shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kalle Korhonen <kalle.o.korho...@gmail.com>
Subject Re: [DISCUSS] Graduation Resolution
Date Thu, 05 Aug 2010 19:15:21 GMT
Security is still bigger than "authentication, authorization, session
management and cryptography" combined. Cryptography may be a huge part
of the project, but we are mainly users of the cryptographic
algorithms rather than providers of them. On session management I
agree, and probably should be noted if we wanted to be specific but
suppose it can be seen as being included in overall "related to
application security" statement. I'm fine leaving the statement broad
but that's about the only topic in the resolution we should discuss so
I wanted to make sure that we agree with it.

Kalle


On Thu, Aug 5, 2010 at 11:35 AM, Les Hazlewood <lhazlewood@apache.org> wrote:
> Yeah, I just copied Cayenne's resolution and changed only what
> absolutely needed to be changed to make it Shiro-specific.  I thought
> this would be the 'safest' route to quickest approval since the
> Incubator graduation criteria page specifically recommended that it be
> used as an example from which we could create our own.
>
> And I'm surprised to hear the potential suggestion to limit our domain
> to only authentication and authorization.  Session Management and
> Cryptography are two huge parts of the overall project!  At least
> based on our project origins and current mission statement, Shiro is
> supposed to be the most comprehensive application security framework
> available.  I personally feel that we should retain this mission,
> which is why I left the wording very general.
>
> Just my .02,
>
> Les
>
> On Thu, Aug 5, 2010 at 10:48 AM, Kalle Korhonen
> <kalle.o.korhonen@gmail.com> wrote:
>> Back to the original matter now. I added Craig on the resolution and
>> didn't make other edits. I think it should be called "Project
>> Resolution" rather than "Graduation Resolution" but since it'd change
>> the url and only the content matters I didn't bother. I'm not a huge
>> fan of the fancy sentences either (I do not believe for a second that
>> legal language for some reason needs to be complicated) but I don't
>> think we have a lot of leeway in the matter and even if we did, it's
>> not worth the effort. While the resolution is not the same as a
>> mission statement, it includes a mission statement which is the only
>> part in it that matters to me and which we might want to expand on a
>> bit. Specifically the resolution says "The Apache Shiro Project be and
>> hereby is
>> responsible for the creation and maintenance of a software
>> project related to application security". Does that cover all and only
>> what the project and we are set to do? I don't have any exact
>> suggestions - it's a bit short but could do even as is. We could
>> though specifically limit our domain to "authentication and
>> authorization" - security as a whole is more than just those two
>> aspects.
>>
>> Kalle
>>
>>
>> On Wed, Aug 4, 2010 at 12:40 PM, Kalle Korhonen
>> <kalle.o.korhonen@gmail.com> wrote:
>>> Thanks Les, will review.
>>>
>>> I don't want to turn this into a voting thread and I don't think we
>>> need a formal vote on it either, but +1 from me as well for Craig to
>>> stay on, we couldn't have gotten this far without him!
>>>
>>> Kalle
>>>
>>>
>>> On Wed, Aug 4, 2010 at 11:59 AM, Les Hazlewood <lhazlewood@apache.org>
wrote:
>>>> A huge +1 from me for Craig joining the PMC.  Thanks for offering Craig!
>>>>
>>>> Les
>>>>
>>>> On Wed, Aug 4, 2010 at 11:40 AM, Craig L Russell
>>>> <craig.russell@oracle.com> wrote:
>>>>>
>>>>> On Aug 4, 2010, at 11:03 AM, Alan D. Cabrera wrote:
>>>>>
>>>>>> You are correct.  Mentors do not automatically become project members.
>>>>>
>>>>> Correct.
>>>>>
>>>>> However, it's generally considered a good idea to have at least one Apache
>>>>> Foundation Member on each PMC. Often this is the PMC chair. Sometimes
the
>>>>> mentors volunteer to stay on at least for a while to help the new PMC
get
>>>>> settled.
>>>>>
>>>>> I'd be happy to help out by being on the new PMC if you'll have me.
>>>>>
>>>>> Craig
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Alan
>>>>>>
>>>>>> On Aug 4, 2010, at 10:31 AM, Les Hazlewood wrote:
>>>>>>
>>>>>>> A quick note:
>>>>>>>
>>>>>>> I assume Mentors are not to be automatically listed as project
members
>>>>>>> since their relationship with the project is to help through
the
>>>>>>> incubation process, and (formally) their responsibility with
the
>>>>>>> incubator podling is released upon graduation (per the last paragraph
>>>>>>> in the Graduation Resolution).
>>>>>>>
>>>>>>> This is *not* a reflection of any desire not to have them as
project
>>>>>>> members should they wish to participate - it merely reflects
my
>>>>>>> understanding of the role/scope of an Incubator Mentor.
>>>>>>>
>>>>>>> Cheers,
>>>>>>>
>>>>>>> Les
>>>>>>>
>>>>>>> On Wed, Aug 4, 2010 at 10:23 AM, Les Hazlewood <lhazlewood@apache.org>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> I've posted my initial draft of the Apache TLP Graduation
Resolution
>>>>>>>> here:
>>>>>>>>
>>>>>>>> https://cwiki.apache.org/confluence/display/SHIRO/Graduation+Resolution
>>>>>>>>
>>>>>>>> Please review and comment.
>>>>>>>>
>>>>>>>> Thanks!
>>>>>>>>
>>>>>>>> Les
>>>>>>>>
>>>>>>
>>>>>
>>>>> Craig L Russell
>>>>> Architect, Oracle
>>>>> http://db.apache.org/jdo
>>>>> 408 276-5638 mailto:Craig.Russell@oracle.com
>>>>> P.S. A good JDO? O, Gasp!
>>>>>
>>>>>
>>>>
>>>
>>
>

Mime
View raw message