PSARC 10 questions
Approved Oct. 2008 (PSARC/2008/625)
The 20 10 questions outline serves several purposes. One is to present to the ARC in a uniform manner pertinent information about any case. Many of the answers to these questions can be direct and specific references to other case materials (although care must be taken to keep the references current). A second purpose is to allow an ARC member to get a concise overview of the case in an efficient manner. Another purpose is that the 20 questions should provoke thought and questions for project teams unfamiliar with the ARC process, by asking questions about aspects of the project that need be considered. Lastly, the 20 questions serves as a vehicle between the case owner and the project team as an indicator of preparedness. The 20 questions, as do other ARC materials, remain as documentation of the case plan of record.
- What is the proposal being presented for review?
- Give an overview of the project and its phase(s).
- Describe the exposure (OpenSolaris), scope and type of review desired (overview, full case, etc.)
- Indicate the release binding requested by the project team. See: http://www.opensolaris.org/os/communit/arc/policies/release-taxonomy/
- What are the project's deliverables?
- How does this project align with existing or proposed ARC cases?
- Describe user interactions.
- Are new user interfaces being proposed, or existing interfaces being changed?
- Explain the similarities in proposed interfaces with existing OS user interfaces (Solaris, Linux, Windows, etc.).
- Are there any install time changes?
- What are the exported (defined by your project) and imported (defined by another project that your project then references) interfaces or protocols and their respective stability levels?
- Describe any dependencies on hardware (e.g. SPARC exclusive), and on other projects within Solaris.
- Projects need to be aware of the overall security of the system and how their components affect it. Which parts of this project are critical to the security of the system to avoid such unintended consequences such as unauthorized system entry, unauthorized access to or modification of data, elevation of privilege, denial of service, violation of labeled security, ...? Does this project require elevated privilege?
A number of specific policies and practices address various aspects of the security of the system. They are found in appendix 1. Which of these are applicable to this project, and how are they addressed? - Describe means of observing project functionality and performance, by an end user or by a system administrator.
- How does the project deal with faults and interruptions? Initialization and restarting?
- How does the project interact with Solaris virtualization technologies (xVM, LDOMs, zones, Branded zones, SunCluster, etc.)?
- Does this project require administration (i.e., configuration or management)? If so,
- How is the project administered, and what sort of review process has this user interface undergone?
- Is there a means of aggregating management and/or configuration with other related projects?
- Does this project deliver its own administration along with the other components, or is this project an administration interface for other projects?
- Are there any external (to Solaris) management interfaces to consider, or being consumed? Projects that require or deliver administrative interfaces are often by their nature security components of the system and should likely address the security question above, with attention to RBAC and Audit. (See also appendix 2).
- Have you reviewed the Policies and Best Practices? Are there any exceptions this project needs? See the ARC Policies and Best Practices
Appendix 1. Security references
Appendix 2. Administrative access and control
Appendix 3. Policies and Best Practices references
