tisonkun commented on code in PR #416: URL: https://github.com/apache/incubator-streampark-website/pull/416#discussion_r1846440908
########## community/maturity.md: ########## @@ -0,0 +1,88 @@ +--- +id: 'maturity' +title: 'Maturity' +sidebar_position: 5 +--- + +# Maturity Assessment for Apache StreamPark™ + +The goals of this maturity model are to describe how Apache projects operate in a concise and high-level way, and to provide a basic framework that projects may choose to use to evaluate themselves. + +More details can be found [here](https://community.apache.org/apache-way/apache-project-maturity-model.html). + +## Status of this assessment + +This assessment is still working in progress. + +## Maturity model assessment + +The following table is filled according to the [Apache Maturity Model](https://community.apache.org/apache-way/apache-project-maturity-model.html). Mentors and community members are welcome to comment and modify it. + +### CODE + +| **ID** | **Description** | **Status** | +| -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **CD10** | The project produces Open Source software for distribution to the public, at no charge. | **YES** The project source code is licensed under the `Apache License 2.0`. | +| **CD20** | Anyone can easily discover and access the project's code.. | **YES** The [official website](https://streampark.apache.org/) includes `GitHub` link which can access the project's repository on GitHub directly. | +| **CD30** | Anyone using standard, widely-available tools, can build the code in a reproducible way. | **YES** Apache StreamPark provide `build.sh` script, which can quickly build the project). | +| **CD40** | The full history of the project's code is available via a source code control system, in a way that allows anyone to recreate any released version. | **YES** Anyone can view the full history of the project via commit logs. | +| **CD50** | The source code control system establishes the provenance of each line of code in a reliable way, based on strong authentication of the committer. When third parties contribute code, commit messages provide reliable information about the code provenance. | **YES** The project uses GitHub and managed by Apache Infra, it ensuring provenance of each line of code to a committer. And the third-party contributions are accepted in accordance with the contributing guides. | + +### LICENSE + +| **ID** | **Description** | **Status** | +| -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |-------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **LC10** | The Apache License, version 2.0, covers the released code. | **YES** The [LICENSE](https://github.com/apache/incubator-streampark/blob/dev/LICENSE) is in GitHub repository. And all source files are with APLv2 header. | +| **LC20** | Libraries that are mandatory dependencies of the project's code do not create more restrictions than the Apache License does. | **YES** All dependencies are listed. | +| **LC30** | The libraries mentioned in LC20 are available as Open Source software. | **YES** All dependencies are listed are available as Open Source software | +| **LC40** | Committers are bound by an Individual Contributor Agreement (the "Apache iCLA") that defines which code they may commit and how they need to identify code that is not their own. | **YES** All committers have iCLAs. | +| **LC50** | The project clearly defines and documents the copyright ownership of everything that the project produces. | **YES** And all source files are with APLv2 header, checked by [license-eye](https://github.com/apache/skywalking-eyes) | + +### Releases + +| **ID** | **Description** | **Status** | +| -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **RE10** | Releases consist of source code, distributed using standard and open archive formats that are expected to stay readable in the long term. | **YES** Source release is distributed via [dist.apache.org](https://dist.apache.org/repos/dist/release/incubator/streampark/) and linked from [download page](https://streampark.apache.org/download/). | +| **RE20** | The project's PPMC (Project Management Committee, see CS10) approves each software release in order to make the release an act of the Foundation. | **YES** All releases have been voted at [email protected] and [email protected], and have at least 3 PPMC member's votes. | +| **RE30** | Releases are signed and/or distributed along with digests that anyone can reliably use to validate the downloaded archives. | **YES** All releases are signed, and the [KEYS](https://dist.apache.org/repos/dist/release/incubator/streampark/KEYS) are available. | +| **RE40** | The project can distribute convenience binaries alongside source code, but they are not Apache Releases, they are provided with no guarantee. | **YES** User can easily build binaries from source code, and we do not provide binaries as Apache Releases. | +| **RE50** | The project documents a repeatable release process so that someone new to the project can independently generate the complete set of artifacts required for a release. | **YES** We can follow the [Release guide](https://streampark.apache.org/community/release/how_to_release_version) to make a new Apache StreamPark release, and so far we had 6 different release managers. | + +### Quality + +| **ID** | **Description** | **Status** | +| -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **QU10** | The project is open and honest about the quality of its code. Various levels of quality and maturity for various modules are natural and acceptable as long as they are clearly communicated. | **YES** We encourage user to [report issues](https://github.com/apache/incubator-streampark/issues). | +| **QU20** | The project puts a very high priority on producing secure software. | **YES** We will promptly confirm any security issues. Currently, All reported security issues have been resolved. | +| **QU30** | The project provides a well-documented, secure and private channel to report security issues, along with a documented way of responding to them. | **Yes** Yes The official website provides a [Security page](https://streampark.apache.org/community/maturity) | Review Comment: ```suggestion | **QU30** | The project provides a well-documented, secure and private channel to report security issues, along with a documented way of responding to them. | **Yes** Yes The official website provides a [Security page](https://streampark.apache.org/community/security) | ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
