stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
108d1c64b323808d6085fca05818fc581c6b003a
git.stella-ops.org/bench/reachability-benchmark/benchmark/checklists/dataset-safety.md
StellaOps Bot 108d1c64b3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Findings Ledger CI / build-test (push) Has been cancelled
Details
Findings Ledger CI / migration-validation (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
cryptopro-linux-csp / build-and-test (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
sm-remote-ci / build-and-test (push) Has been cancelled
Details
Findings Ledger CI / generate-manifest (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
up
2025-12-09 09:38:09 +02:00

1.5 KiB
Raw Blame History

Dataset Safety & Provenance Checklist (RD1RD10)

Version: 1.0.1 · Date: 2025-12-03

  • PII/secret scrub: no tokens/URLs; build/test logs redacted. Attested by DSSE when signing manifest.
  • License compatibility: all cases authored in-repo under Apache-2.0; third-party snippets none. NOTICE up to date.
  • Feed/tool lockfile: manifest.sample.json pins hashes for schemas, scorer, builder, and baseline submissions (when present).
  • Published schemas/validators: truth/submission/coverage/trace + manifest schemas; validated via tools/validate.py and tools/verify_manifest.py.
  • Evidence bundles: coverage + traces + attestation + sbom recorded per case (sample manifest).
  • Binary case recipe: cases/**/build/build.sh pinned SOURCE_DATE_EPOCH and env templates under benchmark/templates/determinism/.
  • Determinism CI: ci/run-ci.sh + tools/verify_manifest.py run twice to compare hashes; Java track uses vendored Temurin 21 via tools/java/ensure_jdk.sh.
  • Signed baselines: baseline submissions may include DSSE path in manifest (not required for sample kit); rulepack hashes recorded separately.
  • Submission policy: CLA/DSSE optional in sample; production kits require DSSE envelope recorded in signatures.
  • Semantic versioning & changelog: see benchmark/CHANGELOG.md; manifest version mirrors dataset release.
  • Offline kit packaging: tools/package_offline_kit.sh produces deterministic tarball with manifest + schemas + tools.