That's a very good point David. For instance, it's what I'm using for ServiceMix Bundles (short vote period). As soon as it's well defined in the vote email, it's possible.
Thanks for this reminder ! Regards JB On Fri, Feb 25, 2022 at 6:00 PM David Jencks <david.a.jen...@gmail.com> wrote: > > Slight nit…. ASF voting policy says “SHOULD” for 72 hr window, not “MUST”, > exactly so that in emergencies such as with log4j a fix can be voted on and > released within hours. > > David Jencks > > > On Feb 25, 2022, at 7:53 AM, Grzegorz Grzybek <gr.grzy...@gmail.com> wrote: > > > > Hello > > > > I don't have clear opinion about which "home" is better (ASF or > > github.com/ops4j). I was thinking about this idea and here are my random > > thoughts: > > – [+1] for staying at GH: Not that long ago, I've migrated most of the > > projects (18) from https://ops4j1.jira.com/ to > > https://github.com/ops4j/*/issues - it required some effort, but IMO it was > > worth it - it's really much faster and the "turnaround" is shorter. The > > only (little) drawback is that we can't set more than one "fixed version" > > values for an issue. So going back to Jira would be (IMO) stepping back. > > – [+1] for ASF: at ASF we'd get nice CI infra to build the projects > > – [+1] for staying at GH: I'm aware that Pax Logging is quite often used > > outside of Karaf, so making it Karaf subproject could be confusing > > – [-1] for ASF: Felix already provides OSGi Logging, OSGi Http Service and > > OSGi Whiteboard implementations. > > – [-1] for ASF: 3 day vote - while totally great practice, for know we > > enjoy the flexibility to release Pax Logging the day the Log4j CVEs > > disasters happened (10th December 2021) > > – [+1] for ASF: as JBO said, ASF is a brand and it'd benefit OPS4J projects > > – [+1] for staying at GH: the "spirit" of Open Participation would be > > preserved. Mind that while I spent considerable amount of time refactoring > > Pax Logging and Pax Web, I still didn't find a time to work on proper, > > upgraded manual... Simply not that many people work on the projects. > > > > Bonus thought (but probably impossible) TLP Apache project... It'd however > > conflict (?) too much with Felix and its reference implementations of OSGi > > specs. > > > > kind regards, have a good weekend and prayers for peace > > Grzegorz Grzybek > > > > pt., 25 lut 2022 o 11:39 Jean-Baptiste Onofré <j...@nanthrax.net> > > napisał(a): > > > >> Thanks all for your comment. > >> > >> Fair discussion. I agree with you, just wanted to have this open > >> discussion and share some messages I received. > >> > >> Let's keep PAX as it is, at OPS4J. > >> > >> Thanks > >> Regards > >> JB > >> > >> On Fri, Feb 25, 2022 at 11:34 AM Łukasz Dywicki <l...@code-house.org> > >> wrote: > >>> > >>> I see problem similar to Achim. We still didn't hear anything about > >>> solving a community trouble. We definitely do not solve a trouble of > >>> ops4j community which probably do not overlap 100% with Karaf. We may be > >>> solving some trouble for Karaf community, however we probably ask about > >>> shifting even more work on already small set of people working on it. > >>> We hear concerns, which might or might not be justified. I don't think > >>> they are since there is no record of any malicious activities made by > >>> people contributing to ops4j/pax. > >>> People which are mainly contributing to these project are well known > >>> (Grzegorz, JB, Achim), externals contributions are coming over pull > >>> requests, just like they would come to the ASF, so why we should be > >>> moving around sources? As far I remember ASF does not scan IDs of their > >>> contributors so it can't guarantee identity of people behind > >>> contributions as well. Back at the times I was signing my agreement I > >>> was sending it by online fax service, so verification was very mild. > >>> While the GPG keys is some kind of resort, a lot of people (including > >>> myself) have self signed key which is as good as my ssh key I use to > >>> push things to git. > >>> > >>> The big customers can become part of community if they wish, no matter > >>> where project is hosted - at github or at ASF. So far it seems to me > >>> that they are asking for favor without giving anything back to > >>> communities which will be affected. > >>> > >>> Best, > >>> Łukasz > >>> > >>> On 25.02.2022 08:43, Achim Nierbeck wrote: > >>>> Hi, > >>>> > >>>> I'm sorry to be a PITA :) > >>>> What I've read so far has been feelings, one concern of perception by > >> "big" > >>>> customers. > >>>> I would really like to know, which problem we are trying to solve by > >> moving > >>>> the pax projects under the umbrella of Karaf. > >>>> Or what I personally would favor under their own tlp of the ASF. > >>>> > >>>> Just to clarify, I'm trying the 5 W's here ... > >>>> Why do you think it's a good idea to move the Pax Projects under the > >> karaf > >>>> umbrella? > >>>> Why do you think customers have a wrong perception of the Pax Projects > >> ... > >>>> and so on ... > >>>> > >>>> > >>>> What is the core issue we are trying to solve here? > >>>> As long as I don't get down to the core thing that needs to be solved > >> I'm > >>>> not in favor of moving the pax projects anywhere. > >>>> > >>>> Again sorry if I'm PITA. > >>>> > >>>> regards, Achim > >>>> > >>>> > >>>> > >>>> Am Do., 24. Feb. 2022 um 22:44 Uhr schrieb Eric Lilja < > >> mindcoo...@gmail.com > >>>>> : > >>>> > >>>>> Personally, I would love to see this change and the other people in my > >>>>> organization liked the proposal as well. > >>>>> > >>>>> - Eric L > >>>>> > >>>>> On Thu, Feb 24, 2022 at 3:04 PM Jean-Baptiste Onofré <j...@nanthrax.net > >>> > >>>>> wrote: > >>>>> > >>>>>> Hi guys, > >>>>>> > >>>>>> Some of you already pinged me to share concerns about PAX projects > >>>>>> governance. I think it's my duty to share these concerns and discuss > >>>>>> possible actions. > >>>>>> > >>>>>> Apache Karaf is one of the biggest consumers of PAX projects. > >>>>>> > >>>>>> However, PAX projects use a "self own" designed governance: > >>>>>> - for contribution/IP > >>>>>> - for release > >>>>>> - for CVE/Security > >>>>>> - ... > >>>>>> > >>>>>> And it could be seen as a major concern for Apache Karaf users, as > >> PAX > >>>>>> projects are not necessarily "aligned" with Apache Foundation rules. > >>>>>> > >>>>>> I would like to start a discussion on both Karaf and OPS4J > >> communities > >>>>>> to "move" PAX projects as Karaf subproject (like karaf-pax). > >>>>>> Concretely, it would mean that: > >>>>>> 1. Karaf PAX projects would use org.apache.karaf.pax namespace > >>>>>> 2. Karaf PAX releases will have to follow the Apache release process > >>>>>> (binding votes, 3 days vote period, ...) > >>>>>> 3. Any active contributor on PAX projects would be invited as Karaf > >>>>>> committer > >>>>>> > >>>>>> Thoughts ? > >>>>>> > >>>>>> Regards > >>>>>> JB > >>>>>> > >>>>> > >>>> > >>>> > >>> > >>> -- > >>> -- > >>> ------------------ > >>> OPS4J - http://www.ops4j.org - op...@googlegroups.com > >>> > >>> --- > >>> You received this message because you are subscribed to the Google > >> Groups "OPS4J" group. > >>> To unsubscribe from this group and stop receiving emails from it, send > >> an email to ops4j+unsubscr...@googlegroups.com. > >>> To view this discussion on the web visit > >> https://groups.google.com/d/msgid/ops4j/5ff43da6-8d5f-43f4-e6e6-86af4fb162b9%40code-house.org > >> . > >> >
