Feedback on the new matriculation process

[craigbox]

I have migrated Kubescape's incubation application from November 2023 to the new format. Here is my feedback on the process, and things I would change. It relates only to the incubation criteria, but I expect the graduation to be largely the same.

Using GitHub issues

• Having this content exist in a GitHub issue means it can only be edited by one person. There's no facility to comment on certain sections, have suggestions written in by others, or indeed to have more than one person make commits.

• You also end up with one set of documents as MD files in a repo (for older projects), and one set in issues (from this point on).

Recommendation: move back to using PRs and files.

Template content

• I don't understand why there is a section marked "Incubation Criteria Summary" at the top. The draft criteria starts with "Application Process Principles".

  • The only thing being asked here is about adopters, which is also asked under "Ecosystem" at the end of the template.

  Recommendation: remove this section.

• Mixing content which needs to be filled in by the project, with content which needs to be filled in by someone else, makes it hard to know when you're done. For example the "TAG insight" and "Due Diligence Review" sections under "Application Process Principles" are the responsibility of a TAG and the TOC, respectively.

  Recommendation: have an appendix section at the end of the document where the response to this document from TAG, TOC or other review is noted, and have all checklist items be things the project is expected to assert.

• "Document agreement that project will adopt CNCF Code of Conduct" should only be required at Sandbox and/or if a project joins directly at incubation.

• I merged two headings in two cases, as one answer addressed both points:

  • "Project must have, and document, at least one public communications channel for users and/or contributors." and "List and document all project communication channels". (This was proposed in the planning sheet but never actioned.)
  • "Document project goals and objectives" and "Document what the project does, and why it does it"

  Recommendation: merge these.

• Having to document security procedures, perform a security self-assessment and achieve an OpenSSF Best Practices badge requires us to document the same data up to three times.

  Recommendation: consider dropping one of the external requirements and/or not asking security questions in the template.

TAG & TOC interaction

• There is a requirement to get TAG guidance; the format of what should be provided has not been standardised by the TAGs.

  • Our TAG is aware of the project due to our sandbox application and updates provided since; we are hoping we do not need to burden them with a re-run just to get their feedback to mark this section complete.

Other

• I exercised my right to ignore everything marked "suggested".

• The "new issue" screen has an option to "Explore Incubation Backlog". This is a link to a static project board last updated on Sep 2023, and is not the current dynamic project board. (That board lists both incubating and graduated projects.)

[linsun]

Karena plans to check this out later this week.