The concept of trusted community extensions is driven by user request, especially from larger organizations which want to use certain community extensions in "production" processes. The goal is that community extensions become more widely used and accepted as high-quality extensions to KNIME.
Trusted community extensions provide the following guarantees to users:
- Backward compatibility, i.e. existing workflows will continue to work with newer version
- Compliance with KNIME usage model and quality standards
- Support (via forum) in case of problems
- Maintenance for the last two KNIME versions
The trusted community extensions are immediately available via KNIME's standard extension installation mechanism.
In order to fulfill the above guarantees, developers are required to satisfy the following items:
- Test workflows for each node
Having a test workflow for each node will make it easier to detect compatibility breaks. These testflows are not necessarily full functional tests, because certain extensions already have testcases for the underlying libraries or binaries. However, the testflows should check common usage scenarios with which compatibility issues can be detected at an early stage. Untested nodes are detected and reported by the test system.
- Compliance with Noding Guidelines
The official Noding Guidelines describe the expected behaviour of every KNIME node. All nodes should follow the guidelines in order to guarantee a smooth user experience. The Noding Guidelines come with a check list that every node should checked against. KNIME will perform regular cross-checks, but it is in the responsibility of the developers to ensure compliance.
- No known security issues
When an extension uses external libraries, special care must be taken that these libraries are updated whenever there is a known security issue. Especially commercial users are very sensitive and IT departments may ban KNIME Analytics Platform altogether if a single extension contains libraries with potential security risks. Therefore as soon as a CVE is published for a dependency the potential effects on the KNIME extension must be analyzed and the library updated if necessary. We will add automated checks to the build pipeline in the future and "untrust" extensions if necessary.
- Release Notes/Changelog
Each project should maintain release notes and/or a changelog on its web page so that user's can easily get an overview of new features and fixed bugs.
- Active and reliable contact
Each trusted extension should have one or more active contact persons. They should react to requests from both users and KNIME Analytics Platform within a reasonable amount of time (within 2-3 working days).
In order to become trusted, extension maintainers have to actively contact us and provide all necessary evidence that the above requirements are fulfilled. We are happy to assist you in the process as much as possible. Once a project has become trusted, it will be re-evaluated before each new KNIME Analytics Platform release. All community extension maintainers will get previews of new KNIME releases several weeks before the anticipated release date so that there should be enough time for validation.