provide trustable framework template #27
Conversation
trustable framework needs, eclipse-score/process_description#27 add security tag to the document need Resolves: eclipse-score/score#947
trustable framework needs, eclipse-score/process_description#27 add security tag to the document need Resolves: eclipse-score/score#947
trustable framework needs, eclipse-score/process_description#27 add security tag to the document need Resolves: eclipse-score/score#947
masc2023
force-pushed
the
masc2023_trustable
branch
from
e15e0c7 to
eb28c3b
Compare
|
The created documentation from the pull request is available at: docu-html |
masc2023
force-pushed
the
masc2023_trustable
branch
3 times, most recently
from
ec9e511 to
da19f14
Compare
| XYZ trustable overview | ||
| ---------------------- | ||
|
|
||
| .. needtable:: |
There was a problem hiding this comment.
recommend to have a headline for all of these tables
process/trustable/index.rst
Outdated
| Tenets and Assertions according your project and evidences. | ||
|
|
||
| Especially replace "XYZ" software or SW with the name of your project, e.g. | ||
| "This release of S-CORE is trustable". |
There was a problem hiding this comment.
I do not think we should write this. Rather: This realease of XYZ was analyzed for trustability and reaches a score of ...
| tenets/tenets | ||
| assertions/assertions | ||
|
|
||
| .. tsf:: TRUSTABLE SOFTWARE |
There was a problem hiding this comment.
I do not understand: shouldn't this type and its uses be defined in our metamodel?
There was a problem hiding this comment.
There are defined, otherwise it would not build. But it is used only for the definition here, the projects should use our needs, e.g. component requirements, document to define the evidences and link it to the definitions here
| :status: draft | ||
| :links: tenet__trust__tt-provenance, tenet__trust__tt-construction, tenet__trust__tt-changes, tenet__trust__tt-expectations, tenet__trust__tt-results, tenet__trust__tt-confidence | ||
|
|
||
| This release of XYZ is Trustable. |
process/trustable/index.rst
Outdated
| The algorithm for aggregation may involve weighting of specific Tenets or | ||
| Assertions based on project priorities or experience. | ||
|
|
||
| The graphs below presents statistics: |
There was a problem hiding this comment.
I do not see what these statistics should show.
process/trustable/tenets/tenets.rst
Outdated
|
|
||
| .. tenet:: TT-PROVENANCE | ||
| :id: tenet__trust__tt-provenance | ||
| :status: draft |
There was a problem hiding this comment.
I would not see the need of a status here, because my understanding is that tenets and assertions are static like standards requirements. And to replace "XYZ" with the project name is would not be something I would expect to set these to "valid"
I would rather add a "satisfied" value in percent which would need to be later calculated somehow. Based on the linked workproducts/evidences.
process/trustable/index.rst
Outdated
| consideration of trust must be based on evidence.* | ||
|
|
||
| You can copy the folder and use this as a template to measure your OSS project trust. | ||
| Link your evidences to the Trustable Assertions (TA) and update the content of the |
There was a problem hiding this comment.
as I understand TSF methodology the "Evidences" would be something like written statements("premises") of the project and the "workproducts" would be linked to those. And the tenets and assertions are not modified. See also https://codethinklabs.gitlab.io/trustable/trustable/methodology.html#applying-tsf - second picture
There was a problem hiding this comment.
as I understand TSF methodology the "Evidences" would be something like written statements("premises") of the project and the "workproducts" would be linked to those. And the tenets and assertions are not modified. See also https://codethinklabs.gitlab.io/trustable/trustable/methodology.html#applying-tsf - second picture
I used this as input: https://gitlab.com/richardmaw-codethink/safety-monitor/-/tree/main/trustable?ref_type=heads
Template is based now on sphinx-needs, in contrast to origin used doorstop
masc2023
force-pushed
the
masc2023_trustable
branch
from
da19f14 to
41ad626
Compare
Resolves: eclipse-score/score#1009 Signed-off-by: Philipp Ahmann <[email protected]>
process/trustable/index.rst
Outdated
| You can use these tenets and assertion defined here to measure your OSS project trust score. | ||
| Link your evidences to the Trustable Assertions (TA). |
There was a problem hiding this comment.
| You can use these tenets and assertion defined here to measure your OSS project trust score. | |
| Link your evidences to the Trustable Assertions (TA). | |
| The tenets and assertions defined in the Trustable Software Framework can be used to measure an (OSS) project trust score. | |
| To calculate the score link evidences to the Trustable Assertions (TA). |
There was a problem hiding this comment.
Assertions and tenets are using some "level: x.y.z" identifier in the original sources of Trustable. I guess they may be optional, but at least want to mention this in the review.
| .. | ||
| # ******************************************************************************* | ||
| # Copyright (c) 2025 Contributors to the Eclipse Foundation | ||
| # | ||
| # See the NOTICE file(s) distributed with this work for additional | ||
| # information regarding copyright ownership. | ||
| # | ||
| # This program and the accompanying materials are made available under the | ||
| # terms of the Apache License Version 2.0 which is available at | ||
| # https://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| # ******************************************************************************* | ||
|
|
There was a problem hiding this comment.
You need to be careful here. You are re-using the text and content from Trustable here, but you are changing the original license.
Trustable Software Framework © 2016-25 by Codethink is licensed under Creative
Commons Attribution-ShareAlike 4.0 International. To view a copy of this
license, visit https://creativecommons.org/licenses/by-sa/4.0/ or see the
license text here
The accompanying tools are licensed under Eclipse Public License 2.0,
with support for GPLv2 as a Secondary Clause. See the Eclipse Foundation site
here for more information, or see the
license text here.
See also following links:
https://gitlab.com/CodethinkLabs/trustable/trustable/-/blob/main/LICENCE.md
https://gitlab.com/CodethinkLabs/trustable/trustable/-/blob/main/LICENSE
https://creativecommons.org/licenses/by-sa/4.0/deed.en
The respective SPDX identifier is: CC-BY-SA-4.0
| .. | ||
| # ******************************************************************************* | ||
| # Copyright (c) 2025 Contributors to the Eclipse Foundation | ||
| # | ||
| # See the NOTICE file(s) distributed with this work for additional | ||
| # information regarding copyright ownership. | ||
| # | ||
| # This program and the accompanying materials are made available under the | ||
| # terms of the Apache License Version 2.0 which is available at | ||
| # https://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| # ******************************************************************************* |
There was a problem hiding this comment.
| .. | |
| # ******************************************************************************* | |
| # Copyright (c) 2025 Contributors to the Eclipse Foundation | |
| # | |
| # See the NOTICE file(s) distributed with this work for additional | |
| # information regarding copyright ownership. | |
| # | |
| # This program and the accompanying materials are made available under the | |
| # terms of the Apache License Version 2.0 which is available at | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # ******************************************************************************* | |
| .. SPDX-License-Identifier: CC-BY-SA-4.0 | |
| .. | |
| note:: | |
| This document is based on work by Codethink available at | |
| https://gitlab.com/CodethinkLabs/trustable/trustable. | |
| This modified version is licensed under CC-BY-SA-4.0 | |
| in compliance with the original license. | |
| Changes from original: | |
| - levels have been removed | |
| - separated files are aggregated into a single file | |
| - transferred from markdown to rst | |
| - sphinx-needs meta data is added |
process/trustable/tenets/tenets.rst
Outdated
| .. | ||
| # ******************************************************************************* | ||
| # Copyright (c) 2025 Contributors to the Eclipse Foundation | ||
| # | ||
| # See the NOTICE file(s) distributed with this work for additional | ||
| # information regarding copyright ownership. | ||
| # | ||
| # This program and the accompanying materials are made available under the | ||
| # terms of the Apache License Version 2.0 which is available at | ||
| # https://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| # ******************************************************************************* |
There was a problem hiding this comment.
| .. | |
| # ******************************************************************************* | |
| # Copyright (c) 2025 Contributors to the Eclipse Foundation | |
| # | |
| # See the NOTICE file(s) distributed with this work for additional | |
| # information regarding copyright ownership. | |
| # | |
| # This program and the accompanying materials are made available under the | |
| # terms of the Apache License Version 2.0 which is available at | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # ******************************************************************************* | |
| .. SPDX-License-Identifier: CC-BY-SA-4.0 | |
| .. | |
| note:: | |
| This document is based on work by Codethink available at | |
| https://gitlab.com/CodethinkLabs/trustable/trustable. | |
| This modified version is licensed under CC-BY-SA-4.0 | |
| in compliance with the original license. | |
| Changes from original: | |
| - levels have been removed | |
| - separated files are aggregated into a single file | |
| - transferred from markdown to rst | |
| - sphinx-needs meta data is added |
process/trustable/index.rst
Outdated
| .. | ||
| # ******************************************************************************* | ||
| # Copyright (c) 2025 Contributors to the Eclipse Foundation | ||
| # | ||
| # See the NOTICE file(s) distributed with this work for additional | ||
| # information regarding copyright ownership. | ||
| # | ||
| # This program and the accompanying materials are made available under the | ||
| # terms of the Apache License Version 2.0 which is available at | ||
| # https://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| # ******************************************************************************* |
There was a problem hiding this comment.
| .. | |
| # ******************************************************************************* | |
| # Copyright (c) 2025 Contributors to the Eclipse Foundation | |
| # | |
| # See the NOTICE file(s) distributed with this work for additional | |
| # information regarding copyright ownership. | |
| # | |
| # This program and the accompanying materials are made available under the | |
| # terms of the Apache License Version 2.0 which is available at | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # ******************************************************************************* | |
| .. SPDX-License-Identifier: CC-BY-SA-4.0 | |
| .. | |
| note:: | |
| This document is based on work by Codethink available at | |
| https://gitlab.com/CodethinkLabs/trustable/trustable. | |
| This modified version is licensed under CC-BY-SA-4.0 | |
| in compliance with the original license. | |
| Changes from original: | |
| - two paragraphs were combined to single paragraph | |
| - neutral wording instead of "we" |
Resolves: eclipse-score/score#1009 Signed-off-by: Philipp Ahmann <[email protected]>
Resolves: eclipse-score/score#1009 Signed-off-by: Philipp Ahmann <[email protected]>
|
Currently the copyright check fails as CC-BY-SA-4.0 is not in the list of https://github.com/eclipse-score/tooling/blob/main/cr_checker/resources/templates.ini |
Resolves: eclipse-score/score#1009 Signed-off-by: Philipp Ahmann <[email protected]>
Template is based now on sphinx-needs, in contrast to origin used doorstop
Resolves: eclipse-score/score#1009