Hi - I think that the model is a good measure and the development of it was an excellent example of the group dynamic in using a wiki. It is a list of best practices. If a podling goes through the process then we ought to treat it as a fair effort.
I think that it would be worth applying a similar wiki based discussion to review the state of Podling intake and graduation check lists. I know your working on that and I would like to help when we bring Daffodil in. You bring up security reporting for Hadoop. A discussion of security requirements with the security team should be done, but not here because the examples I have are private. The problem is that (P)PMC and PMC need to monitor security issues with releases but under the current plan they often have only a few PMC members paying attention. This can lead to trouble with PMC oversight issues. The ASF gives projects substantial freedom, but in return there are norms around (in no particular order): - Foundation links. - Branding - Fundraising - Legal - Security - Infra - Community This is a lot to absorb and learn. Regards, Dave > On Aug 25, 2017, at 12:11 PM, John D. Ament <johndam...@apache.org> wrote: > > (changing subjects to avoid confusion in RocketMQ's discussion) > > I've been pretty explicit about my disdain in the past over the use of the > Apache Project Maturity Model. The model describes an ideal world that all > projects should strive for, but I would be surprised if many projects > passed it. > > Its unfair for us to put some stake in the ground expecting podlings to > match up 100% on the questions. Many of the questions are subjective - is > the code easy to discover? respond to bug reports in a timely manner? > > My take is that if a podling can answer 1 question per section correctly, > and there's some validity to the answer (e.g. the IN section requires a > polygraph test) then they're on their way. For instance, figuring out how > to report a security issue around Apache Hadoop leads me to vendor websites > first, the first apache.org match is on the second page. This creates > violations in the CO, QU, and IN categories. > > John > > On Thu, Aug 24, 2017 at 3:30 PM Bertrand Delacretaz < > bdelacre...@codeconsult.ch> wrote: > >> On Thu, Aug 24, 2017 at 1:06 PM, John D. Ament <johndam...@apache.org> >> wrote: >>> ...please understand that the Apache Maturity Model is something that >>> helps the com dev team evaluate TLPs against. Its relevance to a >>> graduating podling is extremely small... >> >> FWIW, I disagree...I think the maturity model is a great tool to help >> discover areas that podlings might have neglected in their work >> towards graduation. >> >> It's not THE single tool to evaluate TLP readiness, but I wouldn't >> qualify its relevance as "extremely small". >> >> (John - maybe we agree on the core, but I just reread the model and love >> it ;-) >> >> -Bertrand >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> >>
signature.asc
Description: Message signed with OpenPGP
