From 643192430f22bac9fe2e67eee043d90aa72e4ae4 Mon Sep 17 00:00:00 2001 From: Adam Shamblin Date: Fri, 2 Sep 2022 09:14:51 -0600 Subject: [PATCH] begin cicd rfc --- doc/rfc/cicd.future.md | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 doc/rfc/cicd.future.md diff --git a/doc/rfc/cicd.future.md b/doc/rfc/cicd.future.md new file mode 100644 index 00000000..49a64c93 --- /dev/null +++ b/doc/rfc/cicd.future.md @@ -0,0 +1,40 @@ +--- +title: CI/CD Future Planning +status: PROPOSAL +--- + + +# CI/CD Future Planning + +## Rationale for this document + +In the coming year, it is the goal of this project to make a public announcment +of Veilid. When that occurs, not only will Veilid become available to users and +developers globally, it is also likely to become a high-value target for +nefarious actors. This means that, as a team, we must be concerned not only with +the functionality of the code, but the integrity of the code base and any +deployed assets that originate from the core Veilid project. + +In this document I would like to propose some guidelines and processes that can +help to minimize the impact of malicious actors upon the core Veilid code base +by way of direct commits and/or to its dependencies. + +Some of this work will be toil, but most ought to be automated. + +## Forked Dependencies + +There are a number of dependencies that have been forked to allow us to expand +on their capabilities. Some of these forks are hard forks, projects that have +diverged enough that the Veilid team will need to continue to maintain them. +There are other projects where Veilid changes have been minimal, and where we +will want to share our changes upstream. + +There may be a very small number of cases where we will have to maintain patched +versions of active projects. + +For the duration of the project, it will be important that we understand which +dependencies fall into which categories. + +### Soft forks + +### Hard forks