I recently did a review of our project with regards to the Core Infrastructure Initiative (CII) Best Practices, in order to ensure we’re following industry best practices with POCO.
Things looked very good, with only a few best practices missing, which I have fixed in the meantime:
- Updated the CONTRIBUTING.md file to include a statement on reporting security issues via email and added a link to that file to README.md.
- Updated the instructions for preparing a release in the Wiki to include running clang-analyzer.
- Enabled HTTPS for the project website (using a Let’s Encrypt certificate and certbot-auto), which was actually most of the work (including fixing all links, etc.).
- Ran clang-analyzer on the code base for peace of mind 😉
We can now proudly show the CII Best Practices badge on our GitHub page:
The POCO C++ Libraries are being used in a lot of important projects in lots of different areas, from server and desktop applications, mobile apps to Internet of Things and connected devices in factories, homes and buildings, infrastructure as well as vehicles. Following established best practices and giving our best to ensure high-quality releases is my main priority.