Re: Unable to access domain - request for assistance

[William A Rowe Jr]

File an INFRA / Outage(?) / Infrastructure ticket here,

https://issues.apache.org/jira/secure/Dashboard.jspa

They can be of assistance.

On Fri, Jun 3, 2022 at 9:49 AM Benjamin Carlton
 wrote:
>
> Dear Apache.org,
>
>
>
> I’m a member of IBM’s IT support and we have found that IBM cannot access a 
> URL on the domain: nightlies.apache.org
>
> After investigation, we believe that we may have been mistakenly placed on a 
> deny list.
>
>
>
> We are requesting that the following addresses (see attachment) be placed on 
> an allow list or verified as already belonging to an allow list for the above 
> listed domain.
>
>
>
> I have already emailed the Apache.org webmaster and created a Flink Jira 
> ticket (https://issues.apache.org/jira/browse/FLINK-27887) but we were hoping 
> to verify the correct process for our request. If you could help us gain 
> access to the above domain from the attached list of addresses, it would be 
> most appreciated. If there is another process I need to follow, please let me 
> know and I will be happy to follow that process instead.
>
>
>
> Looking forward to your response. Thank you.
>
>
>
> Best regards,
>
>
>
> Benjamin Carlton
>
> Exec IT Support Advisor | Executive Start Program
>
> IBM
> benjamin.carl...@ibm.com
>
>
>
>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: How to Join in ASF Security Team?

[William A Rowe Jr]

Just to focus the question a bit at what you might be asking...

On Wed, Dec 23, 2020 at 3:47 AM Mark Thomas  wrote:

> On 23/12/2020 05:29, r00t 4dm wrote:
> > Hello,
> >
> > Generally speaking, what conditions need to be met to join ASF security
> team?
>
> - ASF member [1]
> - Demonstrated understanding of security vulnerabilities over an
>   extended period of time (typically via membership of the security team
>   for one or more ASF projects)
>

Each project of the ASF has a Project Management Committee. They determine
on a project
by project basis whether that project will have a security list, and if so,
a restricted subset of
the PMC who are actively participating (or a superset of some guest
experts, who are generally,
but not exclusively committers.)

The task of the ASF-wide security team is pretty narrow and mundane...
simply ensure all
projects are following best practices for communicating security issues,
corresponding
appropriately with reporters, and tracking reports spread across the
organization. And lots
of mentoring for projects not familiar with the process.

The actual *work* happens project-by-project! So if there is a project you
are concerned with,
the best starting point is to participate in the dev list and help fix
defects, and at some point
you'll inevitably be asked to help solve security defects. Or bring
actionable concerns to the
project's security@ or private@ list for evaluation and discussion.

Motivation in OSS development

[William A Rowe Jr]

[bcc: members as this is something we have trouble explaining to our
families and friends ;-]

My daughter called this out to me this morning, Linux as well Apache get a
big shout out :)

"RSA ANIMATE: Drive: The surprising truth about what motivates us" (17m
views)
https://www.youtube.com/watch?v=u6XAPnuFjJc

Re: {Action by April 5] Vote on best time for the D&I committee discussion call

[William A Rowe Jr]

On Tue, Apr 2, 2019 at 7:44 PM Griselda Cuevas 
wrote:

> To the point of no calls...
>
> How does the board meet and make decisions?


That's a very fair question.

The board practice is to assemble all of the reports, suggested motions etc
days and sometimes weeks before the synchronous meeting. That meeting is
recorded with minutes for dissemination for everyone who isn't attending.
Less the redacted bits, these are approved a month or
two later and published openly for the record. We can all ready 20 years of
them here; http://apache.org/foundation/board/calendar.html

There is almost nothing presented to the board that wasn't already before
them and the membership for some significant time in advance, so the
inclusiveness aspect is satisfied. Now, as an operating board, these aren't
truly "public" discussions, only officers and members, who number over 700,
have any visibility into some early discussion. But many matters which are
brought to the board's attention arise from discussions which are public on
various -dev and discuss lists, and corresponding votes on committee
internal discussion lists.

Ultimately and to an outgoing AU board participant's frustration, the
meetings are synchronous and set comfortably in a US timezone. But this is
mostly a side-effect of US corporate governance, there was no "accepted"
framework for async electronic meetings at the time the foundation was
created.

Effectively, the board isn't going to pop any surprise on the membership,
because their agenda was laid out days and often months in advance on the
mailing lists, votes had been taken by project committees, and comments on
business before them are already received.

Re: on "meritocracy"

[William A Rowe Jr]

On Sun, Mar 31, 2019 at 2:59 PM Mark Thomas  wrote:

> I asked the D&I folks at $dayjob for some advice / suggestions and got
> back the following:
>
> 1. Mozilla have been doing some work in this area. It was suggested we
> reach out to them to get the benefit of their experience. Anyone have
> any contacts there?


If you are interested in parallel and active projects, the Women outreach
SIG
within the GNOME project is a really interesting and successful case study.

I haven't tracked them in real-time, so I'm surprised/pleased by one
particular fruit of their efforts; https://en.wikipedia.org/wiki/Outreachy
which Mozilla too turns out to be a huge champion of. The history topic
on that page plus footnotes are useful starting points.

Re: I wanna translate "Apache2 Ubuntu Default Page"

[William A Rowe Jr]

Hello 耿绍宽,

The official Apache HTTP Server response page consists of;

It works!

and nothing else. It is no longer decorated, because it confused the users
of the associated web sites. It did not help the administrators of those
sites.
The project is unlikely to consider adding translations, as the phrase
should
be very easy for the user to (correctly) translate through any tool at all,
and
it simply shouldn't be seen externally if the administrator is on their
game.

If you want to correct the *Ubuntu* default web page for their distribution
of the httpd server, reach out to them, we have nothing to do with that.

In good news, the http://httpd.apache.org/docs-project/ welcomes and
manages translations of the documentation, and we do have at least
one currently active contributor of Chinese translation for this effort,
which has many pages left to be translated;

  https://httpd.apache.org/docs/2.4/

Simplified and Traditional Chinese translations of httpd's custom error
response pages have already been introduced in the latest release,
as well;

  http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/error/

Please follow the directions at http://httpd.apache.org/docs-project/
about contributing to the project if you would like to expand on these
translations or are willing to review others' work.

Thanks in advance and cheers,

Bill

On Mon, Feb 25, 2019 at 7:52 PM 耿绍宽 <115454...@qq.com> wrote:

> Days ago, under the help of Apache2 related community, I was impressed
> with the work you all have done on Apache2!
>
> I found, the  Apache2 Ubuntu Default Page is very useful for the beginner.
> But I ignored it at the first sight.
>
> Forgive me, I believe that all the non-English-Speaking-country people
> will be very sick to read the Apache2 Ubuntu Default Page.
>
> I am a Chinese, I wanna help to translate this page into both simplified
> Chinese and traditional Chinese.
>
> So to help every Chinese have a better experience with Apache2!
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org
>
>

[jira] [Created] (COMDEV-282) Monitor http://{tlp}.apache.org/doap.rdf for releases

[William A. Rowe, Jr. (JIRA)]

William A. Rowe, Jr. created COMDEV-282:
---

 Summary: Monitor http://{tlp}.apache.org/doap.rdf for releases
 Key: COMDEV-282
 URL: https://issues.apache.org/jira/browse/COMDEV-282
 Project: Community Development
  Issue Type: Wish
  Components: Reporter Tool
Reporter: William A. Rowe, Jr.


Many projects, including apr.apache.org and httpd.apache.org, report their 
canonical release data as a doap resource, e.g.;

[http://httpd.apache.org/doap.rdf]

It would be helpful for the Reporter Tool to periodically scrape these 
resources and automatically populate the release tracking table.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

RE: Please add your release data for 'httpd'

[William A Rowe Jr]

I have appealed for the site doap.rdf to be automatically incorporated. So
far no luck.

On Mar 13, 2018 19:46, "Daniel Ruggeri"  wrote:

> Hi, folks;
>I went ahead and did this manually, but I was wondering if there is a
> programmatic way to do this? I'm working to reduce the number of manual
> tasks in our release process. I apologize if there's an obvious answer that
> I've missed, which always seems to be the case with these tools :-)
>
> Cheers!
> --
> Daniel Ruggeri
>
> > -Original Message-
> > From: Apache Reporter Service 
> > Sent: Tuesday, March 13, 2018 7:14 PM
> > To: druggeri 
> > Subject: Please add your release data for 'httpd'
> >
> > Hi,
> > This is an automated email from reporter.apache.org.
> > I see that you just pushed something to our release repository for the
> 'httpd'
> > project
> > in the following commit:
> >
> > r25697 at 2018-03-14 00:06:27 + (Wed, 14 Mar 2018)
> > Add 2.4.32 to release dist
> >
> > If you are a PMC member of this project, we ask that you log on to:
> > https://reporter.apache.org/addrelease.html?httpd
> > and add your release data (version and date) to the database.
> >
> > If you are not a PMC member, please have a PMC member add this
> > information.
> >
> > While this is not a requirement, we ask that you still add this data to
> the
> > reporter database, so that people using the Apache Reporter Service will
> be
> > able to see the latest release data for this project.
> >
> > Also, please ensure that you remove [1] any older releases.
> >
> > With regards,
> > The Apache Reporter Service.
> >
> > [1] http://www.apache.org/dev/release.html#when-to-archive
> >
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org
>
>

Re: [REQUEST] Httpd Webserver Training in French

[William A Rowe Jr]

Hi Sharan,

it's usually more efficient to ask the community directly about
project-specific
asks. I've gone ahead and forwarded your note to the users and dev lists
where we are more likely to find the right resources. I personally
know at least
a half dozen httpd committers proficient in French, so this seems in the realm
of possibility!

Potential presenters,

note contact info below to reach out.



On Thu, Jan 4, 2018 at 8:38 AM, Sharan Foga  wrote:
> Hi Everyone
>
> I've posted a message on the httpd dev mailng list too but am including it 
> here just in case we have someone that can do it!
>
> During the Open Source Summit in Paris, a company (starinux.org) came to the 
> Apache booth to ask us about getting some training on the httpd webserver for 
> their members. They are looking for one full day of training. The company is 
> French one so the training would need to be done in French too. The location 
> will be Paris, La Defense.
>
> If anyone is interested in providing some training for them then their 
> contact details are as follows:
>
> Antoine Wache
> cont...@starinux.org
>
> Thanks
> Sharan
>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: KAM is not drunk was Re: Wristbands instead of stickers?

[William A Rowe Jr]

On Thu, Aug 10, 2017 at 9:28 PM, Joseph Schaefer
 wrote:
> You still haven't addressed the political problem this org faces regarding 
> even innocuous expressions of support like this.  The fact is there isn't 
> even unanimity among current board members that there is a problem with the 
> google manifesto or the individuals it damaged.

Oh, I have no need to, in fact I jumped at a KAM's critical error in
understanding
what the computer profession was (the use of the inhuman 'what' is deliberate),
and avoid him making such a bracelet unless he understands the implication.

In ribbon culture, if you want to share it, you order and have printed
on whatever
color whatever text you want to share, and exchange them. Personal expression,
not an organizational statement. My print of "Hack Like a Girl" ribbons will be
shared by the young 'un, whom at 6 is finishing construction of her 3d
printed RC
plane (with some grown-up help.) So that would be our family choice, these would
not be paid for by an organization, any more than a ribbon she might
get in return
about whatever maker or gaming or fiction-related meme.

E.g. I'd encourage the foundation to consider doing bracelets or ribbons or
stickers or whatever promoting projects. I'd encourage individuals to print
whatever bracelet / ribbon / sticker floats their boat and exchange them.

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: KAM is not drunk was Re: Wristbands instead of stickers?

[William A Rowe Jr]

On Thu, Aug 10, 2017 at 9:09 PM, William A Rowe Jr  wrote:
> On Thu, Aug 10, 2017 at 8:10 AM, Kevin A. McGrail
>  wrote:
>>
>> 
>> And after the moron at Google decided girls should only get Barbie dolls, 
>> I'll personally pay for a batch that says Code Like a Girl. Myrle if you 
>> have ideas of something pithier that is broader, I am game.  Compute Like a 
>> Girl?
>
> FWIW, a computer (computationalist) was a stereotype that there were
> many smart people who could not engineer, but could perform
> calculations. I don't think you want to go there.
>[...]
> This is the oldest reference I find to "Code Like a Girl" -
> http://melitamihaljevic.blogspot.com/ blog title. Someone else can
> continue the crawl prior back before 2011, or simply ask :)

I'm back in 2006 and continuing to time travel...
http://www.texasgoldengirl.com/afterhours/code-like-a-girl/

Anyways, I don't see a reason to logo-ize this with an ASF feather.
I do see a reason to borrow such a tag line for a specific inclusive
initiative, as the ASF welcomes any good code and productive
dev- dialog from anyone at all.

I'm thinking of running a batch of "Hack Like a Girl" ribbons for the
next PenguiCon, handing them out to everyone who who is proud
to wear one. (A number of conventions have a very broad ribbon
culture, beyond the speaker/sponsor/staff default choices.)

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: KAM is not drunk was Re: Wristbands instead of stickers?

[William A Rowe Jr]

On Thu, Aug 10, 2017 at 8:10 AM, Kevin A. McGrail
 wrote:
>
> 
> And after the moron at Google decided girls should only get Barbie dolls, 
> I'll personally pay for a batch that says Code Like a Girl. Myrle if you have 
> ideas of something pithier that is broader, I am game.  Compute Like a Girl?

FWIW, a computer (computationalist) was a stereotype that there were
many smart people who could not engineer, but could perform
calculations. I don't think you want to go there.

Code Like a Girl works fine. So would Hack..., Engineer..., Design...,
Architect... etc etc.

There is a reason the only thing we've entirely successfully delegated
to machines is the actual computation (and they still can't arrive at
the correct computational approach if not coded correctly.)

I appreciate your sentiment, but didn't find the alternative to be
complimentary.

This is the oldest reference I find to "Code Like a Girl" -
http://melitamihaljevic.blogspot.com/ blog title. Someone else can
continue the crawl prior back before 2011, or simply ask :)

Cheers,

Bill

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: Users of Traffic Server and Control

[William A Rowe Jr]

On Tue, Jul 4, 2017 at 1:54 AM, BURAK EGERCI 
wrote:

> Dear All,
>
>
>
> I would like to send an e-mail to users@trafficcontrol.
> incubator.apache.org but It says “E-mail Must be sent from an @apache.org
> address or a subscriber address or an address in LDAP.”. So I already
> subscribed to dev@community.apache.org but I am still not able to send an
> e-mail to above group.
>


The response itself is odd. You would want the first suggestion to be most
generally applicable (e.g. "from an address subscribed by sending a blank
email to users-subscr...@trafficcontrol.incubator.apache.org (or ' at ' if
you
want to confuse spambots... maybe...), followed by the less likely
scenarios.

It did seem unnecessarily confusing. Wouldn't know, we don't do hard blocks
on any of my projects' lists (speaking as a sometimes overwhelmed
moderator.)

Re: Please add your release data for 'subversion'

[William A Rowe Jr]

On Mon, Jul 3, 2017 at 9:34 AM, sebb  wrote:
> On 3 July 2017 at 13:43, Daniel Shahaf  wrote:
>> Apache Reporter Service wrote on Mon, 03 Jul 2017 12:21 +:
>>> This is an automated email from reporter.apache.org.
>>> I see that you just pushed something to our release repository for the 
>>> 'subversion' project
>>>
>>> If you are a PMC member of this project, we ask that you log on to:
>>> https://reporter.apache.org/addrelease.html?subversion
>>> and add your release data (version and date) to the database.
>>
>> Is the form considered a stable API so we can have our releasing script
>> POST to this site automatically?  The site doesn't say.
>
> No idea.
>
> As per the footer:
>
> The Issue tracker is at JIRA COMDEV, component Reporter.
>
> I guess that would be the place to request new features.

I have a tangential question.

Why are my projects updating DOAP files if this service can't replicate
the data? Is it possible this could be automatically scraped, for those
projects which are diligent about updating their current release data?

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: Trouble child OpenOffice

[William A Rowe Jr]

On Thu, Apr 20, 2017 at 4:08 PM, Raphael Bircher
 wrote:
> Hi Roman
>
>> The challenge that is unique to OpenOffice as you are well aware is
>> the fact that
>> it is both a product and a project.
>
> It's a bit provocative. What would happened if we drop the product, but
> don't retire as a project.

True story; Apache Subversion ships no binaries, yet is build-able on most
older and all the most recent operating systems. There is a broad network
of different builds across all of these architectures. There are very platform
specific deviations; there were interesting Windows solutions long before
Microsoft took an interest and integrated it entirely into Visual Studio.

I don't know what it looks like, but I've long advocated for AOO to 'own'
the underlying document processing source code. Retain one GUI layer
as long as there are developers around it, but recognize that no single
implementation can be performant over the entire universe of UI
implementations, even those such as QT don't behave the same way
between Linux and Win32.

We aim to promulgate open standards by being the best implementation
of those standards. I don't anticipate LO or AOO walking away from some
sharing of the documentation code base. But if the ASF's releases will
further more implementors shared goals, then AOO will continue to
succeed in that aspect. If not, let closed providers such as LO keep
running with it, and allow Oracle to have succeeded in their goal.

There is the secondary effect of online document processing; few want
to be entirely crippled by an outage, but the convenience of the world
of Google Docs/Office 360 is very compelling. Unless there are great
solutions that straddle the two well, there is no connection between
these two interested communities.

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

[Media] Props

[William A Rowe Jr]

A friendly wave from Randall...

https://m.xkcd.com/1810/

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: Results: ASF Committer Diversity Survey

[William A Rowe Jr]

On Wed, Dec 21, 2016 at 2:19 PM, Alex Harui  wrote:

>
>
> On 12/21/16, 12:10 PM, "William A Rowe Jr"  wrote:
> >
> >The biggest hassle with email activity is cross-correlating all of the
> possible
> >email aliases for some 6000 people, no longer really practical.
> committerid
> >is still easier if there were a way to collect git activity as well as
> svn based
> >projects.
>
> Agreed.  I was wondering if the forwarding email address stored at
> id.apache.org would net enough to be significant or not.  That's the email
> where you received the survey notice.  If you use that to send anything to
> an ASF list we add you to the count.
>

There are also the array of ldap aliases. Perhaps there is a way to get
that
from infra for the purposes of performing a crosstab based on ponymail or
apmail archives?

We can probably reduce the dataset down to an availid <> lastseen pair,
for purposes of determining 'seen' or 'away'.

Re: Results: ASF Committer Diversity Survey

[William A Rowe Jr]

On Wed, Dec 21, 2016 at 1:17 PM, Alex Harui  wrote:

>
> On 12/21/16, 11:05 AM, "Pierre Smits"  wrote:
>
> >To much work? For whom? In what period?
> >Does is require a combined effort? A plan? Or just a firing from the hip?
>
> Well, I think it would be good to get a new number "soon".  Sounded like
> Daniel could get a number from commits quickly.  Not sure how hard it
> would be to add in mailing list activity.  But opening the discussion to
> where else to look and actually looking made me think it would take longer
> and more energy than it was worth.  Hopefully folks who earned commit
> rights for spending time elsewhere occasionally drop by their dev@.  They
> should just so folks can know what is going on only by following dev@.
>
> Just my 2 cents though.  I won't be doing the work or stopping anyone from
> trying.
>

The biggest hassle with email activity is cross-correlating all of the
possible
email aliases for some 6000 people, no longer really practical. committer id
is still easier if there were a way to collect git activity as well as svn
based
projects.

Re: Results: ASF Committer Diversity Survey

[William A Rowe Jr]

I have the awk scripts to do that all against svn logs.

Since the introduction of git-based projects, either as a submission
mechanism or primary tool, it becomes much less comprehensive.


On Dec 20, 2016 20:44, "Daniel Gruno"  wrote:

> On 12/21/2016 03:30 AM, Alex Harui wrote:
> >
> >
> > On 12/20/16, 8:11 AM, "Rich Bowen"  wrote:
> >
> >>
> >>
> >> On 12/19/2016 08:36 AM, Sharan F wrote:
> >>> Hello Everyone
> >>>
> >>> A big thank you to everyone that has helped or participated in getting
> >>> the Committer Diversity Survey out, and also to all the committers that
> >>> responded to the survey. It has been really good to be able to collect
> >>> this information and see what it tells us about our committer base.
> >>>
> >>> I've loaded the main data and graphs from the survey onto the Community
> >>> Development wiki (see link below)
> >>>
> >>>
> >>> https://cwiki.apache.org/confluence/display/COMDEV/ASF+
> Committer+Diversit
> >>> y+Survey+-+2016
> >>>
> >>>
> >>> In total we received 765 responses (out of a 5861 committer base at the
> >>> time the survey was run) so around a 13% response rate.
> >>
> >> It would be useful to pursue Niclas' assertion that most of our
> >> registered committers are inactive. I'd think that if we define
> >> "inactive" in some measurable way, we could determine some actual
> >> numbers around that.
> >>
> >> Either way, though, given how anti-survey we have been in the past, 13%
> >> actually sounds like a pretty good response rate to me.
> >
> > How hard would it be to generate the count of all apache ids that
> > committed to any ASF repo in the last N months?
>
> We have access to that, both on a weekly, monthly, quarterly, yearly
> basis :)
>
> Question then is, how many of the active ones filled out the survey, and
> how many inactive. Maybe next time we'll have a "when did you last
> contribute to an ASF project" question :)
>
> With regards,
> Daniel.
>
> >
> > -Alex
> >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> > For additional commands, e-mail: dev-h...@community.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org
>
>

Re: Who at Apache is participating through their disability? (Was: Re: Diversity: How many disabled people are at Apache)

[William A Rowe Jr]

On Sat, Dec 17, 2016 at 1:09 AM, William A Rowe Jr 
wrote:

> On Tue, Dec 13, 2016 at 3:09 PM, Raphael Bircher  > wrote:
>
>> Hi people
>>
>> The question is in the subject: It would just be interesting. Ok, many
>> people allready know, I have a physical disability called ICP (Infantile
>> cerebral palsy). I just want to know, if there are others.
>>
>> I think, ASF could be a chance for disabled people to get work. The model
>> of the ASF is perfect for this. You can get in without having any diplom or
>> reference. Here everyone can get the chance
>
> [...]
> I'm glad you raised this question and hope you find connections,
> and would be happy to learn any suggestions you have to offer.
>

And don't be surprised if folks contact you privately. Many have no
desire to talk about this on a public forum. A private side-channel
of folks you meet through your introduction would be really terrific,
as long as technical discussions happen on public dev@ lists.

Who at Apache is participating through their disability? (Was: Re: Diversity: How many disabled people are at Apache)

[William A Rowe Jr]

On Tue, Dec 13, 2016 at 3:09 PM, Raphael Bircher 
wrote:

> Hi people
>
> The question is in the subject: It would just be interesting. Ok, many
> people allready know, I have a physical disability called ICP (Infantile
> cerebral palsy). I just want to know, if there are others.
>
> I think, ASF could be a chance for disabled people to get work. The model
> of the ASF is perfect for this. You can get in without having any diplom or
> reference. Here everyone can get the chance


Hi again Raphael!

I'd like to apologize for the behavior of my colleagues.

I did not know (and of the 500-or-so members am equally unaware)
of most of my fellow Members' and own project committers'
disabilities, except the few that have shared that data. I could not
have anticipated it through their interactions and participation.

I also think, ASF provides tremendous opportunities for individuals
in any situation to offer great code, or documentation, or user help
or other facilities than enhance our projects.

I'm glad you raised this question and hope you find connections,
and would be happy to learn any suggestions you have to offer.


--- hard break - delete from replies -or- new subject: to reply ---

I am starting from square one because I'm very dismayed that so
many people who oppose and support such inclusion have hijacked
your thread, and both antagonists and apologists have turned this
very very simple inquiry into yet another multi-headed hydra. I do
wish we could all quit it.

So I'm launching your thread all over again to find out whether the
ASF is helping, and where it is hindering, where that occurs. Read
some very interesting data on color blindness yesterday, how very
simply it is to design GUI's around typical impediments, but there
are limited free resources to guide such design. Much more
profound disabilities are harder to anticipate, but knowing that
alt-tags and how screen readers are used frequently is a solid start.
If  you have other specific concerns or suggestions to aid participants,
let's start some actionable threads.

Re: Diversity: How many disabled people are at Apache

[William A Rowe Jr]

On Tue, Dec 13, 2016 at 7:59 PM, Niclas Hedhman  wrote:

>
> Anyway, I have no problem with people wanting to connect with others within
> ASF realm, regardless of reason, so this is only an opportunity to
> highlight my position on the 'diversity issue' at ASF, not in any way
> criticizing you for reaching out.
>

Please recognize that this is a commonly used tool abused on public
forums, and it is called thread hijacking. Especially when it pertains to
individuals' non-technical concerns, please don't do this. An outreach
request by anyone on community@ should not be met with a debate
about diversity.

Thanks for considering this request,

Bill

Re: Diversity: How many disabled people are at Apache

[William A Rowe Jr]

On Tue, Dec 13, 2016 at 7:59 PM, Niclas Hedhman  wrote:

>
> Now, this is what I know as "equality in opportunity" and is why I am
> somewhat skeptical to efforts focused on increasing so called diversity for
> the sake of diversity, also known as "equality in outcome". IMHO, a highly
> politicized topic, something that ASF traditionally has stayed away from,
> except when it comes to "identity politics", because everyone is scared of
> being classified in the negative.
>

Understanding your skepticism, is there a reason for you to project that
into many other individuals' interests and concerns? It seems like a sort
or rude way to inject your politics into a sincere inquiry. For that matter,
although I hadn't known of individuals at the ASF (I might know them, but
am unaware) - I've known many physically disabled computer scientists
who find some amazing adaptive technologies to let them do what they
want to do, and in our thousands of committers, already trust that there
are dozens in our lot who are doing fine. [Edit to add, you and I are very
familiar with one specific individual within the membership, but I'm not
going to call that individual out unless they want to dive into this
discussion. And I'm still sure there are others who haven't shared.]


> [1] In Apache Zest, we had a professional, classical musician creating an
> example project, and in that gave a lot of useful feedback. When we found
> out that he never worked in software, we were all quite surprised, as his
> work was of remarkably high caliber. I think this is rather common...
>

We had an an airline pilot. Collectively, we come from very diverse
upbringing,
educations, career paths, genders and castes. I found your reply in defense
of refusing to let others ponder such questions you don't want to ponder
really insulting. Participate in such studies, or don't. Study the results,
or don't. The agenda is inclusion, and it seems that you are happy to have
many people included in your projects. If that is the case, the dismissive
tone of your posts, but particularly reacting to specific posts like this,
is
simply impolite.

Cheers,

Bill

Re: Please take the ASF Committers Diversity Survey

[William A Rowe Jr]

Probably best to email root@a.o direct after ensuring no typos.

On Nov 28, 2016 17:26, "Stefan"  wrote:

> Hi Sharan,
>
> I'd love to participate in the survey, but unfortunately it seems I'm not
> able to login.
> Using the same username/password I use when logging in to id.apache.org,
> I'm failing to authorize on communitysurvey.apache.org.
>
> Regards,
> Stefan
>
> On 11/27/2016 23:37, Sharan F wrote:
>
> Hello Apache Committers
>
> On behalf of the Apache Community Development team I am sending you out a
> link to the ASF's first Committers Diversity Survey. Participation is
> completely voluntary and we hope very much that all 5861 of you will
> participate in the survey.
>
> Diversity Survey Link
> 
>
> Please click the link below to take the survey:
>
> http://communitysurvey.apache.org/
>
>
> Background Information
> -
>
> If you have not seen the survey announcement or followed the mailing list
> discussions around the survey and why we are running it, then you can find
> out more details on the survey itself or at the link below:
>
> https://blogs.apache.org/comdev/entry/the_apache_
> community_development_team
>
> The survey is confidential and anonymous. In order to restrict access to
> committers only, you will need to login to access the survey weblink. The
> survey tool will not store your Apache ID nor link it to any of your
> responses and it will not capture your IP address.
>
> The survey will be open from 28th November 2016 to the 11th December
> 2016. The survey results will be announced approximately a week after the
> survey closes on the committers and community development mailing lists. We
> hope to get as many responses as possible so that we can get a better
> picture of the diversity of our committer base.
>
> Thank you very much for your support and hope that you are also looking
> forward to seeing the results.
>
> Thanks
> Sharan
>
>
>

Re: On Codes of Conduct

[William A Rowe Jr]

On Nov 17, 2016 04:03, "Noah Slater"  wrote:
>
> He offered to copy the email to the list in the reply I was responding to.

Not directed toward you, but I had thought to bring this up a week or so
earlier when I first read their article and other hostile email traffic,
and the welcome plenary at ACEU reinforced the need to consider all sides
of this issue, especially upon emphasised admonishment of eviction from the
venue. Note this tool/shield/weapon is used for the benefit of events and
the plurality of their attendees, as well as in questionable or dubious
circumstances, in the authors' direct and personal experiences. Not that
the possibility of exclusion isn't already printed on every
event/theater/public admission ticket, if you squint hard enough at the
fine print.

> As for the rest, thanks for the clarification. :)

And thank you for your thoughts as well. I ask you to not engage me further
on this topic, and I will no longer engage with you.

Please do accept my apologies for any misunderstanding of using one
specific thread, and specific post, to introduce some reflections on this
topic, that was inappropriate of me, whether such post was yours or not.

Re: On Codes of Conduct

[William A Rowe Jr]

I think you misinterpreted a couple things...

On Nov 17, 2016 02:18, "Noah Slater"  wrote:.
>
> I quoted a chunk of an email that was sent to me privately because the
> person who sent it had already offered to copy it to the list. I saved him
> the trouble by excerpting the bit I wanted to remark on.

If you had permission, please suggest 'shared with your permission...'
rather than 'from your private message to me'.  You can see how others will
misconstrue this and question your behavior.

> More to the point, the code of conduct explicitly states that grievances
> can be aired publicly.

Yes. But bringing the CoC hammer down in a public way never solves anything
other than a sense of righteousness or superiority, c.f. cited article, and
the CoC itself. Please take time to read and reflect on it, and share your
thoughts. The authors are not insensitive people and would welcome
constructive feedback.

We have a very basic principle here at the ASF that we consider individuals
in private, within the PMC for inclusion, to spare them the humiliation of
being rejected if the PMC is not on board with their becoming a new
committer or PMC member here and now. Better to revisit it another time.

We should initially treat most disciplinary measures similarly. If they can
be resolved quietly and spare embarrassment, great. If the complainant
demands more than that, then they too are part of the culture problem.

And in the US there are certain liabilities of slander that have to be
considered, whether the accusation is factual or not.

> And regarding your "cesspool" comment. I'm not sure that's a fair, or
> useful, characterisation.

Whoa... What I said, which wasn't in response to this specific incident,
was...

> If you have an *actionable* and *productive* suggestion for the *ASF*
> please present it, but let's not let this list become that cesspool
> for endlessly debating the subject,

This is on the topic of Dave and Helen's reflections on the effective
application and potential for abuse of CoCs in general. I'll let folks fall
down that rabbit hole on that FB discussion thread, but let's keep that
noise off this list until we can come back with actionable proposals,
because the topic of 'to have or not to have' a CoC is itself a trap.

Cesspool was not a reflection on the discussion in the other thread.

Hope that clarifies my post.

On Codes of Conduct

[William A Rowe Jr]

So I just sort of boggled at an post that seemed to quote private
correspondence while making a CoC accusation, or at least that's
what I think I read. Many of us know the holidays for the airing of
grievances arrives in 2 months, but public archived email lists
really are simply not the place. We have an organizational policy
that anyone can approach any officer or board member to help
resolve personal conflict or violations of the CoC. With that said...

I'd like everyone on every side of the issue to take a moment to read
the thoughts of one of the most effective convention organizers and
another all around good friend, who together penned some thoughts
on the subject of how we creates codes of conduct, and how we use
or abuse them. Both are active within the SF community and have
tried to weather the recent storms in the Hugo Awards world which
took a dark turn into politics. These are their thoughts...

http://copious-free-time.org/ss-hs/the-shield-or-the-weapon/

I'm re-sharing this publicly on Facebook so we will all agree not
to pollute this list with a bunch of back-and-forth on the merits
of *their* thoughts (they are tagged and will follow that dialog,)
Here lies that thread;

https://www.facebook.com/wrowe/posts/10154815771416929?pnref=story

If you have an *actionable* and *productive* suggestion for the *ASF*
please present it, but let's not let this list become that cesspool
for endlessly debating the subject,

individual comments or the entire thread on FB may be shut down
without prior notice, if individuals can't keep it civil.

Yours,

Bill

Re: Addition to the project maturity model

[William A Rowe Jr]

On Wed, Sep 28, 2016 at 3:33 AM, Mark Thomas  wrote:

> All,
>
> After a discussion on the general@incubator.a.o mailing list [1], I'd
> like to propose the following addition to the project maturity model.
>
> RE50
> The release process is documented and repeatable to the extent that
> someone new to the project is able to independently generate a release
> build.
>

Release 'build'? That sounds very .jar'ish to me :)

In non-JVM environments, we may have radically different ways of building,
even on linux a project may have autoconf vs cmake as parallel options.
No single release manager is expected to try all alternatives across some
broad array of target platforms.

The project must also demonstrate that they have documented how-to
for users/consumers to generate a binary build from the release package.
In terms of maturity, that might start out as windows-only or unix-only
or java-only, but as the project evolves more supported build platforms,
they will have the template for adding more build how-to documentation.

Since binaries are not releases, is it enough to say 'release package'
to capture the essence of tarball, .zip, or whatever the sources include?
If a project wants to include the .jar file as a side effect of creating the
release sources, I think 'release package' covers that to.

Otherwise, strongly +1 to this suggestion.

Re: Apachecon reviewers

[William A Rowe Jr]

On Wed, Sep 28, 2016 at 7:06 PM, Melissa Warnkin  wrote:

> Speaker notifications haven't gone out yet - so I was just informed from
> Angela. Supposedly, they're going out tomorrow.
>

I had mine before I sent this note, but it's possible it was an incremental
process.

Thankfully, the follow-up note isn't addressed the same way and avoided
the spam filter entirely, so that should recover most speakers who might
have otherwise had no clue (particularly since the CFP system won't be
updated, for those who might be checking back periodically.)

Bill

p.s. at least part of the notices to spam issue was (IP redacted);
Authentication-Results: mx.google.com;
   spf=softfail (google.com: domain of transitioning
no-reply@papersplease.online does not designate ###.##.###.### as permitted
sender)

Re: Apachecon reviewers

[William A Rowe Jr]

On Tue, Sep 27, 2016 at 11:03 PM, Karanjeet Singh  wrote:

> Hi Hadrian,
>
> Just a corner case - did you check your spam folder?
>

Thank you for pointing out the obvious, I haven't been there in months,
but it seems that gmail is especially aggressive about treating our
speaker notifications as spam.

Good catch!

Cheers,

Bill

Re: Help with task: Ensure all Apache TLPs have Wikipedia pages

[William A Rowe Jr]

It might be worthwhile to add and crosslink a table of projects, similar to
https://en.m.wikipedia.org/wiki/List_of_GNU_packages

On Sep 12, 2016 11:00 AM, "Rich Bowen"  wrote:

>
>
> On 09/10/2016 10:06 AM, Jagadeesan A.S. wrote:
> > I would like to help out with the task listed at
> > https://helpwanted.apache.org/task.html?0b349bee
> >
> > My Wikipedia contributions details,
> > https://en.wikipedia.org/wiki/Special:Contributions/Jagadeesan_A_S
> >
>
> Go for it!
>
> There's not much more to add to the description. See what projects lack
> pages, and create those pages with the listed information.
>
>
> --
> Rich Bowen - rbo...@rcbowen.com - @rbowen
> http://apachecon.com/ - @apachecon
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org
>
>

Re: Apache HTTPD Training and certification

[William A Rowe Jr]

On Sep 9, 2016 3:47 AM, "Shai Gallant"  wrote:
>
> Good morning,
>
> Is there an official Apache training program designed for the HTTPD
project?
> I've found a few companies online that offer training, but none that offer
> certification, let alone endorsement from Apache.  Can you please tell me
> how our company can offer an accredited course for Apache HTTPD that
awards
> a certificate approved by the Apache Community?

Being a charitable 501(c)3 foundation, the ASF makes no commerical
judgements with respect to 'certifications' or 'approved distributions'.
What commerical and non-commerical entities do with the ASF source code is
up to them, provided they comply with license, copyright and trademark law.
Other software foundations organized as 501(c)6 organizations have more
flexibility in this respect.

E.g. a vendor cannot offer a "Certified Apache Tomcat Administrator'
designation, as this implies endorsement by the ASF, in violation of the
ASF's mark.

Re: Cross-project blog post?

[William A Rowe Jr]

On Wed, Jul 20, 2016 at 10:54 AM, Rich Bowen  wrote:

>
> https://blogs.apache.org/foundation/entry/httpoxy_cgi_vulnerability_response
>

Thanks Rich!

Re: Cross-project blog post?

[William A Rowe Jr]

On Wed, Jul 20, 2016 at 6:27 AM, Konstantin Kolinko 
wrote:

> 2016-07-20 12:37 GMT+03:00 Bertrand Delacretaz :
> > On Tue, Jul 19, 2016 at 8:02 PM, William A Rowe Jr 
> wrote:
> >> What if we digest the audience and list the scope (different projects
> which
> >> are impacted/offering mitigations) in a more conversational tone,
> mention
> >> the httpoxy URL and just point the reader to
> >> https://www.apache.org/security/asf-httpoxy-response.txt for all the
> >> detailed workarounds we've offered?...
> >
> > That sounds good to me, here's a minimal suggestion that we might
> > publish at https://blogs.apache.org/foundation/ unless you want
> > something more complete.
> >
> > ***
> > Title: "httpoxy" CGI vulnerability response
> >
> > A group of ASF projects (HTTP, Tomcat, Traffic Server, Perl) has
> > analyzed the CGI application vulnerability recently published at
> > https://httpoxy.org/
> >
> > Their detailed analysis, targeted at Web server administrators and CGI
> > developers and including mitigation information, can be found at
> > https://www.apache.org/security/asf-httpoxy-response.txt
> > ***
>
>
> I think that perl in list of ASF projects should be spelled "Perl
> (mod_perl)",
> to distinguish it from Perl programming language as a whole.
>
> Also HTTP in that list to be spelled "HTTP Server"
>

Good points, think we can go with your text plus these edits, Bertrand.

Thanks!

Bill

Re: Cross-project blog post?

[William A Rowe Jr]

What if we digest the audience and list the scope (different projects which
are impacted/offering mitigations) in a more conversational tone, mention
the httpoxy URL and just point the reader to
https://www.apache.org/security/asf-httpoxy-response.txt for all the
detailed workarounds we've offered?

FWIW I've requested a Security Team blog topic and listed some key team
members including MarkT, MJC and Dirk as initial admins, but that may take
a bit more time to provision.

On Jul 19, 2016 7:36 AM, "Rich Bowen"  wrote:

> Ok, well, let me know what you want posted, and I'll be glad to
> facilitate.  I presume we want this done soon or not at all, so I'll be
> ready whenever you let me know.
>
> On Jul 19, 2016 04:06, "Bertrand Delacretaz" 
> wrote:
>
> > On Mon, Jul 18, 2016 at 4:14 PM, William A Rowe Jr 
> > wrote:
> > > ...Does it make sense to blog this, or at least R/T from @TheASF? ...
> >
> > I'd say tweet and maybe also write a foundation blog post to announce
> > that advisory, but do not duplicate the advisory content on the blog
> > (assuming the URL that you mention is meant to be permanent).
> >
> > -Bertrand
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> > For additional commands, e-mail: dev-h...@community.apache.org
> >
> >
>

Re: Cross-project blog post?

[William A Rowe Jr]

No commentary required, but feel free to edit (including the source text
under www.a.o/security/) and add commentary as you see fit.

On Jul 18, 2016 4:57 PM, "Rich Bowen"  wrote:

> Oh, I see. I misunderstood.  You want to post it as is, or did you want to
> add commentary? I have access.
>
> On Jul 18, 2016 2:40 PM, "William A Rowe Jr"  wrote:
>
> > I'm happy to do this, but if someone is already set up with
> > blogs.apache.org,
> > please feel free to beat me to it, I am not set up at the moment
> >
> > On Jul 18, 2016 11:03 AM, "Rich Bowen"  wrote:
> >
> > Absolutely. We should be proactive about stuff like that. Be sure to cc
> > Sally with whatever you do.
> >
> > On 07/18/2016 10:14 AM, William A Rowe Jr wrote:
> > > In response to https://httpoxy.org/ (which has no actual ASF
> > > vulnerability we are aware of) the HTTP, Tomcat and ATS projects
> > > collected feedback, along with validation from the Perl project;
> > >
> > > https://www.apache.org/security/asf-httpoxy-response.txt
> > >
> > > Does it make sense to blog this, or at least R/T from @TheASF?
> > >
> >
> >
> > --
> > Rich Bowen - rbo...@rcbowen.com - @rbowen
> > http://apachecon.com/ - @apachecon
> >
>

Re: Cross-project blog post?

[William A Rowe Jr]

I'm happy to do this, but if someone is already set up with blogs.apache.org,
please feel free to beat me to it, I am not set up at the moment

On Jul 18, 2016 11:03 AM, "Rich Bowen"  wrote:

Absolutely. We should be proactive about stuff like that. Be sure to cc
Sally with whatever you do.

On 07/18/2016 10:14 AM, William A Rowe Jr wrote:
> In response to https://httpoxy.org/ (which has no actual ASF
> vulnerability we are aware of) the HTTP, Tomcat and ATS projects
> collected feedback, along with validation from the Perl project;
>
> https://www.apache.org/security/asf-httpoxy-response.txt
>
> Does it make sense to blog this, or at least R/T from @TheASF?
>


--
Rich Bowen - rbo...@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon

Cross-project blog post?

[William A Rowe Jr]

In response to https://httpoxy.org/ (which has no actual ASF
vulnerability we are aware of) the HTTP, Tomcat and ATS projects
collected feedback, along with validation from the Perl project;

https://www.apache.org/security/asf-httpoxy-response.txt

Does it make sense to blog this, or at least R/T from @TheASF?

Re: [APACHECON] Question about Lightning Talks

[William A Rowe Jr]

Note that we also have held incubator lighting talks in the incubator track
(not a single unified session in the ballroom) which are perfect for what
you are asking.

Historically these have been 3 sessions per hour, 15 minutes each, replete
with slide decks. Exactly what you are thinking of, but tuned to the
incubating, not top-level projects.
On Jun 6, 2016 2:03 PM, "Benedikt Ritter"  wrote:

> William A Rowe Jr  schrieb am Mo., 6. Juni 2016 um
> 20:09 Uhr:
>
> > Our lightning talks have ranged from the theatrical, to the silly, to the
> > deep
> > tech dive into the edges of the ASF.
> >
> > The programming is 5 minutes.  No slides are allowed (but some get away
> > with them on the discretion of the MCs.)  Some who use them choose the
> > auto-advance program (n seconds per slide, no control/overrides allowed.)
> >
>
> Thank you William!
>
> So it's not the right platform for a "I'll show you some code example to
> get you started with Project XYZ" kind of talk, right?
>
> Benedikt
>
>
> >
> >
> >
> >
> > On Mon, Jun 6, 2016 at 12:55 PM, Benedikt Ritter 
> > wrote:
> >
> > > Hi,
> > >
> > > how are lightning talks organized at ApacheCon? I've seen very strict
> > > sessions where you were not allowed to bring anything but yourself (so
> no
> > > slides) and less restricted ones where the only restriction was that it
> > had
> > > to be done in 10 Minutes.
> > >
> > > Thank you,
> > > Benedikt
> > >
> >
>

Re: [APACHECON] Question about Lightning Talks

[William A Rowe Jr]

Our lightning talks have ranged from the theatrical, to the silly, to the
deep
tech dive into the edges of the ASF.

The programming is 5 minutes.  No slides are allowed (but some get away
with them on the discretion of the MCs.)  Some who use them choose the
auto-advance program (n seconds per slide, no control/overrides allowed.)




On Mon, Jun 6, 2016 at 12:55 PM, Benedikt Ritter  wrote:

> Hi,
>
> how are lightning talks organized at ApacheCon? I've seen very strict
> sessions where you were not allowed to bring anything but yourself (so no
> slides) and less restricted ones where the only restriction was that it had
> to be done in 10 Minutes.
>
> Thank you,
> Benedikt
>

Re: Encouraging Diversity - Update 1

[William A Rowe Jr]

On Mon, May 30, 2016 at 10:42 AM, Ted Dunning  wrote:

> Sharan,
>
> One possible explanation of an under-representation problem (assuming we
> have one ... you point out rightly that we should measure first) is that
> *other* factors have given the impression that open source communities are
> unfriendly.
>

I'm not sure 'unfriendly' is the label we are most worried about. We've
heard
from a number of female ASF members that their gender has not had a very
significant impact on their personal participation. YMMV, and obviously we
had heard of other very serious issues, not that these reflected as much on
the organization, but behavior of individuals in conjunction with the
organization.

The under-representation issue -is- rooted in the origin story and formation
of the foundation. I don't claim (I doubt anyone would) that the
self-selection
of some 40 all-male Foundation Members (after the inception - through the
year 1 members nominations) had any malice, or ill intent, or even
exclusion.
This reflected that in these first 3 projects of the foundation, the
participants
were overwhelmingly male, and nominations were based on their contributions.

These were very small communities and reflected those who reached out
to mailing lists with specific needs and concerns about these few projects.
They engaged, and eventually contributed back to those projects in some
not-so-small measure. The fact that they were largely fraternal (both coding
and socially speaking, and was the tone of the mailing lists) and had *very
small sample size* of those hackers who were working in only a few specific
technology spaces suggests this result is not surprising, and doesn't
suggest
active exclusion.

Rolling forward to today, we now cover a large number of technology spaces
with around 200 different projects, and enjoy the contributions of many
thousands of contributors. Some 400+ of these contributors are recognized
as foundation members. We can break down our challenges in a couple of
dimensions...

1. Is the foundation membership representative of the committers as a whole?

Since this is a tough nut to crack, let's look at simpler questions...

2. Are there some projects underrepresented by the foundation membership?

3. Are there some projects with a much more diverse contributor base than
   others?

4. Of the more diverse projects, what are the social and technological bits
   that those communities are doing right (or what did they simply stumble
   into for a more appealing space to a more diverse group of contributors?)

5. What are the obstacles to including more contributors on the committer
   lists and PMC rosters of our projects?

6. What are the obstacles to identifying the committer/PMC members of
   underrepresented projects to the foundation membership for inclusion?

Few of these questions really speak to gender bias per se, and have been
active concerns of many members over the past 17 years. I think exploring
all of these questions with additional data collection about diversity
(gender,
geographic, etc) is always a worthwhile pursuit.

Cheers,

Bill

Re: No Unicode Feather?

[William A Rowe Jr]

For Trademark reasons, the ASF feather is out.  A feather wouldn't be a
horrible emoji although all I can think of it representing is tickle, heh.
On May 24, 2016 6:52 PM, "Christopher"  wrote:

> This is a somewhat serious question (but only somewhat).
>
> Does anybody know what the process would be like to petition for a feather
> (ASF or otherwise) emoji in unicode? Has anybody tried doing this?
>

Re: cross-project communication space?

[William A Rowe Jr]

What committee is responsible for such lists?

I think community itself is a good choice, parking these lists within
geospatial-dev@community.a.o would better reflect that relationship.

Cheers,

Bill
On May 12, 2016 10:47 AM, "Rich Bowen"  wrote:

>
>
> On 05/12/2016 08:01 AM, Sergio Fernández wrote:
> > Hi,
> >
> > as part of the discussions we have had these days in Vancouver, some of
> the
> > projects involved in the Geospatial track of the conference (mainly SIS
> and
> > Marmotta) we have been discussing that we'd like to have a common space
> > where discussing about common things. So far I do no see such common
> space
> > for other topics.
> >
> > A geospatial@a.o mailing list could serve that purpose, as well as an
> entry
> > point for other communities (OGC, Eclipse LocationTech, etc).
> >
> > So, after discussing it with some folks here, I feel like bringing it up
> > here is a good way to figure out how we can materialize such idea.
> >
> > Thanks in advance for all your feedback.
> >
>
> This absolutely needs to happen, and I applaud you for making it happen.
> As Ross says, you can open a ticket with Infra, but I'll bet that if one
> of you who is here in Vancouver approaches one of the Infra guys, you
> can make it happen even faster. They're awesome and helpful.
>
> I would also love to see some of our other project groups do a similar
> thing. It's also a great point of engagement for people that are new to
> our projects, who understand the technology areas, but aren't familiar
> with individual project names..
>
> The question that I would have would be where we can most effectively
> promote these cross-project lists. I presume that each participating
> project would list it on their mailing lists pages, but we'd also want
> to have them on projects.apache.org. Where else?
>
>
> --
> Rich Bowen - rbo...@rcbowen.com - @rbowen
> http://apachecon.com/ - @apachecon
>
>

Re: HackIllinois 2016

[William A Rowe Jr]

[bcc Members, Incubator-PMC]

On Wed, Jan 27, 2016 at 4:41 PM, Lewis John Mcgibbney <
lewis.mcgibb...@gmail.com> wrote:

> Hi Folks,
> I was recently approached by Kevin Hong on behalf of HackIllinois regarding
> an event they are putting on as described below.
> Basically, this year they are looking for open source software to feature
> on the agenda (yay!!!) and are looking for keen mentors from the open
> source community to help at the 3 day event.
>

Specifically, students compete.  Mentors are expected to help their team,
and also help any other team looking for guidance about the logistics and
incorporation of and participation in open source.  The scope seems to be
undefined and still expanding...


> As stated below they will pay for travel and accommodation if you are able
> to make it.
> I've CC'd Kevin here so you can reach out to him directly with any
> questions and/or express your availability and intent to engage in
> HackIllinois.
>

You can reach out directly to Kevin or Sri, both are on the planning team,
cc'ed here, and we have direct contact details (don't do that on public
lists
please, Lewis ;-) ...


> I already see Mr Rowe Jr and others mentioned below so I hope to see some
> familiar faces and names there when I get there.
>

You'll also bump into Roman Shaposhnik who has also signed on, and I've
reached out to a handful of other locals directly along with some non-ASF
folks who would be invaluable...

I've seen some concern that this reads like a form letter, but believe me,
their
research and outreach has been most sincere.  I know that they can't fly
folks in from APAC or EMEA on their small budget, but they really want to
plug
in as many of the 1,000+++ participating students from across the US (and
most everywhere else, the student population of UIUC alone from China now
exceeds 10%, although this is *not* a UIUC-specific event) with individual
mentors.  Which is the entire definition of both incubator and "community"
@apache.org, no?

I spent some time on the phone with Sri, as Lewis has with Kevin, and
we assure you they are on the right page. If it isn't entirely rounded-out,
it
is only because they still need to talk to more folks and get more input
into
their designs, but I think they have the fundamentals. Your signup is also
a solicitation for project ideas to connect students to open source, go for
it.

Another surprising fact to at least a few of you, Apache httpd Web Server
was created at UIUC in collaboration with the NCSA. If you ever wanted to
feed the hand that fed you, this is it :)

Please consider participating... and thank you LJM for amplifying the
message,

Cheers,

Bill

On Sat, Jan 2, 2016 at 6:53 PM, Sri Vasamsetti  wrote:

> Hi Will!
>
> My name is Sri Vasamsetti, and I’m a senior studying Computer Science at
> UIUC. This year, I’m organizing HackIllinois, Illinois’s annual hackathon
> where we bring in over 1000 students and help them build some of the most
> innovative hardware and software projects. For highlights of last year’s
> event, check out go.hackillinois.org/video.
>
> This year, HackIllinois returns on February 19-21st, 2016
> . One of the biggest
> things we are working on this year is building out our Open Source
> Initiative. With OpenSource@HackIllinois, we are connecting undergraduate
> students with open source developers as they work to build on and enhance
> existing projects. I recently came across your profile, and it mentioned
> that you were experienced in open source projects. We’d love to have your
> help as we push forth this efforts. For information, please see
> hackillinois.org/opensource.
>
> We’ll be covering your travel, accommodation and food during the weekend.
> If you have any questions or could help us in another way, I’d love to set
> up a call! Thanks for all your help! Happy New Years!
>
> Best Regards,
> Sri
>

Finding your niche (Re: Want a Mentor)

[William A Rowe Jr]

Pawal, and other newcomers,

Absolutely the best was to become a contributor is to begin by becoming a
user of one or more projects!

In time, you will find some shortcoming or missing feature that would make
your work easier or make your life better.  That's the 'ah hah' moment when
you can dig into the source code, and whip up a patch that benefits you.
We call that 'scratching your own itch'.

By the time you bring that patch back to the project you will have some
familiarity with the project, as a user, and a beginning understanding of
the code underneath the project.  At that point, asking for a mentor to
help you refine your patch and have it accepted and incorporated into the
project is a terrific help.  Each project has their own approach and
collaborative style, even though all operate somewhat similarly.  A mentor
can be a big help with constructive criticism and encouragement.

Best of luck!
On Jan 15, 2016 00:53, "Paweł Kłos"  wrote:

Hi,

Definitely I agree with Jain. I'm a newcomer also. Up to this moment I was
silently crawling Apache project searching for a project I could take a
part of.
Only added value is that I found many interesting Apache projects that I'll
use at work, but still don't know how to (in practice) contribute to one.

Regards,
Pawel Klos


On 2016-01-14 21:34, Kapil Jain wrote:

> No problem Patricia. Yes, it would be very helpful if Apache can have a
> help wanted page, with needs and required skills and may be complexity of
> theissue. It will be very helpful for any newcomer. I have spent 1-2 hrs
> today going thru almost all incubate projects, still no luck with finding a
> way to start/ take a first step.
>
>
> On Thu, Jan 14, 2016 at 3:28 PM, Patricia Shanahan  wrote:
>
> I'm sorry - I thought you had already selected Hadoop. I don't know any
>> alternative to picking projects, browsing their developer lists, and
>> seeing
>> if anything interests you.
>>
>> Maybe Apache needs a "Help wanted" web page where projects can list their
>> needs?
>>
>>
>> On 1/14/2016 12:24 PM, Kapil Jain wrote:
>>
>> Yes, at a high level - however its providing details about version
>>> controlling. feedback/ bugs reporting etc.
>>>
>>> I'm looking for a suitable project for me I can start understanding it
>>> and
>>> then contributing to it.
>>>
>>> On Thu, Jan 14, 2016 at 3:11 PM, Patricia Shanahan  wrote:
>>>
>>> Have you read http://www.apache.org/dev/contributors?
>>>

 On 1/14/2016 11:59 AM, Kapil Jain wrote:

 Still struggling to find a project and take my first step. Looking for

> mentor who can just help me in getting started.
>
> On Mon, Jan 11, 2016 at 3:57 PM, Kapil Jain 
> wrote:
>
> Can someone please help me in finding out a suitable project where I
> can
>
> contribute? I'm more interested in Hadoop and Java. But can work on
>> another
>> project and/ or language.
>>
>>
>>
>>
>> On Mon, Jan 11, 2016 at 11:33 AM, Ross Gardler <
>> ross.gard...@microsoft.com
>>
>> wrote:
>>
>>>
>>> Welcome.
>>
>> Please see details of the process at
>>> http://community.apache.org/mentoringprogramme.html
>>>
>>> It should be noted that 95% of the work is on your side. Success in
>>> open
>>> source is about self motivation and self management. The other 5% is
>>> about
>>> asking for help when you hit a barrier. The above link should provide
>>> enough info to get you started.
>>>
>>> Sent from my Windows Phone
>>> 
>>> From: Kapil Jain
>>> Sent: ‎1/‎11/‎2016 8:24 AM
>>> To: dev@community.apache.org
>>> Subject: Want a Mentor
>>>
>>> I would like to join apache mentorship programme and want to
>>> contribute
>>> to
>>> Apache Hadoop project.
>>>
>>> I have Java skills required for the project.
>>>
>>> I'm unable to figure out how to contribute. Please assist.
>>>
>>> Thanks,
>>> Kapil
>>>
>>>
>>>
>>>
>>

Re: Forming a community of Apache fans in China - Apache China Community

[William A Rowe Jr]

That was my reaction.  A dev-cn@community.apache. org could be a useful
discussion vehicle to engage prospects and help with facilitating that
engagement.  It wouldn't look all that much different than the usual
English Q&A here on dev@c a o.

Expecting an interested contributor to rely solely on machine based
translation (which is horrid when it comes to SVO vs SOV and other
orderings) when posting to an English mailing list isn't realistic.
Engaging them to offer code patches, translations and other sorts of
engagement does seem to fall under the remit of the community pmc, no?
On Nov 21, 2015 04:58, "Hervé BOUTEMY"  wrote:

> I like the idea of doing something to better engage with China or India or
> "country of your choice" people interested in Open Source but not able
> currently because of language and cultural barriers for masses
>
> But when I read "forming the Apache China Community", I read forming
> something
> completely separate, and eventually forming a separate TLP: staying short,
> I'm
> not convinced
>
> What about creating localized content in http://community.apache.org/ ,
> pointing to dedicated non-english language mailing lists, focused on
> explaining community aspects, how to engage with Apache projects and to
> deal
> with the fact that Apache projects are done in english?
>
> Because I don't see:
> - how we could do localized lists for every Apache TLP
> - how we could do a TLP that we can't interact with in english (I can say
> it
> because I'm not native english: english language is our minimum common
> convention, and it cost me to learn it :) )
>
> But perhaps existing community TLP could have localized sub-projects
> (taking
> the form of content + mailing lists, but not code) targeted at helping
> people
> work with other TLPs
>
> WDYT?
>
> Regards,
>
> Hervé
>
> Le samedi 21 novembre 2015 18:14:11 Ted Dunning a écrit :
> > Ted,
> >
> > It is not clear that what you want to happen is not happening.
> >
> > There does seem to be an open discussion. Here and elsewhere.
> >
> > What exactly do you want to happen?
> >
> > What good thing is not happening?
> >
> > What bad thing is happening?
> >
> > Sent from my iPhone
> >
> > > On Nov 21, 2015, at 17:58, Ted Liu  wrote:
> > >
> > > Hi Niclas,
> > >
> > > It'd be appreciated an open and constructive discussion can be formed
> at
> > > ASF instead of labeling or stereotyping. The ask of forming of a
> > > community, group or alike in China comes from the grass-root idea and
> > > action because there are strong demands here. Otherwise nobody would
> care
> > > and nobody could be instructed or directed. That’s the reason why a
> group
> > > of Chinese ASF members, PMC members, committers, contributors, etc.,
> want
> > > to work together voluntarily to change the status quo by bridging the
> > > Chinese talents and good projects to/from ASF. The motivation and
> > > enablement of the local community/group will be mainly from the
> > > experienced Chinese ASF members, committers and contributors, who
> people
> > > will trust, instead of any individual new to ASF.
> > >
> > > Talking about the language barrier, you should already know how
> difficult
> > > it is to learn Chinese after living 4+ years in Shanghai. One recent
> > > example is that literally no one from the Apache Fans Wechat social
> group
> > > (360 people now) responded to your proposal, in English, to hold a
> > > technical meetup in Shanghai. Your ASF status and the fact of your
> > > location in Shanghai do not automatically translate into trust and
> > > effective communication to enable and motivate people's actions. The
> wait
> > > of a good machine translation is an unknown that younger generation
> > > contributors would not tolerate.
> > >
> > > The more challenging part is the culture differences where the sense of
> > > community, governance, contribution and the Apache Way are still at
> > > infant stage in China. There are more than enough good codes and events
> > > (conferences, meetups, etc.) in China. The real blockers are language
> and
> > > non-Apache-Way culture where the proposed China community/group can
> > > contribute.
> > >
> > >
> > > Ted
> > >
> > > -Original Message-
> > > From: Niclas Hedhman [mailto:hedh...@gmail.com]
> > > Sent: Saturday, November 21, 2015 3:02 PM
> > > To: dev@community.apache.org
> > > Subject: Re: Forming a community of Apache fans in China - Apache China
> > > Community
> > >
> > > Ted,
> > > 2 things...
> > >
> > > 1. There were Apache Roadshows in Shanghai in 2010 and 2011.
> > >
> > > 2. I am glad to see your enthusiasm of forming/creating organization.
> But
> > > the ASF and many other open source projects are not command&control
> > > driven top-down structures. So, there is very little "need" for
> "creation
> > > of communities". They either form, or they don't.
> > >
> > > I was happy to see that the younger generation at the Roadshow in
> Beijing
> > > grasped that idea very well, whereas th

Re: Moderators for announce@

[William A Rowe Jr]

On Fri, Nov 13, 2015 at 10:59 AM, Stefan Bodewig 
wrote:

> Hi all
>
> I'm not sure whether this is the correct list but couldn't come up with
> something more appropriate after trying infra without success.
>
> I've sent the announcement mail for the latest log4net release almost 60
> hours ago and so far it hasn't been moderated through.  This also meant
> the announcement didn't make it into Sally's weekly ASF status update
> :-(
>
> Do we need more moderators?  If so, I offer to help out.  I'm already
> moderator of ~10 lists and a member of the ASF (if this is a
> requirement).
>

Silly question but did you post the announce from your @apache.org account?

For the benefit of moderators, all non-@apache announcement emails are
filtered away.

Re: Passion and vigilance in open source

[William A Rowe Jr]

On Sep 23, 2015 4:53 PM, "Jim Jagielski"  wrote:
>
>
> >
> > Spending a weekend with my kids, who are both introverts, helps
> > remind me of the needs of those who are not 'public people'.  We
> > have many successful examples, I'm thinking especially of Sam
> > or even Rich who are actually much quieter and reserved and
> > generally 'go off into their own space' to accomplish things, and
> > thrive in the solitary spaces where they can assemble something
> > they are happy with.  All of our many introverts then bring back
> > Cool Things(TM) and interact with the community to get them
> > accepted, but the "fun" for them is the detached-creative process,
> > while the "fun" for the extroverts is the communal nature of the
> > whole collaborative development effort.
> >
>
> These are good points. I would suggest that we are all, at times,
> both intro- and extroverts, and all of us occasionally will
> go off on their own and bring back goodness. But we all "bring
> back", which I think is key. We all work towards a common goal
> and have created a way in which intro- and extroverts can contribute
> equally and equally obtain merit.

++1... I was primarily pointing out that we want to remember to respect
different approaches, and that includes folks who do this 9-5 on weekdays
or shows up with something cool and then just disappears again for a while.

Shambhala comes to mind :)

Re: Passion and vigilance in open source

[William A Rowe Jr]

On Tue, Sep 22, 2015 at 9:01 PM, Jim Jagielski  wrote:

>
> Wonder is not being able to fork a project, make some patches,
> submit a bunch of pull requests and then get a handful of them
> committed upstream... That is so solitary. The wonder is
> working *with* and collaborating *with* and reaching consensus
> *with* a group of similarly-minded individuals towards a
> common goal. The wonder is the community. And I think that
> that is something which is at risk.
>

There is some good psych theory that would be helpful in
understanding the dichotomy you describe, and I think it's
existed before the OSS revolution and continues through today.
You just did a great job of describing your approach, and mine
and many others at the foundation who are extroverts.  We enjoy
the interaction, and when a community is healthy, enjoy providing
positive feedback loops, encouragement and praise, and the
ultimate praise (to have ones code committed to the project).

Spending a weekend with my kids, who are both introverts, helps
remind me of the needs of those who are not 'public people'.  We
have many successful examples, I'm thinking especially of Sam
or even Rich who are actually much quieter and reserved and
generally 'go off into their own space' to accomplish things, and
thrive in the solitary spaces where they can assemble something
they are happy with.  All of our many introverts then bring back
Cool Things(TM) and interact with the community to get them
accepted, but the "fun" for them is the detached-creative process,
while the "fun" for the extroverts is the communal nature of the
whole collaborative development effort.

You might enjoy taking your own Meyers Briggs assessment and
compare notes with friends or collaborators on different projects
and social groups.  It goes a long way in bridging the understanding
gaps between these very different approaches to contributions,
collaboration and assembling a collective work :)  Plenty of free
tests to pick from on the web.


> To me, Open Source provided an avenue that allowed coders
> (and other contributors) to finally work together, openly
> and honestly, transparently and meritocractically (if you get
> my meaning); it fostered sharing, but not by letting someone
> share our toys by playing with them by themselves in some corner
> of the sandbox. It was about us all sharing the toys to build
> a great sand castle all together in that sandbox, when before
> we couldn't.
>
> Are people doing it for fun? Are people seeing the joy and
> wonder in our eyes? Or are people doing it just because "that's
> what I get paid to do"?
>

I expect both, just as I hope we have room for introverts and
extroverts to accomplish exactly what you describe, sharing the
toys to ultimately build the biggest collaborative sand castle that
we can be proud of together, but with very different motivations
and senses of reward :)

Re: What is the legal basis for enforcing release policies at ASF?

[William A Rowe Jr]

On Fri, Aug 21, 2015 at 10:41 AM, Jim Jagielski  wrote:

>
> > On Aug 20, 2015, at 8:27 PM, William A Rowe Jr 
> wrote:
> >
> > On Aug 20, 2015 08:52, "Jim Jagielski"  wrote:
> >>
> >> Coming in late.
> >>
> >> A snapshot is not a release. Licenses "kick in" at distribution/
> >> release.
> >
> > I want to fix FUD before it infests the rafters and subfloor.  I really
> > have never read something so stupid or ill phrased...
> >
> > Every contributor committing code to any ASF project, or even
> contributing
> > it to us in public forums (including our mailing lists, our bug trackers,
> > etc) is committing that code under the AL or has designated explicitly
> what
> > licence it came in under (commit message: forked from BSD-licensed code
> > base at {URL}.)
> >
> > It is generally AL code all the time.  I don't know where you invented a
> > 'kick-in' concept, but unless the committers are violating their
> ICLA/CCLA,
> > nothing could be further from the truth.
> >
> >> There is also a trademark issue as well... only the ASF
> >> can declare something as a release.
> >
> > There we agree :)
>
> Please reread what was said... We are talking *releases* here.
> Making something publicly available is NOT A RELEASE. It may be
> under a license, but is IS NOT A RELEASE.
>

I reread what you wrote,

> A snapshot is not a release.

We know this and agree on this, and you just responded to the obvious but
failed to address the second half of your statement.

> Licenses "kick in" at distribution/release.

They do?  This is the statement of the VP Legal, so whether it is right or
wrong, here at the ASF we attempt to honor the 'spirit' of the policy of
other licensors when we use their code, and we would hope others would
honor the 'spirit' of our policies here.  It that is the underlying
assumption, that the code is not licensed by the ASF until a formal release
occurs, then we need to revisit the many implications of that philosophy.

Re: What is the legal basis for enforcing release policies at ASF?

[William A Rowe Jr]

On Fri, Aug 21, 2015 at 8:54 AM, Shawn Heisey  wrote:

> On 8/20/2015 8:03 PM, Benson Margulies wrote:
> > If a distro takes a release of Apache X, and make significant changes to
> > it, and then distributes it, I believe that it's not OK with us for them
> to
> > simply call it Apache X. I've seen some evidence that Gentoo Linux makes
> a
> > regular habit of this, because their policies drive them to make some
> > pretty scary changes in some cases. Others may not share my view.
>
> This is how Debian ended up with "iceweasel" instead of "firefox."
> Mozilla was not OK with allowing its trademarks to be used for the
> version of those products that Debian was including.  Mozilla went
> 800-pound gorilla on Debian.  Debian complied, but took the rebranding
> route rather than allow Mozilla to force them to compromise on their
> internal guidelines.  They got a small measure of revenge with the
> package names they chose. :)
>
>
> https://en.wikipedia.org/wiki/Mozilla_Corporation_software_rebranded_by_the_Debian_project
>
> Here's a similar situation applicable to Apache ... the Debian and
> Ubuntu projects include a very old version of Apache Solr.  The code
> gets patched quite a bit, and a few of the changes could probably be
> called intrusive, but it doesn't fundamentally change what the user
> gets.  When the packages are installed (they split the Solr/Lucene code
> into *many* binary packages), the file locations are *dramatically*
> altered compared to a binary or source download from the Solr website.
>
> Given what those projects do to our code and packaging, do we have any
> right to tell them they can't call their package "Solr"?  If we do have
> that right, are we losing anything by not exercising it?
>
> Their changes do mean that when people come to the solr-user mailing
> list looking for help, we sometimes have to refer them to the downstream
> maintainers, because we can't make any sense of where things are.  Even
> though it sometimes creates support issues, I personally don't think
> there's any big problem with the way that Debian/Ubuntu changes our
> software, but what would a lawyer say?
>

We have the same occurrence at httpd, both issues.  Linux distributors
rearrange the product to suit their own conventions, and then 'freeze' at
a particular release but keep pushing a regular assortment of patches
back into their released version, mostly backported from the ASF, plus
whatever they might change that doesn't find its way back upstream.

In your example, I'm looking at packages named liblucene3-contrib-java,
liblucene3-java, liblucene3-java-doc, libsolr-java, solr-common,
solr-jetty,
solr-tomcat all from Debian.  Potentially confusing.

It seems that if they want to fork and have a patchwork of what once was
an ASF solr release, they could do this by simply naming their packages
debian-libsolr-java, debian-solr-common, debian-solr-jetty,
debian-solr-tomcat.
There would be no confusion over similarly named apache-solr* packages.
Remember our trademark policy is to avert confusion by the public who
use our software.

However, they already seem to appropriately designate their packages as
not-ASF in the way they version the specific page name.  E.g. we find
solr-common_3.6.2+dfsg-6_all.deb which is apparently ASF solr 3.6.2
with their own dfsg 6th patch set applied to that package.  If it remains
solr 3.6.2 for all intents and purposes, then I'd suggest their existing
naming convention isn't far from the mark.

One could argue that poor trademark enforcement leads to ill will, just
look at the Mozilla example, look at the MikeRoweSoft example.  Yes
it is necessary for us to assert our brands, and police them, but we can
do this in a mutually beneficial way that doesn't diminish our brands or
our reputation.

Re: What is the legal basis for enforcing release policies at ASF?

[William A Rowe Jr]

On Thu, Aug 20, 2015 at 8:52 AM, Jim Jagielski  wrote:

>
> A snapshot is not a release. Licenses "kick in" at distribution/
> release.
>

Lets just imagine if Jim, VP Legal is actually correct in his
interpretation, and that there are no AL 2.0 licenses applicable to our
source code repositories, svn or git.

Quoting http://apache.org/licenses/LICENSE-2.0 ...

2. Grant of Copyright License. Subject to the terms and conditions of this
License, each Contributor hereby grants to You a perpetual, worldwide,
non-exclusive, no-charge, royalty-free, irrevocable copyright license to
reproduce, prepare Derivative Works of, publicly display, publicly perform,
sublicense, and distribute the Work and such Derivative Works in Source or
Object form.

No, you may not modify the sources or derive those that reside within
version control of the ASF, until and upon the time when the project has
blessed that project as a release.  Patches to others' contributions to
source code control are not within the scope of this imaginary non-license
application.

3. Grant of Patent License. Subject to the terms and conditions of this
License, each Contributor hereby grants to You a perpetual, worldwide,
non-exclusive, no-charge, royalty-free, irrevocable (except as stated in
this section) patent license to make, have made, use, offer to sell, sell,
import, and otherwise transfer the Work, where such license applies only to
those patent claims licensable by such Contributor that are necessarily
infringed by their Contribution(s) alone or by combination of their
Contribution(s) with the Work to which such Contribution(s) was submitted.
If You institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work or a
Contribution incorporated within the Work constitutes direct or
contributory patent infringement, then any patent licenses granted to You
under this License for that Work shall terminate as of the date such
litigation is filed.

No, you may absolutely not test the code that has been committed to source
control without a patent license, which you do not have, until that time
when the ASF blesses the work and calls it a release.

4. Redistribution. You may reproduce and distribute copies of the Work or
Derivative Works thereof in any medium, with or without modifications, and
in Source or Object form

None of that, it's all straight out, none of it applies to your work at the
ASF until the release is blessed.  That includes passing off a patched fork
of a security fix to a reporter who claimed there was a defect in the
earlier release.

5. Submission of Contributions. Unless You explicitly state otherwise, any
Contribution intentionally submitted for inclusion in the Work by You to
the Licensor shall be under the terms and conditions of this License

Except when it isn't in Ross's and our VP Legal's own minds...

6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor, except
as required for reasonable and customary use in describing the origin of
the Work and reproducing the content of the NOTICE file.

Which wasn't a right in the first place, so no change here under any
interpretation...

7. Disclaimer of Warranty. Unless required by applicable law or agreed to
in writing, Licensor provides the Work (and each Contributor provides its
Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied, including, without limitation, any
warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or
FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for
determining the appropriateness of using or redistributing the Work and
assume any risks associated with Your exercise of permissions under this
License.

Except that perhaps the ASF is liable, under our VP Legal's interpretation,
for works which do reside in source control and were not, in fact, released
to the general public?  [Ad nauseam 8. and 9.]

Let's just not go this direction, because it is plainly false. Jim, it
would truly be helpful if you spoke up for or in contradiction to your
earlier statements, here...

Cheers,

Bill

Re: What is the legal basis for enforcing release policies at ASF?

[William A Rowe Jr]

On Thu, Aug 20, 2015 at 9:11 PM, Christopher  wrote:

> It sounds to me like you're saying that the license under which code is
> offered (to anybody who encounters it) is independent of the license
> declaration attached to the project.
>

No, the license is that which was granted by the author, and I think you
missed my followup by a few minutes, so I will quote myself here...

"Your comment also hones in on the logical fallacy our VP fell into...
While it may be true that the ASF granted its own AL 2.0 license to the
release package, the ASF is unable to change component licenses in
incompatible ways.  And the warranty the ASF offers on an inaccurate
license claims is - nil - c.f. AL 2.0"

"However, if our repositories are under another license, that VP needs to
make public this information, because I never got the memo, and I must
notify friends and the many companies I advise and consult to that they all
need to cease looking at the ASF's repositories, and let their respective
legal departments each sort this all out, if those repositories are
licensed with terms and conditions differing from the AL 2.0."
Obviously, I think our VP Legal isn't taking his job seriously of advising
the community on the specific legal particularities of the software we
create, which is why I'm going to stand pat until someone offers up a
compelling argument over why anyone is not able to take any of the AL 2.0
code out of ASF repositories, released or not, and re-purpose it for
whatever they desire.

But don't name it by "Apache {foo}" unless {foo} PMC sanctioned the release
of the code.  It's entirely in trademark law, and our license and copyright
law gives them everything they need to utilize the code, "released" or not.

Re: What is the legal basis for enforcing release policies at ASF?

[William A Rowe Jr]

On Aug 20, 2015 8:19 PM, "William A Rowe Jr"  wrote:
>
> On Aug 20, 2015 7:39 PM, "Alex Harui"  wrote:
> >
> >
> >
> > On 8/20/15, 5:27 PM, "William A Rowe Jr"  wrote:
> >
> > >It is generally AL code all the time.  I don't know where you invented
a
> > >'kick-in' concept, but unless the committers are violating their
> > >ICLA/CCLA,
> > >nothing could be further from the truth.
> >
> > Committers sometimes make mistakes.  IIRC, Justin recently caught a
> > mistake where some files accidentally got their non-AL headers replaced
> > with AL headers.
> >
> > Large codebase contributions, especially initial podling code grants
might
> > be messy as well until scrubbed and approved for an official ASF
release.
> > I know from experience.
>
> We don't disagree on this point.  Sometimes, they are caught through the
release process, or by peer review.  Other times, we must retract the claim
we offered.
>
> Nothing changes the fact that code is either offered under the AL 2.0 or
another license, unless the author/licensor changes their license
retroactively.

Your comment also hones in on the logical fallacy our VP fell into... While
it may be true that the ASF granted its own AL 2.0 license to the release
package, the ASF is unable to change component licenses in incompatible
ways.  And the warranty the ASF offers on an inaccurate license claims is -
nil - c.f. AL 2.0

However, if our repositories are under another license, that VP needs to
make public this information, because I never got the memo, and I must
notify friends and the many companies I advise and consult to that they all
need to cease looking at the ASF's repositories, and let their respective
legal departments each sort this all out, if those repositories are
licensed with terms and conditions differing from the AL 2.0.

Re: What is the legal basis for enforcing release policies at ASF?

[William A Rowe Jr]

On Aug 20, 2015 7:39 PM, "Alex Harui"  wrote:
>
>
>
> On 8/20/15, 5:27 PM, "William A Rowe Jr"  wrote:
>
> >It is generally AL code all the time.  I don't know where you invented a
> >'kick-in' concept, but unless the committers are violating their
> >ICLA/CCLA,
> >nothing could be further from the truth.
>
> Committers sometimes make mistakes.  IIRC, Justin recently caught a
> mistake where some files accidentally got their non-AL headers replaced
> with AL headers.
>
> Large codebase contributions, especially initial podling code grants might
> be messy as well until scrubbed and approved for an official ASF release.
> I know from experience.

We don't disagree on this point.  Sometimes, they are caught through the
release process, or by peer review.  Other times, we must retract the claim
we offered.

Nothing changes the fact that code is either offered under the AL 2.0 or
another license, unless the author/licensor changes their license
retroactively.

Re: What is the legal basis for enforcing release policies at ASF?

[William A Rowe Jr]

On Aug 20, 2015 08:52, "Jim Jagielski"  wrote:
>
> Coming in late.
>
> A snapshot is not a release. Licenses "kick in" at distribution/
> release.

I want to fix FUD before it infests the rafters and subfloor.  I really
have never read something so stupid or ill phrased...

Every contributor committing code to any ASF project, or even contributing
it to us in public forums (including our mailing lists, our bug trackers,
etc) is committing that code under the AL or has designated explicitly what
licence it came in under (commit message: forked from BSD-licensed code
base at {URL}.)

It is generally AL code all the time.  I don't know where you invented a
'kick-in' concept, but unless the committers are violating their ICLA/CCLA,
nothing could be further from the truth.

> There is also a trademark issue as well... only the ASF
> can declare something as a release.

There we agree :)

Re: What is the legal basis for enforcing release policies at ASF?

[William A Rowe Jr]

On Aug 7, 2015 3:20 PM, "Benson Margulies"  wrote:
>
> On Fri, Aug 7, 2015 at 12:08 PM, Gregory Chase  wrote:
> > Does "...based on Apache Hadoop" require a clear dependency notation as
to
> > which versions of Apache component releases are part of the commercial
> > distribution?
>
> No, it cannot. Trademark law is not a matter of such distinctions, and
> our very own Apache License imposes no such complexity.

Correct, and I don't expect we would ever enforce such a covenant on the
use of an ASF mark.

However, in the context of offering ASF software in the commercial or
noncommercial spaces, providing that information in some manner is just
good form and helpful to all end users.

Please never claim it is based on an unreleased version number.  Many
projects refer to foo 1.5.2-dev until 1.5.2 is released.  But if it is
based on 1.5.2-dev, this probably corresponds to 1.5.1+ patches, not the
actual 1.5.2 that will ship in the future.

Note that in the case of these projects here, it is important to note that
the code base is incubating (phrased as Apache Incubator Project Foo or
Apache Foo, incubating).  This isn't a concern for bundling TLP project
sources.

Re: What is the legal basis for enforcing release policies at ASF?

[William A Rowe Jr]

On Thu, Aug 6, 2015 at 7:50 PM, Roman Shaposhnik 
wrote:

> Hi!
>
> while answering a question on release policies and ALv2
> I've suddenly realized that I really don't know what is the
> legal basis for enforcing release policies we've got
> documented over here:
>http://www.apache.org/dev/release.html
>
> For example, what would be the legal basis for stopping
> a 3d party from releasing a snapshot of ASF's project
> source tree and claim it to be a release X.Y.Z of said
> project?
>

Nothing other than the Trademarks.

If someone wants to call httpd trunk 3.0.1-GA, they cannot do this as
"Apache httpd 3.0.1-GA" or "Apache HTTP Server 3.0.1-GA".

They can certainly release trunk under the AL license and call it "Kindred
Http Server 3.0.1-GA, based on Apache HTTP Server". That is a statement of
fact and not an abuse of the mark, IMHO. (If it was not actually based on
Apache HTTP Server, then that would similarly be a Trademark infringement
as it is a false use of the mark.)

There are no less than two marks, one is the name of the foundation itself
in conjunction with Open Source Software, and the other is the specific
project name.

Re: [APACHECON] Proposed httpd (and related) track

[William A. Rowe Jr.]

On Tue, 10 Feb 2015 16:06:14 -0700
Leif Hedstrom  wrote:

> 
> > On Feb 10, 2015, at 12:36 PM, Rich Bowen  wrote:
> > 
> > Here's my proposed httpd (and related) track. If anyone has any
> > objections, changes, suggestions, whatever, please speak up. Thanks.
> > 
> > 
> > Day 1:
> > 
> > * Panel: The Apache Group greybeards: If I'd only known then (Don’t
> > yet have confirmation of who’s actually going to be there. Brian
> > has declined to speak on such a panel.) Note if that these folks
> > don't show up, we'll need to find something to fill this slot with.
> > Brian has confirmed that he'll attend, but so far I don't have an
> > absolute confirmation from anybody else from that era.
> > 
> > * What's New In Apache HTTPD 2.4 - jimjag -
> > http://events.linuxfoundation.org/cfp/proposals/4014
> > 
> > * mod_rewrite and friends - rbowen -
> > http://events.linuxfoundation.org/cfp/proposals/1528/4013
> > 
> > * The State of TLS on Apache HTTP Server - wrowe -
> > http://events.linuxfoundation.org/cfp/proposals/4346
> 
> 
> What are the odds that we can get wrowe to do a “State of TLS in
> Apache Web Servers”? It’d be really slick, IMO, to present a unified
> front on how Apache HTTPD, Apache Traffic Server, and Apache Tomcat
> supports all the various features of TLS and make the world a better,
> more secure place. I’m sure our respective communities would gladly
> participate and help Bill with this. 
> 
> Maybe even something as small as including some slides to show how
> our Web server solutions provide world class TLS features? As a note,
> ATS was the first web proxy to get All Green status on Iliya’s “Is it
> fast yet” TLS comparison chart:
> 
>   https://istlsfastyet.com

I think such a talk would be great, perhaps open an adjacent slot before
or after for a companion session.

I'd like this presentation already submitted to be a practical approach
for Apache httpd admins, though.  I can talk at a high level about the
state of ATS and Tomcat and httpd on the feature level, at the start of
my session, but would like to spend most of the time on httpd specifics.

Since you are volunteering me, I trust I can go back to you for slide
details on the feature subset of ATS?  And I should be able to round up
someone from Tomcat to do that feature slide(s).  As far as httpd, I had
already planned a couple of meta slides on features at the beginning.

Because the Configuration API talk is new material (I presented it 
ad hoc to a customer's dev teams, but not formalized yet) I'd be a bit
apprehensive about adding another full talk to my plate ahead of ACUS15.
If someone volunteers for such a new session, I'd backstop the presenter
on httpd material.  And if someone steps up, the state of TLS at Apache
is broader than the servers, Apache HTTP Client and other components
would be similarly interesting to that audience, on a feature level.