Review and apply OpenBao for Incubation stage #55
Description
In order to grow and further mature the OpenBao project, we should clarify and investigate the "Incubating" stage requirements:
- https://github.com/ossf/tac/blob/main/process/templates/PROJECT_NAME_incubation_stage.md
- https://github.com/ossf/tac/tree/main/process/project-lifecycle-documents
Once we are confident to fulfill the requirements, we should submit our application accordingly.
Relevant precondition: #54
Application
Project incubation application
Project has met all Sandbox requirement
- Sandbox
- Projects had more than three maintainers with a minimum of two different organization affiliations.
- Projects is aligned with the OpenSSF mission and addresses an unfulfilled need within the security tooling umbrella under the OpenSSF and LF as a whole.
- Projects is sponsored by the Security Tooling WG
- The project has undergone IP and License due-diligence when contributed to LF Edge and further review when moved to OpenSSF.
List of project maintainers
The project must have a minimum of three maintainers with a minimum of two different organizational affiliations.
See openbao/openbao:MAINTAINERS.md:
Org-Level Maintainers
- Dan Ghita, Wallix, @DanGhita
- Jan Martens, Independent (PaymentTools), @JanMa
- Nathan Phelps, IBM, @naphelps
- Alex Scheel, GitLab, @cipherboy
Repository-Level Committers
- Andrii Fedorchuk, Adfinis, @driif
- Pascal Reeb, Adfinis, @pree
- Toni Tauro, Adfinis, @eyenx
- Yannis Rachdi, Adfinis, @Nerkho
- Dave Dykstra, FermiLab, @DrDaveD
- Jonas Köhnen, Reply, @satoqz
- Christoph Voigt, Reply, @voigt
- Tom Gehrke, Reply, @phyrog
- Wojciech Slabosz, Reply, @wslabosz-reply
- Geoffrey Wilson, G Research OSS, @suprjinx
Mission of the project
The project must be aligned with the OpenSSF mission and either be a novel approach for existing areas, address an unfulfilled need, or be code needed to deliver OpenSSF WG work. It is preferred that extensions of existing OpenSSF projects collaborate with the existing project rather than seek a new project.
- "description of the project mission"
Project adoption
The project should be able to show adoption by multiple parties and the adoption's value to the open source community and/or end users (may include adoption of beta/early versions).
- GitLab has adopted OpenBao for its Secrets Manager offering which is currently in Closed Experiment.
Governance
Project must have met publicly at least 5 times in the last quarter since becoming Sandbox
- See our community call notes with embedded recordings. See Historical Archive section at the end for LF Edge meetings and slides.
- See our TSC call notes with embedded recordings. Our past TSC agendas are available on LF Edge Confluence.
Projects must have documented, initial project governance
Project must have defined Contributor Guide
- See
openbao/openbao:CONTRIBUTING.md, which links toopenbao/openbao:MAINTAINERS.mdfor maintainer election processes andopenbao/openbao:GOVERNANCE.mdfor project leadership election processes.
Project has attained an OpenSSF Best Practice Badge at "passing" level
- "link to OpenSSF Badge"
Project is integrated into the OpenSSF Scorecard
- "link to Scorecard output"
IP policy and licensing due diligence
When contributing an existing Project to the OpenSSF, the contribution must undergo license and IP due diligence by the Linux Foundation (LF). This step is only needed for the initial donation and only applicable here, if the project intends to join the OpenSSF Incubation stage.
- Not applicable; this an existing project and has already been reviewed at initial contribution (during the fork under LF Edge) and on migration into OpenSSF.
Security Baseline
The project meets all applicable Security Baseline requirements:
Project References
The project should provide a list of existing resources with links to the repository, website, a roadmap, contributing guide, demos and walkthroughs, and any other material to showcase the existing breadth, maturity, and direction of the project.
| Reference | URL |
|---|---|
| Repo | https://github.com/openbao/openbao/ |
| Website | https://openbao.org/ |
| Contributing guide | https://openbao.org/docs/contributing/, https://github.com/openbao/openbao/blob/main/CONTRIBUTING.md |
| Security.md | https://openbao.org/docs/internals/security/#threat-model, https://github.com/openbao/.github/blob/main/SECURITY.md |
| Roadmap | openbao/openbao#569 |
| LFX Insights | https://insights.lfx.linuxfoundation.org/foundation/lfedge/overview/github?project=openbao&repository=&routedFrom=Github |
| Meeting Agenda | Community, TSC |
| OSSF Calendar Entry | Present (Thursday, 10AM US Central). |
| Demos | n/a |
| Best Practices Badge | |
| Scorecard integration | |
| Other |
If anyone wishes to contribute to the application, please comment here and we'll edit this copy.