Project Lifecycle: Technical Charter & Trademark Contribution Agreement

[Naomi-Wash]

Comment moved from Project Lifecycle Document Section 2. Project Proposal Process

Based on the above information, PQCA staff will prepare a technical charter and trademark contribution agreement for the proposed project.

Discussion

As per the above, how is this meant to apply to OQS? Is it to be treated as one project or several (its current sub projects)? For example its various sub projects have very different maturity and support levels: None but two have GOVERNANCE.md files, some have absolutely heterogeneous code maturity levels (liboqs particularly comprises anything between highly experimental code (externally labelled as "bordering on irresponsible") to merely experimental to near-standards level).

This is a great question! Different foundations/projects have gone multiple different directions with this. The thought here is that, if a project has shown it is capable of supporting mature and secure subprojects, it can also be trusted to mark its less mature subprojects as less mature. Some other foundations have required separate designations for subprojects, although this is a lot more work for the TAC.

just to clarify: does this mean OQS will determine which subprojects are mature enough and provide the "information above" for each one and wait on providing information for immature projects?

this is kind of how it happens right now (without a decision on "maturity"): Looking at the OQS sub projects you will notice that only two have GOVERNANCE.md files. I started this before PQCA took over with oqs-provider and we added it to liboqs as those 2 are the projects we felt are practically most relevant (without agreement on quality/life cycle state). But a community discussion on this drags on for quite some time without conclusion -- probably also because this document didn't finalize. But if you're interested in OQS, please, by all means, chime in at https://github.com/open-quantum-safe/tsc/issues/2 if you have good input! It'll help us prioritize things suitably. Particularly technical input and contributions very welcome!

I will check the discussion. In my perspective, it is acceptable for OQS to decide which projects are mature enough and mark them.

Agree - I see the project maturity as the highest level a project can get to.. and trust is important. I think any project is always going to have areas that are in development, or a tech preview state, deprecated etc. The point is that the project provides a framework for consumers to understand what is what. So in this case the details do still need working out in the issue Michael mentions - it's really important. Also where there are expectations of what projects should supply, we can't expect this to be instantly available for existing project - so having the issue open for the project to add missing 'declarations' like the governance files seems appropriate.

[baentsch]

Based on the above information, PQCA staff will prepare a technical charter and trademark contribution agreement for the proposed project.

Do you mean "based on the below..." @Naomi-Wash ?

Also I'm confused: Why do you state "for the proposed project"? The whole discussion is about a project --and in particular its sub-projects-- that PQCA has already taken control of: OQS. So please phrase things such that they apply to existing and proposed projects and sub projects.

As I initiated the discussion in the original document, please keep tagging me here as/if this moves forward. Thanks.

[Naomi-Wash]

@baentsch The sentence "Based on the above information, PQCA staff will prepare a technical charter and trademark contribution agreement for the proposed project." is the sentence where the comment was placed in the Google Doc. It was to provide context.

Would you like me to assign this issue to you so you can get notifications when a discussion ensues on this thread? I think that's a good idea for all comments so the originator can stay aware.

[baentsch]

Would you like me to assign this issue to you so you can get notifications when a discussion ensues on this thread? I think that's a good idea for all comments so the originator can stay aware.

Normally assigning an issue to someone is indicative of that person being responsible moving it to resolution, no? And that I absolutely cannot do given I am no LF person (in any sense of that term :). If it is not meant that way, I'm fine with that approach of using GH to keep notifying me as/if sth is happening to move this to conclusion.

[Naomi-Wash]

Your assumption is right regarding resolution responsibility, so I won't assign it to you. We'll be sure to keep you in the loop as discussion ensues.