shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kalle Korhonen <kalle.o.korho...@gmail.com>
Subject Re: [DISCUSS] Graduation Resolution
Date Thu, 05 Aug 2010 19:37:43 GMT
Hey at least we got a discussion out of it. I agree, I think we'll
keep it as is unless somebody suggests otherwise.

Kalle


On Thu, Aug 5, 2010 at 12:33 PM, Les Hazlewood <lhazlewood@apache.org> wrote:
> I gotcha - and I'm glad your brought it up.  As you said, that's what
> this email thread is for :)
>
> I think it is probably best that we leave it as the broad/general
> statement that it is - it is conceivable that we might add something
> else to the framework later on and I wouldn't want to be limited
> because our mission statement implies that it might be out of scope.
> I think that kind of stuff is better left to the community to decide.
> Just thinking out loud...
>
> Les
>
> On Thu, Aug 5, 2010 at 12:15 PM, Kalle Korhonen
> <kalle.o.korhonen@gmail.com> wrote:
>> Security is still bigger than "authentication, authorization, session
>> management and cryptography" combined. Cryptography may be a huge part
>> of the project, but we are mainly users of the cryptographic
>> algorithms rather than providers of them. On session management I
>> agree, and probably should be noted if we wanted to be specific but
>> suppose it can be seen as being included in overall "related to
>> application security" statement. I'm fine leaving the statement broad
>> but that's about the only topic in the resolution we should discuss so
>> I wanted to make sure that we agree with it.
>>
>> Kalle
>>
>>
>> On Thu, Aug 5, 2010 at 11:35 AM, Les Hazlewood <lhazlewood@apache.org> wrote:
>>> Yeah, I just copied Cayenne's resolution and changed only what
>>> absolutely needed to be changed to make it Shiro-specific.  I thought
>>> this would be the 'safest' route to quickest approval since the
>>> Incubator graduation criteria page specifically recommended that it be
>>> used as an example from which we could create our own.
>>>
>>> And I'm surprised to hear the potential suggestion to limit our domain
>>> to only authentication and authorization.  Session Management and
>>> Cryptography are two huge parts of the overall project!  At least
>>> based on our project origins and current mission statement, Shiro is
>>> supposed to be the most comprehensive application security framework
>>> available.  I personally feel that we should retain this mission,
>>> which is why I left the wording very general.
>>>
>>> Just my .02,
>>>
>>> Les
>>>
>>> On Thu, Aug 5, 2010 at 10:48 AM, Kalle Korhonen
>>> <kalle.o.korhonen@gmail.com> wrote:
>>>> Back to the original matter now. I added Craig on the resolution and
>>>> didn't make other edits. I think it should be called "Project
>>>> Resolution" rather than "Graduation Resolution" but since it'd change
>>>> the url and only the content matters I didn't bother. I'm not a huge
>>>> fan of the fancy sentences either (I do not believe for a second that
>>>> legal language for some reason needs to be complicated) but I don't
>>>> think we have a lot of leeway in the matter and even if we did, it's
>>>> not worth the effort. While the resolution is not the same as a
>>>> mission statement, it includes a mission statement which is the only
>>>> part in it that matters to me and which we might want to expand on a
>>>> bit. Specifically the resolution says "The Apache Shiro Project be and
>>>> hereby is
>>>> responsible for the creation and maintenance of a software
>>>> project related to application security". Does that cover all and only
>>>> what the project and we are set to do? I don't have any exact
>>>> suggestions - it's a bit short but could do even as is. We could
>>>> though specifically limit our domain to "authentication and
>>>> authorization" - security as a whole is more than just those two
>>>> aspects.
>>>>
>>>> Kalle
>>>>
>>>>
>>>> On Wed, Aug 4, 2010 at 12:40 PM, Kalle Korhonen
>>>> <kalle.o.korhonen@gmail.com> wrote:
>>>>> Thanks Les, will review.
>>>>>
>>>>> I don't want to turn this into a voting thread and I don't think we
>>>>> need a formal vote on it either, but +1 from me as well for Craig to
>>>>> stay on, we couldn't have gotten this far without him!
>>>>>
>>>>> Kalle
>>>>>
>>>>>
>>>>> On Wed, Aug 4, 2010 at 11:59 AM, Les Hazlewood <lhazlewood@apache.org>
wrote:
>>>>>> A huge +1 from me for Craig joining the PMC.  Thanks for offering
Craig!
>>>>>>
>>>>>> Les
>>>>>>
>>>>>> On Wed, Aug 4, 2010 at 11:40 AM, Craig L Russell
>>>>>> <craig.russell@oracle.com> wrote:
>>>>>>>
>>>>>>> On Aug 4, 2010, at 11:03 AM, Alan D. Cabrera wrote:
>>>>>>>
>>>>>>>> You are correct.  Mentors do not automatically become project
members.
>>>>>>>
>>>>>>> Correct.
>>>>>>>
>>>>>>> However, it's generally considered a good idea to have at least
one Apache
>>>>>>> Foundation Member on each PMC. Often this is the PMC chair. Sometimes
the
>>>>>>> mentors volunteer to stay on at least for a while to help the
new PMC get
>>>>>>> settled.
>>>>>>>
>>>>>>> I'd be happy to help out by being on the new PMC if you'll have
me.
>>>>>>>
>>>>>>> Craig
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Alan
>>>>>>>>
>>>>>>>> On Aug 4, 2010, at 10:31 AM, Les Hazlewood wrote:
>>>>>>>>
>>>>>>>>> A quick note:
>>>>>>>>>
>>>>>>>>> I assume Mentors are not to be automatically listed as
project members
>>>>>>>>> since their relationship with the project is to help
through the
>>>>>>>>> incubation process, and (formally) their responsibility
with the
>>>>>>>>> incubator podling is released upon graduation (per the
last paragraph
>>>>>>>>> in the Graduation Resolution).
>>>>>>>>>
>>>>>>>>> This is *not* a reflection of any desire not to have
them as project
>>>>>>>>> members should they wish to participate - it merely reflects
my
>>>>>>>>> understanding of the role/scope of an Incubator Mentor.
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>>
>>>>>>>>> Les
>>>>>>>>>
>>>>>>>>> On Wed, Aug 4, 2010 at 10:23 AM, Les Hazlewood <lhazlewood@apache.org>
>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> I've posted my initial draft of the Apache TLP Graduation
Resolution
>>>>>>>>>> here:
>>>>>>>>>>
>>>>>>>>>> https://cwiki.apache.org/confluence/display/SHIRO/Graduation+Resolution
>>>>>>>>>>
>>>>>>>>>> Please review and comment.
>>>>>>>>>>
>>>>>>>>>> Thanks!
>>>>>>>>>>
>>>>>>>>>> Les
>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> Craig L Russell
>>>>>>> Architect, Oracle
>>>>>>> http://db.apache.org/jdo
>>>>>>> 408 276-5638 mailto:Craig.Russell@oracle.com
>>>>>>> P.S. A good JDO? O, Gasp!
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

Mime
View raw message