On Tue, Nov 28, 2017 at 10:22 AM, Brian Fox <bri...@infinity.nu> wrote:
> > > > > Not so long ago Sonatype as a commercial entity was openly hostile to > > > this project. > > Reference? > > > I am sorry if that sounds harsh, but personally I am not going to do > > > anything to advance commercial interests of an unfriendly company. > > That's your prerogative, of course, but Peter doesn't necessarily > > represent his company nor the other way round. > > Peter, any committer can call for a release of any version/branch of any > > project at any time. You can help by providing (non-binding) voting > > feedback for any release proposed. If this community has a cold attitude > > toward your employer, you can suggest to your employer that they attempt > > to reach-out to this community in order to repair that relationship. > > > Hi Oleg, I was really caught off guard by your assertion and am sorry you > feel that way. I'm one of the co-founders and CTO at Sonatype and I can't > ever recall a time where anyone was hostile towards http client. > > I am still actively involved at Apache, through the Maven PMC, Creadur and > RAT PMCs and at Infra. We have many other developers who are contributors > and PMC members of various Apache projects. Sonatype the company sponsors > Apache through Infra donations and still provides the Central repository > for everyone to use. We've also helped report vulnerabilities that are > uncovered in our research and our CSO even fixed a Xalan vulnerability > since there were no devs left on the project. > Is there a JIRA for that Xalan issue? I am on the Xalan PMC and while my FOSS TODO list is long, I might be able to help at some point. Gary > In short, I believe Sonatype and our developers have a healthy and happy > relationship with Apache in general. If you believe otherwise, I'd be happy > to chat with you off list to understand your concerns. > > --Brian >