I am not sure if concerns about PAX projects are fully justified, simply
because they are being released and still worked on. While team of
people working on it have shrunk over time, I haven't had any troubles
with them for long time.
The contribution regulation is not an issue. It does work as for every
other small project hosted at github, license is ASLv2 so each pull
request (in theory) is inline with it.
I agree that our dependency chain strongly rely on PAX releases and
there were parts which had to be first released in PAX in order to get
next major release of Karaf. I think we need to answer ourselves a basic
question - does moving PAX into ASF will:
a) ease already easy contribution path for it
b) increase pool of people working on it
c) speed up already fast release cycle of it?
I don't think that any of above points will change since contributing to
non-apache projects was in the past easier. Not sure for nowadays as we
got git and can have pull requests accepted directly at github, but
still - what is an advantage for the community here?
From legal perspective I think moving these components a a whole into
Karaf will not fly without making some IP clearance first. Even if PAX
projects are libraries/components they have a whole bunch of code which
can't be copied just because we like to host it at ASF, isn't it?
Another point is that Karaf itself become pretty fat so I'd rather think
of chunking Karaf into smaller parts than pushing more stuff into it.
Looking at Karaf source tree it looks as big as servicemix 4 at its
early days; difference is - we have less people working on Karaf than on
servicemix before. At least according to own observations.
Best,
Łukasz
On 24.02.2022 15:03, Jean-Baptiste Onofré wrote:
Hi guys,
Some of you already pinged me to share concerns about PAX projects
governance. I think it's my duty to share these concerns and discuss
possible actions.
Apache Karaf is one of the biggest consumers of PAX projects.
However, PAX projects use a "self own" designed governance:
- for contribution/IP
- for release
- for CVE/Security
- ...
And it could be seen as a major concern for Apache Karaf users, as PAX
projects are not necessarily "aligned" with Apache Foundation rules.
I would like to start a discussion on both Karaf and OPS4J communities
to "move" PAX projects as Karaf subproject (like karaf-pax).
Concretely, it would mean that:
1. Karaf PAX projects would use org.apache.karaf.pax namespace
2. Karaf PAX releases will have to follow the Apache release process
(binding votes, 3 days vote period, ...)
3. Any active contributor on PAX projects would be invited as Karaf committer
Thoughts ?
Regards
JB
