This is an automated email from the ASF dual-hosted git repository.
roryqi pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-uniffle-website.git
The following commit(s) were added to refs/heads/master by this push:
new b08aaef Add maturity model (#85)
b08aaef is described below
commit b08aaefc5200c268989abee80edd622c64813397
Author: roryqi <[email protected]>
AuthorDate: Thu Dec 5 11:26:34 2024 +0800
Add maturity model (#85)
* Update mature.md
* Add maturity model
* Replace
* fix
* fix
* address comments
* add an answer
* reformat
* address comment
---
community/maturity.md | 99 +++++++++++++++++++++++++
community/{project committers.md => members.md} | 19 +++++
community/security.md | 30 ++++++++
3 files changed, 148 insertions(+)
diff --git a/community/maturity.md b/community/maturity.md
new file mode 100644
index 0000000..7a526e4
--- /dev/null
+++ b/community/maturity.md
@@ -0,0 +1,99 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+# Maturity Assessment for Apache Uniffle (incubating)
+
+The goals of this maturity model are to describe how Apache projects operate
in a concise and high-level way, and to provide a basic framework that projects
may choose to use to evaluate themselves.
+
+More details can be found
[here](https://community.apache.org/apache-way/apache-project-maturity-model.html).
+
+## Status of this assessment
+
+This assessment is evaluated during Uniffle's graduation, which is finished on
2024-11-29.
+
+## Maturity model assessment
+
+The following table is filled according to the [Apache Maturity
Model](https://community.apache.org/apache-way/apache-project-maturity-model.html).
Mentors and community members are welcome to comment and modify it.
+
+### CODE
+
+| **ID** | **Description**
| **Status**
[...]
+| --------
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
+| **CD10** | The project produces Open Source software for distribution to the
public, at no charge.
| **YES** The project's source code is licensed
under the `Apache License 2.0`.
[...]
+| **CD20** | Anyone can easily discover and access the project's code.
| **YES** The [official
website](https://uniffle.apache.org/) includes `GitHub` link which can access
the project's repository on GitHub directly.
[...]
+| **CD30** | Anyone using standard, widely-available tools, can build the code
in a reproducible way.
| **YES** Apache Uniffle provides a
`how-to-build` document for each component to guide users on how to compile on
bare metal, such as the [core's
document](https://github.com/apache/incubator-uniffle/blob/master/core/CONT
[...]
+| **CD40** | The full history of the project's code is available via a source
code control system, in a way that allows anyone to recreate any released
version.
| **YES** It depends on git, and anyone
can view the full history of the project via commit logs.
[...]
+| **CD50** | The source code control system establishes the provenance of each
line of code in a reliable way, based on strong authentication of the
committer. When third parties contribute code, commit messages provide reliable
information about the code provenance. | **YES** The project uses GitHub and
managed by Apache Infra, it ensuring provenance of each line of code to a
committer. And the third-party contributions are accepted in accordance with
the contributing guides. [...]
+
+### LICENSE
+
+| **ID** | **Description**
| **Status**
|
+| -------- |
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **LC10** | The Apache License, version 2.0, covers the released code.
| **YES** The
[LICENSE](https://github.com/apache/incubator-uniffle/blob/master/LICENSE) is
in GitHub repository. And all source files are with APLv2 header, checked by
`rat`. |
+| **LC20** | Libraries that are mandatory dependencies of the project's code
do not create more restrictions than the Apache License does.
| **YES** All dependencies are listed.
|
+| **LC30** | The libraries mentioned in LC20 are available as Open Source
software.
| **YES** All dependencies listed are
available as Open Source software
|
+| **LC40** | Committers are bound by an Individual Contributor Agreement (the
"Apache iCLA") that defines which code they may commit and how they need to
identify code that is not their own. | **YES** All committers have iCLAs.
|
+| **LC50** | The project clearly defines and documents the copyright ownership
of everything that the project produces.
| **YES** All source files are with APLv2
header, checked by `rat`.
|
+
+### Releases
+
+| **ID** | **Description**
| **Status**
|
+| --------
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **RE10** | Releases consist of source code, distributed using standard and
open archive formats that are expected to stay readable in the long term.
| **YES** Source release is distributed via
[dist.apache.org](https://downloads.apache.org/incubator/uniffle/) and linked
from [download page](https://uniffle.apache.org/download/). |
+| **RE20** | The project's PPMC (Project Management Committee, see CS10)
approves each software release in order to make the release an act of the
Foundation. | **YES** All releases have been voted at
[email protected] and [email protected], and have at least 3
PPMC member's votes. |
+| **RE30** | Releases are signed and/or distributed along with digests that
anyone can reliably use to validate the downloaded archives.
| **YES** All releases are signed, and the
[KEYS](https://downloads.apache.org/incubator/uniffle/KEYS) are available.
|
+| **RE40** | The project can distribute convenience binaries alongside source
code, but they are not Apache releases, they are provided with no guarantee.
| **YES** Convenience binaries are distributed via
[dist.apache.org](https://dist.apache.org/repos/dist/)
|
+| **RE50** | The project documents a repeatable release process so that
someone new to the project can independently generate the complete set of
artifacts required for a release. | **YES** We can follow the [Release
guide](https://uniffle.apache.org/community/how%20to%20release) to make a new
Apache Uniffle release, and so far we had 7 different release managers. |
+
+### Quality
+
+| **ID** | **Description**
| **Status**
|
+| -------- |
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **QU10** | The project is open and honest about the quality of its code.
Various levels of quality and maturity for various modules are natural and
acceptable as long as they are clearly communicated. | **YES** We encourage
users to [report issues](https://github.com/apache/incubator-uniffle/issues).
|
+| **QU20** | The project puts a very high priority on producing secure
software.
| **YES** All security
issues will be addressed within 3 days.
|
+| **QU30** | The project provides a well-documented, secure and private
channel to report security issues, along with a documented way of responding to
them. | **Yes** The official
website provides a [security
page](https://uniffle.apache.org/community/security)
|
+| **QU40** | The project puts a high priority on backwards compatibility and
aims to document any incompatible changes and provide tools and documentation
to help users transition to new features. | **Yes** We follow semantic
versions. As long as it's within one major version, it's backward compatible.
And when any breaking changes added, we provide corresponding upgrade guides. |
+| **QU50** | The project strives to respond to documented bug reports in a
timely manner.
| **YES** The project has
resolved 900 issues and 1300+ pull requests so far, with very prompt response.
|
+
+### Community
+
+| **ID** | **Description**
| **Status**
|
+| -------- |
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **CO10** | The project has a well-known homepage that points to all the
information required to operate according to this maturity model.
| **YES** The [official
website](https://uniffle.apache.org/) includes all information users need to
run Apache Uniffle.
|
+| **CO20** | The community welcomes contributions from anyone who acts in good
faith and in a respectful manner, and who adds value to the project.
| **Yes** We provide contributing guides for every
component. And we also have a [general contributing
guide](https://github.com/apache/incubator-uniffle/blob/master/CONTRIBUTING.md)
|
+| **CO30** | Contributions include source code, documentation, constructive
bug reports, constructive discussions, marketing and generally anything that
adds value to the project. | **YES** All good contributions including code and
non-code are welcomed.
|
+| **CO40** | The community strives to be meritocratic and gives more rights
and responsibilities to contributors who, over time, add value to the project.
| **YES** The community has elected 1 new PPMC members
and 9 new committers so far.
|
+| **CO50** | The project documents how contributors can earn more rights such
as commit access or decision power, and applies these principles consistently.
| **YES** The community has clear docs on becomming
committers and PPMC members
|
+| **CO60** | The community operates based on consensus of its members (see
CS10) who have decision power. Dictators, benevolent or not, are not welcome in
Apache projects. | **YES** All decisions are made after vote by
community members.
|
+| **CO70** | The project strives to answer user questions in a timely manner.
| **YES** We use [email protected], [GitHub
issue](https://github.com/apache/incubator-uniffle/issues) and [GitHub
discussion](https://github.com/apache/incubator-uniffle/discussions) to do this
in a timely manner. |
+
+### Consensus
+
+| **ID** | **Description**
|
**Status**
|
+| -------- |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|------------------------------------------------------------------------------------------------------------|
+| **CS10** | The project maintains a public list of its contributors who have
decision power. The project's PPMC (Project Management Committee) consists of
those contributors. |
**Yes** See [members](https://uniffle.apache.org/community/members/) with
committers. |
+| **CS20** | Decisions require a consensus among PPMC members and are
documented on the project's main communications channel. The PPMC takes
community opinions into account, but the PPMC has the final word.
| **YES** All decisions are made by votes on [email protected],
and with at least 3 +1 votes from PPMC. |
+| **CS30** | The project uses documented voting rules to build consensus when
discussion is not sufficient.
|
**YES** The project uses the standard ASF voting rules.
|
+| **CS40** | In Apache projects, vetoes are only valid for code commits. The
person exercising the veto must justify it with a technical explanation, as per
the Apache voting rules defined in CS30. |
**YES** Apache Uniffle community has not used the veto power yet except for
code commits. |
+| **CS50** | All "important" discussions happen asynchronously in written form
on the project's main communications channel. Offline, face-to-face or private
discussions that affect the project are also documented on that channel. |
**YES** All important discussions and conclusions are recorded in written form.
|
+
+### Independence
+
+| **ID** | **Description**
| **Status**
|
+| -------- |
----------------------------------------------------------------------------------------
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **IN10** | The project is independent from any corporate or organizational
influence. | **YES** The PPMC members and committers of Apache
Uniffle are from several different companies, and the majority of them are NOT
from the company that donated this project. |
+| **IN20** | Contributors act as themselves, not as representatives of a
corporation or organization. | **YES** The contributors act on their own
initiative without representing a corporation or organization.
|
diff --git a/community/project committers.md b/community/members.md
similarity index 60%
rename from community/project committers.md
rename to community/members.md
index 201fd45..86e754b 100644
--- a/community/project committers.md
+++ b/community/members.md
@@ -43,3 +43,22 @@
| Weiwei Yang | Apple |
| Zhankun Tang | Cloudera |
| Mao Baolong | Tencent |
+
+## how to become a committer
+
+Anyone being supportive of the community and working in any of the CoPDoC
areas can become an Apache Uniffle committer.
+The CoPDoC is an acronym from ASF to describe how we recognize your
contributions not only by code.
+
+To attract new contributors, we regularly host open source contributor
meeting, offer a mentorship program,
+and actively respond to every message on PRs to foster an environment that
welcomes and supports newcomers.
+
+- Community - You can join us via our mailing list, issue trackers,
discussions page to interact with community members, and share vision and
knowledge
+- Project - a clear vision and consensus are needed
+- Documentation - without it, the stuff remains only in the minds of the
authors
+- Code - discussion goes nowhere without code
+
+## how to become a member of Podding project committee
+
+There are no strict rules for becoming a PPMC member.
+Candidates for new PMC member are typically committers that are stilling
actively participate in the community development after obtaining the committer
membership,
+or contributors and community members that make significant contributions to
the community for both code and contributor develop.
\ No newline at end of file
diff --git a/community/security.md b/community/security.md
new file mode 100644
index 0000000..57483fd
--- /dev/null
+++ b/community/security.md
@@ -0,0 +1,30 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+# Security
+
+The Apache Software Foundation takes a rigorous stance on eliminating security
issues in its software projects. Likewise, Apache Uniffle (incubating) is also
vigilant and takes security issues related to its features and functionality
into the highest consideration.
+
+If you have any concerns regarding Uniffle's security,
+or you discover a vulnerability or potential threat,
+please do not hesitate to get in touch with the Apache Security Team by
dropping an email at [email protected].
+
+Please specify the project name as "Uniffle" in the email, and provide a
description of the relevant problem or potential threat. You are also urged to
recommend how to reproduce and replicate the issue.
+
+The Apache Security Team and the Uniffle community will get back to you after
assessing and analyzing the findings.
+
+Please note that the security issue should be reported on the security email
first, before disclosing it on any public domain.
