-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add zarf as an openssf sandbox project #341
Conversation
Signed-off-by: Xander Grzywinski <xandergrzyw@gmail.com>
As documented in the Project creation or change of lifecycle stage this PR should also modify the table listing the projects in the README of this repo. In this case it should add the project with the status as Sandbox, with a link to the change request md file that you are adding as part of this PR. |
We have requested the IP / License for this project intake |
Signed-off-by: Xander Grzywinski <xandergrzyw@gmail.com>
Note: I've added Zarf to the table in the README. We will be moving the project to a company independent GitHub org in the near future. At that time I'll be sure to update this link. |
@hepwori has this been discussed and approved by the SCI WG? |
Since you have to move it you might want to consider simply moving it under ossf. |
Co-authored-by: Arnaud J Le Hors <lehors@us.ibm.com> Signed-off-by: Xander Grzywinski <xandergrzyw@gmail.com>
Preliminarily, yes! We've had two live briefings over the last few months, and in the WG meeting earlier today we had a show of hands as to adding Zarf with no objections. The final approval step will be to inform the mailing list; I hope to send that out today, referencing the link to this issue. |
Bennett will work with the maintainers of Zarf following TAC action on the application to move it to the right org. |
Signed-off-by: Xander Grzywinski <xandergrzyw@gmail.com>
Does this require a TAC vote? Or once @hepwori says it's accepted are we good to go (modulo any missing information on the pull request?) From https://github.com/ossf/tac/blob/main/process/project-lifecycle.md:
If the project is reporting to SCI WG, and @hepwori is the WG sponsor and says it's good, I think we're good to go? It is possible I misunderstand the process! |
Before merging we need to review the IP and license review. Before any announcement the charter needs approval by zarf and the contribution agreement needs signed. |
I approve pending IP and license review. the charter approval by zarf and the contribution agreement signed, the SCI WG approval, and the TAC sponsor is identified. (I will be out the June 11 TAC meeting, and am trying to be proactive). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I approve, pending the IP and license review.
Yes, if SCI agrees, then we just need LF Legal to work their magic, and consider the TAC "informed". It sounds like we are in agreement on this proposal though. Looking forward to seeing cool things out of the team! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isaac and SCI have agreed on including zarf into their WG.
The IP and License Review is expected by June 21st. Sorry for the delay. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I support the proposal but request the answer about the IP and licensing due diligence be modified once the due diligence is completed. (The request for change will also prevent premature merge of this PR.)
@hythloda everything going ok with the license review? Definitely let us know if there's anything we can do to help move things along :) Thanks! |
Thanks @salaxander ! The review just takes some internal time. Hoping it gets done soon this week rather than later :) |
LF License Intake Scan Report: LICENSE INTAKE SCAN & ANALYSIS: OpenSSF: Zarf
CODE SCANNED: [pulled 19–JUNE-2024] PROJECT LICENSE: Apache-2.0
SPDX LICENSE IDENTIFIERS: SPDX license identifiers were found in source file headers. PERMISSIVE LICENSES: Apache-2.0 COPYLEFT LICENSES: None found SOURCE AVAILABLE LICENSES: None found PROPRIETARY LICENSES: None found LICENSE CONFLICTS: None found BINARY / PACKAGE FILES: None found THIRD PARTY CODE / DEPENDENCIES: None found THIRD PARTY NOTICE FILE: None found SUMMARY FINDINGS: All of the scanned code is under the project license, Apache-2.0. SPDX license identifiers were found in source file headers. No license conflicts found. No dependencies or third party code detected in repo. |
Signed-off-by: Xander Grzywinski <xandergrzyw@gmail.com>
@lehors updated now that the license scan is complete |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All clear. Welcome to OpenSSF!
No description provided.