Promote Lima from CNCF Sandbox to Incubation

[AkihiroSuda]

I think we are getting close to satisfy the requirements for the Incubating Stage:

https://github.com/cncf/toc/blob/main/process/graduation_criteria.md#incubating-stage

Incubating Stage

Note: The incubation level is the point at which we expect to perform full due diligence on projects.

To be accepted to incubating stage, a project must meet the sandbox stage requirements plus:

• Document that it is being used successfully in production by at least three independent direct adopters which, in the TOC’s judgement, are of adequate quality and scope. For the definition of an adopter, see https://github.com/cncf/toc/blob/main/FAQ.md#what-is-the-definition-of-an-adopter.

• Have a healthy number of committers. A committer is defined as someone with the commit bit; i.e., someone who can accept contributions to some or all of the project.

• Demonstrate a substantial ongoing flow of commits and merged contributions.

• Since these metrics can vary significantly depending on the type, scope and size of a project, the TOC has final judgement over the level of activity that is adequate to meet these criteria

• A clear versioning scheme.

• Clearly documented security processes explaining how to report security issues to the project, and describing how the project provides updated releases or patches to resolve security vulnerabilities

• Specifications must have at least one public reference implementation.

---

TODOs

• [x] Complete OpenSSF Best Practices

  • [x] https://github.com/lima-vm/lima/pull/2385

• [X] Submit Security Self-Assessment to https://github.com/cncf/tag-security/tree/main/assessments/projects

  • https://github.com/cncf/tag-security/pull/1264

• [X] Submit an incubation application to https://github.com/cncf/toc/issues

  • https://github.com/cncf/toc/issues/1348

• [ ] Wait for approval