Thanks Brendan for having a look through the doc. Regarding security, it is an important focus of ours. I think using the standard Apache policy and email address (secur...@apache.org) is ok at the moment. If we start to see more reports, we can look into setting up a dedicated Pekko mailing list like the ones that some ASF projects have.
On Thu, 18 Jan 2024 at 20:01, Brendan Doyle <bdo...@apache.org> wrote: > > I've gone through your in progress check list now PJ. Ignore my comment on > security vuln reporting then. All looks good to me in that check list! > > On 2024/01/18 18:55:35 Brendan Doyle wrote: > > Yes I think there's some confusion here on waiting for 1.1.0 and topic of > > this thread. Pekko is already very mature due to the nature of how the > > project originated in comparison to other Apache projects and how they > > graduate. Generally a self-assessment is done following these guidelines: > > > > https://community.apache.org/apache-way/apache-project-maturity-model.html > > > > I would say Pekko already easily passes almost all of these guidelines, > > especially in comparison to other top level projects. The one area that > > needs to be taken care of is formalizing the standard governance with the > > PMC, which PJ has taken initiative on in another thread. > > > > My one other suggestion from these guidelines I linked is formalizing a > > security vulnerability reporting process to a secure / private location if > > not done already. This could just be the private mailing list that only the > > PMC has access to or some other method, but should be clearly documented / > > well understood for anyone to find how to report. But security vulns are > > very important for a framework as robust as Pekko. > > > > Thanks, > > Brendan D. > > > > On 2024/01/17 15:22:05 PJ Fanning wrote: > > > This mailing thread is not about Pekko 1.1.0. It is about the management > > > about the Pekko project. There are other mail threads to discuss releases. > > > > > > On Wed 17 Jan 2024, 16:18 laglangyue, <laglan...@foxmail.com> wrote: > > > > > > > I have recently joined the community, and my opinion is that Pekko > > > > inherits Akka. Akka itself is a very mature project, and we are now > > > > fairly > > > > stable, so it is indeed possible for us to graduate. As a vote, I give > > > > +1. > > > > What I would prefer is that we graduate when preparing for the release > > > > of > > > > version 1.1.0. I believe that in 1.1.0, Pekko truly becomes its own > > > > feature. > > > > > > > > 发自我的iPhone > > > > > > > > > > > > ------------------ Original ------------------ > > > > From: PJ Fanning <fannin...@apache.org> > > > > Date: Wed,Jan 17,2024 9:09 PM > > > > To: dev <dev@pekko.apache.org> > > > > Subject: Re: [DISCUSS] Time for Apache Pekko to become an Apache Top > > > > Level > > > > Project? > > > > > > > > > > > > > > > > Hi everyone, > > > > > > > > Apache Pekko has been in the Apache Incubator for over a year and I > > > > think we have made very good progress. > > > > > > > > * All modules have at least a v1.0.0 release > > > > * 17 releases (across 12 modules) > > > > * Evidence of good uptake of the Pekko releases and a large number of > > > > ecosystem libs now support Pekko > > > > * well over 1000 PRs merged > > > > * 25+ code contributors > > > > * dozens more users who have been involved in discussions, code > > > > reviews, raising issues, etc. > > > > > > > > I have filled out an assessment form. It is Work in Progress and I > > > > welcome comments and changes from anyone in the community. > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/PEKKO/Apache+Maturity+Model+Assessment+for+Pekko > > > > > > > > I would appreciate feedback on whether people think we are ready to > > > > become a TLP. > > > > > > > > Thanks, > > > > PJ > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org > > > > For additional commands, e-mail: dev-h...@pekko.apache.org > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org > > For additional commands, e-mail: dev-h...@pekko.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org > For additional commands, e-mail: dev-h...@pekko.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org For additional commands, e-mail: dev-h...@pekko.apache.org
