Versions Compared

Old Version 11

changes.mady.by.user Naoto YAMAGUCHI

Saved on

compared with

New Version 12

changes.mady.by.user Naoto YAMAGUCHI

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

No.RequirementExampleReq. Level
1Defining the coding rule or guideline

https://www.kernel.org/doc/html/latest/process/coding-style.html

https://www.gnu.org/prep/standards/standards.html

https://systemd.io/CODING_STYLE/

Must
2Defining the contribution rule

https://www.kernel.org/doc/html/latest/process/code-of-conduct-interpretation.html

https://gcc.gnu.org/contribute.html

https://systemd.io/CONTRIBUTING/

Must

3

Have a versioning and stable release.

https://www.gnu.org/software/libc/

https://github.com/openssl/openssl/releases

https://github.com/wayland-project/weston/releases

Must
4Providing a change logs.

https://sourceware.org/legacy-ml/libc-announce/2020/msg00001.html

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.54

Must
5Have a bug tracking system or other bug report and fix solution such as active mailing list, github issue, etc..

https://lkml.org/

https://github.com/systemd/systemd/issues

https://bugzilla.redhat.com/

ShallShould
6Have and maintain a test suite.

https://github.com/linux-test-project/ltp

https://github.com/systemd/systemd/tree/master/test

https://wiki.musl-libc.org/libc-test.html

ShallShould
7Used in popular distributions such as RHEL, SUSE, Ubuntu, Debian.
ShallShould

8

More than 2 active contributors.https://www.openhub.net/explore/projectsShallShould

9

Including OIN(Open Invention Network) packages listhttps://www.openinventionnetwork.com/joining-oin/linux-system/linux-system-table/?cat_id=15&type=tableRecommend




...

1st step is analyzing for history of code quality using static analysis tool.  Has a serious bug been fixed with the minor version up?  When major version up is made, how many new serious bugs increase this OSS?
This analysis cannot be based on the number of bug fix.  It need to use a static analysis tool to analyze the unfixed bugs.

These OSS must pass on these check items. Qualification point: TBD.

  • Outstanding defect per component.
  • Outstanding vs fixed defect over period time.
  • High and medium impact outstanding defect per category.

Ref.  https://scan.coverity.com/projects/gnu-c-library-glibcnot include "must fix" error from static analysis tool.

Note. The validity of the version used by that OSS, including CVE checks, will be checked in the next phase. 

TO J.S.
Could you make a comparison both coverity and the OSS tool (clang) in this criteria.

Coverity vs OSS tool (clang) in architecture phase criteria

5. Requirement matching

All requirements assigned to the OSS must be met.

...