...
| Question | Description | Sample Answer | ||
Basics: IdentificationBasics: PrerequisitesBasics: Project oversightBasics: Other | The questions in these Basics sections will be filled in automatically. Some questions change SHOULDs from previous levels to MUSTs. | |||
| Question | Description | Sample Answer | ||
Change Control: Public version-controlled source repository | ||||
| The project's source repository MUST use a common distributed version control software (e.g., git or mercurial). [repo_distributed] | This question will be filled in automatically from previous levels. | |||
| The project MUST clearly identify small tasks that can be performed by new or casual contributors. (URL required) [small_tasks] | TBD DO WE HAVE POLICIES ON THIS? | |||
| The project MUST require two-factor authentication (2FA) for developers for changing a central repository or accessing sensitive data (such as private vulnerability reports). This 2FA mechanism MAY use mechanisms without cryptographic mechanisms such as SMS, though that is not recommended. [require_2FA] | TBD DO WE HAVE POLICIES ON THIS? | |||
| The project's two-factor authentication (2FA) SHOULD use cryptographic mechanisms to prevent impersonation. Short Message Service (SMS) based 2FA, by itself, does NOT meet this criterion, since it is not encrypted. [secure_2FA] | TBD DO WE HAVE POLICIES ON THIS? | |||
| Question | Description | Sample Answer | ||
Quality: Coding standards | ||||
| The project MUST document its code review requirements, including how code review is conducted, what must be checked, and what is required to be acceptable. (URL required) [code_review_standards] | TBD DO WE HAVE POLICIES ON THIS? | |||
| The project MUST have at least 50% of all proposed modifications reviewed before release by a person other than the author, to determine if it is a worthwhile modification and free of known issues which would argue against its inclusion [two_person_review] | ONAP requires a committer other than the submitter to review each proposed modification. WHERE IS THIS DOCUMENTED? | |||
| Question | Description | Sample Answer | ||
Quality: Working build system | ||||
| The project MUST have a reproducible build. If no building occurs (e.g., scripting languages where the source code is used directly instead of being compiled), select "not applicable" (N/A). (URL required) [build_reproducible] | TBD AFAIK, WE DO NOT CURRENTLY HAVE A POLICY ON THIS | |||
| Question | Description | Sample Answer | ||
Quality: Automated test suite | . . . | These questions will be filled in automatically from previous levels. | ||
| Question | Description | Sample Answer | ||
Security: Use basic good cryptographic practicesSecurity: Secured delivery against man-in-the-middle (MITM) attacksSecurity: Publicly known vulnerabilities fixed | These questions will be filled in automatically from previous levels. | |||
| Question | Description | Sample Answer | ||
Analysis: Dynamic code analysis | Some questions in the Analysis section will be automatically filled in from previous levels. The remaining questions in the Analysis section must be individually answered according to your project. |
...