Proposed tweaks to CII Best Practices criteria

David A. Wheeler

We have several proposed tweaks to the CII Best Practices criteria or related text.

Comments are very welcome in either the specific GitHub issue or here on the mailing list.

Details below.

--- David A. Wheeler


* 1507 - Currently we SUGGEST SemVer, this proposes SUGGESTing SemVer *or* CalVer:
This is a proposed slight relaxation of a SUGGESTed criterion to also allow CalVer. See also <>.

* 1508 - Reword release_notes_vulns to clarify its text

* 1509 - Update test or test_invocation for multi-language projects
Latest revised proposal is to modify criterion “test”, which says: "The project MUST use at least one automated test suite that is publicly released as FLOSS (this test suite may be maintained as a separate FLOSS project).” To add "The project MUST clearly show or document how to run the test suite(s) (e.g., via a continuous integration (CI) script or documentation in files such as,, or” Technically this would be a change in the criterion. However, the only way to show that a project uses a test suite (and thus meets the original criterion) is to show it or document it, so it could be argued this was always implied. Alternatively, we could add it as a new criterion, but I don't think we need to in this case.

* 1510 - Add dynamic_analysis_enable_assertions details (to clarify its meaning & application)
This doesn’t change anything substantive, but the criterion was causing some confusion that we want to eliminate.

* 1513 - Add info on how to comply with US export control law.
This doesn't change the criteria at all. This is just a pointer to legal information that’s important to projects that can be accessed from within the US. Most projects *are* distributed from the US even if they don’t start in the US, and it can help protect people within the US, so it seems like a helpful tip.

David A. Wheeler

As mentioned earlier, several issues proposed tweaks to the CII Best Practices criteria or related text. Here are the pull requests that make those changes. Please note any last-minute issues, I intend to merge these this Thursday (January 7) if there are no objections:

* Allow CalVer:
* Tweak release_notes_vulns"
* Tweak criterion “test”:
* Tweak dynamic_analysis_enable_assertions:
* Mention US export control law:

--- David A. Wheeler