key
key copied to clipboard
KeYProject
Discussing: Requirements of bestpractises.dev
I am currently going through bestpractises.dev for KeY. This is a site with best practises for open source projects.
Our current status:
I want to use this issue to discuss possible changes inspired by the checklist.
We should provide some information about confidential information.
If private vulnerability reports are supported, the project MUST include how to send the information in a way that is kept private. (URL required) [vulnerability_report_private] Examples include a private defect report submitted on the web using HTTPS (TLS) or an email encrypted using OpenPGP. If vulnerability reports are always public (so there are never private vulnerability reports), choose "not applicable" (N/A).
I think, the only confidential information may be the filenames and the username (in a proof file) on submitting a bug report. Does Send Feedback adds any information? @mattulbrich
We need to write down a few lines on testing policy of new functionality.
- The project MUST have a general policy (formal or not) that as major new functionality is added to the software produced by the project, tests of that functionality should be added to an automated test suite. [test_policy]
- The project MUST have evidence that the test_policy for adding tests has been adhered to in the most recent major changes to the software produced by the project. [tests_are_added] Major functionality would typically be mentioned in the release notes. Perfection is not required, merely evidence that tests are typically being added in practice to the automated test suite when new major functionality is added to the software produced by the project. Tests are added justification It is SUGGESTED that this policy on adding tests (see test_policy) be documented in the instructions for change proposals. [tests_documented_added]
