docs/coding-standards.md

47 lines
1.2 KiB
Markdown

# Coding Standards
These are our opinionated code security and quality standards we use internally at Distrust, and expect from all contractors and vendors.
## General Guidelines
## First party Code
TBD
## Third Party Code
Use the following rationale as guidelines to decide when and how to use third party dependencies
```mermaid
flowchart TD
A[Can it be done with the standard Library in under ~10k easily readable lines?]
A --> D{No} --> E
A --> B{Yes} --> C
E[Can it be done with a library used in the official interpreter or compiler?]
E --> F{Yes} --> X
E --> G{No} --> I
I[Does a widely used, well vetted, well reviewed, and well maintained library with exist?]
I --> J{Yes} --> X
I --> K{No} --> L
L[Is this a cryptography or security sensitive use case?]
L --> M{No} --> O
L --> N{Yes} --> P[Review by yourself and pay for reputable external security audit] --> X
O[Does -any- suitible library exist small enough for you to review yourself?]
O --> Q{No} --> C
O --> R{Yes} --> S[Review by yourself and by a peer] --> X
C[Write it yourself]
X[Document rationale and use library at specific version we have reason to trust]
```
## Language Guidelines
### Rust
TBD