Hey at least we got a discussion out of it. I agree, I think we'll keep it as is unless somebody suggests otherwise.
Kalle On Thu, Aug 5, 2010 at 12:33 PM, Les Hazlewood <[email protected]> wrote: > I gotcha - and I'm glad your brought it up. As you said, that's what > this email thread is for :) > > I think it is probably best that we leave it as the broad/general > statement that it is - it is conceivable that we might add something > else to the framework later on and I wouldn't want to be limited > because our mission statement implies that it might be out of scope. > I think that kind of stuff is better left to the community to decide. > Just thinking out loud... > > Les > > On Thu, Aug 5, 2010 at 12:15 PM, Kalle Korhonen > <[email protected]> wrote: >> Security is still bigger than "authentication, authorization, session >> management and cryptography" combined. Cryptography may be a huge part >> of the project, but we are mainly users of the cryptographic >> algorithms rather than providers of them. On session management I >> agree, and probably should be noted if we wanted to be specific but >> suppose it can be seen as being included in overall "related to >> application security" statement. I'm fine leaving the statement broad >> but that's about the only topic in the resolution we should discuss so >> I wanted to make sure that we agree with it. >> >> Kalle >> >> >> On Thu, Aug 5, 2010 at 11:35 AM, Les Hazlewood <[email protected]> wrote: >>> Yeah, I just copied Cayenne's resolution and changed only what >>> absolutely needed to be changed to make it Shiro-specific. I thought >>> this would be the 'safest' route to quickest approval since the >>> Incubator graduation criteria page specifically recommended that it be >>> used as an example from which we could create our own. >>> >>> And I'm surprised to hear the potential suggestion to limit our domain >>> to only authentication and authorization. Session Management and >>> Cryptography are two huge parts of the overall project! At least >>> based on our project origins and current mission statement, Shiro is >>> supposed to be the most comprehensive application security framework >>> available. I personally feel that we should retain this mission, >>> which is why I left the wording very general. >>> >>> Just my .02, >>> >>> Les >>> >>> On Thu, Aug 5, 2010 at 10:48 AM, Kalle Korhonen >>> <[email protected]> wrote: >>>> Back to the original matter now. I added Craig on the resolution and >>>> didn't make other edits. I think it should be called "Project >>>> Resolution" rather than "Graduation Resolution" but since it'd change >>>> the url and only the content matters I didn't bother. I'm not a huge >>>> fan of the fancy sentences either (I do not believe for a second that >>>> legal language for some reason needs to be complicated) but I don't >>>> think we have a lot of leeway in the matter and even if we did, it's >>>> not worth the effort. While the resolution is not the same as a >>>> mission statement, it includes a mission statement which is the only >>>> part in it that matters to me and which we might want to expand on a >>>> bit. Specifically the resolution says "The Apache Shiro Project be and >>>> hereby is >>>> responsible for the creation and maintenance of a software >>>> project related to application security". Does that cover all and only >>>> what the project and we are set to do? I don't have any exact >>>> suggestions - it's a bit short but could do even as is. We could >>>> though specifically limit our domain to "authentication and >>>> authorization" - security as a whole is more than just those two >>>> aspects. >>>> >>>> Kalle >>>> >>>> >>>> On Wed, Aug 4, 2010 at 12:40 PM, Kalle Korhonen >>>> <[email protected]> wrote: >>>>> Thanks Les, will review. >>>>> >>>>> I don't want to turn this into a voting thread and I don't think we >>>>> need a formal vote on it either, but +1 from me as well for Craig to >>>>> stay on, we couldn't have gotten this far without him! >>>>> >>>>> Kalle >>>>> >>>>> >>>>> On Wed, Aug 4, 2010 at 11:59 AM, Les Hazlewood <[email protected]> >>>>> wrote: >>>>>> A huge +1 from me for Craig joining the PMC. Thanks for offering Craig! >>>>>> >>>>>> Les >>>>>> >>>>>> On Wed, Aug 4, 2010 at 11:40 AM, Craig L Russell >>>>>> <[email protected]> wrote: >>>>>>> >>>>>>> On Aug 4, 2010, at 11:03 AM, Alan D. Cabrera wrote: >>>>>>> >>>>>>>> You are correct. Mentors do not automatically become project members. >>>>>>> >>>>>>> Correct. >>>>>>> >>>>>>> However, it's generally considered a good idea to have at least one >>>>>>> Apache >>>>>>> Foundation Member on each PMC. Often this is the PMC chair. Sometimes >>>>>>> the >>>>>>> mentors volunteer to stay on at least for a while to help the new PMC >>>>>>> get >>>>>>> settled. >>>>>>> >>>>>>> I'd be happy to help out by being on the new PMC if you'll have me. >>>>>>> >>>>>>> Craig >>>>>>>> >>>>>>>> >>>>>>>> Regards, >>>>>>>> Alan >>>>>>>> >>>>>>>> On Aug 4, 2010, at 10:31 AM, Les Hazlewood wrote: >>>>>>>> >>>>>>>>> A quick note: >>>>>>>>> >>>>>>>>> I assume Mentors are not to be automatically listed as project members >>>>>>>>> since their relationship with the project is to help through the >>>>>>>>> incubation process, and (formally) their responsibility with the >>>>>>>>> incubator podling is released upon graduation (per the last paragraph >>>>>>>>> in the Graduation Resolution). >>>>>>>>> >>>>>>>>> This is *not* a reflection of any desire not to have them as project >>>>>>>>> members should they wish to participate - it merely reflects my >>>>>>>>> understanding of the role/scope of an Incubator Mentor. >>>>>>>>> >>>>>>>>> Cheers, >>>>>>>>> >>>>>>>>> Les >>>>>>>>> >>>>>>>>> On Wed, Aug 4, 2010 at 10:23 AM, Les Hazlewood <[email protected]> >>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> I've posted my initial draft of the Apache TLP Graduation Resolution >>>>>>>>>> here: >>>>>>>>>> >>>>>>>>>> https://cwiki.apache.org/confluence/display/SHIRO/Graduation+Resolution >>>>>>>>>> >>>>>>>>>> Please review and comment. >>>>>>>>>> >>>>>>>>>> Thanks! >>>>>>>>>> >>>>>>>>>> Les >>>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> Craig L Russell >>>>>>> Architect, Oracle >>>>>>> http://db.apache.org/jdo >>>>>>> 408 276-5638 mailto:[email protected] >>>>>>> P.S. A good JDO? O, Gasp! >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
