corinthia-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Kelly <>
Subject Re: ASF maturity model.
Date Sun, 09 Aug 2015 16:46:20 GMT
Here are my thoughts on the questions/responses:

CD20: "The project's code is easily discoverable and publicly accessible."

Perhaps provide a link to the repository as evidence

LC30: (your comment) "The definition of libraries seems to be missing, when developing for
e.g. MS-Windows or OS-X all kind of closed source libraries are part of the linking (at least
in the C/C++ world). Is library only a loose term for something installed extra on the target
platform, and the builtin libraries do not count ?"

Although the intention (as I understand it) of preventing projects from requiring LGPL licenses
makes sense, in practice it has the effect of encouraging projects to rely instead on APIs
that are provided only by proprietary operatings systems. For example instead of using Qt
and having an editor which everyone can use, it may be that we end up (for example) distributing
an editor that uses Apple's Cocoa API (to avoid violating the rules) and can only be used
by people who buy expensive Mac hardware. Seems like a bit of an own goal.

QU10: "The project is open and honest about the quality of its code. Various levels of quality
and maturity for various modules are natural and acceptable as long as they are clearly communicated."

I would add to your comment that we've mentioned in the README which parts of the code are
mature (specifically the MS word support), and that we've mentioned additional immature/early
stage components that are in development but not but part of the release.

QU20: (your response) "For a library project like Corinthia, "secure software" is not a demand,
however "stable" software is in high demand."

I would argue that security is a priority, in the form of avoiding vulnerabilities. That is,
if a buffer overflow attack or similar exploit is found, this could have the usual serious
implications for applications using the Library, as we see on a regular basis for other libraries.

You could mention that we are developing a special-purpose domain-specific programming language
(Flat) in which to express much of the work Corinthia does, which will avoid entire classes
of bugs that are possible in C. So this will help a lot to reduce the chance of exploits.

QU30: "The project provides a well-documented channel to report security issues, along with
a documented way of responding to them."

Could we set up a dedicated email address which forwards to the private mailing list?

CO10: (your response) "Why is it "well known" a demand ? it is quite hard to be "well known"
when you are in a startup phase."

I think they just mean easily-identifiable - I would consider
to be sufficient for this requirement, though I agree it's worded badly. And how many people
need to know the address for it to be considered "well known" - I don't even know the address
of Maven or CouchDB, and would just use Goole for convenience (I could probably guess <project-name>
but google is easier).

I think the intention of this question is it's not something like

C050 (your reponse) - I agree with this and it should be clarified (even if it's "the policy
decides on a policy, possibly with approval from IPMC")

CS10 (your response): "Why would the project maintain a public list ? this is done at ASF
level (people.a.o)"

I agree it isn't stricly necessary, but I see no harm in doing this on the website or wiki
for convienient access.

CS30 (your response): "We believed using standard ASF rules was enough, but when 2 directors
and 3 foundation members cannot agree on how a PPMC vote works, then there is a need for local
rules (or even better correct the ASF wide rules)"

A very good point indeed :)

CS40: "In Apache projects, vetoes are only valid for code commits and are justified by a technical
explanation, as per the Apache voting rules defined in CS30."

Well, this is interesting...

Dr Peter M. Kelly

PGP key: <>
(fingerprint 5435 6718 59F0 DD1F BFA0 5E46 2523 BAA1 44AE 2966)

> On 9 Aug 2015, at 11:20 pm, jan i <> wrote:
> Hi.
> I just spent a few hours having fun.
> I made a wiki page, with the maturity model
> Actually quite an interesting job. Please have a look at my responses, and
> let us see where we
> end up.
> I found some of the questions, directly wrong or at the very least
> misleading. I also lacked some questions about how the community is
> actually doing.
> My intention is to see your reactions (and incorporate that), and then
> start a new discussion on general@ because if this is something podlings
> should  fill up, some of the questions need to
> be changed or better documented.
> rgds
> jan i.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message