You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sdap.apache.org by rk...@apache.org on 2024/01/10 20:28:29 UTC
(incubator-sdap-website) branch asf-site updated: maturity model draft to public repo
This is an automated email from the ASF dual-hosted git repository.
rkk pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/incubator-sdap-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new bb9cd2e maturity model draft to public repo
bb9cd2e is described below
commit bb9cd2ecf7436fa2e0036c402a3ba5e887c18d75
Author: rileykk <ri...@jpl.nasa.gov>
AuthorDate: Wed Jan 10 12:28:19 2024 -0800
maturity model draft to public repo
---
maturity.md | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 82 insertions(+)
diff --git a/maturity.md b/maturity.md
new file mode 100644
index 0000000..4d43606
--- /dev/null
+++ b/maturity.md
@@ -0,0 +1,82 @@
+# Maturity Assessment for Apache SDAP
+
+The goals of this maturity model are to describe how Apache projects operate in a concise and high-level way, and to provide a basic framework that projects may choose to use to evaluate themselves.
+
+More details can be found [here](https://community.apache.org/apache-way/apache-project-maturity-model.html).
+
+## Status of this assessment
+
+This assessment is still in progress.
+
+## Maturity model assessment
+
+The following table is filled according to the [Apache Maturity Model](https://community.apache.org/apache-way/apache-project-maturity-model.html). Mentors and community members are welcome to comment and modify it.
+
+### CODE
+
+| **ID** | **Description** | **Status** [...]
+|----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [...]
+| **CD10** | The project produces Open Source software for distribution to the public, at no charge. | **YES** The project source code is licensed under the `Apache License 2.0`. [...]
+| **CD20** | Anyone can easily discover and access the project's code.. | **YES** The [offical website](https://sdap.apache.org/) includes direct links to the Github repositories with the project's codebase. [...]
+| **CD30** | Anyone using standard, widely-available tools, can build the code in a reproducible way. | **YES** Apache SDAP provides a build guide ([github](https://github.com/apache/incubator-sdap-nexus/blob/master/docs/build.rst) \| [readthedocs](https://incubator-sdap-nexus.readthedocs.io/en/latest/build.html)) to enable [...]
+| **CD40** | The full history of the project's code is available via a source code control system, in a way that allows anyone to recreate any released version. | **YES** We use git, enabling a full commit history and viewing differences between specific commits. [...]
+| **CD50** | The source code control system establishes the provenance of each line of code in a reliable way, based on strong authentication of the committer. When third parties contribute code, commit messages provide reliable information about the code provenance. | **YES** The project uses Apache Infra managed GitHub, it ensures provenance of each line of code to a committer. Contributions are accepted in accordance with the [Contributing Guide](https://github.com/apache/incubator-sd [...]
+
+### LICENSE
+
+| **ID** | **Description** | **Status** |
+|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **LC10** | The Apache License, version 2.0, covers the released code. | **YES** The LICENSE files are present in the GitHub repository. [1](https://github.com/apache/incubator-sdap-nexus/blob/master/LICENSE) [2](https://github.com/apache/incubator-sdap-ingester/blob/dev/LICENSE.txt) [3](https://github.com/apache/incubator-sdap-nexusproto) |
+| **LC20** | Libraries that are mandatory dependencies of the project's code do not create more restrictions than the Apache License does. | **UNSURE** One top-level dependency is of an unknown license type (awaiting answers on that one); others install GPL/LGPL packages as sub-dependencies |
+| **LC30** | The libraries mentioned in LC20 are available as Open Source software. | **YES** All installed dependencies are listed in files named `requirements.txt` or `conda-requirements.txt` and are open sourced on github. |
+| **LC40** | Committers are bound by an Individual Contributor Agreement (the "Apache iCLA") that defines which code they may commit and how they need to identify code that is not their own. | **YES** All committers have iCLAs on file. |
+| **LC50** | The project clearly defines and documents the copyright ownership of everything that the project produces. | **YES?** All source files are with APLv2 header, checked manually by [rkk](mailto:rkk@apache.org). There are some misc config files, etc that do not have headers, but, as they're not source files, they've been excluded from the checks |
+
+### Releases
+
+| **ID** | **Description** | **Status** [...]
+|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [...]
+| **RE10** | Releases consist of source code, distributed using standard and open archive formats that are expected to stay readable in the long term. | **YES** Source release is distributed via [dist.apache.org](https://dist.apache.org/repos/dist/release/incubator/sdap/) and linked from [download page](https://sdap.apache.org/downloads). [...]
+| **RE20** | The project's PPMC (Project Management Committee, see CS10) approves each software release in order to make the release an act of the Foundation. | **YES** All releases have been voted at dev@sdap.a.o and general@incubator.a.o, and have required at least 3 binding +1 PPMC votes to pass. [...]
+| **RE30** | Releases are signed and/or distributed along with digests that anyone can reliably use to validate the downloaded archives. | **YES** All releases are signed, and the [KEYS](https://dist.apache.org/repos/dist/release/incubator/sdap/KEYS) are available. [...]
+| **RE40** | The project can distribute convenience binaries alongside source code, but they are not Apache Releases, they are provided with no guarantee. | **YES** Users can easily build binaries from source code using the provided guide. Binary images are not provided as official Apache realease, though some are available through [Apache dockerhub](https://hub.docker.com/search?q=apache%2Fsdap-). [...]
+| **RE50** | The project documents a repeatable release process so that someone new to the project can independently generate the complete set of artifacts required for a release. | **YES** We can follow the [Release guide](https://gist.github.com/RKuttruff/f418f37d2424d32c05995c9027e832c2) to make new Apache Kvrocks releases, and so far we had 3 different release managers (2 completed a release; 1 in in progress). The guide is not (yet) publically available, but is provided to a future [...]
+
+### Quality
+
+| **ID** | **Description** | **Status** |
+|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **QU10** | The project is open and honest about the quality of its code. Various levels of quality and maturity for various modules are natural and acceptable as long as they are clearly communicated. | **YES** We maintain an [ASF Jira instance](https://issues.apache.org/jira/projects/SDAP/) to enable users and community to report issues. PPMC and committers are notified via email when tickets are created. |
+| **QU20** | The project puts a very high priority on producing secure software. | **YES** Though infrequent, security issues are addressed with the highest priority. |
+| **QU30** | The project provides a well-documented, secure and private channel to report security issues, along with a documented way of responding to them. | **YES** Website has a link direct to the ASF security team. |
+| **QU40** | The project puts a high priority on backwards compatibility and aims to document any incompatible changes and provide tools and documentation to help users transition to new features. | **Not fully Evaluated** Some tools are provided to transition old deployments to newer versions. Some versions are incompatible with data/backend storage schema of older deployments. |
+| **QU50** | The project strives to respond to documented bug reports in a timely manner. | **YES?** The project has received 500+ issues, recent high-priority issues are closed with fast turnaround. There are unfortunately a number of older tickets that have not been properly closed. 300+ merged PRs. |
+
+### Community
+
+| **ID** | **Description** | **Status** |
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **CO10** | The project has a well-known homepage that points to all the information required to operate according to this maturity model. | **YES** The [website](https://sdap.apache.org/) includes or links to all information user need to run Apache SDAP. |
+| **CO20** | The community welcomes contributions from anyone who acts in good faith and in a respectful manner, and who adds value to the project. | **YES** Apache SDAP website points prospective viewers to our github repositories and mailing lists, inviting any interested to join. |
+| **CO30** | Contributions include source code, documentation, constructive bug reports, constructive discussions, marketing and generally anything that adds value to the project. | **YES** All good contributions including code and non-code are welcomed. |
+| **CO40** | The community strives to be meritocratic and gives more rights and responsibilities to contributors who, over time, add value to the project. | **YES** The community has elected 5 new PPMC members in 2022 and 2023. |
+| **CO50** | The project documents how contributors can earn more rights such as commit access or decision power, and applies these principles consistently. | **NOT YET** |
+| **CO60** | The community operates based on consensus of its members (see CS10) who have decision power. Dictators, benevolent or not, are not welcome in Apache projects. | **YES - For major changes** Major project decisions (releases, large PRs, PPMC additions) are made by community VOTE on dev@. Some smaller PRs are reviewed and approved by the PPMC through Github. |
+| **CO70** | The project strives to answer user questions in a timely manner. | **YES** We have resources such as ASF Slack, our mailing lists, Jira, etc that users can use to ask questions of the community. Links to all of these are provided on our website. |
+
+### Consensus
+
+| **ID** | **Description** | **Status** [...]
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [...]
+| **CS10** | The project maintains a public list of its contributors who have decision power. The project's PPMC (Project Management Committee) consists of those contributors. | **YES** The website has a list of [team and community members](https://sdap.apache.org/team): PPMC, mentors and additional collaborators (SDAP users who frequently provide helpful input), with names, emails and github links. [...]
+| **CS20** | Decisions require a consensus among PPMC members and are documented on the project's main communications channel. The PPMC takes community opinions into account, but the PPMC has the final word. | **YES** All decisions are made by votes on dev@sdap.apache.org, and with at least 3 +1 votes from PPMC. [...]
+| **CS30** | The project uses documented voting rules to build consensus when discussion is not sufficient. | **YES** The project uses the standard ASF voting rules. [...]
+| **CS40** | In Apache projects, vetoes are only valid for code commits. The person exercising the veto must justify it with a technical explanation, as per the Apache voting rules defined in CS30. | **YES** Apache SDAP community has not used the veto power yet except for code commits. [...]
+| **CS50** | All "important" discussions happen asynchronously in written form on the project's main communications channel. Offline, face-to-face or private discussions that affect the project are also documented on that channel. | **YES** All important discussions and conclusions are recorded in written form. The SDAP community hosts a monthly public meeting to discuss project issues and progress. Invites and reminders are posted to dev@ prior to the meetings, agendas are available thr [...]
+
+### Independence
+
+| **ID** | **Description** | **Status** |
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|
+| **IN10** | The project is independent from any corporate or organizational influence. | **???** The PPMC members .... (How many from JPL? NCAR? Others? ... Majority) |
+| **IN20** | Contributors act as themselves, not as representatives of a corporation or organization. | **YES** The contributors act on their own initiative without representing a corporation or organization. |