[Members] software compliance

Gaston Dombiak gaston at jivesoftware.com
Tue Nov 20 16:02:56 CST 2007


Hey Peter,

I think that the compliance program is the way to go. People are always
busy doing something and if there is not a motivation (or a schedule) to
do something then it will probably never happen.

I checked those XEPs and I think that besides the "trust but verify"
policy we can also offer a set of automated test cases that should clients
and servers should pass. However, having a test case with 100% coverage of
the spec is not an easy task but something is better than nothing. So
besides the trust we can also request to at least pass the automated test
cases that we require.

If that idea is approved then I offer the automated test cases that we
have implemented in Smack and we use for testing Smack and Openfire.
Except for the PEP I think that they are covering the mentioned XEPs. The
test cases should be reviewed and once we have the ok then we can say: we
believe in trust but also in verification. Pass these test cases to verify
and we will trust that the uncovered part is fine. We can refine the test
cases (Smack is open source - and built in Java) to add more coverage.

My 2 cents,

  -- Gato

-----Original Message-----
From: members-bounces at xmpp.org [mailto:members-bounces at xmpp.org] On Behalf
Of Peter Saint-Andre
Sent: Tuesday, November 20, 2007 12:49 PM
To: members at xmpp.org
Subject: [Members] software compliance

As Alex mentioned, in the Board meeting today we discussed the software
compliance program we are trying to build, based on the following specs:

http://www.xmpp.org/extensions/xep-0211.html
http://www.xmpp.org/extensions/xep-0212.html
http://www.xmpp.org/extensions/xep-0213.html
http://www.xmpp.org/extensions/xep-0216.html

The idea for 2008 is that we will not hold formal compliance testing, but
instead rely on feature reports from software developers. So we mostly
trust people in our community to report accurate information.
However, just as in the old days of nuclear weapons reporting, we may want
to "trust but verify". :)

The question is: how do we build in the "verify" part? One way would be to
require that software developers participate in the online interop
network:

http://www.xmpp.org/interop/

However, for that to work we need to make the interop network more
approachable and popular. I have some ideas about that (will try to post
more soon), but I welcome discussion on the list about the topic as well.

Thanks!

Peter

--
Peter Saint-Andre
https://stpeter.im/




More information about the Members mailing list