[DISCUSS] Migrate from Jira to GitHub Issues

[Justin Bertram]

There's been a few threads about this general subject, but most have
concentrated on Classic in particular. I think it's worth discussing
migration of ActiveMQ as a whole and diving a bit deeper into the details
of why a migration makes (or doesn't make) sense and what the challenges
may be.

To this end I've put together this document [1]. I hope it will be of
service to the community as we consider this option.


Justin

[1]
https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Étienne Hossack]

This is a good summary Justin. As someone who mostly follows issues these 
days-as opposed to contributing-a few things to add, having used both to manage 
work:

* Github has "projects" which allow you to organize tasks across repos -- which 
in some ways is helpful, but you have to know to look for the projects
* Github milestones are a bit weird, and not as intuitive as target/fix 
versions, but they suffice -- as Justin points out, deciding how to use those, 
and reference issues/releases is important
* The two tools are mostly comparable with some drawbacks to either: github is 
about 3 quarters as mature as Jira in many ways IMO, but if it saves the PMC 
time, that's a big draw.
* I agree that the intent of making everything more approachable by using 
Github is a worthwhile goal, and probably a likely result -- especially if 
releases are being tagged + documented in the project
* Seeing a repo with a ton of issues on github isn't really the best visual 
experience, as the github UI isn't super clear, so probably setting up/linking 
some project views would be the way to go


On Tue, 2 Apr 2024, at 12:52 PM, Justin Bertram wrote:
> There's been a few threads about this general subject, but most have
> concentrated on Classic in particular. I think it's worth discussing
> migration of ActiveMQ as a whole and diving a bit deeper into the details
> of why a migration makes (or doesn't make) sense and what the challenges
> may be.
>
> To this end I've put together this document [1]. I hope it will be of
> service to the community as we consider this option.
>
>
> Justin
>
> [1]
> https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Jean-Baptiste Onofré]

Hi Justin

Fantastic work and great summary !

I do a quick pass, I will do a more detailed read.

Thanks !
Regards
JB

On Tue, Apr 2, 2024 at 9:52 PM Justin Bertram  wrote:
>
> There's been a few threads about this general subject, but most have
> concentrated on Classic in particular. I think it's worth discussing
> migration of ActiveMQ as a whole and diving a bit deeper into the details
> of why a migration makes (or doesn't make) sense and what the challenges
> may be.
>
> To this end I've put together this document [1]. I hope it will be of
> service to the community as we consider this option.
>
>
> Justin
>
> [1]
> https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Arthur Naseef]

I read through Justin's document up to the section "Why Use GitHub
Issues?" and have questions.

When users want Jira access, do they use an Apache account, or can it
be any account?  Or are we just creating jira-specific accounts for
these users?  Do they have / need-to-have an ICLA signed and on-file?

It seems to me the real issue at heart here is avoiding spam, and
using authenticated users as a means to that end.  So, I'm trying to
understand whether that's feasible with Apache Jira.

Art

P.S. Nice write-up Justin - thank you!

On Wed, Apr 3, 2024 at 2:16 AM Jean-Baptiste Onofré  wrote:
>
> Hi Justin
>
> Fantastic work and great summary !
>
> I do a quick pass, I will do a more detailed read.
>
> Thanks !
> Regards
> JB
>
> On Tue, Apr 2, 2024 at 9:52 PM Justin Bertram  wrote:
> >
> > There's been a few threads about this general subject, but most have
> > concentrated on Classic in particular. I think it's worth discussing
> > migration of ActiveMQ as a whole and diving a bit deeper into the details
> > of why a migration makes (or doesn't make) sense and what the challenges
> > may be.
> >
> > To this end I've put together this document [1]. I hope it will be of
> > service to the community as we consider this option.
> >
> >
> > Justin
> >
> > [1]
> > https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Justin Bertram]

> When users want Jira access, do they use an Apache account, or can it be
any account?

Folks who have an Apache account (e.g. committers, PMC members, etc.)
automatically have access to the ASF Jira instance.

> Or are we just creating jira-specific accounts for these users?

If you don't have an Apache account and you want to create a Jira, for
example, then you must request a Jira account. This is an account
specifically for the ASF Jira instance.

Lots of websites employ OAuth so that you can, for example, use your Google
account or Facebook account to access their services. That's not true of
ASF Jira. You must have a specific ASF Jira account.

> Do they have / need-to-have an ICLA signed and on-file?

No.

> It seems to me the real issue at heart here is avoiding spam, and using
authenticated users as a means to that end.  So, I'm trying to understand
whether that's feasible with Apache Jira.

As far as I know ASF Infra has _always_ required an account to create
Jiras, etc. However, that requirement still hasn't been sufficient to
prevent spam - even with a captcha for creating an account. Therefore, the
PMC now has to approve Jira account requests.


Justin

On Wed, Apr 3, 2024 at 11:10 AM Arthur Naseef  wrote:

> I read through Justin's document up to the section "Why Use GitHub
> Issues?" and have questions.
>
> When users want Jira access, do they use an Apache account, or can it
> be any account?  Or are we just creating jira-specific accounts for
> these users?  Do they have / need-to-have an ICLA signed and on-file?
>
> It seems to me the real issue at heart here is avoiding spam, and
> using authenticated users as a means to that end.  So, I'm trying to
> understand whether that's feasible with Apache Jira.
>
> Art
>
> P.S. Nice write-up Justin - thank you!
>
> On Wed, Apr 3, 2024 at 2:16 AM Jean-Baptiste Onofré 
> wrote:
> >
> > Hi Justin
> >
> > Fantastic work and great summary !
> >
> > I do a quick pass, I will do a more detailed read.
> >
> > Thanks !
> > Regards
> > JB
> >
> > On Tue, Apr 2, 2024 at 9:52 PM Justin Bertram 
> wrote:
> > >
> > > There's been a few threads about this general subject, but most have
> > > concentrated on Classic in particular. I think it's worth discussing
> > > migration of ActiveMQ as a whole and diving a bit deeper into the
> details
> > > of why a migration makes (or doesn't make) sense and what the
> challenges
> > > may be.
> > >
> > > To this end I've put together this document [1]. I hope it will be of
> > > service to the community as we consider this option.
> > >
> > >
> > > Justin
> > >
> > > [1]
> > >
> https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review
>
>

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Bruce Snyder]

A big thank you to Justin for his effort to research and document this
topic and the options available! This info is very helpful to better
understand the scope of the situation.

Justin mentioned that he spends about 20 minutes per month on Jira account
approval, so there's not a tremendous time savings by off-loading issue
management to GitHub. Are there any other costs that we should consider in
terms of time? In fact, if we were to make this change, it might actually
require a lot more toil from the PMC to make the changes and manage the
situation in a new manner as well as from the users to understand the new
setup.

While I was one of the folks who angled toward a move from Jira to GitHub
for issue management, I'm not necessarily convinced that such a change will
result in the best user experience as well as decrease the work the PMC
does to manage Jira account requests. I was under the impression that the
Jira account management aspect cost more time than it does.

Bruce

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Matt Pavlovich]

Hello @dev-

I argue that we are effectively already using GitHub for issues, JIRA is just 
getting a back-port sync of the discussion. The reality is that code-change 
discussions are occurring on the PRs, not in JIRA or mailing lists-- and that 
makes sense. It is far easier to have a discussion while referencing the line 
of code and providing a checklist of issues to resolve to the committer. The 
GitHub-to-JIRA synchronization is noisy and generates a lot of text in the JIRA 
comments that aren't really legible.

The JIRA issue-to-PR process is cumbersome, there's now even a "NO-JIRA" 
process to work around that reality -- and that has led to back-and-forth on 
certain issues that start NO-JIRA, and then need to have a JIRA created and 
vice-versa.

Issues:
 - Customizable templates that can enforce policy to reduce back-and-forth with 
in-experienced issue submitters.

Release notes:
 - Simple generation, template-izable and ability to customize at release time 
(ie to remove any NO-JIRA type things that don't need to be in release notes)

In terms of migration complexity, I think the numbers make the migration effort 
look larger than the actual reality on the ground. We are really talking about 
2 active repos (activemq & artemis) and 1 periodically updated repo (nms).

Migration can be over time and on a project-by-project or repo-by-repo basis. 
The majority of total repo count are NMS related, and there is an argument that 
those should be combined to a single repo  for easier release. Using the 
top-level NMS project for issues and labels for sub-projects would be suitable 
for a low-traffic module such as that.

The activemq-cli-tools can move/migrate into the main ActiveMQ repo, its a 
simple tool and it makes sense to include that function in the distribution.

We've transitioned to a new era in software development, and we should move to 
the tools that are more readily used by dev-users in this era. That is 
currently GitHub. GitHub is a better toolkit for streamlining the management of 
the project and developing community engagement.

Thank you for attending my TED talk,
Matt Pavlovich

> On Apr 2, 2024, at 2:52 PM, Justin Bertram  wrote:
> 
> There's been a few threads about this general subject, but most have
> concentrated on Classic in particular. I think it's worth discussing
> migration of ActiveMQ as a whole and diving a bit deeper into the details
> of why a migration makes (or doesn't make) sense and what the challenges
> may be.
> 
> To this end I've put together this document [1]. I hope it will be of
> service to the community as we consider this option.
> 
> 
> Justin
> 
> [1]
> https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Robbie Gemmell]

On Wed, 3 Apr 2024 at 21:14, Matt Pavlovich  wrote:
>
> Hello @dev-
>
> I argue that we are effectively already using GitHub for issues, JIRA is just 
> getting a back-port sync of the discussion. The reality is that code-change 
> discussions are occurring on the PRs, not in JIRA or mailing lists-- and that 
> makes sense. It is far easier to have a discussion while referencing the line 
> of code and providing a checklist of issues to resolve to the committer. The 
> GitHub-to-JIRA synchronization is noisy and generates a lot of text in the 
> JIRA comments that aren't really legible.
>

That argument seems centered on the code discussion on a PR being the
main interesting bit of a Jira / Issue. For me, and I expect a lot of
users, I'd say it is often rather more the initial description/report
for e.g what a bug is, the collating of the [often multiple and
separate] commits made to fix it, and the release version tracking,
that tend to be as much or more interesting aspect of a Jira than what
are often just 'working thoughts' comments on a PR to get from the
initial proposed change to whatever is pushed. For that stuff, indeed
the PR is often a better place for to see that in-context. This would
be true for me, and again I expect a lot of users, regardless whether
it was an Issue or a Jira being used to track things (or at least,
would be supposing people adequately xref commits/Issues to make up
for the limitations in Issues/PRs use of Milestones to track
versions...i.e they can only point to 1).

(On the comments, the Github updates on our Jira's go in as 'work log'
entries rather than regular comments, so they actually aren't in the
way normally)

> The JIRA issue-to-PR process is cumbersome, there's now even a "NO-JIRA" 
> process to work around that reality -- and that has led to back-and-forth on 
> certain issues that start NO-JIRA, and then need to have a JIRA created and 
> vice-versa.
>

Thats been happening since before PRs were an option, started due to
direct commit/push behaviour where PRs wouldnt have existed anyway,
and could essentially still happen with Issues too depending on what
approach were to be decided on for Issue <-> PR relationship, i.e
whether an issue is always needed or if a PR alone is sufficient.

It was me that initially coined the NO-JIRA thing over at Qpid  > 10
years ago, as an escape for a commit hook that required a Jira ref, to
help prod people that were not creating Jiras for
actually-quite-important/notable changes out of pure laziness, and
make it clear it wasnt then 'just an oversight' it was omitted. Alas,
since the ASF operated on a single foundation-wide Subversion
repository at the time, and due to the way the hook had to actually
operate as a result, it was found to be too slow to justify applying
it to every commit at the ASF just for one/some projects benefit to
prod people to be less lazy, and so that side ultimately didnt happen.
The commit message bit stuck around though, migrated, and has over
time become just as abused as reference'less commit logs were. Doh :)

The equivalent while having Issues instead of Jira's would center
around deciding if we wanted to always have an Issue for a given
change even if a PR is being raised, given that whilst they do share a
number space they are still defaulted to mostly being distinct things
in the UI and URLs. I expect many people making changes often won't
bother to raise an Issue, just the PR (or again, sometimes neither).
Most people not interested in making changes (i.e most user reports)
will of course just raise an Issue alone. Often people will raise a
non-xref'd PR for the same thing even though the Issue exists, since
they didnt raise or notice that Issue themselves originally (same
happen with Jira's too). This is an annoyance I find with Issues and
PRs, sharing a number space and being treated similarly by many, while
still being considered quite separate especially in the UI and URls
(the main annoyance being Milestone handling, where you can only have
1, which I find it means most projects just have useless or no release
notes for their non-latest releases as a result, and you really just
need to look at the tags and commits to see what you need)


> Issues:
>  - Customizable templates that can enforce policy to reduce back-and-forth 
> with in-experienced issue submitters.

I find those templates as much just increase the number of Issues
littered with templates not actually filled in.

>
> Release notes:
>  - Simple generation, template-izable and ability to customize at release 
> time (ie to remove any NO-JIRA type things that don't need to be in release 
> notes)
>
> In terms of migration complexity, I think the numbers make the migration 
> effort look larger than the actual reality on the ground. We are really 
> talking about 2 active repos (activemq & artemis) and 1 periodically updated 
> repo (nms).
>
> Migration can be over time and on a project-by-project or repo-by-repo basis. 
> The 

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Robbie Gemmell]

I prefer Jira for issue tracking, I think it's better at it,
particularly for cases like 5.x / 6.x having multiple active release
streams with lots of backports, given the limitations of Milestone
handling and how people tend to treat xref'ing to fully compensate for
that (i.e they often dont bother).

I would be fine with adopting Issues too though, I use Issues plenty
elsewhere where it's enabled by default and the only option anyway
hehe.

I expect most users reporting things would prefer Issues at this
point, especially anyone intende to raise a PR, and most particularly
all the folks without Jira accounts already (of course, I also think
many of those asking for accounts dont actually need one; see
Discussions note at end).

I dont actually think every component needs to use the exact same
labels etc. People are already used to just about every other GitHub
repo they encounter at this point which uses Issue having their own
labels. For me, the labels just need to make sense in themselves.
Though the default ones are simple, so I'd be fine with them, which
would then just happen to be consistent.

It's not clear to me anyone proposing to move to Issues actually
intended thus far to migrate any of the [open] issues from Jira to
Github Issues, so much as just start using Github Issues and thus
effectively 'clearing the cruft' by leaving it where it is, then
raising new issues going forward?

To the later point around Discussions, I do think enabling those could
be good either way since, just like with Jira, people will often
create Issues to ask questions rather than e.g mail a mailing list.
They might use a Discussion instead though.

On Tue, 2 Apr 2024 at 20:52, Justin Bertram  wrote:
>
> There's been a few threads about this general subject, but most have
> concentrated on Classic in particular. I think it's worth discussing
> migration of ActiveMQ as a whole and diving a bit deeper into the details
> of why a migration makes (or doesn't make) sense and what the challenges
> may be.
>
> To this end I've put together this document [1]. I hope it will be of
> service to the community as we consider this option.
>
>
> Justin
>
> [1]
> https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Matt Pavlovich]

> On Apr 4, 2024, at 1:26 PM, Robbie Gemmell  wrote:
> 
> To the later point around Discussions, I do think enabling those could
> be good either way since, just like with Jira, people will often
> create Issues to ask questions rather than e.g mail a mailing list.
> They might use a Discussion instead though.

+1 agree that having discussions enabled would be an upgrade for users, big 
improvement over mailing lists.

> On Tue, 2 Apr 2024 at 20:52, Justin Bertram  wrote:
>> 
>> There's been a few threads about this general subject, but most have
>> concentrated on Classic in particular. I think it's worth discussing
>> migration of ActiveMQ as a whole and diving a bit deeper into the details
>> of why a migration makes (or doesn't make) sense and what the challenges
>> may be.
>> 
>> To this end I've put together this document [1]. I hope it will be of
>> service to the community as we consider this option.
>> 
>> 
>> Justin
>> 
>> [1]
>> https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Christopher Shannon]

I am also on the Accumulo PMC and on that project we use Github issues
and no longer use Jira. This switch was made before my time so I'm not
sure of the reasoning. Personally, I don't really care too much either
way as I've used both but I will just point out 2 things from my
experience with it.

1) For version tracking, we use projects and not milestones. I don't
know if this is the best way to do things but that's what we have been
using and seems to work ok as you can list multiple projects
(versions) for an Issue or PR:
https://github.com/apache/accumulo/projects?type=classic

2) Robbie's point about whether or not Issues get opened is a really
good point and something that is not consistent at all in Accumulo.
What I have found is it is all over the place. In some cases people
just open PRs and essentially are self documenting issues with the
fix. In other cases people open up issues and then open up PRs. It
does get confusing sometimes since they share the same numbering and
name space. It may make sense to try and establish some guidelines if
we go with Github Issues just so we are consistent about it.

On Thu, Apr 4, 2024 at 2:40 PM Matt Pavlovich  wrote:
>
>
> > On Apr 4, 2024, at 1:26 PM, Robbie Gemmell  wrote:
> >
> > To the later point around Discussions, I do think enabling those could
> > be good either way since, just like with Jira, people will often
> > create Issues to ask questions rather than e.g mail a mailing list.
> > They might use a Discussion instead though.
>
> +1 agree that having discussions enabled would be an upgrade for users, big 
> improvement over mailing lists.
>
> > On Tue, 2 Apr 2024 at 20:52, Justin Bertram  wrote:
> >>
> >> There's been a few threads about this general subject, but most have
> >> concentrated on Classic in particular. I think it's worth discussing
> >> migration of ActiveMQ as a whole and diving a bit deeper into the details
> >> of why a migration makes (or doesn't make) sense and what the challenges
> >> may be.
> >>
> >> To this end I've put together this document [1]. I hope it will be of
> >> service to the community as we consider this option.
> >>
> >>
> >> Justin
> >>
> >> [1]
> >> https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review
>

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Robbie Gemmell]

The 'track version as Project' thing is interesting, though kinda
further underscores the limitations of Milestones which are really the
main surfaced way of handling versions.

I'll bet some folks on the 'users' side of things looking at released
issues later would even miss that you are doing that (I would), since
Projects are kinda separate and get even further hidden away upon
completion; closed Projects are hidden/collapsed in the Issue/PR view
on expectations they are no longer 'interesting', requiring you to
spot that and expand the closed-projects view on each Issue/PR to see
the Project later. Which to be fair I think is actually decent
behaviour in general for their main use cases, since they aren't
really aimed to be used as versions but more for using the 'swimlane'
etc views given for managing/planning overall outstanding tasks to a
point of completion and will then most typically be
forgotten/less-interesting detail.

On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
 wrote:
>
> I am also on the Accumulo PMC and on that project we use Github issues
> and no longer use Jira. This switch was made before my time so I'm not
> sure of the reasoning. Personally, I don't really care too much either
> way as I've used both but I will just point out 2 things from my
> experience with it.
>
> 1) For version tracking, we use projects and not milestones. I don't
> know if this is the best way to do things but that's what we have been
> using and seems to work ok as you can list multiple projects
> (versions) for an Issue or PR:
> https://github.com/apache/accumulo/projects?type=classic
>
> 2) Robbie's point about whether or not Issues get opened is a really
> good point and something that is not consistent at all in Accumulo.
> What I have found is it is all over the place. In some cases people
> just open PRs and essentially are self documenting issues with the
> fix. In other cases people open up issues and then open up PRs. It
> does get confusing sometimes since they share the same numbering and
> name space. It may make sense to try and establish some guidelines if
> we go with Github Issues just so we are consistent about it.
>
> On Thu, Apr 4, 2024 at 2:40 PM Matt Pavlovich  wrote:
> >
> >
> > > On Apr 4, 2024, at 1:26 PM, Robbie Gemmell  
> > > wrote:
> > >
> > > To the later point around Discussions, I do think enabling those could
> > > be good either way since, just like with Jira, people will often
> > > create Issues to ask questions rather than e.g mail a mailing list.
> > > They might use a Discussion instead though.
> >
> > +1 agree that having discussions enabled would be an upgrade for users, big 
> > improvement over mailing lists.
> >
> > > On Tue, 2 Apr 2024 at 20:52, Justin Bertram  wrote:
> > >>
> > >> There's been a few threads about this general subject, but most have
> > >> concentrated on Classic in particular. I think it's worth discussing
> > >> migration of ActiveMQ as a whole and diving a bit deeper into the details
> > >> of why a migration makes (or doesn't make) sense and what the challenges
> > >> may be.
> > >>
> > >> To this end I've put together this document [1]. I hope it will be of
> > >> service to the community as we consider this option.
> > >>
> > >>
> > >> Justin
> > >>
> > >> [1]
> > >> https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review
> >

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Clebert Suconic]

I would prefer to keep JIRA for their REST interface.

Also: one thing to notice is the possibility of using private comments
in JIRA. Say you ever have a security issue. I think you can have PMC
private comments on JIRAs. I'm not sure you have the same in github
issues.


I didn't see a note about private comments on Justin's detailed doc
(nice Doc BTW), but the private comments may be handy on handling
sensitive issues.

On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell  wrote:
>
> The 'track version as Project' thing is interesting, though kinda
> further underscores the limitations of Milestones which are really the
> main surfaced way of handling versions.
>
> I'll bet some folks on the 'users' side of things looking at released
> issues later would even miss that you are doing that (I would), since
> Projects are kinda separate and get even further hidden away upon
> completion; closed Projects are hidden/collapsed in the Issue/PR view
> on expectations they are no longer 'interesting', requiring you to
> spot that and expand the closed-projects view on each Issue/PR to see
> the Project later. Which to be fair I think is actually decent
> behaviour in general for their main use cases, since they aren't
> really aimed to be used as versions but more for using the 'swimlane'
> etc views given for managing/planning overall outstanding tasks to a
> point of completion and will then most typically be
> forgotten/less-interesting detail.
>
> On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
>  wrote:
> >
> > I am also on the Accumulo PMC and on that project we use Github issues
> > and no longer use Jira. This switch was made before my time so I'm not
> > sure of the reasoning. Personally, I don't really care too much either
> > way as I've used both but I will just point out 2 things from my
> > experience with it.
> >
> > 1) For version tracking, we use projects and not milestones. I don't
> > know if this is the best way to do things but that's what we have been
> > using and seems to work ok as you can list multiple projects
> > (versions) for an Issue or PR:
> > https://github.com/apache/accumulo/projects?type=classic
> >
> > 2) Robbie's point about whether or not Issues get opened is a really
> > good point and something that is not consistent at all in Accumulo.
> > What I have found is it is all over the place. In some cases people
> > just open PRs and essentially are self documenting issues with the
> > fix. In other cases people open up issues and then open up PRs. It
> > does get confusing sometimes since they share the same numbering and
> > name space. It may make sense to try and establish some guidelines if
> > we go with Github Issues just so we are consistent about it.
> >
> > On Thu, Apr 4, 2024 at 2:40 PM Matt Pavlovich  wrote:
> > >
> > >
> > > > On Apr 4, 2024, at 1:26 PM, Robbie Gemmell  
> > > > wrote:
> > > >
> > > > To the later point around Discussions, I do think enabling those could
> > > > be good either way since, just like with Jira, people will often
> > > > create Issues to ask questions rather than e.g mail a mailing list.
> > > > They might use a Discussion instead though.
> > >
> > > +1 agree that having discussions enabled would be an upgrade for users, 
> > > big improvement over mailing lists.
> > >
> > > > On Tue, 2 Apr 2024 at 20:52, Justin Bertram  wrote:
> > > >>
> > > >> There's been a few threads about this general subject, but most have
> > > >> concentrated on Classic in particular. I think it's worth discussing
> > > >> migration of ActiveMQ as a whole and diving a bit deeper into the 
> > > >> details
> > > >> of why a migration makes (or doesn't make) sense and what the 
> > > >> challenges
> > > >> may be.
> > > >>
> > > >> To this end I've put together this document [1]. I hope it will be of
> > > >> service to the community as we consider this option.
> > > >>
> > > >>
> > > >> Justin
> > > >>
> > > >> [1]
> > > >> https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review
> > >



-- 
Clebert Suconic

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Domenico Francesco Bruscino]

I don't have a strong opinion on migrating from Jira to GitHub Issues.
I would prefer GitHub Issues only for its better integration and because
new users that reach from the GitHub repository could be confused to not
find the `Issues` tabs (most of the GitHub projects use it).

Also GitHub Issues has a good REST interface, I'm using it in
GithubIssueManager[1].

@Justin Bertram  thanks the detailed doc!!!

[1]
https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java

On Fri, 5 Apr 2024 at 17:41, Clebert Suconic 
wrote:

> I would prefer to keep JIRA for their REST interface.
>
> Also: one thing to notice is the possibility of using private comments
> in JIRA. Say you ever have a security issue. I think you can have PMC
> private comments on JIRAs. I'm not sure you have the same in github
> issues.
>
>
> I didn't see a note about private comments on Justin's detailed doc
> (nice Doc BTW), but the private comments may be handy on handling
> sensitive issues.
>
> On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell 
> wrote:
> >
> > The 'track version as Project' thing is interesting, though kinda
> > further underscores the limitations of Milestones which are really the
> > main surfaced way of handling versions.
> >
> > I'll bet some folks on the 'users' side of things looking at released
> > issues later would even miss that you are doing that (I would), since
> > Projects are kinda separate and get even further hidden away upon
> > completion; closed Projects are hidden/collapsed in the Issue/PR view
> > on expectations they are no longer 'interesting', requiring you to
> > spot that and expand the closed-projects view on each Issue/PR to see
> > the Project later. Which to be fair I think is actually decent
> > behaviour in general for their main use cases, since they aren't
> > really aimed to be used as versions but more for using the 'swimlane'
> > etc views given for managing/planning overall outstanding tasks to a
> > point of completion and will then most typically be
> > forgotten/less-interesting detail.
> >
> > On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
> >  wrote:
> > >
> > > I am also on the Accumulo PMC and on that project we use Github issues
> > > and no longer use Jira. This switch was made before my time so I'm not
> > > sure of the reasoning. Personally, I don't really care too much either
> > > way as I've used both but I will just point out 2 things from my
> > > experience with it.
> > >
> > > 1) For version tracking, we use projects and not milestones. I don't
> > > know if this is the best way to do things but that's what we have been
> > > using and seems to work ok as you can list multiple projects
> > > (versions) for an Issue or PR:
> > > https://github.com/apache/accumulo/projects?type=classic
> > >
> > > 2) Robbie's point about whether or not Issues get opened is a really
> > > good point and something that is not consistent at all in Accumulo.
> > > What I have found is it is all over the place. In some cases people
> > > just open PRs and essentially are self documenting issues with the
> > > fix. In other cases people open up issues and then open up PRs. It
> > > does get confusing sometimes since they share the same numbering and
> > > name space. It may make sense to try and establish some guidelines if
> > > we go with Github Issues just so we are consistent about it.
> > >
> > > On Thu, Apr 4, 2024 at 2:40 PM Matt Pavlovich 
> wrote:
> > > >
> > > >
> > > > > On Apr 4, 2024, at 1:26 PM, Robbie Gemmell <
> robbie.gemm...@gmail.com> wrote:
> > > > >
> > > > > To the later point around Discussions, I do think enabling those
> could
> > > > > be good either way since, just like with Jira, people will often
> > > > > create Issues to ask questions rather than e.g mail a mailing list.
> > > > > They might use a Discussion instead though.
> > > >
> > > > +1 agree that having discussions enabled would be an upgrade for
> users, big improvement over mailing lists.
> > > >
> > > > > On Tue, 2 Apr 2024 at 20:52, Justin Bertram 
> wrote:
> > > > >>
> > > > >> There's been a few threads about this general subject, but most
> have
> > > > >> concentrated on Classic in particular. I think it's worth
> discussing
> > > > >> migration of ActiveMQ as a whole and diving a bit deeper into the
> details
> > > > >> of why a migration makes (or doesn't make) sense and what the
> challenges
> > > > >> may be.
> > > > >>
> > > > >> To this end I've put together this document [1]. I hope it will
> be of
> > > > >> service to the community as we consider this option.
> > > > >>
> > > > >>
> > > > >> Justin
> > > > >>
> > > > >> [1]
> > > > >>
> https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review
> > > >
>
>
>
> --
> Clebert Suconic
>

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Clebert Suconic]

Is there a private comment capability on GitHub?  To me that’s a breaking
deal feature and I have never seen it.

On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
bruscin...@gmail.com> wrote:

> I don't have a strong opinion on migrating from Jira to GitHub Issues.
> I would prefer GitHub Issues only for its better integration and because
> new users that reach from the GitHub repository could be confused to not
> find the `Issues` tabs (most of the GitHub projects use it).
>
> Also GitHub Issues has a good REST interface, I'm using it in
> GithubIssueManager[1].
>
> @Justin Bertram  thanks the detailed doc!!!
>
> [1]
>
> https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
>
> On Fri, 5 Apr 2024 at 17:41, Clebert Suconic 
> wrote:
>
> > I would prefer to keep JIRA for their REST interface.
> >
> > Also: one thing to notice is the possibility of using private comments
> > in JIRA. Say you ever have a security issue. I think you can have PMC
> > private comments on JIRAs. I'm not sure you have the same in github
> > issues.
> >
> >
> > I didn't see a note about private comments on Justin's detailed doc
> > (nice Doc BTW), but the private comments may be handy on handling
> > sensitive issues.
> >
> > On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell 
> > wrote:
> > >
> > > The 'track version as Project' thing is interesting, though kinda
> > > further underscores the limitations of Milestones which are really the
> > > main surfaced way of handling versions.
> > >
> > > I'll bet some folks on the 'users' side of things looking at released
> > > issues later would even miss that you are doing that (I would), since
> > > Projects are kinda separate and get even further hidden away upon
> > > completion; closed Projects are hidden/collapsed in the Issue/PR view
> > > on expectations they are no longer 'interesting', requiring you to
> > > spot that and expand the closed-projects view on each Issue/PR to see
> > > the Project later. Which to be fair I think is actually decent
> > > behaviour in general for their main use cases, since they aren't
> > > really aimed to be used as versions but more for using the 'swimlane'
> > > etc views given for managing/planning overall outstanding tasks to a
> > > point of completion and will then most typically be
> > > forgotten/less-interesting detail.
> > >
> > > On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
> > >  wrote:
> > > >
> > > > I am also on the Accumulo PMC and on that project we use Github
> issues
> > > > and no longer use Jira. This switch was made before my time so I'm
> not
> > > > sure of the reasoning. Personally, I don't really care too much
> either
> > > > way as I've used both but I will just point out 2 things from my
> > > > experience with it.
> > > >
> > > > 1) For version tracking, we use projects and not milestones. I don't
> > > > know if this is the best way to do things but that's what we have
> been
> > > > using and seems to work ok as you can list multiple projects
> > > > (versions) for an Issue or PR:
> > > > https://github.com/apache/accumulo/projects?type=classic
> > > >
> > > > 2) Robbie's point about whether or not Issues get opened is a really
> > > > good point and something that is not consistent at all in Accumulo.
> > > > What I have found is it is all over the place. In some cases people
> > > > just open PRs and essentially are self documenting issues with the
> > > > fix. In other cases people open up issues and then open up PRs. It
> > > > does get confusing sometimes since they share the same numbering and
> > > > name space. It may make sense to try and establish some guidelines if
> > > > we go with Github Issues just so we are consistent about it.
> > > >
> > > > On Thu, Apr 4, 2024 at 2:40 PM Matt Pavlovich 
> > wrote:
> > > > >
> > > > >
> > > > > > On Apr 4, 2024, at 1:26 PM, Robbie Gemmell <
> > robbie.gemm...@gmail.com> wrote:
> > > > > >
> > > > > > To the later point around Discussions, I do think enabling those
> > could
> > > > > > be good either way since, just like with Jira, people will often
> > > > > > create Issues to ask questions rather than e.g mail a mailing
> list.
> > > > > > They might use a Discussion instead though.
> > > > >
> > > > > +1 agree that having discussions enabled would be an upgrade for
> > users, big improvement over mailing lists.
> > > > >
> > > > > > On Tue, 2 Apr 2024 at 20:52, Justin Bertram  >
> > wrote:
> > > > > >>
> > > > > >> There's been a few threads about this general subject, but most
> > have
> > > > > >> concentrated on Classic in particular. I think it's worth
> > discussing
> > > > > >> migration of ActiveMQ as a whole and diving a bit deeper into
> the
> > details
> > > > > >> of why a migration makes (or doesn't make) sense and what the
> > challenges
> > > > > >> may be.
> > > > > >>
> > > > > >> To this end I've put together this document [1]. I hope it will
> > be of
> > > > 

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Jean-Baptiste Onofré]

Hi,

Thanks again Justin for the detailed doc, that's a great one !
I understand the gaps you identified and agree with your points.

Regarding the comments and feedback, I think we don't have a strong
enough consensus for this move.
So I would propose to stay with Jira for now.

Thoughts ?

Regards
JB

On Fri, Apr 5, 2024 at 6:47 PM Clebert Suconic
 wrote:
>
> Is there a private comment capability on GitHub?  To me that’s a breaking
> deal feature and I have never seen it.
>
> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
> bruscin...@gmail.com> wrote:
>
> > I don't have a strong opinion on migrating from Jira to GitHub Issues.
> > I would prefer GitHub Issues only for its better integration and because
> > new users that reach from the GitHub repository could be confused to not
> > find the `Issues` tabs (most of the GitHub projects use it).
> >
> > Also GitHub Issues has a good REST interface, I'm using it in
> > GithubIssueManager[1].
> >
> > @Justin Bertram  thanks the detailed doc!!!
> >
> > [1]
> >
> > https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
> >
> > On Fri, 5 Apr 2024 at 17:41, Clebert Suconic 
> > wrote:
> >
> > > I would prefer to keep JIRA for their REST interface.
> > >
> > > Also: one thing to notice is the possibility of using private comments
> > > in JIRA. Say you ever have a security issue. I think you can have PMC
> > > private comments on JIRAs. I'm not sure you have the same in github
> > > issues.
> > >
> > >
> > > I didn't see a note about private comments on Justin's detailed doc
> > > (nice Doc BTW), but the private comments may be handy on handling
> > > sensitive issues.
> > >
> > > On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell 
> > > wrote:
> > > >
> > > > The 'track version as Project' thing is interesting, though kinda
> > > > further underscores the limitations of Milestones which are really the
> > > > main surfaced way of handling versions.
> > > >
> > > > I'll bet some folks on the 'users' side of things looking at released
> > > > issues later would even miss that you are doing that (I would), since
> > > > Projects are kinda separate and get even further hidden away upon
> > > > completion; closed Projects are hidden/collapsed in the Issue/PR view
> > > > on expectations they are no longer 'interesting', requiring you to
> > > > spot that and expand the closed-projects view on each Issue/PR to see
> > > > the Project later. Which to be fair I think is actually decent
> > > > behaviour in general for their main use cases, since they aren't
> > > > really aimed to be used as versions but more for using the 'swimlane'
> > > > etc views given for managing/planning overall outstanding tasks to a
> > > > point of completion and will then most typically be
> > > > forgotten/less-interesting detail.
> > > >
> > > > On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
> > > >  wrote:
> > > > >
> > > > > I am also on the Accumulo PMC and on that project we use Github
> > issues
> > > > > and no longer use Jira. This switch was made before my time so I'm
> > not
> > > > > sure of the reasoning. Personally, I don't really care too much
> > either
> > > > > way as I've used both but I will just point out 2 things from my
> > > > > experience with it.
> > > > >
> > > > > 1) For version tracking, we use projects and not milestones. I don't
> > > > > know if this is the best way to do things but that's what we have
> > been
> > > > > using and seems to work ok as you can list multiple projects
> > > > > (versions) for an Issue or PR:
> > > > > https://github.com/apache/accumulo/projects?type=classic
> > > > >
> > > > > 2) Robbie's point about whether or not Issues get opened is a really
> > > > > good point and something that is not consistent at all in Accumulo.
> > > > > What I have found is it is all over the place. In some cases people
> > > > > just open PRs and essentially are self documenting issues with the
> > > > > fix. In other cases people open up issues and then open up PRs. It
> > > > > does get confusing sometimes since they share the same numbering and
> > > > > name space. It may make sense to try and establish some guidelines if
> > > > > we go with Github Issues just so we are consistent about it.
> > > > >
> > > > > On Thu, Apr 4, 2024 at 2:40 PM Matt Pavlovich 
> > > wrote:
> > > > > >
> > > > > >
> > > > > > > On Apr 4, 2024, at 1:26 PM, Robbie Gemmell <
> > > robbie.gemm...@gmail.com> wrote:
> > > > > > >
> > > > > > > To the later point around Discussions, I do think enabling those
> > > could
> > > > > > > be good either way since, just like with Jira, people will often
> > > > > > > create Issues to ask questions rather than e.g mail a mailing
> > list.
> > > > > > > They might use a Discussion instead though.
> > > > > >
> > > > > > +1 agree that having discussions enabled would be an upgrade for
> > > users, big improvement over mailing lists.
> > > > > >
> > > >

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Robbie Gemmell]

Whilst Jira can certainly do that, I dont believe we have ever used it
in that fashion here, and so I dont see that it could be considered a
break either way. Also, the process of e.g privately reporting
security issues wouldnt change in any event, it would remain as it is
now (and is detailed on each github repository already due to some org
level defaults).

On Fri, 5 Apr 2024 at 17:48, Clebert Suconic  wrote:
>
> Is there a private comment capability on GitHub?  To me that’s a breaking
> deal feature and I have never seen it.
>
> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
> bruscin...@gmail.com> wrote:
>
> > I don't have a strong opinion on migrating from Jira to GitHub Issues.
> > I would prefer GitHub Issues only for its better integration and because
> > new users that reach from the GitHub repository could be confused to not
> > find the `Issues` tabs (most of the GitHub projects use it).
> >
> > Also GitHub Issues has a good REST interface, I'm using it in
> > GithubIssueManager[1].
> >
> > @Justin Bertram  thanks the detailed doc!!!
> >
> > [1]
> >
> > https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
> >
> > On Fri, 5 Apr 2024 at 17:41, Clebert Suconic 
> > wrote:
> >
> > > I would prefer to keep JIRA for their REST interface.
> > >
> > > Also: one thing to notice is the possibility of using private comments
> > > in JIRA. Say you ever have a security issue. I think you can have PMC
> > > private comments on JIRAs. I'm not sure you have the same in github
> > > issues.
> > >
> > >
> > > I didn't see a note about private comments on Justin's detailed doc
> > > (nice Doc BTW), but the private comments may be handy on handling
> > > sensitive issues.
> > >
> > > On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell 
> > > wrote:
> > > >
> > > > The 'track version as Project' thing is interesting, though kinda
> > > > further underscores the limitations of Milestones which are really the
> > > > main surfaced way of handling versions.
> > > >
> > > > I'll bet some folks on the 'users' side of things looking at released
> > > > issues later would even miss that you are doing that (I would), since
> > > > Projects are kinda separate and get even further hidden away upon
> > > > completion; closed Projects are hidden/collapsed in the Issue/PR view
> > > > on expectations they are no longer 'interesting', requiring you to
> > > > spot that and expand the closed-projects view on each Issue/PR to see
> > > > the Project later. Which to be fair I think is actually decent
> > > > behaviour in general for their main use cases, since they aren't
> > > > really aimed to be used as versions but more for using the 'swimlane'
> > > > etc views given for managing/planning overall outstanding tasks to a
> > > > point of completion and will then most typically be
> > > > forgotten/less-interesting detail.
> > > >
> > > > On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
> > > >  wrote:
> > > > >
> > > > > I am also on the Accumulo PMC and on that project we use Github
> > issues
> > > > > and no longer use Jira. This switch was made before my time so I'm
> > not
> > > > > sure of the reasoning. Personally, I don't really care too much
> > either
> > > > > way as I've used both but I will just point out 2 things from my
> > > > > experience with it.
> > > > >
> > > > > 1) For version tracking, we use projects and not milestones. I don't
> > > > > know if this is the best way to do things but that's what we have
> > been
> > > > > using and seems to work ok as you can list multiple projects
> > > > > (versions) for an Issue or PR:
> > > > > https://github.com/apache/accumulo/projects?type=classic
> > > > >
> > > > > 2) Robbie's point about whether or not Issues get opened is a really
> > > > > good point and something that is not consistent at all in Accumulo.
> > > > > What I have found is it is all over the place. In some cases people
> > > > > just open PRs and essentially are self documenting issues with the
> > > > > fix. In other cases people open up issues and then open up PRs. It
> > > > > does get confusing sometimes since they share the same numbering and
> > > > > name space. It may make sense to try and establish some guidelines if
> > > > > we go with Github Issues just so we are consistent about it.
> > > > >
> > > > > On Thu, Apr 4, 2024 at 2:40 PM Matt Pavlovich 
> > > wrote:
> > > > > >
> > > > > >
> > > > > > > On Apr 4, 2024, at 1:26 PM, Robbie Gemmell <
> > > robbie.gemm...@gmail.com> wrote:
> > > > > > >
> > > > > > > To the later point around Discussions, I do think enabling those
> > > could
> > > > > > > be good either way since, just like with Jira, people will often
> > > > > > > create Issues to ask questions rather than e.g mail a mailing
> > list.
> > > > > > > They might use a Discussion instead though.
> > > > > >
> > > > > > +1 agree that having discussions enabled would be an upgrade for
> > > users,

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Robbie Gemmell]

On the lack of Issues tab, though it doesnt seem to have been too much
of an issue so far, we could certainly improve that by ensuring each
repo README always covers how to raise things (or just links to the
website page that covers it; I think some repos already do). Plus,
opening Discussions again might be a suitable alternative for many of
the things that get raised as issues but are actually just questions.

On Fri, 5 Apr 2024 at 17:15, Domenico Francesco Bruscino
 wrote:
>
> I don't have a strong opinion on migrating from Jira to GitHub Issues.
> I would prefer GitHub Issues only for its better integration and because
> new users that reach from the GitHub repository could be confused to not
> find the `Issues` tabs (most of the GitHub projects use it).
>
> Also GitHub Issues has a good REST interface, I'm using it in
> GithubIssueManager[1].
>
> @Justin Bertram  thanks the detailed doc!!!
>
> [1]
> https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
>
> On Fri, 5 Apr 2024 at 17:41, Clebert Suconic 
> wrote:
>
> > I would prefer to keep JIRA for their REST interface.
> >
> > Also: one thing to notice is the possibility of using private comments
> > in JIRA. Say you ever have a security issue. I think you can have PMC
> > private comments on JIRAs. I'm not sure you have the same in github
> > issues.
> >
> >
> > I didn't see a note about private comments on Justin's detailed doc
> > (nice Doc BTW), but the private comments may be handy on handling
> > sensitive issues.
> >
> > On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell 
> > wrote:
> > >
> > > The 'track version as Project' thing is interesting, though kinda
> > > further underscores the limitations of Milestones which are really the
> > > main surfaced way of handling versions.
> > >
> > > I'll bet some folks on the 'users' side of things looking at released
> > > issues later would even miss that you are doing that (I would), since
> > > Projects are kinda separate and get even further hidden away upon
> > > completion; closed Projects are hidden/collapsed in the Issue/PR view
> > > on expectations they are no longer 'interesting', requiring you to
> > > spot that and expand the closed-projects view on each Issue/PR to see
> > > the Project later. Which to be fair I think is actually decent
> > > behaviour in general for their main use cases, since they aren't
> > > really aimed to be used as versions but more for using the 'swimlane'
> > > etc views given for managing/planning overall outstanding tasks to a
> > > point of completion and will then most typically be
> > > forgotten/less-interesting detail.
> > >
> > > On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
> > >  wrote:
> > > >
> > > > I am also on the Accumulo PMC and on that project we use Github issues
> > > > and no longer use Jira. This switch was made before my time so I'm not
> > > > sure of the reasoning. Personally, I don't really care too much either
> > > > way as I've used both but I will just point out 2 things from my
> > > > experience with it.
> > > >
> > > > 1) For version tracking, we use projects and not milestones. I don't
> > > > know if this is the best way to do things but that's what we have been
> > > > using and seems to work ok as you can list multiple projects
> > > > (versions) for an Issue or PR:
> > > > https://github.com/apache/accumulo/projects?type=classic
> > > >
> > > > 2) Robbie's point about whether or not Issues get opened is a really
> > > > good point and something that is not consistent at all in Accumulo.
> > > > What I have found is it is all over the place. In some cases people
> > > > just open PRs and essentially are self documenting issues with the
> > > > fix. In other cases people open up issues and then open up PRs. It
> > > > does get confusing sometimes since they share the same numbering and
> > > > name space. It may make sense to try and establish some guidelines if
> > > > we go with Github Issues just so we are consistent about it.
> > > >
> > > > On Thu, Apr 4, 2024 at 2:40 PM Matt Pavlovich 
> > wrote:
> > > > >
> > > > >
> > > > > > On Apr 4, 2024, at 1:26 PM, Robbie Gemmell <
> > robbie.gemm...@gmail.com> wrote:
> > > > > >
> > > > > > To the later point around Discussions, I do think enabling those
> > could
> > > > > > be good either way since, just like with Jira, people will often
> > > > > > create Issues to ask questions rather than e.g mail a mailing list.
> > > > > > They might use a Discussion instead though.
> > > > >
> > > > > +1 agree that having discussions enabled would be an upgrade for
> > users, big improvement over mailing lists.
> > > > >
> > > > > > On Tue, 2 Apr 2024 at 20:52, Justin Bertram 
> > wrote:
> > > > > >>
> > > > > >> There's been a few threads about this general subject, but most
> > have
> > > > > >> concentrated on Classic in particular. I think it's worth
> > discussing
> > > > > >> migration of ActiveMQ as a whole and

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Matt Pavlovich]

Hi Clebert-

How widely used are private comments today?

I ran a search and I do not see any private comments in use with the ActiveMQ 
project. I tried searching the ARTEMIS project, perhaps I got the JQL incorrect?

project = ARTEMIS AND issueFunction in commented("group activemq-pmc”)
project = ARTEMIS AND issueFunction in commented(“role PMC")

An available solution would be to use a private GH repo would secure all the 
items — code, issues, etc.. from unprivileged users. A PMC-only repo could have 
issues-only or discussion-only for CVE discussions.

I think private comment is a wonky concept, as it is easy to get that toggled 
incorrectly. I think it is better to restrict access to a secured area vs 
trying to feather comments.

Thanks,
Matt

> On Apr 5, 2024, at 11:47 AM, Clebert Suconic  
> wrote:
> 
> Is there a private comment capability on GitHub?  To me that’s a breaking
> deal feature and I have never seen it.
> 
> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
> bruscin...@gmail.com> wrote:
> 
>> I don't have a strong opinion on migrating from Jira to GitHub Issues.
>> I would prefer GitHub Issues only for its better integration and because
>> new users that reach from the GitHub repository could be confused to not
>> find the `Issues` tabs (most of the GitHub projects use it).
>> 
>> Also GitHub Issues has a good REST interface, I'm using it in
>> GithubIssueManager[1].
>> 
>> @Justin Bertram  thanks the detailed doc!!!
>> 
>> [1]
>> 
>> https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
>> 
>> On Fri, 5 Apr 2024 at 17:41, Clebert Suconic 
>> wrote:
>> 
>>> I would prefer to keep JIRA for their REST interface.
>>> 
>>> Also: one thing to notice is the possibility of using private comments
>>> in JIRA. Say you ever have a security issue. I think you can have PMC
>>> private comments on JIRAs. I'm not sure you have the same in github
>>> issues.
>>> 
>>> 
>>> I didn't see a note about private comments on Justin's detailed doc
>>> (nice Doc BTW), but the private comments may be handy on handling
>>> sensitive issues.
>>> 
>>> On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell 
>>> wrote:
 
 The 'track version as Project' thing is interesting, though kinda
 further underscores the limitations of Milestones which are really the
 main surfaced way of handling versions.
 
 I'll bet some folks on the 'users' side of things looking at released
 issues later would even miss that you are doing that (I would), since
 Projects are kinda separate and get even further hidden away upon
 completion; closed Projects are hidden/collapsed in the Issue/PR view
 on expectations they are no longer 'interesting', requiring you to
 spot that and expand the closed-projects view on each Issue/PR to see
 the Project later. Which to be fair I think is actually decent
 behaviour in general for their main use cases, since they aren't
 really aimed to be used as versions but more for using the 'swimlane'
 etc views given for managing/planning overall outstanding tasks to a
 point of completion and will then most typically be
 forgotten/less-interesting detail.
 
 On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
  wrote:
> 
> I am also on the Accumulo PMC and on that project we use Github
>> issues
> and no longer use Jira. This switch was made before my time so I'm
>> not
> sure of the reasoning. Personally, I don't really care too much
>> either
> way as I've used both but I will just point out 2 things from my
> experience with it.
> 
> 1) For version tracking, we use projects and not milestones. I don't
> know if this is the best way to do things but that's what we have
>> been
> using and seems to work ok as you can list multiple projects
> (versions) for an Issue or PR:
> https://github.com/apache/accumulo/projects?type=classic
> 
> 2) Robbie's point about whether or not Issues get opened is a really
> good point and something that is not consistent at all in Accumulo.
> What I have found is it is all over the place. In some cases people
> just open PRs and essentially are self documenting issues with the
> fix. In other cases people open up issues and then open up PRs. It
> does get confusing sometimes since they share the same numbering and
> name space. It may make sense to try and establish some guidelines if
> we go with Github Issues just so we are consistent about it.
> 
> On Thu, Apr 4, 2024 at 2:40 PM Matt Pavlovich 
>>> wrote:
>> 
>> 
>>> On Apr 4, 2024, at 1:26 PM, Robbie Gemmell <
>>> robbie.gemm...@gmail.com> wrote:
>>> 
>>> To the later point around Discussions, I do think enabling those
>>> could
>>> be good either way since, just like with Jira, people will often
>>> create Issues to ask questions rather than e.g mail 

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Clebert Suconic]

I haven’t used it on the Apache Jira but I use private comments all the
time on my company JIRA for things that would be related to security and
injeritently private.

I thought we could eventually start using a feature like that and I thought
it would be a nice feature to keep.  But if everybody think we should keep
everything open and just use private list for private comments that’s fine.

On Fri, Apr 5, 2024 at 2:47 PM Matt Pavlovich  wrote:

> Hi Clebert-
>
> How widely used are private comments today?
>
> I ran a search and I do not see any private comments in use with the
> ActiveMQ project. I tried searching the ARTEMIS project, perhaps I got the
> JQL incorrect?
>
> project = ARTEMIS AND issueFunction in commented("group activemq-pmc”)
> project = ARTEMIS AND issueFunction in commented(“role PMC")
>
> An available solution would be to use a private GH repo would secure all
> the items — code, issues, etc.. from unprivileged users. A PMC-only repo
> could have issues-only or discussion-only for CVE discussions.
>
> I think private comment is a wonky concept, as it is easy to get that
> toggled incorrectly. I think it is better to restrict access to a secured
> area vs trying to feather comments.
>
> Thanks,
> Matt
>
> > On Apr 5, 2024, at 11:47 AM, Clebert Suconic 
> wrote:
> >
> > Is there a private comment capability on GitHub?  To me that’s a breaking
> > deal feature and I have never seen it.
> >
> > On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
> > bruscin...@gmail.com> wrote:
> >
> >> I don't have a strong opinion on migrating from Jira to GitHub Issues.
> >> I would prefer GitHub Issues only for its better integration and because
> >> new users that reach from the GitHub repository could be confused to not
> >> find the `Issues` tabs (most of the GitHub projects use it).
> >>
> >> Also GitHub Issues has a good REST interface, I'm using it in
> >> GithubIssueManager[1].
> >>
> >> @Justin Bertram  thanks the detailed doc!!!
> >>
> >> [1]
> >>
> >>
> https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
> >>
> >> On Fri, 5 Apr 2024 at 17:41, Clebert Suconic  >
> >> wrote:
> >>
> >>> I would prefer to keep JIRA for their REST interface.
> >>>
> >>> Also: one thing to notice is the possibility of using private comments
> >>> in JIRA. Say you ever have a security issue. I think you can have PMC
> >>> private comments on JIRAs. I'm not sure you have the same in github
> >>> issues.
> >>>
> >>>
> >>> I didn't see a note about private comments on Justin's detailed doc
> >>> (nice Doc BTW), but the private comments may be handy on handling
> >>> sensitive issues.
> >>>
> >>> On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell <
> robbie.gemm...@gmail.com>
> >>> wrote:
> 
>  The 'track version as Project' thing is interesting, though kinda
>  further underscores the limitations of Milestones which are really the
>  main surfaced way of handling versions.
> 
>  I'll bet some folks on the 'users' side of things looking at released
>  issues later would even miss that you are doing that (I would), since
>  Projects are kinda separate and get even further hidden away upon
>  completion; closed Projects are hidden/collapsed in the Issue/PR view
>  on expectations they are no longer 'interesting', requiring you to
>  spot that and expand the closed-projects view on each Issue/PR to see
>  the Project later. Which to be fair I think is actually decent
>  behaviour in general for their main use cases, since they aren't
>  really aimed to be used as versions but more for using the 'swimlane'
>  etc views given for managing/planning overall outstanding tasks to a
>  point of completion and will then most typically be
>  forgotten/less-interesting detail.
> 
>  On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
>   wrote:
> >
> > I am also on the Accumulo PMC and on that project we use Github
> >> issues
> > and no longer use Jira. This switch was made before my time so I'm
> >> not
> > sure of the reasoning. Personally, I don't really care too much
> >> either
> > way as I've used both but I will just point out 2 things from my
> > experience with it.
> >
> > 1) For version tracking, we use projects and not milestones. I don't
> > know if this is the best way to do things but that's what we have
> >> been
> > using and seems to work ok as you can list multiple projects
> > (versions) for an Issue or PR:
> > https://github.com/apache/accumulo/projects?type=classic
> >
> > 2) Robbie's point about whether or not Issues get opened is a really
> > good point and something that is not consistent at all in Accumulo.
> > What I have found is it is all over the place. In some cases people
> > just open PRs and essentially are self documenting issues with the
> > fix. In other cases people op

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Matt Pavlovich]

Got it, that makes sense. I think we could achieve the same effect w/ a private 
repo (ie "activmeq-pmc”) and enable what ever product features makes sense— 
issues, discussion, etc.  

I agree, moving off of mailing list would be beneficial for certain discussions 
(esp security reports) b/c of things like attachments, links, etc often become 
a security challenge w/ email.

-Matt

> On Apr 5, 2024, at 6:58 PM, Clebert Suconic  wrote:
> 
> I haven’t used it on the Apache Jira but I use private comments all the
> time on my company JIRA for things that would be related to security and
> injeritently private.
> 
> I thought we could eventually start using a feature like that and I thought
> it would be a nice feature to keep.  But if everybody think we should keep
> everything open and just use private list for private comments that’s fine.
> 
> On Fri, Apr 5, 2024 at 2:47 PM Matt Pavlovich  wrote:
> 
>> Hi Clebert-
>> 
>> How widely used are private comments today?
>> 
>> I ran a search and I do not see any private comments in use with the
>> ActiveMQ project. I tried searching the ARTEMIS project, perhaps I got the
>> JQL incorrect?
>> 
>> project = ARTEMIS AND issueFunction in commented("group activemq-pmc”)
>> project = ARTEMIS AND issueFunction in commented(“role PMC")
>> 
>> An available solution would be to use a private GH repo would secure all
>> the items — code, issues, etc.. from unprivileged users. A PMC-only repo
>> could have issues-only or discussion-only for CVE discussions.
>> 
>> I think private comment is a wonky concept, as it is easy to get that
>> toggled incorrectly. I think it is better to restrict access to a secured
>> area vs trying to feather comments.
>> 
>> Thanks,
>> Matt
>> 
>>> On Apr 5, 2024, at 11:47 AM, Clebert Suconic 
>> wrote:
>>> 
>>> Is there a private comment capability on GitHub?  To me that’s a breaking
>>> deal feature and I have never seen it.
>>> 
>>> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
>>> bruscin...@gmail.com> wrote:
>>> 
 I don't have a strong opinion on migrating from Jira to GitHub Issues.
 I would prefer GitHub Issues only for its better integration and because
 new users that reach from the GitHub repository could be confused to not
 find the `Issues` tabs (most of the GitHub projects use it).
 
 Also GitHub Issues has a good REST interface, I'm using it in
 GithubIssueManager[1].
 
 @Justin Bertram  thanks the detailed doc!!!
 
 [1]
 
 
>> https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
 
 On Fri, 5 Apr 2024 at 17:41, Clebert Suconic >> 
 wrote:
 
> I would prefer to keep JIRA for their REST interface.
> 
> Also: one thing to notice is the possibility of using private comments
> in JIRA. Say you ever have a security issue. I think you can have PMC
> private comments on JIRAs. I'm not sure you have the same in github
> issues.
> 
> 
> I didn't see a note about private comments on Justin's detailed doc
> (nice Doc BTW), but the private comments may be handy on handling
> sensitive issues.
> 
> On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell <
>> robbie.gemm...@gmail.com>
> wrote:
>> 
>> The 'track version as Project' thing is interesting, though kinda
>> further underscores the limitations of Milestones which are really the
>> main surfaced way of handling versions.
>> 
>> I'll bet some folks on the 'users' side of things looking at released
>> issues later would even miss that you are doing that (I would), since
>> Projects are kinda separate and get even further hidden away upon
>> completion; closed Projects are hidden/collapsed in the Issue/PR view
>> on expectations they are no longer 'interesting', requiring you to
>> spot that and expand the closed-projects view on each Issue/PR to see
>> the Project later. Which to be fair I think is actually decent
>> behaviour in general for their main use cases, since they aren't
>> really aimed to be used as versions but more for using the 'swimlane'
>> etc views given for managing/planning overall outstanding tasks to a
>> point of completion and will then most typically be
>> forgotten/less-interesting detail.
>> 
>> On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
>>  wrote:
>>> 
>>> I am also on the Accumulo PMC and on that project we use Github
 issues
>>> and no longer use Jira. This switch was made before my time so I'm
 not
>>> sure of the reasoning. Personally, I don't really care too much
 either
>>> way as I've used both but I will just point out 2 things from my
>>> experience with it.
>>> 
>>> 1) For version tracking, we use projects and not milestones. I don't
>>> know if this is the best way to do things but that's what we have
 been
>>>

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Jean-Baptiste Onofré]

Just a reminder: even if we use GitHub Discussions, we should always
send a pointer on the mailing list. As we say at Apache: "if it
doesn't occur on the mailing list, it never occurred".

Thanks
Regards
JB

On Mon, Apr 8, 2024 at 6:27 PM Matt Pavlovich  wrote:
>
> Got it, that makes sense. I think we could achieve the same effect w/ a 
> private repo (ie "activmeq-pmc”) and enable what ever product features makes 
> sense— issues, discussion, etc.
>
> I agree, moving off of mailing list would be beneficial for certain 
> discussions (esp security reports) b/c of things like attachments, links, etc 
> often become a security challenge w/ email.
>
> -Matt
>
> > On Apr 5, 2024, at 6:58 PM, Clebert Suconic  
> > wrote:
> >
> > I haven’t used it on the Apache Jira but I use private comments all the
> > time on my company JIRA for things that would be related to security and
> > injeritently private.
> >
> > I thought we could eventually start using a feature like that and I thought
> > it would be a nice feature to keep.  But if everybody think we should keep
> > everything open and just use private list for private comments that’s fine.
> >
> > On Fri, Apr 5, 2024 at 2:47 PM Matt Pavlovich  wrote:
> >
> >> Hi Clebert-
> >>
> >> How widely used are private comments today?
> >>
> >> I ran a search and I do not see any private comments in use with the
> >> ActiveMQ project. I tried searching the ARTEMIS project, perhaps I got the
> >> JQL incorrect?
> >>
> >> project = ARTEMIS AND issueFunction in commented("group activemq-pmc”)
> >> project = ARTEMIS AND issueFunction in commented(“role PMC")
> >>
> >> An available solution would be to use a private GH repo would secure all
> >> the items — code, issues, etc.. from unprivileged users. A PMC-only repo
> >> could have issues-only or discussion-only for CVE discussions.
> >>
> >> I think private comment is a wonky concept, as it is easy to get that
> >> toggled incorrectly. I think it is better to restrict access to a secured
> >> area vs trying to feather comments.
> >>
> >> Thanks,
> >> Matt
> >>
> >>> On Apr 5, 2024, at 11:47 AM, Clebert Suconic 
> >> wrote:
> >>>
> >>> Is there a private comment capability on GitHub?  To me that’s a breaking
> >>> deal feature and I have never seen it.
> >>>
> >>> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
> >>> bruscin...@gmail.com> wrote:
> >>>
>  I don't have a strong opinion on migrating from Jira to GitHub Issues.
>  I would prefer GitHub Issues only for its better integration and because
>  new users that reach from the GitHub repository could be confused to not
>  find the `Issues` tabs (most of the GitHub projects use it).
> 
>  Also GitHub Issues has a good REST interface, I'm using it in
>  GithubIssueManager[1].
> 
>  @Justin Bertram  thanks the detailed doc!!!
> 
>  [1]
> 
> 
> >> https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
> 
>  On Fri, 5 Apr 2024 at 17:41, Clebert Suconic  >>>
>  wrote:
> 
> > I would prefer to keep JIRA for their REST interface.
> >
> > Also: one thing to notice is the possibility of using private comments
> > in JIRA. Say you ever have a security issue. I think you can have PMC
> > private comments on JIRAs. I'm not sure you have the same in github
> > issues.
> >
> >
> > I didn't see a note about private comments on Justin's detailed doc
> > (nice Doc BTW), but the private comments may be handy on handling
> > sensitive issues.
> >
> > On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell <
> >> robbie.gemm...@gmail.com>
> > wrote:
> >>
> >> The 'track version as Project' thing is interesting, though kinda
> >> further underscores the limitations of Milestones which are really the
> >> main surfaced way of handling versions.
> >>
> >> I'll bet some folks on the 'users' side of things looking at released
> >> issues later would even miss that you are doing that (I would), since
> >> Projects are kinda separate and get even further hidden away upon
> >> completion; closed Projects are hidden/collapsed in the Issue/PR view
> >> on expectations they are no longer 'interesting', requiring you to
> >> spot that and expand the closed-projects view on each Issue/PR to see
> >> the Project later. Which to be fair I think is actually decent
> >> behaviour in general for their main use cases, since they aren't
> >> really aimed to be used as versions but more for using the 'swimlane'
> >> etc views given for managing/planning overall outstanding tasks to a
> >> point of completion and will then most typically be
> >> forgotten/less-interesting detail.
> >>
> >> On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
> >>  wrote:
> >>>
> >>> I am also on the Accumulo PMC and on that project we use Github
> 

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Robbie Gemmell]

The security reporting/followup follow the process/requirements set
out by security@ so we cant really just change things around
that...though if there ideas, then perhaps they can be discussed with
them toward being generally applicable.

I believe there are private subversion repo areas for PMCs (never use
it though), not sure whether there are facilities yet for PMC git
repos.

On Mon, 8 Apr 2024 at 17:27, Matt Pavlovich  wrote:
>
> Got it, that makes sense. I think we could achieve the same effect w/ a 
> private repo (ie "activmeq-pmc”) and enable what ever product features makes 
> sense— issues, discussion, etc.
>
> I agree, moving off of mailing list would be beneficial for certain 
> discussions (esp security reports) b/c of things like attachments, links, etc 
> often become a security challenge w/ email.
>
> -Matt
>
> > On Apr 5, 2024, at 6:58 PM, Clebert Suconic  
> > wrote:
> >
> > I haven’t used it on the Apache Jira but I use private comments all the
> > time on my company JIRA for things that would be related to security and
> > injeritently private.
> >
> > I thought we could eventually start using a feature like that and I thought
> > it would be a nice feature to keep.  But if everybody think we should keep
> > everything open and just use private list for private comments that’s fine.
> >
> > On Fri, Apr 5, 2024 at 2:47 PM Matt Pavlovich  wrote:
> >
> >> Hi Clebert-
> >>
> >> How widely used are private comments today?
> >>
> >> I ran a search and I do not see any private comments in use with the
> >> ActiveMQ project. I tried searching the ARTEMIS project, perhaps I got the
> >> JQL incorrect?
> >>
> >> project = ARTEMIS AND issueFunction in commented("group activemq-pmc”)
> >> project = ARTEMIS AND issueFunction in commented(“role PMC")
> >>
> >> An available solution would be to use a private GH repo would secure all
> >> the items — code, issues, etc.. from unprivileged users. A PMC-only repo
> >> could have issues-only or discussion-only for CVE discussions.
> >>
> >> I think private comment is a wonky concept, as it is easy to get that
> >> toggled incorrectly. I think it is better to restrict access to a secured
> >> area vs trying to feather comments.
> >>
> >> Thanks,
> >> Matt
> >>
> >>> On Apr 5, 2024, at 11:47 AM, Clebert Suconic 
> >> wrote:
> >>>
> >>> Is there a private comment capability on GitHub?  To me that’s a breaking
> >>> deal feature and I have never seen it.
> >>>
> >>> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
> >>> bruscin...@gmail.com> wrote:
> >>>
>  I don't have a strong opinion on migrating from Jira to GitHub Issues.
>  I would prefer GitHub Issues only for its better integration and because
>  new users that reach from the GitHub repository could be confused to not
>  find the `Issues` tabs (most of the GitHub projects use it).
> 
>  Also GitHub Issues has a good REST interface, I'm using it in
>  GithubIssueManager[1].
> 
>  @Justin Bertram  thanks the detailed doc!!!
> 
>  [1]
> 
> 
> >> https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
> 
>  On Fri, 5 Apr 2024 at 17:41, Clebert Suconic  >>>
>  wrote:
> 
> > I would prefer to keep JIRA for their REST interface.
> >
> > Also: one thing to notice is the possibility of using private comments
> > in JIRA. Say you ever have a security issue. I think you can have PMC
> > private comments on JIRAs. I'm not sure you have the same in github
> > issues.
> >
> >
> > I didn't see a note about private comments on Justin's detailed doc
> > (nice Doc BTW), but the private comments may be handy on handling
> > sensitive issues.
> >
> > On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell <
> >> robbie.gemm...@gmail.com>
> > wrote:
> >>
> >> The 'track version as Project' thing is interesting, though kinda
> >> further underscores the limitations of Milestones which are really the
> >> main surfaced way of handling versions.
> >>
> >> I'll bet some folks on the 'users' side of things looking at released
> >> issues later would even miss that you are doing that (I would), since
> >> Projects are kinda separate and get even further hidden away upon
> >> completion; closed Projects are hidden/collapsed in the Issue/PR view
> >> on expectations they are no longer 'interesting', requiring you to
> >> spot that and expand the closed-projects view on each Issue/PR to see
> >> the Project later. Which to be fair I think is actually decent
> >> behaviour in general for their main use cases, since they aren't
> >> really aimed to be used as versions but more for using the 'swimlane'
> >> etc views given for managing/planning overall outstanding tasks to a
> >> point of completion and will then most typically be
> >> forgotten/less-interesting detail.

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Matt Pavlovich]

Robbie-

One option with GH issues is we can have them prompted with a ’type’ (for 
example, an issue or security report). Security report workflow could take them 
to the readme with email link to direct users to the mailing list and 
(hopefully) getting better adherence to the requested security process.

-Matt

> On Apr 8, 2024, at 12:29 PM, Robbie Gemmell  wrote:
> 
> The security reporting/followup follow the process/requirements set
> out by security@ so we cant really just change things around
> that...though if there ideas, then perhaps they can be discussed with
> them toward being generally applicable.
> 
> I believe there are private subversion repo areas for PMCs (never use
> it though), not sure whether there are facilities yet for PMC git
> repos.
> 
> On Mon, 8 Apr 2024 at 17:27, Matt Pavlovich  wrote:
>> 
>> Got it, that makes sense. I think we could achieve the same effect w/ a 
>> private repo (ie "activmeq-pmc”) and enable what ever product features makes 
>> sense— issues, discussion, etc.
>> 
>> I agree, moving off of mailing list would be beneficial for certain 
>> discussions (esp security reports) b/c of things like attachments, links, 
>> etc often become a security challenge w/ email.
>> 
>> -Matt
>> 
>>> On Apr 5, 2024, at 6:58 PM, Clebert Suconic  
>>> wrote:
>>> 
>>> I haven’t used it on the Apache Jira but I use private comments all the
>>> time on my company JIRA for things that would be related to security and
>>> injeritently private.
>>> 
>>> I thought we could eventually start using a feature like that and I thought
>>> it would be a nice feature to keep.  But if everybody think we should keep
>>> everything open and just use private list for private comments that’s fine.
>>> 
>>> On Fri, Apr 5, 2024 at 2:47 PM Matt Pavlovich  wrote:
>>> 
 Hi Clebert-
 
 How widely used are private comments today?
 
 I ran a search and I do not see any private comments in use with the
 ActiveMQ project. I tried searching the ARTEMIS project, perhaps I got the
 JQL incorrect?
 
 project = ARTEMIS AND issueFunction in commented("group activemq-pmc”)
 project = ARTEMIS AND issueFunction in commented(“role PMC")
 
 An available solution would be to use a private GH repo would secure all
 the items — code, issues, etc.. from unprivileged users. A PMC-only repo
 could have issues-only or discussion-only for CVE discussions.
 
 I think private comment is a wonky concept, as it is easy to get that
 toggled incorrectly. I think it is better to restrict access to a secured
 area vs trying to feather comments.
 
 Thanks,
 Matt
 
> On Apr 5, 2024, at 11:47 AM, Clebert Suconic 
 wrote:
> 
> Is there a private comment capability on GitHub?  To me that’s a breaking
> deal feature and I have never seen it.
> 
> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
> bruscin...@gmail.com> wrote:
> 
>> I don't have a strong opinion on migrating from Jira to GitHub Issues.
>> I would prefer GitHub Issues only for its better integration and because
>> new users that reach from the GitHub repository could be confused to not
>> find the `Issues` tabs (most of the GitHub projects use it).
>> 
>> Also GitHub Issues has a good REST interface, I'm using it in
>> GithubIssueManager[1].
>> 
>> @Justin Bertram  thanks the detailed doc!!!
>> 
>> [1]
>> 
>> 
 https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
>> 
>> On Fri, 5 Apr 2024 at 17:41, Clebert Suconic  
>> wrote:
>> 
>>> I would prefer to keep JIRA for their REST interface.
>>> 
>>> Also: one thing to notice is the possibility of using private comments
>>> in JIRA. Say you ever have a security issue. I think you can have PMC
>>> private comments on JIRAs. I'm not sure you have the same in github
>>> issues.
>>> 
>>> 
>>> I didn't see a note about private comments on Justin's detailed doc
>>> (nice Doc BTW), but the private comments may be handy on handling
>>> sensitive issues.
>>> 
>>> On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell <
 robbie.gemm...@gmail.com>
>>> wrote:
 
 The 'track version as Project' thing is interesting, though kinda
 further underscores the limitations of Milestones which are really the
 main surfaced way of handling versions.
 
 I'll bet some folks on the 'users' side of things looking at released
 issues later would even miss that you are doing that (I would), since
 Projects are kinda separate and get even further hidden away upon
 completion; closed Projects are hidden/collapsed in the Issue/PR view
 on expectations they are no longer 'interesting', requiring you to
 spot that and expand the closed-projects v

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Matt Pavlovich]

@dev-

I’m summarizing the good points here and starting [PROPOSAL] thread to draft up 
potential next steps.

Thanks,
Matt

> On Apr 16, 2024, at 9:58 AM, Matt Pavlovich  wrote:
> 
> Robbie-
> 
> One option with GH issues is we can have them prompted with a ’type’ (for 
> example, an issue or security report). Security report workflow could take 
> them to the readme with email link to direct users to the mailing list and 
> (hopefully) getting better adherence to the requested security process.
> 
> -Matt
> 
>> On Apr 8, 2024, at 12:29 PM, Robbie Gemmell  wrote:
>> 
>> The security reporting/followup follow the process/requirements set
>> out by security@ so we cant really just change things around
>> that...though if there ideas, then perhaps they can be discussed with
>> them toward being generally applicable.
>> 
>> I believe there are private subversion repo areas for PMCs (never use
>> it though), not sure whether there are facilities yet for PMC git
>> repos.
>> 
>> On Mon, 8 Apr 2024 at 17:27, Matt Pavlovich  wrote:
>>> 
>>> Got it, that makes sense. I think we could achieve the same effect w/ a 
>>> private repo (ie "activmeq-pmc”) and enable what ever product features 
>>> makes sense— issues, discussion, etc.
>>> 
>>> I agree, moving off of mailing list would be beneficial for certain 
>>> discussions (esp security reports) b/c of things like attachments, links, 
>>> etc often become a security challenge w/ email.
>>> 
>>> -Matt
>>> 
 On Apr 5, 2024, at 6:58 PM, Clebert Suconic  
 wrote:
 
 I haven’t used it on the Apache Jira but I use private comments all the
 time on my company JIRA for things that would be related to security and
 injeritently private.
 
 I thought we could eventually start using a feature like that and I thought
 it would be a nice feature to keep.  But if everybody think we should keep
 everything open and just use private list for private comments that’s fine.
 
 On Fri, Apr 5, 2024 at 2:47 PM Matt Pavlovich  wrote:
 
> Hi Clebert-
> 
> How widely used are private comments today?
> 
> I ran a search and I do not see any private comments in use with the
> ActiveMQ project. I tried searching the ARTEMIS project, perhaps I got the
> JQL incorrect?
> 
> project = ARTEMIS AND issueFunction in commented("group activemq-pmc”)
> project = ARTEMIS AND issueFunction in commented(“role PMC")
> 
> An available solution would be to use a private GH repo would secure all
> the items — code, issues, etc.. from unprivileged users. A PMC-only repo
> could have issues-only or discussion-only for CVE discussions.
> 
> I think private comment is a wonky concept, as it is easy to get that
> toggled incorrectly. I think it is better to restrict access to a secured
> area vs trying to feather comments.
> 
> Thanks,
> Matt
> 
>> On Apr 5, 2024, at 11:47 AM, Clebert Suconic 
> wrote:
>> 
>> Is there a private comment capability on GitHub?  To me that’s a breaking
>> deal feature and I have never seen it.
>> 
>> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
>> bruscin...@gmail.com> wrote:
>> 
>>> I don't have a strong opinion on migrating from Jira to GitHub Issues.
>>> I would prefer GitHub Issues only for its better integration and because
>>> new users that reach from the GitHub repository could be confused to not
>>> find the `Issues` tabs (most of the GitHub projects use it).
>>> 
>>> Also GitHub Issues has a good REST interface, I'm using it in
>>> GithubIssueManager[1].
>>> 
>>> @Justin Bertram  thanks the detailed doc!!!
>>> 
>>> [1]
>>> 
>>> 
> https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
>>> 
>>> On Fri, 5 Apr 2024 at 17:41, Clebert Suconic > 
>>> wrote:
>>> 
 I would prefer to keep JIRA for their REST interface.
 
 Also: one thing to notice is the possibility of using private comments
 in JIRA. Say you ever have a security issue. I think you can have PMC
 private comments on JIRAs. I'm not sure you have the same in github
 issues.
 
 
 I didn't see a note about private comments on Justin's detailed doc
 (nice Doc BTW), but the private comments may be handy on handling
 sensitive issues.
 
 On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell <
> robbie.gemm...@gmail.com>
 wrote:
> 
> The 'track version as Project' thing is interesting, though kinda
> further underscores the limitations of Milestones which are really the
> main surfaced way of handling versions.
> 
> I'll bet some folks on the 'users' side of things looking at released
> issues later would even miss that you are d

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Bruce Snyder]

I am not convinced that we should replace Jira with Github issues. Based on
the info gathered and the discussions thus far, I believe such a change
would cause significant confusion for our users. As noted previously, there
is a significant difference between the purposes for a Jira issue vs.
comments in a PR. These are two completely different artifacts serving
different needs in the process and you cannot replace one with the other.

Bruce

On Tue, Apr 16, 2024 at 9:27 AM Matt Pavlovich  wrote:

> @dev-
>
> I’m summarizing the good points here and starting [PROPOSAL] thread to
> draft up potential next steps.
>
> Thanks,
> Matt
>
> > On Apr 16, 2024, at 9:58 AM, Matt Pavlovich  wrote:
> >
> > Robbie-
> >
> > One option with GH issues is we can have them prompted with a ’type’
> (for example, an issue or security report). Security report workflow could
> take them to the readme with email link to direct users to the mailing list
> and (hopefully) getting better adherence to the requested security process.
> >
> > -Matt
> >
> >> On Apr 8, 2024, at 12:29 PM, Robbie Gemmell 
> wrote:
> >>
> >> The security reporting/followup follow the process/requirements set
> >> out by security@ so we cant really just change things around
> >> that...though if there ideas, then perhaps they can be discussed with
> >> them toward being generally applicable.
> >>
> >> I believe there are private subversion repo areas for PMCs (never use
> >> it though), not sure whether there are facilities yet for PMC git
> >> repos.
> >>
> >> On Mon, 8 Apr 2024 at 17:27, Matt Pavlovich  wrote:
> >>>
> >>> Got it, that makes sense. I think we could achieve the same effect w/
> a private repo (ie "activmeq-pmc”) and enable what ever product features
> makes sense— issues, discussion, etc.
> >>>
> >>> I agree, moving off of mailing list would be beneficial for certain
> discussions (esp security reports) b/c of things like attachments, links,
> etc often become a security challenge w/ email.
> >>>
> >>> -Matt
> >>>
>  On Apr 5, 2024, at 6:58 PM, Clebert Suconic <
> clebert.suco...@gmail.com> wrote:
> 
>  I haven’t used it on the Apache Jira but I use private comments all
> the
>  time on my company JIRA for things that would be related to security
> and
>  injeritently private.
> 
>  I thought we could eventually start using a feature like that and I
> thought
>  it would be a nice feature to keep.  But if everybody think we should
> keep
>  everything open and just use private list for private comments that’s
> fine.
> 
>  On Fri, Apr 5, 2024 at 2:47 PM Matt Pavlovich 
> wrote:
> 
> > Hi Clebert-
> >
> > How widely used are private comments today?
> >
> > I ran a search and I do not see any private comments in use with the
> > ActiveMQ project. I tried searching the ARTEMIS project, perhaps I
> got the
> > JQL incorrect?
> >
> > project = ARTEMIS AND issueFunction in commented("group
> activemq-pmc”)
> > project = ARTEMIS AND issueFunction in commented(“role PMC")
> >
> > An available solution would be to use a private GH repo would secure
> all
> > the items — code, issues, etc.. from unprivileged users. A PMC-only
> repo
> > could have issues-only or discussion-only for CVE discussions.
> >
> > I think private comment is a wonky concept, as it is easy to get that
> > toggled incorrectly. I think it is better to restrict access to a
> secured
> > area vs trying to feather comments.
> >
> > Thanks,
> > Matt
> >
> >> On Apr 5, 2024, at 11:47 AM, Clebert Suconic <
> clebert.suco...@gmail.com>
> > wrote:
> >>
> >> Is there a private comment capability on GitHub?  To me that’s a
> breaking
> >> deal feature and I have never seen it.
> >>
> >> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
> >> bruscin...@gmail.com> wrote:
> >>
> >>> I don't have a strong opinion on migrating from Jira to GitHub
> Issues.
> >>> I would prefer GitHub Issues only for its better integration and
> because
> >>> new users that reach from the GitHub repository could be confused
> to not
> >>> find the `Issues` tabs (most of the GitHub projects use it).
> >>>
> >>> Also GitHub Issues has a good REST interface, I'm using it in
> >>> GithubIssueManager[1].
> >>>
> >>> @Justin Bertram  thanks the detailed doc!!!
> >>>
> >>> [1]
> >>>
> >>>
> >
> https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
> >>>
> >>> On Fri, 5 Apr 2024 at 17:41, Clebert Suconic <
> clebert.suco...@gmail.com
> >>
> >>> wrote:
> >>>
>  I would prefer to keep JIRA for their REST interface.
> 
>  Also: one thing to notice is the possibility of using private
> comments
>  in JIRA. Say you ever have a security issue. I think you can have
>

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Jean-Baptiste Onofré]

Hi Matt,

Thanks for that.

If I may, I don't see a strong consensus yet about GH Issues. The
other thread you started contains some non accurate points (we should
have clear statements to the community for clarity).

Regards
JB

On Tue, Apr 16, 2024 at 5:26 PM Matt Pavlovich  wrote:
>
> @dev-
>
> I’m summarizing the good points here and starting [PROPOSAL] thread to draft 
> up potential next steps.
>
> Thanks,
> Matt
>
> > On Apr 16, 2024, at 9:58 AM, Matt Pavlovich  wrote:
> >
> > Robbie-
> >
> > One option with GH issues is we can have them prompted with a ’type’ (for 
> > example, an issue or security report). Security report workflow could take 
> > them to the readme with email link to direct users to the mailing list and 
> > (hopefully) getting better adherence to the requested security process.
> >
> > -Matt
> >
> >> On Apr 8, 2024, at 12:29 PM, Robbie Gemmell  
> >> wrote:
> >>
> >> The security reporting/followup follow the process/requirements set
> >> out by security@ so we cant really just change things around
> >> that...though if there ideas, then perhaps they can be discussed with
> >> them toward being generally applicable.
> >>
> >> I believe there are private subversion repo areas for PMCs (never use
> >> it though), not sure whether there are facilities yet for PMC git
> >> repos.
> >>
> >> On Mon, 8 Apr 2024 at 17:27, Matt Pavlovich  wrote:
> >>>
> >>> Got it, that makes sense. I think we could achieve the same effect w/ a 
> >>> private repo (ie "activmeq-pmc”) and enable what ever product features 
> >>> makes sense— issues, discussion, etc.
> >>>
> >>> I agree, moving off of mailing list would be beneficial for certain 
> >>> discussions (esp security reports) b/c of things like attachments, links, 
> >>> etc often become a security challenge w/ email.
> >>>
> >>> -Matt
> >>>
>  On Apr 5, 2024, at 6:58 PM, Clebert Suconic  
>  wrote:
> 
>  I haven’t used it on the Apache Jira but I use private comments all the
>  time on my company JIRA for things that would be related to security and
>  injeritently private.
> 
>  I thought we could eventually start using a feature like that and I 
>  thought
>  it would be a nice feature to keep.  But if everybody think we should 
>  keep
>  everything open and just use private list for private comments that’s 
>  fine.
> 
>  On Fri, Apr 5, 2024 at 2:47 PM Matt Pavlovich  wrote:
> 
> > Hi Clebert-
> >
> > How widely used are private comments today?
> >
> > I ran a search and I do not see any private comments in use with the
> > ActiveMQ project. I tried searching the ARTEMIS project, perhaps I got 
> > the
> > JQL incorrect?
> >
> > project = ARTEMIS AND issueFunction in commented("group activemq-pmc”)
> > project = ARTEMIS AND issueFunction in commented(“role PMC")
> >
> > An available solution would be to use a private GH repo would secure all
> > the items — code, issues, etc.. from unprivileged users. A PMC-only repo
> > could have issues-only or discussion-only for CVE discussions.
> >
> > I think private comment is a wonky concept, as it is easy to get that
> > toggled incorrectly. I think it is better to restrict access to a 
> > secured
> > area vs trying to feather comments.
> >
> > Thanks,
> > Matt
> >
> >> On Apr 5, 2024, at 11:47 AM, Clebert Suconic 
> >> 
> > wrote:
> >>
> >> Is there a private comment capability on GitHub?  To me that’s a 
> >> breaking
> >> deal feature and I have never seen it.
> >>
> >> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
> >> bruscin...@gmail.com> wrote:
> >>
> >>> I don't have a strong opinion on migrating from Jira to GitHub Issues.
> >>> I would prefer GitHub Issues only for its better integration and 
> >>> because
> >>> new users that reach from the GitHub repository could be confused to 
> >>> not
> >>> find the `Issues` tabs (most of the GitHub projects use it).
> >>>
> >>> Also GitHub Issues has a good REST interface, I'm using it in
> >>> GithubIssueManager[1].
> >>>
> >>> @Justin Bertram  thanks the detailed doc!!!
> >>>
> >>> [1]
> >>>
> >>>
> > https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
> >>>
> >>> On Fri, 5 Apr 2024 at 17:41, Clebert Suconic 
> >>>  >>
> >>> wrote:
> >>>
>  I would prefer to keep JIRA for their REST interface.
> 
>  Also: one thing to notice is the possibility of using private 
>  comments
>  in JIRA. Say you ever have a security issue. I think you can have PMC
>  private comments on JIRAs. I'm not sure you have the same in github
>  issues.
> 
> 
>  I didn't see a note about private comments on Justin's det

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Matt Pavlovich]

Hi Bruce-

I don’t believe there is any intention to replace issue comments with comments 
on a PR or vice versa.

My point is that the current process of using JIRA for issue discussion isn’t 
really effective, and doesn’t serve a newer user base that is more familiar 
with using GitHub vs JIRA. A sizable chunk of discussion about fixes is 
happening on the PR’s today. Users filing a JIRA do not have the same 
visibility to the PR discussions there as they would vs if they filed a GH 
issue that is linked to a PR.

The JIRA <-> GH synchronization is wonky and spams the comments with the gitbox 
commits. With GH issues, the commit and PR work is listed in the issue history 
timeline, but that information set back and leads to an nicer (imho) navigation 
of the comments and track what is going on from a standard end-user POV (ie.. 
non-committer user).

Additionally, cross-project work is easier to reference because we can link 
across open source org repos for PRs and issues. Discussions flow and are 
referenced much smoother for collaborating with other projects such as Spring, 
Jetty, etc.

Taking the end-user approval workflow off the plate of the PMC is a 
side-benefit, but the main effect is lowering the barrier to entry for 
end-users and having a single account (with better transparency of identity) 
for issues and PR contributors. (GH account age, other GH project 
contributions, id verification, public keys, etc).

Today users in the ActiveMQ community need two accounts to report an issue and 
provide a PR. This doesn’t seem great to me.

In summary moving to GH issues is about:

1. Support for a single identity for issue and/or PR contribution
2. Use more familiar tools for a growing community of community users that are 
new to ActiveMQ
3. Centralize issue discussion and PR discussion
4. Remove JIRA user approval workflow from the plate of PMC
5. Possibly enabling discussion tools to provide better resource for users to 
interact with the ActiveMQ community in a more official capacity.

Thanks,
Matt

> On Apr 16, 2024, at 11:28 AM, Bruce Snyder  wrote:
> 
> I am not convinced that we should replace Jira with Github issues. Based on
> the info gathered and the discussions thus far, I believe such a change
> would cause significant confusion for our users. As noted previously, there
> is a significant difference between the purposes for a Jira issue vs.
> comments in a PR. These are two completely different artifacts serving
> different needs in the process and you cannot replace one with the other.
> 
> Bruce
> 
> On Tue, Apr 16, 2024 at 9:27 AM Matt Pavlovich  wrote:
> 
>> @dev-
>> 
>> I’m summarizing the good points here and starting [PROPOSAL] thread to
>> draft up potential next steps.
>> 
>> Thanks,
>> Matt
>> 
>>> On Apr 16, 2024, at 9:58 AM, Matt Pavlovich  wrote:
>>> 
>>> Robbie-
>>> 
>>> One option with GH issues is we can have them prompted with a ’type’
>> (for example, an issue or security report). Security report workflow could
>> take them to the readme with email link to direct users to the mailing list
>> and (hopefully) getting better adherence to the requested security process.
>>> 
>>> -Matt
>>> 
 On Apr 8, 2024, at 12:29 PM, Robbie Gemmell 
>> wrote:
 
 The security reporting/followup follow the process/requirements set
 out by security@ so we cant really just change things around
 that...though if there ideas, then perhaps they can be discussed with
 them toward being generally applicable.
 
 I believe there are private subversion repo areas for PMCs (never use
 it though), not sure whether there are facilities yet for PMC git
 repos.
 
 On Mon, 8 Apr 2024 at 17:27, Matt Pavlovich  wrote:
> 
> Got it, that makes sense. I think we could achieve the same effect w/
>> a private repo (ie "activmeq-pmc”) and enable what ever product features
>> makes sense— issues, discussion, etc.
> 
> I agree, moving off of mailing list would be beneficial for certain
>> discussions (esp security reports) b/c of things like attachments, links,
>> etc often become a security challenge w/ email.
> 
> -Matt
> 
>> On Apr 5, 2024, at 6:58 PM, Clebert Suconic <
>> clebert.suco...@gmail.com> wrote:
>> 
>> I haven’t used it on the Apache Jira but I use private comments all
>> the
>> time on my company JIRA for things that would be related to security
>> and
>> injeritently private.
>> 
>> I thought we could eventually start using a feature like that and I
>> thought
>> it would be a nice feature to keep.  But if everybody think we should
>> keep
>> everything open and just use private list for private comments that’s
>> fine.
>> 
>> On Fri, Apr 5, 2024 at 2:47 PM Matt Pavlovich 
>> wrote:
>> 
>>> Hi Clebert-
>>> 
>>> How widely used are private comments today?
>>> 
>>> I ran a search and I do not see any private comments in use with the
>>> ActiveMQ project.

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Matt Pavlovich]

Hi JB-

Yep, thanks for calling that out. When I indicated ‘security mailing list’ I 
should have been more clear to say ’secur...@apache.org’, to remove ambiguity 
that I was referring to an ActiveMQ mailing list.

I’ll clean-up points on the Proposal thread.

Thanks!
Matt

> On Apr 16, 2024, at 11:57 AM, Jean-Baptiste Onofré  wrote:
> 
> Hi Matt,
> 
> Thanks for that.
> 
> If I may, I don't see a strong consensus yet about GH Issues. The
> other thread you started contains some non accurate points (we should
> have clear statements to the community for clarity).
> 
> Regards
> JB
> 
> On Tue, Apr 16, 2024 at 5:26 PM Matt Pavlovich  wrote:
>> 
>> @dev-
>> 
>> I’m summarizing the good points here and starting [PROPOSAL] thread to draft 
>> up potential next steps.
>> 
>> Thanks,
>> Matt
>> 
>>> On Apr 16, 2024, at 9:58 AM, Matt Pavlovich  wrote:
>>> 
>>> Robbie-
>>> 
>>> One option with GH issues is we can have them prompted with a ’type’ (for 
>>> example, an issue or security report). Security report workflow could take 
>>> them to the readme with email link to direct users to the mailing list and 
>>> (hopefully) getting better adherence to the requested security process.
>>> 
>>> -Matt
>>> 
 On Apr 8, 2024, at 12:29 PM, Robbie Gemmell  
 wrote:
 
 The security reporting/followup follow the process/requirements set
 out by security@ so we cant really just change things around
 that...though if there ideas, then perhaps they can be discussed with
 them toward being generally applicable.
 
 I believe there are private subversion repo areas for PMCs (never use
 it though), not sure whether there are facilities yet for PMC git
 repos.
 
 On Mon, 8 Apr 2024 at 17:27, Matt Pavlovich  wrote:
> 
> Got it, that makes sense. I think we could achieve the same effect w/ a 
> private repo (ie "activmeq-pmc”) and enable what ever product features 
> makes sense— issues, discussion, etc.
> 
> I agree, moving off of mailing list would be beneficial for certain 
> discussions (esp security reports) b/c of things like attachments, links, 
> etc often become a security challenge w/ email.
> 
> -Matt
> 
>> On Apr 5, 2024, at 6:58 PM, Clebert Suconic  
>> wrote:
>> 
>> I haven’t used it on the Apache Jira but I use private comments all the
>> time on my company JIRA for things that would be related to security and
>> injeritently private.
>> 
>> I thought we could eventually start using a feature like that and I 
>> thought
>> it would be a nice feature to keep.  But if everybody think we should 
>> keep
>> everything open and just use private list for private comments that’s 
>> fine.
>> 
>> On Fri, Apr 5, 2024 at 2:47 PM Matt Pavlovich  wrote:
>> 
>>> Hi Clebert-
>>> 
>>> How widely used are private comments today?
>>> 
>>> I ran a search and I do not see any private comments in use with the
>>> ActiveMQ project. I tried searching the ARTEMIS project, perhaps I got 
>>> the
>>> JQL incorrect?
>>> 
>>> project = ARTEMIS AND issueFunction in commented("group activemq-pmc”)
>>> project = ARTEMIS AND issueFunction in commented(“role PMC")
>>> 
>>> An available solution would be to use a private GH repo would secure all
>>> the items — code, issues, etc.. from unprivileged users. A PMC-only repo
>>> could have issues-only or discussion-only for CVE discussions.
>>> 
>>> I think private comment is a wonky concept, as it is easy to get that
>>> toggled incorrectly. I think it is better to restrict access to a 
>>> secured
>>> area vs trying to feather comments.
>>> 
>>> Thanks,
>>> Matt
>>> 
 On Apr 5, 2024, at 11:47 AM, Clebert Suconic 
 
>>> wrote:
 
 Is there a private comment capability on GitHub?  To me that’s a 
 breaking
 deal feature and I have never seen it.
 
 On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
 bruscin...@gmail.com> wrote:
 
> I don't have a strong opinion on migrating from Jira to GitHub Issues.
> I would prefer GitHub Issues only for its better integration and 
> because
> new users that reach from the GitHub repository could be confused to 
> not
> find the `Issues` tabs (most of the GitHub projects use it).
> 
> Also GitHub Issues has a good REST interface, I'm using it in
> GithubIssueManager[1].
> 
> @Justin Bertram  thanks the detailed doc!!!
> 
> [1]
> 
> 
>>> https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
> 
> On Fri, 5 Apr 2024 at 17:41, Clebert Suconic 
> >>> 
> wrote:
> 
>> I would prefer to k