# HG changeset patch # User František Kučera # Date 1570097030 -7200 # Node ID 7e665331bc3203a1adb0903ae59baa26bd35add5 # Parent dc35b4c01ade7bc21c3a388be077a8986abfebd6 item classification: requirement, recommendation, information Can be highlighted using this custom CSS: li.requirement { color: red; } li.recommendation { color: blue; } li.information { color: green; } diff -r dc35b4c01ade -r 7e665331bc32 Makefile --- a/Makefile Wed Oct 02 23:31:57 2019 +0200 +++ b/Makefile Thu Oct 03 12:03:50 2019 +0200 @@ -46,14 +46,23 @@ scp build/* globalcode.info:/var/www/sane-software.globalcode.info/v_0/ -# Prints a table with number of items in particular chapters: -statistics: +build/statistics.rp: text/ssm.en.xml + mkdir -p build cat text/ssm.en.xml \ | relpipe-in-xmltable \ --namespace "m" "tag:globalcode.info,2019:sane-software/manifesto" \ --relation "chapter" \ --records "//m:chapter" \ --attribute "name" string "m:name" \ - --attribute "item_count" integer "count(descendant::m:item)" \ - | relpipe-out-tabular -# try also relpipe-out-gui to get the chart + --attribute "requirements" integer "count(descendant::m:item[m:type='requirement'])" \ + --attribute "recommendations" integer "count(descendant::m:item[m:type='recommendation'])" \ + --attribute "informations" integer "count(descendant::m:item[m:type='information'])" \ + --attribute "items_total" integer "count(descendant::m:item)" \ + > build/statistics.rp + +# Prints a table with number of items in particular chapters: +statistics: build/statistics.rp + cat build/statistics.rp | relpipe-out-tabular + +statistics-chart: build/statistics.rp + cat build/statistics.rp | relpipe-tr-cut ".*" "(name|.*s)" | relpipe-out-gui -title "Sane Software Manifesto – chart of rule types" diff -r dc35b4c01ade -r 7e665331bc32 schema/ssm.xsd --- a/schema/ssm.xsd Wed Oct 02 23:31:57 2019 +0200 +++ b/schema/ssm.xsd Thu Oct 03 12:03:50 2019 +0200 @@ -56,6 +56,7 @@ + @@ -63,6 +64,32 @@ + + + + + + strict requirement that must be followed in order to call the software Sane + + + + + + + recommendation that should be followed in order to call the software Sane, but might be neglected if there is a good reason to do so + + + + + + + additional information which supplements the requirements and recommendations or clarifies the purpose of the chapter + + + + + + diff -r dc35b4c01ade -r 7e665331bc32 templates/ssm.xhtml.xsl --- a/templates/ssm.xhtml.xsl Wed Oct 02 23:31:57 2019 +0200 +++ b/templates/ssm.xhtml.xsl Thu Oct 03 12:03:50 2019 +0200 @@ -89,7 +89,7 @@ -

# diff -r dc35b4c01ade -r 7e665331bc32 text/ssm.en.xml --- a/text/ssm.en.xml Wed Oct 02 23:31:57 2019 +0200 +++ b/text/ssm.en.xml Thu Oct 03 12:03:50 2019 +0200 @@ -23,6 +23,7 @@ ca4d0f6c-9996-49ac-8647-b7f15b049b03 a755410b-6264-4094-b339-aeca55448e8d + requirement Every piece of Sane software is also Free software (as originally defined by Richard Stallman). Which means that the user has freedom to run the program for any purpose, @@ -45,10 +46,12 @@ b7cd1a50-79eb-4df2-925c-7243a46d5ed8 + information The user controls his computer and software and owns the data. Not the author of the software or anyone else without user's explicit consent. c78a9796-7862-4dd2-8ad9-3fdae094fe2c + requirement Must be buildable using free software toolchain (like GNU/Linux + GCC or OpenJDK etc.). https://www.gnu.org/prep/maintain/maintain.html#Ethical-and-Philosophical-Consideration @@ -61,6 +64,7 @@ b3c0daaf-dcaf-49a8-ae38-40590456a315 + requirement Must not promote non-free (proprietary) software or services. https://www.gnu.org/prep/standards/standards.html#References @@ -71,11 +75,12 @@ b2fd5d2d-4d47-48e8-8abc-4b1aa94a7951 + recommendation Copyleft licenses (like GNU GPL or GNU Affero GPL) are strongly recommended because they guarantee software freedoms to every single end-user and prevent possibility that freedom vanishes somewhere in the distribution chain and the user can not benefit from the free software albeit the software is build on originally free source code. c3599313-338b-428d-885f-964a443d76c6 - + requirement The license must be compatible with GNU GPLv3 in order to allow mixing with the GPL code. The only exception is older software (created before this manifesto i.e. 2019) which is unable to change the license due to the copyright owned by many authors who can not be reached anymore and who can not provide approval with the license upgrade. @@ -85,6 +90,7 @@ f39b90ae-0054-467e-a9e2-43379b7c2331 + requirement If the software is distributed with a hardware, the hardware must support installation of independently built software without any restrictions or requirements (e.g. digital signature from the original author). @@ -94,6 +100,7 @@ e1c828c5-0a4f-4948-9943-db1ae16a42d5 c63ea2ac-c255-4f3e-a0e2-b49d1e145347 + requirement At least basic documentation must be released under a free license (GNU FDL is recommended). https://www.gnu.org/prep/standards/standards.html#License-for-Manuals @@ -104,10 +111,12 @@ fd8e3bbd-d46a-40fe-85a6-b902336456d4 + requirement Every advertised feature must be properly documented. Undocumented features can not be considered as features from the user/customer point-of-view. e4dede5b-059e-4e47-b03d-80142b8467f1 + information There might be also other documentation/books released under any license and price. https://www.gnu.org/prep/standards/standards.html#Reading-other-Manuals @@ -119,6 +128,7 @@ c0df4d14-43f8-4b61-83c4-fb5896161aeb + requirement But average software engineer must be able to build and operate the software with just the free (basic) documentation. https://www.gnu.org/prep/standards/standards.html#Configuration @@ -129,9 +139,11 @@ e6cd9c52-0e66-402c-930c-901fa66acd22 + requirement There must be a free documentation with description of building and running the software on a fresh operating system installation including description of all dependencies. @@ -142,6 +154,7 @@ aa8bd952-842b-4391-aefe-d9b3750e432d a8beddfc-11e3-4012-9f88-f79dc88eee16 + requirement Semantic versioning is required. The version number consists of three numbers: major.minor.pach. Major version is incremented if there is an incompatible change. @@ -164,33 +177,40 @@ cf557a11-b307-4c2f-a7b5-5d2485d23258 + requirement Once publicly released, the package must not be changed anymore – if a change (even a small fix) is needed, new version number must be assigned. dd013325-bf22-43d3-9579-0e272e2ac344 + information APIs, file formats and protocols might (and usually should) be semantically versioned independently from the implementation. In such case, there should be a table documenting which API/format/protocol version matches which implementation version. dacb98cc-b558-4f0e-942d-e12004e45606 + recommendation The branching model in the version control system should reflect the semantic versioning. The released version e.g. 2.3.1 should be tagged as v2.3.1 and be placed in the v_2.3 branch. Where the v_2.3 branch was forked from the v_2 branch – from the v2.3 tag. ae33d206-4988-44ec-b8e2-3120019fcf2f + recommendation Do not remove features unless they are really obsolete, unused or irreparably broken. c542336a-fce8-412c-a8dd-1328c1a884ec + information The user interface might be simplified or redesigned while preserving the features under the hood. ba8fecf0-5c02-4fdf-abdc-2650d428f82a + requirement Incompatible changes must be planned and announced in advance. f4826891-e732-45e8-b929-25d1182fa141 + requirement Upgrade scripts and upgrade documentation must be provided. @@ -200,23 +220,28 @@ d34ce339-197c-44ee-9e5c-6d7e212f8c10 be4c72d1-c494-4c44-aeb4-c5847f5a3524 + recommendation Open standards (protocols, formats) should be used if they exist. b2202690-8a6c-467f-a2b1-b154f470aa77 + requirement Already existing open protocol/format must not be modified or extended in a way which effectively creates a proprietary protocol/format. dd206223-9525-4229-be2b-84b07c2b8244 + information New open standards (specifications) should be defined and published if needed. Such standards must be semantically versioned. d341b78e-15b9-4077-8b48-9e54c93391ac + recommendation And they should be written in machine readable format (e.g. WSDL, WADL, ASN.1, XSD, Diameter dictionary, D-Bus) or at least formal language (Backus–Naur Form, EBNF etc.) d61b3e31-bb9f-4333-87c8-9fb32f33a49d + recommendation Also configuration should have machine readable description and the user should be able to test it by executing a command (validator). @@ -226,16 +251,19 @@ c56e7e86-e480-4a5d-8a47-ab155dcd59b1 e50424e8-94f3-48aa-bf01-0ba984eb2349 + requirement Larger and multi-purpose software must be divided into smaller modules. e752efae-75c9-4620-aa14-65c4949a3609 + requirement The modules must have defined dependencies (less = better). Dependencies needed to write an extension/module (i.e. header files, API classes/interfaces) should be as small as possible (do not require large codebase to write a mere plug-in). The required dependency should contain just interfaces (method/function signatures) and data structures but no implementation (executable code). e9988ed0-d686-41a0-9f1e-3243ac5235d5 + recommendation Particular modules should be compilable and executable (installable) independently. It should not be necessary to recompile the core and other modules if only one module is changed. Whole system should be compilable (buildable) with only selected modules – must not require compilation or even distribution of all modules, if they are not necessary. @@ -243,6 +271,7 @@ a7bc51ba-9832-4f75-983c-e75dc0801113 + information Another good ways to extend and customize the software are: configuration (XML, INI, RegExp, SQL, XSLT, XPath etc.) and scripting (Guile, Bash, Python, Lua, ECMA Script etc.) @@ -268,18 +297,22 @@ a0376231-d53e-45fd-826f-47148721de3d d95dc118-7473-4f18-8b9e-35830a87b269 + recommendation there should be automated build-time complex tests for the package – feed the program with sample input and verify expected output a9f6725d-ddf1-41ee-96b4-15f3b851cb50 + recommendation there should be also automated runtime/postinstall tests – in order to verify that software was installed properly, all required dependencies are met and basic function is guaranteed – the program should report problem during its start (as a warning if it is not fatal), instead of unexpected failures during operation d610c04b-cc44-48c7-b069-f41b90bdef0f + recommendation unit tests are recommended for code parts that are internally complex (algorithms, important business logic) and have simple interfaces e85baeda-8fcb-42d1-bb53-d7386a941ae7 + recommendation each external interface should contain procedure/function that does nothing important or heavy, is idempotent and returns simple response which proves that the interface (connection) is working (e.g. echo, print version, status or current time); if authentication and authorization mechanisms are present, there should be one procedure/function callable anonymously and one that requires authorization @@ -289,18 +322,22 @@ f3afbaf2-0933-43d2-aed0-8dc568b9429f a96206c9-3e69-483d-b575-6bab9dec4a30 + requirement correctness, safety and readability is preferred to performance d8eba0dd-4305-44b9-80ea-4c38b6dfa633 + recommendation use strong data typing, declare preconditions and possible exceptions ebea0c16-f820-444d-a73c-3054ca6a38c8 + requirement data structures must be known and well documented – do not use undocumented map keys or properties e24e600e-6542-4664-8cf0-2d8c6feb6c13 + recommendation code, comments and specification should be written in the same natural language https://www.gnu.org/prep/standards/standards.html#Comments @@ -311,10 +348,12 @@ fa92aa33-a69f-43b8-9051-9bfdcd3d293f + recommendation there should be a dictionary of used terms, so whole team and also users and customers will speak the same language b9345a0e-c672-45d3-b93b-8d0fb4ece8b3 + recommendation fail fast – errors in the code should be reported during build time or at least on first execution – do not silently continue if given error would lead to failure later in another part of the code – bad weak coupling leads to difficult debugging @@ -324,14 +363,17 @@ ba8fbf3a-9254-4dd8-bb77-b0cd4907c6aa f5389468-2f8a-43c8-884a-8df6bc844453 + recommendation less LOC (resp. cyclomatic complexity) = better b6b6c838-be6d-43d5-9f99-2098fa217c54 + recommendation reduce boilerplate and unused code b07fe0f0-2be7-4c1c-9b19-b671269c5e58 + recommendation use code generators (during build process, not to generate code to be manually edited and versioned) https://www.gnu.org/prep/standards/standards.html#Releases @@ -347,42 +389,52 @@ afd8f6c7-8dac-4a83-a101-64f017ec7ada c2d5a677-a721-40e3-b560-73afe76fe2b0 + recommendation avoid NIH and reuse code but also avoid dependency hell d214987c-881c-450b-8544-82141866f541 + requirement know your dependencies, know why they are required c8402612-e136-43b5-9209-f9800d2e94da + recommendation reduce dependencies to only necessary ones cbeb9a6b-7b64-4452-8caf-246c082a853d + recommendation depend on small and useful libraries – not on bulky application packages or libraries with large transitive dependencies cbaf55be-8ffb-4109-9c83-083d1b3e793a + requirement if dependency on bulky application package is inevitable, add a layer of abstraction – create a generic interface and connector and allow others to replace the bulky package with their own sane implementation d7655989-a5e4-4123-9147-3782fc05a5ee + recommendation helper tools: a5307bc9-36ed-4d83-963a-30c5c67613aa + recommendation if you e.g. use Bash and Perl during the build process, do not add also Python dependency, write it in Perl – or use Python instead of Perl. b0237d84-7068-4b2b-bc28-ce5e0a0061e4 + recommendation Or if you use Java as your main language, consider not using Python/Perl for scripting and use Java for it a0f42ec9-5032-4f6d-a50a-4b7bddde77f0 + requirement if possible, always depend on abstract interfaces, not on particular implementations c5974dcd-4855-40c5-ad22-894c128ca1dc + recommendation from the whole system point-of-view, Bootstrappable builds should be taken into account http://bootstrappable.org/ @@ -397,14 +449,18 @@ fb0c484b-d97a-4cb4-9b8f-04d386ef0f54 aeef6a5c-bafc-4fcf-9b21-5829e8a44c5e + recommendation small code footprint and minimal dependencies makes it easy to do security audit ab69d352-da68-40c2-a3e1-a8fd5c41ad0a + recommendation avoid ungrounded refactoring and reformatting – they make mess and noise in the version control system and impede the audit + This rule is classified as a recommendation only because of the fact that past mistakes usually can not be reverted, which would disqualify the software forever. However it should be normally considered to be a requirement. e4db77b8-f145-4e43-bf8b-eb775b9352c8 + information refactoring/reformatting changesets should be separated from substantive changes @@ -414,10 +470,12 @@ da6436f7-c352-4d52-915b-02d0d1880e40 e5154815-eeae-4664-8883-a29a64eea325 + recommendation builds should be reproducible: same code/version → same binary package a3b0c164-4dde-4e33-b3be-5478d2a187e2 + requirement if not, it should be documented, why and how build products might differ, and there should be plan/task to make it reproducible @@ -427,26 +485,32 @@ e7ded437-aaa2-475a-9754-0b2d89394b24 a0d9322c-7d2b-4632-b543-7e0d75bb5f0b + requirement every released version (binary or source) must be cryptographically signed by the authors (GnuPG/OpenPGP is strongly recommended) feb97ec0-c35c-49b8-b455-517a929b4a84 + recommendation there should be also checksums/hashes for every released package ff33e209-0460-4a43-997f-d6b32b73997b + recommendation if HTTP is supported, HTTPS should also be – the attacker/eavesdropper should not even know what software/package/update is downloaded by the user c1f83b3a-e564-4483-91de-9c08723efd13 + recommendation the attacker should not be able to suppress updates – the program must not be silent in such case and must warn the user that something possibly nasty and dangerous is happening c6a755c9-a54e-4ffb-8f70-bfbd851b93c5 + recommendation releases should be downloadable also (or exclusively) over BitTorrent or other P2P network f9275c3c-2b09-4aec-ac28-76ff827d52ce + requirement source code repository must be accessible through an encrypted connection @@ -456,22 +520,26 @@ d3edb71b-8668-4290-a669-19694956e3aa c967092e-09e9-4c68-90bf-aa8cb441f7dc + requirement Network connectivity must not be required during build – the build must be possible completely offline. All dependencies must be downloadable and documented including secure hashes or preferably cryptographic signatures. It should be straightforward to collect all dependencies transfer them in space or time and build the software (e.g. on another computer or in next decade). b5515d33-1531-4361-8baf-a99ca461e763 + requirement If dependencies are optionally automatically downloaded during or before build, the packaging system must cryptographically verify that that they are undamaged. So it should not be possible to endanger the user by MITM attack. f700413a-fde1-460c-8633-76985e98007c + requirement Avoid unwanted network interactions during runtime. There must be no „call home“ or update-checks without user's explicit consent. f55c2ebd-c3ba-44f7-ae92-06f679780ec7 + requirement If any network connection is used, it must be by default cryptographically secured against MITM attacks. It might be possible to disable the encryption on user's explicit request (in order to get better performance on a trusted private network). For debugging and testing purposes it is better to allow dumping the private/session keys rather than disabling the encryption. @@ -484,6 +552,7 @@ fa655b7c-f22d-4b98-ab7b-c0d0f608aad8 e56aad13-f68e-47ea-8b88-65fee6b5331a + requirement Any software with nontrivial user interface must be internationalized which means that it allows localization (translation of the UI to national languages and other customization to national conventions). @@ -495,10 +564,12 @@ ad2f572b-497b-4523-b435-f9752fd1518a + recommendation It should be possible to localize the user interface independently from the original author by creating an additionally installable language pack. c3827486-6bf5-45c0-9a6d-61ad659d8ba1 + recommendation GNU Gettext or other standard framework (like Java resource bundles) should be used. https://www.gnu.org/prep/standards/standards.html#Internationalization @@ -509,40 +580,51 @@ a57f4fc8-1f64-46e2-a91d-3a598c37f2e9 + recommendation Error messages should have assigned unique error codes, so it is possible to find relevant information regardless the current locale. eba92867-5c1b-45b6-943a-a3fa6ea67e38 + requirement Data formats and protocols must be language/locale independent. fee73fee-4940-47ac-84b6-15646f5f61c7 + requirement e.g. use decimal point instead of comma and no thousand separators for numbers, use standardized date formats f1a00487-ed89-4443-99b5-63ab4c635690 + requirement in general: everything that is expected to be machine-readable or machine-generated must be independent from the current locale e6603e06-0b2c-439e-82ce-45f9744b2ef8 + requirement Character encoding: abd42a7f-bd4b-4034-98ee-85a33094b5c1 + recommendation + The software should always be aware of it and do not just blindly use current platform's default. The other side might run on different platform with different default. Or a file might be opened later on different platform. abd48eae-d287-4729-80ee-52dd018b0ba7 + requirement If given software/format/protocol has some default encoding, it must be clearly defined in its specification and this default must not be changed without changing the major version number. c9f4d9f4-f959-48ad-bc68-6720dd4596e3 + requirement If there is no default, the encoding must be specified in the metadata attached (e.g. protocol headers, extended attributes on filesystem) to the actual data or at least at the beginning of the data (like declaration in XML format). ce45c382-6ec5-41e8-869a-a0e758621b13 + recommendation + The metric system should be used as default. @@ -552,6 +634,7 @@ a931dcbb-8043-4e21-838f-8e8122bb8af3 fff90688-907e-48eb-a48a-2ae6d6b42f0a + recommendation Following information should be provided in RSS/Atom or other machine readable format: announcements (security, new versions, infrastructure outage), blog posts, tutorials @@ -560,6 +643,7 @@ e8b18e02-d7b2-4584-8eee-dbaf823f6800 + recommendation A mailing list (e-mail conference) or other equivalently open and decentralized technology should be used for the many-to-many communication. Having an „old school“ mailing list is not mandatory – it might be e.g. a P2P distributed technology or some self-hosted forum. @@ -570,6 +654,7 @@ e746eb5b-8d8b-4ec8-9315-a311f35e156a + requirement Users must not be pushed to register at a proprietary social networks resp. at particular providers of such services. Users without such account must not be disadvantaged – use open and decentralized networks/protocols instead. @@ -582,21 +667,25 @@ ff537045-819e-4dec-a020-d2c9f2c3292b + recommendation There should be a second-level internet domain for the project or its team. But do not buy an internet domain if you are not prepared to mainain it for decades – rather use third level domain under some reliable second level domain maintained by a credible group or person – think of that every expired domain helps spammers and scammers and hurts the users. a1141312-5177-4d68-bb14-fce952d542c3 + recommendation URLs should be as stable as possible – accessible in next decade. Do not break old links, set up redirections if needed. c5b6d3d7-2f1f-4371-acfa-d6af1588c2cb + requirement The website must be independent and must contain everything needed – any content (JavaScripts, CSS, fonts, images etc.) downloaded from other domains must not be required to browse/use the website. Embedded content from the third-party servers causes leaks of sensitive data (tracking of the users) and also denies decentralized nature of the internet. d5fbcc9e-a12c-44ce-909b-f514a579ab7e + requirement JavaScript or other code executed on client computers must be also free software with properly declared license. https://www.gnu.org/philosophy/javascript-trap.html @@ -612,6 +701,7 @@ e02c3fba-93f3-4f16-bd23-f49a203e40bc + recommendation The website should not require a modern complex browser for basic tasks like reading the documentation, downloading a release or submitting a bug report. Such tasks should be feasible even with simple text browsers (e.g. Lynx or Links2). Modern browsers consists of 20 or 25 millions lines of code. Requiring such complex software for basic tasks is not reasonable. @@ -624,12 +714,14 @@ c89e8699-574c-4b28-9f65-6284d6051f68 + requirement There must be a crpyptographically secured (GnuPG/OpenPGP or X.509) e-mail address or a secure web form for receiving security vulnerabilities reports. Particular authors should publish their public keys. Every security incident must be clearly documented and investigated – do not obscure it. fed07648-106a-4b7c-9026-509c82109448 + requirement Source code repository (versioning system) must be public. Do not publish just source code snapshots of released versions. https://www.gnu.org/prep/maintain/maintain.html#Old-Versions @@ -645,10 +737,12 @@ eae0f528-a5ce-4809-a25d-9f9ab6311f3d efae935b-fef1-4bbd-a2c5-e12048524e35 + recommendation Good quality code contributions with appropriate copyright and patent licenses or assignments should be accepted from anyone. ea429f77-44db-4eb4-9925-0d28f9abf47a + information The „good quality code“ is defined by the project and might involve code style, idioms, design patterns, software architecture, required tests, documentation etc. https://www.gnu.org/prep/maintain/maintain.html#Clean-Ups @@ -659,6 +753,7 @@ b0022cea-4caf-4663-ae24-5fc5da31333b + recommendation Such requirements and rules should be available to the contributor before he begins. However (especially smaller) projects might communicate such code quality requirements and provide consultations and guidance during the contribution. @@ -670,18 +765,22 @@ ea4a8d23-b2df-42eb-84ae-7687d35838c8 + requirement In order to contribute, it must not be required: The term „contribution“ includes not only source code (patch) but also bugreports, feature specifications, documentation, assets (graphics, music etc.) or similar artifacts. da7dabf6-f2d8-43bc-8121-6e4527eaa691 + requirement to have an account on any particular third party service like particular e-mail or hosting provider, dfd6a77f-7c4a-430a-8199-8ea71ec7ee8c + requirement to sign a contract (which includes accepting „Terms and conditions“) with any particular third party (e.g. source code hosting provider), af6a589f-d419-483f-b7b2-07b6e9da3924 + requirement to sign any political, religious or other proclamation or agree with it. https://www.gnu.org/prep/maintain/maintain.html#Other-Politics @@ -693,17 +792,21 @@ b4319392-8d6a-4f07-8a94-7ae2ed97c787 + information In order to contribute, it might be required: f9f52f2f-b057-4a2f-9131-682fac54c853 + information to have an e-mail address (but not at particular domain), ef9e64cc-90b0-4002-ab5a-a1135332c7fe + information or use similar decentralized technology which has open standard and free software implementations, d7a94eba-efd6-471f-9c32-6ee9d3b8ab29 + information to assign the copyright to the project and grant a free license for all patents relevant to the contribution. https://www.gnu.org/prep/maintain/maintain.html#Copyright-Papers @@ -715,6 +818,8 @@ e394c792-8294-4f15-a356-89cd0a7aa255 + recommendation + The project should record all accepted contributions and maintain a public list of all authors/contributors. https://www.gnu.org/prep/maintain/maintain.html#Recording-Contributors @@ -725,6 +830,7 @@ b5a128a2-31d9-49df-890c-59a770f7afa9 + requirement The contributor must not loose the right to use or distribute the contributed code under any license (of his choice).