Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOC] Guidelines for new software dependencies #2552

Closed
marcalff opened this issue Feb 23, 2024 · 2 comments
Closed

[DOC] Guidelines for new software dependencies #2552

marcalff opened this issue Feb 23, 2024 · 2 comments
Labels
bug Something isn't working triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@marcalff
Copy link
Member

marcalff commented Feb 23, 2024
edited
Loading

In the context of #2481, opentelemetry-cpp needs to have more dependencies, to a yaml parser in this case.

This raises the question on how to select a given package, and the acceptance criteria the package will need to meet to be considered.

Below is a preliminary list of requirements, the goal of this issue is to discuss them, and finalize a check list, which can help the next time another package is needed.

Proposed:

  • License

    • MUST be opensource
    • MUST be compatible with opentelemetry-cpp licensing
      • This raises the question of which licenses are compatible with Apache V2.
      • Some help and guidelines from opentelemetry in general, to name acceptable licenses, will be useful.

  • Nested dependencies

    • If a package has further dependencies, especially mandatory, all the dependencies must be also meet the requirements listed here.

  • Supported platforms

    • In general, all the platforms opentelemetry-cpp supports must be supported as well
    • Special cases (for example, provide a CURL replacement on Windows) are possible depending on context.

  • Supported build frameworks

    • CMake
    • Bazel

  • Documentation

  • Actually maintained

    • The package should have regular releases, and show a good track record of fixing bugs and/or accepting fixes
    • This part is subjective

  • Community adoption

    • This helps stability
    • This helps to find contributors with knowledge of the package

  • Stable

    • This is critical for dependencies added in the opentelemetry-cpp runtime.
    • This part is subjective

  • Secure

    • No known vulnerabilities
    • Good track record of fixing vulnerabilities
    • Small attack surface

  • Technical requirements

    • Performance
    • CPU/memory consumption

In practice for a yaml parser in C++:

  • There are not so many choices
  • Proceeding by elimination currently:
    • I know which parser not to use
    • Hoping to find a good candidate what passes all the checks
@marcalff marcalff added the bug Something isn't working label Feb 23, 2024
@github-actions github-actions bot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Feb 23, 2024
@lalitb
Copy link
Member

lalitb commented Feb 23, 2024
edited
Loading

Few more:

  • Stability, Maintenance, Community adoption,
  • Performance.
  • Build support if required (CMake, Bazel).
  • Documentation

@marcalff marcalff mentioned this issue Feb 23, 2024
Open
50 tasks
@esigo esigo added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 26, 2024
@marcalff
Copy link
Member Author

Moving to a discussion

@open-telemetry open-telemetry locked and limited conversation to collaborators Mar 28, 2024
@marcalff marcalff converted this issue into discussion #2615 Mar 28, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
bug Something isn't working triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lalitb @marcalff @esigo