Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump QD to 3 and some minor style fixes #19

Merged
merged 5 commits into from Jul 2, 2020
Merged

Bump QD to 3 and some minor style fixes #19

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
79b5bc4
Bump QD to 3 and some minor fixed
ahcorde Jun 25, 2020
e90d8c1
Added feedback
ahcorde Jun 26, 2020
850dcdd
sentences on separate lines to help minimize diffs
ahcorde Jun 29, 2020
3975ee5
Added feddback
ahcorde Jun 29, 2020
d118ef9
Added feedback
ahcorde Jun 29, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
14 changes: 6 additions & 8 deletions QUALITY_DECLARATION.md
View file
Open in desktop
@@ -1,8 +1,8 @@
This document is a declaration of software quality for the `libyaml_vendor` package, based on the guidelines in [REP-2004](https://github.com/ros-infrastructure/rep/blob/rep-2004/rep-2004.rst).

# `libyaml_vendor` Quality Declaration
# libyaml_vendor Quality Declaration

The package `libyaml_vendor` claims to be in the **Quality Level 4** category.
The package `libyaml_vendor` claims to be in the **Quality Level 3** category.

Below are the rationales, notes, and caveats for this claim, organized by each requirement listed in the [Package Quality Categories in REP-2004](https://index.ros.org/doc/ros2/Contributing/Developer-Guide/#package-quality-categories) of the ROS2 developer guide.

Expand Down Expand Up @@ -98,7 +98,7 @@ Currently nightly test results can be seen here:

### Direct Runtime non-ROS Dependency [5.iii]

`libyaml_vendor` depends directly on the external dependency `libyaml`, which is qualified as quality level 4 in its [Quality Declaration](./libyaml_Q_DECLARATION.md).
`libyaml_vendor` depends directly on the external dependency `libyaml`, which is qualified as quality level 3 in its [Quality Declaration](./libyaml_Q_DECLARATION.md).
ahcorde marked this conversation as resolved.
Show resolved Hide resolved

## Platform Support [6]

Expand Down Expand Up @@ -151,10 +151,8 @@ The chart below compares the requirements in the REP-2004 with the current state
|6| Platform support | --- |
|6.i| Support targets Tier1 ROS platforms| ✓ |
|7| Security | --- |
|7.i| Vulnerability Disclosure Policy | |
|7.i| Vulnerability Disclosure Policy | |

Comparing this table with the [Quality Level Comparison Chart of REP2004](https://github.com/ros-infrastructure/rep/blob/master/rep-2004.rst#quality-level-comparison-chart) lead us to decide that this package qualifies to Quality Level 4.
Comparing this table with the [Quality Level Comparison Chart of REP2004](https://github.com/ros-infrastructure/rep/blob/master/rep-2004.rst#quality-level-comparison-chart) lead us to decide that this package qualifies to Quality Level 3.

To reach Quality level 2, adding a Vulnerability Disclosure will be needed.

`libyaml_vendor` is limited by the quality level of the upstream dependency spdlog. In order to reach higher quality levels, the issues limiting `libyaml` will either need to be addressed by `libyaml` itself, or through adequate quality control measures in this package.
`libyaml_vendor` is limited by the quality level of the upstream dependency libyaml. In order to reach higher quality levels, the issues limiting `libyaml` will either need to be addressed by `libyaml` itself, or through adequate quality control measures in this package.
43 changes: 23 additions & 20 deletions libyaml_q_declaration.md
View file
Open in desktop
Expand Up @@ -10,9 +10,9 @@ The `libyaml` meets the basic requirements for a software platform in terms of t

Even if the library does not provide an API/ABI policy targeting the desired use of the library, the fact that it deals with the YAML standard and this one hasn’t changed since 2009, allows us to infer that the functionality needed for the ROS core from this library is not going to be changed.

There is no explicit support for any OS platform, however their [Github repository](https://github.com/yaml/libyaml) installation appears to be targeting Linux. The first version of this library was developed in 2006, and it is used widely. There is no explicit metric of how much the library is used, but the equivalent library for Python, developed by the same organization is required for at least 150k repositories (According to [Github metrics](https://github.com/yaml/pyyaml/network/dependents?package_id=UGFja2FnZS01MjUyMjEzNQ%3D%3D)) and the `libyaml` library is used for some optional fast functionality. The [safe_yaml](https://rubygems.org/gems/safe_yaml) ruby gem has over 80million downloads and one of its implementations uses `libyaml` through psych. It is also used in the [Go-yaml project](https://github.com/go-yaml/yaml), the project supporting Yaml in the Go language.
There is no explicit support for any OS platform, however their [Github repository](https://github.com/yaml/libyaml) installation appears to be targeting Linux. The first version of this library was developed in 2006, and it is used widely. There is no explicit metric of how much the library is used, but the equivalent library for Python, developed by the same organization is required for at least 150k repositories (According to [Github metrics](https://github.com/yaml/pyyaml/network/dependents?package_id=UGFja2FnZS01MjUyMjEzNQ%3D%3D)) and the `libyaml` library is used for some optional fast functionality. The [safe_yaml](https://rubygems.org/gems/safe_yaml) ruby gem has over 80million downloads and one of its implementations uses `libyaml` through psych. It is also used in the [Go-yaml project](https://github.com/go-yaml/yaml), the project supporting YAML in the Go language.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While you're editing this paragraph, could you switch it to use one sentence per line so that new PRs can have easier to read diffs? I honestly can't tell what changed with a quick glance.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For cases like this one in particular, I use the "show rich diff" option within Github, and that highlights the changes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed Yaml -> YAML


Considering the previously mentioned reasons, we consider this library to be robust and reliable. In terms of ROS2 package metrics to be Quality Level 4.
Considering the previously mentioned reasons, we consider this library to be robust and reliable. In terms of ROS2 package metrics to be Quality Level 3.

Even though `libyaml` by itself will not likely reach the equivalent level of quality as Quality Level 1, there are steps that can be taken by ROS contributors to ensure that its incorporation into ROS packages can provide the equivalent level of quality.

Expand All @@ -27,37 +27,37 @@ ROS contributors will need to conduct coverage tests to identify the remaining A
It is not stated if the library supports any kind of version policy.

### Version Stability [1.ii]
Current version of `libyaml` in [its repository](https://github.com/yaml/libyaml) is 0.24, however, for the purposes of ROS2 Quality Level analysis, the imported version of `libyaml` through the `libyaml_vendor` package is fixed to the 0.18 version.

Current version of `libyaml` in [its repository](https://github.com/yaml/libyaml) is 0.24, however, for the purposes of ROS2 Quality Level analysis, the imported version of `libyaml` through the `libyaml_vendor` package is fixed to the 0.18 version.

### Public API Declaration [1.iii]

As a C library, elements available in its `yaml.h` are considered to be their public API.

### API Stability Policy [1.iv]

There is no policy for API stability. This is not a problem because the `libyaml_vendor` package importing the `libyaml dependency` is using a fixed version, in this case, the [0.18](https://github.com/yaml/libyaml/tree/release-0.1.8)

### ABI Stability Policy [1.v]

There is no policy for ABI stability. This is not a problem because the `libyaml_vendor` package importing the `libyaml` dependency is using a fixed version, in this case, the [0.18](https://github.com/yaml/libyaml/tree/release-0.1.8)

### ABI and ABI Stability Within a Released ROS Distribution [1.vi]

There is not a direct correlation between the `libyaml` releases and the ROS distributions, however this is not a problem because the `libyaml_vendor` package importing the `libyaml` dependency is using a fixed version, in this case, the [0.18](https://github.com/yaml/libyaml/tree/release-0.1.8)

## Change Control Process [2]

### Change Requests [2.i]

Checking through the commits history, it can be seen is not the case.

### Contributor Origin [2.ii]

Does not have it (or it does not seem like it’s the case).

### Peer Review Policy [2.iii]

Seems to be followed for pull requests on the Github repository, but as not all code changes occur through change requests, this can not be confirmed for these changes.

### Continuous Integration [2.iv]
Expand All @@ -71,19 +71,19 @@ Not available.
## Documentation [3]

### Feature Documentation [3.i]

Provided [doxygen documentation](https://github.com/yaml/libyaml/tree/master/doc) for the whole project. It is not provided as a document, it has to be built separately when downloading.

### Public API Documentation [3.ii]

Yes, doxygen documentation is available for library .h headers.

### License [3.iii]

MIT license declared for the repository, it can be found [here](https://github.com/yaml/libyaml/blob/master/LICENSE).

### Copyright Statements [3.iv]

Is not available.

### Quality Declaration [3.v]
Expand All @@ -93,38 +93,41 @@ This document represents the Quality Declaration document for the `libyaml` ROS
## Testing [4]

### Feature Testing [4.i]

Tests provided to cover the expected usage of the library, for the version of the library used can be found [here](https://github.com/yaml/libyaml/tree/release-0.1.8/tests).

### Public API Testing [4.ii]

Not clear without coverage results to check if all the API is covered.

### Coverage [4.iii]

Code coverage and internal policies are not public, if any.

### Performance [4.iv]

Performance tests, and performance regression policy are not public, if any.

### Linters and Static Analysis [4.v]

Not available publicly, if any.

## Dependencies [5]

### Direct Runtime ROS Dependencies [5.i]

The `libyaml` library does not add additional dependencies, it only requires C++ standard libraries to be built and used.

### Optional Direct Runtime ROS Dependencies [5.ii]

Does not apply for external dependencies.

### Direct Runtime non-ROS Dependency [5.iii]

This library does not have external dependencies.

## Platform Support [6]

This library does not state support for any specific platform.

## Security [7]
Expand Down