shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: [DISCUSS] Graduation Resolution
Date Thu, 05 Aug 2010 19:33:34 GMT
I gotcha - and I'm glad your brought it up.  As you said, that's what
this email thread is for :)

I think it is probably best that we leave it as the broad/general
statement that it is - it is conceivable that we might add something
else to the framework later on and I wouldn't want to be limited
because our mission statement implies that it might be out of scope.
I think that kind of stuff is better left to the community to decide.
Just thinking out loud...

Les

On Thu, Aug 5, 2010 at 12:15 PM, Kalle Korhonen
<kalle.o.korhonen@gmail.com> wrote:
> Security is still bigger than "authentication, authorization, session
> management and cryptography" combined. Cryptography may be a huge part
> of the project, but we are mainly users of the cryptographic
> algorithms rather than providers of them. On session management I
> agree, and probably should be noted if we wanted to be specific but
> suppose it can be seen as being included in overall "related to
> application security" statement. I'm fine leaving the statement broad
> but that's about the only topic in the resolution we should discuss so
> I wanted to make sure that we agree with it.
>
> Kalle
>
>
> On Thu, Aug 5, 2010 at 11:35 AM, Les Hazlewood <lhazlewood@apache.org> wrote:
>> Yeah, I just copied Cayenne's resolution and changed only what
>> absolutely needed to be changed to make it Shiro-specific.  I thought
>> this would be the 'safest' route to quickest approval since the
>> Incubator graduation criteria page specifically recommended that it be
>> used as an example from which we could create our own.
>>
>> And I'm surprised to hear the potential suggestion to limit our domain
>> to only authentication and authorization.  Session Management and
>> Cryptography are two huge parts of the overall project!  At least
>> based on our project origins and current mission statement, Shiro is
>> supposed to be the most comprehensive application security framework
>> available.  I personally feel that we should retain this mission,
>> which is why I left the wording very general.
>>
>> Just my .02,
>>
>> Les
>>
>> On Thu, Aug 5, 2010 at 10:48 AM, Kalle Korhonen
>> <kalle.o.korhonen@gmail.com> wrote:
>>> Back to the original matter now. I added Craig on the resolution and
>>> didn't make other edits. I think it should be called "Project
>>> Resolution" rather than "Graduation Resolution" but since it'd change
>>> the url and only the content matters I didn't bother. I'm not a huge
>>> fan of the fancy sentences either (I do not believe for a second that
>>> legal language for some reason needs to be complicated) but I don't
>>> think we have a lot of leeway in the matter and even if we did, it's
>>> not worth the effort. While the resolution is not the same as a
>>> mission statement, it includes a mission statement which is the only
>>> part in it that matters to me and which we might want to expand on a
>>> bit. Specifically the resolution says "The Apache Shiro Project be and
>>> hereby is
>>> responsible for the creation and maintenance of a software
>>> project related to application security". Does that cover all and only
>>> what the project and we are set to do? I don't have any exact
>>> suggestions - it's a bit short but could do even as is. We could
>>> though specifically limit our domain to "authentication and
>>> authorization" - security as a whole is more than just those two
>>> aspects.
>>>
>>> Kalle
>>>
>>>
>>> On Wed, Aug 4, 2010 at 12:40 PM, Kalle Korhonen
>>> <kalle.o.korhonen@gmail.com> wrote:
>>>> Thanks Les, will review.
>>>>
>>>> I don't want to turn this into a voting thread and I don't think we
>>>> need a formal vote on it either, but +1 from me as well for Craig to
>>>> stay on, we couldn't have gotten this far without him!
>>>>
>>>> Kalle
>>>>
>>>>
>>>> On Wed, Aug 4, 2010 at 11:59 AM, Les Hazlewood <lhazlewood@apache.org>
wrote:
>>>>> A huge +1 from me for Craig joining the PMC.  Thanks for offering Craig!
>>>>>
>>>>> Les
>>>>>
>>>>> On Wed, Aug 4, 2010 at 11:40 AM, Craig L Russell
>>>>> <craig.russell@oracle.com> wrote:
>>>>>>
>>>>>> On Aug 4, 2010, at 11:03 AM, Alan D. Cabrera wrote:
>>>>>>
>>>>>>> You are correct.  Mentors do not automatically become project
members.
>>>>>>
>>>>>> Correct.
>>>>>>
>>>>>> However, it's generally considered a good idea to have at least one
Apache
>>>>>> Foundation Member on each PMC. Often this is the PMC chair. Sometimes
the
>>>>>> mentors volunteer to stay on at least for a while to help the new
PMC get
>>>>>> settled.
>>>>>>
>>>>>> I'd be happy to help out by being on the new PMC if you'll have me.
>>>>>>
>>>>>> Craig
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Alan
>>>>>>>
>>>>>>> On Aug 4, 2010, at 10:31 AM, Les Hazlewood wrote:
>>>>>>>
>>>>>>>> A quick note:
>>>>>>>>
>>>>>>>> I assume Mentors are not to be automatically listed as project
members
>>>>>>>> since their relationship with the project is to help through
the
>>>>>>>> incubation process, and (formally) their responsibility with
the
>>>>>>>> incubator podling is released upon graduation (per the last
paragraph
>>>>>>>> in the Graduation Resolution).
>>>>>>>>
>>>>>>>> This is *not* a reflection of any desire not to have them
as project
>>>>>>>> members should they wish to participate - it merely reflects
my
>>>>>>>> understanding of the role/scope of an Incubator Mentor.
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>>
>>>>>>>> Les
>>>>>>>>
>>>>>>>> On Wed, Aug 4, 2010 at 10:23 AM, Les Hazlewood <lhazlewood@apache.org>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> I've posted my initial draft of the Apache TLP Graduation
Resolution
>>>>>>>>> here:
>>>>>>>>>
>>>>>>>>> https://cwiki.apache.org/confluence/display/SHIRO/Graduation+Resolution
>>>>>>>>>
>>>>>>>>> Please review and comment.
>>>>>>>>>
>>>>>>>>> Thanks!
>>>>>>>>>
>>>>>>>>> Les
>>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Craig L Russell
>>>>>> Architect, Oracle
>>>>>> http://db.apache.org/jdo
>>>>>> 408 276-5638 mailto:Craig.Russell@oracle.com
>>>>>> P.S. A good JDO? O, Gasp!
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

Mime
View raw message