corinthia-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jan i <>
Subject Re: ASF maturity model.
Date Sun, 09 Aug 2015 17:05:54 GMT
WOW, thanks for a lot of comments, I will later try to integrate your
comments with mine, and then hope we are both "happy".

Thanks for taking time.

As I think you noticed, this will be basis of a new voting discussion in
Incubator. And also to get some of the wording made more precise.

jan I.

On 9 August 2015 at 18:46, Peter Kelly <> wrote:

> Here are my thoughts on the questions/responses:
> CD20: "The project's code is easily discoverable and publicly accessible."
> Perhaps provide a link to the repository as evidence
> LC30: (your comment) "The definition of libraries seems to be missing,
> when developing for e.g. MS-Windows or OS-X all kind of closed source
> libraries are part of the linking (at least in the C/C++ world). Is library
> only a loose term for something installed extra on the target platform, and
> the builtin libraries do not count ?"
> Although the intention (as I understand it) of preventing projects from
> requiring LGPL licenses makes sense, in practice it has the effect of
> encouraging projects to rely instead on APIs that are provided only by
> proprietary operatings systems. For example instead of using Qt and having
> an editor which everyone can use, it may be that we end up (for example)
> distributing an editor that uses Apple's Cocoa API (to avoid violating the
> rules) and can only be used by people who buy expensive Mac hardware. Seems
> like a bit of an own goal.
> QU10: "The project is open and honest about the quality of its code.
> Various levels of quality and maturity for various modules are natural and
> acceptable as long as they are clearly communicated."
> I would add to your comment that we've mentioned in the README which parts
> of the code are mature (specifically the MS word support), and that we've
> mentioned additional immature/early stage components that are in
> development but not but part of the release.
> QU20: (your response) "For a library project like Corinthia, "secure
> software" is not a demand, however "stable" software is in high demand."
> I would argue that security is a priority, in the form of avoiding
> vulnerabilities. That is, if a buffer overflow attack or similar exploit is
> found, this could have the usual serious implications for applications
> using the Library, as we see on a regular basis for other libraries.
> You could mention that we are developing a special-purpose domain-specific
> programming language (Flat) in which to express much of the work Corinthia
> does, which will avoid entire classes of bugs that are possible in C. So
> this will help a lot to reduce the chance of exploits.
> QU30: "The project provides a well-documented channel to report security
> issues, along with a documented way of responding to them."
> Could we set up a dedicated email address which forwards to the private
> mailing list?
> CO10: (your response) "Why is it "well known" a demand ? it is quite hard
> to be "well known" when you are in a startup phase."
> I think they just mean easily-identifiable - I would consider
> to be sufficient for this
> requirement, though I agree it's worded badly. And how many people need to
> know the address for it to be considered "well known" - I don't even know
> the address of Maven or CouchDB, and would just use Goole for convenience
> (I could probably guess <project-name> but google is easier).
> I think the intention of this question is it's not something like
> C050 (your reponse) - I agree with this and it should be clarified (even
> if it's "the policy decides on a policy, possibly with approval from IPMC")
> CS10 (your response): "Why would the project maintain a public list ? this
> is done at ASF level (people.a.o)"
> I agree it isn't stricly necessary, but I see no harm in doing this on the
> website or wiki for convienient access.
> CS30 (your response): "We believed using standard ASF rules was enough,
> but when 2 directors and 3 foundation members cannot agree on how a PPMC
> vote works, then there is a need for local rules (or even better correct
> the ASF wide rules)"
> A very good point indeed :)
> CS40: "In Apache projects, vetoes are only valid for code commits and are
> justified by a technical explanation, as per the Apache voting rules
> defined in CS30."
> Well, this is interesting...
> —
> Dr Peter M. Kelly
> PGP key: <>
> (fingerprint 5435 6718 59F0 DD1F BFA0 5E46 2523 BAA1 44AE 2966)
> > On 9 Aug 2015, at 11:20 pm, jan i <> wrote:
> >
> > Hi.
> >
> > I just spent a few hours having fun.
> >
> > I made a wiki page, with the maturity model
> >
> >
> > Actually quite an interesting job. Please have a look at my responses,
> and
> > let us see where we
> > end up.
> >
> > I found some of the questions, directly wrong or at the very least
> > misleading. I also lacked some questions about how the community is
> > actually doing.
> >
> > My intention is to see your reactions (and incorporate that), and then
> > start a new discussion on general@ because if this is something podlings
> > should  fill up, some of the questions need to
> > be changed or better documented.
> >
> > rgds
> > jan i.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message