Commit 0164a2ed authored by T(A)ILS developers's avatar T(A)ILS developers
Browse files

Design draft: merge the "Easing peer review" and "Open-source transparency" sections.

parent 28e2c820
......@@ -435,15 +435,24 @@ and the deep knowledge of this work should be shared between the team
members. Thus the development infrastructure should be thought and
deployed in order to share this knowledge.
### 2.9.3 Open-source transparency
### 2.9.3 Open-source transparency, easing peer review
For the sake of transparency the use of open-source software is
encouraged. Binary blobs should only be used when no good alternatives
exist, which could be the case with certain hardware drivers or driver
firmwares.
Similarly, it is recommended for the PELD itself to be open-source, and
well documented to help security analysis by third-parties.
Having third-parties analyze the PELD security is necessary to ensure
it is working as intended. It is thus recommended for the PELD itself
to be open-source. Moreover decisions with non-trivial implications
should be clearly and publicly documented: such information about what
a PELD implementation intents to achieve and how it does so should be
made available to reviewers.
Third-parties should also be enabled to reproduce a PELD
implementation by building it from the released source code and
publicly available information. The process should yield consistent
results.
### 2.9.4 Easy feedback
......@@ -453,18 +462,6 @@ developers (email, web forum, bug tracker, shipped-within application,
...). Efforts should be made to offer the most anonymous (or at least
pseudonymous) possible way to send this feedback.
### 2.9.5 Easing peer review
Having others than the PELD developers watching their design and
configuration decisions is necessary to ensure it is working as
intended. Choices with non-trivial implications should thus be clearly
documented in a publicly available place,
mentionning what feature this choices intent to implement and
how they do. The source code should also be made easy to find and read,
thus peer reviewing of the code and configurations would be eased. From
this source code, peers should be able to completly build and reproduce
the PELD implementation, and the steps to do so should be easy to find.
# 3 Implementation
T(A)ILS is an implementation of the PELD specification above. It is
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment