- On 18 April, the ROBERT communication protocol was published by Inria and Fraunhofer/AISEC, as part of a Franco-German project, to provide a framework for the overall operation, to outline the security and privacy aspects, and to ensure interoperability at the European level for the deployment of an application.
- On the basis of this protocol, developers of the StopCovid project-team worked on implementing the first functional building blocks of the application and its infrastructure, to propose an application that could be deployed operationally as needed, within a timetable set by the government.
- The publication of StopCovid's source code and documentation starts on 12 May 2020 and will continue for the duration of the project. The evolution of the code includes the analysis and possible integration of improvements that will be submitted by the developer community.
- Regular updates of the application will be made as soon as they become available.
General principle of publication
To allow the different communities of developers and specialists to assess the implemented algorithms and the way this application is programmed, especially if it implements the ROBERT protocol correctly, the source code is published on GitLab. The source code presented is the result of a collaborative development process involving many people and organizations within the StopCovid project-team.
This collaborative development process, which has been constrained by the project agenda, will gradually open up to allow proposing evolutions to the application, reporting bugs, and suggesting changes to the documentation, while integrating some of these proposals. To do so, the choice of the Inria GitLab platform has been retained.
The contributions expected by the developer community will allow the evolution of the software bricks to ultimately improve the quality of the application.
The publication policy of the source code developed within the framework of the project is based on three categories:
- A (restricted) part which is not published because it corresponds to tests or critical parts for the security of the infrastructure; on the other hand a documentation, published on Gitlab, will present the main security principles implemented on StopCovid (in order to respect the requests or opinions of the CNIL and the recommendations of the ANSSI);
- A part which is made public without a call for contributions being expected (proposals will of course be studied): this corresponds for example to parts which directly implement very precise specifications;
- A part which is strictly speaking open source, with calls for contributions that are expected: this concerns the core of the application, in particular the implementation of the ROBERT protocol.
The StopCovid project-team decided to release the code in two phases. This phase does not call into question the fundamental principles of open publication of the code, but allows better management of the scalability for a possible operational application in late May/early June.
Phase 1: Transparency
A first part of the software bricks is published on May 12. Now visible, the code can be reviewed by anyone who wishes to do so. By making it public, the StopCovid project-team is respecting its commitment to transparency.
People outside the StopCovid project-team can, at this stage, give an opinion, make suggestions or comments. Depending on the technical relevance of this initial feedback, they will be invited to join the pool of project contributors to increase efficiency.
This phase 1 limits the scope of interactions due to the constraints on the resources of the StopCovid project-team, which is fully mobilized in its development schedule, within the framework of a restricted agenda. All contributions will be read carefully in order to retain those that will be deemed relevant or even likely to play a critical role at this stage of code development.
The duration of this phase 1 will depend on the constraints related to the test phases and the application availability schedule.
Phase 2: Contribution
The software part that implements the ROBERT protocol will be put in Open Source. The contribution phase will allow the community to contribute to the software while respecting the regulatory mechanisms that will be put in place (mainly through code review and acceptance or rejection by a validation committee).
At this point, the work of the developer community, both internal and external to the project, will be valuable. An integration time with transparent processes will be specified under the responsibility of a validation committee.
Phase 3 : From Protocol to StopCovid Application
API (Application Programming Interface): a standardized set of programming by which one software provides services to other software (e.g. network access, internet access, Bluetooth).
OS (Operating System): operating system comprising a set of programs that controls the various components (hard disk, screen, processor, memory, etc.) of the computer device and thus enables it to function.
Communication protocol: this is the set of rules that will make it possible to organize and give meaning to data exchanges: who initiates a request, how this request is formatted, how the response is made and in what form, how problems are reported in these exchanges and how to manage a problem, etc.
Software component, software brick, software library, software toolbox: these software elements fulfil a particular function or a set of coherent functions and can be assembled to produce more complex software, like spare parts.
Review: a review is a critical commentary of a document, source code or deployed software. It is meant to be respectful and constructive and can serve as a basis for discussion between the authors of the object being reviewed and the reviewer, in order to clarify certain points or propose modifications. This process makes it possible to consider the opinions of various specialists (developers, lawyers, etc.).
Issues: this term refers to a problem or question. In online development project management tools such as GitLab, issues are the means used to report a problem encountered with the software, ask a question or even share an idea for improvement, based on the principle of review/review.
Release: this English verb is used in computer science to designate the release of a new version of a software. Versions are usually numbered (V1, V1.1, V2, ...). The word release is also used to designate a particular version of the software (e.g.: "You got the last release? or "I use release 1.4").