Re: [DISCUSSION] Move PAX projects to Apache Karaf ?

[Grzegorz Grzybek]

Hello

I don't have clear opinion about which "home" is better (ASF or
github.com/ops4j). I was thinking about this idea and here are my random
thoughts:
 – [+1] for staying at GH: Not that long ago, I've migrated most of the
projects (18) from https://ops4j1.jira.com/ to
https://github.com/ops4j/*/issues - it required some effort, but IMO it was
worth it - it's really much faster and the "turnaround" is shorter. The
only (little) drawback is that we can't set more than one "fixed version"
values for an issue. So going back to Jira would be (IMO) stepping back.
 – [+1] for ASF: at ASF we'd get nice CI infra to build the projects
 – [+1] for staying at GH: I'm aware that Pax Logging is quite often used
outside of Karaf, so making it Karaf subproject could be confusing
 – [-1] for ASF: Felix already provides OSGi Logging, OSGi Http Service and
OSGi Whiteboard implementations.
 – [-1] for ASF: 3 day vote - while totally great practice, for know we
enjoy the flexibility to release Pax Logging the day the Log4j CVEs
disasters happened (10th December 2021)
 – [+1] for ASF: as JBO said, ASF is a brand and it'd benefit OPS4J projects
 – [+1] for staying at GH: the "spirit" of Open Participation would be
preserved. Mind that while I spent considerable amount of time refactoring
Pax Logging and Pax Web, I still didn't find a time to work on proper,
upgraded manual... Simply not that many people work on the projects.

Bonus thought (but probably impossible) TLP Apache project... It'd however
conflict (?) too much with Felix and its reference implementations of OSGi
specs.

kind regards, have a good weekend and prayers for peace
Grzegorz Grzybek

pt., 25 lut 2022 o 11:39 Jean-Baptiste Onofré  napisał(a):

> Thanks all for your comment.
>
> Fair discussion. I agree with you, just wanted to have this open
> discussion and share some messages I received.
>
> Let's keep PAX as it is, at OPS4J.
>
> Thanks
> Regards
> JB
>
> On Fri, Feb 25, 2022 at 11:34 AM Łukasz Dywicki 
> wrote:
> >
> > I see problem similar to Achim. We still didn't hear anything about
> > solving a community trouble. We definitely do not solve a trouble of
> > ops4j community which probably do not overlap 100% with Karaf. We may be
> > solving some trouble for Karaf community, however we probably ask about
> > shifting even more work on already small set of people working on it.
> > We hear concerns, which might or might not be justified. I don't think
> > they are since there is no record of any malicious activities made by
> > people contributing to ops4j/pax.
> > People which are mainly contributing to these project are well known
> > (Grzegorz, JB, Achim), externals contributions are coming over pull
> > requests, just like they would come to the ASF, so why we should be
> > moving around sources? As far I remember ASF does not scan IDs of their
> > contributors so it can't guarantee identity of people behind
> > contributions as well. Back at the times I was signing my agreement I
> > was sending it by online fax service, so verification was very mild.
> > While the GPG keys is some kind of resort, a lot of people (including
> > myself) have self signed key which is as good as my ssh key I use to
> > push things to git.
> >
> > The big customers can become part of community if they wish, no matter
> > where project is hosted - at github or at ASF. So far it seems to me
> > that they are asking for favor without giving anything back to
> > communities which will be affected.
> >
> > Best,
> > Łukasz
> >
> > On 25.02.2022 08:43, Achim Nierbeck wrote:
> > > Hi,
> > >
> > > I'm sorry to be a PITA :)
> > > What I've read so far has been feelings, one concern of perception by
> "big"
> > > customers.
> > > I would really like to know, which problem we are trying to solve by
> moving
> > > the pax projects under the umbrella of Karaf.
> > > Or what I personally would favor under their own tlp of the ASF.
> > >
> > > Just to clarify, I'm trying the 5 W's here ...
> > > Why do you think it's a good idea to move the Pax Projects under the
> karaf
> > > umbrella?
> > > Why do you think customers have a wrong perception of the Pax Projects
> ...
> > > and so on ...
> > >
> > >
> > > What is the core issue we are trying to solve here?
> > > As long as I don't get down to the core thing that needs to be solved
> I'm
> > > not in favor of moving the pax projects anywhere.
> > >
> > > Again sorry if I'm PITA.
> > >
> > > regards, Achim
> > >
> > >
> > >
> > > Am Do., 24. Feb. 2022 um 22:44 Uhr schrieb Eric Lilja <
> mindcoo...@gmail.com
> > >> :
> > >
> > >> Personally, I would love to see this change and the other people in my
> > >> organization liked the proposal as well.
> > >>
> > >> - Eric L
> > >>
> > >> On Thu, Feb 24, 2022 at 3:04 PM Jean-Baptiste Onofré  >
> > >> wrote:
> > >>
> > >>> Hi guys,
> > >>>
> > >>> Some of you already pinged me to share concerns about PAX projects
> > >>> governance. I think it's my duty to share these concerns and discuss
> 

Fwd: [DISCUSSION] Move PAX projects to Apache Karaf ?

[Jean-Baptiste Onofré]

Thanks all for your comment.

Fair discussion. I agree with you, just wanted to have this open
discussion and share some messages I received.

Let's keep PAX as it is, at OPS4J.

Thanks
Regards
JB

On Fri, Feb 25, 2022 at 11:34 AM Łukasz Dywicki  wrote:
>
> I see problem similar to Achim. We still didn't hear anything about
> solving a community trouble. We definitely do not solve a trouble of
> ops4j community which probably do not overlap 100% with Karaf. We may be
> solving some trouble for Karaf community, however we probably ask about
> shifting even more work on already small set of people working on it.
> We hear concerns, which might or might not be justified. I don't think
> they are since there is no record of any malicious activities made by
> people contributing to ops4j/pax.
> People which are mainly contributing to these project are well known
> (Grzegorz, JB, Achim), externals contributions are coming over pull
> requests, just like they would come to the ASF, so why we should be
> moving around sources? As far I remember ASF does not scan IDs of their
> contributors so it can't guarantee identity of people behind
> contributions as well. Back at the times I was signing my agreement I
> was sending it by online fax service, so verification was very mild.
> While the GPG keys is some kind of resort, a lot of people (including
> myself) have self signed key which is as good as my ssh key I use to
> push things to git.
>
> The big customers can become part of community if they wish, no matter
> where project is hosted - at github or at ASF. So far it seems to me
> that they are asking for favor without giving anything back to
> communities which will be affected.
>
> Best,
> Łukasz
>
> On 25.02.2022 08:43, Achim Nierbeck wrote:
> > Hi,
> >
> > I'm sorry to be a PITA :)
> > What I've read so far has been feelings, one concern of perception by "big"
> > customers.
> > I would really like to know, which problem we are trying to solve by moving
> > the pax projects under the umbrella of Karaf.
> > Or what I personally would favor under their own tlp of the ASF.
> >
> > Just to clarify, I'm trying the 5 W's here ...
> > Why do you think it's a good idea to move the Pax Projects under the karaf
> > umbrella?
> > Why do you think customers have a wrong perception of the Pax Projects ...
> > and so on ...
> >
> >
> > What is the core issue we are trying to solve here?
> > As long as I don't get down to the core thing that needs to be solved I'm
> > not in favor of moving the pax projects anywhere.
> >
> > Again sorry if I'm PITA.
> >
> > regards, Achim
> >
> >
> >
> > Am Do., 24. Feb. 2022 um 22:44 Uhr schrieb Eric Lilja  >> :
> >
> >> Personally, I would love to see this change and the other people in my
> >> organization liked the proposal as well.
> >>
> >> - Eric L
> >>
> >> On Thu, Feb 24, 2022 at 3:04 PM Jean-Baptiste Onofré 
> >> wrote:
> >>
> >>> Hi guys,
> >>>
> >>> Some of you already pinged me to share concerns about PAX projects
> >>> governance. I think it's my duty to share these concerns and discuss
> >>> possible actions.
> >>>
> >>> Apache Karaf is one of the biggest consumers of PAX projects.
> >>>
> >>> However, PAX projects use a "self own" designed governance:
> >>> - for contribution/IP
> >>> - for release
> >>> - for CVE/Security
> >>> - ...
> >>>
> >>> And it could be seen as a major concern for Apache Karaf users, as PAX
> >>> projects are not necessarily "aligned" with Apache Foundation rules.
> >>>
> >>> I would like to start a discussion on both Karaf and OPS4J communities
> >>> to "move" PAX projects as Karaf subproject (like karaf-pax).
> >>> Concretely, it would mean that:
> >>> 1. Karaf PAX projects would use org.apache.karaf.pax namespace
> >>> 2. Karaf PAX releases will have to follow the Apache release process
> >>> (binding votes, 3 days vote period, ...)
> >>> 3. Any active contributor on PAX projects would be invited as Karaf
> >>> committer
> >>>
> >>> Thoughts ?
> >>>
> >>> Regards
> >>> JB
> >>>
> >>
> >
> >
>
> --
> --
> --
> OPS4J - http://www.ops4j.org - ops4j@googlegroups.com
>
> ---
> You received this message because you are subscribed to the Google Groups 
> "OPS4J" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ops4j+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ops4j/5ff43da6-8d5f-43f4-e6e6-86af4fb162b9%40code-house.org.

-- 
-- 
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ops4j/CAB8EV3R_U7YGErd41FcwwSRyavz0BYzvCKH%2BA%2BAAaF2jho7Rcw%40mail.gmail.com.

Re: [DISCUSSION] Move PAX projects to Apache Karaf ?

[Łukasz Dywicki]

I see problem similar to Achim. We still didn't hear anything about 
solving a community trouble. We definitely do not solve a trouble of 
ops4j community which probably do not overlap 100% with Karaf. We may be 
solving some trouble for Karaf community, however we probably ask about 
shifting even more work on already small set of people working on it.
We hear concerns, which might or might not be justified. I don't think 
they are since there is no record of any malicious activities made by 
people contributing to ops4j/pax.
People which are mainly contributing to these project are well known 
(Grzegorz, JB, Achim), externals contributions are coming over pull 
requests, just like they would come to the ASF, so why we should be 
moving around sources? As far I remember ASF does not scan IDs of their 
contributors so it can't guarantee identity of people behind 
contributions as well. Back at the times I was signing my agreement I 
was sending it by online fax service, so verification was very mild. 
While the GPG keys is some kind of resort, a lot of people (including 
myself) have self signed key which is as good as my ssh key I use to 
push things to git.


The big customers can become part of community if they wish, no matter 
where project is hosted - at github or at ASF. So far it seems to me 
that they are asking for favor without giving anything back to 
communities which will be affected.


Best,
Łukasz

On 25.02.2022 08:43, Achim Nierbeck wrote:

Hi,

I'm sorry to be a PITA :)
What I've read so far has been feelings, one concern of perception by "big"
customers.
I would really like to know, which problem we are trying to solve by moving
the pax projects under the umbrella of Karaf.
Or what I personally would favor under their own tlp of the ASF.

Just to clarify, I'm trying the 5 W's here ...
Why do you think it's a good idea to move the Pax Projects under the karaf
umbrella?
Why do you think customers have a wrong perception of the Pax Projects ...
and so on ...


What is the core issue we are trying to solve here?
As long as I don't get down to the core thing that needs to be solved I'm
not in favor of moving the pax projects anywhere.

Again sorry if I'm PITA.

regards, Achim



Am Do., 24. Feb. 2022 um 22:44 Uhr schrieb Eric Lilja 
:



Personally, I would love to see this change and the other people in my
organization liked the proposal as well.

- Eric L

On Thu, Feb 24, 2022 at 3:04 PM Jean-Baptiste Onofré 
wrote:


Hi guys,

Some of you already pinged me to share concerns about PAX projects
governance. I think it's my duty to share these concerns and discuss
possible actions.

Apache Karaf is one of the biggest consumers of PAX projects.

However, PAX projects use a "self own" designed governance:
- for contribution/IP
- for release
- for CVE/Security
- ...

And it could be seen as a major concern for Apache Karaf users, as PAX
projects are not necessarily "aligned" with Apache Foundation rules.

I would like to start a discussion on both Karaf and OPS4J communities
to "move" PAX projects as Karaf subproject (like karaf-pax).
Concretely, it would mean that:
1. Karaf PAX projects would use org.apache.karaf.pax namespace
2. Karaf PAX releases will have to follow the Apache release process
(binding votes, 3 days vote period, ...)
3. Any active contributor on PAX projects would be invited as Karaf
committer

Thoughts ?

Regards
JB








--
--
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups "OPS4J" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ops4j/5ff43da6-8d5f-43f4-e6e6-86af4fb162b9%40code-house.org.

Re: [DISCUSSION] Move PAX projects to Apache Karaf ?

['Christoph Läubrich' via OPS4J]

I think one problem might be that some of the projects would then be 
bound to karaf even more as they are currently are because karaf 
"drives" them.


Also it might make feel people that they should only be used with karaf 
and are not standalone.


So for me it won't make any sense to name them "karaf-pax" or something 
alike, they should either be "pax" or "karaf" but not both.


Am 24.02.22 um 16:42 schrieb 'Achim Nierbeck' via OPS4J:

Hi JB,

Before I come to any conclusion, I would really like to understand what 
kind of issue/problem you would like to solve with this, which is easier 
to solve under an apache umbrella.


thanks, Achim

Am Do., 24. Feb. 2022 um 15:04 Uhr schrieb Jean-Baptiste Onofré 
mailto:j...@nanthrax.net>>:


Hi guys,

Some of you already pinged me to share concerns about PAX projects
governance. I think it's my duty to share these concerns and discuss
possible actions.

Apache Karaf is one of the biggest consumers of PAX projects.

However, PAX projects use a "self own" designed governance:
- for contribution/IP
- for release
- for CVE/Security
- ...

And it could be seen as a major concern for Apache Karaf users, as PAX
projects are not necessarily "aligned" with Apache Foundation rules.

I would like to start a discussion on both Karaf and OPS4J communities
to "move" PAX projects as Karaf subproject (like karaf-pax).
Concretely, it would mean that:
1. Karaf PAX projects would use org.apache.karaf.pax namespace
2. Karaf PAX releases will have to follow the Apache release process
(binding votes, 3 days vote period, ...)
3. Any active contributor on PAX projects would be invited as Karaf
committer

Thoughts ?

Regards
JB



--

Apache Member
Apache Karaf > 
Committer & PMC
OPS4J Pax Web > Committer & Project Lead

blog >
Co-Author of Apache Karaf Cookbook >


--
--
--
OPS4J - http://www.ops4j.org  - ops4j@googlegroups.com

---
You received this message because you are subscribed to the Google 
Groups "OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to ops4j+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ops4j/CAD0r13d2v73ipZrZOD3r9oL9wtSKZj7x2dc4%2By6sWg1rRyvWow%40mail.gmail.com 
.


--
--
--
OPS4J - http://www.ops4j.org - ops4j@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups "OPS4J" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to ops4j+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ops4j/2aba5725-767f-80a6-ffec-76259c3efe42%40googlemail.com.