Reference: http://community.apache.org/apache-way/apache-project-maturity-model.html
The maturity model is something being discussed quite a lot during the last year, especially among members of the foundation, but also on the community list.
It is expected this model, will become a type of measurement as we move along. Lately it has been discussed to use it on podlings.
Disclaimer: currently the answers are the work of one person, and may or may not reflect the opinion of the whole PPMC.
Code
CD10
| Question | Answer |
|---|
| The project produces Open Source software, for distribution to the public at no charge. | This is true for every apache project, including all podlings. Corinthia uses the standard apache distribution methods. Some developers might choose to make a payable package based on Corinthia (e.g. convenience binaries), but Corinthia source will always be available at no charge. |
CD20
| Question | Answer |
|---|
| The project's code is easily discoverable and publicly accessible. | The Corinthia source (both releases and work in progress) are available on git. Furthermore the releases are available on on the apache mirror network. |
CD30
| Question | Answer |
|---|
| The code can be built in a reproducible way using widely available standard tools. | Corinthia is tested on different platforms, each platform is tested with one toolchain. For some platforms closed source tools are used (Xcode for OS-X, Microsoft visual studo 2013 for ms-windows) other use open source tools (GCC for linux). Corinthia is being developed according to the C99 standard, and are therefore easy useable on a wide variety of C compilers. |
CD40
| Question | Answer |
|---|
| The full history of the project's code is available via a source code control system, in a way that allows any released version to be recreated. | Git secures that the history is available. Corinthia uses a branch "Release_x.y" for every release, in order to facilitate easy recreation and bug fixing. |
CD50
| Question | Answer |
|---|
| The provenance of each line of code is established via the source code control system, in a reliable way based on strong authentication of the committer. When third-party contributions are committed, commit messages provide reliable information about the code provenance. | When a patch is delivered as a git patch it automatically contains the name of the contributor, otherwise it is the responsibility of the committer to add the name in the log message. |
Licenses and Copyright
LC10
| Question | Answer |
|---|
| The code is released under the Apache License, version 2.0. | yes |
LC20
| Question | Answer |
|---|
| Libraries that are mandatory dependencies of the project's code do not create more restrictions than the Apache License does. | ? |
We have many times been told that ALv2 is more open than any other FOSS license, so using any other FOSS license must give more restrictions. Looking at the licenses which are legal to use seems (without being a lawyer) to impose restrictions.
Which licenses exact to not "create more restrictions", it is surely less than the category A set.
LC30
| Question | Answer |
|---|
| The libraries mentioned in LC20 are available as Open Source software. | no not all |
The definition of libraries seems to be missing, when developing for e.g. MS-Windows or OS-X all kind of closed source libraries are part of the linking (at least in the C/C++ world). Is library only a loose term for something installed extra on the target platform, and the builtin libraries do not count ?
LC40
| Question | Answer |
|---|
| Committers are bound by an Individual Contributor Agreement (the "Apache iCLA") that defines which code they are allowed to commit and how they need to identify code that is not their own. | yes |
LC50
| Question | Answer |
|---|
| The copyright ownership of everything that the project produces is clearly defined and documented. | It is documented as part of the standard ASF documentation |
Does a project really have to define copyright on top of the Apache definition ?
Releases
RE10
| Question | Answer |
|---|
| Releases consist of source code, distributed using standard and open archive formats that are expected to stay readable in the long term. | Corthhia uses standard ASF methods |
RE20
| Question | Answer |
|---|
| Releases are approved by the project's PMC (see CS10), in order to make them an act of the Foundation. | Actually no |
In case of a podling, the release must be approved by the IPMC, and I assume that is what makes them an act of the foundation. The PPMC approval is currently only a recommendation for the IPMC.
RE30
| Question | Answer |
|---|
| Releases are signed and/or distributed along with digests that can be reliably used to validate the downloaded archives. | yes |
RE40
| Question | Answer |
|---|
| Convenience binaries can be distributed alongside source code but they are not Apache Releases -- they are just a convenience provided with no guarantee. | Corinthia has several convenience binaries, currently on people.a.o |
Quality
QU10
| Question | Answer |
|---|
| The project is open and honest about the quality of its code. Various levels of quality and maturity for various modules are natural and acceptable as long as they are clearly communicated. | Corinthia welcomes bug reports, and make a serious effort to solve those. |
QU20
| Question | Answer |
|---|
| The project puts a very high priority on producing secure software. | no |
For a library project like Corinthia, "secure software" is not a demand, however "stable" software is in high demand.
QU30
| Question | Answer |
|---|
| The project provides a well-documented channel to report security issues, along with a documented way of responding to them. | We need to work on this, having JIRA is not enough |
QU40
| Question | Answer |
|---|
| The project puts a high priority on backwards compatibility and aims to document any incompatible changes and provide tools and documentation to help users transition to new features. | no |
For a project that are releasing version 0.1 of a library backwards compatibility is not a issue.
QU50
| Question | Answer |
|---|
| The project strives to respond to documented bug reports in a timely manner. | yes (we need to be better) |
CO10
| Question | Answer |
|---|
| The project has a well-known homepage that points to all the information required to operate according to this maturity model. | no |
Why is it "well known" a demand ? it is quite hard to be "well known" when you are in a startup phase.
CO20
| Question | Answer |
|---|
| The community welcomes contributions from anyone who acts in good faith and in a respectful manner and adds value to the project. | yes |
CO30
| Question | Answer |
|---|
| Contributions include not only source code, but also documentation, constructive bug reports, constructive discussions, marketing and generally anything that adds value to the project. | yes |
CO40
| Question | Answer |
|---|
| The community is meritocratic and over time aims to give more rights and responsibilities to contributors who add value to the project. | yes |
CO50
| Question | Answer |
|---|
| The way in which contributors can be granted more rights such as commit access or decision power is clearly documented and is the same for all contributors. | no |
Corinthia aimed at using the standard ASF documentation, but it seems this documentation can be read quite differently (see C060).
CO60
| Question | Answer |
|---|
| The community operates based on consensus of its members (see CS10) who have decision power. Dictators, benevolent or not, are not welcome in Apache projects. | yes |
However depending on the voting rules, a single person who have a firm opinion can easy block progress. We had a discussion about voting rules for new PPMC members. One mentor (and one director) told the rule are min. 3 +1 and NO -1. Two mentors (and one director) told us -1 cannot block, but should be discussed. This is also an example where it seems that the ASF rules are vague.
CO70
| Question | Answer |
|---|
| The project strives to answer user questions in a timely manner. | yes |
Consensus Building
CS10
| Question | Answer |
|---|
| The project maintains a public list of its contributors who have decision power -- the project's PMC (Project Management Committee) consists of those contributors. | no |
Why would the project maintain a public list ? this is done at ASF level (people.a.o)
CS20
| Question | Answer |
|---|
| Decisions are made by consensus among PMC members and are documented on the project's main communications channel. Community opinions are taken into account but the PMC has the final word if needed. | yes |
CS30
| Question | Answer |
|---|
| Documented voting rules are used to build consensus when discussion is not sufficient. | No |
We believed using standard ASF rules was enough, but when 2 directors and 3 foundation members cannot agree on how a PPMC vote works, then there is a need for local rules (or even better correct the ASF wide rules)
CS40
| Question | Answer |
|---|
| In Apache projects, vetoes are only valid for code commits and are justified by a technical explanation, as per the Apache voting rules defined in CS30. | ? |
Look at our ML there it was clearly told that it is 3 +1 and NO -1 for voting PPMC, that is a veto or not ?
CS50
| Question | Answer |
|---|
| All "important" discussions happen asynchronously in written form on the project's main communications channel. Offline, face-to-face or private discussions that affect the project are also documented on that channel. | yes |
Independence
IN10
| Question | Answer |
|---|
| The project is independent from any corporate or organizational influence. | yes |
IN20
| Question | Answer |
|---|
| Contributors act as themselves as opposed to representatives of a coporation or organization. | yes |