incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <>
Subject Re: Podlings & Apache Project Maturity Model (was RE: [DISCUSS] Graduate Apache RocketMQ from podling to TLP)
Date Fri, 25 Aug 2017 19:40:33 GMT
Hi -

I think that the model is a good measure and the development of it was an excellent example
of the group dynamic in using a wiki. It is a list of best practices. If a podling goes through
the process then we ought to treat it as a fair effort.

I think that it would be worth applying a similar wiki based discussion to review the state
of Podling intake and graduation check lists. I know your working on that and I would like
to help when we bring Daffodil in.

You bring up security reporting for Hadoop. A discussion of security requirements with the
security team should be done, but not here because the examples I have are private. The problem
is that (P)PMC and PMC need to monitor security issues with releases but under the current
plan they often have only a few PMC members paying attention. This can lead to trouble with
PMC oversight issues.

The ASF gives projects substantial freedom, but in return there are norms around (in no particular
- Foundation links.
- Branding
- Fundraising
- Legal
- Security
- Infra
- Community

This is a lot to absorb and learn.


> On Aug 25, 2017, at 12:11 PM, John D. Ament <> wrote:
> (changing subjects to avoid confusion in RocketMQ's discussion)
> I've been pretty explicit about my disdain in the past over the use of the
> Apache Project Maturity Model.  The model describes an ideal world that all
> projects should strive for, but I would be surprised if many projects
> passed it.
> Its unfair for us to put some stake in the ground expecting podlings to
> match up 100% on the questions.  Many of the questions are subjective - is
> the code easy to discover? respond to bug reports in a timely manner?
> My take is that if a podling can answer 1 question per section correctly,
> and there's some validity to the answer (e.g. the IN section requires a
> polygraph test) then they're on their way.  For instance, figuring out how
> to report a security issue around Apache Hadoop leads me to vendor websites
> first, the first match is on the second page.  This creates
> violations in the CO, QU, and IN categories.
> John
> On Thu, Aug 24, 2017 at 3:30 PM Bertrand Delacretaz <
>> wrote:
>> On Thu, Aug 24, 2017 at 1:06 PM, John D. Ament <>
>> wrote:
>>> ...please understand that the Apache Maturity Model is something that
>>> helps the com dev team evaluate TLPs against.  Its relevance to a
>>> graduating podling is extremely small...
>> FWIW, I disagree...I think the maturity model is a great tool to help
>> discover areas that podlings might have neglected in their work
>> towards graduation.
>> It's not THE single tool to evaluate TLP readiness, but I wouldn't
>> qualify its relevance as "extremely small".
>> (John - maybe we agree on the core, but I just reread the model and love
>> it ;-)
>> -Bertrand
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:

View raw message