All charms ...
- must follow the spirit of the Ubuntu Values.
- must serve a useful purpose and have well defined behavior.
- must also be valid for the charm format defined in juju's documentation.
- must verify that any software installed or utilized is verified as coming from the intended source. Any software installed from the Ubuntu archive satisfies this due to the apt sources including cryptographic signing information. See this site for a list of common methods.
- must be entirely self contained or depend only on reliable external services. reliable
- must include a full description of what the software does in the metadata.
- must provide a means to protect users from known security vulnerabilities in a way consistent with best practices as defined by either Ubuntu policies or upstream documentation. Basically this means there must be instructions on how to apply updates if you use software not from Ubuntu.
- must pass "charm proof" with no errors (lines prefixed with E:), remember this step!
- must have a maintainer email address in metadata.yaml attached to a team or individual who are responsive to contact regarding the charm.
- must include a license. Call the file 'copyright' and make sure all files' licenses are specified clearly. license
- must be under a Free license. license2
- must have hooks that are idempotent idempotent
- must not run any network services using default passwords.
- must call juju API tools (relation-*, unit-*, config-*, etc) without a hard coded path.
- should default to use software that is included in the Ubuntu archive, however we encourage that charm authors have a config options for allowing users to deploy from newer upstream releases, or even right from VCS if it's useful to users.
- should not use anything infrastructure-provider specific (i.e. querying EC2 metadata service) symlinks must be self contained within a charm.
- should make use of AppArmor to increase security