WOW, thanks for a lot of comments, I will later try to integrate your comments with mine, and then hope we are both "happy".
Thanks for taking time. As I think you noticed, this will be basis of a new voting discussion in Incubator. And also to get some of the wording made more precise. rgds jan I. On 9 August 2015 at 18:46, Peter Kelly <[email protected]> wrote: > Here are my thoughts on the questions/responses: > > CD20: "The project's code is easily discoverable and publicly accessible." > > Perhaps provide a link to the repository as evidence > > LC30: (your comment) "The definition of libraries seems to be missing, > when developing for e.g. MS-Windows or OS-X all kind of closed source > libraries are part of the linking (at least in the C/C++ world). Is library > only a loose term for something installed extra on the target platform, and > the builtin libraries do not count ?" > > Although the intention (as I understand it) of preventing projects from > requiring LGPL licenses makes sense, in practice it has the effect of > encouraging projects to rely instead on APIs that are provided only by > proprietary operatings systems. For example instead of using Qt and having > an editor which everyone can use, it may be that we end up (for example) > distributing an editor that uses Apple's Cocoa API (to avoid violating the > rules) and can only be used by people who buy expensive Mac hardware. Seems > like a bit of an own goal. > > QU10: "The project is open and honest about the quality of its code. > Various levels of quality and maturity for various modules are natural and > acceptable as long as they are clearly communicated." > > I would add to your comment that we've mentioned in the README which parts > of the code are mature (specifically the MS word support), and that we've > mentioned additional immature/early stage components that are in > development but not but part of the release. > > QU20: (your response) "For a library project like Corinthia, "secure > software" is not a demand, however "stable" software is in high demand." > > I would argue that security is a priority, in the form of avoiding > vulnerabilities. That is, if a buffer overflow attack or similar exploit is > found, this could have the usual serious implications for applications > using the Library, as we see on a regular basis for other libraries. > > You could mention that we are developing a special-purpose domain-specific > programming language (Flat) in which to express much of the work Corinthia > does, which will avoid entire classes of bugs that are possible in C. So > this will help a lot to reduce the chance of exploits. > > QU30: "The project provides a well-documented channel to report security > issues, along with a documented way of responding to them." > > Could we set up a dedicated email address which forwards to the private > mailing list? > > CO10: (your response) "Why is it "well known" a demand ? it is quite hard > to be "well known" when you are in a startup phase." > > I think they just mean easily-identifiable - I would consider > http://corinthia.incubator.apache.org to be sufficient for this > requirement, though I agree it's worded badly. And how many people need to > know the address for it to be considered "well known" - I don't even know > the address of Maven or CouchDB, and would just use Goole for convenience > (I could probably guess <project-name>.apache.org but google is easier). > > I think the intention of this question is it's not something like > http://www.adelaide.edu.au/~pmk/research/projects/2012/foo-main.html > > C050 (your reponse) - I agree with this and it should be clarified (even > if it's "the policy decides on a policy, possibly with approval from IPMC") > > > CS10 (your response): "Why would the project maintain a public list ? this > is done at ASF level (people.a.o)" > > I agree it isn't stricly necessary, but I see no harm in doing this on the > website or wiki for convienient access. > > CS30 (your response): "We believed using standard ASF rules was enough, > but when 2 directors and 3 foundation members cannot agree on how a PPMC > vote works, then there is a need for local rules (or even better correct > the ASF wide rules)" > > A very good point indeed :) > > CS40: "In Apache projects, vetoes are only valid for code commits and are > justified by a technical explanation, as per the Apache voting rules > defined in CS30." > > Well, this is interesting... > > — > Dr Peter M. Kelly > [email protected] > > PGP key: http://www.kellypmk.net/pgp-key <http://www.kellypmk.net/pgp-key> > (fingerprint 5435 6718 59F0 DD1F BFA0 5E46 2523 BAA1 44AE 2966) > > > On 9 Aug 2015, at 11:20 pm, jan i <[email protected]> wrote: > > > > Hi. > > > > I just spent a few hours having fun. > > > > I made a wiki page, with the maturity model > > > https://cwiki.apache.org/confluence/display/Corinthia/The+Apache+Project+Maturity+Model > > > > Actually quite an interesting job. Please have a look at my responses, > and > > let us see where we > > end up. > > > > I found some of the questions, directly wrong or at the very least > > misleading. I also lacked some questions about how the community is > > actually doing. > > > > My intention is to see your reactions (and incorporate that), and then > > start a new discussion on general@ because if this is something podlings > > should fill up, some of the questions need to > > be changed or better documented. > > > > rgds > > jan i. > >
