incubator-heraldry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dick Hardt <>
Subject Re: mailing list participation (was: Re: Getting Updated JanRain Code In)
Date Thu, 01 Feb 2007 16:17:07 GMT

On 1-Feb-07, at 12:05 AM, Ted Leung wrote:

> On Jan 31, 2007, at 6:18 PM, Dick Hardt wrote:
>> I'm wondering if Apache is the right place for this work. These  
>> are libraries, and from my experience with the Perl, Python and  
>> Tcl worlds, libraries tend to be worked on by a very small number  
>> of people with little overlap.
> This is a reasonable question.   If I take a quick look at the left  
> side of, I see the following projects which are  
> essentially libraries: db, iBatis, Jakarta is full of libraries,  
> logging, lucene, santuario, velocity, xalan, and xerces.   So being  
> a library is not in any way a blocker.

Agreed. My comment was that libraries tend to be worked on by a very  
small number of people. Most language libraries are NOT in Apache.

>> We put the OpenID4Java and OpenID4Perl over at for  
>> the following reasons:
>> 1) I trust their ability to keep the system up and running and be  
>> responsive (not trying to state that apache can't do that, but  
>> that Google does)
> I would hope so, since many of the engineers working on  
> are Apache members

I know them well. Hence the trust. :-)

>> 2) Simple interface for posting to the list, managing bugs etc.
>> 3) Google continues to add cool new features to
>> 4) We think of these as little projects that will likely have a  
>> small number of developers with little overlap between projects  
>> and not appropriate for Apache.
>> I don't want to dissuade the development of a robust Apache  
>> project, but it does not look good on Apache or OpenID if the  
>> project were to be shut down. Now might be a good time to move to  
>> a hosted project location such as Google or SourceForge if it  
>> looks like this project does not fit the Apache Way.
> The thing that you don't get from something like Sourceforge or  
> Google is the Apache governance system.   What you won't  get is  
> what's happening right now, which is that some overseeing body (the  
> Apache Board and the Incubator PMC) will intervene if the project  
> is not being run in accordance with some set of core principles.    
> If all the Heraldry committers want is public infrastructure, then  
> I'd say that Apache is not the right place.   However, I think that  
> the identity space is a highly political and potentially lucrative  
> space, and that having the Apache governance watching over the  
> development of a set of OpenID libraries is a very real and  
> tangible benefit for OpenID.    Apache has proven itself as a place  
> where individuals from multiple organizations can collaborate on an  
> even playing field.

I think there is great value to the Apache Governance model. It has  
provided numerous projects with the needed governance so that all the  
interested parties played well together.

The area that has required coordination in OpenID has been the  
specifications rather then the library development -- from what I  
know, that is not an area that Apache helps.

Given the proliferation of libraries[1], the barrier to creating a  
library is pretty low, the number of developers to be coordinated is  
low, and they are not critical for deploying OpenID. For example,  
Drupal wrote their own OpenID support so that it worked the Drupal way.

In contrast, an open source OpenID Provider is a project that makes  
sense in Apache given the complexity and coordination required to  
develop it.

> As far is it reflecting badly on Apache or OpenID if Heraldry is  
> terminated, I'd say this.   If Heraldry is shut down, it will be  
> neither the first nor the last incubated project to be shut down.    
> It would reflect far more poorly on Apache if we were to depart  
> from the principles which govern every other project at the  
> foundation.   At the same time, there are plenty of other open  
> source projects out there besides Apache, run with very different  
> governance than Apache.  I don't think that there'd be any shame in  
> Heraldry coming to the realization that the Apache governance model  
> isn't for them.

Good points Ted.

-- Dick

View raw message