Merge branch 'notes/cicd-package-maintenance' into 'main'
Notes/cicd package maintenance See merge request veilid/veilid!6
This commit is contained in:
commit
c340542754
56
doc/rfc/cicd.future.md
Normal file
56
doc/rfc/cicd.future.md
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
---
|
||||||
|
title: CI/CD Future Planning
|
||||||
|
keywords:
|
||||||
|
- dependencies
|
||||||
|
- cicd
|
||||||
|
- security
|
||||||
|
status: PROPOSAL
|
||||||
|
---
|
||||||
|
|
||||||
|
# CI/CD Future Planning
|
||||||
|
|
||||||
|
## Rationale for this document
|
||||||
|
|
||||||
|
In the coming year, it is the goal of this project to make a public announcment
|
||||||
|
of Veilid. When that occurs, not only will Veilid become available to users and
|
||||||
|
developers globally, it is also likely to become a high-value target for
|
||||||
|
nefarious actors. This means that, as a team, we must be concerned not only with
|
||||||
|
the functionality of the code, but the integrity of the code base and any
|
||||||
|
deployed assets that originate from the core Veilid project.
|
||||||
|
|
||||||
|
In this document I would like to propose some guidelines and processes that can
|
||||||
|
help to minimize the impact of malicious actors upon the core Veilid code base
|
||||||
|
by way of direct commits and/or to its dependencies.
|
||||||
|
|
||||||
|
## Signing
|
||||||
|
|
||||||
|
### Commits
|
||||||
|
|
||||||
|
### Packages
|
||||||
|
|
||||||
|
### PKI
|
||||||
|
|
||||||
|
Some of this work will be toil, but most ought to be automated.
|
||||||
|
|
||||||
|
## Forked Dependencies
|
||||||
|
|
||||||
|
There are a number of dependencies that have been forked to allow us to expand
|
||||||
|
on their capabilities. Some of these forks are hard forks, projects that have
|
||||||
|
diverged enough that the Veilid team will need to continue to maintain them.
|
||||||
|
There are other projects where Veilid changes have been minimal, and where we
|
||||||
|
will want to share our changes upstream.
|
||||||
|
|
||||||
|
There may be a very small number of cases where we will have to maintain patched
|
||||||
|
versions of active projects.
|
||||||
|
|
||||||
|
For the duration of the project, it will be important that we understand which
|
||||||
|
dependencies fall into which categories.
|
||||||
|
|
||||||
|
### Soft forks
|
||||||
|
|
||||||
|
**TODO** _Note which submodules are soft forks and changes can be contributed
|
||||||
|
upstream_
|
||||||
|
|
||||||
|
### Hard forks
|
||||||
|
|
||||||
|
**TODO** _Note which submodules are hard forks and will be maintained by us._
|
Loading…
Reference in New Issue
Block a user