Approval notice

This proposal, incorporating feedback from the RFC, was approved at the July 17th 2019 Board Meeting. FINOS is in the process of rolling out the new lifecycle in our public documentation and projects. See Process below.

Overview

This is a proposal to review the current /wiki/spaces/FINOS/pages/75530756, a widely used tool to signal OSS Project maturity to consumers and to drive Project Team to ever more successful OSS endeavors, and specifically:

Revise and clarify the checklist for initial contribution to the /wiki/spaces/FINOS/pages/75530363 state and for /wiki/spaces/FINOS/pages/75530376
Rename the /wiki/spaces/FINOS/pages/75530371 state, which is reached through /wiki/spaces/FINOS/pages/75530376, into "Active"
Do away with the Working Group Lifecycle (in conjunction with the related RFC for consolidation of Projects and Working Groups)

We asking the Community for feedback. Please add your comments below before until July 14th 2019.

Rationale

Together with the consolidation of Projects and Working Groups this RFC addresses:

Offer a "roadmap" for Projects towards becoming viable open source collaborative efforts for the industry
Provides a single source for recurrent questions and confusion from the Community on the criteria for /wiki/spaces/FINOS/pages/83034172 vs /wiki/spaces/FINOS/pages/75530363 vs /wiki/spaces/FINOS/pages/75530371
Simplification of our governance
Simplification of reporting as it aligns with /wiki/spaces/FINOS/pages/93225748

Process

~~Research on comparable Foundations (Eclipse, Apache, OpenStack, LF)~~
~~Socialization~~
~~FINOS to collect feedback from the Community~~
If consensus, changes for approval at the Board meeting in July 17th 2019
FINOS team to update Wiki (mainly the /wiki/spaces/FINOS/pages/83034172, /wiki/spaces/FINOS/pages/75530363, /wiki/spaces/FINOS/pages/75530376, /wiki/spaces/FINOS/pages/75530371, /wiki/spaces/FINOS/pages/75530756 pages)
FINOS team to work with PMCs over 19H2 to review existing Projects state and apply the proper badge to the README

References

Several of the guidelines are freely inspired by other established open source foundations, specifically:

Linux Foundation - How to host a project?
Eclipse Foundation - Community Principles
Apache Software Foundation - The "Apache Way"
OpenStack - Requirements for new Projects

Proposed Project Lifecycle

Current Status

As per /wiki/spaces/FINOS/pages/75530756:

Current Project Lifecycle

Current Working Group Lifecycle

Proposed Lifecycle Checklists

The table below presents a consolidate checklist for PMC and contributors to guide the decision to accept a new contribution (into Incubation, all Projects come into incubating state) and to drive Projects towards activation (a gate signaling higher maturity to consumers). Its meant to supersede current criteria scattered between the /wiki/spaces/FINOS/pages/83034172, /wiki/spaces/FINOS/pages/75530363 and /wiki/spaces/FINOS/pages/75530376 pages:

	Incubation (contribution to Incubating state)	Activation (promotion to Active State)
What it means for consumers?	The Project is at early stages of maturity, across quality, community dynamics and value.	The Project is high quality, mature from a codebase and community dynamics perspective. The Project produces valuable releases to solve a useful business problem for our Community.
What it means for the Project Team?	All Projects enter in Incubating state so this is a good checklist for a new contribution which contributors and PMCs can use to discuss approval of a new Project.	Glory in the Community Increased visibility and positioning in FINOS web resources, marketing and Community building efforts like meetups, blog posts, etc.
QUALITY & SECURITY
Development Process	The current contributor(s) commit to adopt a development process suitable for distributed development -- i.e., well established ways of working in successful open source projects, like automated builds, CI/CD and maintaining a public backlog of issues. Access and support for the FINOS Open Developer Platform (ODP) is offered free of charge to all Project Teams for this purpose.	The Project adopts best-of-breed standards of distributed software development, including but not limited to: semantic versioning tagging / branch protection continuous integration ("CI") and continuous delivery ("CD") where applicable If Project Team choses not to use the FINOS provided Open Developer Platform (ODP), a comparable SDLC should be adopted and made available.
Build & Release	If pre-existing software is contributed and there is a build process required to make software work, that build should work successfully as documented using publicly available artifacts.	The Project code/documentation release process automated or at lest well documented. If code is published, publicly redistributed release binaries should be listed or referred to in the documentation (e.g. under the FINOS namespace in an artifact repository or package manager, e.g. NPM, Maven Central, etc.)
Security	No high or critical vulnerabilities are discovered by scanning systems during FINOS contribution due diligence or they are resolved before the code base is brought into FINOS.	No OWASP Top 10 warnings are present in the code No long-standing medium or higher vulnerabilities (2+ months) and proper security disclosure processes Any cryptographic functions and key lengths used within the software shoud be identified and vetted with Foundation's legal counsel in order to request compliance with U.S. Export policy.
Documentation	The README.md must include a description of the idea or how to use and build any pre-existing contributed software	The README.md must include or reference up to date: end user docs, including a description of the software, feature overview, installation & configuration instructions developer docs, including links to other external systems (further docs, wiki, CI & validation tools, artifact repository, change log / history, etc.) where possible badges (e.g. from shields.io) are encouraged sample code explaining how to use the project, library, standard, SDK, etc.
DIVERSITY & VIABILITY
Community	The Project Team seeks more contributions, as well as wider adoption and feedback; the Project has a good idea of tasks (e.g. "good first issue) for new contributors to work on.	Project has active participation from 2+ independent individuals and/or organizations; Ideally Project Team members who make contributions in connection with their employment are doing do as part of their regular job duties.
Project Team	One or more initial contributors, agree to form the initial Project Team (with a named Project Team Lead who will sit on the PMC) and are able to further maintain the code base and work with prospective contributors.	Project Team has/have demonstrated active involvement in PMC and have demonstrated commitment to furthering overall Program goals
License	Project is Apache v2 licensed or one of the /wiki/spaces/FINOS/pages/75530255. If your Project uses another license please get in touch with the FINOS Legal team.	Project must not have dependencies which effectively restrict how the project may be distributed or deployed and must not depend on any proprietary third-party components for their core functionality.
Trademark	Contributors choose a different name for the contributed Project or commit to transfer to FINOS the original contribution trademark and all related assets (web domains, websites, etc).	Community is using a different established Project name or original contribution trademark is owned by FINOS. All Project related websites and assets are owned and hosted by FINOS.
ROADMAP & RESOURCES
Progress	New Projects might involve existing code, but can also be an idea or proof of concept which gets developed and accelerate in the Open.	Project has progressed against its public roadmap during incubation; roadmap is aligned with, and where applicable incorporated into, the overall program roadmap or backlog
Versioning	Projects releases versions below 1.0.0 (or equivalent based on existing number scheme used in project).	Project software is production grade and ready for large scale consumption. 1.0.0 version was released and announced it to the /wiki/spaces/FINOS/pages/77955298.
Roadmap	The Project Team commits to building and working towards a public roadmap, aligned with the overall program Roadmap.	Projects share and work to a public roadmap, aligned with the overall program roadmap.
FINOS Support	The Project Team can work with FINOS to identify areas where they may need further help and support form the Community and the FINOS team	Project Team is largely self-sufficient, requiring minimal operational support from FINOS to govern the /wiki/spaces/FINOS/pages/75530309. FINOS support switches to strategic growth of the Project in the Community.
GROWTH & ADOPTION
Usefulness	The contributed code or idea has the potential to be useful to end users and organizations in the financial industry (even if the code base / project is not neccesarily finance-specific)	The Project demonstrably solves a real life use case in the Community. Evidence of adoption beyond the contributing individuals or firms (e.g., in the form of download statistics, listing known deployments or implementations, etc.)
Status Badging	Project Team is ready to adopt the /wiki/spaces/FINOS/pages/75530363 in the README.md once contribution is approved	Project Team commits to adopt the FINOS ~~Released~~Active badge in the README.md once PMC approves activation properly signal adopters the new state of the Project
HYGIENE & OPERATIONS
Compliance	Before or during contribution, Project should work with the FINOS team to comply with the FINOS /wiki/spaces/FINOS/pages/75530375, including LICENSE, NOTICE and CONTRIBUTING files are present and correct.	The appropriate license text is included in each source file's header. See details and template
Community Inquiries	The project team commits to answer to Community inquiries on the project channels (mailing lists, issues and pull requests, etc)	Community inquiries on the project channels (mailing lists, issues and pull requests, etc) are generally promptly answered
Meeting Hygiene	If the Project holds meetings, the Project Team commits to preparing and distributing agenda and as meeting minutes in accordance to guidelines to run good meetings.	If the project meets regularly on-line, the Project Team has demonstrated a track record of publishing and distributing agenda no less than 24 hours before the meeting, and publishes meeting minutes after calls.
Transparency	Project Team commits to work with FINOS to implement a transparent governance model()* and publish a roadmap for the project towards activation.	Project Team has adopted a transparent governance model()* consistent with FINOS Community governance. Work for new contributors is organized into issues within a public issue tracking system, as appropriate, tagged as "Good First Issues"

(*) transparent governance model is when a project’s discussions, minutes, deliberations, project plans, issue tracking plans for new features, and other artifacts are open, public, and easily accessible in the FINOS Project Infrastructure or FINOS sanctioned external system.