Olaf Renner Muddasar Ahmed Amy Zwarico
This is a drafting space for LFN Quality and Security goals
Define common quality and security goals across LFN projects
Define metrics and tools to measure and verify if goals are reached
Define templates to guide, document and review project progress
Available resources:
...
Quality Goal
...
LFN Wiki
...
...
OpenSSF
...
Project Vitals
...
Project Data Template (currently used both for induction and health review)
...
LFN Lifecycle states and guidelines (metrics per lifecycle stage)
...
LFN Security Forum Best Practices
...
Best Practices
...
Scorecard
...
Project Name
...
☑️
...
README-template.md
...
Project Creation Date
...
☑️
...
Project License
...
☑️
...
LICENSE; README-template.md
...
[floss_license][floss_license_osi][license_location]
...
Community Size
...
☑️
...
Contributing organizations (Diversity)
...
☑️
...
☑️
...
Number of contributors
...
☑️
...
Legal Details and checks
...
Lifecycle Stage
...
☑️
...
Release schedule
...
☑️
...
Adoption
...
☑️
...
Project & Community Resources
...
Website
...
☑️
...
README.md
...
...
Wiki
...
☑️
...
README.md
...
Mailing List
...
☑️
...
README.md
...
Slack
...
☑️
...
README.md
...
Community Meetings
...
☑️
...
README.md
...
Project Governance
...
TSC/TOC
...
☑️
...
☑️
...
GOVERNANCE.md; GOVERNANCE-elections.md; GOVERNANCE-maintainer.md;
...
Charter
...
☑️
...
Code of Conduct
...
☑️
...
CODE_OF_CONDUCT.md; README.md
...
How to contribute
...
☑️
...
☑️
...
CONTRIBUTING.md; README.md
...
[interact]; [contribution];[contribution_requirements]
...
Project Roles
...
☑️
...
☑️
...
CONTRIBUTOR_LADDER.md
...
Maintainers
...
☑️
...
☑️
...
MAINTAINERS.md
...
How to Review
...
☑️
...
☑️
...
REVIEWING.md
...
Adding/Removing PTLs
...
☑️
...
☑️
...
MAINTAINERS.md ??
...
Sub-Project Lifecycle
...
☑️
...
☑️
...
GOVERNANCE-subprojects.md
...
Dispute Resolution
...
☑️
...
Adding/removing committers
...
☑️
...
☑️
...
Sub-projects without a lead
...
☑️
...
Documentation
...
Technical Documentation
...
Contributor onboarding Documentation
...
Company Diversity (past 12 months)
...
Number of Contributors
...
Release Management
...
CI CD integration
...
Adoption
...
Security Design Principals
...
Use Case/ Problem Statement
...
Problem that project solves
...
☑️
...
README.md
...
...
Use Cases Scenarios
...
☑️
...
README.md
...
Infrastructure Tooling
...
Wiki
...
☑️
...
Repos
...
☑️
...
Bug Tracking tool
...
☑️
...
Code review
...
☑️
...
Documentation
...
☑️
...
CI/CD tooling
...
☑️
...
Collaboration Tooling
...
☑️
...
Roadmap
...
...
Near/long-term objectives
...
☑️
...
Milestones
...
☑️
...
Risks/Challenges
...
☑️
...
Timeline
...
☑️
...
Security Best Practices
...
Security Guidelines for New Projects
...
Security Contacts
...
SECURITY-CONTACTS.md
...
Security Policy
...
SECURITY.md
...
Code Scanning
...
☑️
...
Seed code handoff
...
☑️
...
Coding Standards
...
☑️
...
☑️
...
Security design principals
...
☑️
...
OSSF Scorecard; OSSF Best Practices
...
Vulnerability Reporting
...
☑️
...
...
Demonstrate Security Awareness
...
☑️
...
Practice Secure Lifecycle Management (per release)
...
☑️
...
Documentation
...
☑️
...
CI/CD best practices
...
☑️
...
Secure project architecture
...
☑️
...
Supply Chain Security
...
☑️
...
...
SBOM creation
...
Propose meeting on Mondays, biweekly. Casey Cain will send out poll.