Apache Logo
The Apache Way Contribute ASF Sponsors

Formal board meeting minutes from 2010 through present. Please Note: The board typically approves minutes from one meeting during the next board meeting, so minutes will be published roughly one month later than the scheduled date. Other corporate records are published, as is an alternate categorized view of all board meeting minutes.

2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | Pre-organization meetings

Portable Runtime (APR)

15 Mar 2017 [Nick Kew / Bertrand]

Report was filed, but display is awaiting the approval of the Board minutes.

21 Dec 2016 [Nick Kew / Marvin]

## Short version of report:

 No releases, modest activity.  Some growth of the community,
 and a new PMC chair.

## Description:

 The Apache Portable Runtime (APR) project creates and maintains
 software libraries that provide a predictable and consistent interface
 to underlying platform-specific implementations.  The sub-projects
 which are released somewhat regularly are APR and APR-util.  In
 addition, the APR-iconv sub-project is commonly used but has not had
 a release since 2007.

## Issues:
- The board may be interested in the FOSSA security report,
  commissioned by the EU commission into Apache HTTPD core
  and extending into APR.  This was handled by Dirk van Gulik
  for the ASF.  Summary details in Dirk's email at
  http://mail-archives.apache.org/mod_mbox/apr-dev/201611.mbox/%3C9643AB52-078F-4779-B80C-9CE39A2121AF%40webweaving.org%3E
- No issues requiring board attention at this time.

## Activity:
- Commit activity remains low.
- Mailing list activity remains low.
- The number of open issues on Bugzilla is stable.

## Health report:
- This is a mature project, and most of its development activity is
  driven by the needs of established users.
  In this quarter, a new apr_redis module has been introduced.
- There is little impetus to develop the software further to meet the
  needs of potential new users.
- Since a few patches have been languishing committed but unreleased
  for some time, we have identified a need for a new release and
  anticipate one within the next quarter.

## Personnel changes:

- Jeff Trawick having indicated his desire to step down from the role
  of PMC chair, Nick Kew has stepped into that role.
- Currently 67 committers and 40 PMC members.
- Christophe Jaillet was added to the PMC in October.
- Ivan Zhakov joined the team as committer in October.

## Releases:

- No releases in this quarter
- APR 1.5.2, released April 29, 2015
- APR-util 1.5.4, released September 22, 2014
- APR-iconv 1.2.1, released November 26, 2007

## Mailing list activity:

 Traffic has been predominantly of a routine nature.  The increase
 on last quarter is partially down to discussion of the new apr_redis.

- dev@apr.apache.org:
   - 349 subscribers (down -9 in the last 3 months):
   - 66 emails sent to list (43 in previous quarter)

- bugs@apr.apache.org:
   - 21 subscribers (down -1 in the last 3 months):
   - 39 emails sent to list (62 in previous quarter)

## Bugzilla Statistics:

- 2 Bugzilla tickets created in the last 3 months
- 2 Bugzilla tickets resolved in the last 3 months

21 Sep 2016 [Jeff Trawick / Shane]

## Short version of report:

  No releases, modest activity, effort to add to our roster, effort to
  select a new PMC chair underway

## Description:

  The Apache Portable Runtime (APR) project creates and maintains
  software libraries that provide a predictable and consistent interface
  to underlying platform-specific implementations.  The sub-projects
  which are released somewhat regularly are APR and APR-util.  In addition,
  the APR-iconv sub-project is commonly used but has not had a release
  since 2007.

## Issues:
 - There are no issues requiring board attention at this time.
 - Expect a proposed resolution soon for changing the PMC chair

## Activity:
 - Commit activity has been low.
 - Mailing list activity has been low.
 - Thirteen unique, non-accidental bugs were opened during the reporting
   period, and two had followup (closure or discussion).

## Health report:
 - This is a mature project, and most of its development activity is
   driven by the needs of the same small number of applications that have
   used it for many years.  The project members are more than able to
   meet the requirements that arise from that use.
 - The needs of the small number of other users are not met very well;
   bug reports languish and mailing list posters may not receive timely
   responses.  The amount of help provided is probably not sufficient
   to serve as encouragement to potential new users of APR.

## PMC/Committer changes:

 - Currently 66 committers and 39 PMC members.
 - No new PMC members added in the last 3 months, but we expect to send
   an invitation shortly after the board notification time has elapsed
 - Last PMC addition was Yann Ylavic on Wed May 13 2015
 - No new committers added in the last 3 months; an invitation was
   sent during the quarter but was declined
 - Last committer addition was Brian Havard on Wed May 04 2016

## Releases:

 - No releases in this quarter
 - APR 1.5.2, released April 29, 2015
 - APR-util 1.5.4, released September 22, 2014
 - APR-iconv 1.2.1, released November 26, 2007

## Mailing list activity:

 - dev@apr.apache.org:
    - 356 subscribers
    - 40 emails sent to list (31 in previous quarter)

 - commits@apr.apache.org:
    - 75 subscribers
    - 46 emails sent to list (38 in previous quarter)

15 Jun 2016 [Jeff Trawick / Marvin]

## Short version of report:

  No releases, no committee/committer changes, modest other activity
  (Same summary as for the March 2016 report)

## Description:

  The Apache Portable Runtime (APR) project creates and maintains
  software libraries that provide a predictable and consistent interface
  to underlying platform-specific implementations.  The sub-projects
  which are released somewhat regularly are APR and APR-util.  In addition,
  the APR-iconv sub-project is commonly used but has not had a release
  since 2007.

## Issues:
 - There are no issues requiring board attention at this time.
 - APR provided an interim report in May 2016 to address a security
   response issue.

## Activity:
 - Commit activity has been low.
 - Mailing list activity has been very low.
 - Five unique, non-SPAM bugs were opened during the reporting period, and
   four had followup (closure or discussion).

## Health report:
 - This is a mature project, and most of its development activity is
   driven by the needs of the same small number of applications that have
   used it for many years.  The project members are more than able to
   meet the requirements that arise from that use.
 - The needs of the small number of other users are not met very well;
   bug reports languish and mailing list posters may not receive timely
   responses.  The amount of help provided is probably not sufficient
   to serve as encouragement to potential new users of APR.

## PMC/Committer changes:

 - Currently 66 committers and 39 PMC members.
 - No new PMC members added in the last 3 months
 - Last PMC addition was Yann Ylavic on Wed May 13 2015
 - One committer added in the last 3 months
 - Last committer addition was Brian Havard on Wed May 04 2016

## Releases:

 - No releases in this quarter
 - APR 1.5.2, released April 29, 2015
 - APR-util 1.5.4, released September 22, 2014
 - APR-iconv 1.2.1, released November 26, 2007

## Mailing list activity:

 - dev@apr.apache.org:
    - 360 subscribers
    - 30 emails sent to list (86 in previous quarter)

 - commits@apr.apache.org:
    - 75 subscribers
    - 34 emails sent to list (59 in previous quarter)

18 May 2016 [Jeff Trawick / Jim]

 The Apache Portable Runtime (APR) project creates and maintains
 software libraries that provide a predictable and consistent interface
 to underlying platform-specific implementations.  The sub-projects
 which are released somewhat regularly are APR and APR-util.  In addition,
 the APR-iconv sub-project is commonly used but has not had a release
 since 2007.

## Reason for this interim report

 The project did not respond to a vulnerability report from October
 2015 nor did it respond to pings from the security team until this
 week.  The board requested either an out of band report or working with
 the security team on the need to prevent this in the future.  At this
 point in time, the reporter has been contacted and told of the intention
 to improve the code but not to formally mark the issue as a vulnerability,
 and the security team has been made aware of the essence of the rest of
 this report.

## The essence of the problem

 After the reporter's original e-mail there was a small amount of
 discussion, the consensus was that it was not a vulnerability, and there
 was some disagreement on whether certain code should be improved along the
 lines that the reporter suggested, or removed to be more emphatic that APR
 was not promising a certain type of processing in the particular API.

 After one ping from the security team, a flurry of e-mails on the issue
 followed but noone took initiative to propose a summary to send to the
 reporter.  After two more pings from the security team, a PMC member
 proposed a summary to send to the reporter; it was ACKed and sent to
 the reporter cc: security@.  (The summary: not a vulnerability, intention
 to improve the code in the next non-emergency release, contact us again
 if you disagree.)

## Action taken to try to prevent this from happening in the future

 My best guess at the cause of PMC failure is that the lack of severity of
 the issue combined with the fact that a handful of people participated in
 in the e-mail thread led others to believe that the issue was being handled
 -- i.e., most of the PMC did not note the e-mail thread as an issue to
 be concerned with.  Additionally, there was no recognition of the passage
 of time.

 APR had no PMC-level tracking in place to ensure nothing fell through the
 cracks, and no one took enough interest in this particular issue to drive
 it to completion.  I've established a simple tracking mechanism in the APR
 private repository to clearly show the status of outstanding issues.  I
 anticipate that the entire PMC will consider it their shared responsibility
 to ensure that the status of issues is represented there and ignored issues
 raised to the group's attention, even if a relatively small subset is
 working to resolve a particular report.

16 Mar 2016 [Jeff Trawick / Bertrand]

## Short version of report:

  No releases, no committee/committer changes, modest other activity
  (Same summary as for the December 2015 report)

## Description:

  The Apache Portable Runtime (APR) project creates and maintains
  software libraries that provide a predictable and consistent interface
  to underlying platform-specific implementations.  The sub-projects
  which are released somewhat regularly are APR and APR-util.  In addition,
  the APR-iconv sub-project is commonly used but has not had a release
  since 2007.

## Activity:
 - Commit activity has been modest, though much higher than in the previous
   two quarters even discounting copyright changes.  This brought some small
   features and compatibility with a newer OpenSSL version.
 - Mailing list activity has been relatively low.
 - Six unique bugs were opened during the reporting period, and eight had
   followup (closure or discussion).

## Health report:
 - This is a mature project, and most of its development activity is
   driven by the needs of the same small number of applications that have
   used it for many years.  The project members are more than able to
   meet the requirements that arise from that use.
 - The needs of the small number of other users are not met very well;
   bug reports languish and mailing list posters may not receive timely
   responses.  The amount of help provided is probably not sufficient
   to serve as encouragement to potential new users of APR.

## Issues:
 - There are no issues requiring board attention at this time.

## LDAP committee group/Committership changes:

 - Currently 65 committers and 39 LDAP committee group members.
 - No new LDAP committee group members added in the last 3 months
 - Last LDAP committee group addition was Yann Ylavic at Wed May 13 2015
 - No new committers added in the last 3 months
 - Last committer addition was Christophe Jaillet at Sat Mar 14 2015

## Releases:

 - No releases in this quarter
 - APR 1.5.2, released April 29, 2015
 - APR-util 1.5.4, released September 22, 2014
 - APR-iconv 1.2.1, released November 26, 2007

## Mailing list activity:

 - dev@apr.apache.org:
    - 360 subscribers
    - 86 emails sent to list (103 in previous quarter)

 - commits@apr.apache.org:
    - 74 subscribers
    - 59 emails sent to list (9 in previous quarter)

16 Dec 2015 [Jeff Trawick / Rich]

## Short version of report:

  No releases, no committee/committer changes, modest other activity

## Description:

  The Apache Portable Runtime (APR) project creates and maintains
  software libraries that provide a predictable and consistent interface
  to underlying platform-specific implementations.  The sub-projects
  which are released somewhat regularly are APR and APR-util.  In addition,
  the APR-iconv sub-project is commonly used but has not had a release
  since 2007.

## Activity:
 - Commits have been minuscule.
 - Mailing list activity has been about normal for the project.
 - Five unique bugs were opened during the reporting period, and two had
   followup (closure or discussion).

## Health report:
 - This is a mature project, and most of its development activity is
   driven by the needs of the same small number of applications that have
   used it for many years.  The project members are more than able to
   meet the requirements that arise from that use.
 - The needs of the small number of other users are not met very well;
   bug reports languish and mailing list posters may not receive timely
   responses.  The amount of help provided is probably not sufficient
   to serve as encouragement to potential new users of APR.

## Issues:
 - There are no issues requiring board attention at this time.

## LDAP committee group/Committership changes:

 - Currently 65 committers and 39 LDAP committee group members.
 - No new LDAP committee group members added in the last 3 months
 - Last LDAP committee group addition was Yann Ylavic at Wed May 13 2015
 - No new committers added in the last 3 months
 - Last committer addition was Christophe Jaillet at Sat Mar 14 2015

## Releases:

 - No releases in this quarter
 - APR 1.5.2, released April 29, 2015
 - APR-util 1.5.4, released September 22, 2014
 - APR-iconv 1.2.1, released November 26, 2007

## Mailing list activity:

 - dev@apr.apache.org:
    - 360 subscribers (up 0 in the last 3 months):
    - 112 emails sent to list (85 in previous quarter)

 - commits@apr.apache.org:
    - 73 subscribers (up 1 in the last 3 months):
    - 9 emails sent to list (20 in previous quarter)