Dr Marno van der Maas – CHERI Alliance
The CHERI Alliance is dedicated to advancing the state-of-the-art in capability-based security. As our collaborative efforts and technical output grow, so does the need for a standardised, clear, and efficient way to manage that output. This is why the Repository Management Working Group was established: to systematically oversee all the technical collateral produced by the alliance.
Establishing the Foundation: Repository Creation and Management
Our primary and most immediate focus has been on repository management. A vast and diverse collection of code, documentation, and tooling is only useful if it is well-organised and easy to navigate. To ensure consistency, maintainability, and responsible stewardship across all CHERI Alliance projects, the working group has developed a comprehensive set of guidelines.
We have outlined how to responsibly manage these repositories, including rules for naming conventions, licensing, and contribution models. This standardisation is critical for lowering the barrier to entry for new contributors and ensuring the longevity of our foundational work.
We encourage all current and prospective members of the CHERI ecosystem to review these foundational principles:
Repository Creation and Management Rules
Expanding Our Mandate: Managing Diverse Technical Collateral
While repository management provides the crucial structure for our source code, the CHERI Alliance produces a wider array of technical assets. To truly support our community, the scope of the working group must expand to manage this diverse collateral effectively.
A key area of discussion currently in progress involves the hosting and distribution of technical artefacts beyond source code. Specifically, we are developing a robust process for managing assets like Docker images. These images are essential for providing consistent, reproducible development and testing environments, which are vital for research and adoption.
Conclusion
The repository management working group is fundamental to the long-term success of the CHERI Alliance. By implementing clear, sensible governance over our technical collateral, we are building a more stable, scalable, and collaborative ecosystem. We look forward to continuing to professionalise the CHERI Alliance’s output, making it easier for the community to access, contribute to, and build upon our mission to deliver fundamental hardware security improvements.