Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[tsf-dev] Trustable Software Framework meeting 251117 - Summary notes 
Hi,

A summary of todays meeting is below.
Thanks everyone who came along, and thank you for raising so many interesting questions. 

The next meeting will be at the same time in two weeks (Monday 1st Dec)

Thanks

Paul Waters

--

# Trustable Software Framework meeting 251117

- Realtime chat at #trustable on Libera IRC - Please join

## Question: How do we set up validators locally:
- Example from Lucas - https://gitlab.com/CodethinkLabs/safety-monitor/safety-monitor/-/tree/main/.dotstop_extensions
## Question: Why are all elements statements? Would it maybe better to define Requests and Claims explicitly? 
See https://codethinklabs.gitlab.io/trustable/trustable/methodology.html
Kasper replied: We have also considered possibly documenting more explicitly what the edges both up and down the tree mean but so far have not prioritised on that aspect. 

## Question: Have we used TSF for trudag development?
- In discussion but nothing has been landed yet.

Relevant MRs:
- https://gitlab.com/CodethinkLabs/trustable/trustable/-/issues/22
- https://gitlab.com/CodethinkLabs/trustable/trustable/-/issues/383

## Question: What do you recommend in terms of git architecture?
i.e. directory structure, file naming convention, file organisation
- No recommendations at the moment, graph is a graph and file structure is a tree.One to one mapping is therefore not practical. 

## Question: Should we link everything? eg aspice
- One of key justifications is as a self contained framework. Principal is that we should have an open standard of expressing what we care about, use TSF as a goal for SW engineering, to define the promises you want to/are able to make. 

## Question: Validators? Should we create or use existing?
- upstream doesn't have validators, we are looking at upstreaming some that we have developed. If any validators are developed please consider upstreaming. 
- Could we provide a very simple example?

## Question: graphviz? is it strictly necessary to install?
- graphviz only needed for visualising the graph, if not needed then possibly go without.
## Question: For the trudag publish, inclusion of non-normative items in report? 
What is the guidance for when this would be needed?
- Normative should stand alone in terms of understanding, i.e. shouldn't need the non-normative items to aid understanding
## Question: Noticed that between 2 latest releases of tsf/trudag - guidance for TA-TESTS was changed. How should users of TSF/trudag manage change like this? - In general we are looking make things easier for downstreams, remote graph functionality would provide for some degree of assistance here. We would recommend keeping up to date as much as possible. - Please note though that guidance is guidance on the types of things to think about, and thought is required to consider this within the context of the specific project/problem that they are applying TSF to. 

## Question: Within TSF terminology, what is a Component? (re TA-INPUTS)
- Input analysis is under TA-PROVENANCE, and analysis of your inputs (tooling, other projects (in-house and or external)) - this is what we mean by Components 

## Question: At the end we should connect everything through CI/CD?
- Yes - this allows the building up of a body of knowledge. Measurement of a property. 

## Notes:

- Public IRC at #trustable on Libera
- Issues can be raised at https://gitlab.com/CodethinkLabs/trustable/trustable/-/issues

Back to the top