Well obviously log4j being an ASF project has not protected it from
beeing affected by one of the worst bugs, neither has "solarwind" who
most probably knows all developers in person so I don't get it either,
this all for me is more a false-security feeling or just a generic "it
might be bette
Hi Matt,
Again, sorry for being PITA about it, I would really like to understand
what kind of problem should be solved?
I looked at the list of people that are able to work directly on the ops4j
projects, 110.
https://github.com/orgs/ops4j/people
Then I know from the past, that we had a couple of
Hello Christoph-
Again, the issue isn't a complaint. OPS4J simply does not have verification
of developer identity. More contributions or donations won't solve that.
Even the most staunch open source projects (ie Debian) require verification
of developer id.
Thank you,
Matt
On Monday, March
I can only encourage everyone that get "complains" or "concerns" of "big
bussiness" or even single users telling them to simply start
contribution or funding OS projects they depend on:
participation/review/testing (especially upcoming versions) is the best
way to mitigate "supply-chain-attack
Thanks all for your comment.
Fair discussion. I agree with you, just wanted to have this open
discussion and share some messages I received.
Let's keep PAX as it is, at OPS4J.
Thanks
Regards
JB
On Fri, Feb 25, 2022 at 11:34 AM Łukasz Dywicki wrote:
>
> I see problem similar to Achim. We still
Hi Achim
Just wanted to share concerns I received. Basically, PAX projects are
"free fields", without strong guarantee in the release (not formal
staging/vote/review).
It doesn't mean we don't do that, it's just not strongly enforced ;)
I don't mean we *have to* do it, I'm just sharing comments
Hi guys,
Some of you already pinged me to share concerns about PAX projects
governance. I think it's my duty to share these concerns and discuss
possible actions.
Apache Karaf is one of the biggest consumers of PAX projects.
However, PAX projects use a "self own" designed governance:
- for contr