I'm on a roll here - Les, I can start the IPMC recommendation vote shortly unless you specifically want to do that. I think we'll just start the vote right away and rephrase the resolution during the vote if needed (though http://incubator.apache.org/guides/graduation.html#toplevel suggests posting the resolution on IPMC before the vote). Given that we already had a discussion on the resolution and it was linked to community vote, I doubt the wording in the proposed resolution is going to create any controversy.
Kalle On Mon, Aug 9, 2010 at 10:42 AM, Les Hazlewood <[email protected]> wrote: > Yep, that's it - our community vote and then the IPMC recommendation > vote. Looks like we're in the home stretch! > > Les > > On Mon, Aug 9, 2010 at 10:08 AM, Kalle Korhonen > <[email protected]> wrote: >> From http://incubator.apache.org/guides/graduation.html#toplevel - >> with suggested owners and timeline added >> >> Graduation to a top level project requires: >> >> * a charter for your project - done >> * a positive community graduation VOTE - Kalle, this week (starting >> (08/09) >> * a positive IPMC recommendation VOTE - Les, next week (starting >> (08/16 assuming community vote tallied and succeeded) >> * the acceptance of the resolution by the Board (add it to the >> September board meeting agenda as soon as recommendation vote >> succeeds) >> >> The next board meeting is 3rd of September. The proposed timeline >> should give us enough time to put it on the agenda. If no objections, >> I'll send out the community vote email this evening. >> >> Kalle >> >> >> >> On Sun, Aug 8, 2010 at 6:03 PM, Alan D. Cabrera <[email protected]> wrote: >>> So what are the remaining items to kick this thing out of the Incubator? >>> >>> >>> Regards, >>> Alan >>> >>> On Aug 5, 2010, at 12:37 PM, Kalle Korhonen wrote: >>> >>>> Hey at least we got a discussion out of it. I agree, I think we'll >>>> keep it as is unless somebody suggests otherwise. >>>> >>>> Kalle >>>> >>>> >>>> On Thu, Aug 5, 2010 at 12:33 PM, Les Hazlewood <[email protected]> >>>> wrote: >>>>> I gotcha - and I'm glad your brought it up. As you said, that's what >>>>> this email thread is for :) >>>>> >>>>> I think it is probably best that we leave it as the broad/general >>>>> statement that it is - it is conceivable that we might add something >>>>> else to the framework later on and I wouldn't want to be limited >>>>> because our mission statement implies that it might be out of scope. >>>>> I think that kind of stuff is better left to the community to decide. >>>>> Just thinking out loud... >>>>> >>>>> Les >>>>> >>>>> On Thu, Aug 5, 2010 at 12:15 PM, Kalle Korhonen >>>>> <[email protected]> wrote: >>>>>> Security is still bigger than "authentication, authorization, session >>>>>> management and cryptography" combined. Cryptography may be a huge part >>>>>> of the project, but we are mainly users of the cryptographic >>>>>> algorithms rather than providers of them. On session management I >>>>>> agree, and probably should be noted if we wanted to be specific but >>>>>> suppose it can be seen as being included in overall "related to >>>>>> application security" statement. I'm fine leaving the statement broad >>>>>> but that's about the only topic in the resolution we should discuss so >>>>>> I wanted to make sure that we agree with it. >>>>>> >>>>>> Kalle >>>>>> >>>>>> >>>>>> On Thu, Aug 5, 2010 at 11:35 AM, Les Hazlewood <[email protected]> >>>>>> wrote: >>>>>>> Yeah, I just copied Cayenne's resolution and changed only what >>>>>>> absolutely needed to be changed to make it Shiro-specific. I thought >>>>>>> this would be the 'safest' route to quickest approval since the >>>>>>> Incubator graduation criteria page specifically recommended that it be >>>>>>> used as an example from which we could create our own. >>>>>>> >>>>>>> And I'm surprised to hear the potential suggestion to limit our domain >>>>>>> to only authentication and authorization. Session Management and >>>>>>> Cryptography are two huge parts of the overall project! At least >>>>>>> based on our project origins and current mission statement, Shiro is >>>>>>> supposed to be the most comprehensive application security framework >>>>>>> available. I personally feel that we should retain this mission, >>>>>>> which is why I left the wording very general. >>>>>>> >>>>>>> Just my .02, >>>>>>> >>>>>>> Les >>>>>>> >>>>>>> On Thu, Aug 5, 2010 at 10:48 AM, Kalle Korhonen >>>>>>> <[email protected]> wrote: >>>>>>>> Back to the original matter now. I added Craig on the resolution and >>>>>>>> didn't make other edits. I think it should be called "Project >>>>>>>> Resolution" rather than "Graduation Resolution" but since it'd change >>>>>>>> the url and only the content matters I didn't bother. I'm not a huge >>>>>>>> fan of the fancy sentences either (I do not believe for a second that >>>>>>>> legal language for some reason needs to be complicated) but I don't >>>>>>>> think we have a lot of leeway in the matter and even if we did, it's >>>>>>>> not worth the effort. While the resolution is not the same as a >>>>>>>> mission statement, it includes a mission statement which is the only >>>>>>>> part in it that matters to me and which we might want to expand on a >>>>>>>> bit. Specifically the resolution says "The Apache Shiro Project be and >>>>>>>> hereby is >>>>>>>> responsible for the creation and maintenance of a software >>>>>>>> project related to application security". Does that cover all and only >>>>>>>> what the project and we are set to do? I don't have any exact >>>>>>>> suggestions - it's a bit short but could do even as is. We could >>>>>>>> though specifically limit our domain to "authentication and >>>>>>>> authorization" - security as a whole is more than just those two >>>>>>>> aspects. >>>>>>>> >>>>>>>> Kalle >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Aug 4, 2010 at 12:40 PM, Kalle Korhonen >>>>>>>> <[email protected]> wrote: >>>>>>>>> Thanks Les, will review. >>>>>>>>> >>>>>>>>> I don't want to turn this into a voting thread and I don't think we >>>>>>>>> need a formal vote on it either, but +1 from me as well for Craig to >>>>>>>>> stay on, we couldn't have gotten this far without him! >>>>>>>>> >>>>>>>>> Kalle >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wed, Aug 4, 2010 at 11:59 AM, Les Hazlewood >>>>>>>>> <[email protected]> wrote: >>>>>>>>>> A huge +1 from me for Craig joining the PMC. Thanks for offering >>>>>>>>>> Craig! >>>>>>>>>> >>>>>>>>>> Les >>>>>>>>>> >>>>>>>>>> On Wed, Aug 4, 2010 at 11:40 AM, Craig L Russell >>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>> On Aug 4, 2010, at 11:03 AM, Alan D. Cabrera wrote: >>>>>>>>>>> >>>>>>>>>>>> You are correct. Mentors do not automatically become project >>>>>>>>>>>> members. >>>>>>>>>>> >>>>>>>>>>> Correct. >>>>>>>>>>> >>>>>>>>>>> However, it's generally considered a good idea to have at least one >>>>>>>>>>> Apache >>>>>>>>>>> Foundation Member on each PMC. Often this is the PMC chair. >>>>>>>>>>> Sometimes the >>>>>>>>>>> mentors volunteer to stay on at least for a while to help the new >>>>>>>>>>> PMC get >>>>>>>>>>> settled. >>>>>>>>>>> >>>>>>>>>>> I'd be happy to help out by being on the new PMC if you'll have me. >>>>>>>>>>> >>>>>>>>>>> Craig >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Regards, >>>>>>>>>>>> Alan >>>>>>>>>>>> >>>>>>>>>>>> On Aug 4, 2010, at 10:31 AM, Les Hazlewood wrote: >>>>>>>>>>>> >>>>>>>>>>>>> A quick note: >>>>>>>>>>>>> >>>>>>>>>>>>> I assume Mentors are not to be automatically listed as project >>>>>>>>>>>>> members >>>>>>>>>>>>> since their relationship with the project is to help through the >>>>>>>>>>>>> incubation process, and (formally) their responsibility with the >>>>>>>>>>>>> incubator podling is released upon graduation (per the last >>>>>>>>>>>>> paragraph >>>>>>>>>>>>> in the Graduation Resolution). >>>>>>>>>>>>> >>>>>>>>>>>>> This is *not* a reflection of any desire not to have them as >>>>>>>>>>>>> project >>>>>>>>>>>>> members should they wish to participate - it merely reflects my >>>>>>>>>>>>> understanding of the role/scope of an Incubator Mentor. >>>>>>>>>>>>> >>>>>>>>>>>>> Cheers, >>>>>>>>>>>>> >>>>>>>>>>>>> Les >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, Aug 4, 2010 at 10:23 AM, Les Hazlewood >>>>>>>>>>>>> <[email protected]> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> I've posted my initial draft of the Apache TLP Graduation >>>>>>>>>>>>>> Resolution >>>>>>>>>>>>>> here: >>>>>>>>>>>>>> >>>>>>>>>>>>>> https://cwiki.apache.org/confluence/display/SHIRO/Graduation+Resolution >>>>>>>>>>>>>> >>>>>>>>>>>>>> Please review and comment. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks! >>>>>>>>>>>>>> >>>>>>>>>>>>>> Les >>>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Craig L Russell >>>>>>>>>>> Architect, Oracle >>>>>>>>>>> http://db.apache.org/jdo >>>>>>>>>>> 408 276-5638 mailto:[email protected] >>>>>>>>>>> P.S. A good JDO? O, Gasp! >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>> >>> >> >
