Libellus Potionis

遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。

没有一套可以保证软件永远不会有缺陷或漏洞的做法;如果规范或假设是错误的,即使合适的方法也可能失败。也没有哪些做法可以保证一个项目能够维持健康和运作良好的开发者社区。但是,遵循最佳做法可以帮助改善项目的成果。例如,一些做法可以在发布之前进行多人评估,这可以帮助您找到其他难以找到的技术漏洞,并帮助建立信任,并希望不同公司的开发人员之间进行重复的交互。要获得徽章,必须满足所有“必须”和“禁止”的条款,满足所有“应该”条款或有合适的理由,所有“建议”条款必须满足或未满足(至少希望考虑)。欢迎通过 GitHub网站创建问题或提出请求进行反馈。另外还有一个一般讨论邮件列表

如果这是您的项目,请在项目页面上显示您的基准徽章状态!基准徽章状态如下所示: 项目13480的基准徽章等级为baseline-2 以下是如何嵌入基准徽章:
您可以通过将其嵌入到Markdown文件中来显示您的基准徽章状态:
[![OpenSSF Baseline](https://www.bestpractices.dev/projects/13480/baseline)](https://www.bestpractices.dev/projects/13480)
或者将其嵌入到HTML中:
<a href="https://www.bestpractices.dev/projects/13480"><img src="https://www.bestpractices.dev/projects/13480/baseline"></a>


这些是基准等级2的标准。 这些是标准版本 v2026.02.19。

Baseline Series: 基准等级1 基准等级2 基准等级3

        

 基本

  • 常规

    请注意,其他项目可能使用相同的名称。

    Libellus Potionis is a privacy-first, free, open-source, ad-free alcohol-consumption tracker that helps users monitor, pace, and manage their drinking habits entirely offline. It needs no invasive device permissions — no camera, microphone, or location access — and works completely without network connectivity.

    Key features

    • Intelligent logging: predefine custom beverages or use internationally common presets, and log drinks instantly or retroactively with precise timestamp corrections.
    • Concurrent limit tracking: set three simultaneous boundaries — a daily limit (grams of pure alcohol), a rolling 7-day weekly limit (grams), and a maximum number of drinking days per week — with visual progress bars in real time.
    • Blood-alcohol (BAC) estimation: enter your body weight for a live BAC approximation based on the established Widmark formula.
    • Addiction-counseling reports: generate a clear, well-organized two-page PDF report designed for consultations and counseling appointments.
    • Data portability: export your complete dataset as a standard CSV file for external processing (e.g. in LibreOffice Calc), or create secure JSON backups to migrate data between devices.
    • Granular adjustments: customize your "day start" time so late-night drinks count toward the correct evening, and define custom evaluation start dates for clean restarts.

    A comprehensive User's Guide is fully accessible in-app. The app is available on F-Droid.

    请使用 SPDX许可证表达格式;例子包括“Apache-2.0”,“BSD-2-Clause”,“BSD-3-Clause”,“GPL-2.0+”,“LGPL-3.0 +”,“MIT”和“(BSD-2-Clause OR Ruby)”。
    如果有多种语言,请将它们列为逗号分隔值(可选空格),并将它们从最多到最少使用。如果有长列表,请至少列出前三个最常见的列表。如果没有语言(例如,这是仅文档或仅测试项目),请使用单个字符“ - ”。请使用每种语言的常规大小写,例如“JavaScript”。
    通用平台枚举(CPE)是用于信息技术系统,软件和软件包的结构化命名方案。在报告漏洞时,它可用于多个系统和数据库。

    Libellus Potionis is a privacy-first, offline, ad-free Android app for tracking, pacing, and managing alcohol consumption. It requests no network permission and no camera/microphone/location access; all data stays on the device in the app's private, sandboxed storage, encrypted at rest (AES-256-GCM via the Android Keystore), with an optional biometric lock. It is Free Software under GPL-3.0-or-later, developed openly on Codeberg and distributed through F-Droid. The project is deliberately maintained as a teaching-quality codebase: every source file carries a license header and KDoc, and a release gate (tools/release-check.sh) enforces documentation, version consistency, English-only source, and translation completeness. Quality is guarded by a broad automated test suite (JVM unit tests plus instrumented Room-migration, Compose-UI, and locale tests) and by Android Lint and Kotlin compiler warnings promoted to build-breaking errors.

 控制 19/19

  • 控制


    当执行CI/CD任务且未指定权限时,CI/CD系统必须将任务的权限默认为管道中授予的最低权限。 [OSPS-AC-04.01]
    配置项目的设置,默认情况下为新管道分配最低可用权限,仅在特定任务需要时才授予额外权限。

    N/A. This control is conditional on the project operating a CI/CD system, and the project has none. There is no CI/CD platform or pipeline in the repository (no Woodpecker, Forgejo Actions, GitHub Actions, GitLab CI, or other pipeline configuration is present). Releases are built and published manually with Fastlane, run locally by the sole maintainer on a trusted checkout, so there are no automated CI/CD task permissions that could be defaulted to a lower privilege level; the precondition never occurs. Should a CI/CD pipeline be introduced later, it will be configured to grant the lowest available permissions by default and to add scopes only where a specific task requires them (tracked in the project roadmap).



    当创建正式发布时,该发布必须分配一个唯一的版本标识符。 [OSPS-BR-02.01]
    为项目生成的每个发布分配一个唯一的版本标识符,遵循一致的命名约定或编号方案。示例包括SemVer、CalVer或git提交id。

    Every user-facing release has a unique version identifier. The app carries a three-part versionName (MAJOR.MINOR.PATCH) and a strictly increasing integer versionCode, both defined in android/app/build.gradle.kts. CONTRIBUTING.md requires that the versionName, the top CHANGELOG.md entry, the README title, and the proguard-rules.pro header all carry the same version string and that versionCode increases by at least 1 each release; the tools/release-check.sh release gate enforces this consistency automatically. See https://codeberg.org/godisch/potillus/src/branch/main/CONTRIBUTING.md#7-versioning--release-checklist



    当创建正式发布时,该发布必须包含功能和安全修改的描述性日志。 [OSPS-BR-04.01]
    确保所有发布都包含描述性的变更日志。建议确保变更日志是人类可读的,并且包含超出提交消息的详细信息,例如安全影响的描述或与不同用例的相关性。为确保机器可读性,请将内容放在markdown标题下,例如"## Changelog"。

    Each release is accompanied by human-readable release notes in CHANGELOG.md: a curated summary (not raw version-control log output), with a concise subject line plus prose describing the major changes, typically separating user-facing changes from internal ones so users can judge the upgrade impact. Localized store release notes are additionally maintained per versionCode under fastlane/metadata/android/<locale>/changelogs/. URL: https://codeberg.org/godisch/potillus/src/branch/main/CHANGELOG.md [release_notes]



    当构建和发布管道摄取依赖项时,它必须使用标准化工具(如果可用)。 [OSPS-BR-05.01]
    为您的生态系统使用通用工具,例如包管理器或依赖项管理工具,以在构建时摄取依赖项。这可能包括使用依赖项文件、锁文件或清单来指定所需的依赖项,然后由构建系统拉入。

    External dependencies are declared in a computer-processable, versioned form and are obtained automatically by a standard build. The Gradle version catalog (android/gradle/libs.versions.toml) pins every library and plugin version in its [versions], [libraries], and [plugins] tables, referenced via alias(libs.…) in the build scripts; settings.gradle.kts configures the repositories (google, mavenCentral, gradlePluginPortal), so ./gradlew resolves and downloads all declared dependencies with no manual steps. The build additionally generates a CycloneDX 1.6 JSON SBOM of the release dependencies as a standardized machine-readable inventory. URL: https://codeberg.org/godisch/potillus/src/branch/main/android/gradle/libs.versions.toml [external_dependencies]



    当创建正式发布时,该发布必须进行签名或在包含每个资产加密哈希值的签名清单中进行说明。 [OSPS-BR-06.01]
    在构建时使用加密签名或证明(例如GPG或PGP签名、Sigstore签名、SLSA来源或SLSA VSA)对所有发布的软件资产进行签名。在签名清单或元数据文件中包含每个资产的加密哈希值。

    Releases are cryptographically signed with the maintainer's own Android app-signing key via reproducible builds; the private key is held only by the maintainer and is never stored on Codeberg, F-Droid, or any other distribution site. SECURITY.md ("Verifying releases") documents how users obtain the public key and verify a release: the F-Droid client verifies the signature automatically and the project's F-Droid metadata pins the allowed signing key; users can also compare the APK signing certificate SHA-256 fingerprint (7506f17184b31a2d67621305d190a73e497806b39f7d64463ff5dbc0afd8317b) via apksigner verify --print-certs, or reproduce the build and compare. URL: https://codeberg.org/godisch/potillus/src/branch/main/SECURITY.md#verifying-releases [signed_releases]



    当项目发布版本后,项目文档必须包含项目如何选择、获取和跟踪其依赖项的描述。 [OSPS-DO-06.01]
    建议在可公开查看的资源(如源代码存储库、项目网站或其他渠道)上与项目的技术和设计文档一起发布此信息。

    The project's documentation describes how it selects, obtains, and tracks dependencies. Selection: CONTRIBUTING.md states "Minimal dependencies: every library must justify its presence; prefer AndroidX stable releases over alpha/beta" (https://codeberg.org/godisch/potillus/src/branch/main/CONTRIBUTING.md). Obtaining: COPYING.md documents that all third-party libraries are consumed exclusively as Gradle build dependencies declared by exact Maven coordinates in android/gradle/libs.versions.toml, never vendored (https://codeberg.org/godisch/potillus/src/branch/main/COPYING.md). Tracking: versions are pinned in that catalog; a CycloneDX SBOM is generated for every release as the authoritative inventory; and dependencies are scanned periodically with osv-scanner against that SBOM, per SECURITY.md ("Dependency monitoring") — https://codeberg.org/godisch/potillus/src/branch/main/SECURITY.md#dependency-monitoring .



    项目文档必须包含如何构建软件的说明,包括所需的库、框架、SDK 和依赖项。 [OSPS-DO-07.01]
    建议将此信息与项目的贡献者文档一起发布,例如在 CONTRIBUTING.md 或其他开发者任务文档中。也可以使用 Makefile 目标或其他自动化脚本来记录此信息。

    It is easy to get started developing the software. The project is a standard Android Gradle project: cloning the repository and running the bundled Gradle wrapper (./gradlew) builds it with no manual Gradle installation, and all dependency and plugin versions are pinned in the version catalog with repositories preconfigured in settings.gradle.kts, so a fresh checkout builds without additional setup. Developers can import it into Android Studio or run ./gradlew assembleDebug and installDebug to see changes on an emulator or device. CONTRIBUTING.md (architecture, build/test commands, release checklist) and the README's "Technical Aspects" document the path from clone to a running build. [installation_development_quick]



    在活动期间,项目文档必须包含有权访问敏感资源的项目成员列表。 [OSPS-GV-01.01]
    通过项目源代码存储库中的members.md、governance.md、maintainers.md或类似文件等工件记录项目参与者及其角色。这可以简单到在维护者列表中包含姓名或账户句柄,或者根据项目的治理更复杂。

    The project documentation lists the members with access to sensitive resources in docs/GOVERNANCE.md — https://codeberg.org/godisch/potillus/src/branch/main/docs/GOVERNANCE.md . The "Key roles" section names the sole role holder ("Maintainer / project lead"), and "Repository access and account security" states that write (push) access to the canonical repository is currently held only by the maintainer, who must have 2FA enabled. The document notes that any change in maintainers will be recorded there, so the list stays current while the project is active.



    在活动期间,项目文档必须包含项目成员的角色和责任的描述。 [OSPS-GV-01.02]
    通过项目源代码存储库中的members.md、governance.md、maintainers.md或类似文件等工件记录项目参与者及其角色。

    The project's key roles and responsibilities are documented in docs/GOVERNANCE.md ("Key roles"). The project currently has a single role — Maintainer / project lead, held by Martin A. Godisch (android@godisch.de) — with explicitly listed responsibilities: triaging and answering issues, reviewing and merging contributions, handling security reports, maintaining translations and documentation, and preparing and signing releases. It is clear who holds the role, and contributors take on no formal ongoing role beyond their individual contributions. URL: https://codeberg.org/godisch/potillus/src/branch/main/docs/GOVERNANCE.md#key-roles [roles_responsibilities]



    在活动期间,项目文档必须包含代码贡献者指南,其中包括可接受贡献的要求。 [OSPS-GV-03.02]
    扩展项目文档中的CONTRIBUTING.md或CONTRIBUTING/的内容,以概述可接受的贡献要求,包括编码标准、测试要求和代码贡献者的提交指南。建议将该指南作为贡献者和批准者的真实来源。

    CONTRIBUTING.md documents the requirements for acceptable contributions. Section 2 ("Submitting changes"), step 3, makes them a merge precondition and points to the relevant sections; Section 4 ("Coding conventions") names the required coding standard — the official Kotlin coding conventions — together with mandatory KDoc and constant/default/enum-persistence rules; Sections 3 (architecture) and 5 (testing) add the remaining acceptance rules. ./gradlew test and tools/release-check.sh must pass. URL: https://codeberg.org/godisch/potillus/src/branch/main/CONTRIBUTING.md#4-coding-conventions [contribution_requirements]



    处于活跃状态时,版本控制系统必须要求所有代码贡献者在每次提交时断言他们有合法授权提交相关的贡献。 [OSPS-LE-01.01]
    在项目的代码库中包含一个DCO,要求代码贡献者在每次提交时断言他们有合法授权提交相关贡献。使用状态检查以确保完成此断言。CLA也满足此要求。某些版本控制系统(例如GitHub)可能会在平台服务条款中包含此项。

    Contributions are governed by the Developer Certificate of Origin (DCO). CONTRIBUTING.md, Section 2, requires every commit to be signed off with a Signed-off-by line (via git commit -s) and links to https://developercertificate.org/, documenting what sign-off means for this project. This is the recommended lightweight legal mechanism by which contributors assert they are authorized to submit their contributions under the project's GPL-3.0-or-later license. URL: https://codeberg.org/godisch/potillus/src/branch/main/CONTRIBUTING.md#developer-certificate-of-origin-dco [dco]



    当向主分支提交时,必须通过或手动绕过提交的任何自动化状态检查。 [OSPS-QA-03.01]
    配置项目的版本控制系统,要求所有自动化状态检查通过或在提交合并到主分支之前需要手动确认。建议不要将任何可选状态检查配置为批准者可能会绕过的通过或失败要求。

    N/A. This control is conditional on the project running automated status checks for commits, and the project runs none. It operates no CI/CD system or pipeline (no Woodpecker, Forgejo Actions, GitHub Actions, GitLab CI, or other automation is configured), so no automated status checks execute when a commit is proposed to the primary branch (main). There are therefore no checks that could pass, fail, or require manual bypassing before a merge. Direct pushes to main are already blocked by branch protection, so changes land through reviewed pull requests. Should automated status checks be introduced later (e.g. a CI pipeline), branch protection will be configured to require them to pass before merge, as noted in the project roadmap.



    在接受提交之前,项目的CI/CD管道必须运行至少一个自动化测试套件,以确保更改符合预期。 [OSPS-QA-06.01]
    应在每次合并到主分支之前运行自动化测试。测试套件应在CI/CD管道中运行,结果应对所有贡献者可见。测试套件应在一致的环境中运行,并应以允许贡献者在本地运行测试的方式运行。测试套件的示例包括单元测试、集成测试和端到端测试。

    N/A. This control's normative requirement — "the project's CI/CD pipelines MUST run at least one automated test suite" — is conditional on the project operating CI/CD pipelines, and the project operates none. (Running the suite in a CI/CD pipeline is stated only as a recommendation in the criterion's details, not as a MUST.) No CI/CD system or pipeline is configured, so there are no pipelines that could run a test suite prior to a commit being accepted, and the obligation is not triggered. The project does maintain automated test suites — JVM unit tests and on-device instrumentation tests — that any contributor can run locally (make unit-test, make test) and that run alongside the release-readiness gate before each release. Should a CI/CD pipeline be introduced later, it will run this existing suite; this is tracked in the project roadmap.



    当项目发布版本时,项目文档必须包括设计文档,展示系统中的所有操作和参与者。 [OSPS-SA-01.01]
    在项目文档中包括说明操作和参与者的设计。参与者包括可以影响系统中另一段的任何子系统或实体。确保为新功能或重大更改更新此文档。

    The software's high-level architecture is documented in CONTRIBUTING.md §3 ("Architecture rules"): it lists the major components (the data/, data/security/, domain/, l10n/, ui/, and util/ packages and their roles) and the relationships and layering constraints among them (the domain layer is framework-free and JVM-testable, Room types stay within the data layer, repositories expose only domain models, and ViewModels are context-free except SettingsViewModel). The README's "Technical Aspects" section additionally documents the key technologies and the manual dependency-injection approach (PotillusApp lazy singletons), Room, and Jetpack Compose. URL: https://codeberg.org/godisch/potillus/src/branch/main/CONTRIBUTING.md#3-architecture-rules [documentation_architecture]



    当项目发布版本时,项目文档必须包括对已发布软件资产的所有外部软件接口的描述。 [OSPS-SA-02.01]
    记录已发布软件资产的所有软件接口(API),解释用户如何与软件交互以及期望或产生什么数据。确保为新功能或重大更改更新此文档。

    The software is a GUI Android application; its external interface is the user interface together with the file formats it reads and writes, both documented in the User's Guide as reference material describing inputs and outputs. Inputs: drink logging, limit configuration, and body weight (used to estimate blood alcohol concentration via the Widmark formula). Outputs: the statistics screen (by week/month/year), a CSV export for spreadsheet processing, and a two-page PDF report. The JSON backup interface is documented for both directions — export produces a single JSON file containing all drinks and the complete log, and import offers explicit "replace" and "merge" modes. See https://codeberg.org/godisch/potillus/src/branch/main/android/docs/guide/usersguide.md.in [documentation_interface]



    当项目发布版本时,项目必须执行安全评估,以了解软件中可能发生的最可能和最具影响力的潜在安全问题。 [OSPS-SA-03.01]
    执行安全评估可以告知项目成员和下游消费者,项目了解软件中可能出现的问题。了解可能实现的威胁有助于项目管理和应对风险。此信息对下游消费者很有用,可以证明项目的安全敏锐度和实践。确保为新功能或重大更改更新此文档。

    The project provides a security assurance case in docs/ASSURANCE_CASE.md (linked from SECURITY.md). It states the security requirements, describes the threat model (assets, in-scope adversaries/attacks, and explicit out-of-scope residual risks), identifies the trust boundaries (app sandbox, hardware-backed Keystore, FLAG_SECURE screen boundary, device/biometric authentication, the export boundary, and the absence of a network boundary), argues that secure design principles were applied (least privilege, secure defaults, economy of mechanism, defense in depth, fail-safe), and maps common implementation weakness classes to their countermeasures (injection, insecure storage, cryptography, input validation, network exposure, memory safety, tampering, and upgrade data integrity). URL: https://codeberg.org/godisch/potillus/src/branch/main/docs/ASSURANCE_CASE.md [assurance_case]



    处于活跃状态时,项目文档必须包括协调漏洞披露(CVD)的政策,并有明确的响应时间框架。 [OSPS-VM-01.01]
    在目录根目录创建一个SECURITY.md文件,概述项目的协调漏洞披露政策。包括报告漏洞的方法。设定项目将如何响应和处理报告问题的期望。

    The process for reporting vulnerabilities is published in SECURITY.md at the repository root (which Codeberg/Forgejo surfaces as the project's security policy) and is linked from the README's "Security" section. Reporters are asked to disclose privately via PGP-encrypted e-mail to android@godisch.de rather than opening a public issue. URL: https://codeberg.org/godisch/potillus/src/branch/main/SECURITY.md [vulnerability_report_process]



    处于活跃状态时,项目文档必须提供一种方法,用于直接向项目内的安全联系人私下报告漏洞。 [OSPS-VM-03.01]
    为安全研究人员提供一种方式,以私下向项目报告漏洞。这可能是专用电子邮件地址、Web表单、VCS专用工具、安全联系人的电子邮件地址或其他方法。

    Private vulnerability reporting is the required path and SECURITY.md documents exactly how to send the information privately: a PGP-encrypted e-mail to android@godisch.de, using the maintainer's published key (fingerprint 1842 323B 4FCF 9B90 995F A17F A350 B991 F05A 4857), retrievable from the official Debian keyserver (hkps://keyring.debian.org:443). If a reporter cannot use PGP, the maintainer arranges a secure channel before any sensitive details are shared. URL: https://codeberg.org/godisch/potillus/src/branch/main/SECURITY.md [vulnerability_report_private]



    处于活跃状态时,项目文档必须公开发布有关已发现漏洞的数据。 [OSPS-VM-04.01]
    在可预测的公共渠道(例如CVE条目、博客文章或其他媒体)中提供有关已知漏洞的信息。在可能的情况下,此信息应包括受影响的版本、消费者如何确定他们是否容易受到攻击以及缓解或修复的说明。

    While active, the project publicly publishes data about discovered vulnerabilities through predictable public channels documented in SECURITY.md ("Security advisories") — https://codeberg.org/godisch/potillus/src/branch/main/SECURITY.md#security-advisories . Security-relevant fixes are recorded in the release notes (CHANGELOG.md) and the corresponding Codeberg release, stating the affected version(s), how a user can determine whether they are affected, and the remediation — updating to the fixed version, distributed via F-Droid.



该数据可在社区数据许可协议 – 许可性,版本 2.0 (CDLA-Permissive-2.0)下获取。这意味着数据接收方可以共享数据,无论是否经过修改,只要数据接收方在共享数据时提供本协议文本。请注明Martin A. Godisch和OpenSSF最佳实践徽章贡献者。

项目徽章条目拥有者: Martin A. Godisch.
最后更新于 2026-07-04 04:21:04 UTC, 最后更新于 2026-07-16 12:34:54 UTC。 最后在 2026-07-04 08:45:54 UTC 获得通过徽章。