opentelemetry-cpp icon indicating copy to clipboard operation
opentelemetry-cpp copied to clipboard

Published 20 hours ago verified publisher icon open-telemetry

[DOC] Guidelines for new software dependencies

Open marcalff opened this issue 1 year ago • 1 comments
trafficstars

In the context of #2481, opentelemetry-cpp needs to have more dependencies, to a yaml parser in this case.

This raises the question on how to select a given package, and the acceptance criteria the package will need to meet to be considered.

Below is a preliminary list of requirements, the goal of this issue is to discuss them, and finalize a check list, which can help the next time another package is needed.

Proposed:

  • License

    • MUST be opensource
    • MUST be compatible with opentelemetry-cpp licensing
      • This raises the question of which licenses are compatible with Apache V2.
      • Some help and guidelines from opentelemetry in general, to name acceptable licenses, will be useful.

  • Nested dependencies

    • If a package has further dependencies, especially mandatory, all the dependencies must be also meet the requirements listed here.

  • Supported platforms

    • In general, all the platforms opentelemetry-cpp supports must be supported as well
    • Special cases (for example, provide a CURL replacement on Windows) are possible depending on context.

  • Supported build frameworks

    • CMake
    • Bazel

  • Documentation

  • Actually maintained

    • The package should have regular releases, and show a good track record of fixing bugs and/or accepting fixes
    • This part is subjective

  • Community adoption

    • This helps stability
    • This helps to find contributors with knowledge of the package

  • Stable

    • This is critical for dependencies added in the opentelemetry-cpp runtime.
    • This part is subjective

  • Secure

    • No known vulnerabilities
    • Good track record of fixing vulnerabilities
    • Small attack surface

  • Technical requirements

    • Performance
    • CPU/memory consumption

In practice for a yaml parser in C++:

  • There are not so many choices
  • Proceeding by elimination currently:
    • I know which parser not to use
    • Hoping to find a good candidate what passes all the checks

marcalff avatar Feb 23 '24 22:02 marcalff

Few more:

  • Stability, Maintenance, Community adoption,
  • Performance.
  • Build support if required (CMake, Bazel).
  • Documentation

lalitb avatar Feb 23 '24 22:02 lalitb

Moving to a discussion

marcalff avatar Mar 28 '24 08:03 marcalff