Here are my thoughts on the questions/responses: CD20: "The project's code is easily discoverable and publicly accessible."
Perhaps provide a link to the repository as evidence LC30: (your comment) "The definition of libraries seems to be missing, when developing for e.g. MS-Windows or OS-X all kind of closed source libraries are part of the linking (at least in the C/C++ world). Is library only a loose term for something installed extra on the target platform, and the builtin libraries do not count ?" Although the intention (as I understand it) of preventing projects from requiring LGPL licenses makes sense, in practice it has the effect of encouraging projects to rely instead on APIs that are provided only by proprietary operatings systems. For example instead of using Qt and having an editor which everyone can use, it may be that we end up (for example) distributing an editor that uses Apple's Cocoa API (to avoid violating the rules) and can only be used by people who buy expensive Mac hardware. Seems like a bit of an own goal. QU10: "The project is open and honest about the quality of its code. Various levels of quality and maturity for various modules are natural and acceptable as long as they are clearly communicated." I would add to your comment that we've mentioned in the README which parts of the code are mature (specifically the MS word support), and that we've mentioned additional immature/early stage components that are in development but not but part of the release. QU20: (your response) "For a library project like Corinthia, "secure software" is not a demand, however "stable" software is in high demand." I would argue that security is a priority, in the form of avoiding vulnerabilities. That is, if a buffer overflow attack or similar exploit is found, this could have the usual serious implications for applications using the Library, as we see on a regular basis for other libraries. You could mention that we are developing a special-purpose domain-specific programming language (Flat) in which to express much of the work Corinthia does, which will avoid entire classes of bugs that are possible in C. So this will help a lot to reduce the chance of exploits. QU30: "The project provides a well-documented channel to report security issues, along with a documented way of responding to them." Could we set up a dedicated email address which forwards to the private mailing list? CO10: (your response) "Why is it "well known" a demand ? it is quite hard to be "well known" when you are in a startup phase." I think they just mean easily-identifiable - I would consider http://corinthia.incubator.apache.org to be sufficient for this requirement, though I agree it's worded badly. And how many people need to know the address for it to be considered "well known" - I don't even know the address of Maven or CouchDB, and would just use Goole for convenience (I could probably guess <project-name>.apache.org but google is easier). I think the intention of this question is it's not something like http://www.adelaide.edu.au/~pmk/research/projects/2012/foo-main.html C050 (your reponse) - I agree with this and it should be clarified (even if it's "the policy decides on a policy, possibly with approval from IPMC") CS10 (your response): "Why would the project maintain a public list ? this is done at ASF level (people.a.o)" I agree it isn't stricly necessary, but I see no harm in doing this on the website or wiki for convienient access. CS30 (your response): "We believed using standard ASF rules was enough, but when 2 directors and 3 foundation members cannot agree on how a PPMC vote works, then there is a need for local rules (or even better correct the ASF wide rules)" A very good point indeed :) CS40: "In Apache projects, vetoes are only valid for code commits and are justified by a technical explanation, as per the Apache voting rules defined in CS30." Well, this is interesting... — Dr Peter M. Kelly [email protected] PGP key: http://www.kellypmk.net/pgp-key <http://www.kellypmk.net/pgp-key> (fingerprint 5435 6718 59F0 DD1F BFA0 5E46 2523 BAA1 44AE 2966) > On 9 Aug 2015, at 11:20 pm, jan i <[email protected]> wrote: > > Hi. > > I just spent a few hours having fun. > > I made a wiki page, with the maturity model > https://cwiki.apache.org/confluence/display/Corinthia/The+Apache+Project+Maturity+Model > > Actually quite an interesting job. Please have a look at my responses, and > let us see where we > end up. > > I found some of the questions, directly wrong or at the very least > misleading. I also lacked some questions about how the community is > actually doing. > > My intention is to see your reactions (and incorporate that), and then > start a new discussion on general@ because if this is something podlings > should fill up, some of the questions need to > be changed or better documented. > > rgds > jan i.
