This is an automated email from the ASF dual-hosted git repository.
rkk pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/incubator-sdap-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new bb9cd2e maturity model draft to public repo
bb9cd2e is described below
commit bb9cd2ecf7436fa2e0036c402a3ba5e887c18d75
Author: rileykk <[email protected]>
AuthorDate: Wed Jan 10 12:28:19 2024 -0800
maturity model draft to public repo
---
maturity.md | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 82 insertions(+)
diff --git a/maturity.md b/maturity.md
new file mode 100644
index 0000000..4d43606
--- /dev/null
+++ b/maturity.md
@@ -0,0 +1,82 @@
+# Maturity Assessment for Apache SDAP
+
+The goals of this maturity model are to describe how Apache projects operate
in a concise and high-level way, and to provide a basic framework that projects
may choose to use to evaluate themselves.
+
+More details can be found
[here](https://community.apache.org/apache-way/apache-project-maturity-model.html).
+
+## Status of this assessment
+
+This assessment is still in progress.
+
+## Maturity model assessment
+
+The following table is filled according to the [Apache Maturity
Model](https://community.apache.org/apache-way/apache-project-maturity-model.html).
Mentors and community members are welcome to comment and modify it.
+
+### CODE
+
+| **ID** | **Description**
| **Status**
[...]
+|----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
+| **CD10** | The project produces Open Source software for distribution to the
public, at no charge.
| **YES** The project source code is licensed
under the `Apache License 2.0`.
[...]
+| **CD20** | Anyone can easily discover and access the project's code..
| **YES** The [offical
website](https://sdap.apache.org/) includes direct links to the Github
repositories with the project's codebase.
[...]
+| **CD30** | Anyone using standard, widely-available tools, can build the code
in a reproducible way.
| **YES** Apache SDAP provides a build guide
([github](https://github.com/apache/incubator-sdap-nexus/blob/master/docs/build.rst)
\|
[readthedocs](https://incubator-sdap-nexus.readthedocs.io/en/latest/build.html))
to enable [...]
+| **CD40** | The full history of the project's code is available via a source
code control system, in a way that allows anyone to recreate any released
version.
| **YES** We use git, enabling a full
commit history and viewing differences between specific commits.
[...]
+| **CD50** | The source code control system establishes the provenance of each
line of code in a reliable way, based on strong authentication of the
committer. When third parties contribute code, commit messages provide reliable
information about the code provenance. | **YES** The project uses Apache Infra
managed GitHub, it ensures provenance of each line of code to a committer.
Contributions are accepted in accordance with the [Contributing
Guide](https://github.com/apache/incubator-sd [...]
+
+### LICENSE
+
+| **ID** | **Description**
| **Status**
|
+|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **LC10** | The Apache License, version 2.0, covers the released code.
| **YES** The LICENSE files are present in the
GitHub repository.
[1](https://github.com/apache/incubator-sdap-nexus/blob/master/LICENSE)
[2](https://github.com/apache/incubator-sdap-ingester/blob/dev/LICENSE.txt)
[3](https://github.com/apache/incubator-sdap-nexusproto) |
+| **LC20** | Libraries that are mandatory dependencies of the project's code
do not create more restrictions than the Apache License does.
| **UNSURE** One top-level dependency is of
an unknown license type (awaiting answers on that one); others install GPL/LGPL
packages as sub-dependencies
|
+| **LC30** | The libraries mentioned in LC20 are available as Open Source
software.
| **YES** All installed dependencies are
listed in files named `requirements.txt` or `conda-requirements.txt` and are
open sourced on github.
|
+| **LC40** | Committers are bound by an Individual Contributor Agreement (the
"Apache iCLA") that defines which code they may commit and how they need to
identify code that is not their own. | **YES** All committers have iCLAs on
file.
|
+| **LC50** | The project clearly defines and documents the copyright ownership
of everything that the project produces.
| **YES?** All source files are with APLv2
header, checked manually by [rkk](mailto:[email protected]). There are some misc
config files, etc that do not have headers, but, as they're not source files,
they've been excluded from the checks |
+
+### Releases
+
+| **ID** | **Description**
| **Status**
[...]
+|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
+| **RE10** | Releases consist of source code, distributed using standard and
open archive formats that are expected to stay readable in the long term.
| **YES** Source release is distributed via
[dist.apache.org](https://dist.apache.org/repos/dist/release/incubator/sdap/)
and linked from [download page](https://sdap.apache.org/downloads).
[...]
+| **RE20** | The project's PPMC (Project Management Committee, see CS10)
approves each software release in order to make the release an act of the
Foundation. | **YES** All releases have been voted at
[email protected] and [email protected], and have required at least 3 binding +1
PPMC votes to pass.
[...]
+| **RE30** | Releases are signed and/or distributed along with digests that
anyone can reliably use to validate the downloaded archives.
| **YES** All releases are signed, and the
[KEYS](https://dist.apache.org/repos/dist/release/incubator/sdap/KEYS) are
available.
[...]
+| **RE40** | The project can distribute convenience binaries alongside source
code, but they are not Apache Releases, they are provided with no guarantee.
| **YES** Users can easily build binaries from source
code using the provided guide. Binary images are not provided as official
Apache realease, though some are available through [Apache
dockerhub](https://hub.docker.com/search?q=apache%2Fsdap-).
[...]
+| **RE50** | The project documents a repeatable release process so that
someone new to the project can independently generate the complete set of
artifacts required for a release. | **YES** We can follow the [Release
guide](https://gist.github.com/RKuttruff/f418f37d2424d32c05995c9027e832c2) to
make new Apache Kvrocks releases, and so far we had 3 different release
managers (2 completed a release; 1 in in progress). The guide is not (yet)
publically available, but is provided to a future [...]
+
+### Quality
+
+| **ID** | **Description**
| **Status**
|
+|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **QU10** | The project is open and honest about the quality of its code.
Various levels of quality and maturity for various modules are natural and
acceptable as long as they are clearly communicated. | **YES** We maintain an
[ASF Jira instance](https://issues.apache.org/jira/projects/SDAP/) to enable
users and community to report issues. PPMC and committers are notified via
email when tickets are created. |
+| **QU20** | The project puts a very high priority on producing secure
software.
| **YES** Though
infrequent, security issues are addressed with the highest priority.
|
+| **QU30** | The project provides a well-documented, secure and private
channel to report security issues, along with a documented way of responding to
them. | **YES** Website has a link
direct to the ASF security team.
|
+| **QU40** | The project puts a high priority on backwards compatibility and
aims to document any incompatible changes and provide tools and documentation
to help users transition to new features. | **Not fully Evaluated** Some
tools are provided to transition old deployments to newer versions. Some
versions are incompatible with data/backend storage schema of older
deployments. |
+| **QU50** | The project strives to respond to documented bug reports in a
timely manner.
| **YES?** The project has
received 500+ issues, recent high-priority issues are closed with fast
turnaround. There are unfortunately a number of older tickets that have not
been properly closed. 300+ merged PRs. |
+
+### Community
+
+| **ID** | **Description**
| **Status**
|
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **CO10** | The project has a well-known homepage that points to all the
information required to operate according to this maturity model.
| **YES** The
[website](https://sdap.apache.org/) includes or links to all information user
need to run Apache SDAP.
|
+| **CO20** | The community welcomes contributions from anyone who acts in good
faith and in a respectful manner, and who adds value to the project.
| **YES** Apache SDAP website
points prospective viewers to our github repositories and mailing lists,
inviting any interested to join.
|
+| **CO30** | Contributions include source code, documentation, constructive
bug reports, constructive discussions, marketing and generally anything that
adds value to the project.
| **YES** All good
contributions including code and non-code are welcomed.
|
+| **CO40** | The community strives to be meritocratic and gives more rights
and responsibilities to contributors who, over time, add value to the project.
| **YES** The community has
elected 5 new PPMC members in 2022 and 2023.
|
+| **CO50** | The project documents how contributors can earn more rights such
as commit access or decision power, and applies these principles consistently.
| **NOT YET**
|
+| **CO60** | The community operates based on consensus of its members (see
CS10) who have decision power. Dictators, benevolent or not, are not welcome in
Apache projects.
| **YES - For major changes**
Major project decisions (releases, large PRs, PPMC additions) are made by
community VOTE on dev@. Some smaller PRs are reviewed and approved by the PPMC
through Github. |
+| **CO70** | The project strives to answer user questions in a timely manner.
| **YES** We have resources such
as ASF Slack, our mailing lists, Jira, etc that users can use to ask questions
of the community. Links to all of these are provided on our website.
|
+
+### Consensus
+
+| **ID** | **Description**
|
**Status**
[...]
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
+| **CS10** | The project maintains a public list of its contributors who have
decision power. The project's PPMC (Project Management Committee) consists of
those contributors. |
**YES** The website has a list of [team and community
members](https://sdap.apache.org/team): PPMC, mentors and additional
collaborators (SDAP users who frequently provide helpful input), with names,
emails and github links. [...]
+| **CS20** | Decisions require a consensus among PPMC members and are
documented on the project's main communications channel. The PPMC takes
community opinions into account, but the PPMC has the final word.
| **YES** All decisions are made by votes on [email protected], and
with at least 3 +1 votes from PPMC.
[...]
+| **CS30** | The project uses documented voting rules to build consensus when
discussion is not sufficient.
|
**YES** The project uses the standard ASF voting rules.
[...]
+| **CS40** | In Apache projects, vetoes are only valid for code commits. The
person exercising the veto must justify it with a technical explanation, as per
the Apache voting rules defined in CS30. |
**YES** Apache SDAP community has not used the veto power yet except for code
commits.
[...]
+| **CS50** | All "important" discussions happen asynchronously in written form
on the project's main communications channel. Offline, face-to-face or private
discussions that affect the project are also documented on that channel. |
**YES** All important discussions and conclusions are recorded in written form.
The SDAP community hosts a monthly public meeting to discuss project issues and
progress. Invites and reminders are posted to dev@ prior to the meetings,
agendas are available thr [...]
+
+### Independence
+
+| **ID** | **Description**
| **Status**
|
+|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|
+| **IN10** | The project is independent from any corporate or organizational
influence.
| **???** The PPMC members ....
(How many from JPL? NCAR? Others? ... Majority) |
+| **IN20** | Contributors act as themselves, not as representatives of a
corporation or organization.
| **YES** The contributors
act on their own initiative without representing a corporation or organization.
|
