Maintenance of Canton Open Source 48 March

CLOSEDIssue
by hythloda15-04-2026
gitvotegitvote/closedgitvote/failed
References:CIP-0100
View on GitHub ↗← All Proposals

2\. Milestones and Deliverables

In accordance with CIP-0100, this proposal utilizes a recurring "maintenance" milestone structure.

Ongoing Milestone: Monthly Maintenance

  • Start Date: March 2026
  • Frequency: Monthly
  • Description: Digital Asset will provide comprehensive maintenance services for the Canton Open Source repository currently at https://github.com/digital-asset/canton. This service will transition to a foundation managed repo when Canton Open Source moves across.
  • Detailed Services Rendered:

Security: Monitoring for vulnerabilities, applying security patches, and managing disclosure processes. Bugfixes: Triage and resolution of issues reported by the community or identified through internal testing. Releases: Management of the release lifecycle, including tagging, packaging, and publishing release notes for regular updates. CI/CD: Maintenance and optimization of Continuous Integration and Continuous Deployment pipelines to ensure build integrity. Testing: ongoing unit, integration, and system testing to prevent regressions. Community Engagement: Reviewing pull requests and working with other contributors to merge improvements. Upstream Management: Threading through upstream changes and dependencies to keep the codebase current. Issue Management: Tracking work items as GitHub issues, and organizing them in GitHub milestones and projects. Developer Docs: Documentation on how to build the software, how to test it locally and in CI, and how to contribute to it. Contributor Management: Management of permissioning on the repo per different levels of contributions, e.g. direct access to CI, permissions on protected branches, etc.

Acceptance Criteria

The Tech & Ops Committee (or the Core Contributor Group) can evaluate the completion of this milestone quarterly based on the following evidence:

  • Publication of release notes for any new versions deployed during the period.
  • Visible activity in the public repository (commits, merged PRs, issue responses).
  • Activity in the contributor help-channel \#canton-contributors. Response to community technical inquiries by qualified contributors within 24 hours on business days.
  • Service Level Objectives (SLOs):

Critical security vulnerabilities reported via the responsible disclosure process have a mitigation plan or patch available within 48 hours of discovery. Pull Requests from external contributors reviewed within 5 business days.