@Weiwei Yang <[email protected]> Could you please add WIKI as well to this?
Thanks Sunil On Sun, Jan 23, 2022 at 1:33 PM Weiwei Yang <[email protected]> wrote: > Thank you Felix. > I have added the initial podling status file: > > https://svn.apache.org/repos/asf/incubator/public/trunk/content/podlings/yunikorn.yml > . > Please let me know if that looks good or not. > > On Sat, Jan 22, 2022 at 10:18 PM Sunil Govindan <[email protected]> wrote: > > > I will reach out to them. > > > > Thanks > > Sunil > > > > On Sat, Jan 22, 2022 at 9:00 PM Felix Cheung <[email protected]> > > wrote: > > > > > Pls add the podling status file > > > > > > https://svn.apache.org/repos/asf/incubator/public/trunk/content/podlings/ > > > > > > 3 ppmc members have not subscribed to private@ > > > > > > These can be found on > > > https://whimsy.apache.org/roster/ppmc/yunikorn > > > > > > < > > > https://svn.apache.org/repos/asf/incubator/public/trunk/content/podlings/ > > > > > > > ________________________________ > > > From: Weiwei Yang <[email protected]> > > > Sent: Thursday, January 20, 2022 10:05:55 PM > > > To: [email protected] <[email protected]> > > > Cc: [email protected] <[email protected]> > > > Subject: Re: Apache YuniKorn (Incubating) - Community Graduation Vote > > > > > > hi all > > > > > > Most issues under the graduation preparation JIRA YUNIKORN-1005 > > > <https://issues.apache.org/jira/browse/YUNIKORN-1005> are fixed. > > > The remaining one is the who-are-we web page, I am currently collecting > > > info for that, should be done by next week. > > > Shall we start to vote now? I can start a new thread for the community > > > voting if nobody has objections. > > > > > > On Tue, Jan 11, 2022 at 11:02 AM Wilfred Spiegelenburg < > > > [email protected]> > > > wrote: > > > > > > > None of the security lists mentioned in the security page [1] are > > > > moderated. They are private lists, i.e. not openly available for > > > > browsing in an archive, but not moderated. Using the private@ for > > > > YuniKorn does not seem to line up with what other projects do either. > > > > None of the recently graduated projects mention anything like using > > > > the private@ mailing list on their sites. They all have just used > the > > > > general security link mentioned on their site unless they have a > > > > specific security@ list. YuniKorn would be the one standing out from > > > > what seems to be the norm. > > > > Examples from the last 2 years of graduated projects using a simple > > > > link or a text pointing to [1]: Pinot, Dolphinscheduler, Ratis, > > > > Echarts, Gobblin, TVM, Superset and Datasketches. There are more but > I > > > > think this provides an overview of what is expected on graduation. > > > > > > > > Wilfred > > > > > > > > [1] https://www.apache.org/security/ > > > > > > > > On Tue, 11 Jan 2022 at 18:21, Weiwei Yang <[email protected]> wrote: > > > > > > > > > > Hi Wilfred > > > > > > > > > > Adding a security@ mailing list sounds like a good idea, but I do > > not > > > > think that is required in the current stage. > > > > > We can do that post-graduate. For now, the Apache security doc said > > > > > > > > > > > We strongly encourage you to report potential security > > > vulnerabilities > > > > to one of our private security mailing lists first, before disclosing > > > them > > > > in a public forum. > > > > > > > > > > I do not see any issue if we use our private@ mailing list for > this > > > > purpose. > > > > > > > > > > On Mon, Jan 10, 2022 at 11:01 PM Wilfred Spiegelenburg < > > > > [email protected]> wrote: > > > > >> > > > > >> The private@ is a moderated list. This has two issues: a > moderator > > > > >> needs to approve any message not sent by a PMC member. This will > > slow > > > > >> down the process of interaction with the reporter. It would also > not > > > > >> reach the YuniKorn committers group as not all committers are part > > of > > > > >> the PMC. Security issues should be handled and worked on by all > > > > >> committers not just by the PMC members. > > > > >> > > > > >> The security notification update made to the website I think does > > not > > > > >> line up with the security guidelines referenced in the link > provided > > > > >> in the dropdown menu of the YuniKorn site [1]. In that link there > > is a > > > > >> well defined way to report security issues. If we need to enhance > > and > > > > >> extend what we do we either establish a security@ mailing list > and > > > > >> provide a static page with security related information on our > site > > or > > > > >> we leave it as is. My preference would be to establish a security@ > > > > >> list and make all committers a member of that list. > > > > >> > > > > >> I think we need to roll back the website changes part of > > YUNIKORN-1006 > > > > >> [2] in PR [3] for the website. > > > > >> > > > > >> Wilfred > > > > >> > > > > >> [1] https://www.apache.org/security/ > > > > >> [2] https://issues.apache.org/jira/browse/YUNIKORN-1006 > > > > >> [3] https://github.com/apache/incubator-yunikorn-site/pull/105 > > > > >> > > > > >> On Tue, 11 Jan 2022 at 04:45, Holden Karau <[email protected]> > > > > wrote: > > > > >> > > > > > >> > For "The project provides a well-documented, secure and private > > > > channel to report security issues, along with a documented way of > > > > responding to them.' the standard that I've seen used is to tell > people > > > to > > > > e-mail private@ when they think they might have a security related > > > issue. > > > > I think that would probably work well for Yunikorn too. > > > > >> > > > > > >> > > > > > >> > On Mon, Jan 10, 2022 at 7:04 AM Chenya Zhang < > > > > [email protected]> wrote: > > > > >> >> > > > > >> >> Hi Weiwei, > > > > >> >> > > > > >> >> Thanks for driving this! The evaluation is quite comprehensive > > > > overall. I checked our Apache project maturity guidelines and noticed > > the > > > > below three items. Not sure if we already have them but they are not > > > > blockers to our graduation. We could think more about them along the > > way. > > > > >> >> > > > > >> >> QU30 > > > > >> >> > > > > >> >> The project provides a well-documented, secure and private > > channel > > > > to report security issues, along with a documented way of responding > to > > > > them. > > > > >> >> > > > > >> >> QU40 > > > > >> >> > > > > >> >> The project puts a high priority on backwards compatibility and > > > aims > > > > to document any incompatible changes and provide tools and > > documentation > > > to > > > > help users transition to new features. > > > > >> >> > > > > >> >> CO50 > > > > >> >> > > > > >> >> The project documents how contributors can earn more rights > such > > as > > > > commit access or decision power, and applies these principles > > > consistently. > > > > >> >> > > > > >> >> > > > > >> >> Thanks, > > > > >> >> > > > > >> >> Chenya > > > > >> >> > > > > >> >> > > > > >> >> > > > > >> >> On Mon, Jan 10, 2022 at 12:00 AM Weiwei Yang <[email protected]> > > > > wrote: > > > > >> >>> > > > > >> >>> Hi YuniKorn community and mentors > > > > >> >>> > > > > >> >>> Based on the discussion thread [1], after 2 years time of > > > > incubating, it is > > > > >> >>> considered that now is a good time to graduate YuniKorn from > the > > > ASF > > > > >> >>> incubator and become a top-level Apache project. We have > > reviewed > > > > the ASF > > > > >> >>> project maturity model [2] and provided some assessment of the > > > > project's > > > > >> >>> maturity based on the guidelines. Details are included as the > > > > following. > > > > >> >>> Please read this and share your thoughts by replying to this > > > email, > > > > your > > > > >> >>> feedback will be much appreciated!!! > > > > >> >>> > > > > >> >>> *Code, License, and Copyright* > > > > >> >>> > > > > >> >>> All code is maintained on github, under Apache 2.0 license. We > > > have > > > > >> >>> reviewed all the dependencies and ensured they do not bring > any > > > > license > > > > >> >>> issues. All the status files, license headers, and copyright > are > > > up > > > > to date. > > > > >> >>> > > > > >> >>> *Release* > > > > >> >>> > > > > >> >>> The community has released 5 releases in the past 2 years, i.e > > > > v0.8, v0.9, > > > > >> >>> v0.10, v0,11, and v0.12. These releases were done by 5 > different > > > > release > > > > >> >>> managers [3] and indicate the community can create releases > > > > independently. > > > > >> >>> We have also a well-documented release process, automated > tools > > to > > > > help new > > > > >> >>> release managers with the process. > > > > >> >>> > > > > >> >>> *Quality* > > > > >> >>> > > > > >> >>> The community has developed a comprehensive CI/CD pipeline as > a > > > > guard of > > > > >> >>> the code quality. The pipeline runs per-commit license check, > > > > code-format > > > > >> >>> check, code-coverage check, UT, and end-to-end tests. All > these > > > are > > > > built > > > > >> >>> as automated github actions, new contributors can easily > trigger > > > > and view > > > > >> >>> results when submitting patches. > > > > >> >>> > > > > >> >>> *Community* > > > > >> >>> > > > > >> >>> The community has developed an easy-to-read homepage for the > > > > project [4], > > > > >> >>> the website hosts all the materials related to the project > > > including > > > > >> >>> versioned documentation, user docs, developer docs, design > docs, > > > > >> >>> performance docs. It provides the top-level navigation to the > > > > software > > > > >> >>> download page, where links to all our previous releases. It > also > > > > has the > > > > >> >>> pages for the new contributors on-boarding with the project, > > such > > > > as how to > > > > >> >>> join community meetings, events links, etc. > > > > >> >>> > > > > >> >>> The community shows appreciation to all contributors and > > welcomes > > > > all kinds > > > > >> >>> of contributions (not just for code). We have built an open, > > > diverse > > > > >> >>> community and gathered many people to work together. With > that, > > we > > > > have 41 > > > > >> >>> unique code contributors and some non-code contributors as > well. > > > > Many of > > > > >> >>> them have becoming to be committers and PPMC members while > > working > > > > with the > > > > >> >>> community. There were 2 new mentors, 8 new committers, 2 new > > PPMC > > > > from 6 > > > > >> >>> different organizations [5] added in the incubating phase. And > > in > > > > total, > > > > >> >>> the project has 6 mentors, 21 PPMC, and 27 committers from at > > > least > > > > 14 > > > > >> >>> different organizations. Community collaboration was done in a > > > > wide-public, > > > > >> >>> open manner, we leverage regular bi-weekly/weekly community > > > > meetings for 2 > > > > >> >>> different timezones [6] and dev/user slack channels, mailing > > lists > > > > for > > > > >> >>> offline discussions. > > > > >> >>> > > > > >> >>> *Independence* > > > > >> >>> > > > > >> >>> The project was initially donated by Cloudera, but with a > > diverse > > > > open > > > > >> >>> source community, it has been operated as an independent > project > > > > since it > > > > >> >>> entered into ASF incubator. The committers and PPMC members > are > > a > > > > group of > > > > >> >>> passionate people from at least 14 different organizations, > such > > > as > > > > >> >>> Alibaba, Apple, Cloudera, Databricks, LinkedIn, Microsoft, > > > > Snowflake, etc. > > > > >> >>> The project's success is not depending on any single entity. > > > > >> >>> > > > > >> >>> I have enough reasons to believe the project has done > > sustainable > > > > >> >>> development successfully in the Apache way. Again, please > share > > > your > > > > >> >>> thoughts, all YuniKorn contributors, committers, PPMC, and > > > mentors. > > > > Thank > > > > >> >>> you! > > > > >> >>> > > > > >> >>> [1] > > > > https://lists.apache.org/thread/dno411y59g2pcy1d3kd7s3kdjz9jw65n > > > > >> >>> [2] > > > > >> >>> > > > > > > > > > > https://community.apache.org/apache-way/apache-project-maturity-model.html > > > > >> >>> > > > > >> >>> [3] https://yunikorn.apache.org/community/download > > > > >> >>> [4] https://yunikorn.apache.org/ > > > > >> >>> [5] https://incubator.apache.org/projects/yunikorn.html > > > > >> >>> > > > > >> >>> [6] > > > > >> >>> > > > > > > > > > > https://docs.google.com/document/d/165gzC7uhcKc5XDWiMYSRKBiPQBy2tDtXADUPuhGlUa0 > > > > >> > > > > > >> > > > > > >> > > > > > >> > -- > > > > >> > Twitter: https://twitter.com/holdenkarau > > > > >> > Books (Learning Spark, High Performance Spark, etc.): > > > > https://amzn.to/2MaRAG9 > > > > >> > YouTube Live Streams: https://www.youtube.com/user/holdenkarau > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > >
