From b82328e365b08ead5c8e6c29c50e92fe5b6c36b8 Mon Sep 17 00:00:00 2001 From: Marcela Melara Date: Tue, 10 Dec 2024 17:09:15 -0800 Subject: [PATCH 1/4] Add the OpenSSF labs process Signed-off-by: Marcela Melara --- process/labs-process.md | 119 ++++++++++++++++++++++++++++++ process/templates/LAB_NAME_lab.md | 46 ++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 process/labs-process.md create mode 100644 process/templates/LAB_NAME_lab.md diff --git a/process/labs-process.md b/process/labs-process.md new file mode 100644 index 00000000..0524eb70 --- /dev/null +++ b/process/labs-process.md @@ -0,0 +1,119 @@ +# OpenSSF Labs + + + +The OpenSSF Labs provide a space for open source projects that are in the +earliest stages of their lifecycle to experiment, foster collaboration, and grow +their community prior to transitioning into the OpenSSF [project lifecycle]. + + + +OpenSSF Labs follow a similar model to Hyperledger Labs. + +## Benefits + +The OpenSSF Labs provide OSS developers several benefits: + +* A common governance and legal framework under the OpenSSF that +facilitates cross-organization or -vendor collaboration. +* The lowest barrier to starting brand new projects. +* A dedicated GitHub repository, if starting a lab from scratch. +* A streamlined transition into the [Sandbox] stage of the OpenSSF [project +lifecycle]. + +## Project Responsibilities + +Developers of OpenSSF labs are responsible for: + +* Submitting a [new lab proposal] for review by the [OpenSSF TAC]. +* Ensuring all commits are properly signed-off to avoid issues related to [DCO]. +* Notifying the TAC if the lab needs to be suspended or archived. + +Labs projects are also highly encouraged to engage with the [existing +Technical Initiatives] (working groups, projects or SIGs) in OpenSSF to build +their community and find a potential pathway towards acceptance as an OpenSSF +project. + +## Archiving + +The TAC will periodically check on the activity of labs. Labs that have been +inactive for an extended period (6+ months), or are explicitly suspended by +the maintainers, will be marked as "archived" in GitHub. + +Archived labs are not actively maintained and read-only, and can be reactivated +if there is interest in resuming work on a project. + +## New Lab Proposal Process + +1. Fork the repo. + +2. Fill out the [proposal template](templates/LAB_NAME_lab.md) + and save it into the `labs` subdirectory under the name of your lab, + such as `coolnewproject_lab.md`. +
+> [!TIP] +> It is expected that your lab repository on GitHub will have the same +> name as the proposal, so keep that in mind when submitting your proposal. + +3. In the proposal template, there is an entry for sponsor(s). Although this + is not required, proposers are encouraged to seek a sponsor in the OpenSSF + community who can help them create ties with the rest of the community + and review the proposal to make sure it is novel and aligned with the + [OpenSSF mission]. +
+ To find sponsors: + 1. use your connections to existing projects and ask maintainers, + 2. engage with [existing Technical Initiatives] (working groups, projects + or SIGs) with affinities to the proposed lab and pitch the project in + their meetings or [Slack channels](https://slack.openssf.org/). It's + good to have the template already filled out when you reach out. +
+> [!IMPORTANT] +> Lab sponsors may but are not required to actively participate in +> the lab once the proposal has been reviewed and accepted. + +4. Commit your changes with proper sign-off. This means that your commit + log message must contain a line that looks like the following one, + with your actual name and email address: + + `Signed-off-by: John Doe ` + + Adding the `-s` flag to your `git commit` command will add that line + automatically. You can also add it manually as part of your commit + log message or add it afterwards with `git commit --amend -s`. + +5. Submit a Pull Request to the repo. + +The [OpenSSF TAC] will then review your proposal. Like sponsors, TAC members may +but are not required to participate in ongoing work like contributing or +reviewing code in the lab. + +### Transferring an existing repository + +By default, OpenSSF staff will create a new GitHub repository for you to +start a new lab in. If you have an existing GitHub repo you would like to +bring to your proposed lab, you have the option to request for that +repo to be transferred into the instead. + +However, we require that every commit in the existing repo to br +signed-off so there are no issues related to [DCO]. +If that is not the case, you will need to transfer your existing code by +squashing all of your commits into a single first commit made against +your new lab repo with your sign-off. + +### License requirement + + + +## Code of Conduct + +All OpenSSF community members must adhere to the +[Code of Conduct](https://openssf.org/community/code-of-conduct/). + +[DCO]: https://developercertificate.org/ +[existing TIs]: https://github.com/ossf/tac/blob/main/README.md#technical-initiatives +[new lab proposal]: #new-lab-proposal-process +[OpenSSF mission]: https://openssf.org/about/ +[OpenSSF TAC]: https://github.com/ossf/tac/blob/main/README.md#tac-members +[project lifecycle]: https://github.com/ossf/tac/blob/main/process/project-lifecycle.md +[Sandbox stage]: https://github.com/ossf/tac/blob/main/process/project-lifecycle.md#sandbox diff --git a/process/templates/LAB_NAME_lab.md b/process/templates/LAB_NAME_lab.md new file mode 100644 index 00000000..7fa18681 --- /dev/null +++ b/process/templates/LAB_NAME_lab.md @@ -0,0 +1,46 @@ +# Lab Name + +_Enter the name of your lab here._ + +## Short Description + +_Provide a short description of your lab. This will be used for the GitHub +repository's description._ + +## Purpose + +_The lab must be aligned with the [OpenSSF +mission](https://openssf.org/about/) and either be a novel +approach for existing areas, address an unfulfilled need, or be initial or +experimental code for an extension to an existing OpenSSF technical initiative. + +Describe the purpose and scope of the lab. This should include enough +information to allow the TAC to understand how it aligns with the OpenSSF +mission._ + +## Initial Committers + +_Enter the Github IDs for the set of initial committers._ +- https://github.com/ +- https://github.com/ +- ... + +## Sponsor + +_Provide the name of your sponsor, if you have one. A sponsor is optional, but +the sponsor must be a maintainer of an active OpenSSF project, a WG or SIG chair, or a TAC member. + +Read about sponsors' duty in [Section 3, New labs proposal +process](../labs-process.md#new-lab-proposal-process)._ + +- https://github.com/ or , (e.g., + "Chair of the XYZ working group") + +## Pre-existing repository + +_If you currently have a GitHub repository that you wish to transfer to the OpenSSF Labs organization, please provide a link here. +**NOTE: Please refer to the [Transferring an existing repo +guidelines](../labs-process.md#transferring-an-existing-repo) for additional +information on existing repositories.**_ + +- https://github.com/ From dd5126a6cb4faac680925022314bf1973ff04d60 Mon Sep 17 00:00:00 2001 From: Marcela Melara Date: Tue, 10 Dec 2024 17:26:56 -0800 Subject: [PATCH 2/4] Add lab archive stage template Signed-off-by: Marcela Melara --- process/labs-process.md | 16 +++++++++------- process/templates/LAB_NAME_archived_stage.md | 7 +++++++ .../{LAB_NAME_lab.md => LAB_NAME_lab_stage.md} | 0 3 files changed, 16 insertions(+), 7 deletions(-) create mode 100644 process/templates/LAB_NAME_archived_stage.md rename process/templates/{LAB_NAME_lab.md => LAB_NAME_lab_stage.md} (100%) diff --git a/process/labs-process.md b/process/labs-process.md index 0524eb70..374823e9 100644 --- a/process/labs-process.md +++ b/process/labs-process.md @@ -18,7 +18,7 @@ The OpenSSF Labs provide OSS developers several benefits: facilitates cross-organization or -vendor collaboration. * The lowest barrier to starting brand new projects. * A dedicated GitHub repository, if starting a lab from scratch. -* A streamlined transition into the [Sandbox] stage of the OpenSSF [project +* A streamlined transition into the [Sandbox stage] of the OpenSSF [project lifecycle]. ## Project Responsibilities @@ -38,16 +38,18 @@ project. The TAC will periodically check on the activity of labs. Labs that have been inactive for an extended period (6+ months), or are explicitly suspended by -the maintainers, will be marked as "archived" in GitHub. +the maintainers, will be moved into the [Archived +stage](templates/LAB_NAME_archived_stage.md). -Archived labs are not actively maintained and read-only, and can be reactivated -if there is interest in resuming work on a project. +Archived lab repositories are not actively maintained and will be marked as +"archived" (read-only) on GitHub. They can be reactivated if there is interest +in resuming work on a project. ## New Lab Proposal Process -1. Fork the repo. +1. Fork the `` repo. -2. Fill out the [proposal template](templates/LAB_NAME_lab.md) +2. Fill out the [proposal template](templates/LAB_NAME_lab_stage.md) and save it into the `labs` subdirectory under the name of your lab, such as `coolnewproject_lab.md`.
@@ -82,7 +84,7 @@ if there is interest in resuming work on a project. automatically. You can also add it manually as part of your commit log message or add it afterwards with `git commit --amend -s`. -5. Submit a Pull Request to the repo. +5. Submit a Pull Request to the `` repo. The [OpenSSF TAC] will then review your proposal. Like sponsors, TAC members may but are not required to participate in ongoing work like contributing or diff --git a/process/templates/LAB_NAME_archived_stage.md b/process/templates/LAB_NAME_archived_stage.md new file mode 100644 index 00000000..7d31e532 --- /dev/null +++ b/process/templates/LAB_NAME_archived_stage.md @@ -0,0 +1,7 @@ +## Archiving an OpenSSF Lab + +### Reasons for archiving +The maintainers of the lab may decide to conclude/suspend their work, or +the lab may become inactive over time. + + * "description of why this project should be archived" diff --git a/process/templates/LAB_NAME_lab.md b/process/templates/LAB_NAME_lab_stage.md similarity index 100% rename from process/templates/LAB_NAME_lab.md rename to process/templates/LAB_NAME_lab_stage.md From ac17a38eb99332ba741a0626288d253f8d30a006 Mon Sep 17 00:00:00 2001 From: Marcela Melara Date: Thu, 9 Jan 2025 08:59:05 -0800 Subject: [PATCH 3/4] Disambiguate between labs and project, small fixes Co-authored-by: Arnaud J Le Hors Co-authored-by: Zach Steindler Signed-off-by: Marcela Melara --- process/labs-process.md | 20 ++++++++++---------- process/templates/LAB_NAME_archived_stage.md | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/process/labs-process.md b/process/labs-process.md index 374823e9..028577b3 100644 --- a/process/labs-process.md +++ b/process/labs-process.md @@ -21,7 +21,7 @@ facilitates cross-organization or -vendor collaboration. * A streamlined transition into the [Sandbox stage] of the OpenSSF [project lifecycle]. -## Project Responsibilities +## Lab Responsibilities Developers of OpenSSF labs are responsible for: @@ -29,7 +29,7 @@ Developers of OpenSSF labs are responsible for: * Ensuring all commits are properly signed-off to avoid issues related to [DCO]. * Notifying the TAC if the lab needs to be suspended or archived. -Labs projects are also highly encouraged to engage with the [existing +Labs are also highly encouraged to engage with the [existing Technical Initiatives] (working groups, projects or SIGs) in OpenSSF to build their community and find a potential pathway towards acceptance as an OpenSSF project. @@ -43,7 +43,7 @@ stage](templates/LAB_NAME_archived_stage.md). Archived lab repositories are not actively maintained and will be marked as "archived" (read-only) on GitHub. They can be reactivated if there is interest -in resuming work on a project. +in resuming work on a lab. ## New Lab Proposal Process @@ -51,7 +51,7 @@ in resuming work on a project. 2. Fill out the [proposal template](templates/LAB_NAME_lab_stage.md) and save it into the `labs` subdirectory under the name of your lab, - such as `coolnewproject_lab.md`. + such as `coolnewlab.md`.
> [!TIP] > It is expected that your lab repository on GitHub will have the same @@ -66,12 +66,12 @@ in resuming work on a project. To find sponsors: 1. use your connections to existing projects and ask maintainers, 2. engage with [existing Technical Initiatives] (working groups, projects - or SIGs) with affinities to the proposed lab and pitch the project in + or SIGs) with affinities to the proposed lab and pitch it in their meetings or [Slack channels](https://slack.openssf.org/). It's good to have the template already filled out when you reach out.
> [!IMPORTANT] -> Lab sponsors may but are not required to actively participate in +> Lab sponsors may, but are not required to, actively participate in > the lab once the proposal has been reviewed and accepted. 4. Commit your changes with proper sign-off. This means that your commit @@ -86,8 +86,8 @@ in resuming work on a project. 5. Submit a Pull Request to the `` repo. -The [OpenSSF TAC] will then review your proposal. Like sponsors, TAC members may -but are not required to participate in ongoing work like contributing or +The [OpenSSF TAC] will then review your proposal. Like sponsors, TAC members may, +but are not required to, participate in ongoing work like contributing or reviewing code in the lab. ### Transferring an existing repository @@ -97,7 +97,7 @@ start a new lab in. If you have an existing GitHub repo you would like to bring to your proposed lab, you have the option to request for that repo to be transferred into the instead. -However, we require that every commit in the existing repo to br +However, we require that every commit in the existing repo to bring is signed-off so there are no issues related to [DCO]. If that is not the case, you will need to transfer your existing code by squashing all of your commits into a single first commit made against @@ -113,7 +113,7 @@ All OpenSSF community members must adhere to the [Code of Conduct](https://openssf.org/community/code-of-conduct/). [DCO]: https://developercertificate.org/ -[existing TIs]: https://github.com/ossf/tac/blob/main/README.md#technical-initiatives +[existing Technical Initiatives]: https://github.com/ossf/tac/blob/main/README.md#technical-initiatives [new lab proposal]: #new-lab-proposal-process [OpenSSF mission]: https://openssf.org/about/ [OpenSSF TAC]: https://github.com/ossf/tac/blob/main/README.md#tac-members diff --git a/process/templates/LAB_NAME_archived_stage.md b/process/templates/LAB_NAME_archived_stage.md index 7d31e532..6feb0c49 100644 --- a/process/templates/LAB_NAME_archived_stage.md +++ b/process/templates/LAB_NAME_archived_stage.md @@ -4,4 +4,4 @@ The maintainers of the lab may decide to conclude/suspend their work, or the lab may become inactive over time. - * "description of why this project should be archived" + * "description of why this lab should be archived" From 52339722a994010a748a9d0befa139f65639cd50 Mon Sep 17 00:00:00 2001 From: Marcela Melara Date: Thu, 9 Jan 2025 11:54:11 -0800 Subject: [PATCH 4/4] Add license requirements Signed-off-by: Marcela Melara --- process/labs-process.md | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/process/labs-process.md b/process/labs-process.md index 028577b3..72faece6 100644 --- a/process/labs-process.md +++ b/process/labs-process.md @@ -1,13 +1,9 @@ # OpenSSF Labs - - The OpenSSF Labs provide a space for open source projects that are in the earliest stages of their lifecycle to experiment, foster collaboration, and grow their community prior to transitioning into the OpenSSF [project lifecycle]. - - OpenSSF Labs follow a similar model to Hyperledger Labs. ## Benefits @@ -26,7 +22,8 @@ lifecycle]. Developers of OpenSSF labs are responsible for: * Submitting a [new lab proposal] for review by the [OpenSSF TAC]. -* Ensuring all commits are properly signed-off to avoid issues related to [DCO]. +* Ensuring all commits are properly signed-off to avoid issues related to + Developer Certificate of Origin ([DCO]). * Notifying the TAC if the lab needs to be suspended or archived. Labs are also highly encouraged to engage with the [existing @@ -86,8 +83,8 @@ in resuming work on a lab. 5. Submit a Pull Request to the `` repo. -The [OpenSSF TAC] will then review your proposal. Like sponsors, TAC members may, -but are not required to, participate in ongoing work like contributing or +The [OpenSSF TAC] will then review your proposal. Like sponsors, TAC members +may, but are not required to, participate in ongoing work like contributing or reviewing code in the lab. ### Transferring an existing repository @@ -103,9 +100,32 @@ If that is not the case, you will need to transfer your existing code by squashing all of your commits into a single first commit made against your new lab repo with your sign-off. +**Note**: A full intellectual property (IP) and legal review is not needed +for OpenSSF Labs, but will be required if the lab seeks to transition to +[Sandbox stage]. + ### License requirement - +OpenSSF Labs must use one of the following licenses as required in section 4a +of the [OpenSSF charter](https://openssf.org/about/charter/): + +#### Software source code + +(1) Apache License, Version 2.0, available at [https://www.apache.org/licenses/LICENSE- 2.0](https://www.apache.org/licenses/LICENSE- 2.0); or + +(2) MIT License available at [https://opensource.org/licenses/MIT](https://opensource.org/licenses/MIT) + +#### Data + +Any of the Community Data License Agreements, available at [https://www.cdla.io](https://www.cdla.io) + +#### Specifications + +Community Specification License, Version 1.0, available at [https://github.com/CommunitySpecification/1.0](https://github.com/CommunitySpecification/1.0) + +#### All other Documentation + +(1) Creative Commons Attribution 4.0 International License, available at [https://creative commons.org/licenses/by/4.0/](https://creative commons.org/licenses/by/4.0/) ## Code of Conduct