Page Comparison

Have a defined governing body of at least 5 or more members (owners and core maintainers)

Meets

Our current TSC is comprised of members from Intel, IOTech, Eaton, Schneider Electric, Danfoss and Yiqisoft.  For names and details see:

https://lf-edgexfoundry.atlassian.net/wiki/spaces/FA/pages/11667441/Technical+Steering+Committee+TSC

Each TSC group continues to be a good mix of experienced EdgeX leaders with new members and organizations becoming involved

Have a documented and publicly accessible description of the project's governance, decision-making, and release processes.

Meets

• Matters of project governance, decision making and process are covered in our project Wiki.  The following pages outline our policies.
  Matters of technical decisions and voting process and rules are defined here:  https://wiki.edgexfoundry.org/display/FA/Technical+Work+in+the+EdgeX+Foundry+Project

• Guidance for how to submit code contributions is defined here:  https://wiki.edgexfoundry.org/display/FA/Contributor%27s+Guide and here: https://wiki.edgexfoundry.org/display/FA/Contributor%27s+Process

• Documentation on how our release process and what gets released is here:  https://wiki.edgexfoundry.org/display/FA/Release+Process and some additional information on what is considered a release artefact is defined here:  https://docs.edgexfoundry.org/3.1/design/adr/devops/0007-Release-Automation/

• Significant new features are discussed via TSC approved Use Case Review (UCR) process to better refine the way in which new requirements are defined, and the Architectural Decision Records (ADR) stage of the design.
  

Have a healthy number of committers from at least two organizations. A committer is defined as someone with the commit bit; i.e., someone who can accept contributions to some or all of the project.

Meets

• Work group chairs automatically have committer rights to their work group repositories and nominate others as committers as spelled out in our governance here:  https://wiki.edgexfoundry.org/pages/viewpage.action?pageId=21823860#Contributors,Committers&Maintainers-NominationandApprovalofMaintainersandCommitters

• Each repository has at least 2 committers.  The most used repository (note the microservices architecture of EdgeX means there are many repositories) has 96 code contributors and 18 “committers” (i.e. approvers) (https://github.com/edgexfoundry/edgex-go/graphs/contributors ). In the past 12 months there have been 13 different code contributors to edgex-go
  

Establish a security and vulnerability process which at a minimum includes meeting ("Met" or "?") all OpenSSF best practices security questions and SECURITY.md.

Meets

The project has a well defined security & vulnerability process as defined here: https://lf-edgexfoundry.atlassian.net/wiki/spaces/FA/pages/11671699/Security

The LTS releases have have CVE patches applied to them, for example: https://lf-edgexfoundry.atlassian.net/wiki/spaces/FA/pages/11678726/Napa+3.1.1+Bug+Release+to+LTS

Demonstrate evidence of interoperability, compatibility or extension to other LF Edge Projects. Examples may include demonstrating modularity (ability to swap in components between projects).

Adopt the Foundation Code of Conduct.

Explicitly define a project governance and committer process. This is preferably laid out in a GOVERNANCE.md file and references a CONTRIBUTING.md and OWNERS.md file showing the current and emeritus committers.

Have a public list of project adopters for at least the primary repo (e.g., ADOPTERS.md or logos on the project website).