1 <?xml version="1.0" encoding="UTF-8"?> |
1 <?xml version="1.0" encoding="UTF-8"?> |
2 <!DOCTYPE html SYSTEM "http://www.w3.org/2002/04/xhtml-math-svg/xhtml-math-svg-flat.dtd"> |
2 <!-- |
3 <html xmlns="http://www.w3.org/1999/xhtml"> |
3 Sane Software Manifesto |
4 <head> |
4 Copyright © 2019 František Kučera (Frantovo.cz, GlobalCode.info) |
5 <title>Sane Software Manifesto</title> |
|
6 <link href="style.css" type="text/css" rel="StyleSheet" /> |
|
7 </head> |
|
8 <body> |
|
9 <h1>Sane Software Manifesto</h1> |
|
10 |
5 |
11 <p style="text-align: center"><DRAFT> Please note that this is a draft version. Stay tuned for v1.0.0! </DRAFT></p> |
6 This manifesto is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License. |
|
7 https://creativecommons.org/licenses/by-nd/4.0/ |
|
8 |
|
9 If distributed, official website of Sane Software Manifesto must be provided: https://sane-software.globalcode.info/ |
|
10 --> |
|
11 <manifesto |
|
12 xmlns="tag:globalcode.info,2019:sane-software/manifesto" |
|
13 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
|
14 xsi:schemaLocation="tag:globalcode.info,2019:sane-software/manifesto ssm.xsd"> |
12 |
15 |
13 <p>In respect to user freedoms, privacy, liberty, quality, mental health and world peace we create software according to these guidelines.</p> |
16 |
|
17 <title>Sane Software Manifesto</title> |
|
18 <id>fd466b50-6abd-4294-b11f-a5b8f2f39c2a</id> |
|
19 <preamble>In respect to user freedoms, privacy, liberty, quality, mental health and world peace we create software according to these guidelines.</preamble> |
14 |
20 |
15 <h2>Free software</h2> |
21 <chapter> |
|
22 <name>Free software</name> |
|
23 <id>ca4d0f6c-9996-49ac-8647-b7f15b049b03</id> |
|
24 <item> |
|
25 <id>a755410b-6264-4094-b339-aeca55448e8d</id> |
|
26 <text>Every piece of Sane software is also Free software.</text> |
|
27 <note>see https://www.gnu.org/philosophy/free-sw.html</note> |
|
28 </item> |
|
29 <item> |
|
30 <id>c75a518f-c155-4544-a439-5694ba6f1c53</id> |
|
31 <text>The user has freedom to run the program for any purpose, to study and change it (i.e. has access to the source code under a free software license) and to distribute modified or unmodified copies.</text> |
|
32 </item> |
|
33 <item> |
|
34 <id>b7cd1a50-79eb-4df2-925c-7243a46d5ed8</id> |
|
35 <text>The user controls his/her computer and software and owns the data.</text> |
|
36 </item> |
|
37 <item> |
|
38 <id>a61998fa-376a-4435-bd97-8225ea4e2808</id> |
|
39 <text>Non-free software can not be trusted.</text> |
|
40 </item> |
|
41 <item> |
|
42 <id>c78a9796-7862-4dd2-8ad9-3fdae094fe2c</id> |
|
43 <text>Must be buildable using free software toolchain (like GNU/Linux + GCC or OpenJDK etc.).</text> |
|
44 </item> |
|
45 <item> |
|
46 <id>b3c0daaf-dcaf-49a8-ae38-40590456a315</id> |
|
47 <text>Should not promote non-free (proprietary) software or services.</text> |
|
48 </item> |
|
49 <item> |
|
50 <id>b2fd5d2d-4d47-48e8-8abc-4b1aa94a7951</id> |
|
51 <text>Copyleft licenses (like GNU GPL or GNU Affero GPL) are strongly recommended because they guarantee software freedoms to every single end-user and prevent possibility that freedom vanishes somewhere in the distribution chain and the user can't benefit from the free software albeit the software is build on originally free source code.</text> |
|
52 </item> |
|
53 <item> |
|
54 <id>c3599313-338b-428d-885f-964a443d76c6</id> |
|
55 <text>The license should be compatible with GNU GPL in order to allow mixing with the GPL code.</text> |
|
56 </item> |
|
57 <item> |
|
58 <id>f39b90ae-0054-467e-a9e2-43379b7c2331</id> |
|
59 <text>If the software is distributed with a hardware, the hardware must support instalation of independently built software without any restrictions or requirements (e.g. digital signature from the original author).</text> |
|
60 </item> |
|
61 |
|
62 </chapter> |
|
63 |
|
64 <chapter> |
|
65 <name>Documented</name> |
|
66 <id>e1c828c5-0a4f-4948-9943-db1ae16a42d5</id> |
|
67 <item> |
|
68 <id>c63ea2ac-c255-4f3e-a0e2-b49d1e145347</id> |
|
69 <text>At least basic documentation must be released under a free license (GNU FDL is recommended).</text> |
|
70 </item> |
|
71 <item> |
|
72 <id>fd8e3bbd-d46a-40fe-85a6-b902336456d4</id> |
|
73 <text>Every advertised feature must be properly documented. Undocumented features can not be considered as features from the user/customer point-of-view.</text> |
|
74 </item> |
|
75 <item> |
|
76 <id>e4dede5b-059e-4e47-b03d-80142b8467f1</id> |
|
77 <text>There might be also other documentation/books released under any license and price.</text> |
|
78 </item> |
|
79 <item> |
|
80 <id>c0df4d14-43f8-4b61-83c4-fb5896161aeb</id> |
|
81 <text>But average software engineer must be able to build and operate the software with just the free (basic) documentation.</text> |
|
82 </item> |
|
83 <item> |
|
84 <id>e6cd9c52-0e66-402c-930c-901fa66acd22</id> |
|
85 <text>There must be a free documentation with description of building and running the software on a fresh operating system installation including description of all dependencies.</text> |
|
86 </item> |
|
87 <!-- |
|
88 <item><id></id><text>documentation should focus on all target groups: users, administrators, developers</text></item> |
|
89 <item><id></id><text>there must be a big picture and software architercure described</text></item> |
|
90 --> |
|
91 |
16 |
92 |
17 <ul> |
93 </chapter> |
18 <li>Every piece of Sane software is also <a href="https://www.gnu.org/philosophy/free-sw.html">Free software</a>.</li> |
94 |
19 <li>The user has freedom to run the program for any purpose, to study and change it (i.e. has access to the source code under a free software license) and to distribute modified or unmodified copies.</li> |
95 <chapter> |
20 <li>The user controls his/her computer and software and owns the data.</li> |
96 <name>Semantic versioning</name> |
21 <li>Non-free software can not be trusted.</li> |
97 <id>aa8bd952-842b-4391-aefe-d9b3750e432d</id> |
22 <li>Must be buildable using free software toolchain (like GNU/Linux + GCC or OpenJDK etc.).</li> |
98 <item> |
23 <li>Should not promote non-free (proprietary) software or services.</li> |
99 <id>a8beddfc-11e3-4012-9f88-f79dc88eee16</id> |
24 <li>Copyleft licenses (like GNU GPL or GNU Affero GPL) are strongly recommended because they guarantee software freedoms to every single end-user and prevent possibility that freedom vanishes somewhere in the distribution chain and the user can't benefit from the free software albeit the software is build on originally free source code.</li> |
100 <text>Semantic versioning is strongly recommended.</text> |
25 <li>If the software is distributed with a hardware, the hardware must support instalation of independently built software without any restrictions or requirements (e.g. digital signature from the original author).</li> |
101 <note>see http://semver.org/</note> |
26 </ul> |
102 </item> |
27 |
103 <item> |
28 <h2>Documented</h2> |
104 <id>a8ef6602-cd90-4b42-932e-fce76b2d312a</id> |
29 <ul> |
105 <text>Especially when the software is suposed to be used as dependency by others.</text> |
30 <li>At least basic documentation must be released under a free license (GNU FDL is recommended).</li> |
106 </item> |
31 <li>Every advertised feature must be properly documented. Undocumented features can not be considered as features from the user/customer point-of-view.</li> |
107 <item> |
32 <li>There might be also other documentation/books released under any license and price.</li> |
108 <id>f1c461d6-1f3c-43f0-b16d-65c5bac9b0b5</id> |
33 <li>But average software engineer must be able to build and operate the software with just the free (basic) documentation.</li> |
109 <text>If there is a need of some marketing or cool versioning/codenames like Ultrasonic Umbrella or 2016, they should be used in addition to semantic versioning, not instead of it.</text> |
34 <li>There must be a free documentation with description of building and running the software on a fresh operating system installation including description of all dependencies.</li> |
110 </item> |
35 <!-- |
111 <item> |
36 <li>documentation should focus on all target groups: users, administrators, developers</li> |
112 <id>cf557a11-b307-4c2f-a7b5-5d2485d23258</id> |
37 <li>there must be a big picture and software architercure described</li> |
113 <text>Once publicly released, the package must not be changed anymore – if a change (even a small fix) is needed, new version number must be assigned.</text> |
38 --> |
114 </item> |
39 </ul> |
115 <item> |
40 |
116 <id>dd013325-bf22-43d3-9579-0e272e2ac344</id> |
41 <h2>Semantic versioning</h2> |
117 <text> |
42 <ul> |
|
43 <li><a href="http://semver.org/">Semantic versioning</a> is strongly recommended.</li> |
|
44 <li>Especially when the software is suposed to be used as dependency by others.</li> |
|
45 <li>If there is a need of some marketing or cool versioning/codenames like Ultrasonic Umbrella or 2016, they should be used in addition to semantic versioning, not instead of it.</li> |
|
46 <li>Once publicly released, the package must not be changed anymore – if a change (even a small fix) is needed, new version number must be assigned.</li> |
|
47 <li> |
|
48 APIs, file formats and protocols might (and usually should) be semanticly versioned independently from the implementation; |
118 APIs, file formats and protocols might (and usually should) be semanticly versioned independently from the implementation; |
49 in such case, there should be a table documenting which API/format/protocol version matches which implementation version. |
119 in such case, there should be a table documenting which API/format/protocol version matches which implementation version. |
50 </li> |
120 </text> |
51 </ul> |
121 </item> |
|
122 |
|
123 </chapter> |
|
124 |
|
125 <chapter> |
|
126 <name>Compatible with itself</name> |
|
127 <id>d626bb57-a20a-4182-a88a-446e901e9de4</id> |
|
128 <item> |
|
129 <id>a9852300-c59a-4bda-86a1-3a90d2ee1b74</id> |
|
130 <text>Focus on backward compatibility. Newer version should work as a drop-in replacement.</text> |
|
131 </item> |
|
132 <item> |
|
133 <id>f9b07d6c-da34-4971-8a92-a50b3e9f80ff</id> |
|
134 <text>Don't break things – rather postpone the release date than deliver a faulty product.</text> |
|
135 </item> |
|
136 <item> |
|
137 <id>ae33d206-4988-44ec-b8e2-3120019fcf2f</id> |
|
138 <text>Don't remove features unless they are really obsolete, unused or unrepairably broken.</text> |
|
139 </item> |
|
140 <item> |
|
141 <id>c542336a-fce8-412c-a8dd-1328c1a884ec</id> |
|
142 <text>The user interface might be simplified or redesigned while preserving the features under the hood.</text> |
|
143 </item> |
|
144 <item> |
|
145 <id>ba8fecf0-5c02-4fdf-abdc-2650d428f82a</id> |
|
146 <text>Incompatible changes must be planned and announced in advance. <!--Major/minor/patch numbers must be increased according to the Semantic versioning.--></text> |
|
147 </item> |
|
148 <item> |
|
149 <id>f4826891-e732-45e8-b929-25d1182fa141</id> |
|
150 <text>Upgrade scripts and upgrade documentation must be provided.</text> |
|
151 </item> |
|
152 |
|
153 </chapter> |
|
154 |
|
155 <chapter> |
|
156 <name>Compatible with others</name> |
|
157 <id>d34ce339-197c-44ee-9e5c-6d7e212f8c10</id> |
|
158 <item> |
|
159 <id>be4c72d1-c494-4c44-aeb4-c5847f5a3524</id> |
|
160 <text>use open standards (protocols, formats) if they exist</text> |
|
161 </item> |
|
162 <item> |
|
163 <id>b2202690-8a6c-467f-a2b1-b154f470aa77</id> |
|
164 <text>never extend nor modify existing open protocol/format in the way which effectively creates a proprietary protocol/format</text> |
|
165 </item> |
|
166 <item> |
|
167 <id>dd206223-9525-4229-be2b-84b07c2b8244</id> |
|
168 <text>define and publish own open standards if needed</text> |
|
169 <item> |
|
170 <id>f24d45b0-a07c-45d8-820e-63a3b95ba3f6</id> |
|
171 <text>also standards must be semantically versioned</text> |
|
172 </item> |
|
173 <item> |
|
174 <id>d341b78e-15b9-4077-8b48-9e54c93391ac</id> |
|
175 <text>should be written in machine readable format (WSDL, WADL, ASN.1, XSD, Diameter dictionary, D-Bus etc.) or at least formal language (Backus–Naur Form, EBNF etc.)</text> |
|
176 </item> |
|
177 <item> |
|
178 <id>d61b3e31-bb9f-4333-87c8-9fb32f33a49d</id> |
|
179 <text>also configuration should have machine readable description and should be testable by executing a command</text> |
|
180 </item> |
|
181 </item> |
|
182 |
|
183 </chapter> |
|
184 |
|
185 <chapter> |
|
186 <name>Modular architecture</name> |
|
187 <id>c56e7e86-e480-4a5d-8a47-ab155dcd59b1</id> |
|
188 <item> |
|
189 <id>e50424e8-94f3-48aa-bf01-0ba984eb2349</id> |
|
190 <text>larger and multi-purpose software should be divided into smaller modules</text> |
|
191 </item> |
|
192 <item> |
|
193 <id>e752efae-75c9-4620-aa14-65c4949a3609</id> |
|
194 <text>modules must have defined dependencies (less = better)</text> |
|
195 </item> |
|
196 <item> |
|
197 <id>e9988ed0-d686-41a0-9f1e-3243ac5235d5</id> |
|
198 <text>particular modules should be compilable and executable separately</text> |
|
199 </item> |
|
200 <item> |
|
201 <id>ac722cec-0734-4d80-9885-d70a97b6402b</id> |
|
202 <text>whole system should be compilable (buildable) with only selected modules – must not require compilation or even distribution of all modules, if they are not necessary</text> |
|
203 </item> |
|
204 |
|
205 </chapter> |
|
206 |
|
207 <chapter> |
|
208 <name>Extensible</name> |
52 |
209 |
53 <h2>Compatible with itself</h2> |
210 <id>d333af72-b5b5-432f-b564-a008d54a85d1</id> |
54 <ul> |
211 <item> |
55 <li>Focus on backward compatibility. Newer version should work as a drop-in replacement.</li> |
212 <id>a7bc51ba-9832-4f75-983c-e75dc0801113</id> |
56 <li>Don't broke things – rather postpone the release date than deliver a faulty product.</li> |
213 <text>able to be extended</text> |
57 <li>Don't remove features unless they are really obsolete, unused or unrepairably broken.</li> |
214 <item> |
58 <li>Incompatible changes must be planned and announced in advance. <!--Major/minor/patch numbers must be increased according to the Semantic versioning.--></li> |
215 <id>e190f58d-1c16-4198-94d6-fc1a99fa85a0</id> |
59 <li>Upgrade scripts and upgrade documentation must be provided.</li> |
216 <text>by configuration (RegExp, SQL, XSLT, XPath etc.)</text> |
60 </ul> |
217 </item> |
61 |
218 <item> |
62 <h2>Compatible with others</h2> |
219 <id>fde301e5-6e75-49a4-85c8-a231f6a63036</id> |
63 <ul> |
220 <text>by scripting (Guile, Bash, Python, Lua, ECMA Script etc.)</text> |
64 <li>use open standards (protocols, formats) if they exist</li> |
221 </item> |
65 <li>define and publish own open standards if needed |
222 <item> |
66 <ul> |
223 <id>a9c63cea-b9df-4bbd-bec1-84a047514667</id> |
67 <li>also standards must be semantically versioned</li> |
224 <text>and/or third-party plugins/modules</text> |
68 <li>should be written in machine readable format (WSDL, WADL, ASN.1, XSD, Diameter dictionary etc.) or at least formal language (Backus–Naur Form, EBNF etc.)</li> |
225 <item> |
69 <li>also configuration should have machine readable description and should be testable by executing a command</li> |
226 <id>de7270db-0410-4152-974f-4f0d74ff255b</id> |
70 </ul> |
227 <text>it should be easy to create a third-party module and plug it in an existing system</text> |
71 </li> |
228 </item> |
72 </ul> |
229 <item> |
73 |
230 <id>fb4b07d1-6af7-44d9-8e6a-89ea63638652</id> |
74 <h2>Modular architecture</h2> |
231 <text>dependencies needed to write an extension (i.e. header files, API classes/interfaces) should be as small as possible (do not require large codebase to write a mere plug-in); the required dependency should contain just interfaces (method/function signatures) and data structures but no implementation (executable code)</text> |
75 <ul> |
232 </item> |
76 <li>larger and multi-purpose software should be divided into smaller modules</li> |
233 </item> |
77 <li>modules must have defined dependencies (less = better)</li> |
234 </item> |
78 <li>particular modules should be compilable and executable separately</li> |
235 <item> |
79 <li>whole system should be compilable (buildable) with only selected modules – must not require compilation or even distribution of all modules, if they are not necessary</li> |
236 <id>e41134a4-715c-4926-a7df-01ff3759eda1</id> |
80 </ul> |
237 <text>there should be public directory of extensions/scripts</text> |
81 |
238 </item> |
82 <h2>Extensible</h2> |
239 |
83 |
240 </chapter> |
84 <ul> |
241 |
85 <li>able to be extended |
242 <chapter> |
86 <ul> |
243 <name>Testable</name> |
87 <li>by configuration (RegExp, SQL, XSLT, XPath etc.)</li> |
244 <id>a0376231-d53e-45fd-826f-47148721de3d</id> |
88 <li>by scripting (Guile, Bash, Python, Lua, ECMA Script etc.)</li> |
245 <item> |
89 <li>and/or third-party plugins/modules |
246 <id>d95dc118-7473-4f18-8b9e-35830a87b269</id> |
90 <ul> |
247 <text>there should be automated build-time complex tests for the package – feed the program with sample input and verify expected output</text> |
91 <li>it should be easy to create a third-party module and plug it in an existing system</li> |
248 </item> |
92 <li>dependencies needed to write an extension (i.e. header files, API classes/interfaces) should be as small as possible (do not require large codebase to write a mere plug-in); the required dependency should contain just interfaces (method/function signatures) and data structures but no implementation (executable code)</li> |
249 <item> |
93 </ul> |
250 <id>a9f6725d-ddf1-41ee-96b4-15f3b851cb50</id> |
94 </li> |
251 <text>there should be also automated runtime/postinstall tests – in order to verify that software was installed properly, all required dependencies are met and basic function is guaranteed – the program should report problem during its start (as a warning if it is not fatal), instead of unexpected failures during operation</text> |
95 </ul> |
252 </item> |
96 </li> |
253 <item> |
97 <li>there should be public directory of extensions/scripts</li> |
254 <id>d610c04b-cc44-48c7-b069-f41b90bdef0f</id> |
98 </ul> |
255 <text>unit tests are recommended for code parts that are internally complex (algorithms, important business logic) and have simple interfaces</text> |
99 |
256 </item> |
100 <h2>Testable</h2> |
257 <item> |
101 <ul> |
258 <id>e85baeda-8fcb-42d1-bb53-d7386a941ae7</id> |
102 <li>there should be automated build-time complex tests for the package – feed the program with sample input and verify expected output</li> |
259 <text>each external interface should contain procedure/function that does nothing important or heavy, is idempotent and returns simple response which proves that the interface (connection) is working (e.g. echo, print version, status or current time); if authentication and authorization mechanisms are present, there should be one procedure/function callable anonymously and one that requires authorization</text> |
103 <li>there should be also automated runtime/postinstall tests – in order to verify that software was installed properly, all required dependencies are met and basic function is guaranteed – the program should report problem during its start (as a warning if it is not fatal), instead of unexpected failures during operation</li> |
260 </item> |
104 <li>unit tests are recommended for code parts that are internally complex (algorithms, important business logic) and have simple interfaces</li> |
261 |
105 <li>each external interface should contain procedure/function that does nothing important or heavy, is idempotent and returns simple response which proves that the interface (connection) is working (e.g. echo, print version, status or current time); if authentication and authorization mechanisms are present, there should be one procedure/function callable anonymously and one that requires authorization</li> |
262 </chapter> |
106 </ul> |
263 |
107 |
264 <chapter> |
108 <h2>Safe code and sustainability</h2> |
265 <name>Safe code and sustainability</name> |
109 <ul> |
266 <id>f3afbaf2-0933-43d2-aed0-8dc568b9429f</id> |
110 <li>correctness, safety and readability is prefered to performance</li> |
267 <item> |
111 <li>use strong data typing, declare preconditions and possible exceptions</li> |
268 <id>a96206c9-3e69-483d-b575-6bab9dec4a30</id> |
112 <li>data structures must be known and well documented – don't use undocumented map keys or properties</li> |
269 <text>correctness, safety and readability is prefered to performance</text> |
113 <li>code, comments and specification should be written in the same natural language</li> |
270 </item> |
114 <li>there should be a dictionary of used terms, so whole team and also users and customers will speak same language</li> |
271 <item> |
115 <li>fail fast – errors in the code should be reported during build time or at least on first execution – don't silently continue if given error would lead to failure later in another part of the code – bad weak coupling leads to difficult debugging</li> |
272 <id>d8eba0dd-4305-44b9-80ea-4c38b6dfa633</id> |
116 </ul> |
273 <text>use strong data typing, declare preconditions and possible exceptions</text> |
117 |
274 </item> |
118 <h2>Small code footprint</h2> |
275 <item> |
119 <ul> |
276 <id>ebea0c16-f820-444d-a73c-3054ca6a38c8</id> |
120 <li>less LOC (resp. complexity) = better</li> |
277 <text>data structures must be known and well documented – don't use undocumented map keys or properties</text> |
121 <li>reduce boilerplate and unused code</li> |
278 </item> |
122 <li>use code generators (during build process, not to generate code to be manually edited and versioned)</li> |
279 <item> |
123 </ul> |
280 <id>e24e600e-6542-4664-8cf0-2d8c6feb6c13</id> |
124 |
281 <text>code, comments and specification should be written in the same natural language</text> |
125 <h2>Sane dependencies</h2> |
282 </item> |
126 <ul> |
283 <item> |
127 <li>avoid NIH and reuse code but also avoid dependency hell</li> |
284 <id>fa92aa33-a69f-43b8-9051-9bfdcd3d293f</id> |
128 <li>know your dependencies, know why they are required</li> |
285 <text>there should be a dictionary of used terms, so whole team and also users and customers will speak the same language</text> |
129 <li>reduce dependencies to only necessary ones</li> |
286 </item> |
130 <li>depend on small and useful libraries – not on bulky application packages or libraries with large transitive dependencies</li> |
287 <item> |
131 <li>if dependency on bulky application package is inevitable, add a layer of abstraction – create a generic interface and connector and allow others to replace the bulky package with their own sane implementation</li> |
288 <id>b9345a0e-c672-45d3-b93b-8d0fb4ece8b3</id> |
132 <li>helper tools: |
289 <text>fail fast – errors in the code should be reported during build time or at least on first execution – don't silently continue if given error would lead to failure later in another part of the code – bad weak coupling leads to difficult debugging</text> |
133 <ul> |
290 </item> |
134 <li>if you e.g. use Bash and Perl during the build process, don't add also Python dependency, write it in Perl – or use Python instead of Perl.</li> |
291 |
135 <li>Or if you use Java as your main language, consider not using Python/Perl for scripting and use Java for it</li> |
292 </chapter> |
136 </ul> |
293 |
137 </li> |
294 <chapter> |
138 <li>if possible, always depend on abstract interfaces, not on particular implementations</li> |
295 <name>Small code footprint</name> |
139 </ul> |
296 <id>ba8fbf3a-9254-4dd8-bb77-b0cd4907c6aa</id> |
140 |
297 <item> |
141 <h2>Easily auditable</h2> |
298 <id>f5389468-2f8a-43c8-884a-8df6bc844453</id> |
142 <ul> |
299 <text>less LOC (resp. cyclomatic complexity) = better</text> |
143 <li>small code footprint and minimal dependencies makes it easy to do security audit</li> |
300 </item> |
144 <li>avoid ungrounded refactoring and reformatting – they make mess and noise in the version control system and impede the audit</li> |
301 <item> |
145 <li>refactoring/reformatting changesets should be separated from substantive changes</li> |
302 <id>b6b6c838-be6d-43d5-9f99-2098fa217c54</id> |
146 </ul> |
303 <text>reduce boilerplate and unused code</text> |
147 |
304 </item> |
148 <h2>Reproducible builds</h2> |
305 <item> |
149 <ul> |
306 <id>b07fe0f0-2be7-4c1c-9b19-b671269c5e58</id> |
150 <li>builds should be reproducible: same code/version → same binary package</li> |
307 <text>use code generators (during build process, not to generate code to be manually edited and versioned)</text> |
151 <li>if not, it should be documented, why and how build products mihgt differ, and there should be plan/task to make it reproducible</li> |
308 </item> |
152 </ul> |
309 |
153 |
310 </chapter> |
154 <h2>Trustworthy packages and sources</h2> |
311 |
155 <ul> |
312 <chapter> |
156 <li>every released version (binary or source) is cryptographically signed by the authors (GnuPG/OpenPGP is strongly recommended)</li> |
313 <name>Sane dependencies</name> |
157 <li>if HTTP is supported, HTTPS should also be – the attacker/eavesdropper should not even know what software/package/update is downloaded by the user</li> |
314 <id>afd8f6c7-8dac-4a83-a101-64f017ec7ada</id> |
158 <li>the attacker should not be able to suppress updates – the program must not be silent in such case and must warn the user that something possibly nasty and dangerous is happening </li> |
315 <item> |
159 <li>releases should be downloadable also (or exclusively) over BitTorrent or other P2P network</li> |
316 <id>c2d5a677-a721-40e3-b560-73afe76fe2b0</id> |
160 <li>there should be also checksums/hashes for every package</li> |
317 <text>avoid NIH and reuse code but also avoid dependency hell</text> |
161 <li>source code repository is accessible through an encrypted connection</li> |
318 </item> |
162 </ul> |
319 <item> |
163 |
320 <id>d214987c-881c-450b-8544-82141866f541</id> |
164 <h2>Network interactions</h2> |
321 <text>know your dependencies, know why they are required</text> |
165 <ul> |
322 </item> |
166 <li>no network connection is needed during build – build must be possible completely offline, all dependencies must be downloadable and documented including secure hashes or better cryptographic signatures</li> |
323 <item> |
167 <li>if dependencies are optionally automatically downloaded during/before build, the packaging system must cryptographically verify that that they are undamaged</li> |
324 <id>c8402612-e136-43b5-9209-f9800d2e94da</id> |
168 <li>avoid unwanted network interactions during runtime – no „call home“ or update-checks without user's explicit consent</li> |
325 <text>reduce dependencies to only necessary ones</text> |
169 <li>if any network connection is used, it must be cryptographically secured against MITM attacks</li> |
326 </item> |
170 </ul> |
327 <item> |
171 |
328 <id>cbeb9a6b-7b64-4452-8caf-246c082a853d</id> |
172 <h2>Localized/internationalized</h2> |
329 <text>depend on small and useful libraries – not on bulky application packages or libraries with large transitive dependencies</text> |
173 <ul> |
330 </item> |
174 <li>is is strongly recommended that it should be possible to localize the user interface independently from the original author by writing a language pack</li> |
331 <item> |
175 <li>GNU Gettext or other standard framework (like Java resource bundles) should be used</li> |
332 <id>cbaf55be-8ffb-4109-9c83-083d1b3e793a</id> |
176 <li>error messages should have assigned unique error codes, so it is possible to find relevant information regardless current locale</li> |
333 <text>if dependency on bulky application package is inevitable, add a layer of abstraction – create a generic interface and connector and allow others to replace the bulky package with their own sane implementation</text> |
177 <!-- GEC is recommended for such unique error identifiers --> |
334 </item> |
178 <li>data formats and protocols must be language/locale independent |
335 <item> |
179 <ul> |
336 <id>d7655989-a5e4-4123-9147-3782fc05a5ee</id> |
180 <li>e.g. use decimal point instead of comma and no thousand separators for numbers, use standardized date formats</li> |
337 <text>helper tools:</text> |
181 <li>in general: everything that is expected to be machine-readable or machine-generated must be independent from current locale</li> |
338 <item> |
182 </ul> |
339 <id>a5307bc9-36ed-4d83-963a-30c5c67613aa</id> |
183 </li> |
340 <text>if you e.g. use Bash and Perl during the build process, don't add also Python dependency, write it in Perl – or use Python instead of Perl.</text> |
184 <li>character encoding: |
341 </item> |
185 <ul> |
342 <item> |
186 <li>always be aware of it, don't just blindly use current platform's default (because the other side might run on different platform with different default)</li> |
343 <id>b0237d84-7068-4b2b-bc28-ce5e0a0061e4</id> |
187 <li>if given software/format/protocol has some default encoding, it must be clearly defined in its specification and this default should not be changed without changing the major version number</li> |
344 <text>Or if you use Java as your main language, consider not using Python/Perl for scripting and use Java for it</text> |
188 <li>if there is no default, the encoding must be specified in the metadata attached (e.g. protocol headers, extended attributes on filesystem) to the actual data or at least at the begining of the data (like declaration in XML format)</li> |
345 </item> |
189 </ul> |
346 </item> |
190 </li> |
347 <item> |
191 <li>the metric system should be used as default</li> |
348 <id>a0f42ec9-5032-4f6d-a50a-4b7bddde77f0</id> |
192 </ul> |
349 <text>if possible, always depend on abstract interfaces, not on particular implementations</text> |
193 |
350 </item> |
194 <h2>Communication channels</h2> |
351 <item> |
195 <ul> |
352 <id>c5974dcd-4855-40c5-ad22-894c128ca1dc</id> |
196 <li>use RSS/Atom or other machine readable format for: |
353 <text>from the whole system point-of-view, Bootstrappable builds should be taken into account</text> |
197 <ul> |
354 <note>see http://bootstrappable.org/</note> |
198 <li>security announcements</li> |
355 </item> |
199 <li>new version announcements</li> |
356 |
200 <li>infrastructure outage announcements</li> |
357 </chapter> |
201 <li>blog, documentation, how-tos etc.</li> |
358 |
202 <li>AFK events (conferences, meetings, hackatons etc.), for calendar data iCal format is strongly recommended</li> |
359 <chapter> |
203 </ul> |
360 <name>Easily auditable</name> |
204 </li> |
361 <id>fb0c484b-d97a-4cb4-9b8f-04d386ef0f54</id> |
205 <li>mailing list</li> |
362 <item> |
206 <li>e-mail/SMTP |
363 <id>aeef6a5c-bafc-4fcf-9b21-5829e8a44c5e</id> |
207 <ul> |
364 <text>small code footprint and minimal dependencies makes it easy to do security audit</text> |
208 <li>use TLS</li> |
365 </item> |
209 <li>use DKIM/ADSP</li> |
366 <item> |
210 <li>use signed and encrypted messages (GnuPG or X.509)</li> |
367 <id>ab69d352-da68-40c2-a3e1-a8fd5c41ad0a</id> |
211 <li>avoid spam and viruses, don't spam the users, don't push them to subscribe your „newsletter“ – always offer also anonymous channel like RSS/Atom</li> |
368 <text>avoid ungrounded refactoring and reformatting – they make mess and noise in the version control system and impede the audit</text> |
212 </ul> |
369 </item> |
213 </li> |
370 <item> |
214 <li>Jabber MUC or IRC</li> |
371 <id>e4db77b8-f145-4e43-bf8b-eb775b9352c8</id> |
215 <li>discussion forum</li> |
372 <text>refactoring/reformatting changesets should be separated from substantive changes</text> |
216 <li>don't push users to register at a proprietary social networks resp. at particular company like Facebook – users without such account must not be discriminated – use open and decentralized networks/protocols instead</li> |
373 </item> |
217 <li>Q&A tool + FAQ</li> |
374 |
218 <li>there should be a second-level internet domain for the project or its team</li> |
375 </chapter> |
219 <li>but don't buy an internet domain if you are not prepared to mainain it for decades – rather use third level domain under some reliable second level domain maintained by a credible group or person – think of that every expired domain helps spammers and scammers and hurts the users</li> |
376 |
220 <li>URLs should be as stable as possible (don't broke old links, set up redirections if needed)</li> |
377 <chapter> |
221 <li>the website must be independent and must contain everything needed – any content (JavaScripts, CSS, fonts, images etc.) downloaded from other domains must not be required to browse/use the website</li> |
378 <name>Reproducible builds</name> |
222 <li>authors should publish their public keys (GnuPG/OpenPGP or X.509)</li> |
379 <id>da6436f7-c352-4d52-915b-02d0d1880e40</id> |
223 <li>crpyptographically secured e-mail address or web form for receiving security vulnerabilities report</li> |
380 <item> |
224 <li>every security incident must be clearly documented and investigated – don't obscure it</li> |
381 <id>e5154815-eeae-4664-8883-a29a64eea325</id> |
225 </ul> |
382 <text>builds should be reproducible: same code/version → same binary package</text> |
226 |
383 </item> |
227 <h2>Accept contributions</h2> |
384 <item> |
228 <ul> |
385 <id>a3b0c164-4dde-4e33-b3be-5478d2a187e2</id> |
229 <li>good quality code contributions with appropriate copyright and patent licenses or assignments should be accepted from anyone</li> |
386 <text>if not, it should be documented, why and how build products mihgt differ, and there should be plan/task to make it reproducible</text> |
230 <li>the <em>good quality code</em> is defined by the project and might involve code style, idioms, design patterns, software architecture, required tests, documentation etc.</li> |
387 </item> |
231 <li>such requirements and rules should be available to the contributor before he begins; however (especially smaller) projects might communicate such code quality requirements and provide consultations and guidance during the contribution</li> |
388 |
232 <li>in order to contribute, it must not be required: |
389 </chapter> |
233 <ul> |
390 |
234 <li>to have an account on any particular third party service like particular e-mail or hosting provider</li> |
391 <chapter> |
235 <li>to sign a contract (which includes accepting <em>Terms and conditions</em>) with any particular third party (e.g. source code hosting provider)</li> |
392 <name>Trustworthy packages and sources</name> |
236 <li>to sign any political, religious or other proclamation or agree with it</li> |
393 <id>e7ded437-aaa2-475a-9754-0b2d89394b24</id> |
237 </ul> |
394 <item> |
238 </li> |
395 <id>a0d9322c-7d2b-4632-b543-7e0d75bb5f0b</id> |
239 <li>in order to contribute, it might be required: |
396 <text>every released version (binary or source) is cryptographically signed by the authors (GnuPG/OpenPGP is strongly recommended)</text> |
240 <ul> |
397 </item> |
241 <li>to have an e-mail address (but not at particular domain)</li> |
398 <item> |
242 <li>to assign the copyright to the project and grant a free license for all patents relevant to the contribution</li> |
399 <id>ff33e209-0460-4a43-997f-d6b32b73997b</id> |
243 </ul> |
400 <text>if HTTP is supported, HTTPS should also be – the attacker/eavesdropper should not even know what software/package/update is downloaded by the user</text> |
244 </li> |
401 </item> |
245 <li>the project should record all accepted contributions and maintain a public list of all authors/contributors</li> |
402 <item> |
246 <li>the contributor must not loose the right to use or distribute the contributed code under any license (of his choice)</li> |
403 <id>c1f83b3a-e564-4483-91de-9c08723efd13</id> |
247 </ul> |
404 <text>the attacker should not be able to suppress updates – the program must not be silent in such case and must warn the user that something possibly nasty and dangerous is happening </text> |
248 |
405 </item> |
249 <h2>Open development – has public:</h2> |
406 <item> |
250 <ul> |
407 <id>c6a755c9-a54e-4ffb-8f70-bfbd851b93c5</id> |
251 <li>source code repository (versioning system), not just source code releases</li> |
408 <text>releases should be downloadable also (or exclusively) over BitTorrent or other P2P network</text> |
252 <li>description of the process of accepting external patches</li> |
409 </item> |
253 <li>feature/bug tracking system</li> |
410 <item> |
254 <li>roadmap of future releases</li> |
411 <id>feb97ec0-c35c-49b8-b455-517a929b4a84</id> |
255 <li>plan of supported versions/branches</li> |
412 <text>there should be also checksums/hashes for every package</text> |
256 <li>every release/version/branch must clearly declare the status (alpha, beta, prototype, stable, retired, deprecated…)</li> |
413 </item> |
257 </ul> |
414 <item> |
258 |
415 <id>f9275c3c-2b09-4aec-ac28-76ff827d52ce</id> |
259 |
416 <text>source code repository is accessible through an encrypted connection</text> |
260 </body> |
417 </item> |
261 </html> |
418 |
|
419 </chapter> |
|
420 |
|
421 <chapter> |
|
422 <name>Network interactions</name> |
|
423 <id>d3edb71b-8668-4290-a669-19694956e3aa</id> |
|
424 <item> |
|
425 <id>c967092e-09e9-4c68-90bf-aa8cb441f7dc</id> |
|
426 <text>no network connection is needed during build – build must be possible completely offline, all dependencies must be downloadable and documented including secure hashes or better cryptographic signatures</text> |
|
427 </item> |
|
428 <item> |
|
429 <id>b5515d33-1531-4361-8baf-a99ca461e763</id> |
|
430 <text>if dependencies are optionally automatically downloaded during/before build, the packaging system must cryptographically verify that that they are undamaged</text> |
|
431 </item> |
|
432 <item> |
|
433 <id>f700413a-fde1-460c-8633-76985e98007c</id> |
|
434 <text>avoid unwanted network interactions during runtime – no „call home“ or update-checks without user's explicit consent</text> |
|
435 </item> |
|
436 <item> |
|
437 <id>f55c2ebd-c3ba-44f7-ae92-06f679780ec7</id> |
|
438 <text>if any network connection is used, it must be cryptographically secured against MITM attacks</text> |
|
439 </item> |
|
440 |
|
441 </chapter> |
|
442 |
|
443 <chapter> |
|
444 <name>Localized/internationalized</name> |
|
445 <id>fa655b7c-f22d-4b98-ab7b-c0d0f608aad8</id> |
|
446 <item> |
|
447 <id>ad2f572b-497b-4523-b435-f9752fd1518a</id> |
|
448 <text>is is strongly recommended that it should be possible to localize the user interface independently from the original author by writing a language pack</text> |
|
449 </item> |
|
450 <item> |
|
451 <id>c3827486-6bf5-45c0-9a6d-61ad659d8ba1</id> |
|
452 <text>GNU Gettext or other standard framework (like Java resource bundles) should be used</text> |
|
453 </item> |
|
454 <item> |
|
455 <id>a57f4fc8-1f64-46e2-a91d-3a598c37f2e9</id> |
|
456 <text>error messages should have assigned unique error codes, so it is possible to find relevant information regardless current locale</text> |
|
457 </item> |
|
458 <!-- GEC is recommended for such unique error identifiers --> |
|
459 <item> |
|
460 <id>eba92867-5c1b-45b6-943a-a3fa6ea67e38</id> |
|
461 <text>data formats and protocols must be language/locale independent</text> |
|
462 <item> |
|
463 <id>fee73fee-4940-47ac-84b6-15646f5f61c7</id> |
|
464 <text>e.g. use decimal point instead of comma and no thousand separators for numbers, use standardized date formats</text> |
|
465 </item> |
|
466 <item> |
|
467 <id>f1a00487-ed89-4443-99b5-63ab4c635690</id> |
|
468 <text>in general: everything that is expected to be machine-readable or machine-generated must be independent from current locale</text> |
|
469 </item> |
|
470 </item> |
|
471 <item> |
|
472 <id>e6603e06-0b2c-439e-82ce-45f9744b2ef8</id> |
|
473 <text>character encoding:</text> |
|
474 <item> |
|
475 <id>abd42a7f-bd4b-4034-98ee-85a33094b5c1</id> |
|
476 <text>always be aware of it, don't just blindly use current platform's default (because the other side might run on different platform with different default)</text> |
|
477 </item> |
|
478 <item> |
|
479 <id>abd48eae-d287-4729-80ee-52dd018b0ba7</id> |
|
480 <text>if given software/format/protocol has some default encoding, it must be clearly defined in its specification and this default should not be changed without changing the major version number</text> |
|
481 </item> |
|
482 <item> |
|
483 <id>c9f4d9f4-f959-48ad-bc68-6720dd4596e3</id> |
|
484 <text>if there is no default, the encoding must be specified in the metadata attached (e.g. protocol headers, extended attributes on filesystem) to the actual data or at least at the begining of the data (like declaration in XML format)</text> |
|
485 </item> |
|
486 </item> |
|
487 <item> |
|
488 <id>ce45c382-6ec5-41e8-869a-a0e758621b13</id> |
|
489 <text>the metric system should be used as default</text> |
|
490 </item> |
|
491 |
|
492 </chapter> |
|
493 |
|
494 <chapter> |
|
495 <name>Communication channels</name> |
|
496 <id>a931dcbb-8043-4e21-838f-8e8122bb8af3</id> |
|
497 <item> |
|
498 <id>fff90688-907e-48eb-a48a-2ae6d6b42f0a</id> |
|
499 <text>use RSS/Atom or other machine readable format for:</text> |
|
500 <item> |
|
501 <id>ce9ffd67-627b-4067-ae34-f56ffbcac972</id> |
|
502 <text>security announcements</text> |
|
503 </item> |
|
504 <item> |
|
505 <id>f4c0b757-1fee-4d6d-8b30-808b4787fb5e</id> |
|
506 <text>new version announcements</text> |
|
507 </item> |
|
508 <item> |
|
509 <id>b17dbc84-4119-4706-acd8-61421a384246</id> |
|
510 <text>infrastructure outage announcements</text> |
|
511 </item> |
|
512 <item> |
|
513 <id>f3063520-5e7a-4aa0-95f6-505775556120</id> |
|
514 <text>blog, documentation, how-tos etc.</text> |
|
515 </item> |
|
516 <item> |
|
517 <id>e2434bd6-c838-479a-a636-f277003ebe7c</id> |
|
518 <text>AFK events (conferences, meetings, hackatons etc.), for calendar data iCal format is strongly recommended</text> |
|
519 </item> |
|
520 </item> |
|
521 <item> |
|
522 <id>e8b18e02-d7b2-4584-8eee-dbaf823f6800</id> |
|
523 <text>mailing list</text> |
|
524 </item> |
|
525 <item> |
|
526 <id>a35328fe-a177-4d6a-a3d2-2cc8fa0cb6f7</id> |
|
527 <text>e-mail/SMTP</text> |
|
528 <item> |
|
529 <id>f40e9a23-b2ca-4052-949e-f4358844f5a2</id> |
|
530 <text>use TLS</text> |
|
531 </item> |
|
532 <item> |
|
533 <id>bc444281-5c76-43a9-b5ef-46306cbb2bf9</id> |
|
534 <text>use DKIM/ADSP</text> |
|
535 </item> |
|
536 <item> |
|
537 <id>a2852409-806f-480c-8700-141ace86f322</id> |
|
538 <text>use signed and encrypted messages (GnuPG or X.509)</text> |
|
539 </item> |
|
540 <item> |
|
541 <id>da2b84bd-a20d-4e76-af14-740a7c9ccfb3</id> |
|
542 <text>avoid spam and viruses, don't spam the users, don't push them to subscribe your „newsletter“ – always offer also anonymous channel like RSS/Atom</text> |
|
543 </item> |
|
544 </item> |
|
545 <item> |
|
546 <id>ec4c92b6-83e5-4051-9aef-fa7d02e292b8</id> |
|
547 <text>Jabber MUC or IRC</text> |
|
548 </item> |
|
549 <item> |
|
550 <id>f50d17bd-701f-45f9-aae4-86bfcf34cd7c</id> |
|
551 <text>discussion forum</text> |
|
552 </item> |
|
553 <item> |
|
554 <id>e746eb5b-8d8b-4ec8-9315-a311f35e156a</id> |
|
555 <text>don't push users to register at a proprietary social networks resp. at particular company like Facebook – users without such account must not be discriminated – use open and decentralized networks/protocols instead</text> |
|
556 </item> |
|
557 <item> |
|
558 <id>a1a3c037-37e3-4283-abab-e275f7d17442</id> |
|
559 <text>Q&A tool + FAQ</text> |
|
560 </item> |
|
561 <item> |
|
562 <id>ff537045-819e-4dec-a020-d2c9f2c3292b</id> |
|
563 <text>there should be a second-level internet domain for the project or its team</text> |
|
564 </item> |
|
565 <item> |
|
566 <id>b54d4978-974b-4743-bdba-7d4957bc9ba7</id> |
|
567 <text>but don't buy an internet domain if you are not prepared to mainain it for decades – rather use third level domain under some reliable second level domain maintained by a credible group or person – think of that every expired domain helps spammers and scammers and hurts the users</text> |
|
568 </item> |
|
569 <item> |
|
570 <id>a1141312-5177-4d68-bb14-fce952d542c3</id> |
|
571 <text>URLs should be as stable as possible (don't break old links, set up redirections if needed)</text> |
|
572 </item> |
|
573 <item> |
|
574 <id>c5b6d3d7-2f1f-4371-acfa-d6af1588c2cb</id> |
|
575 <text>the website must be independent and must contain everything needed – any content (JavaScripts, CSS, fonts, images etc.) downloaded from other domains must not be required to browse/use the website</text> |
|
576 </item> |
|
577 <item> |
|
578 <id>c1d9052d-dfe5-4fce-a82c-d618dc4689fa</id> |
|
579 <text>authors should publish their public keys (GnuPG/OpenPGP or X.509)</text> |
|
580 </item> |
|
581 <item> |
|
582 <id>c89e8699-574c-4b28-9f65-6284d6051f68</id> |
|
583 <text>crpyptographically secured e-mail address or web form for receiving security vulnerabilities report</text> |
|
584 </item> |
|
585 <item> |
|
586 <id>b6cf8d5f-0fc9-46f7-8e38-8342a1229037</id> |
|
587 <text>every security incident must be clearly documented and investigated – don't obscure it</text> |
|
588 </item> |
|
589 |
|
590 </chapter> |
|
591 |
|
592 <chapter> |
|
593 <name>Accept contributions</name> |
|
594 <id>eae0f528-a5ce-4809-a25d-9f9ab6311f3d</id> |
|
595 <item> |
|
596 <id>efae935b-fef1-4bbd-a2c5-e12048524e35</id> |
|
597 <text>good quality code contributions with appropriate copyright and patent licenses or assignments should be accepted from anyone</text> |
|
598 </item> |
|
599 <item> |
|
600 <id>ea429f77-44db-4eb4-9925-0d28f9abf47a</id> |
|
601 <text>the „good quality code“ is defined by the project and might involve code style, idioms, design patterns, software architecture, required tests, documentation etc.</text> |
|
602 </item> |
|
603 <item> |
|
604 <id>b0022cea-4caf-4663-ae24-5fc5da31333b</id> |
|
605 <text>such requirements and rules should be available to the contributor before he begins; however (especially smaller) projects might communicate such code quality requirements and provide consultations and guidance during the contribution</text> |
|
606 </item> |
|
607 <item> |
|
608 <id>ea4a8d23-b2df-42eb-84ae-7687d35838c8</id> |
|
609 <text>in order to contribute, it must not be required:</text> |
|
610 <item> |
|
611 <id>da7dabf6-f2d8-43bc-8121-6e4527eaa691</id> |
|
612 <text>to have an account on any particular third party service like particular e-mail or hosting provider</text> |
|
613 </item> |
|
614 <item> |
|
615 <id>dfd6a77f-7c4a-430a-8199-8ea71ec7ee8c</id> |
|
616 <text>to sign a contract (which includes accepting „Terms and conditions“) with any particular third party (e.g. source code hosting provider)</text> |
|
617 </item> |
|
618 <item> |
|
619 <id>af6a589f-d419-483f-b7b2-07b6e9da3924</id> |
|
620 <text>to sign any political, religious or other proclamation or agree with it</text> |
|
621 </item> |
|
622 </item> |
|
623 <item> |
|
624 <id>b4319392-8d6a-4f07-8a94-7ae2ed97c787</id> |
|
625 <text>in order to contribute, it might be required:</text> |
|
626 <item> |
|
627 <id>f9f52f2f-b057-4a2f-9131-682fac54c853</id> |
|
628 <text>to have an e-mail address (but not at particular domain)</text> |
|
629 </item> |
|
630 <item> |
|
631 <id>ef9e64cc-90b0-4002-ab5a-a1135332c7fe</id> |
|
632 <text>or use similar decentralized technology which has open standard and free software implementations</text> |
|
633 </item> |
|
634 <item> |
|
635 <id>d7a94eba-efd6-471f-9c32-6ee9d3b8ab29</id> |
|
636 <text>to assign the copyright to the project and grant a free license for all patents relevant to the contribution</text> |
|
637 </item> |
|
638 </item> |
|
639 <item> |
|
640 <id>e394c792-8294-4f15-a356-89cd0a7aa255</id> |
|
641 <text>the project should record all accepted contributions and maintain a public list of all authors/contributors</text> |
|
642 </item> |
|
643 <item> |
|
644 <id>b5a128a2-31d9-49df-890c-59a770f7afa9</id> |
|
645 <text>the contributor must not loose the right to use or distribute the contributed code under any license (of his choice)</text> |
|
646 </item> |
|
647 |
|
648 </chapter> |
|
649 |
|
650 <chapter> |
|
651 <name>Open development – has public:</name> |
|
652 <id>b704bc25-d3c1-4481-98bf-54455c507f37</id> |
|
653 <item> |
|
654 <id>fed07648-106a-4b7c-9026-509c82109448</id> |
|
655 <text>source code repository (versioning system), not just source code snapshots of released versions</text> |
|
656 </item> |
|
657 <item> |
|
658 <id>d9934675-abbd-418f-abf6-dfeaaea6a544</id> |
|
659 <text>description of the process of accepting external patches</text> |
|
660 </item> |
|
661 <item> |
|
662 <id>e6d2175a-97ff-4fd5-9bc1-a3914c6dd719</id> |
|
663 <text>feature/bug tracking system</text> |
|
664 </item> |
|
665 <item> |
|
666 <id>d3fb6917-75b2-4243-adbb-0d1c93d14883</id> |
|
667 <text>roadmap of future releases</text> |
|
668 </item> |
|
669 <item> |
|
670 <id>ae430fee-4850-453f-9382-282d7eed27a4</id> |
|
671 <text>plan of supported versions/branches</text> |
|
672 </item> |
|
673 <item> |
|
674 <id>fbe9e5d0-17b8-43e3-9e00-7660eb4833e5</id> |
|
675 <text>every release/version/branch must clearly declare the status (alpha, beta, prototype, stable, retired, deprecated…)</text> |
|
676 </item> |
|
677 |
|
678 </chapter> |
|
679 |
|
680 </manifesto> |