--- a/.hgignore Sat Sep 21 16:51:06 2019 +0200
+++ b/.hgignore Sat Sep 21 19:40:43 2019 +0200
@@ -1,1 +1,1 @@
-ssm.*.xhtml
\ No newline at end of file
+build/*
--- a/Makefile Sat Sep 21 16:51:06 2019 +0200
+++ b/Makefile Sat Sep 21 19:40:43 2019 +0200
@@ -13,17 +13,26 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
+all: validate xhtml txt
+
validate:
- xmllint --noout --schema ssm.xsd ssm.en.xml
+ xmllint --noout --schema schema/ssm.xsd text/ssm.en.xml
+
xhtml:
- xsltproc --output ssm.en.xhtml --nonet ssm.xsl ssm.en.xml
+ mkdir -p build
+ xsltproc --output build/index.xhtml --nonet templates/ssm.xhtml.xsl text/ssm.en.xml
+ cp templates/*.css build
+
+# TODO: better line wrapping
+txt:
+ mkdir -p build
+ xsltproc --nonet templates/ssm.txt.xsl text/ssm.en.xml | fmt -w 74 -s | sed -E 's/( +)([^- ])/\1 \2/g' > build/ssm.en.txt
clean:
- rm -f ssm.en.xhtml
+ rm -rf build
publish:
- scp ssm.en.xhtml globalcode.info:/var/www/sane-software.globalcode.info/v_0/index.xhtml
- scp style.css globalcode.info:/var/www/sane-software.globalcode.info/v_0/
+ scp build/* globalcode.info:/var/www/sane-software.globalcode.info/v_0/
# Prints a table with number of items in particular chapters:
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/schema/ssm.xsd Sat Sep 21 19:40:43 2019 +0200
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Sane Software Manifesto helper tools
+ Copyright © 2019 František Kučera (Frantovo.cz, GlobalCode.info)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 3.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+-->
+<xs:schema xmlns="tag:globalcode.info,2019:sane-software/manifesto"
+ targetNamespace="tag:globalcode.info,2019:sane-software/manifesto"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="qualified"
+ attributeFormDefault="unqualified">
+
+ <xs:element name="manifesto" type="Manifesto"/>
+
+ <xs:complexType name="Manifesto">
+ <xs:sequence>
+ <xs:element name="title" type="xs:string"/>
+ <xs:element name="id" type="ID"/>
+ <xs:element name="preamble" type="xs:string"/>
+ <xs:element name="chapter" type="Chapter" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:simpleType name="ID">
+ <xs:annotation>
+ <xs:documentation>
+ UUID, but must start with a letter, to comply with XML ID rules;
+ use e.g. uuidgen | grep ^[a-f];
+ Never reuse the ID if one chapter/item is removed and another with different meaning is added.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:restriction base="xs:ID">
+ <xs:pattern value="[a-f][a-f0-9]{7}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:complexType name="Chapter">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string"/>
+ <xs:element name="id" type="ID"/>
+ <xs:element name="item" type="Item" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="Item">
+ <xs:sequence>
+ <xs:element name="id" type="ID"/>
+ <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <xs:element name="note" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="item" type="Item" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+</xs:schema>
--- a/ssm.en.xml Sat Sep 21 16:51:06 2019 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,658 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Sane Software Manifesto
- Copyright © 2019 František Kučera (Frantovo.cz, GlobalCode.info)
-
- This manifesto is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.
- https://creativecommons.org/licenses/by-nd/4.0/
-
- If distributed, official website of Sane Software Manifesto must be provided: https://sane-software.globalcode.info/
--->
-<manifesto
- xmlns="tag:globalcode.info,2019:sane-software/manifesto"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="tag:globalcode.info,2019:sane-software/manifesto ssm.xsd">
-
-
- <title>Sane Software Manifesto</title>
- <id>fd466b50-6abd-4294-b11f-a5b8f2f39c2a</id>
- <preamble>In respect to user freedoms, privacy, liberty and software quality we create software according to the following guidelines.</preamble>
-
- <chapter>
- <name>Free software</name>
- <id>ca4d0f6c-9996-49ac-8647-b7f15b049b03</id>
- <item>
- <id>a755410b-6264-4094-b339-aeca55448e8d</id>
- <text>Every piece of Sane software is also Free software (as originally defined by Richard Stallman).</text>
- <text>Which means that the user has freedom to</text>
- <text>run the program for any purpose,</text>
- <text>to study and change it (i.e. has access to the source code under a free software license)</text>
- <text>and to distribute modified or unmodified copies.</text>
- <note>see https://www.gnu.org/philosophy/free-sw.html</note>
- <note>see https://www.gnu.org/philosophy/who-does-that-server-really-serve.html</note>
- </item>
- <item>
- <id>b7cd1a50-79eb-4df2-925c-7243a46d5ed8</id>
- <text>The user controls his computer and software and owns the data. Not the author of the software or anyone else without user's explicit consent.</text>
- </item>
- <item>
- <id>c78a9796-7862-4dd2-8ad9-3fdae094fe2c</id>
- <text>Must be buildable using free software toolchain (like GNU/Linux + GCC or OpenJDK etc.).</text>
- </item>
- <item>
- <id>b3c0daaf-dcaf-49a8-ae38-40590456a315</id>
- <text>Must not promote non-free (proprietary) software or services.</text>
- </item>
- <item>
- <id>b2fd5d2d-4d47-48e8-8abc-4b1aa94a7951</id>
- <text>Copyleft licenses (like GNU GPL or GNU Affero GPL) are strongly recommended because they guarantee software freedoms to every single end-user and prevent possibility that freedom vanishes somewhere in the distribution chain and the user can not benefit from the free software albeit the software is build on originally free source code.</text>
- </item>
- <item>
- <id>c3599313-338b-428d-885f-964a443d76c6</id>
- <!-- TODO: MUST + exception for older software -->
- <text>The license must be compatible with GNU GPLv3 in order to allow mixing with the GPL code.</text>
- <text>The only exception is older software (created before this manifesto i.e. 2019) which is unable to change the license</text>
- <text>due to the copyright owned by many authors who can not be reached anymore and who can not provide approval with the license upgrade.</text>
- <text>Such software is called „Sane with exception“.</text>
- <!-- TODO: provide exact wording of the exception e.g. XYZ is „Sane software (with GPLv2 license exception)“ -->
- <note>Software versioned under GPLv2+ or GPLv3+ is compatible with GPLv3.</note>
- </item>
- <item>
- <id>f39b90ae-0054-467e-a9e2-43379b7c2331</id>
- <text>If the software is distributed with a hardware, the hardware must support instalation of independently built software without any restrictions or requirements (e.g. digital signature from the original author).</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Documented</name>
- <id>e1c828c5-0a4f-4948-9943-db1ae16a42d5</id>
- <item>
- <id>c63ea2ac-c255-4f3e-a0e2-b49d1e145347</id>
- <text>At least basic documentation must be released under a free license (GNU FDL is recommended).</text>
- </item>
- <item>
- <id>fd8e3bbd-d46a-40fe-85a6-b902336456d4</id>
- <text>Every advertised feature must be properly documented. Undocumented features can not be considered as features from the user/customer point-of-view.</text>
- </item>
- <item>
- <id>e4dede5b-059e-4e47-b03d-80142b8467f1</id>
- <text>There might be also other documentation/books released under any license and price.</text>
- </item>
- <item>
- <id>c0df4d14-43f8-4b61-83c4-fb5896161aeb</id>
- <text>But average software engineer must be able to build and operate the software with just the free (basic) documentation.</text>
- </item>
- <item>
- <id>e6cd9c52-0e66-402c-930c-901fa66acd22</id>
- <text>There must be a free documentation with description of building and running the software on a fresh operating system installation including description of all dependencies.</text>
- </item>
- <!--
- <item><id></id><text>documentation should focus on all target groups: users, administrators, developers</text></item>
- <item><id></id><text>there must be a big picture and software architercure described</text></item>
- -->
- </chapter>
-
- <chapter>
- <name>Semantic versioning</name>
- <id>aa8bd952-842b-4391-aefe-d9b3750e432d</id>
- <item>
- <id>a8beddfc-11e3-4012-9f88-f79dc88eee16</id>
- <text>Semantic versioning is required.</text>
- <text>The version number consists of three numbers: major.minor.pach.</text>
- <text>Major version is incremented if there is an incompatible change.</text>
- <text>Minor version is incremented if a feature is added in a compatible way.</text>
- <text>Patch version is incremented if a bug is fixed in a compatible way.</text>
- <note>see http://semver.org/</note>
- <note>If authors are unable to distinguish between compatible and incompatible changes, they must always increment the major version. However this approach is not recommeded</note>
- <note>Propper Semantic versioning is especially important if the software is suposed to be used as dependency by others.</note>
- <note>If there is a need of some marketing or cool versioning/codenames like Ultrasonic Umbrella or 2016, they should be used in addition to semantic versioning, not instead of it.</note>
- </item>
- <item>
- <id>cf557a11-b307-4c2f-a7b5-5d2485d23258</id>
- <text>Once publicly released, the package must not be changed anymore – if a change (even a small fix) is needed, new version number must be assigned.</text>
- </item>
- <item>
- <id>dd013325-bf22-43d3-9579-0e272e2ac344</id>
- <text>APIs, file formats and protocols might (and usually should) be semanticly versioned independently from the implementation.</text>
- <note>In such case, there should be a table documenting which API/format/protocol version matches which implementation version.</note>
- </item>
- <item>
- <id>dacb98cc-b558-4f0e-942d-e12004e45606</id>
- <text>The branching model in the version control system should reflect the semantic versioning.</text>
- <text>The released version e.g. 2.3.1 should be tagged as v2.3.1 and be placed in the v_2.3 branch.</text>
- <text>Where the v_2.3 branch was forked from the v_2 branch – from the v2.3 tag.</text>
- </item>
- </chapter>
-
- <chapter>
- <!-- TODO: rename this chapter? this is also compatibility „with others“ Or merge with previous one-->
- <name>Compatible with itself</name>
- <id>d626bb57-a20a-4182-a88a-446e901e9de4</id>
- <item>
- <id>a9852300-c59a-4bda-86a1-3a90d2ee1b74</id>
- <text>Focus on backward compatibility. Newer version should work as a drop-in replacement.</text>
- </item>
- <item>
- <id>f9b07d6c-da34-4971-8a92-a50b3e9f80ff</id>
- <text>Do not break things – rather postpone the release date than deliver a faulty product.</text>
- </item>
- <item>
- <id>ae33d206-4988-44ec-b8e2-3120019fcf2f</id>
- <text>Do not remove features unless they are really obsolete, unused or unrepairably broken.</text>
- </item>
- <item>
- <id>c542336a-fce8-412c-a8dd-1328c1a884ec</id>
- <text>The user interface might be simplified or redesigned while preserving the features under the hood.</text>
- </item>
- <item>
- <id>ba8fecf0-5c02-4fdf-abdc-2650d428f82a</id>
- <text>Incompatible changes must be planned and announced in advance. <!--Major/minor/patch numbers must be increased according to the Semantic versioning.--></text>
- </item>
- <item>
- <id>f4826891-e732-45e8-b929-25d1182fa141</id>
- <text>Upgrade scripts and upgrade documentation must be provided.</text>
- </item>
- </chapter>
-
- <chapter>
- <!-- TODO: rename this chapter to Interfaces? -->
- <name>Compatible with others</name>
- <id>d34ce339-197c-44ee-9e5c-6d7e212f8c10</id>
- <item>
- <id>be4c72d1-c494-4c44-aeb4-c5847f5a3524</id>
- <text>use open standards (protocols, formats) if they exist</text>
- </item>
- <item>
- <id>b2202690-8a6c-467f-a2b1-b154f470aa77</id>
- <text>never extend nor modify existing open protocol/format in the way which effectively creates a proprietary protocol/format</text>
- </item>
- <item>
- <id>dd206223-9525-4229-be2b-84b07c2b8244</id>
- <text>define and publish own open standards if needed</text>
- <item>
- <id>f24d45b0-a07c-45d8-820e-63a3b95ba3f6</id>
- <text>also standards must be semantically versioned</text>
- </item>
- <item>
- <id>d341b78e-15b9-4077-8b48-9e54c93391ac</id>
- <text>should be written in machine readable format (WSDL, WADL, ASN.1, XSD, Diameter dictionary, D-Bus etc.) or at least formal language (Backus–Naur Form, EBNF etc.)</text>
- </item>
- <item>
- <id>d61b3e31-bb9f-4333-87c8-9fb32f33a49d</id>
- <text>also configuration should have machine readable description and should be testable by executing a command</text>
- </item>
- </item>
- </chapter>
-
- <chapter>
- <name>Modular architecture</name>
- <id>c56e7e86-e480-4a5d-8a47-ab155dcd59b1</id>
- <item>
- <id>e50424e8-94f3-48aa-bf01-0ba984eb2349</id>
- <text>larger and multi-purpose software should be divided into smaller modules</text>
- </item>
- <item>
- <id>e752efae-75c9-4620-aa14-65c4949a3609</id>
- <text>modules must have defined dependencies (less = better)</text>
- </item>
- <item>
- <id>e9988ed0-d686-41a0-9f1e-3243ac5235d5</id>
- <text>particular modules should be compilable and executable separately</text>
- </item>
- <item>
- <id>ac722cec-0734-4d80-9885-d70a97b6402b</id>
- <text>whole system should be compilable (buildable) with only selected modules – must not require compilation or even distribution of all modules, if they are not necessary</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Extensible</name>
- <id>d333af72-b5b5-432f-b564-a008d54a85d1</id>
- <item>
- <id>a7bc51ba-9832-4f75-983c-e75dc0801113</id>
- <text>able to be extended</text>
- <item>
- <id>e190f58d-1c16-4198-94d6-fc1a99fa85a0</id>
- <text>by configuration (RegExp, SQL, XSLT, XPath etc.)</text>
- </item>
- <item>
- <id>fde301e5-6e75-49a4-85c8-a231f6a63036</id>
- <text>by scripting (Guile, Bash, Python, Lua, ECMA Script etc.)</text>
- </item>
- <item>
- <id>a9c63cea-b9df-4bbd-bec1-84a047514667</id>
- <text>and/or third-party plugins/modules</text>
- <item>
- <id>de7270db-0410-4152-974f-4f0d74ff255b</id>
- <text>it should be easy to create a third-party module and plug it in an existing system</text>
- </item>
- <item>
- <id>fb4b07d1-6af7-44d9-8e6a-89ea63638652</id>
- <text>dependencies needed to write an extension (i.e. header files, API classes/interfaces) should be as small as possible (do not require large codebase to write a mere plug-in); the required dependency should contain just interfaces (method/function signatures) and data structures but no implementation (executable code)</text>
- </item>
- </item>
- </item>
- <item>
- <id>e41134a4-715c-4926-a7df-01ff3759eda1</id>
- <text>there should be public directory of extensions/scripts</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Testable</name>
- <id>a0376231-d53e-45fd-826f-47148721de3d</id>
- <item>
- <id>d95dc118-7473-4f18-8b9e-35830a87b269</id>
- <text>there should be automated build-time complex tests for the package – feed the program with sample input and verify expected output</text>
- </item>
- <item>
- <id>a9f6725d-ddf1-41ee-96b4-15f3b851cb50</id>
- <text>there should be also automated runtime/postinstall tests – in order to verify that software was installed properly, all required dependencies are met and basic function is guaranteed – the program should report problem during its start (as a warning if it is not fatal), instead of unexpected failures during operation</text>
- </item>
- <item>
- <id>d610c04b-cc44-48c7-b069-f41b90bdef0f</id>
- <text>unit tests are recommended for code parts that are internally complex (algorithms, important business logic) and have simple interfaces</text>
- </item>
- <item>
- <id>e85baeda-8fcb-42d1-bb53-d7386a941ae7</id>
- <text>each external interface should contain procedure/function that does nothing important or heavy, is idempotent and returns simple response which proves that the interface (connection) is working (e.g. echo, print version, status or current time); if authentication and authorization mechanisms are present, there should be one procedure/function callable anonymously and one that requires authorization</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Safe code and sustainability</name>
- <id>f3afbaf2-0933-43d2-aed0-8dc568b9429f</id>
- <item>
- <id>a96206c9-3e69-483d-b575-6bab9dec4a30</id>
- <text>correctness, safety and readability is prefered to performance</text>
- </item>
- <item>
- <id>d8eba0dd-4305-44b9-80ea-4c38b6dfa633</id>
- <text>use strong data typing, declare preconditions and possible exceptions</text>
- </item>
- <item>
- <id>ebea0c16-f820-444d-a73c-3054ca6a38c8</id>
- <text>data structures must be known and well documented – do not use undocumented map keys or properties</text>
- </item>
- <item>
- <id>e24e600e-6542-4664-8cf0-2d8c6feb6c13</id>
- <text>code, comments and specification should be written in the same natural language</text>
- </item>
- <item>
- <id>fa92aa33-a69f-43b8-9051-9bfdcd3d293f</id>
- <text>there should be a dictionary of used terms, so whole team and also users and customers will speak the same language</text>
- </item>
- <item>
- <id>b9345a0e-c672-45d3-b93b-8d0fb4ece8b3</id>
- <text>fail fast – errors in the code should be reported during build time or at least on first execution – do not silently continue if given error would lead to failure later in another part of the code – bad weak coupling leads to difficult debugging</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Small code footprint</name>
- <id>ba8fbf3a-9254-4dd8-bb77-b0cd4907c6aa</id>
- <item>
- <id>f5389468-2f8a-43c8-884a-8df6bc844453</id>
- <text>less LOC (resp. cyclomatic complexity) = better</text>
- </item>
- <item>
- <id>b6b6c838-be6d-43d5-9f99-2098fa217c54</id>
- <text>reduce boilerplate and unused code</text>
- </item>
- <item>
- <id>b07fe0f0-2be7-4c1c-9b19-b671269c5e58</id>
- <text>use code generators (during build process, not to generate code to be manually edited and versioned)</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Sane dependencies</name>
- <id>afd8f6c7-8dac-4a83-a101-64f017ec7ada</id>
- <item>
- <id>c2d5a677-a721-40e3-b560-73afe76fe2b0</id>
- <text>avoid NIH and reuse code but also avoid dependency hell</text>
- </item>
- <item>
- <id>d214987c-881c-450b-8544-82141866f541</id>
- <text>know your dependencies, know why they are required</text>
- </item>
- <item>
- <id>c8402612-e136-43b5-9209-f9800d2e94da</id>
- <text>reduce dependencies to only necessary ones</text>
- </item>
- <item>
- <id>cbeb9a6b-7b64-4452-8caf-246c082a853d</id>
- <text>depend on small and useful libraries – not on bulky application packages or libraries with large transitive dependencies</text>
- </item>
- <item>
- <id>cbaf55be-8ffb-4109-9c83-083d1b3e793a</id>
- <text>if dependency on bulky application package is inevitable, add a layer of abstraction – create a generic interface and connector and allow others to replace the bulky package with their own sane implementation</text>
- </item>
- <item>
- <id>d7655989-a5e4-4123-9147-3782fc05a5ee</id>
- <text>helper tools:</text>
- <item>
- <id>a5307bc9-36ed-4d83-963a-30c5c67613aa</id>
- <text>if you e.g. use Bash and Perl during the build process, do not add also Python dependency, write it in Perl – or use Python instead of Perl.</text>
- </item>
- <item>
- <id>b0237d84-7068-4b2b-bc28-ce5e0a0061e4</id>
- <text>Or if you use Java as your main language, consider not using Python/Perl for scripting and use Java for it</text>
- </item>
- </item>
- <item>
- <id>a0f42ec9-5032-4f6d-a50a-4b7bddde77f0</id>
- <text>if possible, always depend on abstract interfaces, not on particular implementations</text>
- </item>
- <item>
- <id>c5974dcd-4855-40c5-ad22-894c128ca1dc</id>
- <text>from the whole system point-of-view, Bootstrappable builds should be taken into account</text>
- <note>see http://bootstrappable.org/</note>
- </item>
- </chapter>
-
- <chapter>
- <name>Easily auditable</name>
- <id>fb0c484b-d97a-4cb4-9b8f-04d386ef0f54</id>
- <item>
- <id>aeef6a5c-bafc-4fcf-9b21-5829e8a44c5e</id>
- <text>small code footprint and minimal dependencies makes it easy to do security audit</text>
- </item>
- <item>
- <id>ab69d352-da68-40c2-a3e1-a8fd5c41ad0a</id>
- <text>avoid ungrounded refactoring and reformatting – they make mess and noise in the version control system and impede the audit</text>
- </item>
- <item>
- <id>e4db77b8-f145-4e43-bf8b-eb775b9352c8</id>
- <text>refactoring/reformatting changesets should be separated from substantive changes</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Reproducible builds</name>
- <id>da6436f7-c352-4d52-915b-02d0d1880e40</id>
- <item>
- <id>e5154815-eeae-4664-8883-a29a64eea325</id>
- <text>builds should be reproducible: same code/version → same binary package</text>
- </item>
- <item>
- <id>a3b0c164-4dde-4e33-b3be-5478d2a187e2</id>
- <text>if not, it should be documented, why and how build products mihgt differ, and there should be plan/task to make it reproducible</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Trustworthy packages and sources</name>
- <id>e7ded437-aaa2-475a-9754-0b2d89394b24</id>
- <item>
- <id>a0d9322c-7d2b-4632-b543-7e0d75bb5f0b</id>
- <text>every released version (binary or source) must be cryptographically signed by the authors (GnuPG/OpenPGP is strongly recommended)</text>
- </item>
- <item>
- <id>feb97ec0-c35c-49b8-b455-517a929b4a84</id>
- <text>there should be also checksums/hashes for every released package</text>
- </item>
- <item>
- <id>ff33e209-0460-4a43-997f-d6b32b73997b</id>
- <text>if HTTP is supported, HTTPS should also be – the attacker/eavesdropper should not even know what software/package/update is downloaded by the user</text>
- </item>
- <item>
- <id>c1f83b3a-e564-4483-91de-9c08723efd13</id>
- <text>the attacker should not be able to suppress updates – the program must not be silent in such case and must warn the user that something possibly nasty and dangerous is happening</text>
- </item>
- <item>
- <id>c6a755c9-a54e-4ffb-8f70-bfbd851b93c5</id>
- <text>releases should be downloadable also (or exclusively) over BitTorrent or other P2P network</text>
- </item>
- <item>
- <id>f9275c3c-2b09-4aec-ac28-76ff827d52ce</id>
- <text>source code repository must be accessible through an encrypted connection</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Network interactions</name>
- <id>d3edb71b-8668-4290-a669-19694956e3aa</id>
- <item>
- <id>c967092e-09e9-4c68-90bf-aa8cb441f7dc</id>
- <text>no network connection is needed during build – build must be possible completely offline, all dependencies must be downloadable and documented including secure hashes or better cryptographic signatures</text>
- </item>
- <item>
- <id>b5515d33-1531-4361-8baf-a99ca461e763</id>
- <text>if dependencies are optionally automatically downloaded during/before build, the packaging system must cryptographically verify that that they are undamaged</text>
- </item>
- <item>
- <id>f700413a-fde1-460c-8633-76985e98007c</id>
- <text>avoid unwanted network interactions during runtime – no „call home“ or update-checks without user's explicit consent</text>
- </item>
- <item>
- <id>f55c2ebd-c3ba-44f7-ae92-06f679780ec7</id>
- <text>if any network connection is used, it must be cryptographically secured against MITM attacks</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Localized/internationalized</name>
- <id>fa655b7c-f22d-4b98-ab7b-c0d0f608aad8</id>
- <item>
- <id>ad2f572b-497b-4523-b435-f9752fd1518a</id>
- <text>is is strongly recommended that it should be possible to localize the user interface independently from the original author by writing a language pack</text>
- </item>
- <item>
- <id>c3827486-6bf5-45c0-9a6d-61ad659d8ba1</id>
- <text>GNU Gettext or other standard framework (like Java resource bundles) should be used</text>
- </item>
- <item>
- <id>a57f4fc8-1f64-46e2-a91d-3a598c37f2e9</id>
- <text>error messages should have assigned unique error codes, so it is possible to find relevant information regardless current locale</text>
- </item>
- <!-- GEC is recommended for such unique error identifiers -->
- <item>
- <id>eba92867-5c1b-45b6-943a-a3fa6ea67e38</id>
- <text>data formats and protocols must be language/locale independent</text>
- <item>
- <id>fee73fee-4940-47ac-84b6-15646f5f61c7</id>
- <text>e.g. use decimal point instead of comma and no thousand separators for numbers, use standardized date formats</text>
- </item>
- <item>
- <id>f1a00487-ed89-4443-99b5-63ab4c635690</id>
- <text>in general: everything that is expected to be machine-readable or machine-generated must be independent from current locale</text>
- </item>
- </item>
- <item>
- <id>e6603e06-0b2c-439e-82ce-45f9744b2ef8</id>
- <text>character encoding:</text>
- <item>
- <id>abd42a7f-bd4b-4034-98ee-85a33094b5c1</id>
- <text>always be aware of it, do not just blindly use current platform's default (because the other side might run on different platform with different default)</text>
- </item>
- <item>
- <id>abd48eae-d287-4729-80ee-52dd018b0ba7</id>
- <text>if given software/format/protocol has some default encoding, it must be clearly defined in its specification and this default should not be changed without changing the major version number</text>
- </item>
- <item>
- <id>c9f4d9f4-f959-48ad-bc68-6720dd4596e3</id>
- <text>if there is no default, the encoding must be specified in the metadata attached (e.g. protocol headers, extended attributes on filesystem) to the actual data or at least at the begining of the data (like declaration in XML format)</text>
- </item>
- </item>
- <item>
- <id>ce45c382-6ec5-41e8-869a-a0e758621b13</id>
- <text>the metric system should be used as default</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Communication channels</name>
- <id>a931dcbb-8043-4e21-838f-8e8122bb8af3</id>
- <item>
- <id>fff90688-907e-48eb-a48a-2ae6d6b42f0a</id>
- <text>use RSS/Atom or other machine readable format for:</text>
- <item>
- <id>ce9ffd67-627b-4067-ae34-f56ffbcac972</id>
- <text>security announcements</text>
- </item>
- <item>
- <id>f4c0b757-1fee-4d6d-8b30-808b4787fb5e</id>
- <text>new version announcements</text>
- </item>
- <item>
- <id>b17dbc84-4119-4706-acd8-61421a384246</id>
- <text>infrastructure outage announcements</text>
- </item>
- <item>
- <id>f3063520-5e7a-4aa0-95f6-505775556120</id>
- <text>blog, documentation, how-tos etc.</text>
- </item>
- <item>
- <id>e2434bd6-c838-479a-a636-f277003ebe7c</id>
- <text>AFK events (conferences, meetings, hackatons etc.), for calendar data iCal format is strongly recommended</text>
- </item>
- </item>
- <item>
- <id>e8b18e02-d7b2-4584-8eee-dbaf823f6800</id>
- <text>mailing list</text>
- </item>
- <item>
- <id>a35328fe-a177-4d6a-a3d2-2cc8fa0cb6f7</id>
- <text>e-mail/SMTP</text>
- <item>
- <id>f40e9a23-b2ca-4052-949e-f4358844f5a2</id>
- <text>use TLS</text>
- </item>
- <item>
- <id>bc444281-5c76-43a9-b5ef-46306cbb2bf9</id>
- <text>use DKIM/ADSP</text>
- </item>
- <item>
- <id>a2852409-806f-480c-8700-141ace86f322</id>
- <text>use signed and encrypted messages (GnuPG or X.509)</text>
- </item>
- <item>
- <id>da2b84bd-a20d-4e76-af14-740a7c9ccfb3</id>
- <text>avoid spam and viruses, do not spam the users, do not push them to subscribe your „newsletter“ – always offer also anonymous channel like RSS/Atom</text>
- </item>
- </item>
- <item>
- <id>ec4c92b6-83e5-4051-9aef-fa7d02e292b8</id>
- <text>Jabber MUC or IRC</text>
- </item>
- <item>
- <id>f50d17bd-701f-45f9-aae4-86bfcf34cd7c</id>
- <text>discussion forum</text>
- </item>
- <item>
- <id>e746eb5b-8d8b-4ec8-9315-a311f35e156a</id>
- <text>do not push users to register at a proprietary social networks resp. at particular company like Facebook – users without such account must not be discriminated – use open and decentralized networks/protocols instead</text>
- </item>
- <item>
- <id>a1a3c037-37e3-4283-abab-e275f7d17442</id>
- <text>Q&A tool + FAQ</text>
- </item>
- <item>
- <id>ff537045-819e-4dec-a020-d2c9f2c3292b</id>
- <text>there should be a second-level internet domain for the project or its team</text>
- </item>
- <item>
- <id>b54d4978-974b-4743-bdba-7d4957bc9ba7</id>
- <text>but do not buy an internet domain if you are not prepared to mainain it for decades – rather use third level domain under some reliable second level domain maintained by a credible group or person – think of that every expired domain helps spammers and scammers and hurts the users</text>
- </item>
- <item>
- <id>a1141312-5177-4d68-bb14-fce952d542c3</id>
- <text>URLs should be as stable as possible (do not break old links, set up redirections if needed)</text>
- </item>
- <item>
- <id>c5b6d3d7-2f1f-4371-acfa-d6af1588c2cb</id>
- <text>the website must be independent and must contain everything needed – any content (JavaScripts, CSS, fonts, images etc.) downloaded from other domains must not be required to browse/use the website</text>
- </item>
- <item>
- <id>c1d9052d-dfe5-4fce-a82c-d618dc4689fa</id>
- <text>authors should publish their public keys (GnuPG/OpenPGP or X.509)</text>
- </item>
- <item>
- <id>c89e8699-574c-4b28-9f65-6284d6051f68</id>
- <text>crpyptographically secured e-mail address or web form for receiving security vulnerabilities report</text>
- </item>
- <item>
- <id>b6cf8d5f-0fc9-46f7-8e38-8342a1229037</id>
- <text>every security incident must be clearly documented and investigated – do not obscure it</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Accept contributions</name>
- <id>eae0f528-a5ce-4809-a25d-9f9ab6311f3d</id>
- <item>
- <id>efae935b-fef1-4bbd-a2c5-e12048524e35</id>
- <text>good quality code contributions with appropriate copyright and patent licenses or assignments should be accepted from anyone</text>
- </item>
- <item>
- <id>ea429f77-44db-4eb4-9925-0d28f9abf47a</id>
- <text>the „good quality code“ is defined by the project and might involve code style, idioms, design patterns, software architecture, required tests, documentation etc.</text>
- </item>
- <item>
- <id>b0022cea-4caf-4663-ae24-5fc5da31333b</id>
- <text>such requirements and rules should be available to the contributor before he begins; however (especially smaller) projects might communicate such code quality requirements and provide consultations and guidance during the contribution</text>
- </item>
- <item>
- <id>ea4a8d23-b2df-42eb-84ae-7687d35838c8</id>
- <text>in order to contribute, it must not be required:</text>
- <item>
- <id>da7dabf6-f2d8-43bc-8121-6e4527eaa691</id>
- <text>to have an account on any particular third party service like particular e-mail or hosting provider</text>
- </item>
- <item>
- <id>dfd6a77f-7c4a-430a-8199-8ea71ec7ee8c</id>
- <text>to sign a contract (which includes accepting „Terms and conditions“) with any particular third party (e.g. source code hosting provider)</text>
- </item>
- <item>
- <id>af6a589f-d419-483f-b7b2-07b6e9da3924</id>
- <text>to sign any political, religious or other proclamation or agree with it</text>
- </item>
- </item>
- <item>
- <id>b4319392-8d6a-4f07-8a94-7ae2ed97c787</id>
- <text>in order to contribute, it might be required:</text>
- <item>
- <id>f9f52f2f-b057-4a2f-9131-682fac54c853</id>
- <text>to have an e-mail address (but not at particular domain)</text>
- </item>
- <item>
- <id>ef9e64cc-90b0-4002-ab5a-a1135332c7fe</id>
- <text>or use similar decentralized technology which has open standard and free software implementations</text>
- </item>
- <item>
- <id>d7a94eba-efd6-471f-9c32-6ee9d3b8ab29</id>
- <text>to assign the copyright to the project and grant a free license for all patents relevant to the contribution</text>
- </item>
- </item>
- <item>
- <id>e394c792-8294-4f15-a356-89cd0a7aa255</id>
- <text>the project should record all accepted contributions and maintain a public list of all authors/contributors</text>
- </item>
- <item>
- <id>b5a128a2-31d9-49df-890c-59a770f7afa9</id>
- <text>the contributor must not loose the right to use or distribute the contributed code under any license (of his choice)</text>
- </item>
- </chapter>
-
- <chapter>
- <name>Open development – has public:</name>
- <id>b704bc25-d3c1-4481-98bf-54455c507f37</id>
- <item>
- <id>fed07648-106a-4b7c-9026-509c82109448</id>
- <text>source code repository (versioning system), not just source code snapshots of released versions</text>
- </item>
- <item>
- <id>d9934675-abbd-418f-abf6-dfeaaea6a544</id>
- <text>description of the process of accepting external patches</text>
- </item>
- <item>
- <id>e6d2175a-97ff-4fd5-9bc1-a3914c6dd719</id>
- <text>feature/bug tracking system</text>
- </item>
- <item>
- <id>ae430fee-4850-453f-9382-282d7eed27a4</id>
- <text>plan of supported versions/branches</text>
- </item>
- </chapter>
-</manifesto>
--- a/ssm.xsd Sat Sep 21 16:51:06 2019 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Sane Software Manifesto helper tools
- Copyright © 2019 František Kučera (Frantovo.cz, GlobalCode.info)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, version 3.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <https://www.gnu.org/licenses/>.
--->
-<xs:schema xmlns="tag:globalcode.info,2019:sane-software/manifesto"
- targetNamespace="tag:globalcode.info,2019:sane-software/manifesto"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- elementFormDefault="qualified"
- attributeFormDefault="unqualified">
-
- <xs:element name="manifesto" type="Manifesto"/>
-
- <xs:complexType name="Manifesto">
- <xs:sequence>
- <xs:element name="title" type="xs:string"/>
- <xs:element name="id" type="ID"/>
- <xs:element name="preamble" type="xs:string"/>
- <xs:element name="chapter" type="Chapter" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
-
- <xs:simpleType name="ID">
- <xs:annotation>
- <xs:documentation>
- UUID, but must start with a letter, to comply with XML ID rules;
- use e.g. uuidgen | grep ^[a-f];
- Never reuse the ID if one chapter/item is removed and another with different meaning is added.
- </xs:documentation>
- </xs:annotation>
- <xs:restriction base="xs:ID">
- <xs:pattern value="[a-f][a-f0-9]{7}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"/>
- </xs:restriction>
- </xs:simpleType>
-
- <xs:complexType name="Chapter">
- <xs:sequence>
- <xs:element name="name" type="xs:string"/>
- <xs:element name="id" type="ID"/>
- <xs:element name="item" type="Item" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
-
- <xs:complexType name="Item">
- <xs:sequence>
- <xs:element name="id" type="ID"/>
- <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
- <xs:element name="note" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name="item" type="Item" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
-
-</xs:schema>
--- a/ssm.xsl Sat Sep 21 16:51:06 2019 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,104 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Sane Software Manifesto helper tools
- Copyright © 2019 František Kučera (Frantovo.cz, GlobalCode.info)
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, version 3.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <https://www.gnu.org/licenses/>.
--->
-<xsl:stylesheet
- version="1.0"
- xmlns="http://www.w3.org/1999/xhtml"
- xmlns:h="http://www.w3.org/1999/xhtml"
- xmlns:m="tag:globalcode.info,2019:sane-software/manifesto"
- xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
- xmlns:fn="http://www.w3.org/2005/xpath-functions"
- xmlns:svg="http://www.w3.org/2000/svg"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="tag:globalcode.info,2019:sane-software/manifesto ssm.xsd"
- exclude-result-prefixes="fn h m xs xsi">
-
- <xsl:output
- method="xml"
- indent="yes"
- encoding="UTF-8"
- doctype-public="-//W3C//DTD XHTML 1.1 plus MathML 2.0 plus SVG 1.1//EN"
- doctype-system="http://www.w3.org/2002/04/xhtml-math-svg/xhtml-math-svg.dtd"/>
-
- <xsl:template match="/m:manifesto">
- <html>
- <head>
- <title>
- <xsl:value-of select="m:title"/>
- </title>
- <link href="style.css" type="text/css" rel="StyleSheet"/>
- </head>
- <body>
- <h1>
- <xsl:value-of select="m:title"/>
- </h1>
-
- <!-- TODO: remove hardcoded warning, use version from mercurial -->
- <p style="text-align: center"><DRAFT> Please note that this is a draft version. Stay tuned for v1.0.0! </DRAFT></p>
-
- <p>
- <xsl:value-of select="m:preamble"/>
- </p>
-
- <xsl:apply-templates select="m:chapter"/>
-
-
- <!-- TODO: move license information to XML file -->
- <hr/>
- <p class="footer">
- <a href="https://sane-software.globalcode.info/">Sane Software Manifesto</a><br/>
- Copyright © 2019 František Kučera (Frantovo.cz, GlobalCode.info)<br/>
- This manifesto is licensed under a <a href="https://creativecommons.org/licenses/by-nd/4.0/">Creative Commons Attribution-NoDerivatives 4.0 International License</a>.
- </p>
-
- </body>
- </html>
- </xsl:template>
-
-
- <xsl:template match="m:chapter">
- <h2>
- <xsl:value-of select="m:name"/>
- <xsl:text> </xsl:text>
- <a href="#{m:id}" id="{m:id}" class="anchor">#</a>
- </h2>
- <ul>
- <xsl:apply-templates select="m:item"/>
- </ul>
- </xsl:template>
-
-
- <xsl:template match="m:item">
- <li>
- <xsl:apply-templates select="m:text"/>
- <xsl:text> </xsl:text>
- <a href="#{m:id}" id="{m:id}" class="anchor">#</a>
- <xsl:if test="m:item">
- <ul>
- <xsl:apply-templates select="m:item"/>
- </ul>
- </xsl:if>
- </li>
- </xsl:template>
-
- <xsl:template match="m:text">
- <xsl:apply-templates/>
- <xsl:text> </xsl:text>
- </xsl:template>
-
-</xsl:stylesheet>
\ No newline at end of file
--- a/style.css Sat Sep 21 16:51:06 2019 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-body {
- font-family: FreeSerif;
- font-size: 20px;
- background-color: white;
- color: black;
-}
-
-h1,h2,h3 {
- font-family: Sawasdee;
- font-weight: bold;
-}
-
-h1 {
- text-align: center;
-}
-
-a.anchor {
- color: #eee;
- text-decoration: none;
-}
-
-p.footer {
- font-size: 80%;
-}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/templates/ssm.txt.xsl Sat Sep 21 19:40:43 2019 +0200
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Sane Software Manifesto helper tools
+ Copyright © 2019 František Kučera (Frantovo.cz, GlobalCode.info)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 3.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+-->
+<xsl:stylesheet
+ version="1.0"
+ xmlns:m="tag:globalcode.info,2019:sane-software/manifesto"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:fn="http://www.w3.org/2005/xpath-functions"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="tag:globalcode.info,2019:sane-software/manifesto ssm.xsd">
+
+ <xsl:output
+ method="text"
+ encoding="UTF-8"/>
+
+ <xsl:template match="/m:manifesto">
+ <xsl:text> *** </xsl:text>
+ <xsl:value-of select="m:title"/>
+ <xsl:text> *** </xsl:text>
+ <!-- TODO: version and draft warning -->
+ <xsl:value-of select="m:preamble"/>
+ <xsl:text> </xsl:text>
+ <xsl:apply-templates select="m:chapter"/>
+
+ <!-- TODO: move license information to XML file -->
+ <xsl:text></xsl:text>
+ <xsl:text> </xsl:text>
+ <xsl:text>---------------------------------------------------------------- </xsl:text>
+ <xsl:text>Sane Software Manifesto <https://sane-software.globalcode.info/> </xsl:text>
+ <xsl:text>Copyright © 2019 František Kučera (Frantovo.cz, GlobalCode.info) </xsl:text>
+ <xsl:text>This manifesto is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International License <https://creativecommons.org/licenses/by-nd/4.0/>. </xsl:text>
+ <xsl:text>---------------------------------------------------------------- </xsl:text>
+ </xsl:template>
+
+
+ <xsl:template match="m:chapter">
+ <xsl:text> === </xsl:text>
+ <xsl:value-of select="m:name"/>
+ <xsl:text> ===</xsl:text>
+ <xsl:text> </xsl:text>
+
+ <xsl:apply-templates select="m:item"/>
+ </xsl:template>
+
+
+ <xsl:template match="m:item">
+ <xsl:for-each select="ancestor-or-self::m:item">
+ <xsl:text> </xsl:text>
+ </xsl:for-each>
+ <xsl:text>- </xsl:text>
+ <xsl:apply-templates select="m:text"/>
+ <xsl:text> </xsl:text>
+ <xsl:apply-templates select="m:item"/>
+ </xsl:template>
+
+ <xsl:template match="m:text">
+ <xsl:apply-templates/>
+ <xsl:text> </xsl:text>
+ </xsl:template>
+
+</xsl:stylesheet>
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/templates/ssm.xhtml.xsl Sat Sep 21 19:40:43 2019 +0200
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Sane Software Manifesto helper tools
+ Copyright © 2019 František Kučera (Frantovo.cz, GlobalCode.info)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 3.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+-->
+<xsl:stylesheet
+ version="1.0"
+ xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:h="http://www.w3.org/1999/xhtml"
+ xmlns:m="tag:globalcode.info,2019:sane-software/manifesto"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:fn="http://www.w3.org/2005/xpath-functions"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="tag:globalcode.info,2019:sane-software/manifesto ssm.xsd"
+ exclude-result-prefixes="fn h m xs xsi">
+
+ <xsl:output
+ method="xml"
+ indent="yes"
+ encoding="UTF-8"
+ doctype-public="-//W3C//DTD XHTML 1.1 plus MathML 2.0 plus SVG 1.1//EN"
+ doctype-system="http://www.w3.org/2002/04/xhtml-math-svg/xhtml-math-svg.dtd"/>
+
+ <xsl:template match="/m:manifesto">
+ <html>
+ <head>
+ <title>
+ <xsl:value-of select="m:title"/>
+ </title>
+ <link href="style.css" type="text/css" rel="StyleSheet"/>
+ </head>
+ <body>
+ <h1>
+ <xsl:value-of select="m:title"/>
+ </h1>
+
+ <!-- TODO: remove hardcoded warning, use version from mercurial -->
+ <p style="text-align: center"><DRAFT> Please note that this is a draft version. Stay tuned for v1.0.0! </DRAFT></p>
+
+ <p>
+ <xsl:value-of select="m:preamble"/>
+ </p>
+
+ <xsl:apply-templates select="m:chapter"/>
+
+
+ <!-- TODO: move license information to XML file -->
+ <hr/>
+ <p class="footer">
+ <a href="https://sane-software.globalcode.info/">Sane Software Manifesto</a><br/>
+ Copyright © 2019 František Kučera (Frantovo.cz, GlobalCode.info)<br/>
+ This manifesto is licensed under the <a href="https://creativecommons.org/licenses/by-nd/4.0/">Creative Commons Attribution-NoDerivatives 4.0 International License</a>.
+ </p>
+
+ </body>
+ </html>
+ </xsl:template>
+
+
+ <xsl:template match="m:chapter">
+ <h2>
+ <xsl:value-of select="m:name"/>
+ <xsl:text> </xsl:text>
+ <a href="#{m:id}" id="{m:id}" class="anchor">#</a>
+ </h2>
+ <ul>
+ <xsl:apply-templates select="m:item"/>
+ </ul>
+ </xsl:template>
+
+
+ <xsl:template match="m:item">
+ <li>
+ <xsl:apply-templates select="m:text"/>
+ <xsl:text> </xsl:text>
+ <a href="#{m:id}" id="{m:id}" class="anchor">#</a>
+ <xsl:if test="m:item">
+ <ul>
+ <xsl:apply-templates select="m:item"/>
+ </ul>
+ </xsl:if>
+ </li>
+ </xsl:template>
+
+ <xsl:template match="m:text">
+ <xsl:apply-templates/>
+ <xsl:text> </xsl:text>
+ </xsl:template>
+
+</xsl:stylesheet>
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/templates/style.css Sat Sep 21 19:40:43 2019 +0200
@@ -0,0 +1,24 @@
+body {
+ font-family: FreeSerif;
+ font-size: 20px;
+ background-color: white;
+ color: black;
+}
+
+h1,h2,h3 {
+ font-family: Sawasdee;
+ font-weight: bold;
+}
+
+h1 {
+ text-align: center;
+}
+
+a.anchor {
+ color: #eee;
+ text-decoration: none;
+}
+
+p.footer {
+ font-size: 80%;
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/text/ssm.en.xml Sat Sep 21 19:40:43 2019 +0200
@@ -0,0 +1,658 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Sane Software Manifesto
+ Copyright © 2019 František Kučera (Frantovo.cz, GlobalCode.info)
+
+ This manifesto is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.
+ https://creativecommons.org/licenses/by-nd/4.0/
+
+ If distributed, official website of Sane Software Manifesto must be provided: https://sane-software.globalcode.info/
+-->
+<manifesto
+ xmlns="tag:globalcode.info,2019:sane-software/manifesto"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="tag:globalcode.info,2019:sane-software/manifesto ../schema/ssm.xsd">
+
+
+ <title>Sane Software Manifesto</title>
+ <id>fd466b50-6abd-4294-b11f-a5b8f2f39c2a</id>
+ <preamble>In respect to user freedoms, privacy, liberty and software quality we create software according to the following guidelines.</preamble>
+
+ <chapter>
+ <name>Free software</name>
+ <id>ca4d0f6c-9996-49ac-8647-b7f15b049b03</id>
+ <item>
+ <id>a755410b-6264-4094-b339-aeca55448e8d</id>
+ <text>Every piece of Sane software is also Free software (as originally defined by Richard Stallman).</text>
+ <text>Which means that the user has freedom to</text>
+ <text>run the program for any purpose,</text>
+ <text>to study and change it (i.e. has access to the source code under a free software license)</text>
+ <text>and to distribute modified or unmodified copies.</text>
+ <note>see https://www.gnu.org/philosophy/free-sw.html</note>
+ <note>see https://www.gnu.org/philosophy/who-does-that-server-really-serve.html</note>
+ </item>
+ <item>
+ <id>b7cd1a50-79eb-4df2-925c-7243a46d5ed8</id>
+ <text>The user controls his computer and software and owns the data. Not the author of the software or anyone else without user's explicit consent.</text>
+ </item>
+ <item>
+ <id>c78a9796-7862-4dd2-8ad9-3fdae094fe2c</id>
+ <text>Must be buildable using free software toolchain (like GNU/Linux + GCC or OpenJDK etc.).</text>
+ </item>
+ <item>
+ <id>b3c0daaf-dcaf-49a8-ae38-40590456a315</id>
+ <text>Must not promote non-free (proprietary) software or services.</text>
+ </item>
+ <item>
+ <id>b2fd5d2d-4d47-48e8-8abc-4b1aa94a7951</id>
+ <text>Copyleft licenses (like GNU GPL or GNU Affero GPL) are strongly recommended because they guarantee software freedoms to every single end-user and prevent possibility that freedom vanishes somewhere in the distribution chain and the user can not benefit from the free software albeit the software is build on originally free source code.</text>
+ </item>
+ <item>
+ <id>c3599313-338b-428d-885f-964a443d76c6</id>
+ <!-- TODO: MUST + exception for older software -->
+ <text>The license must be compatible with GNU GPLv3 in order to allow mixing with the GPL code.</text>
+ <text>The only exception is older software (created before this manifesto i.e. 2019) which is unable to change the license</text>
+ <text>due to the copyright owned by many authors who can not be reached anymore and who can not provide approval with the license upgrade.</text>
+ <text>Such software is called „Sane with exception“.</text>
+ <!-- TODO: provide exact wording of the exception e.g. XYZ is „Sane software (with GPLv2 license exception)“ -->
+ <note>Software versioned under GPLv2+ or GPLv3+ is compatible with GPLv3.</note>
+ </item>
+ <item>
+ <id>f39b90ae-0054-467e-a9e2-43379b7c2331</id>
+ <text>If the software is distributed with a hardware, the hardware must support instalation of independently built software without any restrictions or requirements (e.g. digital signature from the original author).</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Documented</name>
+ <id>e1c828c5-0a4f-4948-9943-db1ae16a42d5</id>
+ <item>
+ <id>c63ea2ac-c255-4f3e-a0e2-b49d1e145347</id>
+ <text>At least basic documentation must be released under a free license (GNU FDL is recommended).</text>
+ </item>
+ <item>
+ <id>fd8e3bbd-d46a-40fe-85a6-b902336456d4</id>
+ <text>Every advertised feature must be properly documented. Undocumented features can not be considered as features from the user/customer point-of-view.</text>
+ </item>
+ <item>
+ <id>e4dede5b-059e-4e47-b03d-80142b8467f1</id>
+ <text>There might be also other documentation/books released under any license and price.</text>
+ </item>
+ <item>
+ <id>c0df4d14-43f8-4b61-83c4-fb5896161aeb</id>
+ <text>But average software engineer must be able to build and operate the software with just the free (basic) documentation.</text>
+ </item>
+ <item>
+ <id>e6cd9c52-0e66-402c-930c-901fa66acd22</id>
+ <text>There must be a free documentation with description of building and running the software on a fresh operating system installation including description of all dependencies.</text>
+ </item>
+ <!--
+ <item><id></id><text>documentation should focus on all target groups: users, administrators, developers</text></item>
+ <item><id></id><text>there must be a big picture and software architercure described</text></item>
+ -->
+ </chapter>
+
+ <chapter>
+ <name>Semantic versioning</name>
+ <id>aa8bd952-842b-4391-aefe-d9b3750e432d</id>
+ <item>
+ <id>a8beddfc-11e3-4012-9f88-f79dc88eee16</id>
+ <text>Semantic versioning is required.</text>
+ <text>The version number consists of three numbers: major.minor.pach.</text>
+ <text>Major version is incremented if there is an incompatible change.</text>
+ <text>Minor version is incremented if a feature is added in a compatible way.</text>
+ <text>Patch version is incremented if a bug is fixed in a compatible way.</text>
+ <note>see http://semver.org/</note>
+ <note>If authors are unable to distinguish between compatible and incompatible changes, they must always increment the major version. However this approach is not recommeded</note>
+ <note>Propper Semantic versioning is especially important if the software is suposed to be used as dependency by others.</note>
+ <note>If there is a need of some marketing or cool versioning/codenames like Ultrasonic Umbrella or 2016, they should be used in addition to semantic versioning, not instead of it.</note>
+ </item>
+ <item>
+ <id>cf557a11-b307-4c2f-a7b5-5d2485d23258</id>
+ <text>Once publicly released, the package must not be changed anymore – if a change (even a small fix) is needed, new version number must be assigned.</text>
+ </item>
+ <item>
+ <id>dd013325-bf22-43d3-9579-0e272e2ac344</id>
+ <text>APIs, file formats and protocols might (and usually should) be semanticly versioned independently from the implementation.</text>
+ <note>In such case, there should be a table documenting which API/format/protocol version matches which implementation version.</note>
+ </item>
+ <item>
+ <id>dacb98cc-b558-4f0e-942d-e12004e45606</id>
+ <text>The branching model in the version control system should reflect the semantic versioning.</text>
+ <text>The released version e.g. 2.3.1 should be tagged as v2.3.1 and be placed in the v_2.3 branch.</text>
+ <text>Where the v_2.3 branch was forked from the v_2 branch – from the v2.3 tag.</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <!-- TODO: rename this chapter? this is also compatibility „with others“ Or merge with previous one-->
+ <name>Compatible with itself</name>
+ <id>d626bb57-a20a-4182-a88a-446e901e9de4</id>
+ <item>
+ <id>a9852300-c59a-4bda-86a1-3a90d2ee1b74</id>
+ <text>Focus on backward compatibility. Newer version should work as a drop-in replacement.</text>
+ </item>
+ <item>
+ <id>f9b07d6c-da34-4971-8a92-a50b3e9f80ff</id>
+ <text>Do not break things – rather postpone the release date than deliver a faulty product.</text>
+ </item>
+ <item>
+ <id>ae33d206-4988-44ec-b8e2-3120019fcf2f</id>
+ <text>Do not remove features unless they are really obsolete, unused or unrepairably broken.</text>
+ </item>
+ <item>
+ <id>c542336a-fce8-412c-a8dd-1328c1a884ec</id>
+ <text>The user interface might be simplified or redesigned while preserving the features under the hood.</text>
+ </item>
+ <item>
+ <id>ba8fecf0-5c02-4fdf-abdc-2650d428f82a</id>
+ <text>Incompatible changes must be planned and announced in advance. <!--Major/minor/patch numbers must be increased according to the Semantic versioning.--></text>
+ </item>
+ <item>
+ <id>f4826891-e732-45e8-b929-25d1182fa141</id>
+ <text>Upgrade scripts and upgrade documentation must be provided.</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <!-- TODO: rename this chapter to Interfaces? -->
+ <name>Compatible with others</name>
+ <id>d34ce339-197c-44ee-9e5c-6d7e212f8c10</id>
+ <item>
+ <id>be4c72d1-c494-4c44-aeb4-c5847f5a3524</id>
+ <text>use open standards (protocols, formats) if they exist</text>
+ </item>
+ <item>
+ <id>b2202690-8a6c-467f-a2b1-b154f470aa77</id>
+ <text>never extend nor modify existing open protocol/format in the way which effectively creates a proprietary protocol/format</text>
+ </item>
+ <item>
+ <id>dd206223-9525-4229-be2b-84b07c2b8244</id>
+ <text>define and publish own open standards if needed</text>
+ <item>
+ <id>f24d45b0-a07c-45d8-820e-63a3b95ba3f6</id>
+ <text>also standards must be semantically versioned</text>
+ </item>
+ <item>
+ <id>d341b78e-15b9-4077-8b48-9e54c93391ac</id>
+ <text>should be written in machine readable format (WSDL, WADL, ASN.1, XSD, Diameter dictionary, D-Bus etc.) or at least formal language (Backus–Naur Form, EBNF etc.)</text>
+ </item>
+ <item>
+ <id>d61b3e31-bb9f-4333-87c8-9fb32f33a49d</id>
+ <text>also configuration should have machine readable description and should be testable by executing a command</text>
+ </item>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Modular architecture</name>
+ <id>c56e7e86-e480-4a5d-8a47-ab155dcd59b1</id>
+ <item>
+ <id>e50424e8-94f3-48aa-bf01-0ba984eb2349</id>
+ <text>larger and multi-purpose software should be divided into smaller modules</text>
+ </item>
+ <item>
+ <id>e752efae-75c9-4620-aa14-65c4949a3609</id>
+ <text>modules must have defined dependencies (less = better)</text>
+ </item>
+ <item>
+ <id>e9988ed0-d686-41a0-9f1e-3243ac5235d5</id>
+ <text>particular modules should be compilable and executable separately</text>
+ </item>
+ <item>
+ <id>ac722cec-0734-4d80-9885-d70a97b6402b</id>
+ <text>whole system should be compilable (buildable) with only selected modules – must not require compilation or even distribution of all modules, if they are not necessary</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Extensible</name>
+ <id>d333af72-b5b5-432f-b564-a008d54a85d1</id>
+ <item>
+ <id>a7bc51ba-9832-4f75-983c-e75dc0801113</id>
+ <text>able to be extended</text>
+ <item>
+ <id>e190f58d-1c16-4198-94d6-fc1a99fa85a0</id>
+ <text>by configuration (RegExp, SQL, XSLT, XPath etc.)</text>
+ </item>
+ <item>
+ <id>fde301e5-6e75-49a4-85c8-a231f6a63036</id>
+ <text>by scripting (Guile, Bash, Python, Lua, ECMA Script etc.)</text>
+ </item>
+ <item>
+ <id>a9c63cea-b9df-4bbd-bec1-84a047514667</id>
+ <text>and/or third-party plugins/modules</text>
+ <item>
+ <id>de7270db-0410-4152-974f-4f0d74ff255b</id>
+ <text>it should be easy to create a third-party module and plug it in an existing system</text>
+ </item>
+ <item>
+ <id>fb4b07d1-6af7-44d9-8e6a-89ea63638652</id>
+ <text>dependencies needed to write an extension (i.e. header files, API classes/interfaces) should be as small as possible (do not require large codebase to write a mere plug-in); the required dependency should contain just interfaces (method/function signatures) and data structures but no implementation (executable code)</text>
+ </item>
+ </item>
+ </item>
+ <item>
+ <id>e41134a4-715c-4926-a7df-01ff3759eda1</id>
+ <text>there should be public directory of extensions/scripts</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Testable</name>
+ <id>a0376231-d53e-45fd-826f-47148721de3d</id>
+ <item>
+ <id>d95dc118-7473-4f18-8b9e-35830a87b269</id>
+ <text>there should be automated build-time complex tests for the package – feed the program with sample input and verify expected output</text>
+ </item>
+ <item>
+ <id>a9f6725d-ddf1-41ee-96b4-15f3b851cb50</id>
+ <text>there should be also automated runtime/postinstall tests – in order to verify that software was installed properly, all required dependencies are met and basic function is guaranteed – the program should report problem during its start (as a warning if it is not fatal), instead of unexpected failures during operation</text>
+ </item>
+ <item>
+ <id>d610c04b-cc44-48c7-b069-f41b90bdef0f</id>
+ <text>unit tests are recommended for code parts that are internally complex (algorithms, important business logic) and have simple interfaces</text>
+ </item>
+ <item>
+ <id>e85baeda-8fcb-42d1-bb53-d7386a941ae7</id>
+ <text>each external interface should contain procedure/function that does nothing important or heavy, is idempotent and returns simple response which proves that the interface (connection) is working (e.g. echo, print version, status or current time); if authentication and authorization mechanisms are present, there should be one procedure/function callable anonymously and one that requires authorization</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Safe code and sustainability</name>
+ <id>f3afbaf2-0933-43d2-aed0-8dc568b9429f</id>
+ <item>
+ <id>a96206c9-3e69-483d-b575-6bab9dec4a30</id>
+ <text>correctness, safety and readability is prefered to performance</text>
+ </item>
+ <item>
+ <id>d8eba0dd-4305-44b9-80ea-4c38b6dfa633</id>
+ <text>use strong data typing, declare preconditions and possible exceptions</text>
+ </item>
+ <item>
+ <id>ebea0c16-f820-444d-a73c-3054ca6a38c8</id>
+ <text>data structures must be known and well documented – do not use undocumented map keys or properties</text>
+ </item>
+ <item>
+ <id>e24e600e-6542-4664-8cf0-2d8c6feb6c13</id>
+ <text>code, comments and specification should be written in the same natural language</text>
+ </item>
+ <item>
+ <id>fa92aa33-a69f-43b8-9051-9bfdcd3d293f</id>
+ <text>there should be a dictionary of used terms, so whole team and also users and customers will speak the same language</text>
+ </item>
+ <item>
+ <id>b9345a0e-c672-45d3-b93b-8d0fb4ece8b3</id>
+ <text>fail fast – errors in the code should be reported during build time or at least on first execution – do not silently continue if given error would lead to failure later in another part of the code – bad weak coupling leads to difficult debugging</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Small code footprint</name>
+ <id>ba8fbf3a-9254-4dd8-bb77-b0cd4907c6aa</id>
+ <item>
+ <id>f5389468-2f8a-43c8-884a-8df6bc844453</id>
+ <text>less LOC (resp. cyclomatic complexity) = better</text>
+ </item>
+ <item>
+ <id>b6b6c838-be6d-43d5-9f99-2098fa217c54</id>
+ <text>reduce boilerplate and unused code</text>
+ </item>
+ <item>
+ <id>b07fe0f0-2be7-4c1c-9b19-b671269c5e58</id>
+ <text>use code generators (during build process, not to generate code to be manually edited and versioned)</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Sane dependencies</name>
+ <id>afd8f6c7-8dac-4a83-a101-64f017ec7ada</id>
+ <item>
+ <id>c2d5a677-a721-40e3-b560-73afe76fe2b0</id>
+ <text>avoid NIH and reuse code but also avoid dependency hell</text>
+ </item>
+ <item>
+ <id>d214987c-881c-450b-8544-82141866f541</id>
+ <text>know your dependencies, know why they are required</text>
+ </item>
+ <item>
+ <id>c8402612-e136-43b5-9209-f9800d2e94da</id>
+ <text>reduce dependencies to only necessary ones</text>
+ </item>
+ <item>
+ <id>cbeb9a6b-7b64-4452-8caf-246c082a853d</id>
+ <text>depend on small and useful libraries – not on bulky application packages or libraries with large transitive dependencies</text>
+ </item>
+ <item>
+ <id>cbaf55be-8ffb-4109-9c83-083d1b3e793a</id>
+ <text>if dependency on bulky application package is inevitable, add a layer of abstraction – create a generic interface and connector and allow others to replace the bulky package with their own sane implementation</text>
+ </item>
+ <item>
+ <id>d7655989-a5e4-4123-9147-3782fc05a5ee</id>
+ <text>helper tools:</text>
+ <item>
+ <id>a5307bc9-36ed-4d83-963a-30c5c67613aa</id>
+ <text>if you e.g. use Bash and Perl during the build process, do not add also Python dependency, write it in Perl – or use Python instead of Perl.</text>
+ </item>
+ <item>
+ <id>b0237d84-7068-4b2b-bc28-ce5e0a0061e4</id>
+ <text>Or if you use Java as your main language, consider not using Python/Perl for scripting and use Java for it</text>
+ </item>
+ </item>
+ <item>
+ <id>a0f42ec9-5032-4f6d-a50a-4b7bddde77f0</id>
+ <text>if possible, always depend on abstract interfaces, not on particular implementations</text>
+ </item>
+ <item>
+ <id>c5974dcd-4855-40c5-ad22-894c128ca1dc</id>
+ <text>from the whole system point-of-view, Bootstrappable builds should be taken into account</text>
+ <note>see http://bootstrappable.org/</note>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Easily auditable</name>
+ <id>fb0c484b-d97a-4cb4-9b8f-04d386ef0f54</id>
+ <item>
+ <id>aeef6a5c-bafc-4fcf-9b21-5829e8a44c5e</id>
+ <text>small code footprint and minimal dependencies makes it easy to do security audit</text>
+ </item>
+ <item>
+ <id>ab69d352-da68-40c2-a3e1-a8fd5c41ad0a</id>
+ <text>avoid ungrounded refactoring and reformatting – they make mess and noise in the version control system and impede the audit</text>
+ </item>
+ <item>
+ <id>e4db77b8-f145-4e43-bf8b-eb775b9352c8</id>
+ <text>refactoring/reformatting changesets should be separated from substantive changes</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Reproducible builds</name>
+ <id>da6436f7-c352-4d52-915b-02d0d1880e40</id>
+ <item>
+ <id>e5154815-eeae-4664-8883-a29a64eea325</id>
+ <text>builds should be reproducible: same code/version → same binary package</text>
+ </item>
+ <item>
+ <id>a3b0c164-4dde-4e33-b3be-5478d2a187e2</id>
+ <text>if not, it should be documented, why and how build products mihgt differ, and there should be plan/task to make it reproducible</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Trustworthy packages and sources</name>
+ <id>e7ded437-aaa2-475a-9754-0b2d89394b24</id>
+ <item>
+ <id>a0d9322c-7d2b-4632-b543-7e0d75bb5f0b</id>
+ <text>every released version (binary or source) must be cryptographically signed by the authors (GnuPG/OpenPGP is strongly recommended)</text>
+ </item>
+ <item>
+ <id>feb97ec0-c35c-49b8-b455-517a929b4a84</id>
+ <text>there should be also checksums/hashes for every released package</text>
+ </item>
+ <item>
+ <id>ff33e209-0460-4a43-997f-d6b32b73997b</id>
+ <text>if HTTP is supported, HTTPS should also be – the attacker/eavesdropper should not even know what software/package/update is downloaded by the user</text>
+ </item>
+ <item>
+ <id>c1f83b3a-e564-4483-91de-9c08723efd13</id>
+ <text>the attacker should not be able to suppress updates – the program must not be silent in such case and must warn the user that something possibly nasty and dangerous is happening</text>
+ </item>
+ <item>
+ <id>c6a755c9-a54e-4ffb-8f70-bfbd851b93c5</id>
+ <text>releases should be downloadable also (or exclusively) over BitTorrent or other P2P network</text>
+ </item>
+ <item>
+ <id>f9275c3c-2b09-4aec-ac28-76ff827d52ce</id>
+ <text>source code repository must be accessible through an encrypted connection</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Network interactions</name>
+ <id>d3edb71b-8668-4290-a669-19694956e3aa</id>
+ <item>
+ <id>c967092e-09e9-4c68-90bf-aa8cb441f7dc</id>
+ <text>no network connection is needed during build – build must be possible completely offline, all dependencies must be downloadable and documented including secure hashes or better cryptographic signatures</text>
+ </item>
+ <item>
+ <id>b5515d33-1531-4361-8baf-a99ca461e763</id>
+ <text>if dependencies are optionally automatically downloaded during/before build, the packaging system must cryptographically verify that that they are undamaged</text>
+ </item>
+ <item>
+ <id>f700413a-fde1-460c-8633-76985e98007c</id>
+ <text>avoid unwanted network interactions during runtime – no „call home“ or update-checks without user's explicit consent</text>
+ </item>
+ <item>
+ <id>f55c2ebd-c3ba-44f7-ae92-06f679780ec7</id>
+ <text>if any network connection is used, it must be cryptographically secured against MITM attacks</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Localized/internationalized</name>
+ <id>fa655b7c-f22d-4b98-ab7b-c0d0f608aad8</id>
+ <item>
+ <id>ad2f572b-497b-4523-b435-f9752fd1518a</id>
+ <text>is is strongly recommended that it should be possible to localize the user interface independently from the original author by writing a language pack</text>
+ </item>
+ <item>
+ <id>c3827486-6bf5-45c0-9a6d-61ad659d8ba1</id>
+ <text>GNU Gettext or other standard framework (like Java resource bundles) should be used</text>
+ </item>
+ <item>
+ <id>a57f4fc8-1f64-46e2-a91d-3a598c37f2e9</id>
+ <text>error messages should have assigned unique error codes, so it is possible to find relevant information regardless current locale</text>
+ </item>
+ <!-- GEC is recommended for such unique error identifiers -->
+ <item>
+ <id>eba92867-5c1b-45b6-943a-a3fa6ea67e38</id>
+ <text>data formats and protocols must be language/locale independent</text>
+ <item>
+ <id>fee73fee-4940-47ac-84b6-15646f5f61c7</id>
+ <text>e.g. use decimal point instead of comma and no thousand separators for numbers, use standardized date formats</text>
+ </item>
+ <item>
+ <id>f1a00487-ed89-4443-99b5-63ab4c635690</id>
+ <text>in general: everything that is expected to be machine-readable or machine-generated must be independent from current locale</text>
+ </item>
+ </item>
+ <item>
+ <id>e6603e06-0b2c-439e-82ce-45f9744b2ef8</id>
+ <text>character encoding:</text>
+ <item>
+ <id>abd42a7f-bd4b-4034-98ee-85a33094b5c1</id>
+ <text>always be aware of it, do not just blindly use current platform's default (because the other side might run on different platform with different default)</text>
+ </item>
+ <item>
+ <id>abd48eae-d287-4729-80ee-52dd018b0ba7</id>
+ <text>if given software/format/protocol has some default encoding, it must be clearly defined in its specification and this default should not be changed without changing the major version number</text>
+ </item>
+ <item>
+ <id>c9f4d9f4-f959-48ad-bc68-6720dd4596e3</id>
+ <text>if there is no default, the encoding must be specified in the metadata attached (e.g. protocol headers, extended attributes on filesystem) to the actual data or at least at the begining of the data (like declaration in XML format)</text>
+ </item>
+ </item>
+ <item>
+ <id>ce45c382-6ec5-41e8-869a-a0e758621b13</id>
+ <text>the metric system should be used as default</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Communication channels</name>
+ <id>a931dcbb-8043-4e21-838f-8e8122bb8af3</id>
+ <item>
+ <id>fff90688-907e-48eb-a48a-2ae6d6b42f0a</id>
+ <text>use RSS/Atom or other machine readable format for:</text>
+ <item>
+ <id>ce9ffd67-627b-4067-ae34-f56ffbcac972</id>
+ <text>security announcements</text>
+ </item>
+ <item>
+ <id>f4c0b757-1fee-4d6d-8b30-808b4787fb5e</id>
+ <text>new version announcements</text>
+ </item>
+ <item>
+ <id>b17dbc84-4119-4706-acd8-61421a384246</id>
+ <text>infrastructure outage announcements</text>
+ </item>
+ <item>
+ <id>f3063520-5e7a-4aa0-95f6-505775556120</id>
+ <text>blog, documentation, how-tos etc.</text>
+ </item>
+ <item>
+ <id>e2434bd6-c838-479a-a636-f277003ebe7c</id>
+ <text>AFK events (conferences, meetings, hackatons etc.), for calendar data iCal format is strongly recommended</text>
+ </item>
+ </item>
+ <item>
+ <id>e8b18e02-d7b2-4584-8eee-dbaf823f6800</id>
+ <text>mailing list</text>
+ </item>
+ <item>
+ <id>a35328fe-a177-4d6a-a3d2-2cc8fa0cb6f7</id>
+ <text>e-mail/SMTP</text>
+ <item>
+ <id>f40e9a23-b2ca-4052-949e-f4358844f5a2</id>
+ <text>use TLS</text>
+ </item>
+ <item>
+ <id>bc444281-5c76-43a9-b5ef-46306cbb2bf9</id>
+ <text>use DKIM/ADSP</text>
+ </item>
+ <item>
+ <id>a2852409-806f-480c-8700-141ace86f322</id>
+ <text>use signed and encrypted messages (GnuPG or X.509)</text>
+ </item>
+ <item>
+ <id>da2b84bd-a20d-4e76-af14-740a7c9ccfb3</id>
+ <text>avoid spam and viruses, do not spam the users, do not push them to subscribe your „newsletter“ – always offer also anonymous channel like RSS/Atom</text>
+ </item>
+ </item>
+ <item>
+ <id>ec4c92b6-83e5-4051-9aef-fa7d02e292b8</id>
+ <text>Jabber MUC or IRC</text>
+ </item>
+ <item>
+ <id>f50d17bd-701f-45f9-aae4-86bfcf34cd7c</id>
+ <text>discussion forum</text>
+ </item>
+ <item>
+ <id>e746eb5b-8d8b-4ec8-9315-a311f35e156a</id>
+ <text>do not push users to register at a proprietary social networks resp. at particular company like Facebook – users without such account must not be discriminated – use open and decentralized networks/protocols instead</text>
+ </item>
+ <item>
+ <id>a1a3c037-37e3-4283-abab-e275f7d17442</id>
+ <text>Q&A tool + FAQ</text>
+ </item>
+ <item>
+ <id>ff537045-819e-4dec-a020-d2c9f2c3292b</id>
+ <text>there should be a second-level internet domain for the project or its team</text>
+ </item>
+ <item>
+ <id>b54d4978-974b-4743-bdba-7d4957bc9ba7</id>
+ <text>but do not buy an internet domain if you are not prepared to mainain it for decades – rather use third level domain under some reliable second level domain maintained by a credible group or person – think of that every expired domain helps spammers and scammers and hurts the users</text>
+ </item>
+ <item>
+ <id>a1141312-5177-4d68-bb14-fce952d542c3</id>
+ <text>URLs should be as stable as possible (do not break old links, set up redirections if needed)</text>
+ </item>
+ <item>
+ <id>c5b6d3d7-2f1f-4371-acfa-d6af1588c2cb</id>
+ <text>the website must be independent and must contain everything needed – any content (JavaScripts, CSS, fonts, images etc.) downloaded from other domains must not be required to browse/use the website</text>
+ </item>
+ <item>
+ <id>c1d9052d-dfe5-4fce-a82c-d618dc4689fa</id>
+ <text>authors should publish their public keys (GnuPG/OpenPGP or X.509)</text>
+ </item>
+ <item>
+ <id>c89e8699-574c-4b28-9f65-6284d6051f68</id>
+ <text>crpyptographically secured e-mail address or web form for receiving security vulnerabilities report</text>
+ </item>
+ <item>
+ <id>b6cf8d5f-0fc9-46f7-8e38-8342a1229037</id>
+ <text>every security incident must be clearly documented and investigated – do not obscure it</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Accept contributions</name>
+ <id>eae0f528-a5ce-4809-a25d-9f9ab6311f3d</id>
+ <item>
+ <id>efae935b-fef1-4bbd-a2c5-e12048524e35</id>
+ <text>good quality code contributions with appropriate copyright and patent licenses or assignments should be accepted from anyone</text>
+ </item>
+ <item>
+ <id>ea429f77-44db-4eb4-9925-0d28f9abf47a</id>
+ <text>the „good quality code“ is defined by the project and might involve code style, idioms, design patterns, software architecture, required tests, documentation etc.</text>
+ </item>
+ <item>
+ <id>b0022cea-4caf-4663-ae24-5fc5da31333b</id>
+ <text>such requirements and rules should be available to the contributor before he begins; however (especially smaller) projects might communicate such code quality requirements and provide consultations and guidance during the contribution</text>
+ </item>
+ <item>
+ <id>ea4a8d23-b2df-42eb-84ae-7687d35838c8</id>
+ <text>in order to contribute, it must not be required:</text>
+ <item>
+ <id>da7dabf6-f2d8-43bc-8121-6e4527eaa691</id>
+ <text>to have an account on any particular third party service like particular e-mail or hosting provider</text>
+ </item>
+ <item>
+ <id>dfd6a77f-7c4a-430a-8199-8ea71ec7ee8c</id>
+ <text>to sign a contract (which includes accepting „Terms and conditions“) with any particular third party (e.g. source code hosting provider)</text>
+ </item>
+ <item>
+ <id>af6a589f-d419-483f-b7b2-07b6e9da3924</id>
+ <text>to sign any political, religious or other proclamation or agree with it</text>
+ </item>
+ </item>
+ <item>
+ <id>b4319392-8d6a-4f07-8a94-7ae2ed97c787</id>
+ <text>in order to contribute, it might be required:</text>
+ <item>
+ <id>f9f52f2f-b057-4a2f-9131-682fac54c853</id>
+ <text>to have an e-mail address (but not at particular domain)</text>
+ </item>
+ <item>
+ <id>ef9e64cc-90b0-4002-ab5a-a1135332c7fe</id>
+ <text>or use similar decentralized technology which has open standard and free software implementations</text>
+ </item>
+ <item>
+ <id>d7a94eba-efd6-471f-9c32-6ee9d3b8ab29</id>
+ <text>to assign the copyright to the project and grant a free license for all patents relevant to the contribution</text>
+ </item>
+ </item>
+ <item>
+ <id>e394c792-8294-4f15-a356-89cd0a7aa255</id>
+ <text>the project should record all accepted contributions and maintain a public list of all authors/contributors</text>
+ </item>
+ <item>
+ <id>b5a128a2-31d9-49df-890c-59a770f7afa9</id>
+ <text>the contributor must not loose the right to use or distribute the contributed code under any license (of his choice)</text>
+ </item>
+ </chapter>
+
+ <chapter>
+ <name>Open development – has public:</name>
+ <id>b704bc25-d3c1-4481-98bf-54455c507f37</id>
+ <item>
+ <id>fed07648-106a-4b7c-9026-509c82109448</id>
+ <text>source code repository (versioning system), not just source code snapshots of released versions</text>
+ </item>
+ <item>
+ <id>d9934675-abbd-418f-abf6-dfeaaea6a544</id>
+ <text>description of the process of accepting external patches</text>
+ </item>
+ <item>
+ <id>e6d2175a-97ff-4fd5-9bc1-a3914c6dd719</id>
+ <text>feature/bug tracking system</text>
+ </item>
+ <item>
+ <id>ae430fee-4850-453f-9382-282d7eed27a4</id>
+ <text>plan of supported versions/branches</text>
+ </item>
+ </chapter>
+</manifesto>