Version 1 (modified by Samuli Seppänen, 11 years ago) (diff)



This page outlines the efforts taken to maintain OpenVPN's quality without excessive compromises on development speed.

Static code analysis

Static code analysis is baked in into our development process in the form of mandatory ACK process every patch has to go through. In addition, OpenVPN codebase is scanned using Coverity Scan which can detect many potential security vulnerabilities.

Dynamic black-box testing

Dynamic black box testing means trying out an application and verifying if it works as intended. In closed-source software development which is organized around the waterfall model there are usually dedicated testers who do various scripted or intuitive tests to verify an application works as intended, usually just before launch. In complex applications such as OpenVPN testing even a small fraction of functionality would be impractical and very costly. However, in Lean software development methodologies such as Scrum and community-driven OSS development this kind of dedicated testing effort is unnecessary.

In OpenVPN (and most other open source projects), the stability of stable releases (e.g. 2.1, 2.2) is ensured with real-life testing by it's users during development, alpha, beta and rc phases. Even though only a small subset of users will be running the development code or "unstable" releases, they will be able to catch the most obvious issues. As using compiling OpenVPN from development code (in Git) is difficult especially for Windows users, "unstable" releases are pushed out as fast as possible.

The key to maintaining quality is pushing out "unstable" releases as often as possible

The project also has a Buildbot buildmaster, which drives several buildslaves. Each of these buildslaves is running a different operating system, and every commit to the OpenVPN Git repository triggers a build on them. After the build, each buildslave's openvpn tries to connect to a test server using several different configurations, thus ensuring that basic functionality is unaffected by the commit.