-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07.09.2012 17:25, jules wrote: > Hi folks, > > > I was wondering if there was any group out there that has validated trac > > for use in a regulated environment? My company has been using trac for the > > last few years for defect tracking workflow, but we're applying to be a > > class 1 medical device and have to validate all of our internal software. > > Just wondering if anyone out there has done it or did they have to migrate > > their ticketing system to something else.
Interesting questions. But bear in mind, that few of us may even know details of terms like "class 1 medical device". To fill into this gap I provide results of a quick research of mine [1][2]. I know, this is partly advertising for that companies product(s), but don't mind since I'm not at all affiliated with them. Now that I've found some key requirements I can assure you, that you'll probably meet most of them with Trac, if you have a suitable ticket work-flow and restrictive user permissions setup. I'd even vote to go for new horizons with known-good tools, that your staff is familiar with. Your company may by an FDA verified toolbox at any time. But will your critical business knowledge migrate into it automatically? We all know the answer: Consultants. Don't get me wrong, Some may be pretty much worth the money, but I hate doing the ground work, being told how to do different, and finally taking responsibility and work to fix stuff because of decisions I wasn't heard or even asked about. If you're clueless, take that route, but if you know a bit, don't let them make you look like a fool. /rant finished The most critical part from my point of view is the digital signature thing. I'm sorry, there's no native Trac solution for that right now, but I suggest keeping an eye on CryptoPlugin [3]. (Disclosure: I'm the author.) This is currently WiP, but I've envisioned requirements like these mentioned to be checked by FDA, so probably I'll address most of them, later on. I'm testing wiki pages signed with strong crypto algorithms (not published yet), and will extend this to attachments and tickets too, as I progress. Encryption is planned as well - think of restricted content, but not by means of rather weak permission checks, that will disclose information, if the plugin is deactivated or just dysfunctional[4], but using industry grade crypto again. So in worst case you'll see just garbage, but only using your OpenPGP key you'll be able to retrieve the content after encryption. I'd welcome detailed specs and requirements to be able to address them as my time permits. Bear in mind, that I won't be able to do any software validation other than adding unit tests to prove fitness for the/your/any application. This would be left to you or to your companies partners. I put faith in Trac for my own Trac applications. If you already trust in Trac, you could share my vision, and it may be worth to try making it a TrustedTrac [5]. Sincerely, Steffen Hoffmann [1] http://www.arenasolutions.com/resources/articles/medical-device-development [2] http://www.arenasolutions.com/resources/articles/21cfrpart11-compliance [3] http://trac-hacks.org/wiki/CryptoPlugin [4] http://trac-hacks.org/ticket/5784 [5] http://trac.edgewall.org/wiki/TracDev/TrustedTrac -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlBKXYsACgkQ31DJeiZFuHeLWgCgykW5WAaF6uI9aSHM7R4uPhKZ 23AAoIuBHHyJnw2mwqEdiV00npEYIFU2 =LXPO -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.
