Thanks Steffan, Most of the other stuff is writing up a set of requirements and paperwork on the trac system we already have installed. We know that part. Trac does everything we want it to do right now except the encryption and signing electronically.
The biggest sticking point for us is going to be the use of electronic signatures. We will need it if we plan on using trac as a sign off tool. Is anyone working on such a module for trac? Regards, J On Friday, September 7, 2012 4:48:25 PM UTC-4, hasienda wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07.09.2012 17:25, jules wrote: > > Hi folks, > > > > > > I was wondering if there was any group out there that has validated trac > > > > for use in a regulated environment? My company has been using trac for > the > > > > last few years for defect tracking workflow, but we're applying to be a > > > > class 1 medical device and have to validate all of our internal > software. > > > > Just wondering if anyone out there has done it or did they have to > migrate > > > > their ticketing system to something else. > > Interesting questions. But bear in mind, that few of us may even know > details of terms like "class 1 medical device". To fill into this gap I > provide results of a quick research of mine [1][2]. I know, this is > partly advertising for that companies product(s), but don't mind since > I'm not at all affiliated with them. > > Now that I've found some key requirements I can assure you, that you'll > probably meet most of them with Trac, if you have a suitable ticket > work-flow and restrictive user permissions setup. I'd even vote to go > for new horizons with known-good tools, that your staff is familiar with. > > Your company may by an FDA verified toolbox at any time. But will your > critical business knowledge migrate into it automatically? We all know > the answer: Consultants. Don't get me wrong, Some may be pretty much > worth the money, but I hate doing the ground work, being told how to do > different, and finally taking responsibility and work to fix stuff > because of decisions I wasn't heard or even asked about. If you're > clueless, take that route, but if you know a bit, don't let them make > you look like a fool. /rant finished > > The most critical part from my point of view is the digital signature > thing. I'm sorry, there's no native Trac solution for that right now, > but I suggest keeping an eye on CryptoPlugin [3]. (Disclosure: I'm the > author.) > > This is currently WiP, but I've envisioned requirements like these > mentioned to be checked by FDA, so probably I'll address most of them, > later on. I'm testing wiki pages signed with strong crypto algorithms > (not published yet), and will extend this to attachments and tickets > too, as I progress. > > Encryption is planned as well - think of restricted content, but not by > means of rather weak permission checks, that will disclose information, > if the plugin is deactivated or just dysfunctional[4], but using > industry grade crypto again. So in worst case you'll see just garbage, > but only using your OpenPGP key you'll be able to retrieve the content > after encryption. > > I'd welcome detailed specs and requirements to be able to address them > as my time permits. Bear in mind, that I won't be able to do any > software validation other than adding unit tests to prove fitness for > the/your/any application. This would be left to you or to your companies > partners. > > I put faith in Trac for my own Trac applications. If you already trust > in Trac, you could share my vision, and it may be worth to try making it > a TrustedTrac [5]. > > Sincerely, > > Steffen Hoffmann > > > [1] > http://www.arenasolutions.com/resources/articles/medical-device-development > [2] > http://www.arenasolutions.com/resources/articles/21cfrpart11-compliance > [3] http://trac-hacks.org/wiki/CryptoPlugin > [4] http://trac-hacks.org/ticket/5784 > [5] http://trac.edgewall.org/wiki/TracDev/TrustedTrac > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAlBKXYsACgkQ31DJeiZFuHeLWgCgykW5WAaF6uI9aSHM7R4uPhKZ > 23AAoIuBHHyJnw2mwqEdiV00npEYIFU2 > =LXPO > -----END PGP SIGNATURE----- > -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/trac-users/-/2P5H2r9MLHQJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.
