You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: finish the last two todos in the maturity doc (#801)
* docs: finish the last two todos in the maturity doc
* docs: add the link to the release doc
---------
Co-authored-by: Startrekzky <[email protected]>
Copy file name to clipboardExpand all lines: community/maturity.md
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -45,15 +45,16 @@ The following table is filled according to the [Apache Maturity Model](https://c
45
45
|**RE20**| The project's PPMC (Project Management Committee, see CS10) approves each software release in order to make the release an act of the Foundation. |**YES** All releases have been voted on by the PPMC on [email protected] and [email protected] with at least 3 PPMC member votes. |
46
46
|**RE30**| Releases are signed and/or distributed along with digests that anyone can reliably use to validate the downloaded archives. |**YES** All releases are cryptographically signed and include SHA-512 checksums. The [KEYS](https://dist.apache.org/repos/dist/release/incubator/devlake/KEYS) file is available. |
47
47
|**RE40**| The project can distribute convenience binaries alongside source code, but they are not Apache Releases, they are provided with no guarantee. |**YES** Docker images and other convenience binaries are provided but clearly marked as convenience distributions, not official Apache releases. |
48
-
|**RE50**| The project documents a repeatable release process so that someone new to the project can independently generate the complete set of artifacts required for a release. |**TODO**Need to check with community members where the release process documentation is located. |
48
+
|**RE50**| The project documents a repeatable release process so that someone new to the project can independently generate the complete set of artifacts required for a release. |**YES**The documentation of the release process can be found on [our website](https://devlake.apache.org/docs/DeveloperManuals/Release-SOP/#asf-release-policy). |
|**QU10**| The project is open and honest about the quality of its code. Various levels of quality and maturity for various modules are natural and acceptable as long as they are clearly communicated. |**YES** The project encourages users to [report issues](https://github.com/apache/incubator-devlake/issues) and maintains transparent communication about known limitations. |
55
55
|**QU20**| The project puts a very high priority on producing secure software. |**YES** Security issues are addressed promptly with a dedicated security response process. |
56
-
|**QU30**| The project provides a well-documented, secure and private channel to report security issues, along with a documented way of responding to them. |**TODO** Need to create security reporting documentation and establish [email protected] or similar reporting channel. |
56
+
| **QU30** | The project provides a well-documented, secure and private channel to report security issues, along with a documented way of responding to them. | **YES** When users open a new issue on the project’s GitHub repository, they are prompted with a “Report a security vulnerability” option that directs them to follow the Apache Software Foundation’s standard security disclosure process.
57
+
|
57
58
|**QU40**| The project puts a high priority on backwards compatibility and aims to document any incompatible changes and provide tools and documentation to help users transition to new features. |**YES** The project follows semantic versioning and provides migration guides for breaking changes, with clear documentation of API changes between versions. |
58
59
|**QU50**| The project strives to respond to documented bug reports in a timely manner. |**YES** The project maintains active issue tracking and has resolved 3400+ issues and 4900+ pull requests with prompt response. |
59
60
@@ -73,7 +74,7 @@ The following table is filled according to the [Apache Maturity Model](https://c
|**CS10**| The project maintains a public list of its contributors who have decision power. The project's PPMC (Project Management Committee) consists of those contributors. |**YES** The project maintains a public list of [PPMC members and committers](https://devlake.apache.org/team) on the website. **TODO:** Verify this page is up to date. |
77
+
|**CS10**| The project maintains a public list of its contributors who have decision power. The project's PPMC (Project Management Committee) consists of those contributors. |**YES** The project maintains a public list of [PPMC members and committers](https://devlake.apache.org/team) on the website. |
77
78
|**CS20**| Decisions require a consensus among PPMC members and are documented on the project's main communications channel. The PPMC takes community opinions into account, but the PPMC has the final word. |**YES** All decisions are made through votes on [email protected] with proper documentation and at least 3 +1 votes from PPMC members. |
78
79
|**CS30**| The project uses documented voting rules to build consensus when discussion is not sufficient. |**YES** The project follows standard Apache Software Foundation voting rules and procedures. |
79
80
|**CS40**| In Apache projects, vetoes are only valid for code commits. The person exercising the veto must justify it with a technical explanation, as per the Apache voting rules defined in CS30. |**YES** The project follows Apache voting rules where vetoes are only valid for code commits and must be technically justified. |
0 commit comments