[Bug 521562] [pmi] We need to be able to track whether or not a project implements cryptography
Bugzilla Link | 521562 |
Status | NEW |
Importance | P2 normal |
Reported | Aug 29, 2017 16:30 EDT |
Modified | Mar 16, 2020 08:14 EDT |
Description
We need a way of keeping track of projects that implement cryptography.
I believe that it should be sufficient to track this at the project level. I don't think that we can reasonably automatically detect this, so we'll be at the mercy of the project team to tell us yes/no. Probably something like a checkbox field in the project data should be good enough.
Note that we'll need to be careful with our wording. I'm specifically interested in identifying those projects that actually implement cryptography; this is different and distinct from a project using third-party content that implements cryptography (while we can likely automate the "uses" case by querying IPZilla, it may make sense to just add a second "distributes third party content that provides cryptography" field).
We should try to provide as much help to define what we mean by "implements cryptography"; I'm sure that we can find something in existing documentation.
We're going to need the ability to query this information. I believe that it should be enough to be able to get a list of projects that implement cryptography (based on the state of the field) and maybe the URL of their download page.
I believe that the project is the right level of granularity i.e. I'm pretty sure that we we don't need to flag specific releases or downloads. Mike or Sharon, please correct me if I'm wrong.