This was extracted (@ 2025-02-19 22:10) from a list of minutes
which have been approved by the Board.
Please Note
The Board typically approves the minutes of the previous meeting at the
beginning of every Board meeting; therefore, the list below does not
normally contain details from the minutes of the most recent Board meeting.
WARNING: these pages may omit some original contents of the minutes.
Meeting times vary, the exact schedule is available to ASF Members and Officers, search for "calendar" in the Foundation's private index page (svn:foundation/private-index.html).
Report was filed, but display is awaiting the approval of the Board minutes.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Project Status: Current project status: ongoing, moderate activity Issues for the board: none ## Membership Data: Apache HTTP Server was founded 1995-02-27 (30 years ago) There are currently 127 committers and 54 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - No new committers. Last addition was Emmanuel Dreyfus on 2022-11-05. ## Project Activity: Project activity has been relatively quiet since the three releases in July covered in my previous report. Committers have been working through bug reports, addressing a few remaining issues in the security fixes. The experimental mod_tls - based on the Rust TLS stack - was removed from both 2.4.x and trunk due to instability in the Rust library API it depends on, but lives on as an independent Github project. ## Community Health: The development mailing list was also relatively quiet along with general activity, although there was a significant uptick in the users list, with questions coming in about the security fixes and how to adjust some mod_rewrite rules to workaround new behaviour in 2.4.62. We continue to get steady use of pull requests in GitHub from both existing committers and new contributors alike.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Project Status: Current project status: ongoing, moderate activity Issues for the board: none ## Membership Data: Apache HTTP Server was founded 1995-02-27 (30 years ago) There are currently 127 committers and 54 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - No new committers. Last addition was Emmanuel Dreyfus on 2022-11-05. ## Project Activity: Since my last report to the Board, the project pushed three more releases from the 2.4.x stable branch in quick succession during July. The first of these (2.4.60) addressed outstanding eight security vulnerabilities from the backlog of which the bulk were rated with Important severity, with many specific to behavioural problems when httpd acts as a reverse proxy or application gateway. It is notable how few modern vulnerabilities in httpd are attributable to C language memory safety issues, which feels like a contrast to the issues commonly being resolved a decade or more ago. At the same time, the complexity of the fixes is increasing, and some of the fixes shipped in 2.4.60 turned out to be incomplete, requiring two further patch releases to address regressions. I'd like to give thanks in particular to Eric Covener, who went the extra mile - and then several more - to triage a particularly complex vulnerability report into a set of digestable issues, handled CVE assignment and also took on Release Manager duties for all three releases, amongst other mammoth tasks. Most community activity was concentrated on the 2.4.x releases, backporting various minor features and fixes from trunk as well as the fixes for the security issues. Discussion of switching to a read/write GitHub repository from Subversion was also revived after the successful vote on this last year. ## Community Health: As usual, the volume of community activity on the mailing lists was high with releases being prepared, with dev@ traffic and bug reports significantly up on the previous quarter. GitHub Pull Requests continue to be popular for new and existing contributors.
No report was submitted.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Project Status: Current project status: Ongoing, moderate activity Issues for the board: none ## Membership Data: Apache HTTP Server was founded 1995-02-27 (29 years ago) There are currently 127 committers and 54 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - No new committers. Last addition was Emmanuel Dreyfus on 2022-11-05. - Joe Schafer was removed from committers and PMC membership on 2024-02-24. ## Project Activity: The project released 2.4.59 at the start of April, fixing three security issues and adding various enhancements and bug fixes. As usual, this is another release from the stable branch maintaining backward compatibility with previous 2.4.x releases, composed of selected patches backported from the trunk. This is the first release since October 2023. The release has been generally well received, though one minor regression in some mod_ssl configurations has been reported (and fixed). The fix for an HTTP response splitting security issue (CVE-2024-24795) has caused compatibility issues for some users (and a few bug reports); it's unclear at time of writing what, if any, follow-ups will be required. Since it's now been over a year since we migrated the CI from Travis to GitHub Actions, it's worth noting that this is (in my view) proving to be an upgrade. We are seeing better stability and the community has had to spend less time diagnosing unpredictable failures. ## Community Health: Due to repeated use of unacceptable language and code of conduct violations on our dev@ list, Joe Schaefer was removed both as a committer and from the PMC after a PMC vote, as well as being banned from posting to dev@. Thanks to the Board for quickly passing the resolution. Otherwise than that unfortunate episode, community activity has moved in a positive direction - dev@, bug traffic and PRs are all up, although the commit count is down slightly on the previous quarter.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Project Status: Current project status: Ongoing, moderate activity Issues for the board: none ## Membership Data: Apache HTTP Server was founded 1995-02-27 (29 years ago) There are currently 128 committers and 55 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - No new committers. Last addition was Emmanuel Dreyfus on 2022-11-05. ## Project Activity: The release of 2.4.58 in October last year appears to have been successful with no regressions reported. There have been no releases since that time and project activity has been relatively quiet over the new year. Focus continues to be on trunk development with selected backports merged to the 2.4.x branch as required. There are a number of changes already merged to for a future 2.4 release, mainly bug fixes with some feature work. ## Community Health: Mailing list activity and the volume of commits were both down compared to the previous quarter but still ticking over at a reasonable rate. GitHub PRs continue to be actively used by committers and by non-committers submitting patches. It is encouraging to see patches arrive in GitHub from new developers which might previously have been submitted in Bugzilla at best, and quiet possibly lost in the noise there.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Project Status: Current project status: Ongoing, moderate activity Issues for the board: none ## Membership Data: Apache HTTP Server was founded 1995-02-27 (29 years ago) There are currently 128 committers and 55 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - No new committers. Last addition was Emmanuel Dreyfus on 2022-11-05. ## Project Activity: The project released 2.4.58 in October, the fourth release this year from the 2.4.x stable branch, and with six months since the previous 2.4 release. This release addressed three outstanding security issues, two rated Low and one Moderate severity, as well as various bug fixes and minor enhancements. One of the security issues addressed was found during testing of the HTTP/2 "Rapid Reset" vulnerability which received widespread publicity. Mod_http2 author (and release manager for 2.4.58) Stefan Eissing wrote up a blog post explaining the background and impact of "Rapid Reset": https://github.com/icing/blog/blob/main/h2-rapid-reset.md ## Community Health: Community discussion was quiet outside of the release activity in the two months since my last report. We see growth in code submissions via GitHub Pull Requests at a pace slightly ahead of the rate they are being closed, leading to a slow-growing backlog of PRs.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Project Status: Current project status: Ongoing, moderate activity Issues for the board: none ## Membership Data: Apache HTTP Server was founded 1995-02-27 (29 years ago) There are currently 128 committers and 55 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - No new committers. Last addition was Emmanuel Dreyfus on 2022-11-05. ## Project Activity: There have been no new releases since 2.4.57 shipped in April this year as covered in the last quarterly report. A recent mailing list discussion showed some interest from committers in rolling and testing a new 2.4.x release. As mentioned in my previous report a formal vote was held in May on moving the read/write repository from Subversion to git. This was carried with a strong consensus in favour of the move, but is yet to be put into action. The project continues to see moderately active development, with a faster pace and volume of change in some areas (HTTP/2 support in particular), and smaller feature work and bug fixing across the rest of the code base. Most work is being actively backported to the 2.4.x branch after review. ## Community Health: Community activity was relatively quiet compared to previous quarter, likely since we did not see the usual uptick of commits and discussion around a release cycle. The number of GitHub PRs being used continues to increase, again with a significant number of PRs being submitted by non-committers.
No report was submitted.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (28 years ago) There are currently 128 committers and 55 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - No new committers. Last addition was Emmanuel Dreyfus on 2022-11-05. ## Project Activity: This was a busy quarter for the project with two new releases (2.4.56 and 2.4.57) continuing maintenance work on the 2.4 branch, addressing outstanding security vulnerabilities and bugs as well as adding new features. A complex issue with rewrite rules and reverse proxy configurations (CVE-2023-25690) required significant effort to fix properly - a regression in the initial (2.4.56) iteration was addressed in 2.4.57. Most of the project activity centred around the releases. We also completed the migration from Travis CI to GitHub Actions as covered in my previous reports. At time of writing we have an open vote on moving the development repository away from the Subversion repository to Git (either via gitbox or GitHub). If the vote passes (which appears likely), this would be arguably the biggest change to our development workflow since we moved from CVS to SVN back in 2004. Moving would allow us to fully enable GitHub features, making it easier to accept outside contributions, but it would likely also alienate some existing committers. ## Community Health: As usual there was a large amount of mailing list discussion and commit activity around the releases and the fixes required. We continue to see a significant number of GitHub PRs filed from non-committers, as well as the ongoing use by committers to get CI results before merging code changes.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (28 years ago) There are currently 128 committers and 55 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - No new committers. Last addition was Emmanuel Dreyfus on 2022-11-05. ## Project Activity: The project shipped a new release from the 2.4 branch in January (version 2.4.55), with a seventh month gap since the previous release. My thanks go to release manager Eric Covener for taking on this release, and to Stefan Eissing who automated much of the process as well as handling RM duties for previous releases. As usual the new release addresses outstanding security vulnerabilities and adds features and bug fixes backported from the trunk. In a rather unusual occurrence one of the vulnerabilities has a disclosure date in 2006, having been published in a security research book at that time but never reported to the ASF until 2022. No major problems have been reported with the new release. Development on the trunk continues at a steady pace otherwise. Work is ongoing to replace Travis CI with GitHub Actions ahead of the February deadline to drop Travis support across the ASF. A new module "mod_wasm" adding WebAssembly integration was offered as a contribution to the project, although it remains to be seen if any project members want to commit to maintaining this in-tree or if it will remain maintained as a third-party module. ## Community Health: As expected discussion and commits spiked around the release activity. We still see a steady flow of both small and large contributions via GitHub PRs, likely more new contributors here than are seen on the dev@ list. These are coming in at a faster rate than they are getting reviewed and merged.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (28 years ago) There are currently 128 committers and 55 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - Emmanuel Dreyfus was added as committer on 2022-11-05 ## Project Activity: There has been no new release since the httpd 2.4.54 release in June this year, covered in the previous report. Work continues on the trunk with selected features and bug fixes being backported to the 2.4.x. As rumoured earlier in the year, we've now been notified by Infra that Travis CI support will go away by the start of the 2023. No work has started yet on migrating to Github Actions but hopefully this can be completed before the deadline. ## Community Health: It was another quiet period for both dev@ list discussion and commits, both down by roughly half on the previous quarter; possibly since there was no release activity to inspire work. Emmanuel Dreyfus was invited and accepted as a committer.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (28 years ago) There are currently 127 committers and 55 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - No new committers. ## Project Activity: The project has produced two releases in the four months since my last report. httpd 2.4.54 was released on June 8th after the third release candidate tarball passed a PMC vote. This release included bug fixes, some features, and addressed eight security vulnerabilities. All of the vulnerabilities involved were given "Low" or "Moderate" impact ratings. A new release of the "libapreq2" support library was also made on 25th August, which addressed a single long-outstanding security issue (rated "Important"). ## Community Health: It was a particularly quiet quarter for both commit volumes and mailing list traffic, possibly reflecting summer vacation time.
No report was submitted.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (27 years ago) There are currently 127 committers and 55 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. ## Project Activity: As in the previous report, this quarter appears to be "business as usual". The project made a single new release in the quarter, version 2.4.53 being announced in March from the 2.4 branch. This release again addresses a number of pending security issues, plus bug fixes and some enhancements backported from the trunk branch. A mailing list discussion around moving httpd development to GitHub (with a PR-based workflow) from Subversion appeared to gain rough consensus but has not been taken forward (yet). ## Community Health: Both commit volumes and mailing list were down a little this quarter. The dev@ activity was made up mainly of a technical discussions between committers around changes landing in trunk, plus the usual debate around the release candidate tarballs. There was significantly higher activity in Github PRs than in the previous quarter.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (27 years ago) There are currently 127 committers and 55 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - No new committers. ## Project Activity: After the frenetic release activity reported last time, this quarter was quieter. Development and maintenance of the 2.4.x branch continues in parallel with trunk. One release (2.4.52) was shipped in December rolling up bug and security fixes, plus a number of enhancements back-ported from trunk. Committers had just opened discussion of another 2.4.x release at time of writing this report. Of the major changes happening in trunk, "mod_tls" was committed, an alternative implementation of TLS/SSL support based on the Rustls TLS library (written in Rust). Some improvements to the event MPM are also in progress, with some changes moved temporarily to a Github PR after they tripped some failures in Travis. Last, but not least, is an overhaul of the integration of version 2 of the PCRE regex library and discussion around how to bring this to 2.4 (since version 1 is declared end-of-life upstream). ## Community Health: The level of dev@ mailing list activity remained healthy with most discussion this quarter around the release and trunk development activity covered above. The community continues to make good use of Github PRs, partly as a convenient way to trigger CI for work under development, but also for aggregating more complex backports from trunk to 2.4 for review.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (27 years ago) There are currently 127 committers and 55 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - No new committers. ## Project Activity: Having struggled to get a release out in the previous quarter, this quarter saw three releases in fast succession. The 2.4.49 release was announced on September 15th, rolling up four months of bug fixes and enhancements since 2.4.48 was tagged in May, and addressing five Low- and Moderate-rated security vulnerabilities which had been in the backlog. At the end of September one of the new features added in .49 was discovered to have introduced a path traversal/file disclosure vulnerability, initially rated Important severity and later upgraded to Critical. Thanks to the release workflow improvements made this year, committers were able to tag, vote for, and announce a security update (2.4.50) intended to fix this just four working days after the report came in. Unfortunately the story doesn't end there, as the patch used in 2.4.50 was quickly discovered to be incomplete. Hence the final of the three releases this quarter came in 2.4.51 - only three working days later - on October 7th to properly address the vulnerability. It would be easy to dwell on the negatives here (and the vulnerabilities did attract some media attention) but from a quick trawl through history I cannot find three releases in as many weeks since early 2.0.x development in 2001, which is worth celebrating. The intrepid Release Manager who took us through all three releases, Stefan Eissing, has a more detailed write-up for anybody interested. https://github.com/icing/blog/blob/main/httpd-2.4.50.md ## Community Health: Community mailing list discussion was significantly more active this quarter, mostly centred around the release activity but also ongoing efforts to improve and stabilise the Travis CI configuration. Notably, HTTP/2 testing is now automated and integrated into the CI. The commit statistics show a significant increase in commits quarter-on-quarter (almost doubling). New activity on GitHub was slower this quarter.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention ## Membership Data: Apache HTTP Server was founded 1995-02-27 (26 years ago) There are currently 127 committers and 55 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - Giovanni Bechis was added to the PMC on 2021-06-11 - No new committers. ## Project Activity: Following on from the abandoned 2.4.47 release reported last quarter, the httpd 2.4.48 release passed a PMC vote in May and was announced on June 1st. This release represents the accumulated work on the stable 2.4 branch for the last 8 months, with many new features and bug fixes. 2.4.48 addresses 8 outstanding vulnerabilities from the backlog of security issues - one rated with "Important" severity, the rest all Low and Moderate. Given the significant time elapsed since many of these issues were reported, and the fact that another (now already public) issue was in the backlog at the time of the release, it's clear the project is facing challenges in get security updates delivered in a timely fashion. Many community members contributed to the migration of the httpd project website to Pelican, triggered by the pending decommissioning of the Apache CMS system. Some updates to the release process and documentation remain after this migration. With the help of several committers, httpd has been configured in "OSS-Fuzz", a Continuous Fuzzing Project; reports of bugs triggered from fuzzing are now being investigated and fixed. On the modernisation of the development workflow front: 1. Work continues to diagnose and eradicate the remaining intermittent failures in Travis CI runs, and 2. Scripts have been developed to simplify the integration of Github Pull Requests into the Subversion workflow. ## Community Health: There was a large spike in mailing list traffic compared to the previous quarter, with a lot of discussion around the 2.4.48 release and website migration as covered above. A complex issue with graceful stop/start also generated a long development list thread - and a fix pushed to trunk. Use of Github PRs continues to broadly trend upward and there was a significant increase in the number of active committers.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (26 years ago) There are currently 127 committers and 54 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Mario Brandt on 2020-04-27. - Ivan Zhakov was added as committer on 2021-04-12 ## Project Activity: Apache httpd 2.4.46 was released on 2020-08-05, which is our latest release. The project came close to a new release (2.4.47) in the last month, but failed at the last hurdle as a regression was discovered just hours before the release announcement. Having determined how to address the new issue, the Release Manager has proposed to tag and roll a new release in the coming weekend (May 16th). Huge thanks should go to to first-time release manager Christophe Jaillet for taking on the duties and mastering the process. Other than discussion around the releases, mailing list activity was relatively quiet in this quarter, primarily covering reviews of proposed backports from trunk to the 2.4.x branch. ## Community Health: Mailing list activity was up slightly this quarter on the previous quarter. GitHub activity continues to be a source of new contributions to the project as well as a testbed for backports and exercising the CI by committers; activity here was at a lower level than in the previous quarter (16% fewer PRs opened). Similarly, direct commit activity was down on the previous quarter. ASF member Ivan Zhakov accepted an invitation to become an HTTP Project committer, and was added to the committer list in April.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (26 years ago) There are currently 125 committers and 54 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Mario Brandt on 2020-04-27. - No new committers. Last addition was Mario Brandt on 2020-04-27. ## Project Activity: Apache httpd 2.4.46 was released on 2020-08-05, which is our latest release. The HTTP Server project has been more active this quarter; in terms of releases, the focus remains on improving the 2.4.x branch, with both large and small changes backported from the trunk in recent months. A batch of quite significant enhancements to the proxy modules have been merged to 2.4, as well as a variety of bug fixes, cleanups, and new configuration options. A new release (v2.15) of the "libapreq" subproject passed a PMC vote. This release addresses a security issue for the libapreq library which has been outstanding for some time. There has been no other development for the various subprojects under the HTTP Server umbrella. We continue to improve our use of CI, with automated testing using AddressSanitizer [1] enabled this quarter. Like other ASF projects, our Travis CI configuration has been throwing intermittent failures when pulling third-party images from Docker Hub, due to rate-limiting [2]. We plan to migrate to other container registries to mitigate this. [1] https://github.com/google/sanitizers/wiki/AddressSanitizer [2] https://issues.apache.org/jira/browse/INFRA-21197 ## Community Health: Mailing list (dev@httpd.a.o) activity was fairly stable on this quarter, with commit reviews dominating the discussion. Commit activity is up significantly (75% more on last quarter), with 2.4 backports contributing here as discussed above. Use of GitHub Pull Requests continues to increase (20 new PRs filed, up from 13 in the previous quarter), with these being filed both by new contributors and existing committers. The ability to get quick and thorough CI results for both these cases is proving useful. It was announced this month [3] that the Internet Security Research Group has contracted (httpd committer) Stefan Eissing to produce a Rust-based TLS module as an alternative to mod_ssl. It's exciting to see this kind of work getting funded, and the announcement gathered some media coverage [4]. [3] https://www.abetterinternet.org/post/memory-safe-tls-apache/ [4] https://www.theregister.com/2021/02/02/patching_apache_rust/
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention at this time ## Membership Data: Apache HTTP Server was founded 1995-02-27 (26 years ago) There are currently 125 committers and 54 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Mario Brandt on 2020-04-27. - No new committers. Last addition was Mario Brandt on 2020-04-27. ## Project Activity: To begin with a personal note in my first Board report, I'd like to sincerely thank outgoing PMC Chair Daniel Gruno for his effort and dedication over the three years holding this role. Thanks, Daniel! The 2.4.46 release in August (discussed in the project's previous quarterly report) appears to have been successful. The release resolved a number of outstanding security issues, and no regressions have been identified by the user community. After the burst of activity leading up to that release, this was a relatively quiet quarter for the community, with no new releases for httpd. Commit activity concentrated mainly around documentation updates, code cleanups and minor bug fixes. Contributors continue to enhance and adjust the Travis CI configuration, trying to find the best balance of increasing test coverage against minimisation of false negatives. ## Community Health: Traffic on the development mailing list, the number of active committers and commit activity are all down significantly on the previous quarter, reflecting the lull after the release activity discussed above. We continue to see an uptick in activity around GitHub, with an increasing number of contributions coming in as new GitHub Pull Requests (up from 5 to 13 this quarter), which is encouraging. There are 1253 open bugs for the Apache httpd-2 project in Bugzilla at time of writing.
WHEREAS, the Board of Directors heretofore appointed Daniel Gruno (humbedooh) to the office of Vice President, Apache HTTP Server, and WHEREAS, the Board of Directors is in receipt of the resignation of Daniel Gruno from the office of Vice President, Apache HTTP Server, and WHEREAS, the Project Management Committee of the Apache HTTP Server project has chosen by vote to recommend Joe Orton (jorton) as the successor to the post; NOW, THEREFORE, BE IT RESOLVED, that Daniel Gruno is relieved and discharged from the duties and responsibilities of the office of Vice President, Apache HTTP Server, and BE IT FURTHER RESOLVED, that Joe Orton be and hereby is appointed to the office of Vice President, Apache HTTP Server, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Special Order 7B, Change the Apache HTTP Server Project Chair, was approved by Unanimous Vote of the directors present.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (25 years ago) There are currently 125 committers and 54 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Mario Brandt on 2020-04-27. - No new committers. Last addition was Mario Brandt on 2020-04-27. ## Project Activity: The Apache HTTP Server 2.4.46 was released on Friday 2020-08-07 after a couple of attempts at 2.2.44 and 2.4.45 hit some minor snags with back-ports. I wish to personally thank our Release Manager, Daniel Ruggeri, for steering the ship through these waters that is preparing and managing a httpd release. 2.4.46 brings further improvements and stability to our http/2 features, as well as improvements in our mod_ssl core module. The 2.4.46 release also addresses 4 CVEs, three of which are new, and finally one which was previously fixed, but was later deemed worthy of a CVE notification. Additional improvements are currently being made and tested for mod_lua[1] with upcoming support for Lua 5.4, and mod_ssl with OpenSSL 3.0.0[2]. Works is also underway to overhaul our documentation[3], primarily fixing encoding issues with later versions of Java (used by our XSLT tool to build our documentation) Furthermore, we are making good headway with fixing compiler warnings for Windows platforms. Lastly, our new CI builds have proven very useful in catching issues early on[4], primarily linked to compiling httpd or with/within our existing test framework. [1] https://s.apache.org/pfxw9 [2] https://s.apache.org/lo8al [3] https://s.apache.org/z6xgj [4] https://s.apache.org/mzqfw + https://s.apache.org/663xr etc. ## Community Health: The overall community is considered very healthy. We had a great influx of questions on our users mailing list with more than 100 people discussing httpd usage, causing a 35% spike in traffic compared to last quarter. Our development list had roughly the same activity level as last quarter, with a late uptick as the 2.4.46 release was heading out the door and generally more distinct topics than usual. Code activity was also on the usual busy level (more than 350 commits this quarter), and the number of code/docs contributors rose from 18 to 19. On the "lines of code" side of things, we have seen a very large increase, primarily attributed to two factors mentioned in the activity section; documentation encoding fixes and getting ready for the new release. Our new GitHub notifications list (notifications@httpd.a.o) is starting to gain some traction, with 48 emails this quarter compared to just 2 in the previous. This means people are starting to discuss issues on GitHub and the development community is receiving and interacting with the feedback.
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues for the board at present. ## Membership Data: Apache HTTP Server was founded 1995-02-26 (25 years ago) There are currently 125 committers and 54 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - Dennis Clarke was added as committer on 2020-02-07 - Giovanni Bechis was added as committer on 2020-02-16 - Mario Brandt was added to the PMC on 2020-04-27 ## Project Activity: The Apache HTTP Server 2.4.43 was released on April 1st 2020, with new features and improvements around, among other things: - mod_md (our ACME TLS certificate module for services like LetsEncrypt) - mod_http2, our HTTP/2 module - mod_ssl (primarily improvements for OpenSSL 1.1.x) - Two medium severity CVEs addressed (CVE-2020-1927 and CVE-2020-1934) 2.4.42 was cut but not released due to regressions in our APXS tool-chain. There was a lot of good activity around this release, both before and after, with many solid discussions surrounding the changes, various regressions and fixes. Our work with automated testing via CI is proving useful and is considered to be in a stable condition now, after various tweaks were made and some testing was skipped or minimized to reduce false positives from the CI platform. There are still some issues surrounding false positives and the CI kicking off when there is no need, but a large part of this is simply a learning curve for us with regards to developing smarter and better memorized practices with regards to committing code and documentation. We have set up a dedicated mailing list for new types of notifications, for now primarily GitHub PRs, with the aim of furthering our presence on this platform and get cracking at outstanding and new PRs. We have not come to a conclusion on whether switching to git for our development is the road forward, but are also confident we can work with whatever the community decides on. We are able to address PRs using subversion as well (thanks to the git mirror), and thus do not rely on a specific version control system in order to have a presence and work with communities on GitHub and the likes. ## Community Health: Overall we are seeing a healthy influx of messages on our lists, as well as a substantial increase in commits to our repository. Our dev@ list traffic was up more than 140%, largely due to the 2.4.42+2.4.43 release discussions. Likewise, it is common for our commits to pick up around a release, as things are back-ported and bugs are found and addressed. We have also seen a steady increase in the number of people actively participating in providing code changes, now at 18 people this past quarter as opposed to 15 in the previous quarter. As with our developers list, we also saw a substantial increase in traffic on our users list, primarily surrounding the release of and changes in 2.4.43. PMC oversight remains very healthy, with more than 15 PMC members actively participating in governance, Q&As and development this quarter. Looking at the overall development group robustness (aka pony factor[1]), we have also seen an increase in the number of people making up the bulk of code contributions over this past quarter, compared to the previous quarter, which in itself is a good sign that the project maintains a large group of maintainers and is geared for unforeseen eventualities. [1] https://ke4qqq.wordpress.com/2015/02/08/pony-factor-math/
## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd). The project is celebrating its 25th anniversary this month. ## Issues: There are no issues requiring board attention at present. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (25 years ago) There are currently 124 committers and 53 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Stefan Sperling on 2019-01-24. - Dennis Clarke was welcomed as a new committer on 2020-02-07. - Giovanni Bechis was welcomed as a new committer on 2020-02-16. ## Project Activity: - There were no new releases this quarter, which isn't surprising. We are on version 41 of the 2.4.x release branch, and with our habit of burning version numbers for botched release processes, we have had around 27 actual releases over the past 8 years, or roughly one every 4 months. The last release was 2.4.41 in August 2019, and we are slowly looking at whether a new release makes sense[1]. As with many projects, we are not dictated by a release schedule, but rather work with the mantra "does rolling a new release at present add more value than it costs releasing?". - We are having better luck with our CI testing this quarter, though there are still some issues with the more esoteric platforms that we need to iron out[2]. It is our hope that the new CI efforts can not only help us find bugs in patches quicker, but also have us work towards more reliable testing of specifications by utilizing a standardized framework of systems. - Work is ongoing for better support for systemd on the various Linux variants that make use of this, with a mod_systemd making it to the 2.4.x branch of our software, and future features like systemd socket activation and journald support sitting in the pipeline. - Our documentation build tool-chain may need an upgrade or automation, to remove issues when building with different java versions (as I understand it, we have - among other issues - problems with line endings and Unicode). Perhaps we can utilize the new ASF BuildBot 2.x service for this in the near future. [1] https://s.apache.org/y31qm [2] https://s.apache.org/1aa19 ## Community Health: The project experienced a very standard Christmas season, with commits and email traffic being down for the usual three weeks around Christmas, leading to an overall slower quarter (roughly 40% less activity as opposed to the previous busier quarter). Activity on our GitHub mirror picked up a bit, which may again nudge the question of moving to git. A simple tally of the PMC activity this past quarter shows excellent oversight in the project, and we have no concerns about community health. Likewise, the number of active contributors to our code-base has remained steady at 16 people this quarter (same as last quarter). Furthermore, we welcomed two new committers this quarter, and I would like to heartily welcome them to the httpd family.
## Description:
The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for modern operating systems including UNIX and
Windows. The goal of this project is to provide a secure, efficient and
extensible server that provides HTTP services in sync with the current HTTP
standards.
The Apache HTTP Server ("httpd") was launched in 1995 and it has been the most
popular web server on the Internet since April 1996. It is celebrating its
25th birthday as a project in February 2020.
## Issues:
There are currently no issues for the board.
## Membership Data:
Apache HTTP Server was founded 1995-02-27 (25 years ago) There are currently
122 committers and 53 PMC members in this project. The Committer-to-PMC ratio
is roughly 2:1.
Community changes, past quarter:
- No new PMC members. Last addition was Stefan Sperling on 2019-01-24.
- No new committers. Last addition was Sebb on 2018-07-14.
## Project Activity:
- There were no new releases since the last report. Last release was 2.4.41 on
2019-08-14.
- Discussions have kicked off about the next httpd (2.6 or 3.0)[1], and while
still not at the end of the discussion (which is of course going to take
time), there is traction towards getting this done, with most of the current
discussions hovering around the more technical aspects of how to create the
split/fork from trunk.
- Another hot topic is integration testing on docker and/or travis[2], with
Luca Toscano and Joe Orton generally being on point for this and handling it
well, with the usual hiccups that happen when you try new approaches. A
proof-of-concept build is already working[0], and I am confident we'll get
this further set up and running smoothly within the month.
- The discussion surrounding migrating from subversion to git seems to have
stalled a bit[3]. That is not in itself a bad thing, rather I see it as
indicative that the inherent benefits are not viewed by the larger populace
of the PMC as a must, but rather something that comes second to the larger
discussion about the next version of httpd. Priorities :)
- A sizeable httpd crowd was present at both ApacheCon North America and
ApacheCon Europe, giving presentations and participating in press events.
- Other topics of heavy interest this quarter were, among others: SSL/TLS
protocol inheritance and defaults[4] (based on users@ inquiries[5]), HTTP/3
specs and adoption thoughts[6], as well as subjects on race conditions in
cleanups and maintainer mode builds.
(with httpd chiefly written in C, I thought I'd start the footnotes at index 0)
[0] https://travis-ci.org/apache/httpd
[1] https://s.apache.org/hyn24 : Time for httpd 2.6.x?
[2] https://s.apache.org/jinvq : Integration tests on docker
[3] https://s.apache.org/vivhy : Migrate to git?
[4] https://s.apache.org/gykrv : Opt in(/out?) for TLS protocol per vhost
[5] https://s.apache.org/bpioq : [..]possible to have in Apache 2.4[..]
[6] https://s.apache.org/jdgt3 : [..]Google Chrome, and Firefox Add HTTP/3[..]
## Community Health:
While the commit rate has dropped slightly this quarter, owing to a very busy
end of the previous quarter, the development process has actually picked up
steam, with a significant (+120%) increase in traffic to the dev list. As laid
out in the above paragraph, much of the discussion and work has been done
around improving continuous integration and unit testing, as well as the
2.6/3.0 discussions and standards and defaults going forward.
Our users list has also seen a significant (+30%) increase in traffic, which
is a nice thing to see. Questions and suggestions from our user-base are
actively being turned into improvements in our software.
There is ample oversight on the PMC (I counted at least 12 PMC members
actively participating in discussions this past quarter) and a good, diverse
distribution of active developers in both the code and documentation
department (in fact, a lot of documentation work has been done in the past
quarter, rocketing docs commits up by 420%). We saw a slightly increase (+2)
in the diversity of committers actively pushing code/docs this quarter.
## Description: The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. ## Issues: There are no issues for the board at present. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (24 years ago) There are currently 122 committers and 53 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Stefan Sperling on 2019-01-24. - No new committers. Last addition was Sebastian Bazley on 2018-07-14. ## Project Activity: - 2.4.41 was released on 2019-08-12 (2.4.40 tag was burned). This release contained fixes for four moderate and two low level CVEs. I personally want to thank the developers and the security team for their work on these tasks. As evident in the community health section, a lot of work was put into making this release a reality. - 2.4.39 was released on 2019-03-31. - 2.4.38 was released on 2019-01-21. - At ApacheCon North America in September, we have five httpd talks lined up. - At ApacheCon Europe in October, we have two httpd-related talks (that I could find...the schedule page doesn't allow for searching) ## Community Health: I will keep things a tad shorter this quarter, and attempt to incorporate some of the helpful hints from the new reporting tool (eating my own dog-food): There is more than sufficient oversight on the PMC, with more than a dozen PMC members active on a monthly basis. Commit activity has held pretty steady over the summer, with a moderate (30%) increase - somewhat impressive for a summer quarter! Contributor count has likewise held up, with 16 active contributors during this quarter. Pony Factor[1], a measurement of the diversity and size of the 'core' developers, is holding steady at 5, which is a relatively good number[2] for a project of this age. The development mailing list saw a sizeable increase (>80%) in traffic, where some gritty technical issues and general business logic was heavily discussed - some of it point towards a needed documentation fix (aka "what does this thing actually do?"). On the user mailing list side, things are business as usual, with no notable change. [1] https://s.apache.org/vpzhm for an intro to PF. [2] https://s.apache.org/21vui for original excerpts from the paper on PF.
## Description:
The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for modern operating systems including UNIX
and Windows. The goal of this project is to provide a secure,
efficient and extensible server that provides HTTP services in sync
with the current HTTP standards.
## Issues:
There are no issues requiring board attention at this time
## Activity:
- The Apache HTTP Server 2.4.39 was released in March, including four
important and three low severity CVEs. I would like to thank the
security team for handling this in a diligent manner. A lot of work
has also been done on various sub-modules of the project, including
but not limited to; http2, ssl and proxying.
- A thorough discussion on keep-alives in 304 responses was also
started, and is still ongoing[1].
- Members of the project have expressed an interest in revisiting the
older parts of our BugZilla backlog for the purpose of cleaning up
issues that are either stale or have been fixed/mitigated, as well
as improving the overall state of tickets, so as to attract new
people and ideas.
[1] https://s.apache.org/2uyB
## Health report:
This quarter saw activity from 23 different committers, a very good
number, 43% higher than last quarter, as well as a substantial
increase in commits (258, up 45%) and changes. While no-one was elected
in as new committers in this quarter, it is safe to say that we have
a healthy and diverse community that produces changes, fixes and
enhancements on a very stable basis. Retention-wise, we have had
seven people (re)join the project this past quarter, which is a very
good number - we need to go back to 2014 to see a higher quarterly
uptick on that front. That no-one new joined the committer base
obviously means these people were previously engaged in httpd, which
is just as much a delight. We welcome them back with open arms.
Bus/Pony/Elephant-wise, we remain at a Pony Factor[1] of 5, meaning
around five people make up half of the new commits around here. For a
project of our size, age and pace, this is a pretty good number,
considering this tracks committers and not necessarily authors of
commits. For reference, the Pony Factor of httpd has been 5 or 6 for
the past 8 years, so nothing has really changed there.
On a slightly more "extra-curricular" note, I did a little research in
relation to some enhancements I developed for the Apache Kibble
project, and plotted httpd's "punch cards" (commits across the hours of
the week) for the past 18 years[2]. Touching on the diversity aspect of
community health, we have seen a clear move from a US-centric project
community to a more wide-spread committer base, now favoring the
European and African continents (if we assume that we can roughly
correlate a commit timestamp with a timezone through basic knowledge
about when people are awake and asleep - this isn't always true of
committers!). While not an exact science, as we do not store a whole
lot of information about our committers, it is nice to see that the
neutrality and governance of the ASF may have caused a natural shift
towards a new group of core committers that help keep the httpd project
alive and vibrant.
Looking at the larger community, things have also been pretty steady,
with a stable trend on the development mailing list, and a slight
uptick in traffic on our users list (20% more topics discussed than
in previous quarter). Numerical stats to follow in the mailing list
paragraph.
It should also be noted, that we have more than plenty of oversight
in the PMC, with around 20 active PMC members involved in the
project discussions over the past quarter.
[1] https://ke4qqq.wordpress.com/2015/02/08/pony-factor-math/
[2] https://imgur.com/HolcMtQ
## PMC changes:
- Currently 53 PMC members.
- No new PMC members added in the last 3 months
- Last PMC addition was Stefan Sperling on Wed Jan 23 2019
## Committer base changes:
- Currently 122 committers.
- No new committers added in the last 3 months
- Last committer addition was Sebastian Bazley at Fri Jul 13 2018
## Releases:
- 2.4.39 was released on Sat Mar 30 2019
## Mailing list activity:
As stated before, pretty much the same. Slightly fewer emails, but more
topics on the lists.
- users@httpd.apache.org:
- 2461 subscribers (down -31 in the last 3 months):
- 193 emails sent to list (272 in previous quarter)
- dev@httpd.apache.org:
- 820 subscribers (down -5 in the last 3 months):
- 148 emails sent to list (222 in previous quarter)
## Bugzilla Statistics:
There are currently 1075 open tickets, many of which - as stated
in the previous activity paragraph - are either stale or no longer
an issue. In our last cleanup session, we removed 700 tickets from
the queue, and could likely halve our backlog if we did another
cleanup session or hackathon, perhaps at an ApacheCon.
- 59 Bugzilla tickets created in the last 3 months
- 35 Bugzilla tickets resolved in the last 3 months
## Description:
The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for modern operating systems including UNIX
and Windows. The goal of this project is to provide a secure,
efficient and extensible server that provides HTTP services in sync
with the current HTTP standards.
## Issues:
There are no issues requiring board attention at this time
## Activity:
- The Apache HTTP Server 2.4.38 was released in January, fixing some
bugs, enhancing features, and addressing three CVEs; two at a low
severity (CVE-2018-17199, CVE-2018-17189) as well as one with an
important severity (CVE-2019-0190), though the latter only applied to
specific bleeding-edge configurations of httpd.
- Stefan Sperling was added to the PMC.
- It was decided to close down some unused mailing lists.
- HTTPd was represented at FOSDEM (qua ASF's booth there), and as is
often the case, was the baseline for many discussions and questions
at the table.
- There are plans among committers to represent HTTPd at the HTTP
Workshop in Amsterdam, April 2-4 2019. TBD.
## Health report:
The project project remains healthy and community oversight is
definitely present at all times. Code/commit-wise, we had a slower
quarter (down some ~45% in activity compared to previous quarter),
with the holidays likely being to blame there.
Looking at the bigger picture, it's safe to say that HTTPd is a mature
project, with activity having leveled out many years ago - in fact, we
are at the same engagement levels now as eight years ago, and holding
pretty steady at 30-40 people active on the codebase and 250-300 people
on the issue trackers, while email traffic has steadily but slowly
declined, leveling out over the past two years. While the shift from
one or two major HTTP servers to a multitude of different software
projects and cloud-based setups over the past decade has moved some
traffic away from HTTPd, another important aspect is aforementioned
maturity, in that a lot of questions and answers are much more
readily available to users seeking information than they were before,
and as such, new queries are less frequent, with services like google,
reddit, stackoverflow (et al) covering a lot of ground. A positive
take-away from here is that our developer community is now more freed
up to focus on enhancing our project and fixing whatever bugs remain.
We still maintain a very mature contributor community, with the
majority of contributors having had well above 5+ years of experience
with the httpd project, and only ~37% with fewer than five years of
experience. As we seem very capable of retaining the more experienced
contributors, I do not see any concerns here, though reaching out to
new people is, of course, always worth exploring.
The PMC has more than sufficient oversight, and we have no concerns
on that front.
## PMC changes:
- Currently 53 PMC members.
- Stefan Sperling was added to the PMC on Thu Jan 24 2019
## Committer base changes:
- Currently 122 committers.
- No new committers added in the last 3 months
- Last committer addition was Sebastian Bazley at Sat Jul 14 2018
## Releases:
- 2.4.38 was released on Mon Jan 21 2019
## Mailing list activity:
Traffic to the big lists (dev+user) were a tad quieter over this past
quarter compared to other quarters, with Christmas and New Years
taking some of the credit. BugZilla seemed surprisingly busy, but
that appears to largely be a cosmetic change to many tickets by one
user causing a lot of automated emails. A few lists, which have been
receiving little to no traffic over the past few years, have been
slated for decommissioning. The top three lists are as follows:
- users@httpd.apache.org:
- 2495 subscribers (down -22 in the last 3 months):
- 297 emails sent to list (483 in previous quarter)
- dev@httpd.apache.org:
- 825 subscribers (up 0 in the last 3 months):
- 227 emails sent to list (663 in previous quarter)
- bugs@httpd.apache.org:
- 317 subscribers (down -5 in the last 3 months):
- 1111 emails sent to list (405 in previous quarter)
## Issue tracker Statistics:
As with the mailing list traffic, the large number of tickets closed
in this quarter is related to some cleanups, rather than increased
continuous effort.
- 51 Bugzilla tickets created in the last 3 months
- 749 Bugzilla tickets resolved in the last 3 months
## Description:
- The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for modern operating systems including UNIX and
Windows. The goal of this project is to provide a secure, efficient and
extensible server that provides HTTP services in sync with the current HTTP
standards.
## Issues:
- There are no issues requiring board attention at this time.
## Activity:
- The main focus this quarter has been put on releasing HTTPd with support
for the latest OpenSSL (1.1.1) and thus TLS/1.3, as well as fixing up the
test framework and miscellaneous supporting applications.
- The project worked with Sally to promote the 2.4.37 release, highlighting
the features mentioned in the previous bullet point. Save for a few snafus,
the workflow with the new release automation we've been working on lately
seems to be...flowing quite well :)
## Health report:
While the commit activity remains on par with the previous quarter, the
email activity, both in terms of senders and emails sent, have seen quite
an uptick
(22% each overall, 40%+ on dev@), while the number of topics went down
(-17%) to roughly 200 topics discussed in this quarter. This is primarily
explained by the focus on OpenSSL 1.1.1 and TLS 1.3 upgrades to the
httpd software, as well as extensive focus on the test framework and
related tools.
Looking at the slightly softer figures at our disposal, we see a steady
continuation of the previous quarter (and indeed previous years), with a
mostly fixed number of contributors and experience levels - a sort of
neutral trend that could be interpreted either way. On one hand, we are
doing well and retaining people that join the project. On the other hand,
the level and speed of attracting new contributors have slowed down a bit.
One can argue that this is a good thing (that we retain those that join),
as well as argue that we could do more to attract new people to the
project. My personal take is that the project is in good hands, but could
start exploring how other projects have attracted people, should we feel
this is needed in the near future. HTTPd has typically been a highly
esteemed 'flagship project', and as such, one could argue that we have been
complacent in our recruiting efforts...and while we do not appear to have
suffered from this (that we know of), I believe it prudent to become more
proactive in community outreach.
## PMC changes:
- Currently 53 PMC members.
- No new PMC members added in the last 3 months
- Last PMC addition was Hank Ibell on Mon Jul 09 2018
## Committer base changes:
- Currently 122 committers.
- No new committers added in the last 3 months
- Last committer addition was Sebastian Bazley at Fri Jul 13 2018
## Releases:
- 2.4.35 was released on Thu Sep 20 2018
- 2.4.37 was released on Sun Oct 21 2018
## Mailing list activity:
I've only included the lists where we have seen a noticeable change in
figures:
- users@httpd.apache.org:
- 2513 subscribers (down -4 in the last 3 months):
- 512 emails sent to list (338 in previous quarter)
- dev@httpd.apache.org:
- 824 subscribers (down -7 in the last 3 months):
- 677 emails sent to list (390 in previous quarter)
## Bugzilla Statistics:
- 51 Bugzilla tickets created in the last 3 months
- 51 Bugzilla tickets resolved in the last 3 months
## Description:
The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for modern operating systems including UNIX and
Windows. The goal of this project is to provide a secure, efficient and
extensible server that provides HTTP services in sync with the current
HTTP standards.
## Issues:
There are absolutely no issues requiring board attention at this time!
## Activity:
Nothing too exciting, considering it's been summer and activity has
been lower than in other quarters. We released 2.4.34 and work has been
done on TLS 1.3 integration, JSON logging and fixing up core modules.
## Health report:
The project is healthy, albeit at a slower pace due to summer holidays.
A quick count yielded 14 active PMC members during this quarter, so
plenty of oversight. We managed to squeeze in 420 commits from 19
authors - a slight (and understandable) drop from previous quarter. In
terms of people doing the heavy load, we've been at a steady figure of
5-6 for the past two years, with no visible sign of that changing.
Basically, this means we have around 6 people doing the main work, and
some 25 others assisting with lighter contributions. The majority of
active contributors have more than 5 years of contribution experience
with the project - coupled with the rate of new committers, this seems
to be a sign of a good amount of contributor retention within the
project. We added two new contributors in this quarter, as listed in
the next paragraph. Bugzilla and mail activity remains very stable in
terms of the number of contributors - the number of tickets/emails has,
as stated before, been lower during the summer time. As we are part of
the Kibble experiment[1], we also have insight into the general mood of
the project over time, and while there are signs of a somewhat brazen
and rough tone sometimes, the past few months have seen an uptick
towards a happier mood (except for on the users list, but that is to be
expected, as that's where all the problems and cries for help would
go).
[1] https://demo.kibble.apache.org/
## PMC changes:
- We currently have 53 members on the PMC.
- Hank Ibell was added to the PMC on Tue Jul 10 2018
## Committer base changes:
- There are currently 122 committers.
- New commmitters:
- Hank Ibell was added as a committer on Tue Jun 26 2018
- Sebastian Bazley was added as a committer on Sat Jul 14 2018
## Releases:
- 2.4.34 was released on Mon Jul 16 2018
## Mailing list activity:
Nothing particularly worthy of note here. A dip in traffic,
likely due to summer time, but the number of contributors have been
very steady.
## Description:
The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for modern operating systems including UNIX and
Windows. The goal of this project is to provide a secure, efficient and
extensible server that provides HTTP services in sync with the current HTTP
standards.
## Issues:
There are currently no issues requiring board attention.
## Activity:
- Two releases (2.4.32, 2.4.33) were made in this quarter.
- The project is working towards leveraging github for bugs/feature requests
- Discussions on revamping/restructuring the QA/test framework are ongoing
- The latest releases and gotchas found there have led to an ongoing
discussion around release procedures and versioning.
- We are looking into expanding community outreach and adoption of httpd
through various vendor-neutral marketing pushes. Among them are plans to
start a monthly newsletter to both inform about new features of httpd and
combat elements of fear, uncertainty, and doubts about the project, its
capabilities and its community as a whole.
## Health report:
- The project is generally speaking very healthy. Commits in this reporting
period were up almost 40%, and the number of active developers (22) were up
around 10%. On emails and issues, we've had virtually no change in the
number of active people, with roughly the same number of people joining and
leaving. We've seen one new committer, Jim Riggs, and 10 new issue
contributors.
- On the email front, this quarter has been extremely busy compared to the
previous one, as explained in detail in the last paragraph in this report.
## PMC changes:
- Currently 52 PMC members.
- New PMC members:
- Jim Riggs was added to the PMC on Thu Apr 12 2018
- Frank Gingras was added to the PMC on Thu Feb 01 2018
## Committer base changes:
- Currently 120 committers.
- Jim Riggs was added as a committer on Fri Apr 06 2018
## Releases:
- 2.4.32 was released on Wed Mar 14 2018
- 2.4.33 was released on Sat Mar 24 2018
## Mailing list stats:
I wish to include the stats in this report, as they show a very positive
uptick in activity over the past quarter. This is primarily due to the
discussions outlined in the activity paragraph, as well as increased
efforts on the development front:
- users@httpd.apache.org:
- 2527 subscribers (down -15 in the last 3 months):
- 452 emails sent to list (368 in previous quarter)
- dev@httpd.apache.org:
- 832 subscribers (down -11 in the last 3 months):
- 1099 emails sent to list (434 in previous quarter)
- bugs@httpd.apache.org:
- 324 subscribers (down -4 in the last 3 months):
- 738 emails sent to list (382 in previous quarter)
## Description:
- The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for modern operating systems including UNIX and
Windows. The goal of this project is to provide a secure, efficient and
extensible server that provides HTTP services in sync with the current HTTP
standards.
## Issues:
- There are no issues requiring board attention at this time
## Activity:
Contemplating a 2.4.30 release at the moment. A lot of technical discussions
have taken place. We have invited two longstanding members of the httpd
community to our PMC in recognition of their outstanding work done to help
and further the httpd project.
## Community health:
- Activity has gone up a bit, with 20 active developers contributing code and
documentation to httpd this quarter. The number of commits done has been
steady, but we've seen an uptick in the number of people contributing. On
the issue tracker front, we've seen quite a lot of people stepping up to
resolve issues (a 100% incline).
We haven't seen any _new_ contributors, but rather a return of people who
have been on a break from httpd for a while. There has been some discussion
on whether to integrate tighter with services like GitHub to lower the bar
to contributing.
## PMC changes:
- Currently 51 PMC members.
- New PMC members:
- Daniel Ferradal was added to the PMC on Thu Jan 25 2018
- Frank Gingras was added to the PMC on Thu Feb 01 2018
## Committer base changes:
- Currently 119 committers.
- No new committers added in the last 3 months
- Last committer addition was Daniel Ferradal at Wed Apr 26 2017
## Releases:
- Last release was 2.4.29 on Mon Oct 23 2017
## Email/BugZilla stats:
- Nothing to report here, same as usual.
## Description: - The Apache HTTP Server is an open-source HTTP server for modern operating systems including UNIX, Microsoft Windows, Mac OS/X and Netware. ## Issues: - There are no issues requiring board attention at this time. ## Activity: Two releases, 2.4.28 and 2.4.29, were cut for the 2.4 branch. Discussion is underway for a possible 2.5.0 alpha release. It was decided to do some pruning of our (visible) branches in svn, to make it less muddy when browsing our source code. ## Health report: The project remains in good health. What follows is a slightly more technical/academic analysis than usual. Code-wise, activity has been pretty much the same as in the past quarter with roughly the same number of committers and commits. Diversity-wise, httpd remains at a Pony Factor[1] of 5-6, which is a solid diversity score for a project of httpd's age. Email-wise, the PF score is currently 5 for dev@ and 46 for the users@ list, arguably because a handful of people are responsible for the bulk of helping users with issues. Retention-wise, the community has managed to retain a steady amount of people over the past 6 years, "idling" at around 35 people actively working on code, 700ish people active on the mailing list, and some 250 working on bugzilla issues. The bulk of people working on code has a five year or longer experience with httpd. We can interpret this as two distinct causes: 1) We are excellent at retaining people we take under our wings as committers, but also 2) We need to put more effort into getting new committers (the average httpd coder has spent nearly 8 years working on httpd). While I'm sure the PMC will discuss ways to engage with newcomers and make working on the httpd project more accessible and appealing to more people, I wish to also point out that we have maintained this status for more than six years. So...we excel at retaining, but we could also do with some fresh blood in the ranks. Using Apache Kibble, I have also personally been able to assess more social aspects of the community, and I am pleased to note that the overall mood of our mailing lists are above average for the ASF. The take-away here being that we for the most part adhere well to the ASF code of conduct. See mailing list section below for more information. [1] https://ke4qqq.wordpress.com/2015/02/08/pony-factor-math/ ## PMC changes: - Currently 49 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Steffen Land on Mon Feb 27 2017 ## Committer base changes: - Currently 119 committers. - No new committers added in the last 3 months - Last committer addition was Daniel Ferradal at Wed Apr 26 2017 ## Releases: - 2.4.28 was released on Thu Oct 05 2017 - 2.4.29 was released on Mon Oct 23 2017 ## Mailing list activity: Mailing list activity remains steady. August was slower than the other months, likely due to summer vacations ending there. 812 emails were sent to our user and dev lists by 143 people, spread over 242 topics. We have had to re-iterate to people that the ASF has a code of conduct that should be followed. As a result, a member of the mailing list was removed for continuously failing to follow these guidelines. ## Bugzilla Statistics: BugZilla stats are pretty much identical to past quarter: - 71 Bugzilla tickets created in the last 3 months by 61 people - 51 Bugzilla tickets resolved in the last 3 months by 12 people
## Description: - The Apache HTTP Server is an open-source HTTP server for modern operating systems including UNIX, Microsoft Windows, Mac OS/X and Netware. ## Issues: - There are no issues requiring board attention at this time. ## Activity: Three releases (two for 2.4 and one for 2.2) were cut. A lot of great improvements in the codebase were made alongside some herculean tasks in cleaning up old code/designs and keeping HTTPd at cutting edge. The 2.2 release also marks the last release of the 2.2 branch, save whatever security patches may be released from now and through December 2017[1]. Among the plethora of activities in this cycle, I wish to point out a few: At ApacheCon North America 2017 in Miami, a total of four talks were held about HTTPd. Thanks go out to the speakers for the time and effort put into this. The HTTP/2 support in HTTPd 2.4 has been changed from "experimental" to stable in future releases[2], in part to avoid confusion over the projects use of the term "experimental" to denote modules and/or features whose API may change but are otherwise considered stable, as is the case with the mod_h2 and mod_lua modules. Work has also begun[3] on a new module, mod_md, that enables on-the-fly acquisitions and integrations of web site certificates via Automatic Certificate Management Environment (ACME) providers such as ISRG's LetsEncrypt. [1] https://s.apache.org/obH5 [2] https://s.apache.org/yqNQ [3] https://s.apache.org/Tnra ## Health report: The project remains in superb health. Mailing lists are full of active and engaged people, with many simultaneous discussions going on. The number of committers actively contributing to the code/documentation has been steady throughout the past two years and remains at a level of 15-20 active committers each month. HTTPd is also seeing increased interest on GitHub even though the project is only mirrored there. Looking at user/support activity, HTTPd can boast a very vibrant and alive user sphere in terms of interactions on mailing lists and IRC, as well as other fora. While we have not invited new committers or PMC members in the past 3 months (summertime being a bit of a lull), we are always on the lookout for new people to bolster our ranks and help make HTTPd one of the best pieces of open source software out there. ## PMC changes: - Currently 49 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Steffen Land on Mon Feb 27 2017 ## Committer base changes: - Currently 119 committers. - No new committers added in the last 3 months - Last committer addition was Daniel Ferradal at Wed Apr 26 2017 ## Releases: - 2.2.34 was released on Tue Jul 11 2017, and marks the last release of 2.2. - 2.4.26 was released on Mon Jun 19 2017 - 2.4.27 was released on Tue Jul 11 2017 ## Mailing list activity: Mailing activity remains steady, albeit a bit lower than the previous reporting cycle (likely due to it being summer), and have been omitted for the sake of brevity. ## Bugzilla Statistics: - 64 Bugzilla tickets created in the last 3 months - 50 Bugzilla tickets resolved in the last 3 months
WHEREAS, the Board of Directors heretofore appointed Eric Covener (covener) to the office of Vice President, Apache HTTP Server, and WHEREAS, the Board of Directors is in receipt of the resignation of Eric Covener (covener) from the office of Vice President, Apache HTTP Server, and WHEREAS, the Project Management Committee of the Apache HTTP Server project has chosen by vote to recommend Daniel Gruno (humbedooh) as the successor to the post; NOW, THEREFORE, BE IT RESOLVED, that Eric Covener is relieved and discharged from the duties and responsibilities of the office of Vice President, Apache HTTP Server, and BE IT FURTHER RESOLVED, that Daniel Gruno be and hereby is appointed to the office of Vice President, Apache HTTP Server, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Special Order 7B, Change the Apache HTTP Server Project Chair, was approved by Unanimous Vote of the directors present.
## Description:
The Apache HTTP Server Project develops and maintains an
open-source HTTP server for modern operating systems.
## Issues:
There are no issues requiring board attention at this time.
## Activity:
* Development pace is slow with a few notable exceptions
(HTTP/2, security investigations)
* Some new interest/discussion in SSL config/defaults as well as
resynching with security@a.o CVE policy.
* Working towards a 2.4.26 release.
## Health report:
* Security backlog is creeping back up, most issues have some
active engagement.
## PMC changes:
- Currently 49 PMC members.
- Steffen Land was added to the PMC on Sun Feb 26 2017
## Committer base changes:
- Currently 119 committers.
- New commmitters:
- Daniel Ferradal was added as a committer on Wed Apr 26 2017
- Steffen Land was added as a committer on Thu Feb 09 2017
* Overall things are healthy. Routine tickets/emails
are being addressed in a timely manner.
* The backlog of aged security issues has been mostly cleared out with last
reporting periods releases.
* Currently 116 committers.
## Releases:
* None this period. Both trees expected next period.
* Last Stable release: 2.4.25 on December 21, 2016
* Last Legacy release: 2.2.32 on January 13, 2017
## Issues/Bugs:
* 73 issues created (up 21% since last period)
* 23 issues closed (down -66% since last period)
* 7 people closing issues, 65 creating them.
* Around 70% of all tickets are made by newcomers, showing a steady
interest in the project new people (was 68% in the past cycle).
Looking over a two year timespan, the ticket activity seems to have
been holding steady, neither increasing nor decreasing greatly.
## Mailing lists:
Discounting commits and bugs (see above), we had around 1,000 emails
sent to our dev and users list this past cycle, with around 250
distinct topics being discussed. While this is a decrease from the
previous cycle, that same cycle was a 5 year high for the project.
## Description: The Apache HTTP Server Project develops and maintains an open-source HTTP server for modern operating systems. ## Issues: There are no issues requiring board attention at this time. ## Activity: * Development pace is slow with a few notable exceptions (HTTP/2, security investigations) ## Health report: * Overall things are healthy. Routine tickets/emails are being addressed in a timely manner. * The backlog of aged security issues has been mostly cleared out with last reporting periods releases. ## PMC changes: * Daniel Ruggeri was added to the PMC on Wed Dec 28 2016 * Jacob Champion was added to the PMC on Wed Dec 28 2016 * Lucien Gentis was added to the PMC on Fri Jan 06 2017 * Luca Toscano was added to the PMC on Sat Jan 07 2017 * Currently 48 PMC members. ## Committer base changes: * No new committers this period * * Last new committer: Evgeny Kotkov was added on Tue Sep 20 2016 * Currently 116 committers. ## Releases: * Stable release: 2.4.25 on December 21, 2016 * Legacy release: 2.2.32 on January 13, 2017
## Description:
The Apache HTTP Server Project develops and maintains an
open-source HTTP server for modern operating systems.
## Issues:
There are no issues requiring board attention at this time.
## Activity:
* Development pace is slow with a few notable exceptions
(Strict HTTP compliance, http2, redis socache, security investigations)
## Health report:
* Overall things are healthy. Routine tickets/emails
are being addressed in a timely manner.
* Some security work with backwards-compatibility complications has
been proceeding more slowly then we'd normally like. This work and
the queue of more straightforward issues blocked behind it has in
some sense also delayed new releases.
## PMC changes:
* No PMC change this period
** Last PMC addition: Jean-Frederic Clere was added to the PMC on
Tue Nov 24 2015
* Currently 44 PMC members.
## Committer base changes:
* 1 committer added this period
* * Evgeny Kotkov was added on Tue Sep 20 2016
* Currently 116 committers.
## Releases:
* No releases this reporting period.
** Last stable release was 2.4.23 on July 05, 2016
** Last legacy release was 2.2.31 on July 16, 2015
(EOL announced during 2.4.23)
## Description: The Apache HTTP Server Project develops and maintains an open-source HTTP server for modern operating systems. ## Issues: There are no issues requiring board attention at this time. ## Activity: - Recent focus has been on the backlog of security reports. ## Health report: - Relatively quiet summer, but there is activity from several committers and releases are on the horizon. - EOL timeline for 2.2.x series was announced during 2.4.23 release. ## PMC changes: - Currently 44 PMC members. - No PMC changes. Jean-Frederic Clere was added to the PMC on Tue Nov 24 2015 (last PMC addition) ## Committer base changes: - Currently 116 committers. - Jacob Champion was added on Thu Jul 07 2016 ## Releases: - 2.4.23 was released on July 05, 2016 - 2.2.x: no releases Last Release: 2.2.31 was released July 16, 2015 (EOL announced during 2.4.23)
## Description: The Apache HTTP Server Project develops and maintains an open-source HTTP server for modern operating systems. ## Issues: There are no issues requiring board attention at this time. ## Activity: - mod_h2 (HTTP/2 implementation) is under active development and garnering significant user feedback. Thank you Steffen! - Docs: There has been some renewed activity/interest on docs content and trying to reboot our translated docs with machine translations. ## Health report: - mod_h2 and mod_proxy are under recent active development, most everything else is maintenance-only. - Bug reports and mails being addressed timely by the project. ## PMC changes: - Currently 44 PMC members. - No PMC changes. Jean-Frederic Clere was added to the PMC on Tue Nov 24 2015 (last PMC addition) ## Committer base changes: - Currently 114 committers. - Luis Gil was added as a committer on Thu Apr 21 2016 (last committer addition) ## Releases: - 2.4.20 was released on April 11, 2016. - 2.2.31 was released July 16, 2015 (stable, but not EOL) ## Bugzilla Statistics: - 73 Bugzilla tickets created in the last 3 months - 60 Bugzilla tickets resolved in the last 3 months Some stalled issues, but most valid bugs getting attention.
## Description: The Apache HTTP Server Project develops and maintains an open-source HTTP server for modern operating systems. ## Issues: There are no issues requiring board attention at this time. ## Activity: - mod_h2 (HTTP/2 implementation) is under active development and garnering significant user feedback. Thank you Steffen! - mod_proxy: Jim added some very cool proxy health check support, and reverse proxy docs, to trunk. Thanks as always to Jim! - Docs: Our newest committer has been aggressively going through bugzilla and improving some important docs. Thanks Luca! - Work to support OpenSSL 1.1.0 in trunk was started to enable feedback to the new API before the first OpenSSL 1.1.0 beta. Thanks Rainer! ## Health report: - mod_proxy joins mod_h2 in the active development category, most other areas still see maitnenance-only. - users@ down marginally, dev@ up marginally ## PMC changes: - Currently 44 PMC members. - Jean-Frederic Clere was added to the PMC on Tue Nov 24 2015 (last PMC addition) ## Committer base changes: - Currently 114 committers. - Luca Toscano was added as a committer on Fri Jan 22 2016 (last committer addition) ## Releases: - 2.4.18 was released on December 14, 2015. ## Bugzilla Statistics: - 70 Bugzilla tickets created in the last 3 months - 44 Bugzilla tickets resolved in the last 3 months
## Description: The Apache HTTP Server Project develops and maintains an open-source HTTP server for modern operating systems. ## Issues: There are no issues requiring board attention at this time. ## Activity: - mod_h2 (HTTP/2 implementation) was delivered in the stable 2.4.x line for the first time in 2.4.17. - 2.4.18 anticipated around EOY to pick up mod_h2 improvements and a handful of small compatibility issues with 2.4.17. ## Health report: - mod_h2 aside, the trend of the last few years of relatively low development activity continues. Maintenance activities continue with bugs and questions mostly addressed in a timely fashion, but not much in the way of new major releases/functionality on the horizon. - Some renewed interest/discussion in extending async processing in the core / filters. - users@ and dev@ up marginally over the reporting period. ## PMC changes: - Currently 43 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Stefan Eissing on Mon Jul 20 2015 ## Committer base changes: - Currently 113 committers. - No new committers added in the last 3 months - Last committer addition was Edward Lu at Tue Jul 07 2015 ## Releases: - 2.4.17 was released on Tue Oct 13 2015 ## Bugzilla Statistics: - 63 Bugzilla tickets created in the last 3 months - 44 Bugzilla tickets resolved in the last 3 months
## Description:
The Apache HTTP Server Project develops and maintains an
open-source HTTP server for modern operating systems.
## Activity:
- mod_h2 (an implementation of HTTP/2) has been added to trunk
and activity has begun to better integrate it.
## Health report:
- Maintenance activities are proceeding in a healthy way
- Little forward development activity beyond mod_h2 integration
## Issues:
- No issues requiring the boards attention
## LDAP committee group/Committership changes:
- Stefan Eissing was added to the LDAP committee group on Tue Jul 21 2015
- New commmitters:
- Stefan Eissing was added as a committer on Mon Jul 06 2015
- Edward Lu was added as a committer on Tue Jul 07 2015
## Releases:
- 2.4.16 was released on Wed Jul 15 2015
- 2.2.31 was released on Thu Jul 16 2015
- (2.0.x is EOL)
Report from the Apache HTTP Server project [Eric Covener] ## Description: The Apache HTTP Server Project develops and maintains an open-source HTTP server for modern operating systems. ## Activity: Overall project activity is low, with various fixes being made on maintenance releases but very little forward development. Third-party work on an HTTP/2 module was discussed more this reporting period, with some enablement work for ALPN revived in mod_ssl. No security issues have required new releases, so patches have collected a little longer than normal in the stable releases. ## Issues: There are no issues requiring board attention at this time. ## PMC/Committership changes: - Currently 112 committers and 43 PMC members in the project. - Christophe Jaillet was added to the PMC on Mon Mar 09 2015 - Stefan Sperling was added as a committer on Fri Apr 17 2015 ## Releases: - Last 2.4.x release was 2.4.12 on Jan 26 2015 - Last 2.2.x release was 2.2.29 on September 3 2014
Project Description =================== The Apache HTTP Server Project develops and maintains an open-source HTTP server for modern operating systems. Issues for the Board ==================== There are no outstanding issues that require the board's attention. Releases ======== * 2.4.12 : Released on January 29, 2014 Older branches last release: * 2.2.x: 2.2.29 released September 3 2014 * 2.0.x(EOL) 2.0.65 released July 9, 2013 Bug Activity ============ * 164 bugs worked on, 60 new, 71 closed/fixed Community ===================== * Yann Ylavic was added to the PMC. * Date of last new committer : October 2014 (Steve Hay) * Date of last new PMC member: February 2015 (Yann Ylavic) * Overall development activity continues to slow, with the focus on security fixes andthe maintenance of 2.4.x which is making its way into various httpd distributions. * Thanks to Rich Bowen for organizing a httpd/TS/Tomcat track for ACNA 2015.
WHEREAS, the Project Management Committee (PMC) of the Apache HTTP Server project has chosen by vote to recommend the removal of the persons listed immediately below from the PMC due to extended inactivity in the project and lack of a positive response to remain an active member of the PMC: Aaron Bannert <aaron@apache.org> Ben Laurie <ben@apache.org> Chuck Murcko <chuck@apache.org> Doug MacEachern <dougm@apache.org> Erik Abele <erikabele@apache.org> Joshua Slive <slive@apache.org> Ken Coar <coar@apache.org> Manoj Kasichainula <manoj@apache.org> Martin Kraemer <martin@apache.org> Maxime Petazzoni <maxime@apache.org> Ralf S. Engelschall <rse@apache.org> Sander Striker <striker@apache.org> Wilfredo Sanchez <wsanchez@apache.org> Yoshiki Hayashi <yoshiki@apache.org> Rasmus Lerdorf NOW, THEREFORE, BE IT RESOLVED, that the persons listed immediately above are relieved and discharged from the duties and responsibilities of the Apache HTTP Server PMC but are welcome to return upon their request. Special Order 7D, Change the Apache HTTP Server Project Management Committee, was approved by Unanimous Vote of the directors present.
Project Description =================== The Apache HTTP Server Project develops and maintains an open-source HTTP server for modern operating systems. Issues for the Board ==================== There are no outstanding issues that require the board's attention. Releases ======== We've had one maintenance release of our older of two branches (2.2.x) to roll up security fixes released this year in our current release (2.4.x) * 2.2.29 : Released on September 9, 2014 Bug reports =========== * Encountered 51 bugs with activity, 26 new, 20 closed/fixed * Previously: Encountered 143 bugs with activity, 57 new, 40 closed/fixed) Community ===================== * Steve Hay (mod_perl PMC) was added as a committer. * We have brought back a resolution for PMC cleanup from our previous report with some more detail as requested. * Date of last new committer : October 2014 (Steve Hay) * Date of last new PMC member: July 2013 (Ben Reser) * Overall development activity continues to slow, with the focus on the maintenance of 2.4.x which is making its way into various httpd distributions. * Jeff Trawick has tried to bootstrap some discussions of promoting HTTPD 2.4, but nothing that has caught on yet.
WHEREAS, the Project Management Committee (PMC) of the Apache HTTP Server project has chosen by vote to recommend the removal of the persons listed immediately below from the PMC: Aaron Bannert <aaro...@apache.org> Ben Laurie <be.....@apache.org> Chuck Murcko <chuc...@apache.org> Doug MacEachern <doug...@apache.org> Erik Abele <erik...@apache.org> Joshua Slive (slive) <sliv...@apache.org> Ken Coar (coar) <coa....@apache.org> Manoj Kasichainula <mano...@apache.org> Martin Kraemer <mart...@apache.org> Maxime Petazzoni (maxime) <maxi...@apache.org> Ralf S. Engelschall <rs.....@apache.org> Sander Striker <stri...@apache.org> Wilfredo Sanchez <wsan...@apache.org> Yoshiki Hayashi <yosh...@apache.org> Rasmus Lerdorf <rasm...@lerdorf.com> NOW, THEREFORE, BE IT RESOLVED, that the persons listed immediately above are relieved and discharged from the duties and responsibilities of the Apache HTTP Server PMC. Special Order 7A, Change the Apache HTTP Server Project Management Committee, was tabled.
Project Description =================== The Apache HTTP Server Project develops and maintains an open-source HTTP server for modern operating systems. Issues for the Board ==================== There are no outstanding issues that require the board's attention. Releases ======== We've had one maintenance release of our latest branch in the current reporting period. The only other in-service release, 2.2.x, is anticipated to be released soon. * 2.4.10 : Released on July 21, 2014 Bug reports =========== Encountered 143 bugs, 57 new and 40 closed/fixed Community ===================== * Several PMC members volunteered to go emeritus this period: orlikowski,nlehuen,marc,grisha,jgallacher * The PMC voted to move a number of inactive members to emeritus status. Full details are in a resolution in the same agenda as this report * No other committer or PMC roster changes this reporting period. * Date of last new committer : February 2014 (Yann Ylavic) * Date of last new PMC member: July 2013 (Ben Reser) Overall development activity continues to slow, with the focus on the maintenance of 2.4.x which is making its way into various httpd distributions.
Project Description =================== The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. Issues for the Board ==================== There are no outstanding issues that require the board's attention. Releases ======== We've had one maintenance release of each in-service stream sinc the last reporting period: * 2.4.9 : Tagged on March 13, 2014. * 2.2.27 : Released March 26, 2014 Bug reports =========== 241 bugs had activity, 85 new, 56 resolved Community ===================== No committer or PMC roster changes this reporting period. * Date of last new committer : February 2014 (Yann Ylavic) * Date of last new PMC member: July 2013 (Ben Reser) Overall development activity is steady, but slow, with the focus on the maintenance of 2.4.x which is making its way into various httpd distributions.
Project Description =================== The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. Issues for the Board ==================== There are no outstanding issues that require the board's attention. Releases ======== We've had one maintenance release of each in-service stream since the last reporting period: * 2.2.26 was released Nov 18, 2013 * 2.4.7 was released Nov 25, 2013 Bug reports =========== 185 bugs had activity, 81 new, 90 resolved. Community ===================== Yann Ylavic and Mike Mrumph were accepted as new committers. IRC and mailing list activity is steady. Development activity is relatively low. There has been a hint of interest in SPDY and HTTP/2.0 and how we could adjust our architecture. A few interesting netcraft posts came out in this period, but not much community discussion on them yet.
Project Description =================== The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. Issues for the Board ==================== There are no outstanding issues that require the board's attention. Releases ======== No new releases since last board report. Last release was httpd 2.4.6 on July 22nd, 2013. Commit activity is steady, albeit not as heavy as earlier in the year, when 2.4.1 was released as the first in the 2.4 branch. We expect httpd 2.2.26 and 2.4.7 to be T&R'ed in November. Bug reports =========== 153 different bugs were discussed, 61 new bugs created, 34 were closed/fixed. Community ===================== Ubuntu 13.10 released with Apache HTTP Server 2.4.x. There are two recently publicised "bounty" programs that include Apache HTTP Server. Both are very hands-off wrt project involvement. The PMC is dicussing procedures/policies. Ben Reser was added to the PMC on September 8th, 2013. Jan Kaluza was added as a committer on September 16th, 2013. IRC and mailing list activity are steady.
Project Description =================== The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. Issues for the Board ==================== There are no outstanding issues that require the board's attention. Releases ======== httpd 2.4.6 was released on July 22nd, 2.4.5 was tagged but not released. httpd 2.2.25 was released on July 9th. httpd 2.0.x was released and officially retired on July 9th. Bug reports =========== Bug reporting and fixing is going at a steady pace with between a half and one new ticket being filed and fixed every day (77 new and 53 closed/fixed). A total of 167 bugs have been discussed via Bugzilla within the last quarter. Community ===================== Ben Reser was added as committer on July 28th. No new PMC members has been added, putting the last addition to the PMC at December, 2012. IRC and mailing list activity are steady
Project Description =================== The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. Issues for the Board ==================== There are no outstanding issues that require the board's attention. Releases ======== httpd 2.4.4 was released on February 25th, just before ApacheCon North America, which made for interesting new things to talk about at the conference. httpd 2.2.24 was released on February 26th. httpd 2.0.x has not seen a release since late 2010. It is likely that the next release will be accompanied by an EOL declaration. Bug reports =========== Bug reporting and fixing is going at a steady pace with between a half and one new ticket being filed and fixed every day (68 new tickets versus 63 closed). A total of 193 bugs have been discussed via Bugzilla within the last quarter. Community ===================== There have been no new committers or PMC members since the last report, putting the latest addition of a committer at January, 2013 and the last addition to the PMC at December, 2012. IRC and mailing list activity are steady The online commenting system embedded in the manual has proved quite useful in lowering the bar for feedback. A revamped modules.apache.org is operational.
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. No major issues requiring the Board's attention. == Project Status == No releases during this reporting period, but a 2.4.x release is anticipated prior to ACNA (thanks Jim). There has been a flurry of backport activity from trunk in anticipation. 2.0.x and older releases see almost no activity. mod_macro was IP cleared and rolled into trunk. == Community == IRC and users@ activity has been steady. Bugzilla and development lists has been relativey slow. Fabien Coelho joined us as a committer. Gregg Smith and Daniel Gruno joined the PMC. Apache HTTP Server has a number of talks/tutorials planned for ACNA.
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. No major issues requiring the Board's attention. == Project Status == We produced two bugfix releases in the beginning of the reporting period, 2.2.23 and 2.4.3. Our 2.0.x stream has seen some renewed attention in anticipation of a "final" security roll-up release and an announcement of EOL. More bugfix releases around EOY are anticipated. == Community == IRC and users@ activity has been steady. Bugzilla and development lists has been relatively slow. Fabien Coelho has initiated discussions about rolling his popular out-of-tree module mod_macro into the core distribution. Apache HTTP Server was well represented at ACEU with Jeff, Stefan, Daniel, Graham, Igor, and Rainer attending/hacking and 5 well attended Web Infrastructure track talks. Long-time bugzilla contributor Christophe Jaillet was added as a committer. No changes were made to the PMC roster.
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. No major issues requiring the Board's attention. == Project Status == There has been no release activity during this reporting period, heavily due to the continued quiet CVE front. There has been increased backport activity to our recently released 2.4.x branch in anticipation of an August release (thanks as always to Jim) == Community == No change to PMC roster and no new committers. Activity on mailing lists and bugzilla is steady. The project has added a comments system (thanks to Daniel Gruno) to the httpd manual which has elicited some nice feedback.
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. No major issues requiring the Board's attention. == Project Status == The project released versions 2.4.1 and 2.4.2 during this reporting period (many thanks to Jim). A new version of mod_fcgid (2.3.7) was also released. We've had a mercifully slow quarter for CVEs, with no 2.2.x releases required. There are ongoing discussions of using the CMS for our site and/or documentation that various volunteers are working on. == Community == We added Daniel Gruno (humbedooh) as a committer this period, with no changes to the PMC roster. As we had discussed informally for a long time, our SVN authorization was flattened out to not differentiate between different kinds of committers. We are also enabling comments (via Disqus) on the httpd manual, with a pilot ongoing with a single trunk topic. This is hoped to help with contributions/bug reports on the documentation. Mailing list, bugzilla, and IRC traffic is steady.
Status report for the Apache HTTP Server project - February 2012 The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. No major issues requiring the Board's attention. == Project Status == The project continues to make progress towards a GA release of httpd 2.4.x, including 2.3.16 (beta) and an ultimately unreleased 2.4.0 which lead to additional scrutiny, testing, and fixes. The project released 2.2.22, containing a roll-up of a number of relatively low severity vulnerabilities. A similar, likely final, release of 2.0.x is also in the works. Our bugzilla backlog is slowly climbing, approximately 850 non-enhancement issues. == Community == Kaspar Brand and Stephen Henson were added to the PMC roster in this period. No new committers. Mailing list, bugzilla, and IRC traffic is steady, with a bubble around 2.4 discussions and work.
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. No major issues requiring the Board's attention. == Project Status == The project continues to make progress towards a GA release of httpd 2.4.0,releasing one beta, with another up for vote during ApacheCon. We now have a 2.4 branch in subversion. Two security releases (2.2.20 and 2.2.21) were released during this reporting period. We are moving for an additional security release of 2.0.x in the coming weeks which will likely accompany a formal statement for deprecation and EOL of 2.0.x. We have approximately 805 non-enhancement bugs. About 10% are FixedInTrunk. == Community == Dan Poirier was removed from the PMC roster at his own request. No other PMC roster changes this period. No new committers in this period. Mailing list, bugzilla, and IRC traffic is steady, with a bubble around ApacheCon and our 2.4 preparations.
WHEREAS, the Board of Directors heretofore appointed William A.
Rowe, Jr. to the office of Vice President, Apache HTTP Server, and
WHEREAS, the Board of Directors is in receipt of the resignation
of William A. Rowe, Jr. from the office of Vice President, Apache
HTTP Server, and
WHEREAS, the Project Management Committee of the Apache HTTP Server
project has chosen by acclamation to recommend Eric Covener as the
Successor to the post;
NOW, THEREFORE, BE IT RESOLVED, that William A. Rowe, Jr. is
relieved and discharged from the duties and responsibilities of
the office of Vice President, Apache HTTP Server, and
BE IT FURTHER RESOLVED, that Eric Covener be and hereby is
appointed to the office of Vice President, Apache HTTP Server,
to serve in accordance with and subject to the direction of the
Board of Directors and the Bylaws of the Foundation until
death, resignation, retirement, removal or disqualification, or
until a successor is appointed.
Resolution 7B passed by unanimous roll call vote.
No major issues requiring the Board's attention. == Project Status == The project continues to make progress towards a GA release of httpd 2.4.0, releasing two betas (2.3.13, 2.3.14) since our last report in May. A single release of our 2.2 branch, 2.2.19 was completed just after our last report primarily to pick up an updated APR for CVE-2011-1928. The board was engaged on July 7 to help resolve a disagreement over whether some decisions and interaction between APR and HTTPD projects was being properly handled, and helping to clarify what constitutes a technical veto. At the suggestion of Roy, this was brought back to the public development list where the conclusion was that the veto stood and that the HTTPD change was to be reverted. Message-Id: <E2B2F314-D8A9-4C40-88FE-08C838224143@sharp.fm> Message-ID: <4E15E51E.4090700@rowe-clan.net> The disputed change has since been reverted in httpd trunk. Traffic on users/development mailing list, and bugzilla, has been steady. Our bugzilla backlog remains challenging with 989 open bugs. 288 are enhancements, and 228 are FixedIntrunk. == Community == Gregg L Smith, Daniel Ruggeri, and Kaspar Brand were added as committers. No change to the PMC roster. William A Rowe Jr has tendered his resignation as chair to the committee, and sought nominations to continue rotation of the httpd committee chair. Eric Covener was nominated and elected by acclamation by the committee. A chair change resolution has been offered for the board's consideration.
The project continues to make steady progress towards a beta and subsequent GA release of the httpd 2.4.0 code. httpd 2.3.11-beta was released in March, and httpd-2.2.18 was released in May, while 2.3.12-beta is tagged and currently in the release vote process. Dan Poirier was added to the committee roster. No other changes to the active committers or committee roster.
Greg notes that "committee roster" should be "PMC".
The project continues to make steady progress towards a beta and subsequent GA release of the httpd 2.4.0 code. httpd 2.3.9 was tagged in November and then scuttled after broad review, while httpd 2.3.10-alpha was released 12/23, and another incremental release is anticipated very shortly. The subproject apreq library update 2-2.13 was also released on 12/3. Igor Galić was added to the committee roster. No other changes to committers or committee roster. After very brief unanimous decision on the dev list, all 1.3 artifacts are being relegated to archive.a.o and removed from the active httpd.a.o site. May they rest in peace with the Foundation's thanks to the many contributors and authors of this historic first Apache Software Foundation code base.
Community --------- Ranier Jung was added to the PMC roster. Sander Temme organized a track of httpd content and a well attended httpd meetup on various topics related to the state of httpd at this past ApacheCon. A large majority of active httpd committers were in attendance. Branding -------- The http://httpd.apache.org/ site should now entirely conform to the current guidelines. Corrections are welcome to the PMC list. Subprojects ----------- httpd activity has picked up during the ApacheCon face time. The project is very nearly at a 2.3.9 tag on the development branch, and there has been a great deal of activity in the docs@ effort. 2.2.17 and 2.0.64 were both released since the last report. This is registered as HTTP Server and as httpd at apache-extras. mod_fcgid was released the first week of November on a short voting cycle, in order to put a security fix out to those administrators who allow the authoring of fastcgi apps by untrusted users. This is registered at apache-extras. mod_ftp was tagged; after one month there are insufficient votes for a new release. Interest by at least three PMC members will be evaluated in this coming period. This is registered at apache-extras. libapreq has reemerged from its cocoon and is actively soliciting the correct license assignment for outside world/vendor patches, in anticipation of a new release candidate. This is now registered as both apreq and libapreq at apache-extras. mod_mbox is enjoying some resurgence of patch activity. This is registered at apache-extras. Three http://httpd.apache.org/modules/ references, to mod_pop3, mod_snmpd and mod_arm4 appear to be abandoned; these were never released, and are not registered at apache-extras as it appears that the authors or any champions could consider moving the code there. Over the coming period the project will consider their fate (to the attic, or to apache-extras if they enjoy even one advocate). mod_python references and dist files have been removed, with a single pointer remaining to the attic. Releases persist at http://archive.apache.org/ and this has not been registered at apache-extras, to allow fewer developers to restart this effort in that context.
Development =========== 2.3.6-alpha was released in June, followed by 2.3.8-alpha in August, which represent trunk activity. 2.2.16 was released in July, corresponding to the current stable branch. Community ========= Stefan Fritsch was added to the PMC. No other changes to commit access or PMC roster in this period. The dev, users and docs lists remain active, while apreq dev is largely quiet at this time. modules-dev continues to provide an active resource for non-ASF httpd module developers. Security ======== The project continues to address issues raised, both 2.2.16 and 2.3.8-alpha addressed security concerns under specific configurations and patches to 2.0 were published. Known bugs and faux-vulnerability reports continue to be referred to the dev@ list for open discussion, with one notable exception; One open issue was deflected to the user agent developers, as the httpd security team determined that the origin of the flaw was not in the server's behavior, and the project awaits disclosure by the appropriate authors before discussing additional resolutions publicly. There are no board level issues at this time.
Report postponed to next meeting.
Not much has transpired since the March (belated February) report. The current release remains 2.2.15. Further progress towards a legacy 2.0.64 has been made, which will likely happen due to the various security patches that are currently offered. The beta of trunk is still 2.3.5. Dr. Stephen Henson was granted committership, while there has been no change to the PMC roster. Approximately 10 httpd committers attended the Wicklow gathering, although only a handful were primarily focused on the httpd project for this face time, with many other projects enjoying exciting project milestones. Several committers briefed one another on the state of server push protocols, and the hybi WG effort in particular. Some resulting form of bidirectional HTTP support will likely influence future HTTP Server request/response processing models. Several other brainstorming discussions erupted, and stale issues revisited, which have resulted in dev list proposals from the respective committers and various bursts of development and documentation activities. Sander Temme orchestrated the talk selection for HTTP Server Project presence in Atlanta this fall, leveraging the voter tool to poll the PMC on the selected talks.
The most significant update at the Apache HTTP Server Project, of interest to the entire foundation, is the careful reconsideration of all web content and documentation around the word "Apache". The discussion of the best naming convention continues at the docs@ list. Where appropriate, the documentation is being restructured to use either the title "Apache HTTP Server" (not 'web server' etc), or short name "httpd", as appropriate. The hundreds-to-thousands of spurious references to "Apache" are being reevaluated and in most cases, refactored away. This process began based on recent members and board discussion of the continuing name confusion around the "Apache" name, and was heralded in the 2.2.15 release announcement. We hope to have a further update in May. Since the November report, there were three tags against trunk (2.3-dev) resulting in the first alpha 2.3.5 release from the project of this future httpd. The project also approved legacy releases of 1.3 and 2.2. There also appears to be some interest based on recent commits of releasing a 2.0 security update. The 1.3.42 release was declared final and decisive by the httpd PMC, and is not expected to be refreshed again. The announcement was carefully worded to reflect this situation. Some security updates with critical severity will continue to be published as patches to the 1.3 tree for the foreseeable future. On the community front, the project added one docs committer, Igor Galić. Several PMC nominations were offered which attracted interest but no measure of consensus. 10 years into this ASF project, it has become clear that the PMC roster is far to large for a quorum, given absenteeism within this committee. The project will review the current private@ subscriptions, invite all absent PMC members to rejoin (with multiple attempts) and after all have rejoined who wish to remain PMC members, will submit to this board the list of declines and non-responses. For precedent, the project will follow the same methodology as was employed at the Apache APR Project, and appreciates the support of the board in this endeavor. Past PMC members will be identified as Emeritus and invited to rejoin active participation as their schedules and interest permit. The Apache [incubating] TrafficServer and HTTP Project meetup at Google this past January was demonstrably successful, but much more so for TrafficServer, who had packed well more than 80% of the room. The half dozen httpd folks in attendance enjoyed learning of the direction of ATS and commiserated with the very similar problem sets that TS is currently attacking, and addressed several HTTP Project issues during this face to face opportunity. The Apache HTTP Project extends its thanks to Google for making this space available, and to Yahoo as well for its offer of space for this gathering. Our thanks go out to Paul Querna and the rest of the infrastructure team who have worked on the svnpubsub capability and our dist.apache.org server facilities. The project is currently updating our internal docs for this transition, and hope that some of this documentation can be recycled to other adopters such as APR, Incubator's TrafficServer and many more. This service should prove a tremendous asset to the Foundation's projects. My personal apologies for the delay in delivering this for the February meeting. The project will resume the normal reporting schedule with the May report.
No report received.
Greg to pursue a report.
httpd 2.2.14 was released this past quarter, and a patch was published to address the ssl renegotiation vulnerability. Further patches and the next release depend on the OpenSSL project's decisions and next release. Additional module subprojects releases mod_fcgid 2.3.1-beta, 2.3.4 GA and mod_ftp 0.9.6-beta all moved these efforts along. The httpd project has resumed publishing 2.3 alpha release candidates from trunk. Although problems have been reported, corrections to these issues are moving ahead. The two day httpd.conf track at ApacheCon was well attended. There was a great deal of Hackathon discussion which has spawned list discussion about what comes after 2.4 (the conclusion of 2.3-dev), with a diverse set of input into that discussion. Stefan Fritsch (sf) and Ryan Pan (pqf) were both added as committers to httpd. There were no changes to the PMC in this timeframe. There are no board level issues at this time.
Board to discuss on the mailing list whether "monthly" needs to be aligned with board meetings or can be up to committees to decide.
Over the past three months, Roy Fielding stepped down as the chair of the project to concentrate on board-level issues. The committee thanks him for his service as Project Chairman, again, for these past four years. William Rowe was appointed to serve in this capacity at the July Board meeting. Stas Bekman and David Welton both requested to withdraw to an emeritus status from the PMC; no new PMC members were added in this period. The committee added Dan Poirier (poirier) as a committer to httpd. Following seven months without release activity, httpd 2.2.12 was released on 7/28 for security fixes, bug fixes and new features including the first to support SNI (server name identification) for mod_ssl, permitting named virtual https: hosts. An httpd release 2.2.13 followed on 8/8 due to an apr flaw that would conceivably elevate the risks for any third party module vulnerability (which might or might not exist) due to allocating memory based on untrusted user input. There was no release activity on older branches, the current development trunk, or the module subprojects this quarter. Updating snapshots to the current branches was discussed, but no action was taken. The Apache HTTP Project is represented at ApacheCon 2009 in November with two days of content organized by Rich Bowen and Noirin Plunket and sponsored by Thawte, and a two day tutorial by Rich Bowen and Jim Jagielski. The project's modules make an additional appearance on the Tomcat track. The potential for hackathon or meetup activities will be discussed on the dev or user lists as appropriate. The project noted a revival of interest in resource exhaustion attacks based on the "slowloris" tool, reported to httpd security list and posted on bugtraq, etc. Discussion of this class of issues was moved to the dev@ list for discussion, due to their well-known nature (since the 90's). HTTP Server Project is in-sync with the new subversion structure for LDAP migration, with the httpd-pmc list in-sync with committee-info.txt. There are no board level issues at this time.
The Apache HTTP server project seems to have increased activity over the past three months, especially during ApacheCon Europe, but we have surprisingly little to report for it. We have no board-level issues at this time. We have not added any new PMC members or committers. We have not approved any httpd releases. The only release of any kind was the long-awaited libapreq2-2.12 on March 13. We have passed the 1000 mark on open bugzilla issues for httpd (1.3 and 2.x combined) with little fanfare. The lack of releases seem to be mostly due to the active work on trunk for a future 2.3.x (very unstable at the moment) and waiting for APR to release for some changes needed in 2.2.x.
It is good to see enthusiastic users pushed at the dev@ channel.
Apache HTTP Server Project Status report for 18 Feb 2009 The Apache HTTP server project has continued to gain steam from last quarter. We have no board-level issues at this time. We have added two httpd committers, Rainer Jung and Takashi Sato, and three new members of the PMC: Bojan Smojver, Brian McCallister, and Chris Darroch. We released httpd 2.2.11 on December 14 and continued maintenance of that branch will justify another release soon. Two tags of the 2.3.x (alpha) branch, unreleased, have been good for exposing some areas in trunk that need to be fixed before the next major release. The apreq subproject released 1.34 and made some progress on a candidate for 2.11. Several httpd modules have been added with the goal of becoming new features for httpd 2.3.x (alpha): mod_sed: filter Request/Response bodies through sed [Basant Kumar Kukreja] mod_privileges: make httpd on Solaris privileges-aware and enable different virtual hosts to run with different privileges and Unix user/group IDs [Nick Kew] mod_buffer: support buffering of the input and output filter stacks. [Graham Leggett] mod_heartbeat: generate multicast heartbeats to know if a server is online. [Paul Querna] mod_heartmonitor: collect heartbeats and write out a file so that other modules can load balance traffic as needed. [Paul Querna] mod_lbmethod_heartbeat: load balance mod_proxy workers based on heartbeats. [Paul Querna] mod_lua: allow in-process request handling using the Lua scripting language (was mod_wombat). [Brian McCallister and Paul Querna] mod_ratelimit: bandwidth rate limiting. [Paul Querna] mod_fcgid: an implementation of the FastCGI protocol [Ryan Pan] All of the above modules were written by existing committers or passed IP-clearance through incubator. We have not done any releases this quarter for flood, mod_mbox, or mod_ftp, and no progress has been made on the next generation code bases for httpd. Focus has instead moved back to what can be done within the 2.x code base. The biggest problem facing the project is that we have 892 open issues in bugzilla for 2.x without a plan for closing them out (yet).
The Apache HTTP server project has picked up some steam this quarter. We have no board-level issues at this time. We have added two httpd-docs committers, Vincent Deffontaines and and Lucien Gentis. Thom May resigned from the PMC due to lack of bandwidth. We released httpd 2.2.10 on October 21 and continued maintenance of that branch will justify another release soon. We have not done any releases this quarter for flood, libapreq, mod_mbox, mod_wombat, or mod_ftp, and no progress has been made on the next generation code bases for httpd. There are, however, release candidates in process for libapreq (1 and 2) with rumbling sounds of approval in the near future, significant work on mod_wombat prior/during ApacheCon, and additions of new features and a new MPM to httpd's trunk.
The Apache HTTP server project has made small progress through the lazy northern-hemi-summer quarter without any significant issues. We have no board-level issues at this time. We have added two httpd-docs committers, Andrew Ford and Nilgün Belma Bugüner, and have two more on the way once the paperwork clears. There have not been any changes to the PMC. We released httpd 2.2.9 on June 14 and continued maintenance of that branch will justify another release soon. We have not done any releases this quarter for flood, libapreq, mod_mbox, mod_wombat, or mod_ftp, and no progress has been made on the next generation code bases for httpd. We haven't even had a decent flamewar.
The Apache HTTP server project has made progress through the quarter without any significant issues. We have no board-level issues at this time. We have added two PMC members, Eric Covener and Issac Goldstand, and three committers: Takashi Sato, Guy Ferraiolo, and Tom Donovan. Bill Stoddard has gone emeritus to focus on other projects. We have not done any releases this quarter for httpd, flood, libapreq, mod_arm4, mod_bw, mod_cache_requester, mod_mbox, mod_pop3, mod_smtpd, mod_wombat, or mod_ftp. This was partly the subject of Roy's tongue-in-cheek keynote at ApacheCon Europe, and there has been a considerable increase in mailing list activity since then. However, the proof is still in the pudding and there's nothing to eat yet. Due to lack of activity and no releases, mod_arm4, mod_bw, mod_cache_requester, and mod_smtpd have been demoted to the sandbox. The mod_domain (nee mod_dns) contribution has been imported to the sandbox and IP clearance filed with Incubator. Roy had wished to open up the sandbox to all Apache committers, but resistance to the idea among the PMC was sufficient to kill it. Most of the PMC believes that we should lower the bar for commit access to flood and the sandbox, but there is no path to providing it other than the usual PMC vote and weeks of delay. A question was raised about the provenance of the cvt() functionality included with httpd since the introduction of ap_snprintf in 1997. It turns out that the original source code is based on a version published within Unix V7 and licensed in a form compatible with our license. Jim has updated the license headers accordingly.
The Apache HTTP server project has made progress through the quarter without any significant issues. We have no board-level issues at this time. We have added two PMC members, Guenter Knauf and Tony Stevenson, and three committers: Davi Arnaut, Issac Goldstand, and Niklas Edmundsson. We released Apache HTTP Server 2.2.8, 2.0.63, and 1.3.41. We have not done any releases for flood, libapreq, mod_arm4, mod_bw, mod_cache_requester, mod_mbox, mod_pop3, mod_smtpd, mod_wombat, or mod_ftp, though the latter has seen quite a bit of activity from William Rowe Jr. getting it ready for release testing as well as some new contributors showing interest. We have decided to accept another protocol implementation in the form of mod_dns (most likely to be renamed mod_named); a software grant has been received and the incubator clearance should be complete before the board meeting. Justin and Roy participated in the IETF httpbis WG meetings at the 70th IETF meeting in December. http://www.ietf.org/proceedings/07dec/minutes/httpbis.txt Roy Fielding, Yves Lafon and Julian Reschke will share editorship of the proposed replacement for RFC 2616, partitioned into seven drafts. More information on that effort can be found at http://www3.tools.ietf.org/wg/httpbis/trac/ Our ECCN classifications are complete and current, though we are still listed as responsible for Apache mod_python. That listing will remain until Apache Quetzalcoatl has a website.
Approved by General Consent.
There is very little to report on the Apache HTTP Server Project for this quarter. We have no board issues at this time. The only significant development is that the IETF has chartered the HTTPbis working group to update RFC 2616 and (perhaps) related specs, for which Roy has submitted a set of drafts to partition the specification into eight parts. The WG will meet Dec 3 and 4 in Vancouver. Roy expects there to be more interesting things to report over the next month, so we will report again next month rather than waste bits on speculation at this point.
Approved by General Consent.
The Apache HTTP server project has no board-level issues at this time. Nóirín Plunkett has joined the PMC this quarter. We have also added two new docs committers: Vincent Bray and Tony Stevenson. We successfully kicked mod_python up to the Quetzalcoatl TLP, though the subversion and lists have yet to be moved due to summer vacations. In spite of a general increase in activity and a good try at tarballs, we failed to release any software this quarter. At least our quality control process has been tested. ;-)
Approved by General Consent.
The Apache HTTP server project has coasted through much of the quarter without any significant issues. We have no board-level issues at this time. We have added three new committers: Guenter Knauf and Eric Covener (pending account creation) for httpd, and Brian McCallister for mod_wombat. We have not done any releases for httpd, libapreq, mod_python, mod_ftp, mod_smtp, mod_wombat, or flood. The next httpd build is on hold until the next release of APR, though progress is being made on the large number of open bugzilla issues in the mean time. The libapreq team has been testing release candidates for libapreq 1.34, which will hopefully result in a real release vote some time soon. mod_ftp has enjoyed new participation by several committers and commentators since it's graduation, and is working towards an initial ASF release (apart from the core httpd server distribution). The remaining showstopper is the addition of IPv6-necessary features (EPRT and EPSV). No progress has been made in moving mod_python to its own TLP, but the conversation has been restarted on the python-dev mailing list and hopefully will result in a resolution for next month. We have completed adoption of the mod_wombat code base and are making progress in understanding what that means. No progress has been made on the next generation of httpd, code-named amsterdam, though more people have begun to add to the suggestion lists. We were hoping to have some discussion during the hackathon at ApacheCon EU 2007, but several key people were not able to come and the rest were busy planning the conference or working on poorly-timed coincidental releases for their employers.
Sander expressed some question on what it meant to adopt the mod_wombat codebase prior to it's adoption? Roy answered that the codebase was accepted but it is currently being discussed how best to utilize it.
Approved by General Consent.
The Apache HTTP server project has coasted through much of the quarter without any significant issues. We have no board-level issues at this time. No new committers or PMC members have been added to the project, nor have any of the existing members retired. We released Apache httpd 2.2.4 in January. The discussion of what to do next in a 3.0ish version of the Apache server framework has begun on the dev list and we have created a new sandbox area to start playing with new ideas, goals, and requirements. The first code name for the sandbox is "amsterdam", mostly because I expect the first set of ideas/implementations to be central to our hallway discussions at ApacheCon Europe in May. There will be other sandboxes started, as needed, and some of the httpd experimental branches will be moved to sandboxes. The mod_python subproject released a beta 3.3.0b in December and a GA release of 3.3.1 last week. I introduced the topic of moving mod_python to its own TLP, but did not garner enough votes to make it happen this month. There was a general preference among the committers to ask for a Python TLP, as opposed to being specific to mod_python, so that may be a topic of discussion for the next board meeting if the group can figure out an applicable TLP name. There were no releases of libapreq, flood, mod_smtpd, or any of the smaller modules. The mod_ftp team successfully graduated from the incubator and have moved under our subversion tree and discussion moved to the main dev list. All of the committers are already committers on httpd. The mod_wombat module has been accepted for import as an IP-only process so that the major contributors can continue work on it within the Apache community. Again, all of the contributors are either httpd committers or ASF members. Finally, on the legal side, I replaced the (IMO, way too complex) RDF-based collection of export notice information with a single Anakia-based XML page on the www site, and then used that data to update the appropriate BIS notices for the HTTP Server project's distributed products (aside from mod_ftp, which will have to be an added notice when it is ready to be considered for product release). I am thinking of sending a reminder to the PMCs that they must look at these export guidelines and produce their own notices for any product that is designed for use of, or includes, an encryption interface like SSL, JCE, etc. Let me know if you would prefer that such a note come from the board or VP Legal. <http://www.apache.org/licenses/exports/>.
Cliff indicated that he would follow-up regarding any export control issues.
Approved by General Consent.
The Apache HTTP server project has had a relatively quiet quarter,
with more time spent on ApacheCon and infrastructure moves than
on the source code. We have no board-level issues at this time.
In the last three months, we have added Graham Dumpleton to the
PMC and Ian Holsman has resigned to focus on other things.
We started a wiki at <http://wiki.apache.org/httpd/> for documentation
and it seems to have attracted interest in the area of documenting
configuration related instructions for integrating third-party
products with Apache httpd. We should be encouraging packagers
to use that space as well.
The HTTP server project is currently responsible for
HTTP Server PMC
|
|-- httpd
| |-- 1.3.x (maint-only)
| |-- 2.0.x (maint-only)
| |-- 2.2.x (active, several committers)
| |-- trunk (active, many committers)
| `-- win32-msi (active, one committer)
|
|-- httpd-docs (active, several committers)
| |-- httpd-*/docs
| |-- httpd.apache.org
| `-- wiki.apache.org/httpd/
|
|-- apreq (active, several committers)
|
|-- mod_arm4 (dormant, one committer)
|
|-- mod_bw (dormant, one GSoC)
|
|-- mod_cache_requester (dormant, one GSoC)
|
|-- mod_mbox (active, three committers)
|
|-- mod_pop3 (dormant, zero committers)
|
|-- mod_python (active, four committers)
|
|-- mod_smtpd (dormant, one GSoC)
|
`-- test
|-- flood (dormant, two committers)
|-- perl-framework (active)
`-- specweb99 (dormant, one committer)
Incubator
|
`-- mod_ftp (active, 1-3 committers)
There have been no releases of any of our products since August,
though builds of httpd 2.2.x, mod_python 3.3, and libapreq seem
to be in progress this week.
There are a few things we need to do fairly soon. First, we need
to clean up the above mess -- there should be a distinction between
release-ready products and various experiments, and mod_python could
survive as its own TLP. Second, we need to find a way to lower the
commit barrier for experiments and decide where to park the dormant
ones. Finally, we need to open the doors to rethinking the entire
server framework for httpd 3.0, with the potential for multiple
competing alternatives and a serious bake-off.
Approved by General Consent.
The Apache HTTP server project has had another active quarter in which multiple products were released for GA. We have no board-level issues at this time. In the last three months, we have added Philip M. Gollucci to the PMC and Brian Pane has resigned due to lack of free time. We have added Bojan Smojver as a committer to the apreq library. httpd 1.3.36 was released on May 17. After that, all of the source file headers on our httpd release branches were updated in accordance with the recent board resolution and are present in our current releases. However, we have not yet updated the source file headers in our subprojects. A serious but difficult-to-exploit security vulnerability in mod_rewrite was discovered by an external developer, reported via the security mailing list on July 22nd, and patches prepared in private before simultaneous publication of the vulnerability and release of the fixed versions of httpd 2.2.3, 2.0.59, and 1.3.37 on July 27-28. The security process seems to be working smoothly. The apreq subproject successfully released libapreq2-2.08 on August 9. mod_aspdotnet is being retired from the httpd project after an attempt to release it failed to attract sufficient +1 votes. The project's champion, Will Rowe, is researching an alternative home and structure for future development. The mod_python subproject successfully released mod_python 3.2.10 on August 7. There have been a number of conversations about updating our documentation and BIS notice procedures related to the presence of mod_ssl in httpd 2.x and the future addition of ssl code to APR. This has been coordinated with Cliff Schmidt and should result in a new export license information page sometime soon. We have also had some discussion about updating our release package naming to reflect the official product name for consistency with NOTICE and BIS notifications. That is on hold while we try to figure out what our official product name should be, given that the product now serves more than just HTTP.
Approved by General Consent
The Apache HTTP server project has had another active quarter in which multiple products were released for GA. We have no board-level issues at this time. In the last three months, we have added Nicolas Lehuen and Jim Gallacher to the PMC for their work on the mod_python subproject. We invited Graham Dumpleton to join the PMC as well, but he has not accepted (reason unknown, though he did say that he received the invitation). We also approved commit access for Chris Darroch, based on his submitted patches. Bill Rowe and Justin Erenkrantz have been working on clarifying the status of the CLI subproject. As an interim result, the cli-dev@httpd and cli-users@httpd mailing lists have been closed and future discussion directed to the general dev@httpd and users@httpd lists. The HTTP server project successfully released httpd 2.2.2, 2.0.58, 1.3.35, and 1.3.36 as GA. The mod_python subproject successfully released mod_python 3.2.8. The other subprojects have been relatively quiet, at least partly because many of our volunteers are also active on infrastructure and that has diverted our attention.
Approved by General Consent.
The Apache HTTP server project has had a very active quarter in which multiple products were released for GA. We have one board-level issue at this time, which I will describe at the end of this report. We are stretching at the seams in terms of oversight of our subprojects and need to move some of them to peer projects or reorganize for better management of subproject releases. Our developer guidelines and ABOUT_APACHE documentation are still woefully out of date. We also need to figure out how multiple protocol modules fit with the name of our project, perhaps by changing our name or creating a federation (if I ever find the time to propose such a thing). During this quarter, we welcomed four new PMC members, including Colm MacCárthaigh, Maxime Petazzoni, Rüdiger Plüm, and Graham Leggett, while David Reid and Cliff Woolley have stepped out to emeritus status. We have also added several committers to subprojects, including Noirin Plunkett (docs), Philip M. Gollucci (apreq), Garrett Rooney, Graham Dumpleton (mod_python), and Rian Hunter (mod_smtpd). We also successfully released httpd 2.2.0 (GA), our first major release in five years. However, we hit a bit of a lull after ApacheCon and the holidays -- hopefully some energy will return soon, since each of the 1.3.x, 2.0.x, and 2.2.x branches are due for bug fix releases real soon. Work on the unstable branches has so far focused on revamping access control (again) and experimenting with asynchronous I/O. The docs group did a tremendous amount of work surrounding the 2.2.0 release, and now seems to have reached a steady-state. The mod_mbox module has been placed into service as the new ASF mail archives, and eating our own dogfood has revealed a number of problems that have been just as quickly fixed. We almost released mod_mbox, but are still working on its build scripts. The mod_smtp module has continued in development with several refactorings of the code. The mod_python subproject released a 3.2.7 as GA, their first GA release in almost two years. Credit for that release goes to Grisha Trubetskoy, Jim Gallacher, Graham Dumpleton, Nicolas Lehuen and everyone else who contributed on the python-dev mailing list. The group is currently working on improving the mod_python web site. The mod_python core group includes four independent contributors, but only one (Grisha) is on the HTTP server PMC. We should fix that soon, either by adding them to the PMC or by creating a separate project for mod_python. The apreq subproject has accomplished a major new release with libapreq-2.07, guided out the door by Joe Schaefer. I would like to see libapreq integrated directly into the httpd release branches and the main dev list, but that is a topic for next quarter. The httpd-test subproject has completed its move back to the perl.apache.org realm. However, we are left with the flood tool, which remains in stasis and should probably be archived or moved into incubator. The cli-dev subproject is at a crossroads. There hasn't been any significant development conversations for over a year, no sign of outside contributions beyond user requests for help, and I am personally -1 for adding a single-platform module to httpd whose sole purpose is to provide a proxy-like interface to Microsoft's proprietary application tools. I asked for advice on what to do about this on the PMC list on January 20th, but I am unable to fairly deal with this project given that I am currently involved as an expert in a patent dispute regarding ASP. Therefore, I would like to ask the board to decide the issue or assign this task to someone else (perhaps one of the board members that are also on the HTTP server PMC) so that I can cease worrying about it.
Approved by General Consent.
The Apache HTTP server project has had a very active quarter in which multiple products are being prepared for GA release. There are no known legal or board-level issues at this time. However, we are stretching at the seams in terms of oversight of our subprojects and need to consider moving some of them to peer projects or reorganizing for better management of subproject releases. The list of PMC members has been updated with the addition of Nick Kew to the PMC. We have added several committers to subprojects, but our current records of that are limited to mail archives and asf-authorization files. My future tasks are to find a better way to track contributors and authorization, since I think the subprojects are not nominating enough people to PMC status. We also need to find a better name for the PMC, since this should be a cool thing. During this quarter, we successfully released httpd 1.3.34 (GA), 2.0.55 (GA), 2.1.7 (beta), 2.1.8 (beta), and 2.1.9 (beta). We are in final preparations for an httpd 2.2.0 (GA) release, with the primary emphasis switching to documentation. There is a good chance that the 2.2.0 release will happen during the hackathon. httpd-docs continues to attract new translators and new languages. Much work is afoot to prepare for httpd 2.2. The mod_mbox module has had an infusion of new blood through the Google SoC program. Likewise, a new mod_smtp module has been initiated by SoC committers, and a mod_dbd module has been added for database interfaces. The cli-dev subproject has little to report, except that user-to-user peer support is working well on cli-users, and the next potential snapshot is awaiting some commentary and feedback from the dev list. With a few more nags, we anticipate a new mod_aspdotnet release for .NET 1.0/1.1 within the next month, and with the release of the '1 year free' Microsoft Visual C++, hope to have a .NET 2.0 flavor of the module in development around that timeframe that most anyone can build from source. The apreq subproject has nothing to report. The mod_python subproject released a 3.2.2 beta and will try to get a 3.2.x GA done before Apachecon (hopefully). The last GA release (not counting security fixes) was 20 months ago, so this is pretty significant. Our developer guidelines and ABOUT_APACHE documentation is woefully out of date, so that will be a focus during the run-up to major releases this coming quarter. We also need to figure out how multiple protocol modules fit with the name of our project, perhaps by changing our name or creating a federation. Roy T. Fielding (with input from William Rowe, Jr., Joe Schaefer, and Grisha Trubetskoy)
Approved by General Consent.
WHEREAS, the membership of the Apache HTTP Server Project Management Committee (PMC) have nominated Roy T. Fielding to serve as chairman of the Apache HTTP Server PMC; and WHEREAS, the previously appointed chairman of the Apache HTTP Server PMC, Sander Striker, has resigned his position as Vice President, Apache HTTP Server, in favor of Roy T. Fielding's appointment to that position. NOW, THEREFORE, BE IT RESOLVED, that Roy T. Fielding be and hereby is appointed to the office of Vice President, Apache HTTP Server, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Special Order 6A, Change the HTTP Server Project Chair, was Approved by Unanimous Consent.
The Apache HTTP Server Project almost did a lot of things this past quarter. We have made no official changes to the PMC, but that will change soon once some invites have been accepted. We published one alpha release called httpd 2.1.6. Other releases are expected soon after the next release of APR. libapreq2-2.06-dev was released this quarter. Nothing else to report from there, other than increased demand to see it integrated into the httpd distribution. We have added several restricted-scope committers for the Google Summer of Code projects that are progressing well and are adding life back into the developers mailing list. We moved mod_mbox back to the main list where it is now getting significant updates. Sander Striker has decided to step down as chair and VP of the HTTP server project after having been volunteered into being President of ASF. Roy Fielding has been asked to come out of retirement and be the new conveyer of choice words between our project and the board. However, Roy is going on vacation for the next two weeks with limited e-mail access.
Approved by General Consent.
Activity is picking up again. We are happy to say we have invited a number of new committers into apreq, docs, httpd and mod_python. There were a couple of releases: libapreq2-2.05-dev and httpd-2.0.54. There is increased interest in branching httpd 2.1 and working towards an initial 2.2 release.
Apache HTTP Server Project report approved as submitted by general consent.
NO SUBMITTED WRITTEN REPORT: ORAL REPORT PRESENTED BY SANDER.
Sander reported that other than some releases of both the Apache 1.3 and 2.0 tree, and continued development on both as well as the 2.1 tree, and the addition of one new PMC member, there was nothing major to report.
Apache HTTP Server Project report approved as submitted and discussed by general consent.
Since the previous board report there have been 3 releases of the 2.0 line and a single release of the 1.3 line. As usual, all a combination of security fixes and a regular release. For some reason security issues have a way of turning up in the middle of a release process. Taking appropiate action to security issues has interfered with getting the actual cutting of a release of the 2.1 line (in the form of an alpha); which leaves the 2.1 line without any releases to date. At ApacheCon all the Apache HTTP Server modules are being converted to Subversion. The modules are locked down and no CVS commits are possible as of now. The Subversion repository will be opened for commits during the ApacheCon. mod_aspdotnet graduated from the Incubator and will be moved once the SVN module is opened. There is a new module coming in, mod_arm4, providing something one can think of as SNMP on steroids: From http://www.opengroup.org/tech/management/arm/ "The Application Response Measurement (ARM) standard describes a common method for integrating enterprise applications as manageable entities. The ARM standard allows users to extend their enterprise management tools directly to applications creating a comprehensive end-to-end management capability that includes measuring application availability, application performance, application usage, and end-to-end transaction response time." Other than that nothing to report.
The report was slightly modified to reflect that the Apache 1.3 line had had 1 "official" release (1.3.33) and one non-official release (1.3.32).
Apache HTTP Server approved by General Consent.
Approved by General Consent.
Basically nothing of significance to report to the Board from the HTTP Server project for last quarter. No legal issues, no quarrels, few releases. There have been the following releases: - apache-1.3.31 - httpd-2.0.49 - mod_python 3.1.3 - Apache-Test 1.08, 1.09, 1.10 and 1.11 The documentation end is busy as always, as is httpd-test. We've gained a few committers during last period as well as expanded the PMC. There has been some discussion on moving the code from CVS to SVN; apache 1.3 is the first codebase to move over.
Basically nothing of significance to report to the Board from the HTTP Server project for last quarter. No legal issues, no quarrels, few releases. There have been the following releases: - apache-1.3.31 - httpd-2.0.49 - mod_python 3.1.3 - Apache-Test 1.08, 1.09, 1.10 and 1.11 The documentation end is busy as always, as is httpd-test. We've gained a few committers during last period as well as expanded the PMC. There has been some discussion on moving the code from CVS to SVN; apache 1.3 is the first codebase to move over.
Discussion and Approval tabled due to time constraints.
Basically nothing of significance to report to the Board from the HTTP Server project for last quarter. No legal issues, no quarrels, few releases. There have been a few mod_python releases (3.0.4, 2.7.9 and 2.7.10). The documentation end is busy as always, as is httpd-test. There have been two proposals for code donations which are currently under review. We've gained a few committers during last period.
The disposition of mod_mbox and mod_pop3 were discussed. It was noted that these 2 modules were assigned to the ASF and so their License needs to be updated to AL 2.0.
Approved via General Consent.
From: Sander Striker <striker@apache.org> Date: Sat, 15 Nov 2003 13:01:21 -0600 * httpd Both Apache HTTP Server 1.3 and 2.0 have made releases the last quarter. 1.3 releases have been security/bug-fix releases, which is expected given the 1.3 tree is in maintenance mode. 2.0 has made several releases, security related as well as normal. There is effort to push out the first 2.1 release, ramping up to 2.2. Maybe the 2.1 release will see the day of light during ApacheCon. On the dev list there is a discussion about the stagnation of development. Solutions to this problem are being discussed in the thread (subject: the wheel of httpd-dev life is surely slowing down, solutionsplease). There have been several speculations on the cause of the slow-down. The thread is still active. * httpd-docs The docs list has been slow of late, the most significant contribution being Kess' configure docs. There seems to be a temporary lull in contributions. * httpd-test The httpd-test/perl-framework infrastructure (i.e. Apache::Test) is being under an active development. The actual httpd tests repository hasn't changed much. * mod_python There have been several releases made of mod_python. The project is making progress and consistently keeps doing so. One unfortunate aspect is that not enough PMC members are always actively involved with this project, making releases somewhat harder, since votes don't come in quick enough. It would be an idea to track the development in the mod_python area more intensively for a bit to see if there are new potential committers and potential PMC members are available there. * Contributor License Agreement A renewed effort to get a CLA of all contributors on file has started. I hope to report next quarter that we have a 100% coverage.
Reported accepted by general consent.
The PMC's membership was expanded with 5 the last three months. The committership is active and sustaining continued code improvements. There have been several releases, both for the 1.3 and the 2.0 line. Security releases have outnumbered the regular releases and caused some concerns about the release process. Last quarter has been relatively slow when it comes to developments specific to the 2.1 tree. A record high market share for the HTTP Server of almost 64% was hit this month. All is well in HTTP Server land.
The Apache HTTP Server Project Status Report was accepted as submitted and written by general consent.
WHEREAS, the membership of the Apache HTTP Server Project Management Committee (PMC) have nominated Sander Striker to serve as chairman of the Apache HTTP PMC; and WHEREAS, the previously appointed chairman of the Apache HTTP Server PMC, Ben Hyde, has resigned his position as Vice President, Apache HTTP, in favor of Sander Striker's appointment to that position. NOW, THEREFORE, BE IT RESOLVED, that Sander Striker be and hereby is appointed to the office of Vice President, Apache HTTP Server, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. This motion was accepted unanimously.
To the best of my knowledge all activities with the HTTPD PMC are well within the scope of the foundation's mission. The PMC's membership was revised with a number of idle members deciding to go emeritus (Alexei K., Aram M., Brian B., Cliff S., Daniel L. R., Paul S.) and some new members brought on board. The new processes for managing security issues working well. This is a nice improvement. Discussions of possible changes to how we announce security releases cam up again. The desire is to provide some early warning. It appears that discussion is leaning toward concluding that a no-change is the best course, but time time will tell. The perenial topic of bundling SSL support sprouted up again. A number of PMC members, I included, sense that if we could frame it exactly right we could now bundle. Reading the export regs is an art. We are not qualified to make definitive judgements. Getting the right kind of lawyer involved is probably inevitable. Asking that lawyer the right questions demands we get our house in order first. So, at the present time we haven't managed to frame this question in a way that allows us to suggest to the board what action we would like to take. While some progress was made toward getting committer agrements signed by all current committers more work is needed. I suspect, but we have yet to debate this, that in due course we will decide to revoke commit rights and PMC membership in service of cleaning this up. Overall things are good in HTTP Server land.
Things are good in HTTPD land. Our most serious challenge is bringing more middleware et. al. that complements 1.3 forward into 2.0. A useful discussion on this topic spun up in response to an article where in Greg was interviewed. It's a good how hard folks in HTTPD labor to try to keep discussions on an even keel. The board floated the suggestion that the PMC might look into ways to reduce the number of PMC members who are currently engaged at a low level in the actual evolution of the server. This spawned a conversation that finally reached the conclusion that the chair would take the action of collecting data to identify the PMC members that appear to low intensity and then chat them up to urge their voluntary transition to emertitus. Should that not work we would then be likely to 'just' move some people into the emeritus category; i.e. those from whom we have heard nothing for a year or more. Not just because it's an issue beyond our brief, we did not intend that these actions would effect anyone membership in the foundation. I, the chair, am making surprisingly good progress on collecting volunteers but this work got delayed due to some issues that arose in the rest of my life. As a side effect of my collecting the data on activity level I found it interesting that activity of individuals in the project over the last year suggests a power-law distribution: level_of_contribution = 1 / ( rank_order_of_contributor + A ) ^ B Where level_of_contribution is must # of things, postings, commits, etc. and rank_order is just the index of individual contributors sequenced by that score. I consider it an excelent sign of health that A is appoximatly 10; i.e. that we are not dominated by one or two very large contributors. It would be nicer if B were smaller that 1.7, i.e the drop off sharp.
Additionally, Ben noted that the HTTP Server project is slowly moving some PMC members to emeritus status.
WHEREAS, it is in the best interests of the foundation to have each Project Management Committee consist of those individuals who are active volunteers working on the projects assigned to that committee, NOW, THEREFORE, BE IT RESOLVED, that the persons listed immediately below be and hereby are appointed to serve as members of the Apache HTTP Server Committee, effective immediately. Greg Ames Aaron Bannert Brian Behlendorf Rich Bowen Ken Coar Mark J. Cox Lars Eilebrecht Ralf S. Engelschall Justin Erenkrantz Roy Fielding Tony Finch Dean Gaudet Dirk-Willem Van Gulik Brian Havard Ian Holsman Ben Hyde Jim Jagielski Manoj Kasichainula Alexei Kosut Martin Kraemer Ben Laurie Rasmus Lerdorf Daniel Lopez Ridruejo Doug Maceachern Aram Mirzadeh Chuck Murcko Victor J. Orlikowski Brian Pane David Reid William A. Rowe Jr. Wilfredo Sanchez Cliff Skolnick Marc Slemko Joshua Slive Greg Stein Bill Stoddard Sander Striker Paul Sutton Jeff Trawick David N. Welton Cliff Woolley NOW, BE IT FURTHER RESOLVED, that the board reiterates its appointment of Ben Hyde as V.P., Apache HTTP Server, and chairman of the Apache HTTP Server Committee. This resolution was rescinded now that PMCs now have the authority and power, per resolution R1, to change and update the PMC member roster themselves.
To the best of my knowledge all activities within the HTTPD PMC are well within the scope of the foundation's mission. The PMC was sad to see the departure of two it's members recentl. Ryan declared himself emeritus in HTTPD, while Randy declared himself emertitus in regards to the foundation. They will be missed. Long overdue, you will find attached a resolution which will reconstitute the PMC to bring it in synch with it's current invited membership of 40. In addition we have 8 emeritus members and 29 committers. Many of these committers have commit rights to the http-test and other smaller CVS modules.
After Ben's report there was some discussion regarding both ASF and PMC emeritus membership. It was noted that several ASF and PMC members have been very inactive. At the very least, this makes efforts which require majorities or quorums difficult.
To the best of my knowledge all activities within the HTTPD PMC are well within the scope of the foundation's mission. The project seems to be thriving. When asked no member of the PMC reported any issues they desired brought to the board's attention. The pool of volunteers and employees of contributing firms remains substantial. The diverse goals and expertise of the parties involved continue to be more complementary than competitive. Our disputes remain well within the ablitity of our mutual respect to resolve. That allows us the luxury of continuing to take advantage of a casual peer-to-peer goverance framework. That said, there is a suspision that a more something procedural or at minimum fastidious might be helpful - that awaits volunteers. Internally the project has three notably active arenas (1.3, 2.0 and doc). Doc is wonderful, in particular it is both active and has drawn in additonal commiters. 2.0 is making slow but steady progress reguarding market adoption. I personally would love to see more end-users/web-master contributions. Some of the critical complementary products - PHP in particular - are having a rough time achieving the same level of synergy that they have with 1.3. 2.0 is dependent on the APR project which at this time lacks a formal release. 1.3 endures. There is some slight tension from time to time about how 1.3 'competes' with 2.0 and if that requires some action - opinions differ.
This report was not submitted before the meeting. Please see the supplementary report.
Ben Hyde expressed a desire that the Board officially recognize the
current status of membership in the HTTP Server Committee. There was
some discussion about whether it was more appropriate to limit the
membership to only those recently active in the project, but it was
decided in principle that we should first recognize the current
status and suggest to the server committee that they should discuss
the issue within the project and decide for themselves.
The following resolution was approved by vote of the directors
present, with six yea votes (Ken, Roy, Ben, Rasmus, Randy, Dirk),
no nay votes, and one abstention (Brian). Doug was absent for
this vote.
WHEREAS, it is in the best interests of the Foundation to have
each Project Management Committee consist of those individuals
who are active volunteers working on the projects assigned to
that committee; and further
WHEREAS, the existing members of the Apache HTTP Server Committee
have nominated the following additional individuals to serve on
that committee.
Ryan Bloom, Tony Finch, Brian Havard, Manoj Kasichainula,
Rasmus Lerdorf, David Reid, Daniel Lopez Ridruejo,
William A. Rowe, Chuck Murcko, Wilfredo Sanchez, and Greg Stein.
NOW, THEREFORE, BE IT RESOLVED, that the persons listed immediately
below be and hereby are appointed to serve as members of the Apache
HTTP Server Committee, effective immediately.
Brian Behlendorf Ryan Bloom Ken Coar
Mark Cox Lars Eilebrecht Ralf S. Engelschall
Roy T. Fielding Tony Finch Dean Gaudet
Dirk-Willem van Gulik Brian Havard Ben Hyde
Jim Jagielski Manoj Kasichainula Alexei Kosut
Martin Kraemer Ben Laurie Rasmus Lerdorf
Daniel Lopez Ridruejo Doug MacEachern Aram Mirzadeh
Chuck Murcko Sameer Parekh David Reid
William A. Rowe Wilfredo Sanchez Cliff Skolnick
Marc Slemko Greg Stein Bill Stoddard
Paul Sutton Randy Terbush
BE IT FURTHER RESOLVED, that the board reiterates its appointment
of Ben Hyde as V.P., Apache HTTP Server, and chairman of the Apache
HTTP Server Committee.