default, the encoding must be specified in the metadata attached (e.g. protocol headers, extended attributes on filesystem) to the actual data or at least at the beginning of the data (like declaration in XML format).</text> |
542 </item> |
622 </item> |
543 </item> |
623 </item> |
544 <item> |
624 <item> |
545 <id>ce45c382-6ec5-41e8-869a-a0e758621b13</id> |
625 <id>ce45c382-6ec5-41e8-869a-a0e758621b13</id> |
|
626 <type>recommendation</type> |
|
627 <!-- TODO: requirement? --> |
546 <text>The metric system should be used as default.</text> |
628 <text>The metric system should be used as default.</text> |
547 </item> |
629 </item> |
548 </chapter> |
630 </chapter> |
549 |
631 |
550 <chapter> |
632 <chapter> |
551 <name>Communication with users and developers</name> |
633 <name>Communication with users and developers</name> |
552 <id>a931dcbb-8043-4e21-838f-8e8122bb8af3</id> |
634 <id>a931dcbb-8043-4e21-838f-8e8122bb8af3</id> |
553 <item> |
635 <item> |
554 <id>fff90688-907e-48eb-a48a-2ae6d6b42f0a</id> |
636 <id>fff90688-907e-48eb-a48a-2ae6d6b42f0a</id> |
|
637 <type>recommendation</type> |
555 <text>Following information should be provided in RSS/Atom or other machine readable format:</text> |
638 <text>Following information should be provided in RSS/Atom or other machine readable format:</text> |
556 <text>announcements (security, new versions, infrastructure outage),</text> |
639 <text>announcements (security, new versions, infrastructure outage),</text> |
557 <text>blog posts, tutorials</text> |
640 <text>blog posts, tutorials</text> |
558 <text>and AFK events (e.g. conferences, meetings or hackatons).</text> |
641 <text>and AFK events (e.g. conferences, meetings or hackatons).</text> |
559 <note>for calendar data iCal format is strongly recommended</note> |
642 <note>for calendar data iCal format is strongly recommended</note> |
560 </item> |
643 </item> |
561 <item> |
644 <item> |
562 <id>e8b18e02-d7b2-4584-8eee-dbaf823f6800</id> |
645 <id>e8b18e02-d7b2-4584-8eee-dbaf823f6800</id> |
|
646 <type>recommendation</type> |
563 <text>A mailing list (e-mail conference) or other equivalently open and decentralized technology should be used for the many-to-many communication.</text> |
647 <text>A mailing list (e-mail conference) or other equivalently open and decentralized technology should be used for the many-to-many communication.</text> |
564 <note>Having an „old school“ mailing list is not mandatory – it might be e.g. a P2P distributed technology or some self-hosted forum.</note> |
648 <note>Having an „old school“ mailing list is not mandatory – it might be e.g. a P2P distributed technology or some self-hosted forum.</note> |
565 <link> |
649 <link> |
566 <url>https://www.gnu.org/prep/maintain/maintain.html#Standard-Mailing-Lists</url> |
650 <url>https://www.gnu.org/prep/maintain/maintain.html#Standard-Mailing-Lists</url> |
567 <type>related</type> |
651 <type>related</type> |
568 <title>Information for Maintainers of GNU Software: Standard Mailing Lists</title> |
652 <title>Information for Maintainers of GNU Software: Standard Mailing Lists</title> |
569 </link> |
653 </link> |
570 </item> |
654 </item> |
571 <item> |
655 <item> |
572 <id>e746eb5b-8d8b-4ec8-9315-a311f35e156a</id> |
656 <id>e746eb5b-8d8b-4ec8-9315-a311f35e156a</id> |
|
657 <type>requirement</type> |
573 <text>Users must not be pushed to register at a proprietary social networks resp. at particular providers of such services.</text> |
658 <text>Users must not be pushed to register at a proprietary social networks resp. at particular providers of such services.</text> |
574 <text>Users without such account must not be disadvantaged – use open and decentralized networks/protocols instead.</text> |
659 <text>Users without such account must not be disadvantaged – use open and decentralized networks/protocols instead.</text> |
575 <link> |
660 <link> |
576 <url>https://www.gnu.org/prep/maintain/maintain.html#Ethical-and-Philosophical-Consideration</url> |
661 <url>https://www.gnu.org/prep/maintain/maintain.html#Ethical-and-Philosophical-Consideration</url> |
577 <type>compatible</type> |
662 <type>compatible</type> |
580 <quotation>Of course, you can’t order people not to use such services to talk with each other. What you can do is not legitimize them, and use your influence to lead people away from them. For instance, where you say where to have discussions related to the program, don’t list such a place.</quotation> |
665 <quotation>Of course, you can’t order people not to use such services to talk with each other. What you can do is not legitimize them, and use your influence to lead people away from them. For instance, where you say where to have discussions related to the program, don’t list such a place.</quotation> |
581 </link> |
666 </link> |
582 </item> |
667 </item> |
583 <item> |
668 <item> |
584 <id>ff537045-819e-4dec-a020-d2c9f2c3292b</id> |
669 <id>ff537045-819e-4dec-a020-d2c9f2c3292b</id> |
|
670 <type>recommendation</type> |
585 <text>There should be a second-level internet domain for the project or its team.</text> |
671 <text>There should be a second-level internet domain for the project or its team.</text> |
586 <note>But do not buy an internet domain if you are not prepared to mainain it for decades – rather use third level domain under some reliable second level domain maintained by a credible group or person – think of that every expired domain helps spammers and scammers and hurts the users.</note> |
672 <note>But do not buy an internet domain if you are not prepared to mainain it for decades – rather use third level domain under some reliable second level domain maintained by a credible group or person – think of that every expired domain helps spammers and scammers and hurts the users.</note> |
587 </item> |
673 </item> |
588 <item> |
674 <item> |
589 <id>a1141312-5177-4d68-bb14-fce952d542c3</id> |
675 <id>a1141312-5177-4d68-bb14-fce952d542c3</id> |
|
676 <type>recommendation</type> |
590 <text>URLs should be as stable as possible – accessible in next decade.</text> |
677 <text>URLs should be as stable as possible – accessible in next decade.</text> |
591 <note>Do not break old links, set up redirections if needed.</note> |
678 <note>Do not break old links, set up redirections if needed.</note> |
592 </item> |
679 </item> |
593 <item> |
680 <item> |
594 <id>c5b6d3d7-2f1f-4371-acfa-d6af1588c2cb</id> |
681 <id>c5b6d3d7-2f1f-4371-acfa-d6af1588c2cb</id> |
|
682 <type>requirement</type> |
595 <text>The website must be independent and must contain everything needed – any content (JavaScripts, CSS, fonts, images etc.) downloaded from other domains must not be required to browse/use the website.</text> |
683 <text>The website must be independent and must contain everything needed – any content (JavaScripts, CSS, fonts, images etc.) downloaded from other domains must not be required to browse/use the website.</text> |
596 <note>Embedded content from the third-party servers causes leaks of sensitive data (tracking of the users) and also denies decentralized nature of the internet.</note> |
684 <note>Embedded content from the third-party servers causes leaks of sensitive data (tracking of the users) and also denies decentralized nature of the internet.</note> |
597 </item> |
685 </item> |
598 <item> |
686 <item> |
599 <id>d5fbcc9e-a12c-44ce-909b-f514a579ab7e</id> |
687 <id>d5fbcc9e-a12c-44ce-909b-f514a579ab7e</id> |
|
688 <type>requirement</type> |
600 <text>JavaScript or other code executed on client computers must be also free software with properly declared license.</text> |
689 <text>JavaScript or other code executed on client computers must be also free software with properly declared license.</text> |
601 <link> |
690 <link> |
602 <url>https://www.gnu.org/philosophy/javascript-trap.html</url> |
691 <url>https://www.gnu.org/philosophy/javascript-trap.html</url> |
603 <type>compatible</type> |
692 <type>compatible</type> |
604 <title>The JavaScript Trap</title> |
693 <title>The JavaScript Trap</title> |
643 <chapter> |
735 <chapter> |
644 <name>Accept contributions</name> |
736 <name>Accept contributions</name> |
645 <id>eae0f528-a5ce-4809-a25d-9f9ab6311f3d</id> |
737 <id>eae0f528-a5ce-4809-a25d-9f9ab6311f3d</id> |
646 <item> |
738 <item> |
647 <id>efae935b-fef1-4bbd-a2c5-e12048524e35</id> |
739 <id>efae935b-fef1-4bbd-a2c5-e12048524e35</id> |
|
740 <type>recommendation</type> |
648 <text>Good quality code contributions with appropriate copyright and patent licenses or assignments should be accepted from anyone.</text> |
741 <text>Good quality code contributions with appropriate copyright and patent licenses or assignments should be accepted from anyone.</text> |
649 </item> |
742 </item> |
650 <item> |
743 <item> |
651 <id>ea429f77-44db-4eb4-9925-0d28f9abf47a</id> |
744 <id>ea429f77-44db-4eb4-9925-0d28f9abf47a</id> |
|
745 <type>information</type> |
652 <text>The „good quality code“ is defined by the project and might involve code style, idioms, design patterns, software architecture, required tests, documentation etc.</text> |
746 <text>The „good quality code“ is defined by the project and might involve code style, idioms, design patterns, software architecture, required tests, documentation etc.</text> |
653 <link> |
747 <link> |
654 <url>https://www.gnu.org/prep/maintain/maintain.html#Clean-Ups</url> |
748 <url>https://www.gnu.org/prep/maintain/maintain.html#Clean-Ups</url> |
655 <type>compatible</type> |
749 <type>compatible</type> |
656 <title>Information for Maintainers of GNU Software: Cleaning Up Changes</title> |
750 <title>Information for Maintainers of GNU Software: Cleaning Up Changes</title> |
657 <quotation>Don’t feel obligated to include every change that someone asks you to include. You must judge which changes are improvements—partly based on what you think the users will like, and partly based on your own judgment of what is better. If you think a change is not good, you should reject it.</quotation> |
751 <quotation>Don’t feel obligated to include every change that someone asks you to include. You must judge which changes are improvements—partly based on what you think the users will like, and partly based on your own judgment of what is better. If you think a change is not good, you should reject it.</quotation> |
658 </link> |
752 </link> |
659 </item> |
753 </item> |
660 <item> |
754 <item> |
661 <id>b0022cea-4caf-4663-ae24-5fc5da31333b</id> |
755 <id>b0022cea-4caf-4663-ae24-5fc5da31333b</id> |
|
756 <type>recommendation</type> |
662 <text>Such requirements and rules should be available to the contributor before he begins.</text> |
757 <text>Such requirements and rules should be available to the contributor before he begins.</text> |
663 <text>However (especially smaller) projects might communicate such code quality requirements and provide consultations and guidance during the contribution.</text> |
758 <text>However (especially smaller) projects might communicate such code quality requirements and provide consultations and guidance during the contribution.</text> |
664 <link> |
759 <link> |
665 <url>https://www.gnu.org/prep/standards/</url> |
760 <url>https://www.gnu.org/prep/standards/</url> |
666 <type>related</type> |
761 <type>related</type> |
668 <description>example of such rules and guidelines</description> |
763 <description>example of such rules and guidelines</description> |
669 </link> |
764 </link> |
670 </item> |
765 </item> |
671 <item> |
766 <item> |
672 <id>ea4a8d23-b2df-42eb-84ae-7687d35838c8</id> |
767 <id>ea4a8d23-b2df-42eb-84ae-7687d35838c8</id> |
|
768 <type>requirement</type> |
673 <text>In order to contribute, it must not be required:</text> |
769 <text>In order to contribute, it must not be required:</text> |
674 <note>The term „contribution“ includes not only source code (patch) but also bugreports, feature specifications, documentation, assets (graphics, music etc.) or similar artifacts.</note> |
770 <note>The term „contribution“ includes not only source code (patch) but also bugreports, feature specifications, documentation, assets (graphics, music etc.) or similar artifacts.</note> |
675 <item> |
771 <item> |
676 <id>da7dabf6-f2d8-43bc-8121-6e4527eaa691</id> |
772 <id>da7dabf6-f2d8-43bc-8121-6e4527eaa691</id> |
|
773 <type>requirement</type> |
677 <text>to have an account on any particular third party service like particular e-mail or hosting provider,</text> |
774 <text>to have an account on any particular third party service like particular e-mail or hosting provider,</text> |
678 </item> |
775 </item> |
679 <item> |
776 <item> |
680 <id>dfd6a77f-7c4a-430a-8199-8ea71ec7ee8c</id> |
777 <id>dfd6a77f-7c4a-430a-8199-8ea71ec7ee8c</id> |
|
778 <type>requirement</type> |
681 <text>to sign a contract (which includes accepting „Terms and conditions“) with any particular third party (e.g. source code hosting provider),</text> |
779 <text>to sign a contract (which includes accepting „Terms and conditions“) with any particular third party (e.g. source code hosting provider),</text> |
682 </item> |
780 </item> |
683 <item> |
781 <item> |
684 <id>af6a589f-d419-483f-b7b2-07b6e9da3924</id> |
782 <id>af6a589f-d419-483f-b7b2-07b6e9da3924</id> |
|
783 <type>requirement</type> |
685 <text>to sign any political, religious or other proclamation or agree with it.</text> |
784 <text>to sign any political, religious or other proclamation or agree with it.</text> |
686 <link> |
785 <link> |
687 <url>https://www.gnu.org/prep/maintain/maintain.html#Other-Politics</url> |
786 <url>https://www.gnu.org/prep/maintain/maintain.html#Other-Politics</url> |
688 <type>compatible</type> |
787 <type>compatible</type> |
689 <title>Information for Maintainers of GNU Software: Other Politics</title> |
788 <title>Information for Maintainers of GNU Software: Other Politics</title> |