Slight nit…. ASF voting policy says “SHOULD” for 72 hr window, not “MUST”, exactly so that in emergencies such as with log4j a fix can be voted on and released within hours.
David Jencks > On Feb 25, 2022, at 7:53 AM, Grzegorz Grzybek <gr.grzy...@gmail.com> wrote: > > Hello > > I don't have clear opinion about which "home" is better (ASF or > github.com/ops4j). I was thinking about this idea and here are my random > thoughts: > – [+1] for staying at GH: Not that long ago, I've migrated most of the > projects (18) from https://ops4j1.jira.com/ to > https://github.com/ops4j/*/issues - it required some effort, but IMO it was > worth it - it's really much faster and the "turnaround" is shorter. The > only (little) drawback is that we can't set more than one "fixed version" > values for an issue. So going back to Jira would be (IMO) stepping back. > – [+1] for ASF: at ASF we'd get nice CI infra to build the projects > – [+1] for staying at GH: I'm aware that Pax Logging is quite often used > outside of Karaf, so making it Karaf subproject could be confusing > – [-1] for ASF: Felix already provides OSGi Logging, OSGi Http Service and > OSGi Whiteboard implementations. > – [-1] for ASF: 3 day vote - while totally great practice, for know we > enjoy the flexibility to release Pax Logging the day the Log4j CVEs > disasters happened (10th December 2021) > – [+1] for ASF: as JBO said, ASF is a brand and it'd benefit OPS4J projects > – [+1] for staying at GH: the "spirit" of Open Participation would be > preserved. Mind that while I spent considerable amount of time refactoring > Pax Logging and Pax Web, I still didn't find a time to work on proper, > upgraded manual... Simply not that many people work on the projects. > > Bonus thought (but probably impossible) TLP Apache project... It'd however > conflict (?) too much with Felix and its reference implementations of OSGi > specs. > > kind regards, have a good weekend and prayers for peace > Grzegorz Grzybek > > pt., 25 lut 2022 o 11:39 Jean-Baptiste Onofré <j...@nanthrax.net> napisał(a): > >> Thanks all for your comment. >> >> Fair discussion. I agree with you, just wanted to have this open >> discussion and share some messages I received. >> >> Let's keep PAX as it is, at OPS4J. >> >> Thanks >> Regards >> JB >> >> On Fri, Feb 25, 2022 at 11:34 AM Łukasz Dywicki <l...@code-house.org> >> wrote: >>> >>> I see problem similar to Achim. We still didn't hear anything about >>> solving a community trouble. We definitely do not solve a trouble of >>> ops4j community which probably do not overlap 100% with Karaf. We may be >>> solving some trouble for Karaf community, however we probably ask about >>> shifting even more work on already small set of people working on it. >>> We hear concerns, which might or might not be justified. I don't think >>> they are since there is no record of any malicious activities made by >>> people contributing to ops4j/pax. >>> People which are mainly contributing to these project are well known >>> (Grzegorz, JB, Achim), externals contributions are coming over pull >>> requests, just like they would come to the ASF, so why we should be >>> moving around sources? As far I remember ASF does not scan IDs of their >>> contributors so it can't guarantee identity of people behind >>> contributions as well. Back at the times I was signing my agreement I >>> was sending it by online fax service, so verification was very mild. >>> While the GPG keys is some kind of resort, a lot of people (including >>> myself) have self signed key which is as good as my ssh key I use to >>> push things to git. >>> >>> The big customers can become part of community if they wish, no matter >>> where project is hosted - at github or at ASF. So far it seems to me >>> that they are asking for favor without giving anything back to >>> communities which will be affected. >>> >>> Best, >>> Łukasz >>> >>> On 25.02.2022 08:43, Achim Nierbeck wrote: >>>> Hi, >>>> >>>> I'm sorry to be a PITA :) >>>> What I've read so far has been feelings, one concern of perception by >> "big" >>>> customers. >>>> I would really like to know, which problem we are trying to solve by >> moving >>>> the pax projects under the umbrella of Karaf. >>>> Or what I personally would favor under their own tlp of the ASF. >>>> >>>> Just to clarify, I'm trying the 5 W's here ... >>>> Why do you think it's a good idea to move the Pax Projects under the >> karaf >>>> umbrella? >>>> Why do you think customers have a wrong perception of the Pax Projects >> ... >>>> and so on ... >>>> >>>> >>>> What is the core issue we are trying to solve here? >>>> As long as I don't get down to the core thing that needs to be solved >> I'm >>>> not in favor of moving the pax projects anywhere. >>>> >>>> Again sorry if I'm PITA. >>>> >>>> regards, Achim >>>> >>>> >>>> >>>> Am Do., 24. Feb. 2022 um 22:44 Uhr schrieb Eric Lilja < >> mindcoo...@gmail.com >>>>> : >>>> >>>>> Personally, I would love to see this change and the other people in my >>>>> organization liked the proposal as well. >>>>> >>>>> - Eric L >>>>> >>>>> On Thu, Feb 24, 2022 at 3:04 PM Jean-Baptiste Onofré <j...@nanthrax.net >>> >>>>> wrote: >>>>> >>>>>> Hi guys, >>>>>> >>>>>> Some of you already pinged me to share concerns about PAX projects >>>>>> governance. I think it's my duty to share these concerns and discuss >>>>>> possible actions. >>>>>> >>>>>> Apache Karaf is one of the biggest consumers of PAX projects. >>>>>> >>>>>> However, PAX projects use a "self own" designed governance: >>>>>> - for contribution/IP >>>>>> - for release >>>>>> - for CVE/Security >>>>>> - ... >>>>>> >>>>>> And it could be seen as a major concern for Apache Karaf users, as >> PAX >>>>>> projects are not necessarily "aligned" with Apache Foundation rules. >>>>>> >>>>>> I would like to start a discussion on both Karaf and OPS4J >> communities >>>>>> to "move" PAX projects as Karaf subproject (like karaf-pax). >>>>>> Concretely, it would mean that: >>>>>> 1. Karaf PAX projects would use org.apache.karaf.pax namespace >>>>>> 2. Karaf PAX releases will have to follow the Apache release process >>>>>> (binding votes, 3 days vote period, ...) >>>>>> 3. Any active contributor on PAX projects would be invited as Karaf >>>>>> committer >>>>>> >>>>>> Thoughts ? >>>>>> >>>>>> Regards >>>>>> JB >>>>>> >>>>> >>>> >>>> >>> >>> -- >>> -- >>> ------------------ >>> OPS4J - http://www.ops4j.org - op...@googlegroups.com >>> >>> --- >>> You received this message because you are subscribed to the Google >> Groups "OPS4J" group. >>> To unsubscribe from this group and stop receiving emails from it, send >> an email to ops4j+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ops4j/5ff43da6-8d5f-43f4-e6e6-86af4fb162b9%40code-house.org >> . >>
