[
https://issues.apache.org/jira/browse/ZEST-17?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Niclas Hedhman reassigned ZEST-17:
----------------------------------
Assignee: Niclas Hedhman
> Establish self-assessed Apache Maturity Model declaration.
> ----------------------------------------------------------
>
> Key: ZEST-17
> URL: https://issues.apache.org/jira/browse/ZEST-17
> Project: Zest
> Issue Type: Sub-task
> Reporter: Niclas Hedhman
> Assignee: Niclas Hedhman
>
> We should publish our self-assessed Maturity Model, as described here;
> https://community.apache.org/apache-way/apache-project-maturity-model.html
> Below is the full list, but the ones that currently need some attention are;
> * LC50
> * QU30
> * QU40
> * CO10
> * CS!0
> * CS30
> CD10 - YES
> The project produces Open Source software, for distribution to the public
> at no charge.
> CD20 - YES
> The project's code is easily discoverable and publicly accessible.
> CD30 - YES
> The code can be built in a reproducible way using widely available
> standard tools.
> CD40 - YES
> The full history of the project's code is available via a source code
> control system, in a way that allows any released version to be recreated.
> CD50 - YES
> The provenance of each line of code is established via the source code
> control system, in a reliable way based on strong authentication of the
> committer. When third-party contributions are committed, commit messages
> provide reliable information about the code provenance.
> LC10 - YES
> The code is released under the Apache License, version 2.0.
> LC20 - YES (if we drop Neo4j EntityStore)
> Libraries that are mandatory dependencies of the project's code do not
> create more restrictions than the Apache License does.
> LC30 - YES
> The libraries mentioned in LC20 are available as Open Source software.
> LC40 - YES
> Committers are bound by an Individual Contributor Agreement (the "Apache
> iCLA") that defines which code they are allowed to commit and how they need
> to identify code that is not their own.
> LC50 - ?? (I think we need to update documentation and refer to Apache
> pages)
> The copyright ownership of everything that the project produces is
> clearly defined and documented.
> RE10 - YES
> Releases consist of source code, distributed using standard and open
> archive formats that are expected to stay readable in the long term.
> RE20 - YES (yet to happen)
> Releases are approved by the project's PMC (see CS10), in order to make
> them an act of the Foundation.
> RE30 - YES
> Releases are signed and/or distributed along with digests that can be
> reliably used to validate the downloaded archives.
> RE40 - YES
> Convenience binaries can be distributed alongside source code but they
> are not Apache Releases -- they are just a convenience provided with no
> guarantee.
> QU10 - YES
> The project is open and honest about the quality of its code. Various
> levels of quality and maturity for various modules are natural and acceptable
> as long as they are clearly communicated.
> QU20 - YES
> The project puts a very high priority on producing secure software.
> QU30 - NO (no documentation how to report this, but ASF provides a
> security@ mailing list for that purpose)
> The project provides a well-documented channel to report security issues,
> along with a documented way of responding to them. 8
> QU40 - NO (we are not big enough where this is a major concern)
> The project puts a high priority on backwards compatibility and aims to
> document any incompatible changes and provide tools and documentation to help
> users transition to new features.
> QU50 - OK
> The project strives to respond to documented bug reports in a timely
> manner.
> CO10 - NO (need to update docs)
> The project has a well-known homepage that points to all the information
> required to operate according to this maturity model.
> CO20 - YES
> The community welcomes contributions from anyone who acts in good faith
> and in a respectful manner and adds value to the project.
> CO30 - YES
> Contributions include not only source code, but also documentation,
> constructive bug reports, constructive discussions, marketing and generally
> anything that adds value to the project.
> CO40 - YES
> The community is meritocratic and over time aims to give more rights and
> responsibilities to contributors who add value to the project.
> CO50 - YES (Perhaps need a bit more alignment with ASF)
> The way in which contributors can be granted more rights such as commit
> access or decision power is clearly documented and is the same for all
> contributors.
> CO60 - YES
> The community operates based on consensus of its members (see CS10) who
> have decision power. Dictators, benevolent or not, are not welcome in Apache
> projects.
> CO70 - YES
> The project strives to answer user questions in a timely manner.
> CS10 - NO (the current documentation doesn't align with PMC membership.
> Needs update)
> The project maintains a public list of its contributors who have decision
> power -- the project's PMC (Project Management Committee) consists of those
> contributors.
> CS20 - YES
> Decisions are made by consensus among PMC members and are documented on
> the project's main communications channel. Community opinions are taken into
> account but the PMC has the final word if needed.
> CS30 - ??? (Check whether we have any voting)
> Documented voting rules are used to build consensus when discussion is
> not sufficient.
> CS40 - YES
> In Apache projects, vetoes are only valid for code commits and are
> justified by a technical explanation, as per the Apache voting rules defined
> in CS30.
> CS50 - YES
> All "important" discussions happen asynchronously in written form on the
> project's main communications channel. Offline, face-to-face or private
> discussions that affect the project are also documented on that channel.
> IN10 - YES
> The project is independent from any corporate or organizational influence.
> IN20 - YES
> Contributors act as themselves as opposed to representatives of a
> corporation or organization.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
