This is an automated email from the ASF dual-hosted git repository.
lynwee pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-devlake-website.git
The following commit(s) were added to refs/heads/main by this push:
new 5c9a93a0647 docs: finish the last two todos in the maturity doc (#801)
5c9a93a0647 is described below
commit 5c9a93a064797ae48c9e5c34c2bba553b280fedf
Author: Louis.z <[email protected]>
AuthorDate: Mon Jul 28 13:12:27 2025 +0800
docs: finish the last two todos in the maturity doc (#801)
* docs: finish the last two todos in the maturity doc
* docs: add the link to the release doc
---------
Co-authored-by: Startrekzky <[email protected]>
---
community/maturity.md | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/community/maturity.md b/community/maturity.md
index cd01985f8fe..c66a52b0ec1 100644
--- a/community/maturity.md
+++ b/community/maturity.md
@@ -45,7 +45,7 @@ The following table is filled according to the [Apache
Maturity Model](https://c
| **RE20** | The project's PPMC (Project Management Committee, see CS10)
approves each software release in order to make the release an act of the
Foundation. | **YES** All releases have been voted on by
the PPMC on [email protected] and [email protected] with at
least 3 PPMC member votes. |
| **RE30** | Releases are signed and/or distributed along with digests that
anyone can reliably use to validate the downloaded archives.
| **YES** All releases are cryptographically signed and
include SHA-512 checksums. The
[KEYS](https://dist.apache.org/repos/dist/release/incubator/devlake/KEYS) file
is available. |
| **RE40** | The project can distribute convenience binaries alongside source
code, but they are not Apache Releases, they are provided with no guarantee.
| **YES** Docker images and other convenience binaries
are provided but clearly marked as convenience distributions, not official
Apache releases. |
-| **RE50** | The project documents a repeatable release process so that
someone new to the project can independently generate the complete set of
artifacts required for a release. | **TODO** Need to check with community
members where the release process documentation is located. |
+| **RE50** | The project documents a repeatable release process so that
someone new to the project can independently generate the complete set of
artifacts required for a release. | **YES** The documentation of the release
process can be found on [our
website](https://devlake.apache.org/docs/DeveloperManuals/Release-SOP/#asf-release-policy).
|
### Quality
@@ -53,7 +53,8 @@ The following table is filled according to the [Apache
Maturity Model](https://c
| -------- |
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
| **QU10** | The project is open and honest about the quality of its code.
Various levels of quality and maturity for various modules are natural and
acceptable as long as they are clearly communicated. | **YES** The project
encourages users to [report
issues](https://github.com/apache/incubator-devlake/issues) and maintains
transparent communication about known limitations. |
| **QU20** | The project puts a very high priority on producing secure
software.
| **YES** Security issues
are addressed promptly with a dedicated security response process.
|
-| **QU30** | The project provides a well-documented, secure and private
channel to report security issues, along with a documented way of responding to
them. | **TODO** Need to create
security reporting documentation and establish [email protected] or
similar reporting channel. |
+| **QU30** | The project provides a well-documented, secure and private
channel to report security issues, along with a documented way of responding to
them. | **YES** When users open a
new issue on the project’s GitHub repository, they are prompted with a “Report
a security vulnerability” option that directs them to follow the Apache
Software Foundation’s standard security disclosure process.
+ |
| **QU40** | The project puts a high priority on backwards compatibility and
aims to document any incompatible changes and provide tools and documentation
to help users transition to new features. | **YES** The project follows
semantic versioning and provides migration guides for breaking changes, with
clear documentation of API changes between versions. |
| **QU50** | The project strives to respond to documented bug reports in a
timely manner.
| **YES** The project maintains
active issue tracking and has resolved 3400+ issues and 4900+ pull requests
with prompt response. |
@@ -73,7 +74,7 @@ The following table is filled according to the [Apache
Maturity Model](https://c
| **ID** | **Description**
|
**Status**
|
| -------- |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
----------------------------------------------------------------------------------------------------------
|
-| **CS10** | The project maintains a public list of its contributors who have
decision power. The project's PPMC (Project Management Committee) consists of
those contributors. |
**YES** The project maintains a public list of [PPMC members and
committers](https://devlake.apache.org/team) on the website. **TODO:** Verify
this page is up to date. |
+| **CS10** | The project maintains a public list of its contributors who have
decision power. The project's PPMC (Project Management Committee) consists of
those contributors. |
**YES** The project maintains a public list of [PPMC members and
committers](https://devlake.apache.org/team) on the website. |
| **CS20** | Decisions require a consensus among PPMC members and are
documented on the project's main communications channel. The PPMC takes
community opinions into account, but the PPMC has the final word.
| **YES** All decisions are made through votes on
[email protected] with proper documentation and at least 3 +1 votes from
PPMC members. |
| **CS30** | The project uses documented voting rules to build consensus when
discussion is not sufficient.
|
**YES** The project follows standard Apache Software Foundation voting rules
and procedures. |
| **CS40** | In Apache projects, vetoes are only valid for code commits. The
person exercising the veto must justify it with a technical explanation, as per
the Apache voting rules defined in CS30. |
**YES** The project follows Apache voting rules where vetoes are only valid for
code commits and must be technically justified. |
