Index
Links: 2008 - All years
- Original The Apache Software Foundation
Board of Directors Meeting Minutes
September 17, 2008
1. Call to order
The meeting was scheduled for 10:00am (Pacific) and began at
10:01 when a sufficient attendance to constitute a
quorum was recognized by the chairman. The meeting was held
via teleconference, hosted by Jim Jagielski and Covalent.
IRC #asfboard on irc.freenode.net was used for backup
purposes.
2. Roll Call
Directors Present:
Bertrand Delacretaz
Justin Erenkrantz
J Aaron Farr
Jim Jagielski
Geir Magnusson Jr (except 11:34-12:03)
William Rowe Jr
Sam Ruby
Henning Schmiedehausen
Directors Absent:
Greg Stein
Guests:
Paul Fremantle
Kevan Miller (until 11:53)
Brett Porter
Paul Querna
Noirin Shirley (10:06 to 11:52)
Henri Yandell
3. Minutes from previous meetings
Minutes (in Subversion) are found under the URL:
https://svn.apache.org/repos/private/foundation/board/
A. The meeting of July 16, 2008
See: board_minutes_2008_07_16.txt
Approved by General Consent.
B. The meeting of August 20, 2008
See: board_minutes_2008_08_20.txt
Approved by General Consent.
4. Executive Officer Reports
A. Chairman [Jim]
Foundation-wise, the last month has been relatively quiet. However,
there are some outstanding issues related to board and board-level
activities, such as contract renewals (past due and soon-due) and
invoicing and payments. Note that an extension for filing our tax
return was requested and handled by Aaron and Sam.
It also worthwhile to note that many reports from PMC indicate
projects which are simply "ticking along" with no real active
development, but no real issues either. Is this an issue of
stagnation, or simply the result of software which does what it
is supposed to do, and that's good enough?
The board list has mostly been quiet, with just a surge of
activity recently regarding the "ACK policy" with PMC changes.
I gave 2 small interviews over the last month, one regarding Open
Source in general and the other about the ASF specifically.
I am also currently working on the State Of The Feather talk
scheduled for ApacheCon US.
B. President [Justin]
Most of my time over the last month has been dealing with a variety
of sponsor-facing issues. I believe that this is an inevitable
outcome of the growth of our sponsorship program. In coordination
with the PRC (see their report this month), to help out with these
tasks, sponsor relations should become a more active priority for
HALO. However, due to the nature of the responsibilities of the
office, I believe it is crucial that those of us with "titles"
remain actively engaged with the sponsors so that they continue
to feel that we, as a Foundation, are engaged with our sponsors
at the utmost level.
I will reiterate that Paul and Sander have been valuable additions
to easing the burdens of this office. Paul has continued his
very good job leading the infrastructure team. Sander, as
detailed in his report, has continued to be of assistance in
attending some events in Europe where my appearence was initially
requested. I continue to thank them for their service!
As discussed in earlier reports, the OSU OSL advisory group has
begun in earnest and the members have begun providing their
feedback and direction in regards to the direction of OSU OSL.
A press release should be issued in the next month that will
announce the formation of the group and will likely include
a quote from me.
I apologize, but I have not yet had the cycles to send out the
contracts for renewal. I hope to do soon, but delegating this
to someone else may be better. I do admit that such activities
are highly prone to getting dropped by me and that's largely
unacceptable. Finding a way to automatically delegate some of
these "back-office" tasks would be appreciated.
I will also note that I received many calls over the Labor Day
weekend regarding our 'past due' invoice from Dell. These calls
were not appreciated, and I would like to discuss how we are
going to prevent similar recurrences in the future.
I do continue to receive a few scattered pieces of mail from WF.
Any correspondance has either been forwarded to the Secretary
or a synopsis sent to the board mailing list.
Our Sunstarsys and HALO contracts are up for renewal at the end
of this month as well. It is my recommendation that both
contracts be renewed.
[bdelacretaz says: do we have a budget for reimbursing expenses
for people (Justin and Sander for example) who represent
the ASF at various events?]
Action items:
Jim to renew contract with Sec Assistant
Sam to renew contract with Sunstarsys
Justin to renegotiate contract with the Exec Assistant
C. Treasurer [J Aaron]
This last month has been a busy one for me and I'm still
catching up on a number of tasks. As Jim mentioned, we've
filled an extension on our taxes as I found some discrepancies
between how I had been accounting for our pledges / donations
versus previous years. This has required me to go back and
rework the tax forms.
The good news is that this month we have proper reports
including accounts receivable and liabilities (credit cards).
Notes about finances this month:
- There have been *no* deposits via the lockbox
- The accounts receivable represents the platinum sponsorship
by Yahoo! and Microsoft. I've been in touch with both and
we're just waiting for payments.
Statement of Financial Income and Expense
August 20 through September 17, 2008
TOTAL
Ordinary Income/Expense
Income
Interest Income 244.61
Contributions Income
Unrestricted 444.83
Total Contributions Income 444.83
Total Income 689.44
Expense
Bank Service Charges 259.13
Contract Labor 1,800.00
Insurance 1,450.00
Program Expenses
Public Relations Staff 2,222.22
Infrastructure Staff 6,000.00
Hardware Purchases 10,073.86
Total Program Expenses 18,296.08
Total Expense 21,805.21
Net Ordinary Income -21,115.77
Net Income -21,115.77
Statement of Financial Position
As of September 17, 2008
Sep 17, 08 Aug 20, 08 $ Change % Change
ASSETS
Current Assets
Checking/Savings
Paypal 748.94 304.11 444.83 146.3%
Wells Fargo Analyzed Account 71,708.73 96,442.32 -24,733.59 -25.7%
Wells Fargo Savings 157,938.87 157,694.26 244.61 0.2%
Total Checking/Savings 230,396.54 254,440.69 -24,044.15 -9.5%
Accounts Receivable
Accounts Receivable 200,000.00 200,000.00 0.00 0.0%
Total Accounts Receivable 200,000.00 200,000.00 0.00 0.0%
Total Current Assets 430,396.54 454,440.69 -24,044.15 -5.3%
TOTAL ASSETS 430,396.54 454,440.69 -24,044.15 -5.3%
LIABILITIES & EQUITY
Liabilities
Current Liabilities
Credit Cards
ASF Credit Card - Ruby 0.00 2,642.67 -2,642.67 -100.0%
ASF Credit Card - Erenkrantz -19.95 494.99 -514.94 -104.0%
Total Credit Cards -19.95 3,137.66 -3,157.61 -100.6%
Total Current Liabilities -19.95 3,137.66 -3,157.61 -100.6%
Total Liabilities -19.95 3,137.66 -3,157.61 -100.6%
Equity
Retained Earnings 261,975.10 261,975.10 0.00 0.0%
Net Income 168,441.39 189,327.93 -20,886.54 -11.0%
Total Equity 430,416.49 451,303.03 -20,886.54 -4.6%
TOTAL LIABILITIES & EQUITY 430,396.54 454,440.69 -24,044.15 -5.3%
Discussion items:
Are sponsors tied to our fiscal year or calendar? Sponsorship
starts at the point of sponsorship, and will often span fiscal
years and calendar years. For this reason (among others), it
makes sense to switch to accrual accounting.
Jim to work with Aaron to close the loop on sponsor invoices
Would it make sense to offload the data entry of the bill pay?
Answer: no.
Aaron to follow up on the Google SoC invoice
(Re-)appointment of treasurer tabled, will revisit month to
month. Aaron will continue in the interim.
D. Secretary [Sam]
2 grants, 32 iclas, and 2 cclas were processed since the last report.
Jim approved the updated minutes for July, and the minutes for August
are now available.
Craig Russell commented on the rate of typos in data entry. The
specific document he chose to highlight was processed by the previous
secretary assistant, but the issue exists equally with the current
secretary assistant. It has not proven to be a problem with the
infrastructure team, Sebb continues to his audit both of historical and
realtime documents, and when people note typos, they are promptly
fixed. While I'm continuing to monitor this, I'm not treating it as an
problem at this time.
The Secretary Assistant has been proceeding on the assumption that her
contract was renewed, despite it expiring at the end of last month.
She's on break from school Sept 27 through Oct 12, and while she will
will focus on the backlog of scanning archived documents at that time,
if there is other work that needs to be done, she has more free cycles
during that period.
While it was my intention to delegate bills received to the secretary
assistant once the process was running smoothly, invoices continue to
pile up in the svn:financials/Bills/received directory.
I have yet to forward Justin's actual credit card to him. He has
access to the numbers and security codes. If it isn't urgent, I'll
take care of this at ApacheCon. Otherwise, I'll mail it now. I have
not received any additional credit cards (Paul, Sander).
Filed a form 8868 income tax extension.
Sam to mail credit card to Justin.
Sam to redirect commit messages for the bills directory to
board
E. Executive Vice President [Sander Striker / Justin]
No report submitted.
Executive officer reports approved as submitted by General Consent.
5. Additional Officer Reports
1. VP of JCP [Geir Magnusson Jr]
See Attachment 1
2. Apache Legal Affairs Committee [Sam Ruby]
See Attachment 2
3. Apache Security Team Project [Mark Cox / Sam]
See Attachment 3
4. Apache Conference Planning Project [Lars Eilebrecht / Geir]
See Attachment 4
5. Apache Audit Project [William Rowe]
See Attachment 5
6. Apache Public Relations Project [Jim Jagielski]
See Attachment 6
Geir notes that he too is on the OSCON program committee.
Clarification: Wicket was not happy with the PRC
7. Apache Infrastructure Team [Paul Querna / Justin]
See Attachment 7
Paul continues to work the issue on the incompatible drive trays.
Additional officer reports approved as submitted by General Consent.
6. Committee Reports
A. Apache APR Project [Bojan Smojver / Greg]
See Attachment A
B. Apache Archiva Project [Maria Odea Ching / J Aaron]
See Attachment B
Brett clarified that a public Archiva is just a running
instance of the server.
C. Apache Cayenne Project [Andrus Adamchik / Bill]
See Attachment C
D. Apache Commons Project [Torsten Curdt / Jim]
See Attachment D
E. Apache Excalibur Project [Carsten Ziegeler / Bertrand]
See Attachment E
F. Apache Felix Project [Richard Hall / Justin]
See Attachment F
G. Apache Gump Project [Stefan Bodewig / Henning]
See Attachment G
H. Apache Harmony Project [Tim Ellison / Greg]
See Attachment H
I. Apache HttpComponents Project [Erik Abele / Jim]
See Attachment I
Sam to follow up with Henk
J. Apache iBATIS Project [Clinton Begin / Bertrand]
See Attachment J
K. Apache Incubator Project [Noel J. Bergman / Geir]
See Attachment K
Sam expressed a concern that Pig isn't focused on graduation.
The board continues to be concerned over BlueSky.
L. Apache Jackrabbit Project [Jukka Zitting / Henning]
See Attachment L
Henning to communicate that every project that uses Google
Analytics needs to have a published privacy policy.
M. Apache Labs Project [Stefano Mazzocchi / Bill]
See Attachment M
Bill notes that all crypto source code is subject to
notification and export control, not simply "released" code
N. Apache Lucene Project [Grant Ingersoll / Sam]
See Attachment N
O. Apache OFBiz Project [David E. Jones / J Aaron]
See Attachment O
P. Apache Portals Project [David Sean Taylor / Justin]
See Attachment P
Q. Apache Quetzalcoatl Project [Gregory Trubetskoy / Greg]
See Attachment Q
R. Apache ServiceMix Project [Guillaume Nodet / Jim]
See Attachment R
S. Apache Shale Project [Gary VanMatre / Sam]
See Attachment S
T. Apache SpamAssassin Project [Daryl C. W. O'Shea / J Aaron]
See Attachment T
U. Apache Synapse Project [Paul Fremantle / Justin]
See Attachment U
We talked about tracking IANA registrations, and decided not
to pursue it at this time.
V. Apache Tiles Project [Greg Reddin / Henning]
See Attachment V
W. Apache Tomcat Project [Mladen Turk / Geir]
See Attachment W
X. Apache Web Services Project [Glen Daniels / Bill]
See Attachment X
Bill to nudge the project to consider converting some of the
bigger subprojects to top-level.
Y. Apache Wicket Project [Martijn Dashorst / Bertrand]
See Attachment Y
Z. Apache XMLBeans Project [Cezar Andrei / J Aaron]
See Attachment Z
Committee reports approved as submitted by General Consent.
7. Special Orders
A. Change the Apache Labs Project Chair
WHEREAS, the Board of Directors heretofore appointed Stefano Mazzocchi
to the office of Vice President, Apache Labs, and
WHEREAS, the Board of Directors is in receipt of the resignation of
Stefano Mazzocchi from the office of Vice President, Apache
Labs, and
WHEREAS, the Project Management Committee of the Apache Labs
project has chosen by vote to recommend Bernd Fondermann as the
successor to the post;
NOW, THEREFORE, BE IT RESOLVED, that Stefano Mazzocchi is relieved and
discharged from the duties and responsibilities of the office of Vice
President, Apache Labs, and
BE IT FURTHER RESOLVED, that Bernd Fondermann be and hereby is
appointed to the office of Vice President, Apache Labs, to
serve in accordance with and subject to the direction of the Board of
Directors and the Bylaws of the Foundation until death, resignation,
retirement, removal or disqualification, or until a successor is
appointed.
Special Order 7A, Change the Apache Labs Project Chair, was
approved by Unanimous Vote of the directors present.
B. Empower PMC chairs to change the membership of their PMCs without
requiring explicit acknowledgement by the board.
WHEREAS, the Board of Directors deems it to be in the best
interests of the Foundation and consistent with the
Foundation's purpose to delegate the ability to appoint the
membership of Project Management Committees to the officers of
the corporation given charge of them;
NOW, THEREFORE, BE IT RESOLVED, that the Vice President
positions charged with the management of the Project Management
Committees of each of the Project Management Committees of the
Apache Software Foundation are hereby assigned the further
authority to and responsibility of appointing the membership of
their respective Project Management Committees, and the
responsibility of notifying the Board of Directors of any
change of their respective Project Management Committees within
forty-eight (48) hours each time the Committee's membership
changes.
This item was tabled until next month
C. Establish the Travel Assistance Committee
WHEREAS, the Board of Directors deems it to be in the best
interests of the Foundation and consistent with the
Foundation's purpose to establish an ASF Board Committee
charged with promoting and facilitating attendance at events
which are of interest to ASF projects by individuals within the
ASF community at-large whom would otherwise not be able to
attend due to financial constraints;
NOW, THEREFORE, BE IT RESOLVED, that an ASF Board Committee,
known as the "Apache Travel Assistance Committee ", be and hereby is
established pursuant to Bylaws of the Foundation; and be it
further
RESOLVED, that the Apache Travel Assistance Committee be and hereby
is responsible for organization and oversight of efforts to
provide assistance, including but not limited to financial
support, to individuals to attend events, as approved by the
Apache Travel Assistance Committee, that are consistent with the
ASF's mission to produce open-source software; and be it
further
RESOLVED, that Gavin McDonald shall serve at the direction of
the Board of Directors as the chair of the Apache Travel
Assistance Committee and have primary responsibility for managing
the Apache Travel Assistance Committee; and be it further
RESOLVED, that the persons listed immediately below be and
hereby are appointed to serve as the members of the Apache
Travel Assistance Committee:
* Ross Gardler <rgardler@apache.org>
* Noirin Shirley <noirin@apache.org>
* Nick Burch <nick@apache.org>
* Matt Benson <mbenson@apache.org>
* William A. Rowe, Jr. <wrowe@apache.org>
* Upayavira <Upayavira@apache.org>
* Gavin McDonald <gmcdonald@apache.org>
Special Order 7C, Establish the Travel Assistance Committee,
was approved by Unanimous Vote of the directors present.
D. TAC Funding Requirements Proposal
WHEREAS ApacheCon US 08 is an event for which travel awards should
be granted in accordance with the purposes of the foundation, and
WHEREAS The Travel Assistance Committee shall determine an
application form suitable for interested individuals to apply for
travel assistance and for the committee to score said applications
in a fair and equitable manner, and
NOW, THEREFORE, BE IT RESOLVED, that $30,800 be budgeted for travel
and lodging to accommodate 20 travel award grants for the ApacheCon
US 2008 event, based on reasonable airfare not to exceed $850 and
assuming half the cost of accommodation between Nov 3 and Nov 8 (or
cover the entire cost at double occupancy) and cover up to $550 for
registration to the event.
Special Order 7D, TAC Funding Requirements Proposal, was approved by
Unanimous Vote of the directors present.
E. HALO Worldwide Contract Renewal
WHEREAS, the Public Relations Committee is responsible for
organization and oversight of efforts to handle public relations,
and
WHEREAS, HALO Worldwide has been contracted to support the work
of the PRC, and
WHEREAS, the current 1 year contract expires as of September 30th,
2008, and
WHEREAS, the Public Relations Committee has determined that the
contract should be renewed for another 1 year term not to exceed
$60,000;
NOW, THERFORE, BE IT RESOLVED, that the Chair of the Relations
Committee, Jim Jagielski, is hereby directed to proceed with
contracting HALO Worldwide for the services necessary to support
the work of the PRC.
Special Order 7E, HALO Worldwide Contract Renewal, was
approved by Unanimous Vote of the directors present.
8. Discussion Items
* SpamAssassin is requesting that the current "intent for use"
trademarks ("SPAMASSASSIN" and "POWERED BY SPAMASSASSIN") be filed
as "actual use" trademarks. Larry Rosen has volunteered to do
the necessary filing. The board approved the expense (expected
to be less than $500).
9. Review Outstanding Action Items
* Jim to follow up with Geir to work with QPid on rationale and licensing
Update: Kept open
* Jim to follow up with Grant re: TREC
Update: Contacted Iadh Ounis and Ellen Voorhees regarding our hopes
and intent. As of Sept 16th, have no heard back.
* Geir to work with the PRC to work out how to pro-actively
generate press interest around the JCP/TCK issue.
Update: None so far.
* Bertrand to review scheduling of podling reports with incubator.
See https://issues.apache.org/jira/browse/INCUBATOR-78
Update: No news, but nothing's urgent either. People have been
fixing the manually created schedule.
* Aaron to follow up with Quetzalcoatl on the implications of this
project going dormant.
Update: Will morph into a discussion on an "Attic" project
* Henning to follow up on hardware utilization report w/infrastructure
Update: No update, did not find time. Will make time this month.
* Jim to request that the Security team include the projects for which
the vulnerability was reported in their reports.
Update: Security team is aware of the request.
* Aaron to follow up with Hivemind requesting clarification on what
"no active" really means and asking for a new report to be submitted
next month including this information.
Update: Will combine with the "Attic" project action item
* Henning to pursue a report for HttpComponents
Update: Erik Abele adds his excuses and notes that he just added
one for this month.
* Justin to find out if the results of the Lenya developer meeting was
made public (i.e., no binding decisions were made at the meeting).
Update: Kept open
* Bill to obtain clarification as to which library Santuario was talking
about and as to whether they are following the process for IP clearance.
Update: Clarified, addressing IP clearance confusion
* Sam to pursue a either a board report from Shale, or a resolution to
terminate the PMC.
Update: Looks like we got a board report this month. :-)
* Bill to seed a STATUS file with potential tasks, primarily
for the Executive Assistant, but also potentially for the
Secretarial Assistant, to pick up.
Update: Will go into infrastructure/site/foundation
* Jim to review the updated and annotated minutes for 2008_07_16.
Update: Done
10. Unfinished Business
11. New Business
12. Announcements
13. Adjournment
Adjourned at 12:16 p.m. (Pacific)
============
ATTACHMENTS:
============
-----------------------------------------
Attachment 1: Report from the VP of JCP
There's really nothing of interest to report. This is a combination
of end-of-summer doldrums combined with the disappointing stasis within
the JCP itself.
There are several of us on the EC that are still talking, still pushing
and still hopeful we can unwedge things and at risk of appearing histrionic,
save Java.
There's an upcoming F2F next week, and while I have no idea what we might
talk about other than rehash platitudes about adding "transparency" and
"openness" into a future JCP, I'm hoping we'll find a nice place for dinner.
I'll have more comments at the meeting.
-----------------------------------------
Attachment 2: Status report for the Apache Legal Affairs Committee
Things continue to run smoothly. I'm pleased with the number of active
participants.
An abstract question was asked about an ability to commit to a project given
exposure to prior ideas from a previous employer. In general, such a
situation causes us no major concerns, though the situation may vary based on
the specific projects and specific employers in question.
PDFBox was originally BSD licensed and obtained software grants from all of
the primary authors. A question was asked regarding small contributions from
people who they are no longer able contact. Given the size of the
contributions in question, the original license, and the fact that reasonable
efforts were made to locate such people, it was determined that this was not a
concern.
A FAQ was added that older versions of Apache software licensed under Apache
Software License 1.0 are still licensed as such.
Creative Commons Share-Alike Attribution version 3.0 license has been
approved, provided the materials in question are unmodified. Previously, only
the 2.5 version had been approved.
A JIRA was opened on documenting release voting procedures. No owner.
Larry helped resolve an issue where a company wished to rewrite our CCLA.
Our policy is that we don't accept modified ICLAs or CCLAs.
SyntaxHighlighter (LGPL) was approved for use on people.apache.org pages.
Nobody seems to know the licensing status of BEA's StAX implementation, so
most projects are simply routing around it.
Larry has volunteered to register SpamAssassin trademarks. Given that the PRC
and the SA PMCs are OK with this, if the board approves the expenditure, I'll
tell him to proceed.
David Crossley has produced a first draft of a project naming document. He's
been on the list for over a year, and starting in July of this year has picked
up his participation.
Routine copyright/notice questions from Felix, CouchDB, JAMES and the Incubator.
RSA's implementation of MD4/MD5 says one thing in their licensing headers and
a quite different thing on their IETF IPR statement. I think we are covered,
but we still need to settle how to document this properly.
Bluesky inquired about moving away from some (unspecified) C++ Standard
library implementation to STLPORT, presumably for licensing reasons.
Everything I have heard to date indicates that we would be comfortable with
either implementation.
Google Analytics continues to be explored. Justin expressed an opinion that,
while a bit stronger than I recall the board expressing, is one that I'm quite
pleased and comfortable with: namely that we start from a presumption of data
of this type being open to all, and work backwards from there -- making closed
only what we must.
A discussion has just started on the legal implications of contests involving
prizes. If the prizes themselves are donated, and are substantial, we may
have to consider such as targeted donations.
-----------------------------------------
Attachment 3: Status report for the Apache Security Team Project
There continues to be a steady stream of reports of various kinds
arriving at security@apache.org. These continue to be dealt with
promptly by the security team. Statistics missing for this month and
will be updated for next month including the breakout of issues per
project as requested at the last board meeting.
-----------------------------------------
Attachment 4: Status report for the Apache Conference Planning Project
General News
------------
* no general news
ApacheCon US 2008 News
----------------------
* Several updates and improvements to the conference and social Web
site have been and are still being made. Otherwise there are no
news since last report.
ApacheCon Europe 2009 News
--------------------------
* We are working on getting the new CFP system ready, and the
CFP announcement published.
ApacheCon US 2009 News
----------------------
* no news since last report
-----------------------------------------
Attachment 5: Status report for the Apache Audit Project
No records received, ergo no action to take at present and nothing
to report.
-----------------------------------------
Attachment 6: Status report for the Apache Public Relations Project
During the last month, initial discussions with OSCON were started
regarding how the ASF could get more involved (and visible) at the
conference. It was noted that Sam Ruby and Craig Russell are on the
OSCON Program Committee. Since the initial query, there has been
no update as of yet.
A concall was held on September 9th between the PRC (attending:
Justin, Sander and Craig) and HALO regarding the "next steps"
in how to utilize HALO over the next few months in anticipation of
the renewal of the contract later this year. The general consensus
was that tasking HALO to primarily handle the Sponsorship relationship
and renewals was of prime importance. Other tasks, such as PR
review will (hopefully) by taken up by PRC members. Tuscany is
currently working on a PR. Also being worked on is a Press Announcement
on ApacheCon US and our "voluntourism" plans for the conference, drawing
more people and more community participation for the event.
The PRC was contacted regarding our opinion on whether to file the
Actual Use documents for the SpamAssassin trademark. The PRC indicated
that this was acceptable.
A new Bronze sponsor is in the works.
The PRC was made aware of an online store using the Apache Wicket
mark without approval. The store was contacted and asked to stop.
The Wicket PMC was then contacted to see if this was a mark
usage that they would like to see; they indicated it was. The
PRC indicated that we needed a formal agreement to allow for
the use and drafted one. This issue is still in progress, but
various members of the Wicket PMC are not happy with the speed
in which this is being handled.
A discussion was started on the PRC list regarding using some sort
of tracking mechanism (eg: JIRA) to help coordinate activities.
The HALO contract is up for renewal this month. A resolution has
been added to the agenda authorizing the PRC chair to negotiate
the renewal, which will be at the same rate as last year.
Finally, the chair is getting quite upset that, even though the
ranks and roster of the PRC increase, very few PRC members
participate in activities or discussions or even help with various
tasks or issues. Certainly having a JIRA (or similar) in place
will help decrease the number of dropped balls, but what will
really help is if more people were doing the juggling.
HALO Report below:
The activities below reflect the tasks undertaken during the 1-31 August
2008 timeframe.
CONTENT DEVELOPMENT
o (no ASF-issued announcements made during this time period)
o Reviewed Tuscany draft announcement
o Drafted outline of Sponsorship newsletter
OUTREACH & LIAISON
o Planning ASF Sponsor Liaison meeting at ApacheCon
MEDIA RELATIONS/COORDINATION
o Handled several press inquiries on general sponsorship process (triggered
by July's Microsoft announcement)
-----------------------------------------
Attachment 7: Status report for the Apache Infrastructure Team
We've fallen a bit behind our machine upgrade schedule due mainly to
persistent concerns over the stability of FreeBSD on eris (svn). The
machines that need to be brought online are loki (a cold spare) and hermes
(a drop-in replacement for the existing x345 which serves mail).
Dealing with intermittent problems with the build process on the hudson zone.
Transferred the vmsa vmware instance to a zone on odyne for performance
reasons.
Created roughly 2 dozen new committer accounts.
Sebastian Bazley continues his work rationalizing foundation records and
authoring supporting scripts.
An issue came up regarding the ability, or lack thereof, of purging sensitive
data from the svn repository. No action was taken at this time.
Yahoo! has been in touch with us to resume talks about a build farm donation.
-----------------------------------------
Attachment A: Status report for the Apache APR Project
The activity on the project in the last 3 months (June 9 2008 to Sept 9
2008) was as follows:
APR trunk: 29 commits
APR util trunk: 67 commits
APR 1.3.x: 36 commits
APR util 1.3.x: 64 commits
APR 1.2.x: 1 commit
APR util 1.2.x: 0 commits
APR 0.9.x: 3 commits
APR util 0.9.x: 0 commits
APR iconv trunk: 0 commits
APR iconv 0.9.x: 0 commits
site: 5 commits
Current stable release of APR is 1.3.3, released August 14. There was
another release (1.3.2) in this period, on June 23.
Current stable release of APR util is 1.3.4, released August 15. There
was another release (1.3.2) in the period, on June 23.
There were no new APR iconv releases.
The 1.2.x branches of APR/APR util are now obsolete and will not have
any more releases.
In this period the project was mostly busy fixing bugs in releases based
on new stable branches. Talk about the new stable release already
started, with clean compilation on MinGW platform flagged as one of the
goals. And, of course, more bug fixing.
Most recently, new work on apr_crypto implementations based on OpenSSL
and Mozilla NSS has been committed to trunk.
-----------------------------------------
Attachment B: Status report for the Apache Archiva Project
Releases
--------
* 1.1 was released on July 20, 2008.
* 1.1.1 was released on August 11, 2008.
* 1.1.2 release will be coming up in the next couple of days and development
for 1.2 is also on-going.
Community
---------
* Discussions about setting up a public Archiva and a Planet Archiva blog
aggregator have been going around the dev list.
Issues
------
No board level issues at this time.
-----------------------------------------
Attachment C: Status report for the Apache Cayenne Project
Development
* Wrapping up 3.0M5 release.
* Google Summer of Code work completed. Our single Summer of Code project
(student - Andrey Razumovsky, mentor - Kevin Menard) was a huge success,
resulting in significant improvements made to CayenneModeler GUI mapping
tool. Andrey expressed the intention to further participate in Cayenne
past the Summer of Code program.
Community
* Activity on the user and development lists has been steady.
-----------------------------------------
Attachment D: Status report for the Apache Commons Project
General
=======
o Activity: all time low on both the user and dev mailing lists
o Commons-compress and git:
We have a contributor that already has a CLA on file. He has been
the top commons-compress contributor for a while. Making him a
committer has not felt appropriate yet (for various reasons). While
most design discussion where still on the list some discussions
ended up offlist via IM due to personal contact. Another contributor
and committer (in fact me - Torsten) has been mentoring him hoping
to keep him involved and lead him to a release. Unfortunately this
turned out to be a major rewrite. So we ended up sending code back
and forth as working together in svn wasn't an option. When this got
too cumbersome we used git to share the code. Now when someone else
turned up to help out the question came up how to deal with the new
codebase. While legally all contributors have a CLA on file and the
full history is available this 'incident' has been perceived as
negative by the PMC in general. As all code should be covered by the
CLAs it has been accepted into svn as a new branch anyway.
Development will continue from there.
o Component commons-exec has been promoted to proper
http://mail-archives.apache.org/mod_mbox/commons-dev/200806.mbox/%3c48650EF8.9010905@gmx.at%3e
o Vote passed to accept flatfile codebase as a new sandbox component
- now awaiting IP clearance.
http://mail-archives.apache.org/mod_mbox/commons-dev/200808.mbox/%3c596611.56279.qm@web55106.mail.re4.yahoo.com%3e
Releases
========
o JXPath 1.3
http://mail-archives.apache.org/mod_mbox/commons-dev/200808.mbox/%3c369853.24376.qm@web55108.mail.re4.yahoo.com%3e
o BeanUtils 1.8.0
http://mail-archives.apache.org/mod_mbox/commons-dev/200808.mbox/%3c55afdc850808310837w5f4aa2d9sccd8c625b6f28d65@mail.gmail.com%3e
o commons-build-plugin 1.1
http://mail-archives.apache.org/mod_mbox/commons-dev/200807.mbox/%3c55afdc850807150911u464ef913g86651e2489b2e46e@mail.gmail.com%3e
o commons-parent 11 and commons-sandbox-parent 7
http://mail-archives.apache.org/mod_mbox/commons-dev/200807.mbox/%3c55afdc850807210648k574dafc0lbe2a689bb3808d@mail.gmail.com%3e
Community
=========
o No new sandbox committers
o No new committers
o No new PMC members
-----------------------------------------
Attachment E: Status report for the Apache Excalibur Project
There are no known issues.
Excalibur is stable and used by some projects. Again, this quarter was
very quiet with zero activity, neither in the mailing lists nor in
subversion (and no releases of course).
While this quietness reflects the state of the code (stable with
no need for changes, updates) it also shows that there is no high
interest in it anymore. Heavy users of Excalibur like Cocoon are
moving to other solutions (just because there is newer stuff out
there - which is good), so sooner or later we have to think about
the future of Excalibur as a project. But for now I think we should
just continue for some months and decide sometime next year if
putting the project to a rest is a better option.
-----------------------------------------
Attachment F: Status report for the Apache Felix Project
Community
* Presented iPOJO at the OSGi Community Event in Berlin in June.
* Added committers Edward Yakop and Makas Lau for Log Service
contribution.
* Received a contribution from Dieter Wimberger for a bundle that provides
simple remote telnet access to the Felix shell.
* Receiving web site documentation contributions from Richard Jackson;
Richard has been granted karma to modify the wiki for his contributions.
Software
* Still working on incorporating the new Log Service contribution from
PAX; largely delayed due to a naming issue and lack of time.
* Release version 1.2.0 of Felix (includes Framework 1.2.0, Main 1.2.0,
Shell 1.0.2, Shell TUI 1.0.2, Bundle Repository 1.2.0). This release
marks the first steps toward bundle fragment support in Felix, which is
one of the last major hurdles to full OSGi R4 specification compliance;
however, there is still plenty of work to be done to complete this
feature.
* Released various other subprojects (e.g., iPOJO, UPnP, SCR, Maven SCR
Plugin, Maven Bundle Plugin, File Install).
* Working on creating an official bundle repository to make it easier for
the community to use subprojects.
Licensing and other issues
* None.
-----------------------------------------
Attachment G: Status report for the Apache Gump Project
Infrastructure:
* no news is good news.
Technical:
* the installation is happily chugging along but no active development
Other:
* still all Apache committers have access to metadata in svn.
* no releases.
-----------------------------------------
Attachment H: Status report for the Apache Harmony Project
Summary
=======
The Apache Harmony project delivered another milestone release containing
Google Summer of Code contributions, bug fixes, and a notified security
fix. The community is quiet but steady at the moment. The lack of a JCK
continues to be an issue for Harmony.
Development & Releases
======================
Development continues to be focused primarily on the Java 5 SE code stream
and associated development tooling, with work on the Java 6 SE stream being
limited to core areas of the class library. Work on the VM, JIT, and GC
has slowed noticeably.
Milestone build 5.0M7 was declared on August 21, 2008. This milestone
includes a number of fixes and enhancements, as evidenced by over
125 JIRA issues resolved and over 600 commits since our last milestone
published at the start of May.
Noteworthy enhancements include:
* improved performance, especially in object serialization
and pack200 decoding.
* a new 'javap' tool for class file disassembly, and good
progress on 'policytool' the security policy management tool.
* lots of fixes in the Swing widget toolkit.
Six Google Summer of Code projects were assigned for mentoring by members
of the Harmony community, but only two of those completed. We would
particularly like to thank AndrĂ¡s Belicza (policytool) and Tharindu Mathew
(Swing enhancements) for their contributions to the project!
Security
========
In July, the ASF security group advised the Harmony PMC of a vulnerability
in our code. The issue is fixed in the milestone 7 release. The details
of the vulnerability have not been fully publicly disclosed yet.
Community
=========
The community continues to operate in a healthy manner, with a noticeable
quiet period over summer.
We are pleased to see some Harmony code is being used in Sun's performance
release of Java SE 6 (an improved TreeMap), and work done in the
JikesRVM 3.0 project that enables that VM to run Harmony class library code.
There were no changes to committers or PMC membership during this period.
There are currently 38 committers, ~18 of whom were active this period.
-----------------------------------------
Attachment I: Status report for the Apache HttpComponents Project
-- Status --
There are no items needing immediate attention of the board except to
note that we've missed the last report due to my fault - I'm again very
sorry for that.
Fortunately Oleg Kalnichevski immediately stepped up to make sure that we
are not missing it again this months - thanks!
-- Releases --
We have had one release since the last report:
29 August 2008 - HttpComponents HttpClient 4.0 beta 1
-- Community --
No arrivals or departures.
We have been getting a reasonable amount of feedback and contributions
in terms of patches and development ideas. A number of patches have been
contributed by the users of Apache Synapse.
Several committers on the project expressed willingness to support the
incubation of the Droids project, currently at home at Apache Labs.
Droids is an intelligent standalone robot framework that may become a part
of the HttpComponents community after incubation. An alternative destination
of Droids may be the Lucene TLP in case a too strong emphasis on the HTTP
protocol proves to be too constraining for Droids.
There is quite some activity on both user and developer mailing lists.
Overall the whole community looks and behaves quite healthy.
-- Migration --
Items still in work:
- finalize and approve project bylaws
- re-instate deployment of website via Subversion
(currently deployed by Maven due to TLP migration)
-- Development --
HttpClient beta1 has been released.
The first beta brings yet another round of API enhancements and improvements
in the area of connection management. Among the most notable ones is the
capability to handle stateful connections such as persistent NTLM connections
and private key authenticated SSL connections.
This is the first API stable release of HttpClient 4.0. All further releases
in the 4.0 code line will maintain API compatibility with this release.
General Notes.
HttpClient & HttpCore are now shipped with the Google Android platform.
We see this a major endorsement of our work.
The project is also still waiting for an answer from MS in regard to the
licenses required for an implementation of NTLM. We have been quiet about
that in the last couple of months but will try to resume activity in this
area around ApacheCon US.
-----------------------------------------
Attachment J: Status report for the Apache iBATIS Project
iBATIS is currently undergoing its greatest evolution since its
creation six years ago. The iBATIS 3.0 Core is a complete rewrite and
a significant redesign of the foundation of iBATIS. The new Core
enables new APIs to be built on top of the iBATIS framework more
easily than predecessors, which were heavily bound to an XML based
configuration.
Two new APIs have already been developed: a Compatibility API (for 2.0
backward compatibility), and the new Monarch API. The iBATIS 3.0
Compatibility Kit runs the full iBATIS 2.0 unit test suite. The core
itself includes over 500 tests of its own, thus doubling the number of
tests and significantly improving the test coverage overall. The
Monarch API will bring iBATIS into 2009 with full support for JDK 1.5
language features and modern configuration and development paradigms.
iBATIS.NET has aligned its version numbers with iBATIS, and thus its
next major version will be 3.0 as well. iBATIS.NET will implement the
same features as the Monarch framework as described on the iBATIS 3.0
Whiteboard Wiki and is is actually closer to a beta release than its
Java counterpart.
RBatis will likely be deprecated and replaced with Ruby bindings for
JRuby that will run on top of the iBATIS 3.0 Core. It is our
intention to also consider Groovy and even JavaScript bindings.
The iBATIS team has changed since the last board report. This is the
first board report by Clinton Begin as iBATIS Chair. Ted Husted will
remain a PMC member. Roberto Rabe has stepped down from the iBATIS
PMC and has entered emeritus status. Sven Boden, Brice Ruth and Jon
Tirsen have also entered emeritus status.
-----------------------------------------
Attachment K: Status report for the Apache Incubator Project
The Incubator continues to run smoothly. In the large, we have good
participation and oversight from the PMC.
PhotArk and Etch are in the process of getting started. Qpid and UIMA are
working on putting out new releases. CouchDB is in search of new/additional
Mentors.
As mentioned in the August report, we continue to have concerns about
BlueSky, which failed to formally report again this month. However, there
is an e-mail on their list that indicates that they are hearing our
concerns, and are starting to take some steps towards improvement and
resolution on the issues, q.v.,
http://www.mail-archive.com/bluesky-dev@incubator.apache.org/msg00245.html.
*** The PMC is reminding all Incubator projects that an important item for
the report is what needs to be done to satisfy graduation requirements. ***
------------------------------------------------------
=== BlueSky ===
Did not report. From the developer mailing list, we have the following
status comments:
- Two modules of the project,that is DTU and Tserver, have been
modified by using stlport to replace gpl based c++ code
expected for some minor mistakes.
- The official website has been updated and formal reports are added.
- We strive hard to learn the related contents of how to incubate
successfully.
=== JSecurity ===
JSecurity is a powerful and flexible open-source Java security framework
that cleanly handles authentication, authorization, enterprise session
management and cryptography.
JSecurity has been incubating since June 2008.
Since last month, a new external release has been issued (0.9.0-RC2), and
some
bug fixes, and discussion about the configuration format.
The code source should be injected to the Apache repository soon, when the
external 0.9.0 release will be out. It's a matter of days, may be a week,
accordingly to the latest discussion on the mailing list.
JIRA is set up, but it should be used.
The status is being maintained at
http://svn.apache.org/repos/asf/incubator/jsecurity/STATUS
=== log4php ===
log4php is a port of the log4j package for PHP.
Very limited activity over the last 3 months. 3 external patches, provided
via JIRA were submitted in September, and these are in the process of being
vetted and will likely be committed. There are external users but almost no
activity on the mailing lists.
Incubating since 07/2007
=== Pig ===
Pig is a platform for analyzing large data sets that consists of a
high-level language for expressing data analysis programs, coupled with
infrastructure for evaluating these programs. The salient property of Pig
programs is that their structure is amenable to substantial parallelization,
which in turns enables them to handle very large data sets.
* Pig's infrastructure is in good shape. We just announced our first
release from the incubator Pig 0.1.0! In addition, a major system redesign
is underway that introduces type system, improves performance, and provides
better platform for future work. The rework is expected to complete in
October 2008.
* The development community is growing with addition of Daniel Dai as a new
committer. More work needed to attract developers to the project.
* The user community is also growing with more activity on the user mailing
list. In addition, a tutorial and user function repository were added to
help users to come up to speed on the product. Also there is ongoing work on
the user documentation.
Incubating since: October 2007
=== RAT ===
Did not report.
=== River ===
River is aimed at the development and advancement of the Jini technology
core infrastructure. Jini technology is a service oriented architecture that
defines a programming model which both exploits and extends Java technology
to enable the construction of secure, distributed systems which are adaptive
to change.
This reporting period showed almost no activity, which is quite
disappointing. Based on the question by one of our mentors "What's up with
River" it became clear some active committers were forced to downsize their
participation due to being drowned by other activities, in case of many of
the Sun committers this is due to a change of jobs.
There are however signs that others, well known in the Jini community, want
to lend their hand and help with getting out our next release.
Things that needs to be done before graduation:
* the API in the {{{com.sun}}} namespace must be changed to
{{{org.apache}}}, probably has to await the incorporation of patches
lingering around and after our automated test framework is in place
* overall participation of non Sun committers must increase and we
should grow our community by getting more people involved
Incubating since: December 2006
=== Shindig ===
Shindig is a reference implementation of the !OpenSocial and gadgets stack.
Incubating since: 2007-12-06
High-level status summary: Shindig preparing for an incubation release of
the v0.8 !OpenSocial spec
* On track for an incubation release of Shindig on September 30,
compliant to !OpenSocial v0.8.1
* Active community, code base is maturing well, and is in use by many
very large sites
* Apache-provided Zone is up and running
* 2 new committers, actively seeking more
* Top 2 things to resolve prior to graduation:
* Improve diversity of committers (progress, but on-going)
* Run through at least one release (0.8 release will be a good
one)
=== Hama ===
Hama is a parallel matrix computational package based on Hadoop.
Incubating since: 19 May 2008
* The Hama website was published.
* The automated CI server for Hama integration builds was installed.
* The users were beginning to evaluate/report the function and perfomance
of the Hama.
We need to make a guide for the users and developers.
=== Empire-db ===
Apache Empire-db is an Open Source relational data persistence component
which allows database vendor independent dynamic query definition as well as
safe and simple data retrieval and updating. Empire-db entered the incubator
on July 8th, 2008
- we've finalized migration from sf.net to apache
- commits are coming in
- issue tracker is being used
- first release tries to go through the incubator
- no new additions to the committer roster or ppmc
=== PhotArk ===
Apache !PhotArk will be a complete open source photo gallery application
including a content repository for the images, a display piece, an access
control layer, and upload capabilities.
PhotArk has been accepted for Incubation in August 19. SVN, the mailing
Lists and Committer accounts are ready. The Community is just starting to
work on website and initial code.
-----------------------------------------
Attachment L: Status report for the Apache Jackrabbit Project
Apache Jackrabbit is a fully conforming implementation of the Content
Repository for Java Technology API (JCR, specified in JSR 170).
The Apache Jackrabbit project is in good shape. We have no board-level
issues at this time.
o Releases
No releases were made since the last report.
o Legal
We use Google Analytics to track usage of our web site. We are working
with site-dev@ and legal-discuss@ to resolve the recent concerns about
how the site usage data can be made available equally to everyone.
o Community
No new committers or PMC members were added since the last report.
There has been a decrease in mailing list and commit activity in the past
quarter and we've seen some cases of issues or questions being dropped.
This is partly because of the summer vacations but also due to a number
of core committers having been otherwise occupied. We'll keep an eye on
the situation and expect things to normalize soon.
We will participate and present Apache Jackrabbit in the upcoming
ApacheCon US.
o Development
We keep working towards Jackrabbit 1.5 in near future and Jackrabbit 2.0
(and the JSR 283 reference implementation) later on.
o Infrastructure
No issues at the moment.
-----------------------------------------
Attachment M: Status report for the Apache Labs Project
It was a mostly quiet quarter for the Labs project with two or three
highlights worth noting.
= Labs statistics =
- new: 2
- JaxMas (est. 2008-07, PI: Jochen Wiedmann)
- Magma (est. 2008-09, PI: Simone Gianni)
- status changes (last 3 months): 0
- total number: 23
- active: 22
- idle: 1
- promoted: 0
- completed: 0
- labs with commits: pinpoint, droid, vysper, jaxmas
= Cryptography =
We asked every lab for information about whether it includes
cryptographic software. It is still an open work item to complete this
process by recording this information at the right places and issue
notification emails.
= Change to the PMC chair =
On the public list, Stefano Mazzocchi announced his intention to step
down as PMC chair due to time restrictions. New candidate(s) were
drafted and finally Bernd Fondermann was voted as PMC chair candidate on
the public list. A special order draft to change the PMC chair was
brought before the board for your kind consideration.
= New labs =
A new lab, JaxMas, was conceived by Jochen Wiedmann. JaxMas is a "poor
mans JAXR provider for running JAXR based unit tests". Another new lab,
Magma, was concieved by Simone Gianni. Magma is a "research about using
AOP on the front line to provide an integration framework for Apache
technologies"
= Droids planning to move out =
Lab Droids (est. 2007-02, PI: Thorsten Scherler) is considering moving
on to the Incubator. Currently, the lab is preparing incubation,
including drafting a proposal at the Incubator Wiki and looking for a
champion and mentors. We are very excited about that, since providing an
ecosystem for projects on the way from the first line of code until
incubation is one of the goals of the Labs project, and Droids - if
successful - would be the first lab to follow this path ultimately. Some
discussion came up, here and on the Incubator's general list, about the
process how to proceed with labs aiming to become a project's
subproject, instead of going TLP. According to our bylaws, going through
the Incubator is inevitable. And the Incubator surely is the right place
to determine how to properly deal with that.
-----------------------------------------
Attachment N: Status report for the Apache Lucene Project
=== Lucene Status Report: 17th of September, 2008 ===
TLP
The TLP has accepted a software grant to bring geographic search
capabilities to Lucene and Solr.
CRYPTOGRAPHY
Nutch uses PDFBox and thus has a dependency on BouncyCastle.
https://issues.apache.org/jira/browse/NUTCH-621 has been opened
and is in process. Steps 1 through 3 have been completed and
the Nutch team is completing step 4.
LUCENE JAVA
Lucene Java is a search-engine toolkit. Development has been
active and we are nearing the release of 2.4.
SOLR
Solr is a full text search server. Development and the community
is active. Shalin Shekhar Mangar was added as a committer.
Solr 1.3 will be released in the next few days.
NUTCH
Nutch is a web-search engine: crawler, indexer and search runtime.
Development activity (measured by number of commits) has been low,
mainly bug fixes and minor enhancements. There are however some
nice new exciting features, currently under discussion attached
to Jira.
LUCY
Lucy will develop a shared C-based core for ports of Lucene to other
languages, such as Perl, Python and Ruby. No progress has been made
this quarter, but we have been in contact with the committers and
they are still interested in the project and plan to be more
active in the near future.
LUCENE.NET (incubating)
No change since last report. There is some brewing of bringing
in a couple
of new committers, but no official action on that yet.
This project does seem to have a small community of users,
with the occasional
tricky question posted to the e-mail list. It's a fairly
straightforward port, so several that have needed help with
it have asked general questions
in the java-user@lucene community.
TIKA (incubating)
Apache Tika is a toolkit for detecting and extracting metadata and
structured text content from various documents using existing parser
libraries. Tika is discussing graduating from the incubator.
MAHOUT
Apache Mahout is a new subproject of the Lucene PMC with the goal of
building a suite of scalable machine learning libraries for text and
data mining. We know have Map-Reduce implementations of several
clustering algorithms, 2 classification algorithms based
on bayesian statistics and support
for scaling fitness functions in genetic algorithms.
We had 2 successful
GSOC students participate over the summer.
We are nearing our first, 0.1, release.
-----------------------------------------
Attachment O: Status report for the Apache OFBiz Project
Report for Sep 2008 for OFBiz (Open For Business) as a top level project.
The Apache Open For Business Project (Apache OFBiz) is an open source
enterprise automation software project. By enterprise automation we mean:
ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM, and so on.
We have no issues that require Board assistance at this time.
Community:
- There have been no new committers or PMC members since the last report.
- A lot of activity (and new subscribers) both in the user and dev mailing
lists.
- We put considerable effort in defining the schedule for the OFBiz
Symposium @ ApacheCon US 2008; several contributors from a wide variety of
organizations will present 2 days of OFBiz conference and BOF sessions, and
there will be 2 training courses on the Mon/Tue before the conference;
there has been a refreshing amount of interest in the event and
participation in presentations and attendance is looking really good.
Project:
- New features and enhancements have been added by different committers and
contributors, including a new special purpose application (MyPage).
- We have established a focus on framework cleanups and business
application enabling features in preparation for a release; this is
continuing, though with slower progress due to (apparently) a busier than
normal season for OFBiz related consulting services, though that is also a
good sign for the long term growth and stability of the community; the goal
is to prepare for a versioned release of the framework instead of all of
OFBiz in order to narrow the scope and make it easier to define and monitor,
and once done the hope is that this will help popularize the OFBiz
framework and further grow the user and contributor communities around the
project.
-----------------------------------------
Attachment P: Status report for the Apache Portals Project
-- New releases --
Pluto 1.1.6 - Aug. 11, 2008
-- New committers --
none
-- Status --
1. Pluto Refactoring
Work is in progress on the Pluto 2.0 SPI Refactoring branch. The goal
of this branch is to bring Pluto trunk and Jetspeed trunk back in
alignment. A little history: Pluto 1.x, a new architecture severely
broke backward compatibility with the previous 1.0 API and SPI by
replacing the container object model (OM) interfaces with directly
and hard coded use of the new Deployment Descriptor based *classes*,
and almost all SPI Factory interface usages have been replaced by
direct and Pluto container internal (only) instantiation of
singletons or Portlet API implementation classes. These changes
"broke" Jetspeed, as it was coded to the more pluggable 1.0 API/SPI.
To make a long story short, we hope to have the SPI Refactoring
branch merged back in this summer and Jetspeed and Pluto back in
alignment from the trunks. We hope to complete
this work by ApacheCon.
2. Pluto JSR-286 Portlet API 2.0 Specification Release
Work is also near completion on the Portlet API 2.0 specification
implementation. One the Pluto Refactoring branch is ready,
it will be merged in and we will work towards releasing a
Portlet API 2.0 compliant release of Pluto. We hope to complete
this work by ApacheCon.
3. Apache Con, Portals meetup
We are planning another meetup for New Orleans, perhaps again
with the Wicket team, like we did in Amsterdam
4. Jetspeed-2
Continued work towards a 2.2 release this summer and merging with
the Pluto Refactoring branch when available. Lots of commits in the
last two weeks on the security refactoring.
-----------------------------------------
Attachment Q: Status report for the Apache Quetzalcoatl Project
Things continue to be very quiet on the Quetz/mod_python front. No new
releases have been made since the last report and none are planned
for the near future.
-----------------------------------------
Attachment R: Status report for the Apache ServiceMix Project
Since the last report, ServiceMix has released the following things:
* First set of OSGi bundles
* ServiceMix Specs 1.0.1
* ServiceMix 3.2.2
* ServiceMix Kernel 1.0.0-rc2
* Second set of OSGi bundles
* ServiceMix Specs 1.1.0
* depends-maven-plugin 1.0 (a maven plugin used in some of our projects)
* ServiceMix Kernel 1.0.0 is currently under vote
The ServiceMix Specs project contains OSGi enhanced versions of some Java
EE specifiations. Those are mostly repackaged versions of ASL licensed
specs, but it also contains full code of some specifications too (the JBI
specification and the JAXB specifications that were needed to be able to
enhance them for OSGi). We've discussed moving at least those JAXB specs
to Geronimo, but no work has been done on that so far.
The ServiceMix Bundles project contains jars repackaged as OSGi bundles
which are used in ServiceMix 4.x.
The JBI components from ServiceMix 3.x have now been extracted into their
own svn subtree to be able to release them independently and share them
between ServiceMix 3.x and 4.x. The short term goal is to release those
as well as ServiceMix 3.3 and new milestones of ServiceMix 4.0 in the
coming weeks.
The ServiceMix zone has been set up and we will work on putting live demos
of ServiceMix when time permits.
-----------------------------------------
Attachment S: Status report for the Apache Shale Project
Shale is still working towards the 1.0.5 release. All the artifacts are
published to the Maven repo and the mirrors. The only thing lacking is
updating the website.
There has not been a lot of activity on the mailing lists over the past
several months. Questions are being responded to but few patches offered.
Shale has two subversion branches, 1.0.x, 1.1.x. Shale's subversion
trunk his positioned at 1.1.0-SNAPSHOT. This branch holds a few enhancements
that are not found in the 1.0.X branch. In particular, there are some
features added to the test framework that are not offered in the 1.0.5
branch. There has not been any recent release planning for the 1.1.x branch.
Shale contains several subprojects. We recently voted to discontinue support
for the tiles integration subproject. Apache MyFaces Tomahawk has provided
an integration library that is more current providing support for JSF 1.1
and 1.2. Several of the Shale projects have been discussion points for
JSF 2.0 planning.
The following is a list of Shale libraries/sub projects along with recent
issues or discussion points:
* Application Controller - This project uses Apache Common Chain to add
pluggable filter chaining. MyFaces Trinidad has a similar strategy used for
installing decorators and other pluggable services.
* Clay - Shale brought in an eclipse plugin to manage Clay's xml metadata.
This was fast-tracked through the incubator. This plugin is still in the
sandbox. JSF 2.0 will provide an alternative to JSP for view composition.
The proposed solution will not have some of the features in Clay but will
be part of the core JSF Runtime.
* Core Library - All other shale libraries have a dependency on this
library.
* Dialog Manager - There was a recent reported serialization issue on the
mailing list. The person reporting the issue was not able to help with the
problem resolution.
* Dialog Manager SCXML - This project provides an alternative base Dialog
Manager implementation using Apache Commons SCXML.
* Remoting - The JSF 2.0 experts group is reviewing this project.
* Spring Integration - Adds Spring's IOC container into the EL resolver
chain. Spring 2.0 provides the same integration with JSF.
* Test Framework - There has been a lot of interest in this library. This
is one of the few libraries that have not been re-invented by other projects.
Many in the Myfaces community would like to move this library under their
umbrella. Unfortunately, there has not been many recent patches or
contributions offered.
* Tiger Framework - The JSF 2.0 experts group is reviewing this project.
* Validator Support - This project utilizes Commons Validator to build JSF
validators and converters. The client-side validation is the most popular
feature. Unfortunately, JSF doesn't make it easy to provide rich validators
that are not coupled with a component library.
* View Controller - This project was based on JSF 1.1 and one of the original
Shale libraries. It extends the JSF lifecycle. This became less important
as JSF 1.2 provided support for before and after phase listeners attached to
the view and the ability to extend the JSF lifecycle. Another feature that
View Controller attempted was better exception handling. This is also a
topic being discussed in JSF 2.0.
-----------------------------------------
Attachment T: Status report for the Apache SpamAssassin Project
- we released Apache SpamAssassin 3.2.5 on June 12, 2008
- not a lot of development over the summer, which has been a slow period for
us over the last few years
- we've vacated the "vmsa" VMWare instance to take our load off of that
machine and moved into a new solaris zone on odyne
- I took over as PMC chair from Justin Mason, thanks Justin!
- we're in the process of getting PRC, legal and then board approval to get
"actual use" documents filed for our existing "SPAMASSASSIN" and "POWERED
BY SPAMASSASSIN" "intent to use" trademarks filed; apparently this will be
inexpensive and we have some volunteers on the legal list to get this done
-----------------------------------------
Attachment U: Status report for the Apache Synapse Project
Notable Happenings:
------------------------------
We voted in two new committers: Asanka Abeysinghe and Afhkam Azeez.
We registered two ports (8280 and 8243) as with IANA
http://www.iana.org/assignments/port-numbers
Releases
-------------
We haven't done a release since the last board report, but we expect
to do one before the next board report.
Community
----------------
We believe the community is continuing to grow in terms of mailing
list traffic, JIRA contributions, patches. We continue to have an
excellent relationship with the HTTPComponents project and wish to
thank them for all the help and assistance they have given Synapse
with our HTTP transports.
Export controls
----------------------
We have now done our TSU notification and the latest release has the
correct documentation.
The next release will ship with the BouncyCastle JAR that excludes the
patented IDEA algorithm.
-----------------------------------------
Attachment V: Status report for the Apache Tiles Project
Tiles 2.1.0 has been released. It is a beta quality release that
contains some significant enhancements and new capabilities. The
documentation is the main factor that prevents 2.1.0 from achieving
the GA quality label. Work is continuing on that front.
No new committers or PMC members have been added this quarter. Martin
Cooper stepped down from the PMC. Mailing list traffic remains steady
with many questions from users. We are still hoping some of these
contributers will start submitting patches and increase their
involvement in the community. The project could use a few more active
committers.
-----------------------------------------
Attachment W: Status report for the Apache Tomcat Project
Summary
--------------
The project continues to be active on a number of fronts.
There are no issues requiring Board attention at this time.
Releases
-------------
We cut a number of releases incorporating majority of our active branches.
Tomcat 6.0.18 was released last month, both primarily bug fix
and security fix release over the previous 6.0.16 release.
Although we tagged 6.0.17 it wasn't released due to security
fixes that were incorporated in 6.0.18.
Tomcat Native connector 1.1.14 was released, primarily bug fix
release over the previous 1.1.13 release.
Tomcat Native connector 1.1.15 was released, fixing IPV4/IPV6
bug over the previous releases.
Finally Tomcat 5.5.27 was released, fixing bugs and security
issues over the previous 5.5.26 release.
Security
------------
We've been working closely with security issue reports and the Apache
Security committee on quickly replying to issues, resolving them, and
coordinating public disclosures.
The following security issues has been resolved:
CVE-2008-1232
The message argument of HttpServletResponse.sendError() call is
not only displayed on the error page, but is also used for
the reason-phrase of HTTP response.
6.0.x: Fixed, released and announced
5.5.x: Fixed in the SVN and announced
4.1.x: Fixed in the SVN and announced
CVE-2008-1947
The Host Manager web application did not escape user provided data
before including it in the output. This enabled a XSS attack.
6.0.x: Fixed, released and announced
5.5.x: Fixed, released and announced
CVE-2008-2370
When using a RequestDispatcher the target path was normalised before
the query string was removed.
6.0.x: Fixed, released and announced
5.5.x: Fixed, released and announced
4.1.x: Fixed in the SVN and announced
CVE-2008-2938
If a context is configured with allowLinking="true" and the connector
is configured with URIEncoding="UTF-8" then a malformed request may
be used to access arbitrary files on the server.
6.0.x: Fixed, released and announced
5.5.x: Fixed, released and announced
4.1.x: Fixed in the SVN and announced
CVE-2008-0128
When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO
is transmitted without the "secure" attribute.
4.1.x: Fixed in the SVN and announced
Development
-------------------
Development was concentrated mainly on security issues and fixing
bugs for the current releases. We are currently in discussions to
use some of the code Costin was working on for more then 3 years
inside 'Tomcat Lite' branch.
Mod_jk had a lots of bug fixes since last released version, so we
plan to release a new version 1.2.27 this month.
Community
-----------------
After last quarter's new committers and PMC members, there were no
changes the committership nor PMC membership this time.
The new commit policy is working very fine, and we've been
very active both in commit and release volume.
-----------------------------------------
Attachment X: Status report for the Apache Web Services Project
= Web Services PMC Report for September 2008 =
Summary - activity is pretty steady in the Web Services community. A couple
of new committers, a new PMC member, some new releases, nothing
earth-shaking. Glen STILL hasn't sent the PMC-emeritus message to the
members that were identified as inactive last round(!).
=== Notable Happenings ===
Deepal finally got the gumption up to move the transports out into a
separate WS-Commons project - this enables two things, a) more modularity in
Axis2, and b) Synapse will now be able to develop transports in WS-Commons
as well, so we can share them in a more effective way.
Colm OhEigeartaigh is a new committer on WSS4J.
Fred Dushin, standard-bearer for WSS4J, was happily introduced into the PMC.
The 1.4.1 release of Axis2 fixed a number of bugs, including some that were
preventing Rampart from doing its job effectively.
=== Code Releases [since the last report] ===
* Axis2 1.4.1
* Axis2/C 1.5.0
* Rampart 1.4.1
=== Subproject News ===
(I'm now including a summary of each subproject as requested last time -
please let me know if this seems too verbose)
No news below means nothing particularly notable for the board occurred this
quarter.
==== Apache Axis2 ====
Apache Axis2 is the third generation Web service framework of the Apache Web
service stack. A highly extensible message processing engine focused on
SOAP messages, it includes plugins for services, transports,
MessageReceivers, and Modules (message interceptors).
The 1.4.1 release fixed quite a few bugs in 1.4, and enabled Rampart to move
forward.
We're continuing to do cleanup and refactoring as appropriate on the trunk
in preparation for Axis2 1.5 which will be based on Java5.
==== Kandula ====
Apache Kandula is an implementation of Web Services Coordination, Atomic
Transaction and Business Activity protocols. The project provides
implementations for both Apache Axis (kandula-1 branch) and Apache Axis2
(kandula-2 branch) platforms.
==== Apache Axis ====
Apache Axis is a web services framework implementing the W3C SOAP standard.
==== Apache Woden ====
Woden is an open source Java implementation of the W3C WSDL 2.0
specification. Woden is working towards an M8 release. Woden has seen some
more activity recently from new contributors including a restructing of the
Woden source repository to follow Maven conventions.
==== JaxMe2 ====
JaxMe 2 is an open source implementation of JAXB, the specification for
Java/XML binding.
No notable happenings.
==== Apache Scout ====
Apache Scout is an implementation of the JSR 93 (JAXR), which is a java API
to XML registries such as jUDDI. Status: We did an 1.0rc2 release which has
brought us very close to making the final 1.0 release.
==== Apache jUDDI ====
jUDDI (pronounced "Judy") is an open source Java implementation of the
Universal Description, Discovery, and Integration (UDDI) specification for
Web Services. Status: jUDDI is about to start the release vote on 2.0rc6.
This might be the last rc before 2.0 can go final. Development on jUDDI 3
has started. jUDDI 3.0 will support the UDDI v3 API. Some major technology
changes for jUDDI 3.0 are that it will leverage JAXB and JPA and hopefully
generate a lot of code that was handcrafted in jUDDI 2.0.
==== Apache Rampart ====
Rampart provides the WS-Security and WS-SecureConversation support for
Apache Axis2 using Apache WSS4J as the base. The configuration model uses
the WS-Policy framework and supports WS-SecurityPolicy specification.
"Rahas" module in Rampart implements the WS-Trust specification with a
security token service implementation and a client API to carryout token
exchanges with the security token service.
==== Apache Rampart/C ====
Apache Rampart/C is the security module for Apache Axis2/C. It's an effort
to implement WS-Security Specification 1.0. Rampart/C also comes with an
XML-Crypto library known as OMXMLSecurity. In addition Apache Rampart/C
configurations are based on security policy assertions as per WS-Security
Policy specificatoin 1.1
==== Apache Sandesha2 ====
Sandesha2 is an implementation of WS-ReliableMessaging specifications for
Apache Axis2. By using Sandesha2 you can add reliable messaging capability
to the Web services you have hosted in Axis2. You can also use Sandesha2
with Axis2 client to interact with already hosted web services in a reliable
manner.
==== Apache Sandesha2/C ====
Sandesha2/C is a C implementation of WS-ReliableMessaging
specifications(both 1.0 and 1.1) for Apache Axis2/C projects. Sandesha2/C
is inter operable with Axis2/Java implementation and .net implementations.
==== Apache Savan ====
Savan is a Publisher/Subscriber implementation for Apache Axis2.
Some new work has been happening on Savan, including cleanup and some
restructuring to get the sample working out of the box.
==== Apache Savan/C ====
Savan/C is a Publisher/Subscriber implementation for Apache Axis2/C projects
written in C Language.
==== Apache Axis2/C ====
Apache Axis2/C is an effort to implement Axis2 architecture in C. Apache
Axis2/C can be used to provide and consume Web Services.
==== Apache WSIF ====
Apache Web Services Invocation Framework (WSIF) is a simple Java API for
invoking Web services, no matter how or where the services are provided as
long as it is described in WSDL.
==== Apache WS-Commons ====
Apache WS-Commons is a collection of projects that are primarily used as
parts of various WS projects but useful even outside the WS space.
WS-Commons houses Apache Axiom - the streaming XML object model, Apache
XmlSchema - an object model to manipulate XML schema documents, Apache
Neethi - the WS-Policy implementation and various other smaller projects
such as tcpmon.
==== Apache Muse ====
Apache Muse is a Java implementation of WS-ResourceFramework,
WS-Notification, and WS-DistributedManagement. It provides code generation
tools and APIs that aid users in creating standards-compliant interfaces for
manageable resources. Muse-based interfaces can be deployed in a J2EE or
OSGi environment.
==== Apache XML-RPC ====
Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that
uses XML over HTTP to implement remote procedure calls.
No notable happenings.
-----------------------------------------
Attachment Y: Status report for the Apache Wicket Project
Status report for the Apache Wicket Project September 2008
Apache Wicket is a Java framework for creating highly dynamic, component
oriented web applications, and was established as an Apache project in
June 2007.
In memory of Maurice Marrink
Our community was shocked by the tragic death of Maurice Marrink on
August 1st, 2008. As the result of a tragic car accident, Maurice and
his brother Michel passed away, and left a gaping hole in their family.
Maurice joined the Wicket community in 2005, and was invited to join the
Wicket PMC in March of 2008. His involvement in our community is sorely
missed.
I have spoken with his family and they are proud of his achievements for
the Wicket community, and are comforted with the numerous tokens of
support they received.
The Wicket PMC is grateful to have worked with Maurice, he will be
missed.
Summary
Work on 1.4 and 1.3.5 continues, mailing list traffic during the summer
months was (fortunately) low, Wicket in Action was published. A
grassroots effort for a Wicket merchandise shop is stalled in PRC.
Community
No new committers were added, but we have a couple of folks we are
watching on the watch list.
Nino Martinez Wael had opened a merchandise shop with Apache Wicket
shirts, nappies, and mugs. The Wicket PMC was aware of this undertaking
and welcomes this effort. Communication with the PRC however is
difficult and slow, which has drained any energy Nino put forward into
his effort.
The Wicket community rejoices in the availability of Wicket in Action,
written by Eelco Hillenius and Martijn Dashorst over the course of
almost 3 years. This book has been anticipated for a very long time.
Software
No releases have been made in this period.
-----------------------------------------
Attachment Z: Status report for the Apache XMLBeans Project
On July 8, there has been a new official XMLBeans release v2.4.0 that
included numerous features and bug fixes requested by the community.
A few of the improvements in this release:
. Finer grained support for CDATA
. Upgraded support for Saxon 9
. Added more fine-grained control over XML to Java name mapping .
Add support for JVM-supported encodings . Advanced XPath and XQuery
support is provided through Saxon-9.0.0.4.
. Bug fixes
The community continues to grow both through presence on the mailing
list but also by adding a new committer. The project voted this quarter
on the addition of Wing Yew Poon as a new committer.
There are no other issues requiring board's attention at this time.
------------------------------------------------------
End of minutes for the September 17, 2008 board meeting.
Index