Hi Sunil I don’t think we ever have a wiki, do we still need to add that? I see some projects leave that empty as well.
Sent from my iPhone > On Jan 23, 2022, at 2:07 PM, Sunil Govindan <sun...@apache.org> wrote: > > @Weiwei Yang <w...@apache.org> > Could you please add WIKI as well to this? > > Thanks > Sunil > >> On Sun, Jan 23, 2022 at 1:33 PM Weiwei Yang <w...@apache.org> wrote: >> >> Thank you Felix. >> I have added the initial podling status file: >> >> https://svn.apache.org/repos/asf/incubator/public/trunk/content/podlings/yunikorn.yml >> . >> Please let me know if that looks good or not. >> >>> On Sat, Jan 22, 2022 at 10:18 PM Sunil Govindan <sun...@apache.org> wrote: >>> >>> I will reach out to them. >>> >>> Thanks >>> Sunil >>> >>> On Sat, Jan 22, 2022 at 9:00 PM Felix Cheung <felixcheun...@hotmail.com> >>> wrote: >>> >>>> Pls add the podling status file >>>> >>> >> https://svn.apache.org/repos/asf/incubator/public/trunk/content/podlings/ >>>> >>>> 3 ppmc members have not subscribed to private@ >>>> >>>> These can be found on >>>> https://whimsy.apache.org/roster/ppmc/yunikorn >>>> >>>> < >>> >> https://svn.apache.org/repos/asf/incubator/public/trunk/content/podlings/ >>>>> >>>> ________________________________ >>>> From: Weiwei Yang <w...@apache.org> >>>> Sent: Thursday, January 20, 2022 10:05:55 PM >>>> To: dev@yunikorn.apache.org <dev@yunikorn.apache.org> >>>> Cc: priv...@yunikorn.apache.org <priv...@yunikorn.apache.org> >>>> Subject: Re: Apache YuniKorn (Incubating) - Community Graduation Vote >>>> >>>> hi all >>>> >>>> Most issues under the graduation preparation JIRA YUNIKORN-1005 >>>> <https://issues.apache.org/jira/browse/YUNIKORN-1005> are fixed. >>>> The remaining one is the who-are-we web page, I am currently collecting >>>> info for that, should be done by next week. >>>> Shall we start to vote now? I can start a new thread for the community >>>> voting if nobody has objections. >>>> >>>> On Tue, Jan 11, 2022 at 11:02 AM Wilfred Spiegelenburg < >>>> wilfr...@apache.org> >>>> wrote: >>>> >>>>> None of the security lists mentioned in the security page [1] are >>>>> moderated. They are private lists, i.e. not openly available for >>>>> browsing in an archive, but not moderated. Using the private@ for >>>>> YuniKorn does not seem to line up with what other projects do either. >>>>> None of the recently graduated projects mention anything like using >>>>> the private@ mailing list on their sites. They all have just used >> the >>>>> general security link mentioned on their site unless they have a >>>>> specific security@ list. YuniKorn would be the one standing out from >>>>> what seems to be the norm. >>>>> Examples from the last 2 years of graduated projects using a simple >>>>> link or a text pointing to [1]: Pinot, Dolphinscheduler, Ratis, >>>>> Echarts, Gobblin, TVM, Superset and Datasketches. There are more but >> I >>>>> think this provides an overview of what is expected on graduation. >>>>> >>>>> Wilfred >>>>> >>>>> [1] https://www.apache.org/security/ >>>>> >>>>> On Tue, 11 Jan 2022 at 18:21, Weiwei Yang <w...@apache.org> wrote: >>>>>> >>>>>> Hi Wilfred >>>>>> >>>>>> Adding a security@ mailing list sounds like a good idea, but I do >>> not >>>>> think that is required in the current stage. >>>>>> We can do that post-graduate. For now, the Apache security doc said >>>>>> >>>>>>> We strongly encourage you to report potential security >>>> vulnerabilities >>>>> to one of our private security mailing lists first, before disclosing >>>> them >>>>> in a public forum. >>>>>> >>>>>> I do not see any issue if we use our private@ mailing list for >> this >>>>> purpose. >>>>>> >>>>>> On Mon, Jan 10, 2022 at 11:01 PM Wilfred Spiegelenburg < >>>>> wilfr...@apache.org> wrote: >>>>>>> >>>>>>> The private@ is a moderated list. This has two issues: a >> moderator >>>>>>> needs to approve any message not sent by a PMC member. This will >>> slow >>>>>>> down the process of interaction with the reporter. It would also >> not >>>>>>> reach the YuniKorn committers group as not all committers are part >>> of >>>>>>> the PMC. Security issues should be handled and worked on by all >>>>>>> committers not just by the PMC members. >>>>>>> >>>>>>> The security notification update made to the website I think does >>> not >>>>>>> line up with the security guidelines referenced in the link >> provided >>>>>>> in the dropdown menu of the YuniKorn site [1]. In that link there >>> is a >>>>>>> well defined way to report security issues. If we need to enhance >>> and >>>>>>> extend what we do we either establish a security@ mailing list >> and >>>>>>> provide a static page with security related information on our >> site >>> or >>>>>>> we leave it as is. My preference would be to establish a security@ >>>>>>> list and make all committers a member of that list. >>>>>>> >>>>>>> I think we need to roll back the website changes part of >>> YUNIKORN-1006 >>>>>>> [2] in PR [3] for the website. >>>>>>> >>>>>>> Wilfred >>>>>>> >>>>>>> [1] https://www.apache.org/security/ >>>>>>> [2] https://issues.apache.org/jira/browse/YUNIKORN-1006 >>>>>>> [3] https://github.com/apache/incubator-yunikorn-site/pull/105 >>>>>>> >>>>>>> On Tue, 11 Jan 2022 at 04:45, Holden Karau <hol...@pigscanfly.ca> >>>>> wrote: >>>>>>>> >>>>>>>> For "The project provides a well-documented, secure and private >>>>> channel to report security issues, along with a documented way of >>>>> responding to them.' the standard that I've seen used is to tell >> people >>>> to >>>>> e-mail private@ when they think they might have a security related >>>> issue. >>>>> I think that would probably work well for Yunikorn too. >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Jan 10, 2022 at 7:04 AM Chenya Zhang < >>>>> chenyazhangche...@gmail.com> wrote: >>>>>>>>> >>>>>>>>> Hi Weiwei, >>>>>>>>> >>>>>>>>> Thanks for driving this! The evaluation is quite comprehensive >>>>> overall. I checked our Apache project maturity guidelines and noticed >>> the >>>>> below three items. Not sure if we already have them but they are not >>>>> blockers to our graduation. We could think more about them along the >>> way. >>>>>>>>> >>>>>>>>> QU30 >>>>>>>>> >>>>>>>>> The project provides a well-documented, secure and private >>> channel >>>>> to report security issues, along with a documented way of responding >> to >>>>> them. >>>>>>>>> >>>>>>>>> QU40 >>>>>>>>> >>>>>>>>> The project puts a high priority on backwards compatibility and >>>> aims >>>>> to document any incompatible changes and provide tools and >>> documentation >>>> to >>>>> help users transition to new features. >>>>>>>>> >>>>>>>>> CO50 >>>>>>>>> >>>>>>>>> The project documents how contributors can earn more rights >> such >>> as >>>>> commit access or decision power, and applies these principles >>>> consistently. >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> Chenya >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Jan 10, 2022 at 12:00 AM Weiwei Yang <w...@apache.org> >>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hi YuniKorn community and mentors >>>>>>>>>> >>>>>>>>>> Based on the discussion thread [1], after 2 years time of >>>>> incubating, it is >>>>>>>>>> considered that now is a good time to graduate YuniKorn from >> the >>>> ASF >>>>>>>>>> incubator and become a top-level Apache project. We have >>> reviewed >>>>> the ASF >>>>>>>>>> project maturity model [2] and provided some assessment of the >>>>> project's >>>>>>>>>> maturity based on the guidelines. Details are included as the >>>>> following. >>>>>>>>>> Please read this and share your thoughts by replying to this >>>> email, >>>>> your >>>>>>>>>> feedback will be much appreciated!!! >>>>>>>>>> >>>>>>>>>> *Code, License, and Copyright* >>>>>>>>>> >>>>>>>>>> All code is maintained on github, under Apache 2.0 license. We >>>> have >>>>>>>>>> reviewed all the dependencies and ensured they do not bring >> any >>>>> license >>>>>>>>>> issues. All the status files, license headers, and copyright >> are >>>> up >>>>> to date. >>>>>>>>>> >>>>>>>>>> *Release* >>>>>>>>>> >>>>>>>>>> The community has released 5 releases in the past 2 years, i.e >>>>> v0.8, v0.9, >>>>>>>>>> v0.10, v0,11, and v0.12. These releases were done by 5 >> different >>>>> release >>>>>>>>>> managers [3] and indicate the community can create releases >>>>> independently. >>>>>>>>>> We have also a well-documented release process, automated >> tools >>> to >>>>> help new >>>>>>>>>> release managers with the process. >>>>>>>>>> >>>>>>>>>> *Quality* >>>>>>>>>> >>>>>>>>>> The community has developed a comprehensive CI/CD pipeline as >> a >>>>> guard of >>>>>>>>>> the code quality. The pipeline runs per-commit license check, >>>>> code-format >>>>>>>>>> check, code-coverage check, UT, and end-to-end tests. All >> these >>>> are >>>>> built >>>>>>>>>> as automated github actions, new contributors can easily >> trigger >>>>> and view >>>>>>>>>> results when submitting patches. >>>>>>>>>> >>>>>>>>>> *Community* >>>>>>>>>> >>>>>>>>>> The community has developed an easy-to-read homepage for the >>>>> project [4], >>>>>>>>>> the website hosts all the materials related to the project >>>> including >>>>>>>>>> versioned documentation, user docs, developer docs, design >> docs, >>>>>>>>>> performance docs. It provides the top-level navigation to the >>>>> software >>>>>>>>>> download page, where links to all our previous releases. It >> also >>>>> has the >>>>>>>>>> pages for the new contributors on-boarding with the project, >>> such >>>>> as how to >>>>>>>>>> join community meetings, events links, etc. >>>>>>>>>> >>>>>>>>>> The community shows appreciation to all contributors and >>> welcomes >>>>> all kinds >>>>>>>>>> of contributions (not just for code). We have built an open, >>>> diverse >>>>>>>>>> community and gathered many people to work together. With >> that, >>> we >>>>> have 41 >>>>>>>>>> unique code contributors and some non-code contributors as >> well. >>>>> Many of >>>>>>>>>> them have becoming to be committers and PPMC members while >>> working >>>>> with the >>>>>>>>>> community. There were 2 new mentors, 8 new committers, 2 new >>> PPMC >>>>> from 6 >>>>>>>>>> different organizations [5] added in the incubating phase. And >>> in >>>>> total, >>>>>>>>>> the project has 6 mentors, 21 PPMC, and 27 committers from at >>>> least >>>>> 14 >>>>>>>>>> different organizations. Community collaboration was done in a >>>>> wide-public, >>>>>>>>>> open manner, we leverage regular bi-weekly/weekly community >>>>> meetings for 2 >>>>>>>>>> different timezones [6] and dev/user slack channels, mailing >>> lists >>>>> for >>>>>>>>>> offline discussions. >>>>>>>>>> >>>>>>>>>> *Independence* >>>>>>>>>> >>>>>>>>>> The project was initially donated by Cloudera, but with a >>> diverse >>>>> open >>>>>>>>>> source community, it has been operated as an independent >> project >>>>> since it >>>>>>>>>> entered into ASF incubator. The committers and PPMC members >> are >>> a >>>>> group of >>>>>>>>>> passionate people from at least 14 different organizations, >> such >>>> as >>>>>>>>>> Alibaba, Apple, Cloudera, Databricks, LinkedIn, Microsoft, >>>>> Snowflake, etc. >>>>>>>>>> The project's success is not depending on any single entity. >>>>>>>>>> >>>>>>>>>> I have enough reasons to believe the project has done >>> sustainable >>>>>>>>>> development successfully in the Apache way. Again, please >> share >>>> your >>>>>>>>>> thoughts, all YuniKorn contributors, committers, PPMC, and >>>> mentors. >>>>> Thank >>>>>>>>>> you! >>>>>>>>>> >>>>>>>>>> [1] >>>>> https://lists.apache.org/thread/dno411y59g2pcy1d3kd7s3kdjz9jw65n >>>>>>>>>> [2] >>>>>>>>>> >>>>> >>>> >>> >> https://community.apache.org/apache-way/apache-project-maturity-model.html >>>>>>>>>> >>>>>>>>>> [3] https://yunikorn.apache.org/community/download >>>>>>>>>> [4] https://yunikorn.apache.org/ >>>>>>>>>> [5] https://incubator.apache.org/projects/yunikorn.html >>>>>>>>>> >>>>>>>>>> [6] >>>>>>>>>> >>>>> >>>> >>> >> https://docs.google.com/document/d/165gzC7uhcKc5XDWiMYSRKBiPQBy2tDtXADUPuhGlUa0 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Twitter: https://twitter.com/holdenkarau >>>>>>>> Books (Learning Spark, High Performance Spark, etc.): >>>>> https://amzn.to/2MaRAG9 >>>>>>>> YouTube Live Streams: https://www.youtube.com/user/holdenkarau >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: dev-unsubscr...@yunikorn.apache.org >>>>> For additional commands, e-mail: dev-h...@yunikorn.apache.org >>>>> >>>>> >>>> >>> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@yunikorn.apache.org For additional commands, e-mail: dev-h...@yunikorn.apache.org
