Re: Project Graduations
toggle quoted messageShow quoted text
As a Jenkins board member, I would be interested in passing through the official CDF graduation checklist and review. From what I see on https://github.com/cdfoundation/toc/blob/master/PROJECT_LIFECYCLE.md the Jenkins project fully meets the "graduated project" criteria though IIUC there are some incoming changes like https://github.com/cdfoundation/toc/pull/76 (CII requirement, 3rd-party security audit, etc.). It would be great to see the final list of requirements before we take it to the Jenkins community and discuss it there.
I also have a question about a 3rd-party security audit defined by Dan Lopez in https://github.com/cdfoundation/toc/pull/76. It may cost a lot for a big project like Jenkins if we want to have a formal security audit by a 3rd party. Just in case, does CDF have budget allocated for such audit in CDF projects? If not, such criteria may become a major obstacle.
Thanks in advance,
On Fri, Apr 24, 2020 at 5:29 PM Tracy Miranda <tmiranda@...> wrote: