This page reflects the Apache Grails project's self-assessment of their maturity according to the ASF Project Maturity Model.
Code
CD10
The project produces Open Source software for distribution to the public at no charge.
All code is under the Apache license (or compatible 3rd party licenses) and available from ASF distribution channels and GitHub.
CD20
Anyone can quickly discover and access the project's code.
The code is available under ASF/GitHub, and the project’s website contains instructions on how to obtain it.
CD30
Anyone using standard, widely available tools can build the code reproducibly.
The project includes instructions on required prerequisites and instructions on how to build the software.
CD40
The complete history of the project's code is available via a source code control system, which allows anyone to recreate any released version.
The latest code is available from ASF/GitHub, and previous versions have been tagged. Previous releases since joining are archived at the ASF and available for download.
CD50
The source code control system establishes the provenance of each line of code in a reliable way, based on strong authentication of the committer.
When third parties contribute code, commit messages provide reliable information about the code provenance. All code is committed via version control. The LICENSE file also lists 3rd party code and its license.
Licenses and Copyright
LC10
The Apache License, version 2.0, covers the released code.
The code is licensed under the Apache License 2.0.
LC20
Libraries that are mandatory dependencies of the project's code do not create more restrictions than the Apache License does.
Extensive work has been done on third-party licenses for both the source release and convenience binaries. One issue with a Hibernate dependency has been discussed and is subject to further resolution but isn't the sole mandatory option for this functionality. Further work is expected to remove the licensing issue with this dependency.
LC30
The libraries mentioned in LC20 are available as Open Source software.
All mandatory dependencies are open source software.
LC40
Committers are bound by an Individual Contributor Agreement (the "Apache iCLA") that defines which code they may commit and how they need to identify code that is not their own.
All committers have signed ICLAs.
LC50
The project clearly defines and documents the copyright ownership of everything that the project produces.
The LICENSE and NOTICE files list additional information needed here.
Releases
RE10
Releases consist of source code, distributed using standard and open archive formats that are expected to stay readable in the long term.
Releases are source code and are performed and distributed in the standard ASF way.
RE20
The project's PMC (Project Management Committee, see CS10) approves each software release to make the release an act of the Foundation.
Each release has been voted on, following ASF policy, by the PPMC.
RE30
Releases are signed and/or distributed along with digests that anyone can reliably use to validate the downloaded archives.
Releases are signed and the release area on the website includes hashes and links to KEYs files.
RE40
The project can distribute convenience binaries alongside source code, but they are not Apache Releases, they are provided with no guarantee.
Convenience binaries are distributed alongside source releases. Their LICENSE and NOTICE files are correct.
RE50
The project documents a repeatable release process so that someone new to the project can independently generate the complete set of artifacts required for a release.
Releases have been made by several release managers and the project includes documentation on how to make a release. The last release included a standard incubating DISCLAIMER. There is some minor work to be done on documenting the release process and improving the release scripts.
Quality
QU10
The project is open and honest about the quality of its code. Various levels of quality and maturity for various modules are natural and acceptable as long as they are clearly communicated.
All code is reviewed by at least one committer before being merged and must pass CI checks.
QU20
The project puts a very high priority on producing secure software.
The project uses various automation processes to ensure dependencies are kept up to date.
QU30
The project provides a well-documented, secure and private channel to report security issues, along with a documented way of responding to them.
The project uses the standard way of reporting ASF security issues.
QU40
The project puts a high priority on backwards compatibility and aims to document any incompatible changes and provide tools and documentation to help users transition to new features.
All PRs, including information on if there are breaking changes, and release notes on each release, also include this.
QU50
The project strives to respond to documented bug reports in a timely manner.
The large majority of issues and PRs are dealt with quickly, although a number of outstanding older issues from pre-ASF days remain.
Community
CO10
The project has a well-known homepage that points to all the information required by ASF policy.
The Grails website (https://grails.apache.org) is well known and contains all the information needed by ASF policy. (A couple of points need fixing before this is actually true, but they are well-known and simple.)
CO20
The community welcomes contributions from anyone who acts in good faith, respectfully, and adds value to the project.
Several hundred folks have contributed to the core Grails project during its lifespan and more on plugins. More than 20 folks have contributed to the core project since incubation started. Several contributors have been made committers and PMC members since the start of incubation.
CO30
Contributions include source code, documentation, constructive bug reports, constructive discussions, marketing and generally anything that adds value to the project.
The project values all forms of contribution and has accepted code, documentation fixes/improvements, bug reports etc.
CO40
The community strives to be meritocratic and gives more rights and responsibilities to contributors who, over time, add value to the project.
Several contributors have been made committers and PPMC members since the start of incubation.
CO50
The project documents how contributors can earn more rights, such as commit access or decision power, and applies these principles consistently.
Several contributors have been made committers and PMC members since the start of incubation. These committers have been based on merit and come from several different employers.
CO60
The community operates based on the consensus of its members (see CS10), who have decision power. Dictators, benevolent or not, are not welcome in Apache projects.
The project’s direction is set by the PMC, there is no BDFY.
CO70
The project strives to answer user questions in a timely manner.
User questions on GitHub and the mailing list are usually answered promptly. There is room for improvement in a few isolated cases.
Consensus Building
CS10
The project maintains a public list of its contributors who have decision power. The project's PMC (Project Management Committee) consists of those contributors.
The PPMC and committer list are kept up to date when new people are added. There is no public list of the PMC on the site, but it is available via several ASF services.
CS20
Decisions require a consensus among PMC members and are documented on the project's main communications channel. The PMC takes community opinions into account, but the PMC has the final word.
Votes on releases and other major decisions are conducted on the mailing list.
CS30
The project uses documented voting rules to build consensus when discussion is not sufficient.
There has been no need to use voting in this way so far.
CS40
In Apache projects, vetoes are only valid for code commits. The person exercising the veto must justify it with a technical explanation, as per the Apache voting rules defined in CS30.
There have been no code vetos. Most significant code contributions use RTC, so this reduces the number of possible vetos. The code is reviewed, and feedback is acted on before it is merged.
CS50
All "important" discussions happen asynchronously in written form on the project's main communications channel. Offline, face-to-face or private discussions that affect the project are also documented on that channel.
There is discussion on the mailing list, and in GitHub issues and discussions. This is asynchronous. There are regular online meetings where anyone is welcome and a summary of discussions is brought back to the mailing list. There are no offline meetings or discussions where private decisions are made.
Independence
IN10
The project is independent of any corporate or organizational influence.
The active contributors are from a diverse range of organisations.
IN20
Contributors act as themselves, not as representatives of a corporation or organization.
Individuals do act independently and for the community and project as a whole.
Trademark and Branding
TB10
The project uses "Apache Foo™" as the project and software product name consistently, with appropriate trademark attributions.
The project uses Apache Grails and complies with ASF trademark policy.
TB20
The project's primary homepage is at projectname.apache.org. When exceptions exist to use alternate domains for any purpose, any non-apache.org domain names are owned by the ASF.
The project's website is at http://grails.apache.org.
TB30
The ASF has trademark rights, including any registrations, to the project name, logo, and any other major branding elements.
The name Grails and its logo is a registered trademark and agreement has been reached to transfer the trademarks to the ASF upon successful graduation.
TB40
The project monitors for any major misuses of their project's brand by others, and reports any potential misuses to Brand Management.
There have been no significant misuses of the project’s brand.