This document is a declaration of software quality for the libyaml external dependency, based on the guidelines in REP-2004.
The libyaml external dependency is a C library for parsing and emitting YAML. It is maintained in the YAML Project GitHub organization together with 115 other repositories. First, a summary discussing how this library is qualified is presented, and then it will be listed how this library matches the standards defined for ROS packages.
The libyaml meets the basic requirements for a software platform in terms of testing its basic functionality, providing a valid license for the code used and a public GitHub repository with the changes made to the code over time.
Even though the library does not provide an API/ABI policy targeting the desired use of the library, the imported version of libyaml through the libyaml_vendor package is fixed to the 0.2.5 version.
This will make the API/ABI stable.
There is no explicit support for any OS platform, however their GitHub repository installation appears to be targeting Linux.
The first version of this library was developed in 2006, and it is used widely.
There is no explicit metric of how much the library is used, but the equivalent library for Python, developed by the same organization is required for at least 150k repositories (According to GitHub metrics).
libyaml library is used for some optional fast functionality.
The safe_yaml ruby gem has over 80 million downloads and one of its implementations uses libyaml through psych.
It is also used in the Go-yaml project, the project supporting YAML in the Go language.
ROS 2 uses this library to load parameters from a file when the arguments are properly used. There are no official tests or code coverage information about this library, but in this case we are only interested in the portion of public API that reads YAML files and we will cover these
tests and coverage in the vendored package. Including specific tests for the libyaml version imported by libyaml_vendor for the tier 1 platforms listed in REP-2000.
Considering the previously mentioned reasons, we consider this library to be robust and reliable and at Quality Level 1.
It is not stated if the library supports any kind of version policy, but the version increases with a new release.
The imported version of libyaml through the libyaml_vendor package is fixed to the 0.2.5 version.
Current version of libyaml in its repository is 0.2.5 and might increase eventually.
However, for the purposes of ROS 2 Quality Level analysis, the imported version of libyaml through the libyaml_vendor package is fixed to the 0.2.5 version.
As a C library, elements available in yaml.h are considered to be the library's public API.
There is no policy for API stability. This is not a problem because the libyaml_vendor package importing the libyaml dependency is using a fixed version, in this case, the 0.2.5.
There is no policy for ABI stability. This is not a problem because the libyaml_vendor package importing the libyaml dependency is using a fixed version, in this case, the 0.2.5.
There is not a direct correlation between the libyaml releases and the ROS distributions, however this is not a problem because the libyaml_vendor package importing the libyaml dependency is using a fixed version, in this case, the 0.2.5
Checking through the commits history, it can be seen is not the case.
Does not have it (or it does not seem like it’s the case).
Seems to be followed for pull requests on the GitHub repository, but as not all code changes occur through change requests, this can not be confirmed for these changes.
libyaml is compiled in the ROS 2 buildfarm for all tier 1 platforms.
Currently nightly results can be seen here:
Not available.
Provided doxygen documentation for the whole project. It is not provided as a document, it has to be built separately when downloading.
Yes, doxygen documentation is available for library here.
MIT license declared for the repository, it can be found here.
Is not available.
This document represents the Quality Declaration document for the libyaml ROS dependency.
Tests provided to cover the expected usage of the library, for the version of the library used can be found here.
Not clear without coverage results to check if all the API is covered.
Code coverage and internal policies are not public, if any.
Performance tests are defined in the vendored package.
Not available publicly, if any.
The libyaml library does not add additional dependencies, it only requires C++ standard libraries to be built and used.
Does not apply for external dependencies.
This library does not have external dependencies.
This library does not state support for any specific platform, but it is built in the ROS 2 buildfarm for all tier 1 platforms:
Currently nightly results can be seen here:
The libyaml library does not have a Vulnerability Disclosure Policy. But for ROS 2's purposes, see the policy defined in the Quality Declaration of the libyaml_vendor package.