clairernovotny
commented
5 years ago The requirement is intended to be for runtime dependencies, not tools/build-time/test time.
Open daveaglick opened 5 years ago
clairernovotny
commented
5 years ago The requirement is intended to be for runtime dependencies, not tools/build-time/test time.
devlead
commented
5 years ago @onovotny sounds good to me 👍
Proposal states
Uses .NET Foundation certified infrastructure to build, sign and publish official public packages (ensures package is based on public git commit).
So it's valid question if that mean it also dictates how the build is executed in detail, i.e. choice of tooling. Worth clarifying the certification requirements, certification process (acquiring and maintaining certification).
Starting at level 3 it looks like there’s a requirement for dependencies to be at a certain level of the ladder as well. That requires those dependencies to both participate in the maturity model in the first place and also to have reached a certain maturity.
My question is how does this apply to tooling like build tool, documentation generators, design or build time static analysis tools, etc.? Does all open source involved in the production of the project have to meet the minimum ladder requirements or only those dependencies that get distributed or transitively referenced by consumers?