47 lines
1.2 KiB
Markdown
47 lines
1.2 KiB
Markdown
|
# Coding Standards
|
||
|
|
||
|
These are our opinionated code security and quality standards we use internally at Distrust, and expect from all contractors and vendors.
|
||
|
|
||
|
## General Guidelines
|
||
|
|
||
|
## First party Code
|
||
|
|
||
|
TBD
|
||
|
|
||
|
## Third Party Code
|
||
|
|
||
|
Use the following rationale as guidelines to decide when and how to use third party dependencies
|
||
|
|
||
|
```
|
||
|
flowchart TD
|
||
|
A[Can it be done with the standard Library in under ~10k easily readable lines?]
|
||
|
A --> D{No} --> E
|
||
|
A --> B{Yes} --> C
|
||
|
|
||
|
E[Can it be done with a library used in the official interpreter or compiler?]
|
||
|
E --> F{Yes} --> X
|
||
|
E --> G{No} --> I
|
||
|
|
||
|
I[Does a widely used, well vetted, well reviewed, and well maintained library with exist?]
|
||
|
I --> J{Yes} --> X
|
||
|
I --> K{No} --> L
|
||
|
|
||
|
L[Is this a cryptography or security sensitive use case?]
|
||
|
L --> M{No} --> O
|
||
|
L --> N{Yes} --> P[Review by yourself and pay for reputable external security audit] --> X
|
||
|
|
||
|
O[Does -any- suitible library exist small enough for you to review yourself?]
|
||
|
O --> Q{No} --> C
|
||
|
O --> R{Yes} --> S[Review by yourself and by a peer] --> X
|
||
|
|
||
|
C[Write it yourself]
|
||
|
|
||
|
X[Document rationale and use library at specific version we have reason to trust]
|
||
|
```
|
||
|
|
||
|
## Language Guidelines
|
||
|
|
||
|
### Rust
|
||
|
|
||
|
TBD
|