shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <>
Subject Re: [DISCUSS] Graduation Resolution
Date Thu, 05 Aug 2010 19:33:34 GMT
I gotcha - and I'm glad your brought it up.  As you said, that's what
this email thread is for :)

I think it is probably best that we leave it as the broad/general
statement that it is - it is conceivable that we might add something
else to the framework later on and I wouldn't want to be limited
because our mission statement implies that it might be out of scope.
I think that kind of stuff is better left to the community to decide.
Just thinking out loud...


On Thu, Aug 5, 2010 at 12:15 PM, Kalle Korhonen
<> wrote:
> Security is still bigger than "authentication, authorization, session
> management and cryptography" combined. Cryptography may be a huge part
> of the project, but we are mainly users of the cryptographic
> algorithms rather than providers of them. On session management I
> agree, and probably should be noted if we wanted to be specific but
> suppose it can be seen as being included in overall "related to
> application security" statement. I'm fine leaving the statement broad
> but that's about the only topic in the resolution we should discuss so
> I wanted to make sure that we agree with it.
> Kalle
> On Thu, Aug 5, 2010 at 11:35 AM, Les Hazlewood <> wrote:
>> Yeah, I just copied Cayenne's resolution and changed only what
>> absolutely needed to be changed to make it Shiro-specific.  I thought
>> this would be the 'safest' route to quickest approval since the
>> Incubator graduation criteria page specifically recommended that it be
>> used as an example from which we could create our own.
>> And I'm surprised to hear the potential suggestion to limit our domain
>> to only authentication and authorization.  Session Management and
>> Cryptography are two huge parts of the overall project!  At least
>> based on our project origins and current mission statement, Shiro is
>> supposed to be the most comprehensive application security framework
>> available.  I personally feel that we should retain this mission,
>> which is why I left the wording very general.
>> Just my .02,
>> Les
>> On Thu, Aug 5, 2010 at 10:48 AM, Kalle Korhonen
>> <> wrote:
>>> Back to the original matter now. I added Craig on the resolution and
>>> didn't make other edits. I think it should be called "Project
>>> Resolution" rather than "Graduation Resolution" but since it'd change
>>> the url and only the content matters I didn't bother. I'm not a huge
>>> fan of the fancy sentences either (I do not believe for a second that
>>> legal language for some reason needs to be complicated) but I don't
>>> think we have a lot of leeway in the matter and even if we did, it's
>>> not worth the effort. While the resolution is not the same as a
>>> mission statement, it includes a mission statement which is the only
>>> part in it that matters to me and which we might want to expand on a
>>> bit. Specifically the resolution says "The Apache Shiro Project be and
>>> hereby is
>>> responsible for the creation and maintenance of a software
>>> project related to application security". Does that cover all and only
>>> what the project and we are set to do? I don't have any exact
>>> suggestions - it's a bit short but could do even as is. We could
>>> though specifically limit our domain to "authentication and
>>> authorization" - security as a whole is more than just those two
>>> aspects.
>>> Kalle
>>> On Wed, Aug 4, 2010 at 12:40 PM, Kalle Korhonen
>>> <> wrote:
>>>> Thanks Les, will review.
>>>> I don't want to turn this into a voting thread and I don't think we
>>>> need a formal vote on it either, but +1 from me as well for Craig to
>>>> stay on, we couldn't have gotten this far without him!
>>>> Kalle
>>>> On Wed, Aug 4, 2010 at 11:59 AM, Les Hazlewood <>
>>>>> A huge +1 from me for Craig joining the PMC.  Thanks for offering Craig!
>>>>> Les
>>>>> On Wed, Aug 4, 2010 at 11:40 AM, Craig L Russell
>>>>> <> wrote:
>>>>>> On Aug 4, 2010, at 11:03 AM, Alan D. Cabrera wrote:
>>>>>>> You are correct.  Mentors do not automatically become project
>>>>>> Correct.
>>>>>> However, it's generally considered a good idea to have at least one
>>>>>> Foundation Member on each PMC. Often this is the PMC chair. Sometimes
>>>>>> mentors volunteer to stay on at least for a while to help the new
PMC get
>>>>>> settled.
>>>>>> I'd be happy to help out by being on the new PMC if you'll have me.
>>>>>> Craig
>>>>>>> Regards,
>>>>>>> Alan
>>>>>>> On Aug 4, 2010, at 10:31 AM, Les Hazlewood wrote:
>>>>>>>> A quick note:
>>>>>>>> I assume Mentors are not to be automatically listed as project
>>>>>>>> since their relationship with the project is to help through
>>>>>>>> incubation process, and (formally) their responsibility with
>>>>>>>> incubator podling is released upon graduation (per the last
>>>>>>>> in the Graduation Resolution).
>>>>>>>> This is *not* a reflection of any desire not to have them
as project
>>>>>>>> members should they wish to participate - it merely reflects
>>>>>>>> understanding of the role/scope of an Incubator Mentor.
>>>>>>>> Cheers,
>>>>>>>> Les
>>>>>>>> On Wed, Aug 4, 2010 at 10:23 AM, Les Hazlewood <>
>>>>>>>> wrote:
>>>>>>>>> I've posted my initial draft of the Apache TLP Graduation
>>>>>>>>> here:
>>>>>>>>> Please review and comment.
>>>>>>>>> Thanks!
>>>>>>>>> Les
>>>>>> Craig L Russell
>>>>>> Architect, Oracle
>>>>>> 408 276-5638
>>>>>> P.S. A good JDO? O, Gasp!

View raw message