Closed
Conversation
Signed-off-by: aschemmel-tech <aschemmel_job@arcor.de>
aschemmel-tech
force-pushed
the
aschemmel-tech-patch-4
branch
from
1b1fe7c to
e86afb8
Compare
Erikhu1
reviewed
Nov 11, 2025
| - Record of component assessment | ||
| - List of tools used in construction and verification | ||
| - Record of tool impact assessments | ||
| - Record of tool qualification reviews |
Collaborator
There was a problem hiding this comment.
Revisit (read up on what is expected from CodeThink)
| - successful build of nlohmann/json from source | ||
| - update logs for mirrored projects | ||
| - mirrors reject history rewrites | ||
| - mirroring is configured via infrastructure under direct control No newline at end of file |
Collaborator
There was a problem hiding this comment.
Revisit (read up on what is expected from CodeThink)
| The integrator shall ensure that the build environment used for nlohmann/json is supplied with consistent dependencies in every integrating system. No newline at end of file | ||
| The integrator shall ensure that the build environment used for nlohmann/json is supplied with consistent dependencies in every integrating system. | ||
|
|
||
| aschemmel-tech: AOUs are supposed to be linked to TA-CONSTRAINTS. I would not know what to do as a integrator based on this. No newline at end of file |
Collaborator
There was a problem hiding this comment.
Clarify/reformulate statement.
| The integrator shall ensure that integrator-controlled mirrors of the dependencies are persistently and accessibly stored as long as the library nlohmann/json is used. No newline at end of file | ||
| The integrator shall ensure that integrator-controlled mirrors of the dependencies are persistently and accessibly stored as long as the library nlohmann/json is used. | ||
|
|
||
| aschemmel-tech: AOUs are supposed to be linked to TA-CONSTRAINTS. No newline at end of file |
| The integrator shall evaluate the provided evidence and supplement it where necessary, whenever the trustability documentation of nlohmann/json is reviewed. No newline at end of file | ||
| The integrator shall evaluate the provided evidence and supplement it where necessary, whenever the trustability documentation of nlohmann/json is reviewed. | ||
|
|
||
| aschemmel-tech: AOUs are supposed to be linked to TA-CONSTRAINTS No newline at end of file |
|
|
||
| aschemmel-tech: Evidences asked for are: | ||
|
|
||
| - List of components used in construction of nlohman/json - this is not given by JLS-04: recommend to create this list of dependencies within another "statement" |
| - successful build of nlohmann/json from source - needs "statement" and evidence that no external source and caching is used (need to find out about caching, we qualified bazel caching) | ||
| - update logs for mirrored projects - ??? | ||
| - mirrors reject history rewrites - ??? | ||
| - mirroring is configured via infrastructure under direct - control covered already??? |
Author
|
Topics taken into account in eclipse-score#9 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
no impact on nlohman/json
modified assertions and evidences and added SME scores