I create a wiki page[1] for Podling Maturity Assessment for ShardingSphere. Everyone can look at and review.
[1] https://cwiki.apache.org/confluence/display/SHARDINGSPHERE/Podling+Maturity+Assessment+for+ShardingSphere ------------------ Liang Zhang (John) Apache ShardingSphere & Dubbo [email protected] <[email protected]> 于2019年10月17日周四 下午3:08写道: > Finished, we can check at > https://github.com/apache/incubator-shardingsphere/blob/dev/MATURITY.md > > ------------------ > > Liang Zhang (John) > Apache ShardingSphere & Dubbo > > > [email protected] <[email protected]> 于2019年10月17日周四 下午1:02写道: > >> CO30 has finished now, we can check on URL[1]. >> >> [1] >> https://shardingsphere.apache.org/community/en/contribute/document-contributor/ >> >> ------------------ >> >> Liang Zhang (John) >> Apache ShardingSphere & Dubbo >> >> >> Juan Pan <[email protected]> 于2019年10月16日周三 上午10:54写道: >> >>> ShardingSphere has been in Apache incubator for nearly a year, we grew >>> up quickly with mentors’ and community’s help. I thought ShardingSphere >>> basically meets the requirement of maturity assessment, but not enough.Hope >>> its community become more active. :) >>> >>> >>> Juan Pan >>> >>> >>> [email protected] >>> Juan Pan(Trista), Apache ShardingSphere >>> >>> >>> On 10/16/2019 00:24,[email protected]<[email protected]> wrote: >>> QU30 has finished now, we can check on page[1]. >>> >>> https://shardingsphere.apache.org/community/en/security/ >>> >>> ------------------ >>> >>> Liang Zhang (John) >>> Apache ShardingSphere & Dubbo >>> >>> >>> [email protected] <[email protected]> 于2019年10月15日周二 下午6:43写道: >>> >>> Hi ShardingSphere community, >>> >>> I just do Podling Maturity Assessment for ShardingSphere, it is a draft >>> only. >>> The proposal of this email is we consensus for the assessment first, and >>> then I will post it into the GitHub repository, and to guide the >>> community >>> more and more maturity. >>> >>> The Apache Project Maturity Model is in [1] >>> >>> Here is the Podling Maturity Assessment for ShardingSphere, please check >>> and discuss. >>> ______________________________________ >>> >>> Code >>> >>> CD10 >>> The project produces Open Source software, for distribution to the public >>> at no charge. >>> >>> YES. The project source code is licensed under the Apache License, >>> version >>> 2.0. >>> >>> CD20 >>> The project's code is easily discoverable and publicly accessible. >>> >>> YES. The website(https://shardingsphere.apache.org/) includes 'SCM' link >>> can access GitHub. >>> >>> CD30 >>> The code can be built in a reproducible way using widely available >>> standard tools. >>> >>> YES. The build uses Apache Maven and Jenkins as the continuous >>> integration >>> tool, please find the `How to Build`(in GitHub's README.md) for more >>> information. >>> >>> CD40 >>> The full history of the project's code is available via a source code >>> control system, in a way that allows any released version to be >>> recreated. >>> >>> YES. The project use git to manage source code, example, document and >>> website, all releases are tagged. >>> >>> CD50 >>> The provenance of each line of code is established via the source code >>> control system, in a reliable way based on strong authentication of the >>> committer. When third-party contributions are committed, commit messages >>> provide reliable information about the code provenance. >>> >>> YES. The project uses the GitHub which managed by Apache Infra, ensuring >>> provenance of each line of code to a committer. The third-party >>> contributions are accepted in accordance with the code submit guide only. >>> >>> >>> Licenses and Copyright >>> >>> LC10 >>> The code is released under the Apache License, version 2.0. >>> >>> YES. LICENSE file are in GitHub repository ( >>> https://github.com/apache/incubator-shardingsphere/blob/dev/LICENSE). >>> >>> LC20 >>> Libraries that are mandatory dependencies of the project's code do not >>> create more restrictions than the Apache License does. >>> >>> YES. The list of dependencies for binary release ( >>> >>> https://github.com/apache/incubator-shardingsphere/tree/dev/sharding-distribution/sharding-proxy-distribution/src/main/release-docs/licenses >>> ) >>> and ui( >>> >>> https://github.com/apache/incubator-shardingsphere/tree/dev/sharding-distribution/sharding-ui-distribution/src/main/release-docs/licenses >>> ) >>> have been reviewed to contain compatible licenses only. >>> >>> LC30 >>> The libraries mentioned in LC20 are available as Open Source software. >>> >>> YES. See LC20's dependencies list. >>> >>> LC40 >>> Committers are bound by an Individual Contributor Agreement (the "Apache >>> iCLA") that defines which code they are allowed to commit and how they >>> need >>> to identify code that is not their own. >>> >>> YES. All committers have iCLAs on file before they have apache account. >>> >>> LC50 >>> The copyright ownership of everything that the project produces is >>> clearly >>> defined and documented. >>> >>> YES. All files in the source code have appropriate headers and checked by >>> Apache rat plugin when build. >>> >>> >>> Releases >>> >>> RE10 >>> Releases consist of source code, distributed using standard and open >>> archive formats that are expected to stay readable in the long term. >>> >>> YES. Source release are distributed via dist.apache.org( >>> https://dist.apache.org/repos/dist/release/incubator/shardingsphere/) >>> and >>> linked from website( >>> https://shardingsphere.apache.org/document/current/en/downloads/). >>> >>> RE20 >>> Releases are approved by the project's PMC (see CS10), in order to make >>> them an act of the Foundation. >>> >>> YES. All releases have been voted by ShardingSphere community and >>> incubator, which have least 3 (P)PMC votes. >>> >>> RE30 >>> Releases are signed and/or distributed along with digests that can be >>> reliably used to validate the downloaded archives. >>> >>> YES. All releases are signed, and the KEYS file( >>> https://dist.apache.org/repos/dist/release/incubator/shardingsphere/KEYS >>> ) >>> is provided on dist.apache.org. >>> >>> RE40 >>> Convenience binaries can be distributed alongside source code but they >>> are >>> not Apache Releases -- they are just a convenience provided with no >>> guarantee. >>> >>> YES. Convenience binaries are distributed via Maven Central Repository( >>> https://mvnrepository.com/artifact/org.apache.shardingsphere), >>> DockerHub( >>> https://hub.docker.com/r/apache/sharding-proxy/tags) and dist.apache.org >>> at the same time. >>> >>> RE50 >>> The release process is documented and repeatable to the extent that >>> someone new to the project is able to independently generate the complete >>> set of artifacts required for a release. >>> >>> YES. Release guide( >>> https://shardingsphere.apache.org/community/en/contribute/release/) is >>> available. The releases of ShardingSphere have been performed by 3 >>> different release managers. >>> >>> Quality >>> >>> QU10 >>> The project is open and honest about the quality of its code. Various >>> levels of quality and maturity for various modules are natural and >>> acceptable as long as they are clearly communicated. >>> >>> YES. All issues records in ShardingSphere's GitHub( >>> https://github.com/apache/incubator-shardingsphere/issues). >>> >>> QU20 >>> The project puts a very high priority on producing secure software. >>> >>> YES. Security issues are treated with the highest priority. >>> >>> QU30 >>> The project provides a well-documented, secure and private channel to >>> report security issues, along with a documented way of responding to >>> them. >>> >>> NO. We will create a security page build the communication channel soon. >>> The issue is >>> https://github.com/apache/incubator-shardingsphere-doc/issues/283. >>> >>> QU40 >>> The project puts a high priority on backwards compatibility and aims to >>> document any incompatible changes and provide tools and documentation to >>> help users transition to new features. >>> >>> YES. Each release note contains all related issues and pull requests in >>> milestone, and extract mainly updates and API changes from milestones. >>> >>> QU50 >>> The project strives to respond to documented bug reports in a timely >>> manner. >>> >>> YES. The project has resolved 2000+ issues and 1200+ pull requests during >>> 3 years. The response times on are pretty good. >>> >>> Community >>> >>> CO10 >>> The project has a well-known homepage that points to all the information >>> required to operate according to this maturity model. >>> >>> YES. The website(https://shardingsphere.apache.org/) describes of the >>> project with download, user manual, technical details, how to contribute >>> and team introduce. >>> >>> CO20 >>> The community welcomes contributions from anyone who acts in good faith >>> and in a respectful manner and adds value to the project. >>> >>> YES. There is contributor guide( >>> https://shardingsphere.apache.org/community/en/contribute/contributor/) >>> and the current committers are really welcome contributions. >>> >>> CO30 >>> Contributions include not only source code, but also documentation, >>> constructive bug reports, constructive discussions, marketing and >>> generally >>> anything that adds value to the project. >>> >>> NO. We will write document guide soon. The issue is >>> https://github.com/apache/incubator-shardingsphere-doc/issues/284. >>> But the community has elected some non-coding committers. >>> >>> CO40 >>> The community strives to be meritocratic and over time aims to give more >>> rights and responsibilities to contributors who add value to the project. >>> >>> YES. The community has elected 2 new PPMC members and 4 committers during >>> incubation, based on meritocracy. >>> >>> CO50 >>> The way in which contributors can be granted more rights such as commit >>> access or decision power is clearly documented and is the same for all >>> contributors. >>> >>> YES. The criteria is documented in the committer guide( >>> https://shardingsphere.apache.org/community/en/contribute/committer/). >>> >>> CO60 >>> The community operates based on consensus of its members (see CS10) who >>> have decision power. Dictators, benevolent or not, are not welcome in >>> Apache projects. >>> >>> YES. The project works to build consensus. All votes have been unanimous >>> so far. >>> >>> CO70 >>> The project strives to answer user questions in a timely manner. >>> >>> YES. The project typically provides detailed answers to user questions >>> within a few hours via dev@ mailing list and GitHub's issues. >>> >>> Consensus Building >>> CS10 >>> The project maintains a public list of its contributors who have decision >>> power -- the project's PMC (Project Management Committee) consists of >>> those >>> contributors. >>> >>> YES. The website(https://shardingsphere.apache.org/community/en/team/) >>> list all of committers and PPMC members. >>> >>> CS20 >>> Decisions are made by consensus among PMC members 9 and are documented on >>> the project's main communications channel. Community opinions are taken >>> into account but the PMC has the final word if needed. >>> >>> YES. ShardingSphere has been making important decisions on the mailing >>> lists. >>> >>> CS30 >>> Documented voting rules are used to build consensus when discussion is >>> not >>> sufficient. >>> >>> YES. The project uses the standard ASF voting rules. >>> >>> CS40 >>> In Apache projects, vetoes are only valid for code commits and are >>> justified by a technical explanation, as per the Apache voting rules >>> defined in CS30. >>> >>> YES. The project hasn’t used a veto at any point during incubating. >>> >>> CS50 >>> All "important" discussions happen asynchronously in written form on the >>> project's main communications channel. Offline, face-to-face or private >>> discussions 11 that affect the project are also documented on that >>> channel. >>> >>> YES. The project has been making important decisions on the project >>> mailing lists. Minor decisions may occasionally happen during code >>> reviews, >>> which are also asynchronous and in written form. >>> >>> Independence >>> >>> IN10 >>> The project is independent from any corporate or organizational >>> influence. >>> >>> YES. The project team gathers people from different companies (JD.com, >>> dangdang.com, CHINA TELECOM Bestpay, DAOCloud). No company or >>> organization has significantly more influence than any other. We can >>> note a >>> growth of the contributions coming from different committers. >>> >>> IN20 >>> Contributors act as themselves as opposed to representatives of a >>> corporation or organization. >>> >>> YES. The contributors act on their own initiative without representing a >>> corporation or organization. >>> >>> [1] >>> >>> https://community.apache.org/apache-way/apache-project-maturity-model.html >>> ------------------ >>> >>> Liang Zhang (John) >>> Apache ShardingSphere & Dubbo >>> >>>
