...
Code | Description | Status | Comments |
---|---|---|---|
CD10 | The project produces Open Source software, for distribution to the public at no charge. | Available from download page with Apache license version 2.0 | |
CD20 | The project's code is easily discoverable and publicly accessible. | Code can be found from the website in CD10 Code is hosted publicly on github https://github.com/apache/incubator-hudi | |
CD30 | The code can be built in a reproducible way using widely available standard tools. | Maven build process documented in README.md | |
CD40 | The full history of the project's code is available via a source code control system, | The source history is available here and releases are tagged. | |
CD50 | The provenance of each line of code is established via the source code control system, in a reliable way based on strong authentication of the committer. When third-party contributions are committed, commit messages to provide reliable information about the code provenance. | Only project committers have access to merge code contributions. Commit messages clearly detail the author & committer for each contribution, including 3rd party contributors. Code contributions and commit process documented |
...
Code | Description | Status | Comments |
---|---|---|---|
RE10 | Releases consist of source code, distributed using standard and open archive formats that are expected to stay readable in the long term. | See http://hudi.apache.org/releases.html, which distributes code as gzipped tarball archive | |
RE20 | Releases are approved by the project's PMC (see CS10), in order to make them an act of the Foundation. | Yes, all releases so far have gone through PPMC's vetting and approvals. | |
RE30 | Releases are signed and/or distributed along with digests that can be reliably used to validate the downloaded archives. | Yes | |
RE40 | Convenience binaries can be distributed alongside source code but they are not Apache Releases -- they are just a convenience provided with no guarantee. | Yes | |
RE50 | The release process is documented and repeatable to the extent that someone new to the project is able to independently generate the complete set of artifacts required for a release. | See Release Manager's Guide |
...
Code | Description | Status | Comments |
---|---|---|---|
QU10 | The project is open and honest about the quality of its code. Various levels of quality and maturity for various modules are natural and acceptable as long as they are clearly communicated | Known issues are tracked in JIRA for public viewing - HUDI Jira | |
QU20 | The project puts a very high priority on producing secure software. | YES. Security issues are treated with the highest priority, according to the CVE/Security Advisory procedure. | |
QU30 | The project provides a well-documented channel to report security issues, along with a documented way of responding to them.TODO: Add | Reporting security issues on the project has been documented at Reporting Security Issues a page to the website with this information. Suggestion: Issues should be reported to the ppmc,(pmc once we graduate) and a pubic JIRA created when a resolution is available. | |
QU40 | The project puts a high priority on backward compatibility and aims to document any incompatible changes and provide tools and documentation to help users transition to new features. | Hudi provides documentation on our website and will take care to preserve backward compatibility and has thus far announced any breaking/important changes in behavior, that are necessary because of security or other concerns. Project will continue to uphold this. | |
QU50 | The project strives to respond to documented bug reports in a timely manner. | That is the goal and the results so far have generally been good. 390+ issues closed since start of incubation. |
...