Index
Links: 2010 - All years
- Original The Apache Software Foundation
Board of Directors Meeting Minutes
March 17, 2010
1. Call to order
The meeting was scheduled for 12:00pm (Pacific) and began at
12:01 when a sufficient attendance to constitute a
quorum was recognized by the chairman. The meeting was held
via teleconference, hosted by Jim Jagielski and vmWare.
IRC #asfboard on irc.freenode.net was used for backup
purposes.
2. Roll Call
Directors Present:
Shane Curcuru
Doug Cutting
Justin Erenkrantz
Jim Jagielski
Geir Magnusson, Jr.
Brian McCallister (joined at 12:23)
Brett Porter
Greg Stein
Directors Absent:
Roy T. Fielding (excused)
Officers Present:
Philip M. Gollucci
Sam Ruby
Sander Striker
Craig L Russell
Officers Absent:
none
Guests:
Jacopo Cappellato
Chris Hostetter
Brian Fox (12:07)
3. Minutes from previous meetings
Published minutes can be found at:
http://www.apache.org/foundation/board/calendar.html
A. The meeting of January 20, 2010:
See: board_minutes_2010_01_20.txt
Approved by General Consent.
B. The meeting of February 17, 2010
See: board_minutes_2010_02_17.txt
Approved by General Consent.
4. Executive Officer Reports
A. Chairman [Jim]
A relatively quiet month, but with a few important items to report.
First, of course, is the coming members meeting, to be held via
irc next week. We look to have a nice set of nominated members.
Secondly, our Delaware Annual Report was due March 1st, but, last
I checked, despite numerous reminders and Emails starting from
December of last year, had not been prepared or submitted. A
status update would be appreciated.
I echo Justin's thanks to the committees for their efforts in
submitting their budgets. The hope and expectation that this
years budgeting process will be much smoother than last years
(no doubt it will be; last years was our first successful and
completed effort and so some "difficulties" was to be expected).
The foundation appears to be on solid ground.
B. President [Justin]
Many thanks to all of the committees for submitting their budget
requests and justifications for FY'10-11 in a timely manner!
I have asked the Fundraising committee to submit revised donor and
sponsorship projections for the new year. At this time, I do not
expect any serious fluctuations in the projections (that is, most
of our platinum, gold, and silver sponsors should renew and we
may be able to add some additional sponsors).
The draft budget is available for review at:
foundation:Finances/2010-budget.txt
I would like to ask all of the directors to review the budget
prior to the April meeting. Ideally, any concerns over specific
items should be raised prior the meeting to ensure a smooth
April meeting. I welcome any suggestions as to how we can have
a smooth review process as possible.
I gave a keynote at JASIG in San Diego on March 9th. They are a
higher-ed focused OSS group (celebrating their 10th anniv.
this year) and have reached a point where they are trying to
determine what's next and how JASIG can remain relevant over
the next decade. In addition to my keynote, I also talked
at length with members from the JASIG board and tried to
convey some of our experiences and lessons learned from Apache.
They have encountered many of the same dilemmas we have faced
over the years - in addition to some that we may face ourselves
in the future. I hope that our experiences are helpful and that
they continue to find success along their path!
I have a talk at OSBC in SF on March 17th and a panel session at
EclipseCon in Santa Clara on March 24th.
Justin notes that the 2010-budget.txt does not include any
ApacheCon income, as that income can't be relied on, we treat
any income that we do get as found money.
C. Treasurer [Geir]
Books are currently up to date as of 2010-03-14 for checking,
savings and credit card accounts.
Contributions:
- Current PayPal balance as of 03/17 is $19,205.51.
Contributions for Feb 2010 was about $100 This is not
reflected in statement of position below. We're seeing a
small increase in small amount reversals which is clearly a
new fraud vector of some sort (all are payments from comcast
addresses). I've tried to bring this up with PayPal, but
they don't seem interested. For now I keep refunding any
contribution that is claimed to be in error. The net is zero
for us.
- Funds for Facebook Gold sponsorship received.
- Invoice sent to Google for 2010 Platinum
- Note that we have the outstanding 50k from MSFT for the
platinum. I don't remember the payment arrangement, but just
a note for Serge and Greg. Let me know if there's some step
that I missed. I believe I've returned all necessary
paperwork to MSFT.
Tasks Done:
- all approved bills paid
In Progress:
- Sorting out what really needs to be done for DE filing and
report. There apparently was some confusion around
who was going to handle (I volunteered back in Dec, but thought
the direction was that Scy or MarCom would handle), and
right now, I believe that it's up to Sam and I to resolve.
- We apparently didn't file a Schedule A for FY2009 US Federal
Tax. Working with CPA to resolve.
- Need to get physical forms for 1099 for Sunstar. Will solve
this week (which is what I said last time...)
- invoice to GOOG for GSoC - priority
To Do:
- need to start gathering CC receipts from CC holders. E.g ACON09
1) Statement of Financial Income and Expense - February 2010 - Accrual Basis
Ordinary Income/Expense
Income
Interest Income 107.79
Contributions Income
Unrestricted 293.72
Total Contributions Income 293.72
Total Income 401.51
Expense
Bank Service Charges 446.37
Postage and Delivery 19.95
Professional Fees
Accounting 200.00
Total Professional Fees 200.00
Program Expenses
Infrastructure
Colocation Expenses 518.00
Hardware Purchases 3,578.38
Infrastructure Staff 18,500.00 (1)
Total Infrastructure 22,596.38
Public Relations
PRC Travel 198.45
Total Public Relations 198.45
Conference Expenses 80.53
Total Program Expenses 22,875.36
Total Expense 23,541.68
Net Ordinary Income -23,140.17
Net Income -23,140.17
Note 1 : Infra staff amount reflects a shift to paying
16Degrees (aka Gavin) before the first of the month to allow
wire issues to be sorted if they arise - therefore in this
month accrue two payments
2) Statement of Financial Position - As of February 28, 2010 - Accrual Basis
Feb 28, 10 Feb 28, 09 $ Change % Change
ASSETS
Current Assets
Checking/Savings
Paypal 12,513.63 10,335.23 2,178.40 21.1%
Wells Fargo Analyzed Account 200,779.19 156,914.69 43,864.50 28.0%
Wells Fargo Savings 285,169.98 98,688.88 186,481.10 189.0%
Total Checking/Savings 498,462.80 265,938.80 232,524.00 87.4%
Accounts Receivable
Accounts Receivable 90,000.00 110,000.00 -20,000.00 -18.2%
Total Accounts Receivable 90,000.00 110,000.00 -20,000.00 -18.2%
Total Current Assets 588,462.80 375,938.80 212,524.00 56.5%
TOTAL ASSETS 588,462.80 375,938.80 212,524.00 56.5%
LIABILITIES & EQUITY
Liabilities
Current Liabilities
Credit Cards
ASF Credit Card - Phil Golucci 1,191.96 0.00 1,191.96 100.0%
ASF Credit Card - Paul Querna 0.00 4,523.30 -4,523.30 -100.0%
ASF Credit Card - Ruby 39.90 39.90 0.00 0.0%
ASF Credit Card - Erenkrantz 198.45 2,790.10 -2,591.65 -92.9%
Total Credit Cards 1,430.31 7,353.30 -5,922.99 -80.6%
Total Current Liabilities 1,430.31 7,353.30 -5,922.99 -80.6%
Total Liabilities 1,430.31 7,353.30 -5,922.99 -80.6%
Equity
Retained Earnings 363,648.74 261,948.68 101,700.06 38.8%
Net Income 223,383.75 106,636.82 116,746.93 109.5%
Total Equity 587,032.49 368,585.50 218,446.99 59.3%
TOTAL LIABILITIES & EQUITY 588,462.80 375,938.80 212,524.00 56.5%
Geir to pursue IRS schedule A fix
Geir indicated that he was prioritizing the US government over
Delaware. Justin indicated that he would like to see both done
this week.
D. Secretary [Sam]
Minutes continue to be produced, documents filed, and acknowledgements
sent. The software-grants.txt file was updated to include an email
address to facilitate acknowledgements.
In the past, the primary responsibility (or more appropriately:
privilege) for sending out both the initial invitation and the final
welcoming to the ASF fell on the person who nominated the individual in
question. (I always double checked, but never found it necessary to
intervene). It would be trivial to adjust the secretary workflow to
send out the final acknowledgements, complete with pointers to
documents as new-member-resources.txt. We should discuss whether or
not this would be a good thing.
As to the DE annual report story: I ran into a brick wall: our
accountant and the state of Delaware don't seem to agree on whether or
not our obligations to file a 2008 tax return have been filed. That's
still being sorted out.
Board agreed that to have the secretary send out membership confirmation
emails.
E. Executive Vice President [Sander Striker]
Another quiet month, thanks to Justin doing a good job keeping up.
The discussion with respect to the EA has flared up again, which
reminded me of the ball I dropped there. I'll reconnect with Greg
Stein and will collect our previous thoughts on the matter, after
which I'll construct an RFP for review.
Executive officer reports approved as submitted by General Consent.
5. Additional Officer Reports
1. VP of JCP [Geir Magnusson Jr]
See Attachment 1
Geir confirmed that the Public Review Reconsideration Ballot was for
JSR 275.
2. VP of Brand Management [Shane Curcuru]
See Attachment 2
3. VP of Fundraising [Serge Knystautas / Jim]
See Attachment 3
4. VP of Marketing and Publicity [Sally Khudairi / Brett]
See Attachment 4
5. VP of W3C Relations [Sam Ruby]
See Attachment 5
General discussion on licensing, and the relative roles of the WHATWG
and the W3C.
6. Apache Legal Affairs Committee [Sam Ruby]
See Attachment 6
7. Apache Security Team Project [Mark Cox / Justin]
See Attachment 7
Shane to discuss the idea of a central public repository for all
security fixes in order to improve security communications with
the general public.
8. Apache Conference Planning Project [Noirin Shirley / Brian]
See Attachment 8
No report recieved. Brian to follow up
9. Apache Infrastructure Team [Philip Gollucci / Justin]
See Attachment 9
Geir asked about Technologent invoice, Phil to follow up.
SVN performance improvements are much appreciated!
10. Apache Travel Assistance Committee [Gavin McDonald / Geir]
See Attachment 10
Additional officer reports approved as submitted by General Consent.
6. Committee Reports
A. Apache APR Project [Bojan Smojver / Roy]
See Attachment A
Greg to contact APR about including heath of user and dev community
information, etc. in the board reports.
B. Apache Archiva Project [Maria Odea Ching / Doug]
See Attachment B
C. Apache Axis Project [Glen Daniels / Shane]
See Attachment C
D. Apache Camel Project [Hadrian Zbarcea / Greg]
See Attachment D
E. Apache Cassandra Project [Jonathan Ellis / Jim]
See Attachment E
Jim to put Cassandra in touch with Publicity
F. Apache Cayenne Project [Andrus Adamchik / Brian]
See Attachment F
G. Apache Click Project [Malcolm Edgar / Roy]
See Attachment G
H. Apache Commons Project [Phil Steitz / Geir]
See Attachment H
I. Apache Excalibur Project [Carsten Ziegeler / Brett]
See Attachment I
Brett to contact Excalibur and discuss whether moving to the
attic is appropriate.
J. Apache Felix Project [Richard Hall / Greg]
See Attachment J
K. Apache Gump Project [Stefan Bodewig / Shane]
See Attachment K
L. Apache Harmony Project [Tim Ellison / Doug]
See Attachment L
M. Apache HTTP Server Project [William A. Rowe Jr. / Justin]
See Attachment M
N. Apache iBATIS Project [Clinton Begin / Doug]
See Attachment N
Doug to pursue a report for iBATIS
O. Apache Incubator Project [Noel J. Bergman / Roy]
See Attachment O
Sam to inquire about LCF issue (re: NTLM?)
http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201002.mbox/%3C4B85C2B7.9080005Metacarta.com%3E
Jim to connect Etch to Community Development
P. Apache Jackrabbit Project [Jukka Zitting / Brian]
See Attachment P
Q. Apache Labs Project [Bernd Fondermann / Brett]
See Attachment Q
R. Apache Lucene Project [Grant Ingersoll / Greg]
See Attachment R
Board suggests: discuss, allow people enough time to
participate, then vote. And there is a general offer to all
projects to request a Director to participate as an impartial
advisor in controversial discussions.
S. Apache OFBiz Project [Jacopo Cappellato / Jim]
See Attachment S
Jacopo to provide an update next month
T. Apache OpenWebBeans Project [Gurkan Erdogdu / Justin]
See Attachment T
U. Apache Pivot Project [Greg Brown / Shane]
See Attachment U
V. Apache Portals Project [David Sean Taylor / Geir]
See Attachment V
W. Apache Quetzalcoatl Project [Gregory Trubetskoy / Justin]
See Attachment W
Greg to present options: new chair, attic or httpd
X. Apache Santuario Project [Raul Benito / Doug]
See Attachment X
Jim's action item remains open: at this point the project
needs either an adequate report or to go to the attic.
Y. Apache ServiceMix Project [Guillaume Nodet / Jim]
See Attachment Y
Note that the report was submitted late.
Z. Apache Shindig Project [Paul Lindner / Brian]
See Attachment Z
AA. Apache Sling Project [Felix Meschberger / Shane]
See Attachment AA
AB. Apache SpamAssassin Project [Daryl C. W. O'Shea / Geir]
See Attachment AB
Shane to inquire as to rules being published (released?)
without adequate oversight (e.g. a vote).
AC. Apache Subversion Project [Greg Stein / Greg]
See Attachment AC
AD. Apache Synapse Project [Paul Fremantle / Brett]
See Attachment AD
AE. Apache Tiles Project [Greg Reddin / Roy]
See Attachment AE
AF. Apache Tomcat Project [Mladen Turk / Jim]
See Attachment AF
AG. Apache Web Services Project [Glen Daniels / Justin]
See Attachment AG
Report to be provided next month, and every three months after
that.
AH. Apache Wicket Project [Martijn Dashorst / Roy]
See Attachment AH
AI. Apache XMLBeans Project [Cezar Andrei / Greg]
See Attachment AI
Greg to pursue a report for XMLBeans
Committee reports approved as submitted by General Consent.
7. Special Orders
A. Establish the Apache UIMA Project
WHEREAS, the Board of Directors deems it to be in the best
interests of the Foundation and consistent with the
Foundation's purpose to establish a Project Management
Committee charged with the creation and maintenance of
open-source software related to the analysis of unstructured
data, guided by the UIMA Oasis Standard, for distribution at
no charge to the public.
NOW, THEREFORE, BE IT RESOLVED, that a Project Management
Committee (PMC), to be known as the "Apache UIMA Project",
be and hereby is established pursuant to Bylaws of the
Foundation; and be it further
RESOLVED, that the Apache UIMA Project be and hereby is
responsible for the creation and maintenance of software
related to the analysis of unstructured data, guided by
the UIMA Oasis Standard, and be it further
RESOLVED, that the office of "Vice President, Apache UIMA" be
and hereby is created, the person holding such office to
serve at the direction of the Board of Directors as the chair
of the Apache UIMA Project, and to have primary responsibility
for management of the projects within the scope of
responsibility of the Apache UIMA Project; and be it further
RESOLVED, that the persons listed immediately below be and
hereby are appointed to serve as the initial members of the
Apache UIMA Project:
* Adam Lally <alally@apache.org>
* Bhavani Iyer <bhavani@apache.org>
* Burn Lewis <burn@apache.org>
* Edward Epstein <eae@apache.org>
* Jaroslaw Cwiklik <cwiklik@apache.org>
* Joern Kottmann <joern@apache.org>
* Jukka Zitting <jukka@apache.org>
* Ken Coar <coar@apache.org>
* Marshall Schor <schor@apache.org>
* Michael Baessler <mbaessler@apache.org>
* Sam Ruby <rubys@apache.org>
* Thilo Goetz <twgoetz@apache.org>
* Tommaso Teofili <tommaso@apache.org>
* Tong Fin <tongfin@apache.org>
NOW, THEREFORE, BE IT FURTHER RESOLVED, that Marshall Schor
be appointed to the office of Vice President, Apache UIMA, to
serve in accordance with and subject to the direction of the
Board of Directors and the Bylaws of the Foundation until
death, resignation, retirement, removal or disqualification,
or until a successor is appointed; and be it further
RESOLVED, that the initial Apache UIMA PMC be and hereby is
tasked with the creation of a set of bylaws intended to
encourage open development and increased participation in the
Apache UIMA Project; and be it further
RESOLVED, that the Apache UIMA Project be and hereby
is tasked with the migration and rationalization of the Apache
Incubator UIMA podling; and be it further
RESOLVED, that all responsibilities pertaining to the Apache
Incubator UIMA podling encumbered upon the Apache Incubator
Project are hereafter discharged.
Special Order 7A, Establish the Apache UIMA Project, was
approved by Unanimous Vote of the directors present.
8. Discussion Items
A. Jim would like to re-introduce the idea of a paid EA.
Tabled until a RFP is available to be discussed. Sander (and
possibly Greg) to develop a report. Discussion should not wait until
next meeting but rather occur on list as the budget is imminent.
9. Review Outstanding Action Items
* Roy: Follow-up with Buildr on their use of git.
Status: not done yet
* Roy: Update /dev with rule that invitation only dev meetings are OK,
provided that such meetings are discussed on the dev list, and
that all committers are included.
Status: not done yet
* Brett: Get with Carl Trieloff and suggest improvements to the
Qpid report so that it can meet board expectations.
Status: Keep. Only sent an initial message today, will
follow through until they next report.
* Greg: Get with Quetzalcoatl to see if it is expected to improve or if
the project should be moved to the attic.
Status: still no report. Action item is not to present options
of new chair, attic, or movement to HTTPD to the PMC.
* Roy: Suggest that Abdera recruit on the Atom lists.
Status: not done yet
* Serge: Coordinate thank-you letters with Geir.
Status: continuing
* Greg: Request a special report from Lucene & HADOOP on the status of
each subproject with respect to diversity and splitting out
as a TLP.
Status: not done yet
* Roy: Respond to the Incubator re: Traffic Server and international
marks.
Status: Done, remaining trademark permission received from Yahoo!
* Shane: Follow up on OpenWebBeans committer removal.
Status: Done. private@ mailing list had good discussion and
voting on committer changes, including the "removal" of a
name put on the original podling list, but who never
really participated in the podling or project. Sounds fine.
* Jim: Follow up with Santuario to either get a proper report and name a
new chair.
Status: Done. Whether what we rec'd is "proper" can and should
be discussed.
* Jim: Follow up with David on whether TCL should become a candidate
for the attic.
Status: David pinged. Keep open.
* Sam: File an Annual Report w/state of Delaware
Status: not done yet
* Sam: File JIRAs on officers access to mail archives
Status: not done yet
* Geir: Invoice Google for GSOC
Status : work started
* Greg: Pursue a report for Apache HTTP Server
Status : report present
* Doug: Contact Noel on various Incubator issues discussed in Feb
Status: Done. Noel responded in this month's report.
* Roy: To convey to Lenya the board's expectations for the contents of
the community section of board reports.
Status: not done yet
* Brett: Join the Logging private list
Status: Done. I got in touch with Curt and with the PMC to let
them know I was subscribed and that the points from the
last report had board attention. Will keep monitoring and
offer help where needed through the next few months.
* Jim: To request that Pivot reports include changes to PMC or
committers.
Status: Keep. Will have them start when quarterly (and add
in any changes that had been made up to then)
* Sam: Investigate Xalan licensing dispute.
Status: not done yet
10. Unfinished Business
11. New Business
12. Announcements
Jim was asked to join the BoD of the CodePlex Foundation and accepted
the offer.
13. Adjournment
Adjourned at 01:14 p.m. (Pacific)
============
ATTACHMENTS:
============
-----------------------------------------
Attachment 1: Report from the VP of JCP
Spoiler : no progress on the Java SE TCK issue.
General : Quiet with standard traffic of TCK-related support for projects.
EC : Apache was the first 'no' vote on the Public Review Reconsideration
Ballot (the JSR failed the first Public Review Ballot) and was eventually
joined by Google, Doug Lea, Oracle, Intel, Tim Peierls and Ericsson.
This is notable (for us) because it was explicitly for technical reasons (they
had no FOU or other license issues), and also it resulted in the termination
of the JSR. We voted no because the spec lead intended the JSR to go
into Java SE, and I felt that various factors such as technical quality
and completeness made this something that shouldn't happen.
We also had the first EC call with Oracle, the new Corporate Master of
the JCP, where Oracle provided us with an outline of their plans and
intentions going forward with the JCP, and a few words on the running
dispute with Sun/Oracle on the TCK license for Apache Harmony. In short,
now that the acquisition is finalized, they are reviewing all pertinent
material related to the TCK, and will get back to us around the end of
the month or shortly after.
While this wasn't unexpected, I and other EC members did voice our
frustration over the fact that Oracle has had a very clear and supportive
position with respect to the Apache/Sun Java SE TCK dispute for a
number of years now, and we couldn't understand what they could possibly
be thinking about.
That said, I don't recommend any action until we hear from them around the
end of the month.
-----------------------------------------
Attachment 2: Report from the VP of Brand Management
No board-level issues noted. Submitted a small budget to cover
registration of select ASF trademarks.
Operations And Community
========================
Sally/Serge/Shane f2f meeting now scheduled for next week, which should
allow us to publish more ideas and guidelines in our areas.
Seeking more input on trademarks@ on branding and marks principles.
External Requests
=================
Answered various non-infringing related questions.
Many thanks to Larry and Legal PMC for beginning work with Eclipse
on an understanding about the Eclipse Scout and Apache Scout projects.
This points out that part of our key branding guidelines includes
the use of Apache in our project and product names.
-----------------------------------------
Attachment 3: Report from the VP of Fundraising
Fundraising made progress this past month and will update the board
with respect to sponsors, donors, projections, and coordination. No
issues for the board at this point.
SPONSORS
No additions or removals of sponsors this past month.
I feel that Greg and I are doing a reasonably good job handling
incoming sponsorship leads and are doing ok responding to existing
sponsors. I need to make more of an effort to reach out and talk with
all of our existing sponsors to make sure they're happy.
The next step for sponsorship is to audit what we have. We offer 25%
value in kind donation, and I need to confirm when each sponsor
actually paid, compare that amount to the amount expected, and try to
track down the value in kind portion when appropriate.
DONATIONS
Progress on thank yous, but not complete. The letter has been
written, it was sent to one donor who was specifically asking for it,
I've reviewed the PayPal history and have those thank yous ready to go
out. I'm also discussing with Geir how to extra the donations via
wires and anything else coming in as donations that need thank yous.
While I was originally planning to, I ended up not involving
fundraising@ in the thank you letter process. I saw the two benefits
of involving them was spreading the workload and creating personalized
thank yous. For the first point, I didn't want to share paypal data,
so that left only trivial tasks that would take longer and more effort
to delegate. For the second point, we were so behind for 2009
donations that I decided I just wanted to get valid tax record letters
out and will focus on personal thank yous going forward.
COORDINATION
I'd like to use fundraising@ more. While fundraising@ is not a
committee, I do want to share more of my work on this list to provide
transparency and keep a record of what is being done. I have sent a
few questions to the list without much response. I think by
outlining specific tasks that I can get more involvement as I believe
people's interest (beyond monitoring what is going on) is in specific
areas. I think everyone would like to see more emails on
fundraising@, but I haven't had a lot to say yet.
The Board/Justin asked for budget, and we basically have none now that
the work is largely done by volunteers.
Similarly I was asked for projections for the upcoming year. I'm
reviewing this and will discuss on fundraising@ to see if people have
other opinions, but I'm expecting we do not see much change for this
year.
Finally, I'm flying to Boston on the 23rd for an all-day meeting with
Shane and Sally to work out ASF-wide marketing questions.
-----------------------------------------
Attachment 4: Report from the VP of Marketing and Publicity
- Budget: the proposed 2010-2011 budget was submitted to ASF President
Justin Erenkrantz for review by the Board in April. No additions or
changes were suggested by members of the Marketing/Publicity team,
however, Justin recommended we remove the "contingency" entry so that
all line items apply to specific expenses.
- M&P/Brand Management/Fundraising Meeting: Due to continued poor
weather conditions, the 9 February face-to-face worksession in Boston
with Shane Curcuru and Serge Knystautas is now rescheduled for 23 March.
Sally drafted an autoresponder for emails sent to prc@apache.org that
directs folks to the appropriate mailing list for Fundraising,
Trademarks/Branding, Marketing/Publicity, and Community Development.
This was forwarded to the Infrastructure team with a request to create
the autoresponder the week of 15 March.
- Press Releases: the following announcement was issued over PR Newswire
--
23 February - the 15th Anniversary of the Apache HTTP Web Server
The 15th anniversary of the HTTP Server received more than 1,700
mentions on Twitter within the first 8 hours of the announcement going
live.
- Media Relations: outreach continues, with the above press release
distributed under 24-hour embargo to our press/analyst-specific
distribution list. The embargo was honored with no violations.
- Future Announcements: Sally is currently discussing with the Tomcat
PMC announcement tactics to support the release of Apache Tomcat 7
- ApacheCon liaison: have begun discussions with the ApacheCon planners
for promoting the North America conference in Atlanta 1-5 November 2010.
Sally created placeholder copy for the ApacheCon Website, and will
continue to contribute to the site as needed. On the 10 March concall,
the primary focus was to align the conference with the ASF's
communications themes. This includes:
1. Apache: foundation of the Cloud
2. The Apache Way (ASF process) works!
3. Apache HTTP server - going from strength to strength
4. Ushering new innovations in the next decade (Incubator, Labs, new
releases, etc.)
The themes will be incorporated in both the technical and
business/community sessions.
Sally will be working with Luciano Resende to create the CFP and manage
the Business & Community Track. The CFP will be sent out the week of 15
March.
- Media/Industry Interviews/Outreach: we are coordinating press
interviews for Justin onsite at OSBC, as well as other key ASF members.
We coordinated an interview for Doug Cutting with a consultancy
regarding their new report on cloud computing.
Sally received a private query regarding the ASF's role in W3C and the
current activities on the HTML5 specification. She recommended liaison
with ASF's W3C AC Rep Sam Ruby, but the individual did not follow up.
We received a contract from OSCON to participate again this year in its
DotOrg Expo. Sally will review this opportunity with the M&P team, as
well as any PMCs wishing to participate. The event will take place 19-23
July in Oregon.
- Analyst Relations: we have engaged RedMonk on 9 March for strategic
advice and to leverage with outreach, networking, and media
opportunities. We will continue to work with analyst (Michael) Cote for
Media Training at ApacheCon; in addition to providing mini-briefings at
the end of the Introductory session, he also meets with PMC members of
several TLPs and Incubating projects. The cost of an annual subscription
is US$5,000.
- ASF Branding Research Project: Sally distributed the latest version of
the UInnsbruck/MIT questionnaire from PhD candidate Roland Schroll and
his advisor Johann Füller to community@ on 16 February. They
incorporated several changes based on excellent feedback received from
nearly 80 respondants, and are seeking +/-200 further replies. We will
leverage the RedMonk network to help get the word out. The questionnaire
can be accessed at
http://surveys.hyvelive.de/10_apache/p1.php?refGroup=Apache
- PR Newswire account: we have used 5 of the 10 pre-paid flat-rate press
releases on PR Newswire. The remaining releases are available until 6
October 2010.
- Contract with HALO Worldwide has been renewed; the new engagement runs
until 1 October 2010.
-----------------------------------------
Attachment 5: Report from the VP of W3C Relations
Voted YES on a poll to allow the HTML5 specification to be released by the W3C
under a more liberal license. There are two parts to this: the basic belief
that execution and community, not licensing, should motivate contributions;
and the fact that there are two copies of substantially the same spec (the
other published by the WHATWG), and only affect that restricting licensing on
one of those copies would be to make that copy less useful.
Additionally, the Apache License, Version 2.0 is among the licenses being
considered, and I indicated that the ASF would be in support of such a plan.
The AC meeting is on the 29th and 30th. I plan to attend and represent the
ASF. The HTML5 license issue is likely to be a hot topic.
-----------------------------------------
Attachment 6: Status report for the Apache Legal Affairs Committee
Light month. Two issues closed, two others discussed, and no issues opened.
Larry Rosen signed on behalf of the ASF a petition to the American Law
Institute to release their "Principles of Law of Software Contracts" for free
for review of the constituencies that care about it.
Discussion about documenting a more fine grained organization of the Legal
Affairs committee started and looks likely to peter out.
Initial planning work has begun to increase trademark coordination between the
ASF and Eclipse, impetus being the fact that there are unrelated projects
named Apache Scout and Eclipse Scout. Everything appears cordial.
Initial work has begun at the Mozilla foundation on a revision of the MPL.
One goal of the revision is to make it more obviously one-way compatible
(i.e., allowing Apache Licensed artifacts can be included in MPL licensed code
bases). The ASF supports this goal.
Yahoo! donated its Trademark registration for the Traffic Server to the ASF.
-----------------------------------------
Attachment 7: Status report for the Apache Security Team Project
Apologies, last status report had metrics labelled Dec 2009 but
actually was for Jan 2010.
For Feb 2010: There continues to be a steady stream of reports
of various kinds arriving at security@apache.org. These continue to
be dealt with by the security team.
4 Support question
1 Phishing/spam/attacks point to site "powered by Apache"
4 Vulnerability reports of which:
1 Vulnerability report [axis, via security@apache.org]
1 Vulnerability report [ofbiz, via security@apache.org]
2 Vulnerability report [httpd, via security@apache.org]
-----------------------------------------
Attachment 8: Status report for the Apache Conference Planning Project
-----------------------------------------
Attachment 9: Status report for the Apache Infrastructure Team
Philip Gollucci signed the annual service contract with Sun/Technologent
for ~$2K.
2 SSD's installed into eris(svn) to boost performance. Between our EU and
US svn servers we currently handle over 6M hits / day.
RAM ($1200) installed into eris(svn) and brutus(jira,bugzilla) to boost
performance.
Website traffic to our tlp's and www.apache.org is hovering around 10M hits a day.
Spam traffic continues to fall: we are currently seeing only about 600K
connections per day, down from its peak of 1.5 M connections a day in 2006.
Philip Gollucci worked some magic and has upgraded all of our FreeBSD boxes
to 8.0-stable. The old NGROUPS_MAX problem that previously limited users to
16 unix groups is a thing of the past.
Discussed and created a budget for FY 2010 worth ~$250K.
In discussions to purchase an Xserve from Apple for ~$6K.
Discussed an offer from a third party to host a virtual machine for us.
Ultimately the offer was declined.
Discussed plans for migrating Solaris zones to FreeBSD jails.
Aurora (websites) is down for an extended period of time until we can determine
whether or not to replace it immediately or have the machine serviced by a
Sun tech.
Gavin McDonald specced another dell for use as a build farm server for ~$6K.
Purchased a pair of Dell 5448 48-port managed switches for ~$1600.
Brad Davis of FreeBSD infrastructure subscribed to infra-private@.
Aristedes Maniatis was granted infrastructure-interest karma.
-----------------------------------------
Attachment 10: Status report for the Apache Travel Assistance Committee
Apache Retreat Ireland
======================
Judges scored applications and two were approved. One later decided to
pull out, so we have one TAC attendee for the retreat, a little
disappointing but this is our first 'smaller' event. An invoice for
flight reimbursement has been submitted.
ApacheCon NA 2010
=================
The next event we will be supporting is ApacheCon NA 2010. The process
should begin within the next month. The idea being this time we have
the application period open/close/accept before committers rates end
so that any declined applicants could still apply for early bird
registrations. (Last time it was the other way around).
General
=======
We were asked for, prepared, then submitted a budget for the next
financial year. It is higher than last year's approved budget but we
are expecting to support more events.
No changes to the committee membership.
-----------------------------------------
Attachment A: Status report for the Apache APR Project
The activity on the project in the last 3 months (Dec 14 2009 to Mar 15 2010)
was as follows:
APR trunk: 99 commits
APR 1.5.x: 14 commits
APR util 1.5.x: 8 commits
APR 1.4.x: 24 commits
APR util 1.4.x: 10 commits
APR 1.3.x: 19 commits
APR util 1.3.x: 2 commits
APR 0.9.x: 1 commits
APR util 0.9.x: 1 commits
APR iconv trunk: 0 commits
APR iconv 0.9.x: 0 commits
site: 3 commits
Current stable releases of APR are 1.4.2 and 1.3.12, released Jan 26 2010 and
Feb 11 2010, respectively. Legacy release 0.9.18 remained current + 1
security patch.
Current stable release of APR util is 1.3.9, released Aug 6 2009. Legacy
release 0.9.17 remained current + 1 security patch.
Current stable APR iconv release is 1.2.1, released Nov 15 2007.
As of Mar 15 2010, there were 108 APR related bugs outstanding in Bugzilla.
-----------------------------------------
Attachment B: Status report for the Apache Archiva Project
Releases
--------
* Archiva 1.3 was released on January 20, 2010.
Community
---------
* Joakim Erdfelt stood down from the PMC and requested to be moved to
emeritus status.
* vmbuild.apache.org was upgraded to Archiva 1.3.
Development
-----------
* The developers have planned a small set of issues for a 1.3.1 release,
while larger work occurs on trunk.
* A large change of the underlying infrastructure of Archiva was reviewed by
some of the developers and agreed to merge to trunk. This is in the process
of being polished and battle tested for release. The result is that the use
of a fairly inflexible database schema is replaced by a metadata content
repository, and a number of internal interdependencies are reduced.
Issues
------
No board level issues at this time.
-----------------------------------------
Attachment C: Status report for the Apache Axis Project
With the invaluable help of Gavin [insert much kowtowing and genuflecting
here] and the infra team, the Axis project is now plugging away... but with
a few loose ends still to tie. In particular we really need to get our new
website happening, and a few last tricky SVN bits from WS need to find a
home. We also need to get modernized and finish hooking up the whole
Hudson/Nexus framework for our builds. That said, we're rolling along fine
for now.
Activity on the new mailing lists is picking up on both the C and Java sides
now that people have gotten used to the switch from WS. Development activity
has also ramped up, with a number of people diving in to our long JIRA
backlog.
We added a bunch of stragglers from the WS project to our PMC, and settled
on a policy where committership == PMC membership, which we think should
create a greater feeling of ownership on the part of our committers going
forward.
No releases this month, nor any other particulars that require board
attention. I believe this is our final monthly report as a newly minted TLP,
and we now switch over to quarterly.
-----------------------------------------
Attachment D: Status report for the Apache Camel Project
Community:
* No issues that require the board attention.
* The community continues to be very active.
* Two new committers added: Ashwin Karpe and Stanley Lewis
* There are a few other very active contributors on our radar
Development:
* Development continues at the same intense pace on both trunk
and maintenance 1.x
* No plans to discontinue support for camel 1.x yet, but we
may need to discuss that soon.
* Most of the other projects using camel (we know of) already
upgraded to camel 2.x
Releases:
* Camel 2.2.0 released.
-----------------------------------------
Attachment E: Status report for the Apache Cassandra Project
Cassandra is a distributed database similar to Google's Bigtable
or Amazon's Dynamo.
--Highlights--
We're is getting a lot of positive press about Twitter's adoption of
Cassandra (see e.g. [1]). Cassandra will be represented at at least
one conference a month until Summer. OSCON specifically requested a
Cassandra tutorial.
[1] http://nosql.mypopescu.com/post/407159447/cassandra-twitter-an-interview-with-ryan-king
--Releases--
0.5.1, a bug fix release.
0.6 beta2, containing new features like row cache and Hadoop support
We will start voting on 0.6 RC1 soon.
--Community--
Mailing list participation is up, from 379 on -users in January to 419
in February to 237 as of this writing (2010/03/09) in March. IRC
participation is also up.
-----------------------------------------
Attachment F: Status report for the Apache Cayenne Project
Development
* Cayenne 3.1 development is now taking place in the trunk with 3.0 in a
maintenance branch. Cayenne 3.0 API is frozen and only bug fixes will
be done and perhaps a few Cayenne Modeler tweaks which are external to
the API.
* Updated tutorials for Cayenne 3.0.
* Released Cayenne 3.0 Release Candidate 1 (January 6).
* Released Cayenne 3.0 Release Candidate 2 (February 5).
* Resolved Hudson issues that were plaguing the automated build/test.
Community
* Activity on the user mailing list has been normal, but activity on
the development mailing list has been elevated due to the addition of
new committers in the previous quarter and the releases of RC1 and
RC2 plus discussions of new items going into 3.1.
-----------------------------------------
Attachment G: Status report for the Apache Click Project
Apache Click is an easy-to-use page and component oriented Java web framework.
Infrastructure
All TLP infrastructure tasks have been resolved
The website have been migrated to http://click.apache.org/
Development
v2.1.0 was released on the 10 February 2010
v2.2.0-RC1 is scheduled for release on the 31 March 2010
Community
Interest in Apache Click is growing. A new committer Finn Bock has
joined the project.
Mailing list traffic have been steady
-----------------------------------------
Attachment H: Status report for the Apache Commons Project
General
=======
Continued healthy activity across multiple components and
responsiveness on both dev and user lists.
Although Commons voted to sponsor the incubation of
agimatec-validation, the project decided in the end to have the
Incubator PMC sponsor the project instead.
Releases
========
Commons Parent pom.xml 13
Commons Build Plugin 1.2
Commons Daemon 1.0.2
Commons Lang 2.5
Commons DBCP 1.3 & 1.4
Commons JEXL 2.0
Community
=========
New Commons PMC Members:
Henri Biestro **
Bill Barker *
Mladen Turk
Ralph Goers
New Commons Committers:
Gilles Sadowsky
Dimitri Pourbaix
ASF Committers given Commons Sandbox access:
Simone Tripodi
Adrian Crum
Adam Heath
* pending Board Ack
** pending candidate acceptance and Board Ack
-----------------------------------------
Attachment I: Status report for the Apache Excalibur Project
There are no known issues.
Excalibur is stable and used by some projects. Again, this quarter has
been very quiet with zero activity, neither in the mailing lists nor in
subversion (and no releases of course).
-----------------------------------------
Attachment J: Status report for the Apache Felix Project
Community
* After numerous contributions to the Web Console subproject,
Valentin Valchev was offered committership and accepted.
* NetBeans 6.9 milestone includes Felix framework for its OSGi
integration support.
* Dependency Manager undergoing various additions, such as
annotation, aspect and adapter support.
Software
* Recent contributions:
o UPNP Plugin for the Web Console by Valentin Valchev.
* Recent subproject releases:
o Bundle Repository (1.4.3)
o EventAdmin (1.2.2)
o File Install (2.0.8)
o Framework/Main (2.0.3, 2.0.4)
o Framework Security (1.0.0) - With the release of this
subproject, the Felix framework is now passing all core
OSGi CT tests.
o Karaf (1.4.0)
o Maven SCR Plugin (1.4.2)
o SCR (1.4.0)
o Shell (1.4.2)
o Web Console (2.0.6)
Licensing and other issues
* OSGi CT made available to Felix community members who submitted NDAs.
-----------------------------------------
Attachment K: Status report for the Apache Gump Project
Infrastructure:
* No news is good news.
Technical:
* the installation is chugging along with active metadata
maintenance.
* we've updated the installed version of Maven to 2.2.1 which has
tightened its verification process for plugins or so it seems.
The current approach taken by Gump won't work anymore when we'd
want to perform integration tests for Maven plugins themselves,
but fortunately there currently is none followed by Gump that
would be under active development.
Other:
* still all Apache committers have access to metadata in svn.
* no releases.
-----------------------------------------
Attachment L: Status report for the Apache Harmony Project
Summary
=======
The Apache Harmony community remains healthy, and has recently
released new milestone builds. The lack of a JCK continues to be an
issue for Harmony.
Development and Releases
========================
The Harmony community published Apache Harmony 5.0 Milestone 12 on
December 5th. We later discovered that one source file had a
questionable header comment [1], so we replaced it with
Harmony 5.0 Milestone 12a on January 27th.
The next regular milestone, Apache Harmony 5.0 M13, was released on
March 10th, comprising a number of bug fixes and test case
enhancements. On the same date we also released the first milestone
from our 6.0 code stream. Apache Harmony 6.0M1 is the first stable
build available from the Java SE 6.0 API code stream, and while there
are still known missing APIs, this first milestone is already very
capable.
Harmony build and test is running smoothly on the Hudson systems.
Community
=========
There were no changes to the Harmony PMC or committers during the last
reporting period, and there are now 50 committers of which ~9 were
active this period.
The Harmony community have raised a number of proposed projects for
consideration by the Google Summer of Code participants.
Ref:
[1] http://markmail.org/thread/25csio5grqekr6cf
-----------------------------------------
Attachment M: Status report for the Apache HTTP Server Project
The most significant update at the Apache HTTP Server Project, of interest
to the entire foundation, is the careful reconsideration of all web content
and documentation around the word "Apache". The discussion of the best
naming convention continues at the docs@ list.
Where appropriate, the documentation is being restructured to use either the
title "Apache HTTP Server" (not 'web server' etc), or short name "httpd", as
appropriate. The hundreds-to-thousands of spurious references to "Apache"
are being reevaluated and in most cases, refactored away. This process began
based on recent members and board discussion of the continuing name confusion
around the "Apache" name, and was heralded in the 2.2.15 release
announcement. We hope to have a further update in May.
Since the November report, there were three tags against trunk (2.3-dev)
resulting in the first alpha 2.3.5 release from the project of this future
httpd. The project also approved legacy releases of 1.3 and 2.2. There also
appears to be some interest based on recent commits of releasing a 2.0
security update.
The 1.3.42 release was declared final and decisive by the httpd PMC, and is
not expected to be refreshed again. The announcement was carefully worded
to reflect this situation. Some security updates with critical severity will
continue to be published as patches to the 1.3 tree for the foreseeable
future.
On the community front, the project added one docs committer, Igor Galić.
Several PMC nominations were offered which attracted interest but no measure
of consensus. 10 years into this ASF project, it has become clear that the
PMC roster is far to large for a quorum, given absenteeism within this
committee.
The project will review the current private@ subscriptions, invite all absent
PMC members to rejoin (with multiple attempts) and after all have rejoined
who wish to remain PMC members, will submit to this board the list of
declines and non-responses. For precedent, the project will follow the same
methodology as was employed at the Apache APR Project, and appreciates the
support of the board in this endeavor. Past PMC members will be identified
as Emeritus and invited to rejoin active participation as their schedules and
interest permit.
The Apache [incubating] TrafficServer and HTTP Project meetup at Google this
past January was demonstrably successful, but much more so for TrafficServer,
who had packed well more than 80% of the room. The half dozen httpd folks in
attendance enjoyed learning of the direction of ATS and commiserated with the
very similar problem sets that TS is currently attacking, and addressed
several HTTP Project issues during this face to face opportunity. The Apache
HTTP Project extends its thanks to Google for making this space available,
and to Yahoo as well for its offer of space for this gathering.
Our thanks go out to Paul Querna and the rest of the infrastructure team who
have worked on the svnpubsub capability and our dist.apache.org server
facilities. The project is currently updating our internal docs for this
transition, and hope that some of this documentation can be recycled to other
adopters such as APR, Incubator's TrafficServer and many more. This service
should prove a tremendous asset to the Foundation's projects.
My personal apologies for the delay in delivering this for the February
meeting. The project will resume the normal reporting schedule with the May
report.
-----------------------------------------
Attachment N: Status report for the Apache iBATIS Project
-----------------------------------------
Attachment O: Status report for the Apache Incubator Project
The past month has gone well, with no issues requiring Board attention.
Actually, in terms of Incubator business (not per-project activity), it has
been a relatively light month.
Changes to the PMC in the past month:
Added: Glen Daniels, Karl Pauls, Greg Reddin
Removed: Jason van Zyl, Will Glass-Husain, Antoine Levy Lambert,
Berin Lautenbach, Phil Steitz, Roland Weber, Santiago Gala
Log4PHP is graduated to the Logging TLP. A new JSR-303 Bean Validation
(BeanValidation) project is starting, as is the Spatial Information Systems
(SIS) project.
There had been a question about Droid IP clearance issue, which turned out
to be a non-issue, with completely documented provenance. Discussion is on
general@i.a.o.
The Board raised a concern about WSRP4J. The project does appear to be
stuck at the moment, having lost all momentum due to the patent claim issues
that Apache Legal has subsequently covered to the satisfaction of the
project.
Of some concern is this month's ETCH report, where they express that they're
having trouble with community building, and are reaching out for help. If
anyone has some cycles to spare, please feel free to jump in and help!
As for Wiki Markup, I always make an effort to find and remove it all. If
any is remaining, it is an oversight.
-------------------------------------------
= Aries =
Aries will deliver a set of pluggable Java components enabling an enterprise
OSGi application programming model.
Aries entered incubation on September 22, 2009.
There are currently no issues requiring IPMC or Board attention.
The following sub-components are actively being developed:
* Application
* Blueprint
* JMX
* JPA
Several new sample applications have been developed to demonstrate the Aries
functionality.
A new component has been created to feed experience into the OSGi standards
process.
There has been a lot of activity on the mailing list this year indicating a
vibrant community is being built.
One new committer, Rex Wang, has been added. Redhat have started to
participate in the project.
We have begun the process of doing a 0.1.0 release and aim to release
shortly.
Top 2 or 3 things to resolve before graduation:
* Build community
* Create a release
* Address project scope concerns raised during acceptance vote
= Bluesky =
Did not report. The students are just back from vacation, and there was
some discussion of moving them back to a quarterly schedule. We'll ask for
an April report.
= Clerezza =
Clerezza (incubating since November 27th, 2009) is an OSGi-based modular
application and set of components (bundles) for building RESTFul Semantic
Web applications and services.
The are currently no issues requiring board attention.
Recent activity:
* IFP smushing (merge duplicate nodes based on inverse functional
properties)
* Replaced code with problematic license in triaxrs (url-encoding)
* Fixed problems with TDB based launcher (regression after update of Jena
TDB cause by incomatible versions)
* more complete HTTP support (OPTIONS *)
* Integration with UIMA for metadata generation using external services
like OpenCalais and AlchemyAPI
* Many bugfixes
* Discussing about Clerezza related project(s) for GSoC
Next steps:
* integration with Tika
Top 2/3 Issues before graduation:
* Get our website online, currently it's just a placeholder
* Prepare some easy-to-run demos to get people interested in Clerezza
* Prepare for a first release
= ESME =
Enterprise Social Messaging Experiment (ESME) is a secure and highly
scalable microsharing and micromessaging platform that allows people to
discover and meet one another and get controlled access to other sources of
information, all in a business process context.
ESME entered the incubator in 2008-12-02.
The following items have been performed since the last reporting period
* Ethan Jewett was accepted as an Apache committer.
* Completion of our first release (1.0 RC1) was our main focus. This
included getting the code-base release-ready, learning how to cut releases
and communicating on release goals / process within the community.
* Dealt with a legal issue involving a committer not wanting to remove
copyright information. Solved after long discussions on the apache-legal and
esme-dev mailing lists (thanks to all involved!)
* Started working on defining the JIRA items for the next release
* Collaboration with various Apache-external groups (Thingamy, SAP's
All-In-One)
* Users from various enterprises are using ESME in test installations
The following items are planned for the next reporting period:
* Work on new UI
* Further releases
* Integrate Stax deployment in daily Hudson builds
Top 2 or 3 things to resolve prior to graduation
* Increase community involvement in the project
* Multiple Apache releases
= Etch =
Etch was accepted into Incubator on 2 September 2008.
Etch is a cross-platform, language- and transport-independent framework for
building and consuming network services. The Etch toolset includes a network
service description language, a compiler, and binding libraries for a
variety of programming languages.
This last reporting period saw little activity (0 commits, 0 releases).
We're finding it hard to regain our momentum after the dissolution of our
team. James and Scott are using etch in their current projects, and Youngjin
would like to pick up the c-binding. What we lack is the organizational
energy to get things moving.
Some folks have submitted a c-binding for us to examine. Youngjin is going
to be looking at it. I've been shaking down the etch 1.1 release candidate
in my current project, and as soon as I can get my head out I plan to fix
the final administrative issues of the 1.1 release and try to kick it out
the door.
Release 1.1 is ready but needs some administrative polish before it is
*done*.
Release 1.2 is next in the pipeline.
Our continuous integration build problem will only be solved by one of us
hosting it at our new gigs. James and Scott are looking into this.
[!GavinMcDonald adds: I'm looking into adding Etch to CI stuff at ASF]
Outstanding items:
More community.. we have been Cisco-centered with just a few nibbles outside
of Cisco. Things are definitely changing with members employed or so to be
employed in different places. Building a stronger community remains our key
task. We wish we knew how.
= Hama =
Hama has been incubating since 19 May, 2008. It is a distributed scientific
computational package based on Hadoop Map/Reduce and BSP.
Recent Activity:
* We'd implemented, introduced the BSP (Bulk Synchronous Parallel) package
* Added a new committer, Hyunsik Choi
The following is planned for next reporting period:
* More documentations
* Re-factoring for improving the design of existing code
Before this project can graduate we need to encourage more participation in
the project and grow the community.
= Kato =
Kato was accepted into the Incubator on 6 November 2008.
Kato is a project to develop the Specification, Reference Implementation,
and TCK for JSR 326: the JVM Post-mortem Diagnostics API
Recent Activity:
* The project's first release M1-incubating was finally released.
The following is planned for next reporting period:
* The completion of the JSR-326 specification.
* Finalization of RI and JSR.
Before this project can graduate we need to encourage more participation in
the project and grow the community.
= Log4php =
Log4PHP is a logging framework similar to Log4J, but in PHP. The project
entered incubation in 2004, retired and restarted again on 2007-07-04. After
the first release, community feedback has increased.
The Log4PHP Community and the Logging PMC voted in favour of leaving the
Incubator and moving to the sponsoring Logging project. This has just been
confirmed with a vote by the IPMC, so Log4PHP has graduated!
There are still some resource moves etc that need to happen, but expect that
future Log4PHP reports will now come as part of the Logging report. Congrats
Log4PHP devs.
* Bugfixes on 2.0.0 has been done
* Several new ideas of improvements have been collected in the issue
tracker
* Apache Log4PHP 2.0.0 (Incubating) has been released on 12.12.2009
= Lucene Connector Framework =
Lucene Connector Framework is an incremental crawler framework and set of
connectors designed to pull documents from various kinds of repositories
into search engine indexes or other targets. The current bevy of connectors
includes Documentum (EMC), FileNet (IBM), LiveLink (OpenText), Patriarch
(Memex), Meridio (Autonomy), SharePoint (Microsoft), RSS feeds, and web
content. Lucene Connector Framework also provides components for individual
document security within a target search engine, so that repository security
access conventions can be enforced in the search results.
Lucene Connector Framework has been in incubation since January, 2010.
A list of the three most important issues to address in the move towards
graduation
1. End-user documentation needs to be converted into a usable form
1. Strategy is needed for developing an Active Directory authority service,
for mapping Kerberos principals to AD SIDs
1. Testing strategy under Apache needs development
Any issues that the Incubator PMC (IPMC) or ASF Board wish/need to be aware
of?
1. We'd like to know whether there is any official Apache position on
inclusion of NTLM implementations in ASF projects, since we've gotten mixed
signals on this from other developers. This represents a crucial piece of
functionality needed to support LiveLink, Meridio, SharePoint, RSS, and Web
connectors properly.
How has the community developed since the last report?
So far, most of the activity has been from the mentors and the committers,
but given the nascent state of the project this is not surprising, and we
expect interest to continue growing.
How has the project developed since the last report?
Lucene Connector Framework was voted into the Incubator in January 11, 2010.
The following has been done since then:
* Mailing lists set up
* Site created
* SVN area set up
* Code grant from MetaCarta accepted in early February, including Apache
2.0 headers on all pertinent files, and was committed to SVN at that time
* An ant build system for the Java code was created and tested
* Code was MetaCarta de-branded
* Code was formatted in accordance with Apache standards
* Issues related to upstream propagation of features into other Apache
projects were opened
* Documentation for building and hand setup was committed
At this point the project is buildable and usable.
= OODT =
OODT is a grid middleware framework for science data processing, information
integration, and retrieval. OODT is used on a number of successful projects
at NASA's Jet Propulsion Laboratory/California Institute of Technology
(http://jpl.nasa.gov/), and many other research institutions and
universities.
A list of the three most important issues to address in the move towards
graduation
1. Port OODT code and license headers into ASF license headers
2. OODT contributions from at least 2 other organizations besides JPL
3. At least one OODT incubating release, hopefully in the first few months
Any issues that the Incubator PMC (IPMC) or ASF Board wish/need to be aware
of?
No, not at this time.
How has the community developed since the last report?
So far, most of the activity has been from the mentors and the committers,
but we expect interest to continue growing. Chris Mattmann has been
mentioning OODT over in the Lucene community.
How has the project developed since the last report?
OODT was voted into the Incubator by the IPMCon January 22, 2010.
All mailing lists have been set up, all SVN accounts are up, and karma has
been granted to all OODT committers. So far, three OODT committers have
stepped up and begun to discuss issues on the mailing lists, and tackle
some issues. Sean Kelly and Chris Mattmann worked with Joe Schaefer and
Justin Erenkrantz to get the OODT initial code drop from NASA into Apache
SVN. As of http://issues.apache.org/jira/browse/OODT-1 and
http://issues.apache.org/jira/browse/OODT-2, the work is completed on the
initial code drop. Sean McCleese has been pouring through
http://issues.apache.org/jira/browse/OODT-3, taking the action to update the
OODT source code with ASF 2.0 license headers. Chris Mattmann took care of
some of the initial work, checking in a README, NOTICE, CHANGES and LICENSE
set of files into the OODT source.
= RAT =
No IPMC or Board issues requring attention.
RAT remains quiet but steady. A major PITA of the website not building
correctly was solved by Brian Fox. Some Jira issues were attended to and
patches committed. More and more projects are using RAT for their checks,
some adding as a Maven goal before doing a release, others via Buildbot or
other CI tools as part of their commit and check process.
= River =
River is aimed at the development and advancement of the Jini technology
core infrastructure. Jini technology is a service oriented architecture that
defines a programming model which both exploits and extends Java technology
to enable the construction of secure, distributed systems which are adaptive
to change. River has been incubating since December 2006.
Interest and participation has increased and we are hoping to pick up some
new committers as a result. A new release candidate has been submitted and
is available for review at:
http://people.apache.org/~peter_firmstone/
The source is also available from svn at:
https://svn.apache.org/repos/asf/incubator/river/jtsk/branches/2.1.2
We are currently in a voting period for Apache River Incubator Release
2.1.2.
Recent activities have focused on easing development and streamlining the
build process
and a significant number of bugfixes.
Issues before graduation:
* Migrate packages to org.apache.river
* Increasing participation, further growth of the developer community.
= SIS =
Apache SIS is a toolkit that spatial information system builders or users
can use to build applications containing location context. This project will
look to store reference implementations of spatial algorithms, utilities,
services, etc. as well as serve as a sandbox to explore new ideas. Further,
the goal is to have Apache SIS grow into a thriving Apache top-level
community, where a host of SIS/GIS related software (OGC datastores,
REST-ful interfaces, data standards, etc.) can grow from and thrive under
the Apache umbrella.
A list of the three most important issues to address in the move towards
graduation
1. Inclusion of more of a diverse community around SIS (maybe one more
organization besides AT&T Interactive and NASA JPL)
2. At least one SIS incubating release, hopefully in six months
3. Inclusion of point-radius, bounding box and polygon functionality into
the first few releases
Any issues that the Incubator PMC (IPMC) or ASF Board wish/need to be aware
of?
No, not at this time.
How has the community developed since the last report?
There was a lot of positive interest from the Incubator community during
the SIS proposal and voting process. We recently stood up our mailing lists
and have begun to report JIRA issues, so we hope those are positive first
steps to building an Apache-based community. Chris Mattmann discussed SIS
over in the Lucene community as something to watch in terms of a common
place for spatial code for Solr and Lucene to reside.
How has the project developed since the last report?
SIS was voted into the Incubator by the IPMC on February 21, 2010.
All mailing lists have been set up, all SVN accounts are up, and karma has
been granted to all SIS committers. Sean McCleese and Patrick O'Leary
volunteered to be list moderators, and Chris Mattmann has reported two JIRA
issues, http://issues.apache.org/jira/browse/SIS-1 (import Local Lucene
code), and http://issues.apache.org/jira/browse/SIS-2, stand up the SIS
website. We will also begin work soon on porting the license headers for
Local Lucene into SIS ASL 2.0 headers, and to port the package names for
code (JIRA issues to be filed on this).
-----------------------------------------
Attachment P: Status report for the Apache Jackrabbit Project
Apache Jackrabbit is a fully conforming implementation of the Content
Repository for Java Technology API (JCR, specified in JSR 170 and 283).
The Apache Jackrabbit project is in good shape. We have no board-level
issues at this time.
o Releases
Jackrabbit 2.0 was released in January after all the main issues in
previous beta releases had been fixed:
* Apache Jackrabbit 2.0 beta5 on January 11th
* Apache Jackrabbit 2.0 beta6 on January 18th
* Apache Jackrabbit 2.0.0 on January 27th
We also made one maintenance release from the 1.6 branch:
* Apache Jackrabbit 1.6.1 on January 21st
o Legal
We have updated our NOTICE files as discussed in LEGAL-62 and LEGAL-59.
o Community / Development
No new committers were added in this quarter.
With Jackrabbit 2.0 out, we've started discussing about what we want to
achieve in Jackrabbit 3, our next major release. These design discussions
have been pretty lively and it's good to see many voices from outside the
core development team participating in the email threads. The first bits
of related prototype code have already hit our sandbox area in svn.
o Infrastructure
No open issues.
-----------------------------------------
Attachment Q: Status report for the Apache Labs Project
Apache Labs hosts small and emerging projects from ASF committers.
[SUMMARY]
Activity in Labs was low but steady in last quarter.
Nothing requiring special board attention this time.
[DETAILS]
== Labs Statistics ==
- new: 1
- status changes (last 3 months): 0
- total number: 31
- active: 25
- idle: 1
- promoted: 2
- completed: 3
- labs with commits: magma, fluid, clouds, amber, pulse
== New Labs =
amber (PI: Simone Tripodi): "A Java development framework mainly aimed
to build OAuth-aware applications" This lab aims to be a from-scratch
re-implementation of a software the PI has been involved in before.
== Re-activated labs ==
None.
== Completed labs ==
None.
== Community ==
Nothing requiring board attention.
== Lab hacking ==
We had two commits for Lab fluid attributed to multiple non-committers
(r886691, r886729).
It wasn't clear which contributions came from the PI or other people
and the PI was unwilling to supply this information in detail and
split commits into appropriately attributed pieces and re-commit. So
finally, the PMC reached consensus and removed this code from
svn. Unfortunately, this resulted in a frustrated PI.
-----------------------------------------
Attachment R: Status report for the Apache Lucene Project
=== Lucene Status Report: March, 2010 ===
TLP
The TLP is considering some restructuring of subprojects
per Board suggestions in December. Solr and Lucene
are merging committers (there is already quite a
bit of overlap) and development efforts, but maintaining
separate user lists and artifacts.
Mahout and Tika have both begun discussions on becoming
TLPs and all signs are positive for such a move, but there is
no board resolution to consider yet.
The TLP has elected to sponsor incubation of the Lucene
Connectors Framework. The project is now underway in
the incubator. We expect this project will become
a TLP as well.
Added Mark Miller as a PMC Member.
LUCENE JAVA
Lucene Java is a search-engine toolkit. Development has been
active and we have released 2.9.2 and 3.0.1.
Added Chris Male as a committer.
SOLR
Solr is a full text search server. Development and the community
is active. Community is working toward a 1.5 release.
NUTCH
Nutch is a web-search engine: crawler, indexer and search runtime. Bug fixes
and other improvements have been flying by, with many of the issues being
addressed by new Nutch committer Julien Nioche. Work has been performed to
integrate Tika parsing into Nutch (in addition to the existing work to
integrate Tika's mime detection functionality). Community is working towards
a 1.1 release.
Added Julien Nioche as a committer.
LUCY
Lucy is a loose C port of Lucene targeted at dynamic language bindings. Basic
thread support for the object system was completed. The community decided to
transition from C89 to a dialect defined by the intersection of C99 and C++.
LUCENE.NET
Lucene.NET is a .NET based port of Lucene Java. Development and the
community are active.
Community is working towards a 2.9.2 release.
Added Michael Garski as a committer
MAHOUT
Apache Mahout is working towards building a suite of scalable machine
learning libraries for text and data mining. Development is active
and we are working towards a 0.3 release. The Mahout community has
begun discussing becoming a TLP and will likely request such a move
after the 0.3 release is final.
Added Drew Farris as a committer.
Added Benson Margulies as a committer.
Open Relevance Project
The Open Relevance Project is a new project aimed at providing Lucene
and others tools for judging the quality of search and machine
learning approaches.
We added support for a third test collection: the TREC9 filtering
corpus, added documentation, and improved use with Lucene's
benchmarking package.
PyLucene
PyLucene is a Python integration of Lucene Java. Development is
active. PyLucene 3.0.1-1 and 2.9.2-1 were released this quarter.
TIKA
Apache Tika is a toolkit for detecting and extracting metadata and
structured text content from various documents using existing parser
libraries. Progress has been steady, with 2 remaining issues in JIRA ready
for a 0.7 release, which should happen likely within the next month or so.
-----------------------------------------
Attachment S: Status report for the Apache OFBiz Project
The Apache Open For Business Project (Apache OFBiz) is an open source
enterprise automation software project. By enterprise automation we mean:
ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM, and so on.
We have no issues that require Board assistance at this time. However we
know that there are some concerns about the OFBiz release strategy and we
want to assure the Board that we are aware of the ASF policies about
releases, that we are taking in serious consideration the concerns and in
fact we are discussing a different release strategy that will work well
for OFBiz and will be in line with the ASF policies.
*Community and Project*
- Community interaction remains strong, user and dev mailing lists traffic
is high, here are the number of subscribers to project mailing lists in
early March:
user@ofbiz.apache.org: 718
dev@ofbiz.apache.org: 466
commits@ofbiz.apache.org: 218
- number of commits (from 2009-12-10 to 2010-03-10) is 1132
- Significant new development continues, for highlights see:
http://cwiki.apache.org/confluence/display/OFBIZ/Main+New+Features
- Apache Commons has granted Adrian Crum (OFBiz PMC member) karma to move
the OFBiz conversion framework to Apache Commons sandbox, with the goal
being to have it replace their abandoned Convert project
- Jacopo Cappellato has been voted new PMC Chair after the resignation
from this role of David Jones; David is still actively involved in the
project both as PMC member and committer
- No new committers or PMC members
*Infrastructure/Legal*
- We have recently completed the migration of all our resources to official
ASF servers, managed by ASF Infra. However, because of the migration, we
are still having some issues, but we are working with Infra to fix them
(see Jira tickets INFRA-2483, INFRA-2482 and its subtasks)
- We have also requested a legal advice for a minor license issue
(see Jira ticket LEGAL-69)
-----------------------------------------
Attachment T: Status report for the Apache OpenWebBeans Project
OpenWebBeans is an ASL-licensed implementation of the JSR-299: Contexts and
Dependency Injection for the Java EE platform which is defined as JSR-299.
OpenWebBeans has graduated from the Incubator in 16, December 2009.
--Summary--
* Mostly working on bug-fixing.
* We have released M4.
--Current Development Status--
* Steadily coding on implementation to cover all specification.
* Working on bug-fixing and refactoring.
* Working on JSR-299 TCK-Standalone for being fully compatible.
* Working on documentation project to improve guides etc.
--Future Development Plans--
* Release a 1.0.0 version with full spec coverage.
* Starting to integrate with Geronimo Server.
* Working on JSR-299 TCK Integration tests.
--New Releases--
M4 has released.
-- Discussions--
* OpenWebBeans core must not depend on any
Java EE APIs such as, servlet, jsf, jsp etc.
therefore it can be used in lots of places.
* Remove log4j logging and use standard JDK logging.
--Community--
We have a new committer, Ying Wang.
-----------------------------------------
Attachment U: Status report for the Apache Pivot Project
Apache Pivot is a platform for building rich Internet applications in Java.
Pivot graduated from the Incubator in December 2009.
We are continuing to work on Pivot 1.4.1, which we expect to release within
the next month or so. We have also begun some preliminary discussion about
Pivot 2.0, which will most likely be the next major release.
Note that will be be the last monthly report for Pivot. We will be switching
to a quarterly report moving forward and will report again in June.
-----------------------------------------
Attachment V: Status report for the Apache Portals Project
-- New releases --
none
-- New committers --
none
-- Status --
1. Pluto JSR-286 Portlet API 2.0 Specification Release
No new core work since release of Portlet 2.0 Specification compliance
earlier this year.
2. Jetspeed-2
Nearing a new release of version 2.2.1. Also working towards a bug
fix release for the 2.1.x branch, version 2.1.4
The new 2.2.1 release will contain several new features including:
- New Web 2.0 Client Side Customization Engine
- A Jetspeed Toolbar for one-click customization
- REST Customization APIs
Hope to start vote process for both 2.1.4 and 2.2.1 release in March 2010
3. Portals Applications
Continued maintenance and contributions to 1.0 applications released
in May 2009 from community and committers
-----------------------------------------
Attachment W: Status report for the Apache Quetzalcoatl Project
-----------------------------------------
Attachment X: Status report for the Apache Santuario Project
-----------------------------------------
Attachment Y: Status report for the Apache ServiceMix Project
The following releases have been performed:
* commons-pool 1.4_1 bundle
* commons-pool 1.5.4_1 bundle
* dozer 5.2.0 bundle
* jetty 6.1.22 bundle
* protobuf 2.2.0 bundle
* JBI maven plugin 4.2
* JBI maven plugin 4.3
In progress:
* 2010.01 servicemix components release is under vote
* ServiceMix 3.3.2, ServiceMix NMR 1.1 and ServiceMix 4.2
releases will be started as soon as components are released
* DocBook based documentation is progressing
No change in the committers or pmc members list.
-----------------------------------------
Attachment Z: Status report for the Apache Shindig Project
Apache Shindig is an Opensocial Reference implementation in wide use by
both social networks and enterprise software. Shindig graduated from the
Incubator in January 2010.
Community
=========
* New committer Jacky Wang, giving us better PHP support
* Increasing activity on dev list
* The Shindig PMC has no issues that require board attention
Releases
========
* no project releases
* shindig web site now updated to reflect graduated status
Ongoing work
============
* Work on a 1.1 release is ongoing.
* Major refactor of the gadget rendering pipeline taking place.
-----------------------------------------
Attachment AA: Status report for the Apache Sling Project
Sling is an OSGI-based scriptable web framework that uses a Java Content
Repository, such as Apache Jackrabbit, to store and manage content.
Sling graduated as a TLP on June 17th, 2009.
There are no issues which require board attention at the moment.
Community
* New committer: Eric Norman (17. Feb 2010)
Releases
* Apache Sling Event 2.3.0, Apache Sling Scripting Core 2.1.0,
Apache Commons MIME 2.1.4, and Apache Sling FileResource Provider 1.0.0
(March 1, 2010)
* Apache Sling Sample Path Based Resource Type Provider 2.0.4
(February 22, 2010)
* Apache Sling Event 2.2.0, Apache Sling Scripting API 2.1.0, and Apache
Sling Thread Dumper 0.2.0 (Feburary 19, 2010)
* Apache Sling JCR WebDav 2.0.8, Apache Sling JCR ContentLoader 2.0.6,
Apache Sling JCR UserManager 2.0.4, Apache Sling JCR Server 2.0.6,
Apache Sling JCR AccessManager 2.0.4, Apache Sling JCR Base 2.0.6
(February 17, 2010)
* Apache Sling Commons ClassLoader 1.1.4, and
Apache Sling JCR ClassLoader 3.1.0 (February 8, 2010)
* Apache Sling JCR API 2.0.6 (January 29, 2010)
* Apache Sling Commons ClassLoader 1.1.2,
Apache Sling Commons Scheduler 2.2.0, Apache Sling Commons Threads 3.0.0,
Apache Sling Event 2.1.0, and Apache Sling Servlets Get 2.0.8
(December 21, 2009)
* Apache Sling MIME type mapping support, Version 2.1.2 (December 15, 2009)
Documentation
Website documentation is steadily improving.
Licensing and other issues
none
-----------------------------------------
Attachment AB: Status report for the Apache SpamAssassin Project
Status report for the Apache SpamAssassin Project
- SpamAssassin got a little publicity at the start of the year due to a
bug in one of our rules that caused the rule to hit on most mail sent
on or after Jan 1, 2010. The rule added, depending on scoreset in
use, up to 3.4 points to the message, effectively reducing a default
threshold of 5.0 to 1.6. This would have increased the rate at which
ham would be falsely marked as spam to approximately 2%.
As soon as we became aware of the situation on Jan 1, 2010 we
published an update via our sa-update automatic rule updates and
started getting the word out (project home page, ASF Blog, all
SpamAssassin mailing lists and committers@apache.org) that people
needed to update their rules. Within 40 hours over 100,000 sites had
updated their rules. Another 100,000 were updated in the following
24 hours.
- SpamAssassin 3.3.0 was released on Jan 27, 2010. Like previous
releases, 3.3.0 catches more of today's spam than older releases.
The release has been well received with no significant issues
reported by the approximately 10% of sites that have already upgraded
from 3.2.x versions.
- Sally Khudairi assisted in releasing a press release announcing the
release of Apache SpamAssassin 3.3.0, the project's first major
release in two years.
- The SpamAssassin PMC Chair continues to follow the legal-internal
list; everything there is currently in an OK state in regards to the
SpamAssassin project.
- The project started publishing fully automated rule updates (after
the rules pass through a series of automated QA steps). We expect
that some teething issues will inevitably pop up, and one has so far,
so we're keeping a close eye on it.
- Infra has setup a 'spamassassin_role' svn account for our automated
rule update processes to use. The account will only be used to
commit automated changes to our DNS zones and changes to our rule
updates generated by our statistically driven rule update processes.
As always, all intellectual property coming into the project will be
via a commit by a committer and not via this 'spamassassin_role'
account.
- The SpamAssassin project has talked to Infra about getting the
spamassassin.org DNS zone's hidden master moved to people.apache.org.
It is currently running on spamassassin.zones.apache.org, which Infra
is not in favour of. The SpamAssassin project agrees that, while
less convenient for the SpamAssassin project, having the
spamassassin.org zone's hidden master on people.a.o would be a more
reliable setup since people.a.o's uptime is higher in priority, for
Infra, than the Solaris zones.
- We continue to have an issue with one individual causing unrest on
the SpamAssassin Users' mailing list. After we removed him from the
mailing list in December for harassing users and vendors (of DNSBLs)
he signed back up using a new name. The new name behaved for quite
some time so we let it be rather than starting a game of
whack-a-mole. Now, recently, he's started posting with another new
name. This new name is back to causing unrest. If the issues
persist we may have to start a game of whack-an-IP and have Infra
start blocking his IP. We'll let the Board know if we take any
action to remove the user again.
--Daryl C. W. O'Shea, on behalf of the SpamAssassin PMC.
-----------------------------------------
Attachment AC: Status report for the Apache Subversion Project
** Board Issues
The Subversion project has no Board-level issues at this time.
** Community
We have seen a solid migration of our user and development community
from our tigris.org ancestry over to the new ASF infrastructure. The
new user list is very active; the development community had very few
issues and has continued at a fast and healthy rate of development.
One new committer was added: Daniel Näslund
** Releases
1.6.9 was released at the end of January (as reported in February, as
part of our podling report)
No releases are planned in the near-term. We typically release updates
every 4-6 weeks, so it is reaching the point for a 1.6.10, but we have
no pressing bug fixes or community interest (yet) in doing this. But
historically, it is likely we will craft up a release within the next
two months.
The community is targeting Summer 2010 for our major 1.7 release,
incorporating a complete revamp of the client-side operation, for
speed and stability.
** Other
Our transition from Incubator to TLP status has gone smoothly, simply
because we *started* our ASF infrastructure setup as if we were a TLP.
No changes were needed. We still need to move our issue tracker over
to the ASF infrastructure.
Much time as been spent lately on a website revamp. We've taking the
transition as an opportunity to re-examine users' needs and how our
website can best address that. There have been many examples at
apache.org on how to best (or not!) help users seek the information
they need.
There is a Subversion event being planned in Berlin, in June,
primarily sponsored by Elego. There will be a hackathon, along with a
more structured program at that event. There will also be a gathering
of a number of Subversion developers in New York City around March
25th, which will primarily be an informal discussion (over beers?)
rather than a formal hackathon or program.
The Subversion project will be jostling for a couple GSoC students
this summer. Mentors and summer projects are being identified, along
with engaging the Community Development people.
-----------------------------------------
Attachment AD: Status report for the Apache Synapse Project
Community
The Synapse community keeps going well. Mailing list traffic is solid
and continuous, with new users on a regular basis.
Releases
The 1.3 release is taking longer than expected due to dependencies on
other projects.
Board issues
None identified.
-----------------------------------------
Attachment AE: Status report for the Apache Tiles Project
The Apache Tiles project continues to tick along with no major changes. We have
not made any releases this quarter or added any new committers. Antonio posted
a blog entry about his vision for Tiles 3. He has been actively pursuing this
vision in the Tiles Sandbox. The blog posting can be found here:
https://blogs.apache.org/tiles/entry/abstracting_requests_and_templates
The Tiles user community continues to be steady with discussion of users'
questions and issues. There are currently no issues that require board
assistance.
-----------------------------------------
Attachment AF: Status report for the Apache Tomcat Project
Summary
--------------
The project continues to be active on a number of fronts.
There are no issues requiring Board attention at this time.
Releases
-------------
We have released Apache Tomcat 6.0.24 and 6.0.26.
We have released Tomcat Connectors 1.2.30. Version 1.2.29 was
released but later withdrawn because of regression in IIS connector.
And we have also released Tomcat Native versions 1.1.19 and 1.1.20.
Security
------------
We've been working closely with security issue reports and the Apache
Security committee on quickly replying to issues, resolving them, and
coordinating public disclosures.
CVE-2009-2693: Arbitrary file deletion and/or alteration on deploy
When deploying WAR files, the WAR files were not checked for
directory traversal attempts. This allows an attacker to create
arbitrary content outside of the web root by including entries
such as ../../bin/catalina.sh in the WAR.
CVE-2009-2901: Insecure partial deploy after failed deploy
By default, Tomcat automatically deploys any directories placed
in a host's appBase. This behaviour is controlled by the autoDeploy
attribute of a host which defaults to true. After a failed undeploy,
the remaining files will be deployed as a result of the
autodeployment process. Depending on circumstances, files normally
protected by one or more security constraints may be deployed without
those security constraints, making them accessible without
authentication. This issue only affects Windows platforms.
CVE-2009-2902: Unexpected file deletion in work directory
When deploying WAR files, the WAR file names were not checked for
directory traversal attempts. For example, deploying and undeploying
...war allows an attacker to cause the deletion of the current
contents of the host's work directory which may cause problems for
currently running applications.
Development
-------------------
Development was concentrated mainly on fixing bugs for the current
releases and pushing those releases out.
Recent months have seen further significant reductions in the bug
backlog for Tomcat 5 & 6. Unresolved bugs now number ~20 with the oldest
opened around a month ago.
Tomcat 7 development is progressing. The JSP 2.2 and EL 2.2
implementations are complete and pass the TCK. The Servlet 3.0 is nearly
complete with just the asynchronous work and the TCK testing remaining.
The hope is to have a TCK compliant Tomcat 7 release by the end of March.
Community
-----------------
Tim Whittington was elected as new Apache Tomcat committer.
Konstantin Kolinko was voted onto the Apache Tomcat PMC.
Also a few of us will be present at Apache Retreat in Ireland
next month. We have also invited a few users that are very active
and helpful at Apache Tomcat users list, hoping that will
encourage them for eventual development involvement.
-----------------------------------------
Attachment AG: Status report for the Apache Web Services Project
-----------------------------------------
Attachment AH: Status report for the Apache Wicket Project
Apache Wicket is a Java framework for creating highly dynamic, component
oriented web applications, and was established as an Apache project in
June 2007.
Things worthy of note:
- Released Apache Wicket 1.4.5, 1.4.6 and 1.4.7
- Development for 1.5 is ongoing and finally all unit tests are working
again due to the relentless efforts of Matej Knopp (breaking it),
Igor Vaynberg (fixing it) and Juergen Donnerstag (keeping the builds
running).
Additions/Removals
No changes in the PMC or committer lineup. Our prospected newest
addition is trying to finish thesis right now and will let us know when
he is ready.
No issues require attention from the board.
-----------------------------------------
Attachment AI: Status report for the Apache XMLBeans Project
------------------------------------------------------
End of minutes for the March 17, 2010 board meeting.
Index