|
| 1 | +--- |
| 2 | +title: Maturity |
| 3 | +sidebar_position: 6 |
| 4 | +--- |
| 5 | + |
| 6 | +# Maturity Assessment for Apache DevLake™ |
| 7 | + |
| 8 | +The goals of this maturity model are to describe how Apache projects operate in a concise and high-level way, and to provide a basic framework that projects may choose to use to evaluate themselves. |
| 9 | + |
| 10 | +More details can be found [here](https://community.apache.org/apache-way/apache-project-maturity-model.html). |
| 11 | + |
| 12 | +## Status of this assessment |
| 13 | + |
| 14 | +This assessment is being evaluated during DevLake's graduation from Apache Incubator to a top-level Apache project. |
| 15 | + |
| 16 | +## Maturity model assessment |
| 17 | + |
| 18 | +The following table is filled according to the [Apache Maturity Model](https://community.apache.org/apache-way/apache-project-maturity-model.html). Mentors and community members are welcome to comment and modify it. |
| 19 | + |
| 20 | +### CODE |
| 21 | + |
| 22 | +| **ID** | **Description** | **Status** | |
| 23 | +| -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
| 24 | +| **CD10** | The project produces Open Source software for distribution to the public, at no charge. | **YES** The project source code is licensed under the Apache License 2.0. | |
| 25 | +| **CD20** | Anyone can easily discover and access the project's code. | **YES** The [official website](https://devlake.apache.org/) includes GitHub link which can access the project's repository on GitHub directly. | |
| 26 | +| **CD30** | Anyone using standard, widely-available tools, can build the code in a reproducible way. | **YES** Apache DevLake provides comprehensive [development setup documentation](https://devlake.apache.org/docs/DeveloperManuals/DeveloperSetup) with detailed build instructions. | |
| 27 | +| **CD40** | The full history of the project's code is available via a source code control system, in a way that allows anyone to recreate any released version. | **YES** The project uses Git and is hosted on GitHub, allowing anyone to view the full history and recreate any released version via commit logs and tags. | |
| 28 | +| **CD50** | The source code control system establishes the provenance of each line of code in a reliable way, based on strong authentication of the committer. When third parties contribute code, commit messages provide reliable information about the code provenance. | **YES** The project uses GitHub managed by Apache Infra, ensuring provenance of each line of code. Third-party contributions are accepted through pull requests with proper attribution and review processes. | |
| 29 | + |
| 30 | +### LICENSE |
| 31 | + |
| 32 | +| **ID** | **Description** | **Status** | |
| 33 | +| -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
| 34 | +| **LC10** | The Apache License, version 2.0, covers the released code. | **YES** The [LICENSE](https://github.com/apache/incubator-devlake/blob/main/LICENSE) file is present in the repository and all source files include the Apache License 2.0 header. | |
| 35 | +| **LC20** | Libraries that are mandatory dependencies of the project's code do not create more restrictions than the Apache License does. | **YES** All dependencies have been reviewed and are compatible with Apache License 2.0 requirements. | |
| 36 | +| **LC30** | The libraries mentioned in LC20 are available as Open Source software. | **YES** All mandatory dependencies are available as Open Source software with compatible licenses. | |
| 37 | +| **LC40** | Committers are bound by an Individual Contributor Agreement (the "Apache iCLA") that defines which code they may commit and how they need to identify code that is not their own. | **YES** All committers have signed Apache iCLAs as required by Apache Software Foundation policies. | |
| 38 | +| **LC50** | The project clearly defines and documents the copyright ownership of everything that the project produces. | **YES** All source files include proper Apache License 2.0 headers with copyright notices. | |
| 39 | + |
| 40 | +### Releases |
| 41 | + |
| 42 | +| **ID** | **Description** | **Status** | |
| 43 | +| -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
| 44 | +| **RE10** | Releases consist of source code, distributed using standard and open archive formats that are expected to stay readable in the long term. | **YES** Source releases are distributed via [dist.apache.org](https://dist.apache.org/repos/dist/release/incubator/devlake/) in standard tar.gz format. | |
| 45 | +| **RE20 ** | The project's PPMC (Project Management Committee, see CS10) approves each software release in order to make the release an act of the Foundation. | **YES ** All releases have been voted on by the PPMC on [email protected] and [email protected] with at least 3 PPMC member votes. | |
| 46 | +| **RE30** | Releases are signed and/or distributed along with digests that anyone can reliably use to validate the downloaded archives. | **YES** All releases are cryptographically signed and include SHA-512 checksums. The [KEYS](https://dist.apache.org/repos/dist/release/incubator/devlake/KEYS) file is available. | |
| 47 | +| **RE40** | The project can distribute convenience binaries alongside source code, but they are not Apache Releases, they are provided with no guarantee. | **YES** Docker images and other convenience binaries are provided but clearly marked as convenience distributions, not official Apache releases. | |
| 48 | +| **RE50** | The project documents a repeatable release process so that someone new to the project can independently generate the complete set of artifacts required for a release. | **TODO** Need to check with community members where the release process documentation is located. | |
| 49 | + |
| 50 | +### Quality |
| 51 | + |
| 52 | +| **ID** | **Description** | **Status** | |
| 53 | +| -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
| 54 | +| **QU10** | The project is open and honest about the quality of its code. Various levels of quality and maturity for various modules are natural and acceptable as long as they are clearly communicated. | **YES** The project encourages users to [report issues](https://github.com/apache/incubator-devlake/issues) and maintains transparent communication about known limitations. | |
| 55 | +| **QU20** | The project puts a very high priority on producing secure software. | **YES** Security issues are addressed promptly with a dedicated security response process. | |
| 56 | +| **QU30 ** | The project provides a well-documented, secure and private channel to report security issues, along with a documented way of responding to them. | **TODO ** Need to create security reporting documentation and establish [email protected] or similar reporting channel. | |
| 57 | +| **QU40** | The project puts a high priority on backwards compatibility and aims to document any incompatible changes and provide tools and documentation to help users transition to new features. | **YES** The project follows semantic versioning and provides migration guides for breaking changes, with clear documentation of API changes between versions. | |
| 58 | +| **QU50** | The project strives to respond to documented bug reports in a timely manner. | **YES** The project maintains active issue tracking and has resolved 3400+ issues and 4900+ pull requests with prompt response. | |
| 59 | + |
| 60 | +### Community |
| 61 | + |
| 62 | +| **ID** | **Description** | **Status** | |
| 63 | +| -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
| 64 | +| **CO10** | The project has a well-known homepage that points to all the information required to operate according to this maturity model. | **YES** The [official website](https://devlake.apache.org/) provides comprehensive information including documentation, community guidelines, and development resources. | |
| 65 | +| **CO20** | The community welcomes contributions from anyone who acts in good faith and in a respectful manner, and who adds value to the project. | **YES** The project provides detailed [contributing guidelines](https://devlake.apache.org/community/) and maintains a welcoming environment for all contributors. | |
| 66 | +| **CO30** | Contributions include source code, documentation, constructive bug reports, constructive discussions, marketing and generally anything that adds value to the project. | **YES** The community welcomes all forms of contributions including code, documentation, testing, bug reports, and community engagement. | |
| 67 | +| **CO40** | The community strives to be meritocratic and gives more rights and responsibilities to contributors who, over time, add value to the project. | **YES** The community has elected 14 PPMC members and 12 committers based on their contributions and merit. | |
| 68 | +| **CO50** | The project documents how contributors can earn more rights such as commit access or decision power, and applies these principles consistently. | **YES** The project has clear documentation on the [contributor growth program](https://devlake.apache.org/community/MakingContributions/contributor-growth-program) and promotion processes. | |
| 69 | +| **CO60** | The community operates based on consensus of its members (see CS10) who have decision power. Dictators, benevolent or not, are not welcome in Apache projects. | **YES** All major decisions are made through community consensus and voting processes on the mailing list. | |
| 70 | +| **CO70 ** | The project strives to answer user questions in a timely manner. | **YES ** The project uses [email protected], [GitHub issues ](https://github.com/apache/incubator-devlake/issues), and community channels to provide timely support to users. | |
| 71 | + |
| 72 | +### Consensus |
| 73 | + |
| 74 | +| **ID** | **Description** | **Status** | |
| 75 | +| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | |
| 76 | +| **CS10** | The project maintains a public list of its contributors who have decision power. The project's PPMC (Project Management Committee) consists of those contributors. | **YES** The project maintains a public list of [PPMC members and committers](https://devlake.apache.org/team) on the website. **TODO:** Verify this page is up to date. | |
| 77 | +| **CS20 ** | Decisions require a consensus among PPMC members and are documented on the project's main communications channel. The PPMC takes community opinions into account, but the PPMC has the final word. | **YES ** All decisions are made through votes on [email protected] with proper documentation and at least 3 +1 votes from PPMC members. | |
| 78 | +| **CS30** | The project uses documented voting rules to build consensus when discussion is not sufficient. | **YES** The project follows standard Apache Software Foundation voting rules and procedures. | |
| 79 | +| **CS40** | In Apache projects, vetoes are only valid for code commits. The person exercising the veto must justify it with a technical explanation, as per the Apache voting rules defined in CS30. | **YES** The project follows Apache voting rules where vetoes are only valid for code commits and must be technically justified. | |
| 80 | +| **CS50** | All "important" discussions happen asynchronously in written form on the project's main communications channel. Offline, face-to-face or private discussions that affect the project are also documented on that channel. | **YES** All important discussions and decisions are documented on the mailing list in written form. | |
| 81 | + |
| 82 | +### Independence |
| 83 | + |
| 84 | +| **ID** | **Description** | **Status** | |
| 85 | +| -------- | ---------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | |
| 86 | +| **IN10** | The project is independent from any corporate or organizational influence. | **YES** The PPMC members and committers represent multiple organizations and companies, ensuring no single corporate influence dominates the project. | |
| 87 | +| **IN20** | Contributors act as themselves, not as representatives of a corporation or organization. | **YES** Contributors participate in the project as individuals, not as corporate representatives, following Apache Software Foundation principles. | |
0 commit comments