shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: [DISCUSS] Graduation Resolution
Date Fri, 13 Aug 2010 18:59:51 GMT
Sounds good to me - please feel free to post.

Thanks!

Les

On Fri, Aug 13, 2010 at 10:37 AM, Kalle Korhonen
<kalle.o.korhonen@gmail.com> wrote:
> I'm on a roll here - Les, I can start the IPMC recommendation vote
> shortly unless you specifically want to do that. I think we'll just
> start the vote right away and rephrase the resolution during the vote
> if needed (though
> http://incubator.apache.org/guides/graduation.html#toplevel suggests
> posting the resolution on IPMC before the vote). Given that we already
> had a discussion on the resolution and it was linked to community
> vote, I doubt the wording in the proposed resolution is going to
> create any controversy.
>
> Kalle
>
>
> On Mon, Aug 9, 2010 at 10:42 AM, Les Hazlewood <lhazlewood@apache.org> wrote:
>> Yep, that's it - our community vote and then the IPMC recommendation
>> vote.  Looks like we're in the home stretch!
>>
>> Les
>>
>> On Mon, Aug 9, 2010 at 10:08 AM, Kalle Korhonen
>> <kalle.o.korhonen@gmail.com> wrote:
>>> From http://incubator.apache.org/guides/graduation.html#toplevel -
>>> with suggested owners and timeline added
>>>
>>>  Graduation to a top level project requires:
>>>
>>>    * a charter for your project - done
>>>    * a positive community graduation VOTE - Kalle, this week (starting (08/09)
>>>    * a positive IPMC recommendation VOTE - Les, next week (starting
>>> (08/16 assuming community vote tallied and succeeded)
>>>    * the acceptance of the resolution by the Board (add it to the
>>> September board meeting agenda as soon as recommendation vote
>>> succeeds)
>>>
>>> The next board meeting is 3rd of September. The proposed timeline
>>> should give us enough time to put it on the agenda. If no objections,
>>> I'll send out the community vote email this evening.
>>>
>>> Kalle
>>>
>>>
>>>
>>> On Sun, Aug 8, 2010 at 6:03 PM, Alan D. Cabrera <list@toolazydogs.com>
wrote:
>>>> So what are the remaining items to kick this thing out of the Incubator?
>>>>
>>>>
>>>> Regards,
>>>> Alan
>>>>
>>>> On Aug 5, 2010, at 12:37 PM, Kalle Korhonen wrote:
>>>>
>>>>> Hey at least we got a discussion out of it. I agree, I think we'll
>>>>> keep it as is unless somebody suggests otherwise.
>>>>>
>>>>> Kalle
>>>>>
>>>>>
>>>>> On Thu, Aug 5, 2010 at 12:33 PM, Les Hazlewood <lhazlewood@apache.org>
wrote:
>>>>>> I gotcha - and I'm glad your brought it up.  As you said, that's
what
>>>>>> this email thread is for :)
>>>>>>
>>>>>> I think it is probably best that we leave it as the broad/general
>>>>>> statement that it is - it is conceivable that we might add something
>>>>>> else to the framework later on and I wouldn't want to be limited
>>>>>> because our mission statement implies that it might be out of scope.
>>>>>> I think that kind of stuff is better left to the community to decide.
>>>>>> Just thinking out loud...
>>>>>>
>>>>>> Les
>>>>>>
>>>>>> On Thu, Aug 5, 2010 at 12:15 PM, Kalle Korhonen
>>>>>> <kalle.o.korhonen@gmail.com> wrote:
>>>>>>> Security is still bigger than "authentication, authorization,
session
>>>>>>> management and cryptography" combined. Cryptography may be a
huge part
>>>>>>> of the project, but we are mainly users of the cryptographic
>>>>>>> algorithms rather than providers of them. On session management
I
>>>>>>> agree, and probably should be noted if we wanted to be specific
but
>>>>>>> suppose it can be seen as being included in overall "related
to
>>>>>>> application security" statement. I'm fine leaving the statement
broad
>>>>>>> but that's about the only topic in the resolution we should discuss
so
>>>>>>> I wanted to make sure that we agree with it.
>>>>>>>
>>>>>>> Kalle
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Aug 5, 2010 at 11:35 AM, Les Hazlewood <lhazlewood@apache.org>
wrote:
>>>>>>>> Yeah, I just copied Cayenne's resolution and changed only
what
>>>>>>>> absolutely needed to be changed to make it Shiro-specific.
 I thought
>>>>>>>> this would be the 'safest' route to quickest approval since
the
>>>>>>>> Incubator graduation criteria page specifically recommended
that it be
>>>>>>>> used as an example from which we could create our own.
>>>>>>>>
>>>>>>>> And I'm surprised to hear the potential suggestion to limit
our domain
>>>>>>>> to only authentication and authorization.  Session Management
and
>>>>>>>> Cryptography are two huge parts of the overall project!  At
least
>>>>>>>> based on our project origins and current mission statement,
Shiro is
>>>>>>>> supposed to be the most comprehensive application security
framework
>>>>>>>> available.  I personally feel that we should retain this
mission,
>>>>>>>> which is why I left the wording very general.
>>>>>>>>
>>>>>>>> Just my .02,
>>>>>>>>
>>>>>>>> Les
>>>>>>>>
>>>>>>>> On Thu, Aug 5, 2010 at 10:48 AM, Kalle Korhonen
>>>>>>>> <kalle.o.korhonen@gmail.com> wrote:
>>>>>>>>> Back to the original matter now. I added Craig on the
resolution and
>>>>>>>>> didn't make other edits. I think it should be called
"Project
>>>>>>>>> Resolution" rather than "Graduation Resolution" but since
it'd change
>>>>>>>>> the url and only the content matters I didn't bother.
I'm not a huge
>>>>>>>>> fan of the fancy sentences either (I do not believe for
a second that
>>>>>>>>> legal language for some reason needs to be complicated)
but I don't
>>>>>>>>> think we have a lot of leeway in the matter and even
if we did, it's
>>>>>>>>> not worth the effort. While the resolution is not the
same as a
>>>>>>>>> mission statement, it includes a mission statement which
is the only
>>>>>>>>> part in it that matters to me and which we might want
to expand on a
>>>>>>>>> bit. Specifically the resolution says "The Apache Shiro
Project be and
>>>>>>>>> hereby is
>>>>>>>>> responsible for the creation and maintenance of a software
>>>>>>>>> project related to application security". Does that cover
all and only
>>>>>>>>> what the project and we are set to do? I don't have any
exact
>>>>>>>>> suggestions - it's a bit short but could do even as is.
We could
>>>>>>>>> though specifically limit our domain to "authentication
and
>>>>>>>>> authorization" - security as a whole is more than just
those two
>>>>>>>>> aspects.
>>>>>>>>>
>>>>>>>>> Kalle
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Aug 4, 2010 at 12:40 PM, Kalle Korhonen
>>>>>>>>> <kalle.o.korhonen@gmail.com> wrote:
>>>>>>>>>> Thanks Les, will review.
>>>>>>>>>>
>>>>>>>>>> I don't want to turn this into a voting thread and
I don't think we
>>>>>>>>>> need a formal vote on it either, but +1 from me as
well for Craig to
>>>>>>>>>> stay on, we couldn't have gotten this far without
him!
>>>>>>>>>>
>>>>>>>>>> Kalle
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Aug 4, 2010 at 11:59 AM, Les Hazlewood <lhazlewood@apache.org>
wrote:
>>>>>>>>>>> A huge +1 from me for Craig joining the PMC.
 Thanks for offering Craig!
>>>>>>>>>>>
>>>>>>>>>>> Les
>>>>>>>>>>>
>>>>>>>>>>> On Wed, Aug 4, 2010 at 11:40 AM, Craig L Russell
>>>>>>>>>>> <craig.russell@oracle.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> On Aug 4, 2010, at 11:03 AM, Alan D. Cabrera
wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> You are correct.  Mentors do not automatically
become project members.
>>>>>>>>>>>>
>>>>>>>>>>>> Correct.
>>>>>>>>>>>>
>>>>>>>>>>>> However, it's generally considered a good
idea to have at least one Apache
>>>>>>>>>>>> Foundation Member on each PMC. Often this
is the PMC chair. Sometimes the
>>>>>>>>>>>> mentors volunteer to stay on at least for
a while to help the new PMC get
>>>>>>>>>>>> settled.
>>>>>>>>>>>>
>>>>>>>>>>>> I'd be happy to help out by being on the
new PMC if you'll have me.
>>>>>>>>>>>>
>>>>>>>>>>>> Craig
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Alan
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Aug 4, 2010, at 10:31 AM, Les Hazlewood
wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> A quick note:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I assume Mentors are not to be automatically
listed as project members
>>>>>>>>>>>>>> since their relationship with the
project is to help through the
>>>>>>>>>>>>>> incubation process, and (formally)
their responsibility with the
>>>>>>>>>>>>>> incubator podling is released upon
graduation (per the last paragraph
>>>>>>>>>>>>>> in the Graduation Resolution).
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This is *not* a reflection of any
desire not to have them as project
>>>>>>>>>>>>>> members should they wish to participate
- it merely reflects my
>>>>>>>>>>>>>> understanding of the role/scope of
an Incubator Mentor.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Cheers,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Les
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Wed, Aug 4, 2010 at 10:23 AM,
Les Hazlewood <lhazlewood@apache.org>
>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I've posted my initial draft
of the Apache TLP Graduation Resolution
>>>>>>>>>>>>>>> here:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> https://cwiki.apache.org/confluence/display/SHIRO/Graduation+Resolution
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Please review and comment.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Les
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Craig L Russell
>>>>>>>>>>>> Architect, Oracle
>>>>>>>>>>>> http://db.apache.org/jdo
>>>>>>>>>>>> 408 276-5638 mailto:Craig.Russell@oracle.com
>>>>>>>>>>>> P.S. A good JDO? O, Gasp!
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>>
>>>
>>
>

Mime
View raw message