Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update incubating TI Gives+Gets to match lifecycle/templates #295

Merged
merged 3 commits into from
Apr 2, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 14 additions & 10 deletions process/TI-Gives+Gets.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Also note that benefits may actually vary based on resources and funds availabil
* TI must be aligned with the OpenSSF mission and either be a novel approach for existing areas or address an unfulfilled need. It is expected that the initial code needed for an OpenSSF WG to work be kept within their repository and will not function as a project in its own right. Should initial WG code grow and mature that it warrants its own Project status, then it is subject to Sandbox entry requirements. It is preferred that extensions of existing OpenSSF projects collaborate with the existing project rather than seek a new project.
* TI must maintain a diversified contributor base (i.e. not a single-vendor project). TI must have a minimum of two maintainers with different organization affiliations.
* WG must find a TAC sponsor that can help guide the WG through its sandbox stage.
* Project and or SIG must find an aligned WG to host the TI or must have a TAC sponsor that can help guide the TI through the sandbox stage.
* Project and SIG must find an aligned WG to host the TI or must have a TAC sponsor that can help guide the TI through the sandbox stage.
* TI agrees to follow the [Secure Software Development Guiding Principles](https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/SecureSoftwareGuidingPrinciples.md) and the [Open Source Consumption Manifesto](https://github.com/ossf/wg-endusers/tree/main/MANIFESTO).
* If contributing an existing Project to the OpenSSF, the contribution must undergo license and IP due diligence by the Linux Foundation (LF).
* Provides quarterly updates to the TAC on technical vision and progress on vision.
Expand All @@ -37,16 +37,20 @@ Also note that benefits may actually vary based on resources and funds availabil

### Gives/Requirements

All requirements of Sandbox must be fulfilled. PR filed to promote group to Incubating stage.
* Group has met no less than 5 times within the last calendar quarter
* Maintains a diversified contributor base (i.e. not a single-vendor project) with an active flow of contributions. Projects must have a minimum of three maintainers with a minimum of two different organization affiliations, and document the current list of maintainers.
* Projects must have defined a contributor guide, which makes it clear how and when contributors should be given increasing responsibilities towards maintainership of the project. (Example guides: Sigstore, AllStar)
* Projects should be able to show adoption by multiple parties and adoption's value to the open source community and/or end users (may include adoption of beta/early versions) with the intent to showcase wide adoption by the project's consumers.
All requirements of Sandbox must be fulfilled. PR filed to promote TI to Incubating stage.
* TI must have documented, initial group governance.
* Maintains a point of contact for vulnerability reports in the security.md
* Implements, practices, and refines mature software development and release practices such as following a version schema.
* TI follows security best practices (as recommended by the OpenSSF and others), including passing the OpenSSF Best Practices criteria, secret scanning, and code scanning.
* TIs that include code use Scorecards
* Maintains a diversified contributor base (i.e. not a single-vendor project) with an active flow of contributions, and documents the current list of maintainers:
* WG must have a minimum of five participants with a minimum of three different organization affiliations.
* Project and SIG must have a minimum of three contributors with a minimum of two different organization affiliations.
* WG and Project has met at least 5 times within the last calendar quarter since becoming Sandbox.
* SIG must have made substantial progress on a deliverable.
* Project must have defined a contributor guide, which makes it clear how and when contributors should be given increasing responsibilities towards maintainership of the project. (Example guides: Sigstore, AllStar)
* Project should be able to show adoption by multiple parties and adoption's value to the open source community and/or end users (may include adoption of beta/early versions) with the intent to showcase wide adoption by the project's consumers.
* TI that develops code:
* Implements, practices, and refines mature software development and release practices such as following a version schema.
* Follows security best practices (as recommended by the OpenSSF and others), including passing the OpenSSF Best Practices criteria, secret scanning, and code scanning.
* Maintains a point of contact for vulnerability reports in the security.md.
* Must use Scorecards.
* Begins to establish the appropriate governance that enables its sustainment for potential graduation.

### Gets/Benefits
Expand Down
3 changes: 2 additions & 1 deletion process/project-lifecycle.md
Original file line number Diff line number Diff line change
Expand Up @@ -89,10 +89,11 @@ Incubating projects represent maturing but not fully realized projects. Incubati

#### Incubation Entry Requirements and Considerations

All requirements of Sandbox must be fulfilled, plus:
* Projects must have a minimum of three maintainers with a minimum of two different organization affiliations, and document the current list of maintainers.
* Projects must have met at least 5 times within the last calendar quarter since becoming `Sandbox`.
* Projects must have defined a contributor guide, which makes it clear how and when contributors should be given increasing responsibilities towards maintainership of the project. (Example guides: [Sigstore](https://github.com/sigstore/community/blob/main/MEMBERSHIP.md), [AllStar](https://github.com/ossf/allstar/blob/main/contributor-ladder.md))
* Projects should be able to show adoption by multiple parties and adoption's value to the open source community and/or end users (may include adoption of beta/early versions) with the intent to showcase wide adoption by the project's consumers.
* Projects must be aligned with the OpenSSF mission _and_ either be a novel approach for existing areas or address an unfulfilled need. It is expected that the initial code or specification developed by an OpenSSF WG be kept within their repository and will not function as a Project in its own right. Should the initial WG code or specification grow and mature that it warrants its own Project status, then it is subject to Sandbox entry requirements. It is preferred that extensions of an existing OpenSSF project collaborate with the existing project rather than seek a new project.
* Projects must have documented, initial project governance.

#### Project Process: Sandbox to Incubation and direct entry to Incubation
Expand Down
8 changes: 6 additions & 2 deletions process/templates/PROJECT_NAME_incubation_stage.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,18 @@ The project should be able to show adoption by multiple parties and the adoption
* "description of adoption"

### Governance
Project must have met publicly at least 5 times
* Link to public meeting notes (or ideally recordings)
Project must have met publicly at least 5 times in the last quarter since becoming Sandbox
* Link to public meeting notes (or ideally recordings)

Projects must have documented, initial project governance
* "link to governance documents/Charter"

Project must have defined Contributor Guide
* "link to contributor guide"

Project has attained an OpenSSF Best Practice Badge at "passing" level
* "link to OpenSSF Badge"

Project is integrated into the OpenSSF Scorecard
* "link to Scorecard output"

Expand Down
8 changes: 3 additions & 5 deletions process/templates/SIG_NAME_incubating_stage.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
## Special Interest Group (SIG) incubation

The governing body must agree that the SIG has made substantial progress on a deliverable.
* Link to relevant documentation.
SIG has made substantial progress on a deliverable
* "link to deliverable in progress"

### SIG has met all Sandbox requirement
* "link to sandbox PR if exists"
Expand All @@ -13,12 +13,10 @@ The SIG must have a minimum of three contributors with a minimum of two differen
### Governance
SIG has defined group governance
* "link to charter or other document describe how group is managed"
SIG has made substantial progress on deliverable
* "link to deliverable in progress"


### SIG References
The SIG should provide a list of existing resources with links to the repository, and if available, website, a roadmap, demos and walkthroughs, and any other material to showcase the existing breadth, maturity, and direction of the SIG.

Reference | URL |
|---------------------|-----|
| Repo | |
Expand Down
13 changes: 7 additions & 6 deletions process/templates/WG_NAME_incubating_stage.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,25 +2,26 @@

### List WG Chair(s) and or Vice Chair
The WG must have a minimum of 1 Chair

* "name, affiliation, GitHub ID"


### Working Group (WG) has met all Sandbox requirement
* "link to sandbox PR if exists"

### List of regular contributors
The WG must have a minimum of 5 contributors from at least 3 different organizations attending regularly.
* "name, affiliation, GitHub ID"


### Mission of the Working Group
The WG must have a charter or mission statement for review by TAC
* Link to the WG charter or mission statement defining its goals.

### Governance
WG must have met publicly at least 5 times
* Link to public meeting notes (or ideally recordings)
WG must have documented, initial group governance.
* Link to initial group governance doc

WG must have met publicly at least 5 times in the last quarter since becoming Sandbox
* Link to public meeting notes (or ideally recordings)

WG must have defined Contributor Guide
* "link to contributor guide"

Expand All @@ -32,5 +33,5 @@ WG must have defined Contributor Guide
| Website | |
| Contributing guide | |
| Security.md | |
| code-of-conduct.md | |
| code-of-conduct.md | |
| Other | |
2 changes: 1 addition & 1 deletion process/working-group-lifecycle.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ Once the WG has further defined its goals and garnered enough support it can app
## To become `Incubating`:

* Have a charter or mission statement for review by TAC
* Have met at least 5 times
* Have met at least 5 times within the last calendar quarter since becoming `Sandbox`
* For these, meeting notes (or ideally recordings) must be public
* Have at least 5 contributors from at least 3 different organizations attending regularly
* TAC will vote to approve or provide constructive guidance
Expand Down
Loading