This is an automated email from the ASF dual-hosted git repository.
wave pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-docs.git
The following commit(s) were added to refs/heads/main by this push:
new d290b39 Move the data model off of the platform page
d290b39 is described below
commit d290b39fcc74c9373810ba9fb8c2c052b5be695d
Author: Dave Fisher <dave2w...@comcast.net>
AuthorDate: Sat Feb 1 18:35:40 2025 -0800
Move the data model off of the platform page
---
apache-trusted-release/platform.md | 52 +-------------------------------------
1 file changed, 1 insertion(+), 51 deletions(-)
diff --git a/apache-trusted-release/platform.md
b/apache-trusted-release/platform.md
index a0cdf8d..18c94d2 100644
--- a/apache-trusted-release/platform.md
+++ b/apache-trusted-release/platform.md
@@ -29,7 +29,7 @@
### Release Manager Signing Keys
1. Collate Keys by Committer
-2. Link Committer Keys to Signed Releases
+2. Link Committer Keys to Project, Signed Releases
### Release CVE Store
@@ -52,56 +52,6 @@ The co-ordinates make up the external path to objects. The
metadata database pro
- Latest product release: `/<stage>/<project>/<product>/latest/<file>`
- Product release by version: `/<stage>/<project>/<product>/<version>/<file>`
-### Data Model
-
-Here is an introduction to the ATR's data model.
-
-> The following needs some work, but I wanted to have nomenclature for
discussion.
-
-#### Projects.
-
-Projects are run by a PMC with members and committers, have metadata, vote
policy settings, and products.
-
-4. **Products**. Zero or more products with separate releases from the main
one. A product may override vote policy settings.
-3. **Public Signing Keys**. Release Managers have signing keys that are
applied to all of packages in a release.
-2. **Release Manager**. One or more Release Managers who may sign the release
packages.
-1. **Vote Policy Settings**. These are a set of choices which control how a
release vote is conducted by the ATR.
-
-Products that are not the main one have metadata, separate releases, and vote
policy settings.
-
-#### Releases
-
-Releases have stage and state, packages, votes and vote policy, cves both
impacted and solved, and metadata.
-A release may override vote policy settings. The vote policy settings and
signing keys used become release metadata.
-
-7. **CVEs**. For each release there are zero or more CVEs that impact this
release. There may be CVEs that are solved this release.
-3. **Packages**. One or more triples of file, signature, and checksum that is
a downloadable component of a release.
-6. **SBOMs**. Are in one or more acceptable SBOM formats and should be
maintained using standard python libraries.
-1. **Stage**. A release is in one of three stages: Candidate, Current, or
Revoked.
-2. **State**. A release state is either "at rest" or is performing a task in
the release lifecycle.
-5. **Votes**. A release Vote is a monitored task of email communication and
vote recording. Vote policy choices will provide choices.
-
-#### User Roles
-
-Multiple roles are possible and available actions are composed.
-
-| Activity | PMC Member | Release Manager | Committer | Visiter | ASF Member
| Admin
-| ---------- | ---------- | --------------- | --------- | ------- | ----------
| -----
-| binding vote | yes | | | | |
-| vote | yes | | yes | yes | yes |
-| manage release | yes | yes | | | | yes
-| manage policy | yes | yes | | | | yes
-| manage metadata | yes | yes | | | | yes
-| manage keys | yes | | | | | yes
-| manage own key | yes | yes | | | |
-| perform actions | yes | yes | | | | yes
-| view release events | yes | yes | yes | yes | yes | yes
-| view all events | | | | | yes | yes
-
-> To vote _visiters_ must provide PII and we'll need to assure that this is
affirmatively agreed and revocable.
-
-> The authorization and authentication for `GitHub PATs` will be specific and
fine-grained, but should be similar to a "release manager"
-
### Restful API
1. GET
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tooling.apache.org
For additional commands, e-mail: dev-h...@tooling.apache.org
