Q2 DA Maintenance of Daml Open Source 49 April

CLOSEDIssue
by hythloda15-04-2026
gitvotegitvote/closedgitvote/passed
View on GitHub ↗← All Proposals

Ongoing Milestone: Monthly Maintenance

  • Start Date: March 2026
  • Frequency: Monthly
  • Description: Digital Asset will provide comprehensive maintenance services for the Splice Open Source repositories listed below. This service will transition to a Canton Foundation managed repos when Daml moves across from Digital Asset.
  • Repositories and Projects Covered:

https://github.com/digital-asset/daml containing Daml language, compiler, IDE, Script, Java & Typescript Bindings and codegen. https://github.com/digital-asset/dazl-client containing a Python language binding. https://github.com/digital-asset/dpm containing the dpm command line assistant. https://github.com/digital-asset/docs containing the developer documentation. * PQS and Daml Shell repositories as of when they are open sourced.

  • Detailed Services Rendered:

Security: Monitoring for vulnerabilities, applying security patches, and managing disclosure processes. Bugfixes: Triage and resolution of issues reported by the community or identified through internal testing. Releases: Management of the release lifecycle, including tagging, packaging, and publishing release notes for regular updates. CI/CD: Maintenance and optimization of Continuous Integration and Continuous Deployment pipelines to ensure build integrity. Testing: ongoing unit, integration, and system testing to prevent regressions. Community Engagement: Reviewing pull requests and working with other contributors to merge improvements. Upstream Management: Threading through upstream changes and dependencies to keep the codebase current. Issue Management: Tracking work items as GitHub issues, and organizing them in GitHub milestones and projects. Developer Docs: Documentation on how to build the software, how to test it locally and in CI, and how to contribute to it. Contributor Management: Management of permissioning on the repo per different levels of contributions, e.g. direct access to CI, permissions on protected branches, etc.

Acceptance Criteria

The Tech & Ops Committee (or the Core Contributor Group) can evaluate the completion of this milestone quarterly based on the following evidence:

  • Publication of release notes for any new versions deployed during the period.
  • Visible activity in the public repository (commits, merged PRs, issue responses).
  • Activity in the contributor and community help-channel \#canton-contributors. Response to community technical inquiries by qualified contributors within 24 hours on business days.
  • Service Level Objectives (SLOs):

Critical security vulnerabilities reported via the responsible disclosure process have a mitigation plan or patch available within 48 hours of discovery. Pull Requests from external contributors reviewed within 5 business days.

_Originally posted by @hythloda in https://github.com/canton-foundation/canton-dev-fund/issues/49#issuecomment-4254799770_