cncf
/
toc
mirror of https://github.com/cncf/toc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Graduation to Markdown

This commit is contained in:
Amye Scavarda Perrin 2022-03-08 16:01:27 -08:00
parent ed3540d5a7
commit 4614f3eb2f
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
process/graduation_criteria.md
View File

@ -1,25 +1,25 @@
== CNCF Graduation Criteria v1.3
## CNCF Graduation Criteria v1.3
Every CNCF project has an associated maturity level. Proposed CNCF projects should state their preferred maturity level. A two-thirds supermajority is required for a project to be accepted as incubating or graduated. If there is not a supermajority of votes to enter as a graduated project, then any graduated votes are recounted as votes to enter as an incubating project. If there is not a supermajority of votes to enter as an incubating project, then any graduated or incubating votes are recounted as sponsorship to enter as an sandbox project. If there is not enough sponsorship to enter as an sandbox stage project, the project is rejected. This voting process is called fallback voting.
The criteria for each stage of maturity are described below, and there is a separate https://github.com/cncf/toc/blob/main/process/project_proposals.adoc[Project Proposal process].
The criteria for each stage of maturity are described below, and there is a separate [https://github.com/cncf/toc/blob/main/process/project_proposals.md](Project Proposal process).
Incubating and graduated projects have access to all resources listed at https://cncf.io/projects[https://cncf.io/projects] but if there is contention, more mature projects will generally have priority.
Incubating and graduated projects have access to all resources listed at [https://cncf.io/projects](https://cncf.io/projects) but if there is contention, more mature projects will generally have priority.
=== Sandbox Stage
### Sandbox Stage
To be accepted in the sandbox a project must
* Apply to join the sandbox using the https://docs.google.com/forms/d/1bJhG1MuM981uQXcnBMv4Mj9yfV5_q5Kwk3qhBCLa_5A/edit[form]
* Adopt the CNCF https://github.com/cncf/foundation/blob/master/code-of-conduct.md[Code of Conduct]
* Adhere to CNCF https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy[IP Policy] (including trademark transferred)
* Apply to join the sandbox using the [https://docs.google.com/forms/d/1bJhG1MuM981uQXcnBMv4Mj9yfV5_q5Kwk3qhBCLa_5A/edit](form)
* Adopt the CNCF [https://github.com/cncf/foundation/blob/master/code-of-conduct.md](Code of Conduct)
* Adhere to CNCF [https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy](IP Policy) (including trademark transferred)
* List their sandbox status prominently on website/readme
See the https://github.com/cncf/toc/blob/main/process/sandbox.md[CNCF Sandbox Guidelines v1.0] for the detailed process.
See the [https://github.com/cncf/toc/blob/main/process/sandbox.md][CNCF Sandbox Guidelines v1.0] for the detailed process.
=== Incubating Stage
### Incubating Stage
*Note: The incubation level is the point at which we expect to perform full https://github.com/cncf/toc/blob/main/process/due-diligence-guidelines.md[due diligence] on projects.*
*Note: The incubation level is the point at which we expect to perform full [https://github.com/cncf/toc/blob/main/process/due-diligence-guidelines.md](due diligence) on projects.*
To be accepted to incubating stage, a project must meet the sandbox stage requirements plus:
@ -32,12 +32,12 @@ To be accepted to incubating stage, a project must meet the sandbox stage requir
* Clearly documented security processes explaining how to report security issues to the project, and describing how the project provides updated releases or patches to resolve security vulnerabilities
* Specifications must have at least one public reference implementation.
=== Graduation Stage
### Graduation Stage
To graduate from sandbox or incubating status, or for a new project to join as a graduated project, a project must meet the incubating stage criteria plus:
* Have committers from at least two organizations.
* Have achieved and maintained a Core Infrastructure Initiative https://bestpractices.coreinfrastructure.org/[Best Practices Badge].
* Have achieved and maintained a Core Infrastructure Initiative [https://bestpractices.coreinfrastructure.org/](Best Practices Badge).
* Have completed an independent and third party security audit with results published of similar scope and quality as the following example (including critical vulnerabilities addressed): https://github.com/envoyproxy/envoy#security-audit and all critical vulnerabilities need to be addressed before graduation.
* Explicitly define a project governance and committer process. This preferably is laid out in a GOVERNANCE.md file and references an OWNERS.md file showing the current and emeritus committers.
* Have a public list of project adopters for at least the primary repo (e.g., ADOPTERS.md or logos on the project website). For a specification, have a list of adopters for the implementation(s) of the spec.