-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adopt Core Infrastructure Initiative Best Practices #38
Comments
Welcome to AsyncAPI. Thanks a lot for reporting your first issue. Please check out our contributors guide and the instructions about a basic recommended setup useful for opening a pull request. Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue. |
This issue has been automatically marked as stale because it has not had recent activity 😴 |
This just to raise awareness on some of the security issues. After looking more into the security requirements they have, it is gonna be seriously hard to pull off. I used these guidelines to suggest the process here: asyncapi/community#32 (comment) Just for the
As it varies a lot how active maintainers are this will be almost impossible. For the other two levels, there are also points that are gonna be difficult to pull off as we cant 100% control the process. |
I think I am gonna try take a swing at this issue, if it is decided we want to invest time in this. @derberg how do I propose this for TSC? |
I believe it must be done the same way as with code coverage. First, do it for one repo and check out how it went, what was missing, etc. Then we introduce to TSC so all codeowners follow it in their repos, voting style |
Started going through it for Modelina, to achieve Passing level - https://bestpractices.coreinfrastructure.org/en/projects/5279 The following steps are still missing:
|
Reason/Context
All projects from the AsyncAPI Initiative are licensed as Open Source Software, in particular Apache 2.0 license is used by default for new projects.
In an effort to offer high-quality software, not just in terms of code but also in terms of security, transparency, and accessibility, in alignment with our Vision The AsyncAPI community grows 400% stated here we (may) want to adopt the Linux Foundation Core Infrastructure Initiative Best Practices. It also sounds ideal after our announcement made here about AsyncAPI joining a foundation.
Some context:
There are different badges for the different criteria levels a project can achieve. Ordered from the most permissive to the most restrictive:
Description
Even though we may want to achieve the Gold level, Passing and Silver criteria levels should be previously achieved.
That's perfect for splitting this task into smaller actionables so we can adopt each level iteratively.
At least one GH issue should be created per level so we can properly track progress isolated. We can list them right here:
The text was updated successfully, but these errors were encountered: