Skip to content

docs: finish the last two todos in the maturity doc #801

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
d4x1 merged 2 commits into from
Jul 28, 2025
Merged

docs: finish the last two todos in the maturity doc #801

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ef88e42
docs: finish the last two todos in the maturity doc
merico-devlake Jul 25, 2025
d022a40
docs: add the link to the release doc
merico-devlake Jul 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions community/maturity.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,15 +45,16 @@ The following table is filled according to the [Apache Maturity Model](https://c
| **RE20** | The project's PPMC (Project Management Committee, see CS10) approves each software release in order to make the release an act of the Foundation. | **YES** All releases have been voted on by the PPMC on dev@devlake.apache.org and general@incubator.apache.org with at least 3 PPMC member votes. |
| **RE30** | Releases are signed and/or distributed along with digests that anyone can reliably use to validate the downloaded archives. | **YES** All releases are cryptographically signed and include SHA-512 checksums. The [KEYS](https://dist.apache.org/repos/dist/release/incubator/devlake/KEYS) file is available. |
| **RE40** | The project can distribute convenience binaries alongside source code, but they are not Apache Releases, they are provided with no guarantee. | **YES** Docker images and other convenience binaries are provided but clearly marked as convenience distributions, not official Apache releases. |
| **RE50** | The project documents a repeatable release process so that someone new to the project can independently generate the complete set of artifacts required for a release. | **TODO** Need to check with community members where the release process documentation is located. |
| **RE50** | The project documents a repeatable release process so that someone new to the project can independently generate the complete set of artifacts required for a release. | **YES** The documentation of the release process can be found on [our website](https://devlake.apache.org/docs/DeveloperManuals/Release-SOP/#asf-release-policy). |

### Quality

| **ID** | **Description** | **Status** |
| -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **QU10** | The project is open and honest about the quality of its code. Various levels of quality and maturity for various modules are natural and acceptable as long as they are clearly communicated. | **YES** The project encourages users to [report issues](https://github.com/apache/incubator-devlake/issues) and maintains transparent communication about known limitations. |
| **QU20** | The project puts a very high priority on producing secure software. | **YES** Security issues are addressed promptly with a dedicated security response process. |
| **QU30** | The project provides a well-documented, secure and private channel to report security issues, along with a documented way of responding to them. | **TODO** Need to create security reporting documentation and establish security@devlake.apache.org or similar reporting channel. |
| **QU30** | The project provides a well-documented, secure and private channel to report security issues, along with a documented way of responding to them. | **YES** When users open a new issue on the project’s GitHub repository, they are prompted with a “Report a security vulnerability” option that directs them to follow the Apache Software Foundation’s standard security disclosure process.
|
| **QU40** | The project puts a high priority on backwards compatibility and aims to document any incompatible changes and provide tools and documentation to help users transition to new features. | **YES** The project follows semantic versioning and provides migration guides for breaking changes, with clear documentation of API changes between versions. |
| **QU50** | The project strives to respond to documented bug reports in a timely manner. | **YES** The project maintains active issue tracking and has resolved 3400+ issues and 4900+ pull requests with prompt response. |

Expand All @@ -73,7 +74,7 @@ The following table is filled according to the [Apache Maturity Model](https://c

| **ID** | **Description** | **Status** |
| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
| **CS10** | The project maintains a public list of its contributors who have decision power. The project's PPMC (Project Management Committee) consists of those contributors. | **YES** The project maintains a public list of [PPMC members and committers](https://devlake.apache.org/team) on the website. **TODO:** Verify this page is up to date. |
| **CS10** | The project maintains a public list of its contributors who have decision power. The project's PPMC (Project Management Committee) consists of those contributors. | **YES** The project maintains a public list of [PPMC members and committers](https://devlake.apache.org/team) on the website. |
| **CS20** | Decisions require a consensus among PPMC members and are documented on the project's main communications channel. The PPMC takes community opinions into account, but the PPMC has the final word. | **YES** All decisions are made through votes on dev@devlake.apache.org with proper documentation and at least 3 +1 votes from PPMC members. |
| **CS30** | The project uses documented voting rules to build consensus when discussion is not sufficient. | **YES** The project follows standard Apache Software Foundation voting rules and procedures. |
| **CS40** | In Apache projects, vetoes are only valid for code commits. The person exercising the veto must justify it with a technical explanation, as per the Apache voting rules defined in CS30. | **YES** The project follows Apache voting rules where vetoes are only valid for code commits and must be technically justified. |
Expand Down