About the Foundation for Public Code

[Codebase] and the Standard for Public Code

This resource

Contents

  1. Code in the Open
  2. Bundle policy and source code
  3. Create reusable and portable code
  4. Welcome contributions
  5. Maintain version control
  6. Require review of contributions
  7. Document your objectives
  8. Document your code
  9. Use plain English
  10. Use open standards
  11. Use continuous integration
  12. Publish with an open license
  13. Use a coherent style
  14. Pay attention to codebase maturity

Code in the Open

  • compliant with this criterion.
Requirement meets links and notes
All source code for any policy and software in use (unless used for fraud detection) MUST be published and publicly accessible.    
Contributors MUST NOT upload sensitive information regarding users, their organization or third parties to the repository. Examples of sensitive information include configurations, usernames and passwords, public keys and other real credentials used in the production system.    
Any source code not currently in use (such as new versions, proposals or older versions) SHOULD be published.    
The source code MAY provide the general public with insight into which source code or policy underpins any specific interaction they have with your organization.    

Bundle policy and source code

  • compliant with this criterion.
Requirement meets links and notes
A codebase MUST include the policy that the source code is based on.    
A codebase MUST include all source code that the policy is based on.    
All policy and source code that the codebase is based on MUST be documented, reusable and portable.    
Policy SHOULD be provided in machine readable and unambiguous formats.    
Continuous integration tests SHOULD validate that the source code and the policy are executed coherently.    

Create reusable and portable code

  • compliant with this criterion.
Requirement meets links and notes
The codebase MUST be developed to be reusable in different contexts.    
The codebase MUST be independent from any secret, undisclosed, proprietary or non-open licensed code or services for execution and understanding.    
The codebase MUST be in use by multiple parties.    
The roadmap SHOULD be influenced by the needs of multiple parties.    
Code SHOULD be general purpose and SHOULD be configurable.    
Codebases SHOULD include a publiccode.yml metadata description so that they’re easily discoverable.    
Code and its documentation SHOULD NOT contain situation-specific information. For example, personal and organizational data as well as tokens and passwords used in the production system should never be included.    

Welcome contributions

  • compliant with this criterion.
Requirement meets links and notes
The codebase MUST have a public issue tracker that accepts suggestions from anyone.    
The codebase MUST allow anyone to submit suggestions for changes to the codebase.    
The documentation MUST link to both the public issue tracker and submitted codebase changes, for example in a README file.    
The codebase MUST include an email address for security issues and responsible disclosure.    
The codebase MUST include contribution guidelines explaining how contributors can get involved, for example in a CONTRIBUTING file.    
The project MUST have communication channels for users and developers, for example email lists.    
The codebase SHOULD have a publicly available roadmap.    
The codebase SHOULD advertise the committed engagement of involved organizations in the development and maintenance.    
The documentation SHOULD include instructions for how to report potentially security sensitive issues on a closed channel.    
The codebase SHOULD document the governance of the codebase, contributions and its community, for example in a GOVERNANCE file.    
The codebase MAY include a code of conduct for contributors.    

Maintain version control

  • compliant with this criterion.
Requirement meets links and notes
You MUST have a way to maintain version control for your code.    
All files in a codebase MUST be version controlled.    
All decisions MUST be documented in commit messages.    
Every commit message MUST link to discussions and issues wherever possible.    
You SHOULD mark different versions of your codebase, for example using revision tags or textual labels.    
You SHOULD prefer file formats that can easily be version controlled.    

Require review of contributions

  • compliant with this criterion.
Requirement meets links and notes
All contributions that are accepted or committed to release versions of the codebase MUST be reviewed by another contributor.    
Reviews MUST include source, policy, tests and documentation.    
Reviewers MUST provide feedback on all decisions made and the implementation in the review.    
Contributions SHOULD conform to the standards, architecture and decisions set out in the codebase in order to pass review.    
Reviews SHOULD include running both the code and the tests of the codebase.    
Contributions SHOULD be reviewed by someone in a different context than the contributor.    
Version control systems SHOULD not accept non-reviewed contributions in release versions.    
Reviews SHOULD happen within two business days.    
Reviews MAY be performed by multiple reviewers.    

Document your objectives

  • compliant with this criterion.
Requirement meets links and notes
The codebase MUST contain documentation of its objectives – like a mission and goal statement – that is understandable by designers and developers so that they can use or contribute to the codebase.    
The codebase SHOULD contain documentation on its objectives understandable by policy makers and management.    
The codebase MAY contain documentation of its objectives for the general public.    

Document your code

  • compliant with this criterion.
Requirement meets links and notes
All of the functionality of your codebase – policy as well as source – MUST be described in language clearly understandable for those that understand the purpose of the code.    
The documentation of your codebase MUST contain: a description of how to install and run the source code, examples demonstrating the key functionality.    
The documentation of your codebase SHOULD contain: a high level description that is clearly understandable for a wide audience of stakeholders, like the general public and journalists, a section describing how to install and run a standalone version of the source code, including, if necessary, a test dataset, examples for all functionality.    
There SHOULD be continuous integration tests for the quality of your documentation.    
The documentation of your codebase MAY contain examples that make users want to immediately start using your codebase.    
You MAY use the examples in your documentation to test your code.    

Use plain English

  • compliant with this criterion.
Requirement meets links and notes
All code and documentation MUST be in English.    
Any translation MUST be up to date with the English version and vice-versa.    
There SHOULD be no acronyms, abbreviations, puns or legal/domain specific terms in the codebase without an explanation preceding it or a link to an explanation.    
The name of the project or codebase SHOULD be descriptive and free from acronyms, abbreviations, puns or branding.    
Documentation SHOULD aim for a lower secondary education reading level, as recommended by the Web Content Accessibility Guidelines 2.    
Any code, documentation and tests MAY have a translation.    

Use open standards

  • compliant with this criterion.
Requirement meets links and notes
For features of a codebase that facilitate the exchange of data the codebase MUST use an open standard that meets the Open Source Initiative Open Standard Requirements.    
If no existing open standard is available, effort SHOULD be put into developing one.    
Standards that are machine testable SHOULD be preferred over those that are not.    
Functionality using features from a non-open standard (one that doesn’t meet the Open Source Initiative Open Standard Requirements) MAY be provided if necessary, but only in addition to compliant features.    
All non-compliant standards used MUST be recorded clearly in the documentation.    
The codebase SHOULD contain a list of all the standards used with links to where they are available.    

Use continuous integration

  • compliant with this criterion.
Requirement meets links and notes
All functionality in the source code MUST have automated tests.    
Contributions MUST pass all automated tests before they are admitted into the codebase.    
Contributions MUST be small.    
The codebase MUST have active contributors.    
Source code test and documentation coverage SHOULD be monitored.    
Policy and documentation MAY have testing for consistency with the source and vice versa.    
Policy and documentation MAY have testing for style and broken links.    

Publish with an open license

  • compliant with this criterion.
Requirement meets links and notes
All code and documentation MUST be licensed such that it may be freely reusable, changeable and redistributable.    
Software source code MUST be licensed under an OSI-approved open source license.    
All code MUST be published with a license file.    
All source code files in the codebase SHOULD include a copyright notice and a license header.    
Codebases MAY have multiple licenses for different types of code and documentation.    
Documentation MAY be published under Creative Commons licenses that are NOT ‘no derivatives’ or ‘non-commercial’.    

Use a coherent style

  • compliant with this criterion.
Requirement meets links and notes
Contributions MUST adhere to either a coding or writing style guide, either your own or an existing one that is advertised in or part of the codebase.    
Contributions SHOULD pass automated tests on style.    
Your codebase SHOULD include inline comments and documentation for non-trivial sections.    
You MAY include sections in your style guide on understandable English.    

Pay attention to codebase maturity

  • compliant with this criterion.
Requirement meets links and notes
A codebase MUST be versioned.    
A codebase that is ready to use MUST only depend on other codebases that are also ready to use.    
A codebase that is not yet ready to use MUST have one of these labels: prototype - to test the look and feel, and to internally prove the concept of the technical possibilities, alpha - to do guided tests with a limited set of users, beta - to open up testing to a larger section of the general public, for example to test if the codebase works at scale, pre-release version - code that is ready to be released but hasn’t received formal approval yet.    
A codebase SHOULD contain a log of changes from version to version, for example in the CHANGELOG.