Well obviously log4j being an ASF project has not protected it from
beeing affected by one of the worst bugs, neither has "solarwind" who
most probably knows all developers in person so I don't get it either,
this all for me is more a false-security feeling or just a generic "it
might be bette
Hi Matt,
Again, sorry for being PITA about it, I would really like to understand
what kind of problem should be solved?
I looked at the list of people that are able to work directly on the ops4j
projects, 110.
https://github.com/orgs/ops4j/people
Then I know from the past, that we had a couple of
Hello Christoph-
Again, the issue isn't a complaint. OPS4J simply does not have verification
of developer identity. More contributions or donations won't solve that.
Even the most staunch open source projects (ie Debian) require verification
of developer id.
Thank you,
Matt
On Monday, March
I can only encourage everyone that get "complains" or "concerns" of "big
bussiness" or even single users telling them to simply start
contribution or funding OS projects they depend on:
participation/review/testing (especially upcoming versions) is the best
way to mitigate "supply-chain-attack
Hello
I don't have clear opinion about which "home" is better (ASF or
github.com/ops4j). I was thinking about this idea and here are my random
thoughts:
– [+1] for staying at GH: Not that long ago, I've migrated most of the
projects (18) from https://ops4j1.jira.com/ to
https://github.com/ops4j/*
Thanks all for your comment.
Fair discussion. I agree with you, just wanted to have this open
discussion and share some messages I received.
Let's keep PAX as it is, at OPS4J.
Thanks
Regards
JB
On Fri, Feb 25, 2022 at 11:34 AM Łukasz Dywicki wrote:
>
> I see problem similar to Achim. We still
I see problem similar to Achim. We still didn't hear anything about
solving a community trouble. We definitely do not solve a trouble of
ops4j community which probably do not overlap 100% with Karaf. We may be
solving some trouble for Karaf community, however we probably ask about
shifting even
I think one problem might be that some of the projects would then be
bound to karaf even more as they are currently are because karaf
"drives" them.
Also it might make feel people that they should only be used with karaf
and are not standalone.
So for me it won't make any sense to name them
Hi,
I'm sorry to be a PITA :)
What I've read so far has been feelings, one concern of perception by "big"
customers.
I would really like to know, which problem we are trying to solve by moving
the pax projects under the umbrella of Karaf.
Or what I personally would favor under their own tlp of the
Hi Łukasz-
I am relaying our experience from customers, since most enterprises do not
communicate directly with communities. If there was community support for a
transition, then any issues would be adverted-- which is my reason for
bringing it up. As a comparison, even Debian (one of the most
Hi Jean, hello ops4j participants.
Given recent rush hours with log4j issues I can understand some of the
concerns. However, looking at practical aspects, these issues were
handled as good as they would be at the ASF. Time it took Grzegorz to
release updated pax-logging was pretty short.
If
Hi Achim
Just wanted to share concerns I received. Basically, PAX projects are
"free fields", without strong guarantee in the release (not formal
staging/vote/review).
It doesn't mean we don't do that, it's just not strongly enforced ;)
I don't mean we *have to* do it, I'm just sharing comments
Hi JB,
Before I come to any conclusion, I would really like to understand what
kind of issue/problem you would like to solve with this, which is easier to
solve under an apache umbrella.
thanks, Achim
Am Do., 24. Feb. 2022 um 15:04 Uhr schrieb Jean-Baptiste Onofré <
j...@nanthrax.net>:
> Hi guy
Hi guys,
Some of you already pinged me to share concerns about PAX projects
governance. I think it's my duty to share these concerns and discuss
possible actions.
Apache Karaf is one of the biggest consumers of PAX projects.
However, PAX projects use a "self own" designed governance:
- for contr
14 matches
Mail list logo