incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: Podlings & Apache Project Maturity Model (was RE: [DISCUSS] Graduate Apache RocketMQ from podling to TLP)
Date Fri, 25 Aug 2017 19:40:33 GMT
Hi -

I think that the model is a good measure and the development of it was an excellent example
of the group dynamic in using a wiki. It is a list of best practices. If a podling goes through
the process then we ought to treat it as a fair effort.

I think that it would be worth applying a similar wiki based discussion to review the state
of Podling intake and graduation check lists. I know your working on that and I would like
to help when we bring Daffodil in.

You bring up security reporting for Hadoop. A discussion of security requirements with the
security team should be done, but not here because the examples I have are private. The problem
is that (P)PMC and PMC need to monitor security issues with releases but under the current
plan they often have only a few PMC members paying attention. This can lead to trouble with
PMC oversight issues.

The ASF gives projects substantial freedom, but in return there are norms around (in no particular
order):
- Foundation links.
- Branding
- Fundraising
- Legal
- Security
- Infra
- Community

This is a lot to absorb and learn.

Regards,
Dave


> On Aug 25, 2017, at 12:11 PM, John D. Ament <johndament@apache.org> wrote:
> 
> (changing subjects to avoid confusion in RocketMQ's discussion)
> 
> I've been pretty explicit about my disdain in the past over the use of the
> Apache Project Maturity Model.  The model describes an ideal world that all
> projects should strive for, but I would be surprised if many projects
> passed it.
> 
> Its unfair for us to put some stake in the ground expecting podlings to
> match up 100% on the questions.  Many of the questions are subjective - is
> the code easy to discover? respond to bug reports in a timely manner?
> 
> My take is that if a podling can answer 1 question per section correctly,
> and there's some validity to the answer (e.g. the IN section requires a
> polygraph test) then they're on their way.  For instance, figuring out how
> to report a security issue around Apache Hadoop leads me to vendor websites
> first, the first apache.org match is on the second page.  This creates
> violations in the CO, QU, and IN categories.
> 
> John
> 
> On Thu, Aug 24, 2017 at 3:30 PM Bertrand Delacretaz <
> bdelacretaz@codeconsult.ch> wrote:
> 
>> On Thu, Aug 24, 2017 at 1:06 PM, John D. Ament <johndament@apache.org>
>> wrote:
>>> ...please understand that the Apache Maturity Model is something that
>>> helps the com dev team evaluate TLPs against.  Its relevance to a
>>> graduating podling is extremely small...
>> 
>> FWIW, I disagree...I think the maturity model is a great tool to help
>> discover areas that podlings might have neglected in their work
>> towards graduation.
>> 
>> It's not THE single tool to evaluate TLP readiness, but I wouldn't
>> qualify its relevance as "extremely small".
>> 
>> (John - maybe we agree on the core, but I just reread the model and love
>> it ;-)
>> 
>> -Bertrand
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>> 
>> 


Mime
View raw message