On 28 Mar 2023, at 16:06, Jarek Potiuk <ja...@potiuk.com> wrote: > Yeah. I think this is something we definitely need (I recall a recent > discussion about it with Arnout about providers and how they are > "identified" in CVES and such.
So lets set a small policy here for the board to accept - below a strawman to shoot at. Dw. WHEREAS, the Board of Directors deems it to be in the best interests of the Foundation and consistent with the Foundation's purpose to maintain a well managed name space for PMCs in general and for the purposes of uniquely identifying software releases and vulnerabilities uniquely over long periods of time; NOW, THEREFORE, BE IT RESOLVED, that the Apache Software Foundation naming policy is as follows: == Software Identifying and Naming policy of the ASF This policy clarifies the nature, scope and purpose of the ASF naming conventions: 1) Software artefacts of the foundation can be assigned an identifier. This identifier consists of a ASF specific prefix (asf), followed by the project name and followed by the software or product name. Separated by a '/'. Optionally followed by a '#' and a (semantic) version number. e.g. asf/airflow/providers-airbyte or asf/airflow/airflow-core#2.5.2 2) All foundation projects (including those in the incubator) shall have a US-ASCII, case insensitive name, expressed in lowercase consisting of the letters 'a'-'z', the numbers '0'-'9' and the hyphen '-' of at least 2 and no more than 24 characters. For existing projects - this label will be the current apache.org <http://apache.org/> subdomain string. E.g. https://airflow.apache.org/ 2) All names shall be unique (including those in the incubator) and from hereon part of the initial Establish board decision. No (historic) name shall re-used. A change requires board approval. 3) The PMC is responsible for managing the projects namespace as it sees fit. Any labels it assigns are subject to the same alpha-nummeric and length constraints as the project name. For existing product/software artefacts the svn/git directory name will generally be used. The responsibility for this policy is with the President. The president shall direct the Security team to maintain a list of these unique identifiers and to maintain documentation and implementation guidenace.