shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kalle Korhonen <>
Subject Re: [DISCUSS] Graduation Resolution
Date Thu, 05 Aug 2010 19:37:43 GMT
Hey at least we got a discussion out of it. I agree, I think we'll
keep it as is unless somebody suggests otherwise.


On Thu, Aug 5, 2010 at 12:33 PM, Les Hazlewood <> wrote:
> I gotcha - and I'm glad your brought it up.  As you said, that's what
> this email thread is for :)
> I think it is probably best that we leave it as the broad/general
> statement that it is - it is conceivable that we might add something
> else to the framework later on and I wouldn't want to be limited
> because our mission statement implies that it might be out of scope.
> I think that kind of stuff is better left to the community to decide.
> Just thinking out loud...
> Les
> On Thu, Aug 5, 2010 at 12:15 PM, Kalle Korhonen
> <> wrote:
>> Security is still bigger than "authentication, authorization, session
>> management and cryptography" combined. Cryptography may be a huge part
>> of the project, but we are mainly users of the cryptographic
>> algorithms rather than providers of them. On session management I
>> agree, and probably should be noted if we wanted to be specific but
>> suppose it can be seen as being included in overall "related to
>> application security" statement. I'm fine leaving the statement broad
>> but that's about the only topic in the resolution we should discuss so
>> I wanted to make sure that we agree with it.
>> Kalle
>> On Thu, Aug 5, 2010 at 11:35 AM, Les Hazlewood <> wrote:
>>> Yeah, I just copied Cayenne's resolution and changed only what
>>> absolutely needed to be changed to make it Shiro-specific.  I thought
>>> this would be the 'safest' route to quickest approval since the
>>> Incubator graduation criteria page specifically recommended that it be
>>> used as an example from which we could create our own.
>>> And I'm surprised to hear the potential suggestion to limit our domain
>>> to only authentication and authorization.  Session Management and
>>> Cryptography are two huge parts of the overall project!  At least
>>> based on our project origins and current mission statement, Shiro is
>>> supposed to be the most comprehensive application security framework
>>> available.  I personally feel that we should retain this mission,
>>> which is why I left the wording very general.
>>> Just my .02,
>>> Les
>>> On Thu, Aug 5, 2010 at 10:48 AM, Kalle Korhonen
>>> <> wrote:
>>>> Back to the original matter now. I added Craig on the resolution and
>>>> didn't make other edits. I think it should be called "Project
>>>> Resolution" rather than "Graduation Resolution" but since it'd change
>>>> the url and only the content matters I didn't bother. I'm not a huge
>>>> fan of the fancy sentences either (I do not believe for a second that
>>>> legal language for some reason needs to be complicated) but I don't
>>>> think we have a lot of leeway in the matter and even if we did, it's
>>>> not worth the effort. While the resolution is not the same as a
>>>> mission statement, it includes a mission statement which is the only
>>>> part in it that matters to me and which we might want to expand on a
>>>> bit. Specifically the resolution says "The Apache Shiro Project be and
>>>> hereby is
>>>> responsible for the creation and maintenance of a software
>>>> project related to application security". Does that cover all and only
>>>> what the project and we are set to do? I don't have any exact
>>>> suggestions - it's a bit short but could do even as is. We could
>>>> though specifically limit our domain to "authentication and
>>>> authorization" - security as a whole is more than just those two
>>>> aspects.
>>>> Kalle
>>>> On Wed, Aug 4, 2010 at 12:40 PM, Kalle Korhonen
>>>> <> wrote:
>>>>> Thanks Les, will review.
>>>>> I don't want to turn this into a voting thread and I don't think we
>>>>> need a formal vote on it either, but +1 from me as well for Craig to
>>>>> stay on, we couldn't have gotten this far without him!
>>>>> Kalle
>>>>> On Wed, Aug 4, 2010 at 11:59 AM, Les Hazlewood <>
>>>>>> A huge +1 from me for Craig joining the PMC.  Thanks for offering
>>>>>> Les
>>>>>> On Wed, Aug 4, 2010 at 11:40 AM, Craig L Russell
>>>>>> <> wrote:
>>>>>>> On Aug 4, 2010, at 11:03 AM, Alan D. Cabrera wrote:
>>>>>>>> You are correct.  Mentors do not automatically become project
>>>>>>> Correct.
>>>>>>> However, it's generally considered a good idea to have at least
one Apache
>>>>>>> Foundation Member on each PMC. Often this is the PMC chair. Sometimes
>>>>>>> mentors volunteer to stay on at least for a while to help the
new PMC get
>>>>>>> settled.
>>>>>>> I'd be happy to help out by being on the new PMC if you'll have
>>>>>>> Craig
>>>>>>>> Regards,
>>>>>>>> Alan
>>>>>>>> On Aug 4, 2010, at 10:31 AM, Les Hazlewood wrote:
>>>>>>>>> A quick note:
>>>>>>>>> I assume Mentors are not to be automatically listed as
project members
>>>>>>>>> since their relationship with the project is to help
through the
>>>>>>>>> incubation process, and (formally) their responsibility
with the
>>>>>>>>> incubator podling is released upon graduation (per the
last paragraph
>>>>>>>>> in the Graduation Resolution).
>>>>>>>>> This is *not* a reflection of any desire not to have
them as project
>>>>>>>>> members should they wish to participate - it merely reflects
>>>>>>>>> understanding of the role/scope of an Incubator Mentor.
>>>>>>>>> Cheers,
>>>>>>>>> Les
>>>>>>>>> On Wed, Aug 4, 2010 at 10:23 AM, Les Hazlewood <>
>>>>>>>>> wrote:
>>>>>>>>>> I've posted my initial draft of the Apache TLP Graduation
>>>>>>>>>> here:
>>>>>>>>>> Please review and comment.
>>>>>>>>>> Thanks!
>>>>>>>>>> Les
>>>>>>> Craig L Russell
>>>>>>> Architect, Oracle
>>>>>>> 408 276-5638
>>>>>>> P.S. A good JDO? O, Gasp!

View raw message