Amakhadi okhuseleko: Yintoni kwaye yintoni entsha kuhlobo lwayo olutsha lwe-2.0?
Kwiintsuku ezimbalwa ezidlulileyo a Inguqulelo entsha ka-2.0 ukusuka kwiprojekthi yemithombo evulekileyo ebizwa "Amakhadi okhuseleko", eyiprojekthi eyasungulwa ngoNovemba 2020 nge Uphando kunye Isiseko soKhuseleko soMthombo ovulekileyo (i-OpenSSF).
Ngesi sizathu, kolu shicilelo siza kuphonononga kancinci kule projekthi kunye nayo inguqulelo entsha 2.0, enayo ngoku Uvavanyo oluphuculweyo kunye namandla ukwandisa idatha eyenzelwe uhlalutyo olongezelelweyo.
Kwaye ukusukela, le projekthi iphethe i- I-OpenSSF, Siza kushiya kwangoko ikhonkco lethu Iposi elidlulileyo elidibeneyo ngayo, ukuze kuthi xa kukho imfuneko, abo banomdla wokufunda ngakumbi malunga nesiSiseko basifikelele ngokulula:
"I-Linux Foundation ibhengeze ukusekwa kweprojekthi entsha ebizwa ngokuba "yi-OpenSSF" (iSiseko soKhuseleko soMthombo oVulekileyo) esineenjongo eziphambili zokudibanisa umsebenzi weenkokheli zeshishini kwicandelo lokuphuculwa kwesoftware yekhowudi. Vula. Ngale nto, i-OpenSSF izakuqhubeka nokuphuhlisa amanyathelo afana neLinge leZiseko zoPhuhliso kunye noManyano loKhuseleko loMthombo oVulekileyo (iPhulo leZiseko zoPhuhliso kunye noManyano loKhuseleko lweMithombo evulekileyo) kwaye iya kudibanisa kunye neminye imisebenzi enxulumene nokhuselo eyenziwa ziinkampani ezijoyine iprojekthi. ." I-OpenSSF: iprojekthi ejolise ekuphuculeni ukhuseleko lwesoftware evulekileyo
Amakhadi okhuseleko: Amanqaku amanqaku okhuseleko
Yintoni amakhadi okhuseleko?
Ngokwe- upapasho olusemthethweni lukaGoogle Open Source, Le projekthi ichazwe ngolu hlobo lulandelayo:
""Amakhadi okhuseleko" yenye yeeprojekthi zokuqala eziza kupapashwa ngaphakathi kwesakhelo se-OpenSSF ukusukela oko yaqalwa ngo-Agasti 2020. Injongo kukuzenzela "amanqaku okhuseleko" kwiiprojekthi zemithombo evulekileyo ukunceda abasebenzisi bathathe isigqibo sokuthembana, umngcipheko, kunye ukuma kwezokhuseleko kwimeko yokusebenzisa kwabo.
Amakhadi okhuseleko achaza indlela yovavanyo yokuqala eya kuthi isetyenziselwe ukwenza ikhadi lamanqaku leprojekthi yomthombo ovulekileyo ngendlela ezenzekelayo. Yonke itsheki kwikhadi lamanqaku iyenzeka. Ezinye zeemetriki zovavanyo ezisetyenzisiweyo zibandakanya umgaqo-nkqubo wezokhuseleko ochazwe kakuhle, inkqubo yokuphononongwa kweekhowudi, kunye nokuqhubeka kovavanyo lokugubungela izixhobo ezinokuphamba kunye nohlalutyo lweekhowudi. I-Boolean ibuyisiwe kunye nenqaku lokuzithemba kuhlolo ngalunye lokhuseleko.
Ixesha elingaphezulu, uGoogle uya kuziphucula ezi metric kunye negalelo loluntu nge-OpenSSF." Amakhadi okhuseleko okhuseleko lweeprojekthi zomthombo ovulekileyo
Isebenza njani i-Scorecards yoKhuseleko?
Ngokutsho kwe I-OpenSSF, "Amakhadi okhuseleko" isebenza ngolu hlobo lulandelayo:
Yenza i ikhadi lamanqaku Iprojekthi yemithombo evulekileyo ngendlela ezenzekelayo. Nangona, ngoku ikhowudi isebenza kuphela ne- Indawo yokugcina izinto zesoftware yeGitHub, Ulwandiso lwayo kolunye ugcino lwekhowudi yemithombo lusepayipini. Ngapha koko, ezinye ze iimvavanyo zokuvavanya esetyenzisiweyo ibandakanya umgaqo-nkqubo wezokhuseleko ochazwe kakuhle, inkqubo yokuphononongwa kwekhowudi, kunye nokugubungela uvavanyo ngokuqhubekayo izixhobo fuzzing y Uhlalutyo lwekhowudi emileyo.
Ukongeza, ivavanya amaxesha athile ifayile ye- iiprojekthi eziphambili ezivulekileyo kwaye iveza ulwazi (idatha) yeetsheki ngokusebenzisa a I-dasaset yoluntu enkulu ehlaziywa ngeveki. Kwaye le datha inokusetyenziselwa ukonyusa naziphi na izigqibo ezizenzekelayo xa ungena. ukuxhomekeka kumthombo omtsha ovulekileyo kwiiprojekthi okanye kwimibutho.
Yiyo loo nto imibutho inakho isigqibo ngokugqibeleleyo Nokuba yeyiphi ukuxhomekeka okutsha nge amanqaku aphantsi Kuya kufuneka ugqithele kwi uvavanyo olongezelelweyo. Ke ezi ziitsheki zinokunceda ukunciphisa ukuxhomekeka kubungozi ekuhanjisweni kweenkqubo zemveliso.
Ukwandisa olu lwazi kwi umthombo osemthethweni (OpenSSF) ungajonga oku kulandelayo unxibelelwano.
Yintoni entsha kuhlobo luka-2.0
Lo Inguqulelo entsha ka-2.0 ukhutshiwe kungekudala emva koko Uphando izakubonisa isikhokelo esibanzi esibizwa "Amanqanaba okubonelela ngezixhobo zesoftware" (Amanqanaba okhenketho lweeSoftware zeSoftware- SLSA) efuna ukuqinisekisa ukuthembeka kwezinto zesoftware kunye nokuthintela ukulungiswa okungagunyaziswanga ngexesha lophuhliso kunye nokuphunyezwa kwazo.
Kwaye ngokufutshane ibandakanya ngokubanzi oku kulandelayo iindaba:
- Ukuphuculwa kokuchongwa komngcipheko onokubakho owaziwayo.
- Ukomeleza ukufunyanwa kwegalelo elibi ngokunyanzelwa kokuphononongwa kwekhowudi yomntu wesithathu ngaphambi kokuzibophelela.
- Ukufezekisa ukufunyanwa kwekhowudi esemngciphekweni ngokuphunyezwa kweemvavanyo zekhowudi emileyo kunye nokuqhubeka kokungazinzi.
- Ukuphuculwa kokuchongwa kwezixhomekeko ezisemngciphekweni ukunciphisa umngcipheko wokhuseleko onokubakho kunye nokuvumela ukuba kuthathwe ezona zigqibo zifanelekileyo zokunciphisa.
Ukuphanda kwiinkcukacha ze izincedisi okanye ukusebenza ngoku ungajonga oku kulandelayo unxibelelwano.
Isishwankathelo
Siyathemba ukuba oku "Uncedo oluncinci" malunga «Security Scorecards», eyiProjekthi esungulwe ngu Uphando kunye Isiseko soKhuseleko soMthombo ovulekileyo, osandula ukukhupha ifayile ye- Inguqulelo entsha ka-2.0 iphucule ukuvavanywa kunye namandla okwenza idatha evelisiweyo ukulungiselela uhlalutyo oluthe kratya; Inomdla omkhulu kwaye iluncedo kuyo yonke «Comunidad de Software Libre y Código Abierto» kunye negalelo elikhulu ekusasazekeni kwendalo emangalisayo, enkulu kunye nokukhulayo kwezicelo ze «GNU/Linux».
Okwangoku, ukuba uyithandile le publicación, Sukuyeka yabelani nabanye, kwiiwebhusayithi zakho ozithandayo, amajelo, amaqela okanye uluntu lwenethiwekhi yoluntu okanye iinkqubo zemiyalezo, ngokukhethekileyo simahla, sivulekile kunye / okanye sikhuseleke ngakumbi njenge yocingo, Uphawu, IMododon okanye enye Ulungelelaniso, ngokukhethekileyo.
Kwaye khumbula ukutyelela iphepha lethu lasekhaya e «DesdeLinux» ukuphonononga ezinye iindaba, kunye nokujoyina ijelo lethu elisemthethweni le- ITelegram ye DesdeLinux. Ngelixa, ngolwazi oluthe kratya, ungandwendwela nayiphi na Ilayibrari ekwi-Intanethi njengaye VulaLibra y IJedIT, ukufikelela nokufunda iincwadi zedijithali (ii-PDFs) kwesi sihloko okanye ezinye.