I see problem similar to Achim. We still didn't hear anything about
solving a community trouble. We definitely do not solve a trouble of
ops4j community which probably do not overlap 100% with Karaf. We may be
solving some trouble for Karaf community, however we probably ask about
shifting even more work on already small set of people working on it.
We hear concerns, which might or might not be justified. I don't think
they are since there is no record of any malicious activities made by
people contributing to ops4j/pax.
People which are mainly contributing to these project are well known
(Grzegorz, JB, Achim), externals contributions are coming over pull
requests, just like they would come to the ASF, so why we should be
moving around sources? As far I remember ASF does not scan IDs of their
contributors so it can't guarantee identity of people behind
contributions as well. Back at the times I was signing my agreement I
was sending it by online fax service, so verification was very mild.
While the GPG keys is some kind of resort, a lot of people (including
myself) have self signed key which is as good as my ssh key I use to
push things to git.
The big customers can become part of community if they wish, no matter
where project is hosted - at github or at ASF. So far it seems to me
that they are asking for favor without giving anything back to
communities which will be affected.
Best,
Łukasz
On 25.02.2022 08:43, Achim Nierbeck wrote:
Hi,
I'm sorry to be a PITA :)
What I've read so far has been feelings, one concern of perception by "big"
customers.
I would really like to know, which problem we are trying to solve by moving
the pax projects under the umbrella of Karaf.
Or what I personally would favor under their own tlp of the ASF.
Just to clarify, I'm trying the 5 W's here ...
Why do you think it's a good idea to move the Pax Projects under the karaf
umbrella?
Why do you think customers have a wrong perception of the Pax Projects ...
and so on ...
What is the core issue we are trying to solve here?
As long as I don't get down to the core thing that needs to be solved I'm
not in favor of moving the pax projects anywhere.
Again sorry if I'm PITA.
regards, Achim
Am Do., 24. Feb. 2022 um 22:44 Uhr schrieb Eric Lilja <mindcoo...@gmail.com
:
Personally, I would love to see this change and the other people in my
organization liked the proposal as well.
- Eric L
On Thu, Feb 24, 2022 at 3:04 PM Jean-Baptiste Onofré <j...@nanthrax.net>
wrote:
Hi guys,
Some of you already pinged me to share concerns about PAX projects
governance. I think it's my duty to share these concerns and discuss
possible actions.
Apache Karaf is one of the biggest consumers of PAX projects.
However, PAX projects use a "self own" designed governance:
- for contribution/IP
- for release
- for CVE/Security
- ...
And it could be seen as a major concern for Apache Karaf users, as PAX
projects are not necessarily "aligned" with Apache Foundation rules.
I would like to start a discussion on both Karaf and OPS4J communities
to "move" PAX projects as Karaf subproject (like karaf-pax).
Concretely, it would mean that:
1. Karaf PAX projects would use org.apache.karaf.pax namespace
2. Karaf PAX releases will have to follow the Apache release process
(binding votes, 3 days vote period, ...)
3. Any active contributor on PAX projects would be invited as Karaf
committer
Thoughts ?
Regards
JB
--
--
------------------
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
---
You received this message because you are subscribed to the Google Groups "OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ops4j+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ops4j/5ff43da6-8d5f-43f4-e6e6-86af4fb162b9%40code-house.org.
