Skip to content

Open-source checklist #44

Description

@thomas-samoht

Open-source checklist

Before making any updates to a public project repository, ensure that all necessary steps are taken to maintain code integrity, licensing compliance, and documentation accuracy. Use this checklist as a guide, and provide the necessary information:

Which open source variant is selected (see the open source policy for details about the variants)?

  • Completely open (including backlog and issues)
  • Publication per production release tag
  • Publication afterwards with complete history of commits
  • Publication afterwards with only tagged releases
  • Manual publication at specific moments or intervals

Policy is that we work completely open or with automatic publication. So when you select manual publication, please add an explanation.

  • Publication proces: Check if the publication proces as described in the open source policy has been followed.
  • Update Documentation: Review and update project documentation to reflect any changes made in the codebase.
  • Sanity check the code and commits: Perform a thorough review of the code and commits to ensure consistency and correctness.
  • Check license file(s) and correct if needed: Check the license file(s) associated with the project and make corrections if necessary to ensure compliance.

- [ ] Code review by security team: Request a code review by the security team to identify and address any potential security vulnerabilities Aanvraag. Include the security test results.
Geen pentest benodigd; broncode van private naar public -> alleen bij releasen software van toepassing.
Geen IBMF approval benodigd i.v.m. open-werken.

  • Readme check: Verify the Readme file for completeness and clarity, ensuring it provides necessary information for users and contributors.
    • Readability (use of domain terminology): Evaluate the readability of the code, ensuring the consistent use of domain-specific terminology.
    • Functionality Test: Verify that the application functions correctly by testing its functionality. Include the test rapport Test Report.
    • DCO (Developer Certificate of Origin): Verify that DCO is used for this repository and explained in the Readme.

- [ ] Publiccode.yml Add a publiccode.yml file for discoverability and reuse.
Dit is geen product dus dit is n.v.t.

  • Dependency Review: Conduct a review of external code dependencies to ensure quality and security standards are met.
  • Determine repository synchronisation scheme: Determine the synchronization scheme for the repository, whether with full history or only tagged releases, to align with project requirements.
  • Create Public Repository: Establish a public repository for the project, implementing necessary branch protection measures.
  • Get written approval: Obtain written approval from the product owner and Informatiebeveiliging Management Forum (IBMF).
    • Product owner
    • IBMF, add screenshot of checklist and explanation of any unchecked or striked out items.
  • Update GitHub Actions: Adjust GitHub Actions configurations to eliminate the use of organization or repository secrets for enhanced security.
  • Configuration for Public Use: Configure the repository to be accessible and usable by the public, ensuring appropriate settings are in place.
  • Celebrate: Acknowledge the successful completion of the update process with a celebratory gesture.

🎉 Let's celebrate the progress! 🎉

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions