Replies: 2 comments 5 replies
-
Love the idea of standardizing CI/CD pipelines as it is being used extensively by all projects right now. 🚀 |
Beta Was this translation helpful? Give feedback.
1 reply
-
another idea that do not exclude this idea is that we could ask STF to fund work of some senior frontend to handle https://github.com/asyncapi/asyncapi-react properly with full time focus 🤔 It would just have to be well described - scope like
|
Beta Was this translation helpful? Give feedback.
4 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
This discussion is a result of my travels to various open source conferences that I summarized in this article.
Story
Sovereign Tech Fund
The Sovereign Tech Fund (STF) is a German Government initiative. It is a fund that helps open source financially. They do some reorg so new applications need to wait until Q2.
It is not that shitty fund that many others offer, just for new projects, but for maintenance too, big time! It is official now that STF now financially support three experienced developers to work full time on Log4j library as maintainers - that is something! and clearly demonstrates the trustworthiness of people behind the STF and their vision.
Cyber Resilience Act
Well, European Union like any other public organization, not always does things in a good way and forget to consult all people involved.
Let me for the sake of this discussion simplify a bit and say: it is all about security, but we are not yet 100% sure its final shape and how it will affect us. You can read more about CRA here.
Security at AsyncAPI
We do not have a real reliable security process -> #32
Not much to add 🤷🏼
And it is not only about security that is just one of the chapter defined by OpenSSF -> asyncapi/.github#38
CI/CD infrastructure
Our automation based on GitHub Actions infrastructure lacks regular ownership. Only maintainers are me and @KhudaDad414 and we have many other duties - so approach now is: just fire-fighting and hoping for the best.
CI/CD is one of great assets that people get when hosting projects under AsyncAPI org - we must do everything possible to keep it that way.
Idea
To address issues I described above, we need an owner (or owners) of CI/CD. We need owner that will drive different standardisation initiatives. We need an owner that will know where we are, so once we will know how to prepare for CRA - these owners will know what and where needs to change.
Thus I think we should collaborate on an application that we will put on Sovereign Tech Fund to get above concerns handled:
Thoughts?
Beta Was this translation helpful? Give feedback.
All reactions