WIP: Coding standards #17
|
@ -0,0 +1,46 @@
|
|||
# Coding Standards
|
||||
|
||||
These are our opinionated code security and quality standards we use internally at Distrust, and expect from all contractors and vendors.
|
||||
|
||||
## General Guidelines
|
||||
|
||||
## First party Code
|
||||
|
||||
TBD
|
||||
|
||||
## Third Party Code
|
||||
|
||||
Use the following rationale as guidelines to decide when and how to use third party dependencies
|
||||
|
||||
```
|
||||
flowchart TD
|
||||
A[Can it be done with the standard Library in under ~10k easily readable lines?]
|
||||
A --> D{No} --> E
|
||||
A --> B{Yes} --> C
|
||||
|
||||
E[Can it be done with a library used in the official interpreter or compiler?]
|
||||
E --> F{Yes} --> X
|
||||
E --> G{No} --> I
|
||||
|
||||
I[Does a widely used, well vetted, well reviewed, and well maintained library with exist?]
|
||||
I --> J{Yes} --> X
|
||||
I --> K{No} --> L
|
||||
|
||||
L[Is this a cryptography or security sensitive use case?]
|
||||
L --> M{No} --> O
|
||||
L --> N{Yes} --> P[Review by yourself and pay for reputable external security audit] --> X
|
||||
|
||||
O[Does -any- suitible library exist small enough for you to review yourself?]
|
||||
O --> Q{No} --> C
|
||||
O --> R{Yes} --> S[Review by yourself and by a peer] --> X
|
||||
|
||||
C[Write it yourself]
|
||||
|
||||
X[Document rationale and use library at specific version we have reason to trust]
|
||||
```
|
||||
|
||||
## Language Guidelines
|
||||
|
||||
### Rust
|
||||
|
||||
TBD
|
Loading…
Reference in New Issue