Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleChange Control

Change Control (9 Points) 

(Result/Proof point (column A: enter Met/Unmet; Column B: enter relevant URLs/comments)


Project ASMO
CriteriaResult / Proof point 

Public version-controlled source repository

The project MUST have a version-controlled source repository that is publicly readable and has a URL.

The project's source repository MUST track what changes were made, who made the changes, and when the changes were made.

To enable collaborative review, the project's source repository MUST include interim versions for review between releases; it MUST NOT include only final releases.

It is SUGGESTED that common distributed version control software be used (e.g., git) for the project's source repository.

Unique version numbering

The project results MUST have a unique version identifier for each release intended to be used by users

It is SUGGESTED that the Semantic Versioning (SemVer) format be used for releases.

It is SUGGESTED that projects identify each release within their version control system. For example, it is SUGGESTED that those using git identify each release using git tags. 

Met

https://gerrit.o-ran-sc.org/r/admin/repos/smo

A1: https://gerrit.o-ran-sc.org/r/admin/repos/smo/a1

App: https://gerrit.o-ran-sc.org/r/admin/repos/smo/app

O1: https://gerrit.o-ran-sc.org/r/admin/repos/smo/o1

O2: https://gerrit.o-ran-sc.org/r/admin/repos/smo/o2

VES: https://gerrit.o-ran-sc.org/r/admin/repos/smo/ves

The project's source repository MUST track what changes were made, who made the changes, and when the changes were made.

Met

https://gerrit.o-ran-sc.org/r/admin/repos/smo

A1: https://gerrit.o-ran-sc.org/r/admin/repos/smo/a1

App: https://gerrit.o-ran-sc.org/r/admin/repos/smo/app

O1: https://gerrit.o-ran-sc.org/r/admin/repos/smo/o1

O2: https://gerrit.o-ran-sc.org/r/admin/repos/smo/o2

VES: https://gerrit.o-ran-sc.org/r/admin/repos/smo/ves

To enable collaborative review, the project's source repository MUST include interim versions for review between releases; it MUST NOT include only final releases.

Met

https://gerrit.o-ran-sc.org/r/admin/repos/smo

A1: https://gerrit.o-ran-sc.org/r/admin/repos/smo/a1

App: https://gerrit.o-ran-sc.org/r/admin/repos/smo/app

O1: https://gerrit.o-ran-sc.org/r/admin/repos/smo/o1

O2: https://gerrit.o-ran-sc.org/r/admin/repos/smo/o2

VES: https://gerrit.o-ran-sc.org/r/admin/repos/smo/ves

It is SUGGESTED that common distributed version control software be used (e.g., git) for the project's source repository.

Met

https://gerrit.o-ran-sc.org/r/admin/repos/smo

A1: https://gerrit.o-ran-sc.org/r/admin/repos/smo/a1

App: https://gerrit.o-ran-sc.org/r/admin/repos/smo/app

O1: https://gerrit.o-ran-sc.org/r/admin/repos/smo/o1

O2: https://gerrit.o-ran-sc.org/r/admin/repos/smo/o2

VES: https://gerrit.o-ran-sc.org/r/admin/repos/smo/ves

Unique version numbering



The project results MUST have a unique version identifier for each release intended to be used by users

MetAs can be seen in OSC repositories https://nexus3.o-ran-sc.org/  (LF sign-in required to browse)
  • Maven
  • Docker

It is SUGGESTED that the Semantic Versioning (SemVer) format be used for releases.

MetAs can be seen in OSC repositories https://nexus3.o-ran-sc.org/  (LF sign-in required to browse)
  • Maven
  • Docker

Also seen in Release notes:

It is SUGGESTED that projects identify each release within their version control system. For example, it is SUGGESTED that those using git identify each release using git tags. 

Met

https://gerrit.o-ran-sc.org/r/admin/repos/smo

A1: https://gerrit.o-ran-sc.org/r/admin/repos/smo/a1

App: https://gerrit.o-ran-sc.org/r/admin/repos/smo/app

O1: https://gerrit.o-ran-sc.org/r/admin/repos/smo/o1

O2: https://gerrit.o-ran-sc.org/r/admin/repos/smo/o2

VES: https://gerrit.o-ran-sc.org/r/admin/repos/smo/ves

Release notes

The project MUST provide, in each release, release notes that are a human-readable summary of major changes in that release to help users determine if they should upgrade and what the upgrade impact will be. The release notes MUST NOT be the raw output of a version control log (e.g., the "git log" command results are not release notes). Projects whose results are not intended for reuse in multiple locations (such as the software for a single website or service) AND employ continuous delivery MAY select "N/A". (URL required) 

Unmet

The release notes MUST identify every publicly known vulnerability with a CVE assignment or similar that is fixed in each new release, unless users typically cannot practically update the software themselves. If there are no release notes or there have been no publicly known vulnerabilities, choose "not applicable" (N/A).

UnmetN/A



Expand
titleReporting

Reporting (8 Points) 

(Result/Proof point (column A: enter Met/Unmet; Column B: enter relevant URLs/comments)


Project ASMO
CriteriaResult / Proof point 

Bug-reporting process

The project MUST provide a process for users to submit bug reports (e.g., using an issue tracker or a mailing list). (URL required) 

The project SHOULD use an issue tracker for tracking individual issues.

The project MUST acknowledge a majority of bug reports submitted in the last 2-12 months (inclusive); the response need not include a fix.

The project SHOULD respond to a majority (>50%) of enhancement requests in the last 2-12 months (inclusive).

The project MUST have a publicly available archive for reports and responses for later searching. (URL required)

Vulnerability report process

The project MUST publish the process for reporting vulnerabilities on the project site. (URL required)

If private vulnerability reports are supported, the project MUST include how to send the information in a way that is kept private. (URL required) 

Examples include a private defect report submitted on the web using HTTPS (TLS) or an email encrypted using OpenPGP. If vulnerability reports are always public (so there are never private vulnerability reports), choose "not applicable" (N/A).



The project's initial response time for any vulnerability report received in the last 6 months MUST be less than or equal to 14 days. 

If there have been no vulnerabilities reported in the last 6 months, choose "not applicable" (N/A).




...