On 28 Mar 2023, at 16:06, Jarek Potiuk <ja...@potiuk.com> wrote:
> Yeah. I think this is something we definitely need (I recall a recent
> discussion about it with Arnout about providers and how they are
> "identified" in CVES and such.
So lets set a small policy here for the board to accept - below a strawman to
shoot at.
Dw.
WHEREAS, the Board of Directors deems it to be in the best interests of the
Foundation and consistent with the Foundation's purpose to maintain a well
managed name space for PMCs in general and for the purposes of uniquely
identifying software releases and vulnerabilities uniquely over long periods of
time;
NOW, THEREFORE, BE IT RESOLVED, that the Apache Software Foundation naming
policy is as follows:
== Software Identifying and Naming policy of the ASF
This policy clarifies the nature, scope and purpose of the ASF naming
conventions:
1) Software artefacts of the foundation can be assigned an identifier.
This identifier consists of a ASF specific prefix (asf), followed by the
project name and followed by the software or product name. Separated by a '/'.
Optionally followed by a '#' and a (semantic) version number.
e.g. asf/airflow/providers-airbyte or asf/airflow/airflow-core#2.5.2
2) All foundation projects (including those in the incubator) shall have a
US-ASCII, case insensitive name, expressed in lowercase consisting of the
letters 'a'-'z', the numbers '0'-'9' and the hyphen '-' of at least 2 and no
more than 24 characters.
For existing projects - this label will be the current apache.org
<http://apache.org/> subdomain string. E.g. https://airflow.apache.org/
2) All names shall be unique (including those in the incubator) and from
hereon part of the initial Establish board decision. No (historic) name shall
re-used. A change requires board approval.
3) The PMC is responsible for managing the projects namespace as it sees
fit. Any labels it assigns are subject to the same alpha-nummeric and length
constraints as the project name.
For existing product/software artefacts the svn/git directory name will
generally be used.
The responsibility for this policy is with the President. The president shall
direct the Security team to maintain a list of these unique identifiers and to
maintain documentation and implementation guidenace.
