Issue: New .NET Foundation Project Application - PnP PowerShell #463
Description
Project Name
PnP PowerShell
License
MIT
Contributor
Erwin van Hunen
Existing OSS Project?
Yes
Source Code URL
https://github.com/pnp/powershell
Project Homepage URL
https://pnp.github.io/powershell/
Project Transfer Signatories
Erwin van Hunen [email protected]
Description
PnP PowerShell is a cross-platform PowerShell Module providing over 800 cmdlets that work with Microsoft 365 environments and products such as SharePoint Online, Microsoft Teams, Microsoft Planner, Microsoft Power Platform, Microsoft Entra, Microsoft Purview, Microsoft Search, and more. It runs on Windows, Linux and MacOS. Within the M365 ecosystem PnP PowerShell is the de-facto standard for scripting.
What are you hoping from the foundation
We have been, until recently, very much leaning towards Microsoft for support and help with, among others, code signing. However, as this support is slowly fading away (and currently we cannot sign our code anymore as we don't have a valid certificate), we are looking for a stable base. We are thriving community, with many people using it (and millions of downloads) and billiions of cmdlet executions per month, however, the moment we can't codesign our solution, we cannot deliver any updates.
Name
Erwin van Hunen
GitHub Profile URL
https://github.com/erwinvanhunen
Committers
Koen Zomers: [email protected] (not contributing on behalf of Microsoft)
Bert Jansen: [email protected] (not contributing on behalf of Microsoft)
Gautam Sheth: [email protected]
Discord Ids
erwinvanhunen
Governance Model
A PR is reviewed by a maintainer and if needed, discussed between the other maintainers. If it is a simple bug fix, a repository maintainer can merge the code change without consulting the other maintainers. Larger PRs or fundamental changes are discussed both by the maintainer team, but also in a larger group within the M365 PnP effort before being merged. Common / regular contributors can be asked to join the maintainer team, but this has not happened in several years. Most contributions are one-off PRs, as most actual users of the module are actually administrators and not directly developers. The most active contributors, Koen Zomers and Gautam Sheth are now part of the maintainer team.
CLA
- If already an OSS project, was a Contribution License Agreement in place for contributions accepted?
How does the project check who has signed one?
No response
CLA Notification Alias
No response
Select the Project Transfer Agreement model
Contribution
Repository Layout
Not applicable. We would like to keep our repository under the PnP organization given the community impact it has there.
Eligibility Criteria
- The project is built on the .NET platform and/or creates value within the .NET ecosystem.
- The project produces source code for distribution to the public at no charge.
- The project's code is easily discoverable and publicly accessible (preferably on GitHub).
- The project contains a build script that can produce deployable artifacts that are identical to the official deployable artifacts, with the exception of code signing (Exception may be granted for strong name keys, though strongly encouraged to be committed. Exception relies on OSS signing being in the build script for public builds).
- When applicable, project must use reproducible build settings in its toolchain.
- The project uses Source Link.
- The project uses either embedded PDBs or publish symbol packages to NuGet (if applicable).
- The project code signs their artifacts as appropriate.
- The project organization has 2FA enabled. Requiring 2FA must be done as part of onboarding if not already enabled.
- Libraries that are mandatory dependencies of the project are offered under a standard, permissive open source license which has been approved by the .NET Foundation (exceptions include a dependency that is required by the target platform where no alternative open source dependency is available such as the .NET Framework or a hardware specific library).
- Committers are bound by a Contributor License Agreement (CLA) and/or are willing to embrace the .NET Foundation's CLA when the project becomes a Member.
- The copyright ownership of everything that the project produces is clearly defined and documented.
- The project has a public issue tracker where the status of any defect can be easily obtained.
- The project has a published Security Policy.
- The project has a home page which provides high level information about its status and purpose.
- The project has a public communication channel where community members can engage with maintainers.
- The project has a publicly available location where members can review and contribute to documentation.
Describe why you are applying for Project Membership.
We have been, until recently, very much leaning towards Microsoft for support and help with, among others, code signing. However, as this support is slowly fading away (and currently we cannot sign our code anymore as we don't have a valid certificate), we are looking for a stable base. We are thriving community, with many people using it (and millions of downloads) and billiions of cmdlet executions per month, however, the moment we can't codesign our solution, we cannot deliver any updates.
Infrastructure Requirements Summary
We use our own github resources for nightly builds that are being published to www.powershellgallery.com. We require no server resources, but would require an Authenticode Code Signing arrangement
Additional Notes
Our code base is very dependent on two other open sources projects, both under the 'M365 PnP' banner: PnP Framework (https://github.com/pnp/pnpframework) and PnP Core SDK (https://github.com/pnp/pnpcoresdk). Both these projects follow a very similar pattern in governance and will also apply for contribution members in very near future.