The Apache Software Foundation Board of Directors Meeting Minutes June 17, 2009 1. Call to order The meeting was scheduled for 10:00am (Pacific) and began at 10:03 when a sufficient attendance to constitute a quorum was recognized by the chairman. The meeting was held via teleconference, hosted by Jim Jagielski and SpringSource. IRC #asfboard on irc.freenode.net was used for backup purposes. 2. Roll Call Directors Present: Bertrand Delacretaz Justin Erenkrantz J Aaron Farr Jim Jagielski Geir Magnusson Jr William Rowe Jr Sam Ruby Greg Stein Directors Absent: Henning Schmiedehausen Guests: Doug Cutting Roy T. Fielding joined at 10:10 Santiago Gala Ross Gardler Niclas Hedhman Brett Porter Paul Querna joined at 10:07 Sander Striker Henri Yandell Jukka Zitting Shane Curcuru joined at 10:35 for 30 minutes 3. Minutes from previous meetings Minutes (in Subversion) are found under the URL: https://svn.apache.org/repos/private/foundation/board/ None reviewed. Jim asks for the status of Sander's minutes? Sander will commit. 4. Executive Officer Reports A. Chairman [Jim] Since the last board meeting, there has been continued discussion and debate regarding the budget and the budget process. It would be a mistake to call these smooth. However, the hope and the goal is that we have learned from this process and that the next go-round with be more smooth and more reserved. With the upcoming members meeting (and board election), there has also been ongoing discussions regarding more general aspects of the ASF, mostly related to marketing and PR and its alignment (if any) with our mission. Also under discussion has been the sponsorship program and its influence and impact (if any) on our mission. I created an Email thread specifically about this to try to gauge what the specific issues are and what specific, actionable remedies may exist (if required). It is, btw, somewhat ironic, that 2 major action items that the foundation have been trying to accomplish for years (the budget and the sponsorship program), once they have been realized, have created so much conflict. Regarding the board elections, we will see another large turn-over in directors; at the very least, 3 current directors have chosen not to rerun. A reminder that the ASF members meeting is scheduled for July 7th (and 9th) and that time remains for new member and new director nominations. With the conflict of the last several weeks, it is easy for that to influence the perception of the board and the effectiveness of the board over the last 12 months. That is, imo, a darn shame, because we have successfully made some major changes and major strides in getting the ASF on auto-pilot. Back when we were much smaller, it was easy for volunteers to do all the "foundation infrastructure" work, since there wasn't much. As we have grown significantly larger, that is no longer the case and getting us to a place where we can continue to allow and empower volunteers to do that, while ensuring continuity and closure of issues is a difficult task, which this board has been very crucial in handling. My personal thanks go to each and every director and officer. B. President [Justin] This last month has been largely spent recuperating from the budget process. I feel that there are some clear lessons to be learned from the budget process and hope that we can improve the experience going forward. Two suggestions that I think should be noted for posterity: - Require each committee to have a formal vote on their request - Require each committee to submit a justification It is my hope that such actions greatly smooth the budget process in future years. I have talked with Noirin (via concom@ list) about the contract situation with SCP and ApacheCon. We feel that it is best to pause the contract negotiations until the September timeframe. This will give Noirin time to get acclimated to her new role as ConCom VP and allow for some more discussion (within concom and a new Board) about what we hope to achieve with a new event contract. I look forward to the upcoming Board elections as I think the discussions around nominations are bringing up some good ideas and perhaps some fresh perspectives. BUDGET COMMITTEE UPDATE: See above for lessons learned. I now consider the Budget Committee as having concluded its appointed task and have disbanded it. Thanks to Jim and Bill for serving on the committee! ADMINISTRATIVE SEARCH COMMITTEE UPDATE: With the budget being passed it should have been a lot easier to move forward with the tasks for the committee. With the current different views and opinions on the future direction of the ASF, I think the foundation is best served with putting its task on hold until after the elections. As such, there is currently no update. C. Treasurer [Geir] Books are currently up to date as of 2009-06-14 for checking, savings and credit card accounts. Contributions : - Current PayPal balance is $11,327.74 USD. Contributions via PayPal for May 2009 were $234. This is not reflected in statement of position below. (I want the reports to always accurately represent Quickbooks data). PayPal history reporting seems to be often broken. - IONA 2009 invoice outstanding from 4/1 - Google 2009 invoice outstanding from 5/16 Tasks Done : - bills : PRNewsWire - resent Sunstar check - Direct Pay is setup, I have Yet Another Dongle Todo : - Move Sunstar, Sally, (?) to direct pay if they are willing - FY2008 taxes - due date is August 15th - review switching from accrual to cash accounting - list of donors for "thank you's" - figure out why PayPal and I don't get along Question : Contract for Catherine Ruby is ended or will be ended. What is her last month of work? Financial Reports : 1) Statement of Financial Income and Expense - May 2008 - Accrual Basis Ordinary Income/Expense Income Interest Income 126.97 Contributions Income Unrestricted 100,000.00 Total Contributions Income 100,000.00 (1) Total Income 100,126.97 Expense Bank Service Charges 349.22 Contract Labor 800.00 Postage and Delivery 26.42 Professional Fees Legal Fees 400.00 Total Professional Fees 400.00 Program Expenses Infrastructure Colocation Expenses 518.00 Infrastructure Staff 0.00 (2) Total Infrastructure 518.00 Public Relations Public Relations Staff 3,636.36 Public Relations - Other 1,615.00 Total Public Relations 5,251.36 Total Program Expenses 5,769.36 Total Expense 7,345.00 Net Ordinary Income 92,781.97 Net Income 92,781.97 Notes : (1) - this is the 2009 Google Platinum Sponsorship Invoice. Haven't been paid yet. (2) - Should be 6k, but as it's accrual, the 6k check we sent was offset by a 6k check returned. 2) Statement of Financial Position - as of May 31, 2009 - Accrual Basis May 31, 09 May 31, 08 $ Change % Change ASSETS Current Assets Checking/Savings PayPal 10,885.17 14,027.77 -3,142.60 -22.4% Wells Fargo Analyzed Account 26,930.92 100,996.05 -74,065.13 -73.3% Wells Fargo Savings 299,048.98 157,214.03 141,834.95 90.2% Total Checking/Savings 336,865.07 272,237.85 64,627.22 23.7% Accounts Receivable Accounts Receivable 120,000.00 0.00 120,000.00 100.0% Total Accounts Receivable 120,000.00 0.00 120,000.00 100.0% Total Current Assets 456,865.07 272,237.85 184,627.22 67.8% TOTAL ASSETS 456,865.07 272,237.85 184,627.22 67.8% LIABILITIES & EQUITY Liabilities Current Liabilities Credit Cards ASF Credit Card - Paul Querna 528.39 0.00 528.39 100.0% ASF Credit Card - Ruby 46.37 0.00 46.37 100.0% ASF Credit Card - Erenkrantz 0.00 348.31 -348.31 -100.0% Total Credit Cards 574.76 348.31 226.45 65.0% Total Current Liabilities 574.76 348.31 226.45 65.0% Total Liabilities 574.76 348.31 226.45 65.0% Equity Retained Earnings 363,508.34 261,948.68 101,559.66 38.8% Net Income 92,781.97 9,940.86 82,841.11 833.3% Total Equity 456,290.31 271,889.54 184,400.77 67.8% TOTAL LIABILITIES & EQUITY 456,865.07 272,237.85 184,627.22 67.8% 3) Ad-hoc Budget Tracking Summary : We're way behind in income on a flat monthly plan, but we're also far ahead in expenses. (Expenses are less their budget by more than income is less than target, on a percentage basis.) Income : Current monthly income target is $541,200 / 12 = $45,100 Interest income : $127 PayPal Contributions : $234 Sponsorship contributions for May 2009 : Platinum : ($100,000 / 12 = $8333) Microsoft $8333 Yahoo $8333 Google $8333 (invoiced with high degree of confidence - we haven't actually received any money yet) Silver : ($20,000 / 12 = $1667) HP $1667 Bronze : ($5,000 / 12 = $417 BlueNog $417 Intuit $417 Joost $417 Mullenweg $417 Sponsorship Subtotal : $28,333 Monthly Total : $28,694 % of monthly target : 64% YTD Total : $28,694 % of annual plan : 5% Expense : Current monthly expense budget is $404,541 / 12 = $33,711 Expense for May 2009 (cash basis) : $13,345 % of monthly target : 40% (this is good!) YTD Total : $13,345 % of plan : 3% May was Catherine's last month. Like the idea of an Apache person signing thank you's, Justin and Geir suggests coordinating this through the PRC, Jim suggests having the Secretary coordinate this. Yahoo and Microsoft are coming up due in August. Sally will contact both. If it not clear when Microsoft's term started: OSCON or when we actually invoiced them? D. Secretary [Sam] No report submitted. E. Executive Vice President [Sander Striker] Verbal report provided. Admin search is on hold until member elections. There will be some speaking opportunities in October, may conflict with ApacheCon. Executive officer reports approved as submitted by General Consent. 5. Additional Officer Reports 1. VP of JCP [Geir Magnusson Jr] See Attachment 1 Unrelated to the JCP, we discussed how to handle W3C reports. Jim indicated that W3C will be added as a monthly report. 2. Apache Legal Affairs Committee [Sam Ruby] See Attachment 2 3. Apache Security Team Project [Mark Cox / Geir] See Attachment 3 4. Apache Conference Planning Project [Lars Eilebrecht / Bertrand] See Attachment 4 5. Apache Public Relations Project [Jim Jagielski] See Attachment 5 There will be an official vote on the new members, expect a resolution next month. 6. Apache Infrastructure Team [Paul Querna / Justin] See Attachment 6 7. Apache Travel Assistance Committee [Gavin McDonald / Bill] See Attachment 7 Question: SCP should be a simple request? No action taken. Additional officer reports approved as submitted by General Consent. 6. Committee Reports A. Apache Ant Project [Conor MacNeill / Jim] See Attachment A B. Apache APR Project [Bojan Smojver / Justin] See Attachment B Justin to pursue a report for APR C. Apache Archiva Project [Maria Odea Ching / Henning] See Attachment C D. Apache Attic Project [Henri Yandell / J Aaron] See Attachment D Aaron to add link to mail-archives.apache.org. E. Apache Camel Project [Hadrian Zbarcea / Sam] See Attachment E Can the PRC help raise buzz/awareness for Camel 2.0? No action taken. F. Apache Cayenne Project [Andrus Adamchik / Greg] See Attachment F G. Apache Commons Project [Torsten Curdt / Sam] See Attachment G H. Apache Excalibur Project [Carsten Ziegeler / Bill] See Attachment H Aaron to bring up on the Excalibur list the potential for this project to go to the Attic and/or portions to go to Felix. I. Apache Felix Project [Richard Hall / Bertrand] See Attachment I J. Apache Gump Project [Stefan Bodewig / Jim] See Attachment J The board is pleased to see support for more SCMs. K. Apache Harmony Project [Tim Ellison / Greg] See Attachment K General discussion about publishing regular builds until we get approval for the TCK. Tim Ellison confirms that Harmony is publishing regular builds. L. Apache iBATIS Project [Clinton Begin / Justin] See Attachment L Justin to pursue a report for iBATIS M. Apache Incubator Project [Noel J. Bergman / Henning] See Attachment M Bertrand to investigate the mailed software grants for Ace. wrp4j: Sam to investigate the legal issue. Should RAT be a TLP? The board did not see an issue with that approach. Henri suggested that it be an infrastructure project. It is a tool rather than a community. Jim to communicate the remaining issues to incubator. N. Apache Jackrabbit Project [Jukka Zitting / J Aaron] See Attachment N Again: any noteworthy regarding the release that the PRC can help with? Jukka to pursue. O. Apache Jakarta Project [Martin van den Bemt / Geir] See Attachment O A PMC chair resolution is expected for the next board meeting. P. Apache Labs Project [Bernd Fondermann / Greg] See Attachment P Q. Apache Lucene Project [Grant Ingersoll / Bertrand] See Attachment Q R. Apache OFBiz Project [David E. Jones / Bill] See Attachment R S. Apache Portals Project [David Sean Taylor / Geir] See Attachment S T. Apache Quetzalcoatl Project [Gregory Trubetskoy / Justin] See Attachment T Henri suggested that if there is no visible Apache presence, this project should end up in the Attic. Aaron to follow up. U. Apache Santuario Project [Berin Lautenbach / Jim] See Attachment U V. Apache ServiceMix Project [Guillaume Nodet / Henning] See Attachment V W. Apache SpamAssassin Project [Daryl C. W. O'Shea / Sam] See Attachment W Sam to pursue a report for SpamAssassin X. Apache Synapse Project [Paul Fremantle / J Aaron] See Attachment X Y. Apache Tiles Project [Greg Reddin / Henning] See Attachment Y Z. Apache Tomcat Project [Mladen Turk / Justin] See Attachment Z We should highlight 10 years of Tomcat at the next ApacheCon US. AA. Apache Web Services Project [Glen Daniels / Bill] See Attachment AA Glen Daniels requested skipping June in favor of a July report. AB. Apache Wicket Project [Martijn Dashorst / Geir] See Attachment AB AC. Apache XMLBeans Project [Cezar Andrei / Greg] See Attachment AC Greg to pursue a report for XMLBeans Committee reports approved as submitted by General Consent. 7. Special Orders A. Change of Public Relations Committee Charter WHEREAS, the Public Relations Committee was chartered and responsible for organization and oversight of efforts to handle public relations on behalf of The Apache Software Foundation, including trademark licensing and other issues regarding management of the Apache brand and raising of funds, but excluding the ApacheCon conferences (which shall remain a responsibility of the Apache Conference Planning Committee); and WHEREAS, the Apache Conference Planning Committee would benefit from the oversight and expertise of Public Relations Committee in relation to the Apache brand, and coordination in the raising of funds; NOW, THEREFORE, BE IT RESOLVED, that the Public Relations Committee, an ASF Board Committee, hereby is rechartered pursuant to Bylaws of the Foundation; and be it further RESOLVED, that the phrase, "excluding the ApacheCon conferences (which shall remain a responsibility of the Apache Conference Planning Committee)" is struck from the Public Relations Committee charter; and be it further RESOLVED, that the Public Relations Committee be and hereby is responsible for organization and oversight of efforts to handle public relations on behalf of The Apache Software Foundation, including trademark licensing and other issues regarding management of the Apache brand and raising of funds. Special Order 7A, Change of Public Relations Committee Charter, Tabled as the vote is still ongoing. B. Establish the Apache Sling Project WHEREAS, the Board of Directors deems it to be in the best interests of the Foundation and consistent with the Foundation's purpose to establish a Project Management Committee charged with the creation and maintenance of open-source software related to a scriptable web framework that uses a Java Content Repository, such as Apache Jackrabbit, to store and manage content for distribution at no charge to the public. NOW, THEREFORE, BE IT RESOLVED, that a Project Management Committee (PMC), to be known as the "Apache Sling Project", be and hereby is established pursuant to Bylaws of the Foundation; and be it further RESOLVED, that the Apache Sling Project be and hereby is responsible for the creation and maintenance of software related to a scriptable web framework that uses a Java Content Repository, such as Apache Jackrabbit, to store and manage content; and be it further RESOLVED, that the office of "Vice President, Apache Sling" be and hereby is created, the person holding such office to serve at the direction of the Board of Directors as the chair of the Apache Sling Project, and to have primary responsibility for management of the projects within the scope of responsibility of the Apache Sling Project; and be it further RESOLVED, that the persons listed immediately below be and hereby are appointed to serve as the initial members of the Apache Sling Project: * Alexandru Popescu * Bertrand Delacretaz * Christophe Lombart * Carsten Ziegeler * Felix Meschberger * Gianugo Rabellino * Padraic Hannon * Juan José Vázquez Delgado * Karl Pauls * Vidar Ramdal NOW, THEREFORE, BE IT FURTHER RESOLVED, that Felix Meschberger be appointed to the office of Vice President, Apache Sling, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed; and be it further RESOLVED, that the initial Apache Sling PMC be and hereby is tasked with the creation of a set of bylaws intended to encourage open development and increased participation in the Apache Sling Project; and be it further RESOLVED, that the Apache Sling Project be and hereby is tasked with the migration and rationalization of the Apache Incubator Sling podling; and be it further RESOLVED, that all responsibilities pertaining to the Apache Incubator Sling podling encumbered upon the Apache Incubator Project are hereafter discharged. Special Order 7B, Establish the Apache Sling Project, passed with 6 yes votes and 1 abstention. C. Change the Conference Planning Chair WHEREAS, the Board of Directors heretofore appointed Lars Eilebrecht to the office of Vice President, Conference Planning, and WHEREAS, the Board of Directors is in receipt of the resignation of Lars Eilebrecht from the office of Vice President, Conference Planning, and WHEREAS, the members of the Conference Planning Committee have chosen by vote to recommend Noirin Shirley as the successor to the post; NOW, THEREFORE, BE IT RESOLVED, that Lars Eilebrecht is relieved and discharged from the duties and responsibilities of the office of Vice President, Conference Planning, and BE IT FURTHER RESOLVED, that Noirin Shirley be and hereby is appointed to the office of Vice President, Conference Planning, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Special Order 7C, Change the Conference Planning Chair, was approved by Unanimous Vote of the directors present. D. Appoint Raul Benito as Apache Santuario chairman WHEREAS, the Board of Directors heretofore appointed Berin Lautenbach to the office of Vice President, Apache Santuario, and WHEREAS, the Board of Directors is in receipt of the resignation of Berin Lautenbach from the office of Vice President, Apache Santuario; NOW, THEREFORE, BE IT RESOLVED, that Berin Lautenbach is relieved and discharged from the duties and responsibilities of the office of Vice President, Apache Santuario, and BE IT FURTHER RESOLVED, that Raul Benito be and hereby is appointed to the office of Vice President, Apache Santuario, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Special Order 7D, Appoint Raul Benito as Apache Santuario chairman, was approved by Unanimous Vote of the directors present. E. Update Legal Affairs Committee Membership WHEREAS, the Legal Affairs Committee of The Apache Software Foundation (ASF) expects to better serve its purpose through the periodic update of its membership; and WHEREAS, the Legal Affairs Committee is an Executive Committee whose membership must be approved by Board resolution; and WHEREAS, the Legal Affairs Committee is in receipt of Roy Fielding's resignation. NOW, THEREFORE, BE IT RESOLVED, that the following ASF members be added as Legal Affairs Committee members: Niclas Hedhman Lawrence Rosen BE IT FURTHER RESOLVED, that the following ASF member be removed as a Legal Affairs Committee member: Roy Fielding Special Order 7E, Update Legal Affairs Committee Membership, was approved by Unanimous Vote of the directors present. F. Update Public Relations Committee Membership WHEREAS, the Public Relations Committee (PRC) of The Apache Software Foundation (ASF) expects to better serve its purpose through the periodic update of its membership; and WHEREAS, the PRC is a Board-appointed committee whose membership must be approved by Board resolution; and WHEREAS, the Board is in receipt of Bertrand Delacretaz's, Yoav Shapira's and Ted Leung's resignation as a member of the PRC, NOW, THEREFORE, BE IT RESOLVED, that the following ASF members be removed from the list of Public Relations Committee members: Bertrand Delacretaz Yoav Shapira Ted Leung Special Order 7F, Update Public Relations Committee Membership, was approved by Unanimous Vote of the directors present. 8. Discussion Items 9. Review Outstanding Action Items 10. Unfinished Business 11. New Business 12. Announcements Aaron will be moving and his wife is expecting. Congrats! Justin is on leave from Joost, and focusing on his Ph.D. 13. Adjournment Adjourned at 11:18 a.m. (Pacific) ============ ATTACHMENTS: ============ ----------------------------------------- Attachment 1: Report from the VP of JCP The Apache Software Foundation was the recipient of the 2009 JCP Member of the Year Award. This is the 3rd time we've been selected to receive this, and I think it's nice recognition for the work that we all do in the JCP, including engagement and activism on the EC, direct participation in expert groups, and building, testing and distributing leading implementations of the specifications. In terms of the Sun acquisition by Oracle and any news we have from there regarding the future of the JCP or our current dispute with Sun over the Java SE TCK, I can only report that I have nothing to report. Oracle practices exceptional message control (except when Ellison speaks at conferences, it seems) and so far I have no information regarding the future. Oracle has always been a prominently outspoken supporter of our position and cause, and while I'm hopeful that will continue in the future, remember that power comes from the barrel of a gun. They now have the gun. Elsewhere, I'm still pursuing an action item to get the language for the JPA draft spec license fixed - Sun is aware, Sun agrees but an official letter or such has yet to materialize. I will keep pushing. There are also some outstanding requests for updated TCK materials which are being attended to. ----------------------------------------- Attachment 2: Status report for the Apache Legal Affairs Committee Summary: * In general, things appear to be progressing smoothly, though I think I see the first signs of things that might end up falling through the cracks. Will continue to monitor. See items marked with a (*) * While I am quite comfortable with the split between the PRC and Legal(and Incubator, for that matter) on trademarks, the topic of trademark selection and enforcement continues to pop up. As long as nobody raises any concerns about the discussions and no decisions are reached exclusively on legal mailing lists, I'm OK with it. Details: Larry extended the time (for 6 months) in which the ASF must respond to the PTO before the SpamAssassin Trademark becomes effective. He can not proceed until the website is corrected. PHP license approved as category A. GPLv3 license identified as category X. Statements by the FSF indicating that the ASF license is "compatible" with GPLv3 was, as predicted, a cause of confusion. Pivot decided to continue with their plans to host their Flex BlazeDB demo outside of the ASF infrastructure given that that code has a dependency on GPLv3 licensed code. Henri noted some "dodgy" code in Checkstyle (specifically some Sun specific Swing code). The code is available under BSD with 'no nuclear facility' clause. (*) General discussion (without providing any legal advice) occurred in response to a question about establishing another open source non-profit. We discussed using JIRA for tracking ICLAs. It wasn't clear what benefit that provided. A general question on "reciprocity" with respect to section 5 of our license was answered. No change to the license is planned. The author of the dictionary in question agreed to provide a copy under the Apache License. Extensive discussion about improving the release process documentation. Patches expected to be forthcoming. (*) CUP Parser Generator license a.k.a. "Standard ML of New Jersey" was reviewed and thought to be Category A. (*) General discussion on what 'required notices' meant. Unsurprisingly, the answer was 'notices that are required' :-) A question about using Apache CXF in a GPL licensed codebase was answered by pointing the ASF and FSF faqs. General discussion on trademarks (IMHO, bordering on PRC's responsibility, but as no decisions were made, no harm) Lengthy discussion (without concrete results) on tagging release candidates and Java. A question about ECCN exports was answered by pointing to the web page describing our export licenses. A question about binary PDF documents in a release for Apache Stonehenge was answered. It involved README vs NOTICE and Copyright vs Trademark considerations. Developing more general education and posting it on our website would be helpful in this area. General question on the trademark-ability of greek letters. Delta airlines seem to have done so. A question on how we view the Day spec license was asked, without attracting an answer (*). It doesn't directly affect Jackrabbit, as Day has a CCLA on file. Question (motivated by VCL, but applies to a number of ASF projects) on whether or not we intend to trademark names that were in use prior to donation to the ASF. A few com.sun.* APIs seem to have found their way into effectively becoming part of standards. Notes were shared on how to deal with this. Microsoft Limited Public License was categorized as "X" as it has a field of use clause. A TM was added to the Tomcat logo. Another case that properly is something the PRC should be concerned with. When this discussion moved onto the ASF feather logo, Larry did request that this be continued at the PRC. PDFBox wishes to include some CJK fonts which are licensed in a way that does not permit modification. As it doesn't affect the ability for us to release our code under our license, this license is thought to be category B. Active discussion (incomplete) on copyright and trademark of hosting of research papers on our site. Larry dealt with a DMCA notice that was misdirected towards the ASF. ----------------------------------------- Attachment 3: Status report for the Apache Security Team Project For May 2009: There continues to be a steady stream of reports of various kinds arriving at security@apache.org. These continue to be dealt with promptly by the security team. 1 Support question 3 Vulnerability report of which 1 Vulnerability report [tomcat, via security@apache.org] 1 Vulnerability report [httpd, via security@apache.org] 1 Vulnerability report [xerces, via security@apache.org] ----------------------------------------- Attachment 4: Status report for the Apache Conference Planning Project General News ------------ * Lars Eilebrecht is resigning from the V.P. position. The Conference Planning Committee has voted to make Noirin Shirley the new V.P. of the Conference Planning project. ApacheMeetUp/BarCampApache Asia 2009 (December TBD) --------------------------------------------------- * The planning team has decided to push the event back to December 2009. ApacheCon US 2009 News (2-6 November) ------------------------------------- * The first media call occurred to detail how SCP, Planners, ConCom and PageOne would best work together. * Planning and scheduling work continues. * Opening of registration was scheduled on the 22nd, but due to many busy schedules and slow responses to planners questions, this may no longer be realistic. It will certainly open in the coming weeks. ----------------------------------------- Attachment 5: Status report for the Apache Public Relations Project GENERAL INFO Concom has voted on and requested that the PRC charter be expanded to include oversight of ApacheCon publicity. A vote is progressing in PRC. Charel/SCP has agreed to retain PageOne PR to help drive publicity for ApacheCon US/OAK in connection with the 10th Anniversary Big Feather Birthday Bash. Sally has scoped the project and has begun the dialogue with Jim to help PageOne prioritize outreach activities and coordinate messaging. Sally is meeting with PageOne weekly to track progress. Received request from ConCom for PRC to officially oversee the ApacheCon Business & Community Track The PRC --specifically Sally-- was tasked with the oversight, planning, and management of the Big Feather Birthday Bash at ApacheCon/OAK in November. Jim will be her counterpart on these activities. Jim stated he had intended to resign as PRC chair, and later agreed to stay on through ApacheCon/November following discussion on the PRC list, particularly with his role as co-lead on BFBB/ApacheCon PR oversight with Sally. Both Shane and Sally were nominated as his replacement; there was debate regarding possible conflict of interest for Sally, as head of HALO, in "managing" her own contract. Shane submitted an in-depth vision statement of where he'd like to see the PRC heading if elected Chair, and that he intends to reorient his primary attention from ConCom to PRC. Jim offers to buy anyone he's offended a drink. Sally requested the Twitter login credentials; in updating the Foundation blog she broke the Roller stylesheet by cutting-and-pasting from MSWord. Gavin corrected the immediate problem, but there doesn't seem to be a long-term solution. Apache.org, etc. are out of date ASF received a Linux Journal Readers' Choice category winner again :-) Sebastian ("sebb") noticed that the directory http://apache.org/foundation/press/ is a flatfile as it doesn't have an index and suggests that we possibly redirect to http://apache.org/foundation/news.html for now Jim has received some queries about the "influence" that Progress Software appears to have on Apache Camel, CXF, ActiveMQ and ServiceMix, particularly that the majority of committers to these projects are employed by Progress, and that the direction of the projects may be corporate and not community-- driven. Jim wants to hold monthly concalls to discuss the PRC reports in advance of the Board meetings Jim clarified to the Board the current draft budget is accurate: Whether or not we contract HALO to do the sponsorship or go with an external (a different external) person/agency, $30K is projected for the Sponsor development activity. Jim clarified a charge from PRNewswire for additional distribution channel for the OFBiz announcement to (eCommerce focus)., as well as $1,560 for the ACEU09/10th Anniversary press release distributed outside of our usual wire outlets. Jim requests folks to update their membership status. Diffs: Yoav and Ted Leung pull out; Noirin, Larry, Sanjiva, and Henri want to join. Jukka wants to be obliquely involved. Matthias wants a slide master template. Hen suggests a suggestion for the PRC on organization to help the volunteers know what their tasks are: 1) List the general things the PRC does; 2) List the ones that have been outsourced to HALO; 3) Work out which ones are independent and which require PRC involvement. For the volunteer tasks, identify process to follow in each case. Break the emails press@ gets into a few categories: Analyst asking for general phone call; Analyst asking for specific expertise phone call; PMC asking to send out press release; Sponsor query.; etc etc. COMMUNITY OUTREACH Niclas Hedhman notified the PRC that he has accepted an invitation to represent the ASF on a panel on the commercialization of Open Source at the MSC Malaysia Open Source Conference on 1 June. Jukka requested a technical boilerplate for releases; Sally created one: "About The Apache Software Foundation: Established in 1999, The Apache Software Foundation provides organizational, legal, and financial support for more than 100 freely-available, collaboratively-developed Open Source projects. The pragmatic Apache License enables individual and commercial users to easily deploy Apache software; the Foundation's intellectual property framework limits the legal exposure of its 2,500+ contributors. For more information, visit http://www.apache.org/" Shane wanted to know what boilerplates exist: we have the long official "marketing" one http://apache.org/press/media.html#about , the shorter "marketing" one that's used in press releases "the 'who'" at http://apache.org/foundation/press/pr_2009_03_04.html , and the 50-word "technical" one above. Craig forwarded an invitation from O'Reilly to participate in the .org pods on the expo floor of OSCON. Sally will attend, with Justin, Paul Querna, and Craig (possibly others). We selected the booth next to OFBiz (brand continuity!) We approved a draft press release for Hippo Isabel Drost asked that we help publicize the Hadoop GetTogether in Berlin on 25 June (Sally hasn't done this with her editing problems; not sure if anyone else has volunteered to do it) Received request from NLUUG for members of the ASF Board to attend their conference the week before ApacheCon; officially declined but may have someone from EU not attending ApacheCon who may be interested Sander is speaking in Dirk's place at the Fuse OSS Day MEDIA AND ANALYST RELATIONS Lars responded to an inquiry by David Worthington of SDTimes (referred to us by Paul Fremantle) regarding the security development lifecycle within ASF Projects. Sally gave a top-level overview of Hadoop to MIT Technology Review for their Cloud computing roundup; the article is expected to be available after 23 June. Sally briefs analysts Datamonitor for their report on Open Source in the Enterprise technology market Approved draft of press release for Hippo Cote of RedMonk has requested a briefing for Pivot (in the Incubator) Still no decision whether or not to formally engage RedMonk. A formal vote on it is in process. Total media hits during May: 212 BRAND, TRADEMARK, AND LOGO USAGE We're starting to define our trademark policy, including a list of ASF trademarks (checked in), a procedures doc for PMCs to update their websites (trying to write from Larry's email today), and a task list for concretely forming official policy in terms of how we treat and defend our trademarks. Created trademark-plan.txt; key issue is figuring out our trademarks Craig has worked on updating the OpenJPA web site master pages to include Apache trademarks in an obvious but not obtrusive way. See http://openjpa.apache.org/unit-tests.html David Crossley requests that we review trademark statements about Apache Forrest: "Apache, Apache Forrest, the Apache feather logo and the Apache Forrest logo are trademarks of The Apache Software Foundation. Copyright (C) The Apache Software Foundation. Licensed under Apache License 2.0." Larry states that there is no need to the "The" in the name. Larry brings to our attention that "...of potentially far greater importance than the notice itself is our filing of a registration of the copyright with the U.S. Library of Congress. The procedures are simple, online, and inexpensive (~ $40). I'll bet that nobody has budgeted for that." Santiago carried a branding-related discussion over from legal-discuss regarding acceptable trademark usage stemming from a question regarding a VCL project name. He's seeking policy regarding semi-automated permissions for usage of trademarks of services such as hosting providers (who sell Apache Vhosts); (Apache) Tomcat Provider/servlet containers with Tomcat; etc. and that explicit rules stating when it is OK to use the brands are required to minimize the number of queries and erroneous attributions. Larry explained that we're not yet ready for a semi-automated system for our trademarks, as the following situations need to first be clarified: 1) ASF-owned products (e.g., "Apache" and the Apache feather, particularly as distributed by others); 2) applying ASF certification marks to third party goods under certain circumstances (e.g., ingredient brand: "Powered by SpamAssassin", similar to "Intel Inside"; we need to specify and monitor the certification requirements); 3) statements that don't require our permission: "XYZ Hosting for Apache VHosts", "ZZZ Provider for Apache Tomcat", etc.; 4) uses that infringe Apache's trademarks: "Apache Hosting Provider", "Apache Tomcat Provider". Hen stresses that some items cannot be trademarked, such as "Web Services", HTTP, TCL, and XML, as they're not ours. He also shares his concern with broad use of TM on a community website, as it's both a new thing in community-driven Open Source, as well as sends out a strong message with its corporate overtones Received request from HotWaxMedia to pursue the sale of Apache-branded goods. (this also opened up the use of the TM in the ASF name, as well as using the "The" in the name; our suggestion of donating a part of the proceeds to the ASF; and the need to pre-approve the design to ensure it meets our standards) Martijn Dashorst forwarded a request from Craig Tataryn to use the Wicket logo for a brochure and website promoting his training services. Permission granted. Ted Husted responded to an inquiry to use the ASF logo on a South African Web development consultant's Website. Responded that it was approved for the "Powered by Apache" usage only. Larry stated that the information on the ASF Website doesn't tell the whole story, and has offered to draft new trademark FAQ questions for http://www.apache.org/foundation/marks/once the rules are delineated and agreed to. Shane summarized that the current situation is that we're starting to define our trademark policy, including a list of ASF trademarks (checked in), a procedures doc for PMCs to update their websites , and a task list for concretely forming official policy in terms of how we treat and defend our trademarks. He feels that the biggest issue with trademarks is getting enough of the PRC members to vote on basic policy: we need to have the start of a formal policy decided - either by vote of the PMC, or by fiat by the VP, so we can have a base that is truly the policy of the ASF. The next hard step will be working with each PMC to get them to put the TM and "Apache Foo is a product that does blah" statements on their websites. Besides the general complaining that the ASF is becoming too bureaucratic, that will take work working with each PMC and sometimes just submitting patches to the variety of website management systems that different projects use. Shane also stated the issue on trademark-plan.txt is figuring out what we think our trademarks are. First let's get consensus within the PRC of what we think our trademarks are (we can pass any *specific* questions by legal-internal@ later). See http://www.apache.org/foundation/marks/list/ to reference. Larry stated that the feather logo and the graphics and words at the top ought to be standardized by PRC for use by all projects. Trademarks should be used as adjectives, not nouns, with standardized wording at the bottom of our web pages, in small print: "Copyright (C) 2009 Apache Software Foundation. Licensed under Apache License 2.0 (see www.apache.org). Apache and the Apache feather logo are trademarks of Apache Software Foundation." He's hoping there will be a page at www.apache.org that will list all our trademarks, which will become the official list and the official notice. Michael Dick suggested that keeping pages up to date could be problematic. Having a template banner / footer might be well received by a lot of projects, like http://www.eclipse.org/projects/listofprojects.php Martijn is concerned that we seem to be turning into "Trademark Enforcers" Sebastian noticed that the Apache feather logo is used on the main Apache site, www.apache.org, as well as on various project sites, e.g. jakarta.apache.org, httpd.apache.org, etc., but is inconsistent (mirror image, color variances, etc.), where other projects such as lenya.apache.org/ use a completely different version of the feather altogether. Also, that the published SVG version of the feather at: http://apache.org/foundation/press/kit/feather.svg is a mirror image of the one actually used on the ASF website. Bill Rowe moved discussion on example of "Apache Ki" from legal-internal, where Larry stresses that we have to associate that feather indelibly in consumers' minds with "Apache Software Foundation" and with the software available at "www.apache.org". All our other trademarks are secondary to that brand graphic and to the trademark "Apache" itself. We declined the "offer" to purchase apacheproducts.com domain; Larry suggests (internally) that the company 'make a charitable donation of their domain name to our non-profit Apache Software Foundation and perhaps it will prove useful to us later. We remind you that "Apache" is a famous trademark for software from the Apache Software Foundation. Your domain name cannot be used for distributing software or related products or services, by you or any third party, without our express permission.' Go Larry. Henning came across http://www.apachefriends.org/en/contact.html, which reads "XAMPP and Apache Friends are registered trademarks of Kai Seidler." This non-profit German support forum for running Apache web servers fails to mention the Foundation anywhere. We should contact him to include the ASF trademark notice. @@has this happened? Received request to include ASF logo on diploma and technical documentation from course that employs XAMPP-Package. @@has this happened? Larry drafted usage policies for projects in the Incubator and is investigating "first in time use" for projects at the ASF Discussion on distributing ASF Member shirts at ApacheCon HotWaxMedia has requested the use of the ASF logo to produce swag Jim rejected request for use of ASF logo in the ICT Handbook from UK author the image was malformed, and therefore wasn't approved SPONSORSHIP Who will manage Sponsor development (i.e., augment HALO contract vs. retain Delia Frees or another candidate) is still undecided. In the meantime, Sally is continuing stewardship-related activities. Shane wants us to formalize record-keeping for sponsor activities. Google has committed to renew for 2009 at the Platinum level; Geir has processed their invoicing against the Google purchase order. In addition, they have agreed to pay the ASF 50% of the back money owed during the 2007 time period. Progress/IONA has committed to renew for 2009 at the Silver level, and have stated that they are currently processing payment to the ASF. Once their renewal is in place, we need to update the Sponsor Thanks page to "Progress Software" and their logo, vs. IONA. HP has committed to renew for 2009 at the Silver level, but have asked that we extend them Gold Sponsorship status a.k.a. "Vermeil/upgraded Silver" level in recognition of their contributions. We also forwarded a copy of their CCLA per their request. SpringSource/Covalent has committed to renew for 2009 at the Silver level, and will be in touch regarding when we should invoice them. They stated that the chance for us to reclaim back money due is extremely slim, as this was initially a Covalent budget line item; now that the company is gone (acquired by SpringSource), the funding is no longer available. However, they will see if they can do something for us. In addition, they would like to keep their cash contribution to 75% of the Sponsorship value, with the maximum allowed 25% allocated to in-kind contributions (e.g., donation of teleconference bridge, hardware, etc.) Once their renewal is in place, we need to update the Sponsor Thanks page to "SpringSource", along with their logo, vs. Covalent. Matt Mullenweg confirmed he renewed his Bronze Sponsorship in January 2009 Tetsuya Kitahata confirmed that he will not renew his Bronze Sponsorship. FUNDRAISING Ross Gardler suggested we consider using CiviCRM to track smaller donations should we choose to pursue a formal method for this. Karl Fogel offers his help as well: "feel free to ping me privately, or find me on irc.freenode.net ("kfogel")." Larry invited Donald Lobo and his sponsors from CiviCRM to become ASF Sponsors, as they collectively donate more than $500K annually to various foundations and seem amenable to switching over to the Apache license. Sally to follow up, pending Board decision on who will oversee Sponsor development. ----------------------------------------- Attachment 6: Status report for the Apache Infrastructure Team Tony Stevenson completed phase 1 of the LDAP migration, migrating user accounts on people.apache.org into LDAP. Sander Striker promised to someday order a replacement disk for aurora (websites) and have it shipped to Bart van der Schans in the Netherlands. The SAS cable we RMA'd back to Provantage was returned back to us as an invalid RMA. We have procured an UPS shipping label from Provantage and are attempting to resend it. Infrastructure has made a request to PMC chairs to help us with Phase 2 of the LDAP migration: bringing groups into LDAP. The majority have complied, while a large number of PMC's have yet to do so. IPv6 support was disabled until we are better positioned to be able to monitor and maintain it. Henk Penning continued to keep a careful eye on the mirroring system. Brian Fox continued his support for the Nexus installation at repository.apache.org. Mark Thomas upgraded our Bugzilla instances to the latest version. Chris Rhodes was voted in as a new Infrastructure committer. Gavin McDonald continued to enhance our buildbot service at ci.apache.org. ----------------------------------------- Attachment 7: Status report for the Apache Travel Assistance Committee General News ============ Forgot to mention in last months report, we scheduled an online IRC meeting to discuss the lead up to AC US 09. Unfortunately it never happened, so trying again for perhaps 1st week of July. Sent a request for Invoices for what we owe for AC US 08 and AC Europe 09 to SCP via the planners-eu-09 list. Feedback from a board member and from other TAC list members - including those that represented TAC on the ground at the previous 2 ApacheCon events indicates a strong need to have someone on the ground at future AC events to specifically deal with and look after TAC attendees. I sent an email to the board list (2nd June) asking if I needed to alter our resolution to allow for funds to be allocated to help such a person offset some/all of their expenses to an AC event, or if we could just go ahead and allocate funds for that purpose. Still awaiting replies on that one. No other news at this time. ----------------------------------------- Attachment A: Status report for the Apache Ant Project * Current Releases Ant Core -------- Ant 1.7.1 was released on June 27, 2008. Ivy ---- Ivy 2.0.0 was released on Jan 20, 2009. * Community No issues. Ant continues to tick over. Most recent commit activity is around the Ivy project. We are close to releasing IvyDE, an eclipse plugin for Ivy ----------------------------------------- Attachment B: Status report for the Apache APR Project The activity on the project in the last 3 months (Mar 9 2009 to Jun 18 2009) was as follows: APR trunk: 100 commits APR util trunk: 2 commits APR 1.4.x: 10 commits APR util 1.4.x: 15 commits APR 1.3.x: 14 commits APR util 1.3.x: 22 commits APR 0.9.x: 4 commits APR util 0.9.x: 8 commits APR iconv trunk: 0 commits APR iconv 0.9.x: 0 commits site: 8 commits Current stable release of APR is 1.3.5, released Jun 5 2009. Legacy release 0.9.18 occurred on the same day. Current stable release of APR util is 1.3.7, released Jun 5 2009. Legacy release 0.9.17 occurred on the same day. Current stable APR iconv release is 1.2.1, released Nov 15 2007. Several security issues have been fixed in the latest round of releases: CVE-2009-1955: apr-util billion laughs attack CVE-2009-1956: apr-util single NULL byte buffer overflow CVE-2009-0023: apr-util heap buffer underwrite On the development front, the trunk of apr-util has been folded into apr. From version 2.0 onward, these two will be one and the same library. ----------------------------------------- Attachment C: Status report for the Apache Archiva Project Releases: * 1.2 was released on March 26, 2009 * 1.1.4 was released on April 22, 2009 * 1.2.1 was released on May 28, 2009 Community * Contributions to revive the webapp Selenium tests are being applied in the trunk version. * 1.2.2 is lined up to fix bugs in the 1.2 release. Issues * No board level issues at this time. ----------------------------------------- Attachment D: Status report for the Apache Attic Project This month Apache Shale entered the Attic, pending INFRA-2072. The process for entering the Attic has been defined: http://attic.apache.org/process.html We are not aware of any projects entering the Attic next month. ----------------------------------------- Attachment E: Status report for the Apache Camel Project Community: * We saw the usual level of intense activity this quarter. * The community continues to grow. * Charles Moulliard is a new committer. Development: * Development continues on both 1.x maintenance branch and trunk. * Camel continues to gain ground as an integration framework. * Final release of Camel 2.0 expected in a month or so. Releases: * Camel 1.6.1 maintenance release. * Camel 2.0-M2 just released. ----------------------------------------- Attachment F: Status report for the Apache Cayenne Project Development * 3.0M6 was released in May 2009 * We are aiming for the next release to be a beta for 3.0 final. * Andrey Razumovsky was elected to the PMC after a productive year as committer Community * Activity on the user and development lists has been steady. ----------------------------------------- Attachment G: Status report for the Apache Commons Project General ======= o Activity on the dev list increasing now since September '08. User list traffic dropped significantly though. o Accepted Sanselan from the Incubator. o Discussions about the future of commons-logging in respect to slf4j. o No new sandbox components Releases ======== o CLI 1.2 http://markmail.org/thread/cd4rnpdrdbdsb5u7 o DbUtils 1.2 http://markmail.org/thread/3vi5ghp22bwvhhwx o Compress 1.0 http://markmail.org/thread/h7xa4n33n5wjsnt5 o Pool 1.5 http://markmail.org/thread/way7wsgcle34lcdd o Pool 1.5.1 http://markmail.org/thread/bkcpvelhkkopbndq Community ========= o No new sandbox committers o New committer - Jim Jagielski - Christian Grobmeier o New PMC members - Mark Thomas (pending) ----------------------------------------- Attachment H: Status report for the Apache Excalibur Project There are no known issues. Nearly zero activity in all places, recently a new idea to migrate the Avalon stuff to OSGi (and maybe collaborate with the Felix project) has been discussed briefly. Maybe this can help to increase the interest in the project a little bit again. ----------------------------------------- Attachment I: Status report for the Apache Felix Project Community * Added two new PMC members: Clement Escoffier and Guillaume Nodet. * Added five new committers: Chris Custine, Hiram Chirino, Freeman Yue Fang, James Strachan, and Gert Vanthienen. * Contribution from Paremus of Sigil OSGi tooling project; this has been voted on and is undergoing the IP clearance process. * OSGi tutorial using Felix Framework given at EclipseCon in late March. * Apache Felix presentation and BOF at ApacheCon EU 2009. Software * Released the following subprojects: o Bundle Repository (1.4.0) - Some improvements to align with the OSGi RFC, but mostly minor. o Dependency Manager (2.0.1) o Dependency Manager Shell (2.0.1) o Framework (1.6.0, 1.6.1, 1.8.0) - The latest release adds more complete support for fragment bundles, bringing Felix ever closer to specification compliance. o Log Service (1.0.0) - Initial release of a very simple OSGi Log Service implementation. o Main (1.6.0, 1.6.1, 1.8.0) - This subproject is released in lockstep with the framework subproject. o Maven SCR Plugin (1.0.10, 1.2.0) o junit4osgi (1.0.0) o File Install (0.9.2, 1.0.0) - Continued improvements and bug fixes. o SCR (1.0.8) o Jetty HTTP Service (1.0.0) - Initial release of Jetty-based implementation of the OSGi HTTP Service. o Shell (1.2.0) - Added some new commands for inspecting framework state and other minor improvements. o Shell TUI (1.2.0) - Minor bug fix release. o UPnP Extra (0.4.0) o UPnP Tester (0.4.0) o Web Console (1.2.8, 1.2.10) * Incorporated the Apache ServiceMix Kernel contribution, renamed to Apache Felix Karaf, into the Felix project. * Peter Kriens' OSGi shell contribution has finished IP clearance and is awaiting inclusion into SVN repo. Licensing and other issues * None. ----------------------------------------- Attachment J: Status report for the Apache Gump Project Infrastructure: * no news is good news. Technical: * during this quarter Gump has gained support for Bazaar, darcs, git and Mercurial - only git support is currently required because JUnit moved to github but we expect projects to pick up the new scm options at Sourceforge or Google Code sooner or later as well. * the installation is happily chugging along with active metadata maintenance Other: * still all Apache committers have access to metadata in svn. * no releases. ----------------------------------------- Attachment K: Status report for the Apache Harmony Project Summary ======= The Apache Harmony community is healthy, and has recently released a new milestone build. The lack of a JCK continues to be an issue for Harmony. Development and Releases ======================== The Harmony community continues to improve the quality of the existing code, with the latest release of Apache Harmony 5.0 Milestone 10 containing over fifty bug fixes, plus numerous JavaDoc enhancements. Our last release was in April 2009. Contributions into the 5.0M10 code base includes: - compatibility: enhancements to ensure the behavior of the runtime is equivalent to that of the reference implementation. - documentation: tidy-up of the license/notice/readme files, and substantial improvements to the JavaDoc in a number of modules. - porting work: in the class libraries for AIX and zOS operating systems. - performance: improvements to string handling and start-up speed were implemented. - testing: additional tests, and enabling of existing tests across all platforms. We have also discussed the option of releasing a reduced footprint runtime, based on the Java 6.0 branch, called Harmony Select, which would be targeted specifically at headless applications. This would be an opportunity to publish the 6.0 code stream early in a useful configuration. Security ======== No reported security incidents this period. Community ========= Apache Harmony featured in a general session at JavaOne this year, with a demo of Harmony running the Eclipse IDE, and Harmony running Roller on Geronimo. There were no changes to the committership or PMC during this period. There are currently 39 committers, of which ~10 were active this period. The Harmony project are participating in the Google Summer of Code program, and discussion with the students who have a project with Harmony is underway on the developer mailing list. --------------- Confidential, not for inclusion in public minutes: ============ A prospective downstream consumer of Apache Harmony contacted us with details of a US patent application that may read on an algorithm we have implemented. The issue was raised with legal-internal where it was noted that the algorithm was described publicly more than one year before the application was submitted. We have decided not to proactively remove the code implementing the algorithm. ----------------------------------------- Attachment L: Status report for the Apache iBATIS Project ----------------------------------------- Attachment M: Status report for the Apache Incubator Project This past month has been a normally good month for the Incubator. There is a project, Traffic Server, that appears to be of interest to the HTTPd crowd.  Another project, VXQuery, is in the process of being sponsored by the XMLBeans PMC. The Incubator is pleased to see that log4php has gained new life, and we wish them much success in this next incarnation of the project. Despite the confusion over when the reports are due this month, almost everyone got their report in.  SocialSite and Wink are the exceptions.  Wink is brand new, and SocialSite only a month old.  We'll look for reports from them in each of the next three months. The issue with Apache JSecurity/Apache Ki having trouble finding a name has been, once again, resolved.  The new name is Apache Shiro. The continued problems of specification publishing organizations permitting IP restrictions on specifications intended for shared use is reflected in this month's WSRP report. --------------------------------------------------- = Ace = Apache ACE is a software distribution framework that allows you to centrally manage and distribute software components, configuration data and other artifacts to target systems. ACE started incubation on April 24th 2009. There are currently no issues requiring board or Incubator PMC attention. Community: * The infrastructure is all in place, community is ready and waiting for the IP clearance process to be completed. * Several people already looked at the donated codebase, and Toni Menzel even has a couple of patches ready. * A logo was designed for the project, which is used in the wiki currently. Software: * Initial codebase and documentation have been donated. * Software grant was mailed twice without success, now faxed it, just got notified that it is on record now. Licensing and other issues: * None at the moment, no code has been committed yet. = Bluesky = BlueSky has been incubating since 01-12-2008. It is an e-learning solution designed to help solve the disparity in availability of qualified education between well-developed cities and poorer regions of China. Finally we committed our source code, though part of the source code, to SVN repository. Now the most urgent things for us is to replace FFmpeg with Theora and Vorbis. We've started to learn Theora and Vorbis but not too much progress were gained. Another bad news is that we are now severely short of hands. Some students are gonna graduate in days. Thus we have to enroll some undergraduate students to our lab. We've already got one and he is now getting familiar with our system. I hope that his participation would help. Next step:  *Continue to learn Theora and Vorbis, try to replace FFmpeg soon; = Cassandra = Cassandra is a distributed storage system providing reliability at a massive scale.  Started incubation: 01/2009.  Opened to community in 03/2009. The original authors of Cassandra from facebook (Avinash and Prashant) have gone back to developing against an internal repository.  We have never seen any involvement from initial committer Dan, either. Despite this setback we continue to make progress; a 0.3.0 release is imminent and two more committers have been nominated, out of six who regularly submit patches.  Cassandra was represented at the recent NoSQL distributed database summit by Avinash and Jonathan and was very well received. Past action items:    * Consensus about the development process.  Done.  Development is done in trunk with branches for releases.  A pre-commit patch review process is followed that will be familiar to most apache committers.    * JIRA permissions and configuration.  Done.    * A bit more information on the web site.  Done. Next steps:    * Get new committers voted on    * Get 0.3.0 release out = Chemistry = Apache Chemistry is an effort to provide a Java (and possibly others, like JavaScript) implementation of the upcoming CMIS specification. Chemistry entered incubation on April 30th, 2009. The incubation process has started well. All the project infrastructure is in place and all initial committers have their Apache accounts. We even increased the headcount of the initial team as David Caruana joined the project as a new committer. Development of the Chemistry codebase has moved to Apache svn and there's been a number or related discussions on the mailing list. Overall the project is still in a startup phase as people are getting oriented with the scope and structure of the project. A number of license headers were updated to match Apache policies. Issues before graduation:  * Stabilize the general interest into a sustainable development community  * Make sure that all licensing details conform with Apache policies  * Create an Apache release of the Chemistry codebase = Click = Click is a stateless page and component oriented Java web framework. Click has been incubating since July 2008. Tasks completed since March: * Released Click 1.5.2, a non-Apache maintenance release hosted at !SourceForge * Graduation to TLP was postponed as the IPMC felt that more PPMC members are needed Top priorities: * Grow the current developer community * Release Apache Click 2.1.0 = ESME = Enterprise Social Messaging Experiment (ESME) is a secure and highly scalable microsharing and micromessaging platform that allows people to discover and meet one another and get controlled access to other sources of information, all in a business process context. ESME entered the incubator in 2008-12-02. The following items have been performed since the last reporting period * Creation of initial draft of Apache Wiki * Dick Hirsch has successfully submitted his Apache CLA * Worked on cleaning up code with a focus on better separation of UI and server code * Creation of branch to deal with access pools prototype The following items are planned for the next reporting period: * Finish work on Apache wiki and replace old forrest site * Merge access pool branch into trunk * Work on new UI Top 2 or 3 things to resolve prior to graduation * Move all collaboration to the esme-dev mailing list * Increase community involvement in the project * Provide instructions for people to build, install and evaluate EMSE by themselves = Etch = Etch was accepted into Incubator on 2 September 2008. Etch is a cross-platform, language- and transport-independent framework for building and consuming network services. The Etch toolset includes a network service description language, a compiler, and binding libraries for a variety of programming languages. On April 16 we announced the availability of a bug fix release (1.0.2) The 1.0.2 release also includes updated licensing information in compliance with Apache standards. A 1.1 release is now being vetted and we hope to vote on it soon. The 1.1 release includes proper package names, bug fixes, enhancements, and also new code contributions in support of c and python bindings (not yet fully functional). Our problem with finding a home for our continuous build continues. Various plans have been proposed and failed due to lack of a Windows-friendly c# build environment. Cisco is no longer hosting our build environment. We need to find a place do public builds. Cisco folks continue to be the primary source of discussion and commits. There are some external nibbles, but none that are ready to pitch-in in a serious way yet. More work needs to be done on the web site to make steps to participation more evident. Work also needs to be done on the build environment to make it easier to get started. Some of the etch committers have left Cisco, more will soon follow. Also in April, Manoj Ganesan (Dell) has been accepted by the incubator pmc to be our newest etch committer. Seth Call and JD Liau have withdrawn from the project. I believe all of the outstanding items are done, but it isn't clear to me (scott) what the process is to check them off. Outstanding items: * Check and make sure that the papers that transfer rights to the ASF been received... * Check and make sure that the files that have been donated have been updated to reflect the new ASF copyright... * Check and make sure that for all code included with the distribution that is not under the Apache license... * Check and make sure that all source code distributed by the project is covered by one or more of the following approved licenses... = Hama = Hama has been incubating since 19 May, 2008. It is a parallel matrix computational package based on Hadoop Map/Reduce. Recent developments: * We implemented the matrix norm and transpose methods. Required before graduation: * More practical examples of matrix manipulation * Increase community size and activity * First Apache release = Kato = Kato was accepted into the Incubator on 6 November 2008. Kato is a project to develop the Specification, Reference Implementation, and TCK for JSR 326: the JVM Post-mortem Diagnostics API Recent Activity: * We produced two implementations of the Apache Kato API - one based on Hprof and another on JVMTI using python. * A Developerworks article on Apache Kato and JSR-326 was published. * The API is being built and Javadoc is available on Hudson. * Builds are now being performed on the ASF's Hudson server * A presentation was given on the Apache Kato API. Recordings are available on the Wiki. * A BOF on Apache Kato and JSR-326 was held at Java One 2009 - BOF-4870. The following is planned for next reporting period: * We will produce an Early Draft Review for the JSR in time to meet it's deadline. * We will build all of the project on the ASF's Hudson server. * We will have a viable reference implementation of the API and TCK. Before this project can be graduated we need to produce a usable implementation of the API and more useful tools to encourage adoption and participation of a much needed community. = Log4php = Log4PHP is a logging framework similar to Log4J, but in PHP. The project entered incubation in 2004, retired and restarted again on 2007-07-04. After some discussions beginning 2009 about lack of committer and community interest, several people showed up their interest in continuing this project. The following people joined the project: * 2009-04-28 - New Committer: Christian Grobmeier * 2009-04-28 - New Committer: Gavin McDonald * 2009-04-28 - New Mentor: Niclas Hedhman * 2009-04-28 - New Mentor: Gavin McDonald Log4PHP now has a PPMC private list - log4php-private at incubator. Current Mentors and existing committers have been emailed asking them to join this list. Several code changes has been done in the following weeks: * Activity on porting log4php to PHP5 * Increased the number of test cases * Cleaned up code and codestyle Next steps: * Finishing php5 port * Cleaning up code * Updating documentation + Website * Try to attract more developers for Log4PHP * Bringing Continuus Integration to a Apache Host (currently hosted on private servers bei Knut Urdalen) * Looking at getting an incubating release done. Issues before graduation: * Still less community interaction = OpenWebBeans = OpenWebBeans will be an ASL-licensed implementation of the Contexts and Dependency Injection for Java EE Specification which is defined as JSR-299. OpenWebBeans entered the incubator in October 26, 2008. The following items have been made after the last report * We released the M2 version * We created additional documentation in the wiki page * We implemented full blown JSF + JPA + OWB application that shows usage of the OpenWebBeans * Gurkan Erdogdu replaces Matthias Wessendorf seat on the JSR-299 EG Belows are the next steps; * We will release the M3 version. * We will create more documentation in the wiki * We will continue to attract new committers into the project. There are some concerns related with the specification and its implementation,  * JSR-299 specification has changed so much from the last draft. It has been having a negative impact on the implementation.  * Last draft specification has a tight integration with Java EE's other specifications so that integration with an EJB, Servlet, Managed Beans etc. with the OWB is unavoidable. So, we have to work closely with other Apache Teams who have been implementing aforementioned specifications to fully implement the JSR-299 and to pass TCK. = RAT = Rat was accepted into the incubator in November 2007 Rat audits releases. Since the last report: * The first release here at Apache was cut (which drew assistance from lurkers) * The code has been simplified with the aim of making it more accessible to new developers We hope to extend RAT to provide a central way of verifying the status of source code in Incubator projects (and eventually all ASF projects). The hope is that by making it more useful to the wonderful ASF committers we will see RAT becoming more functional. The biggest problem that needs to be resolved before graduation is final destination. To graduate as a top level project, significant numbers of new developers would need to be attracted. This would probably require significant energy to be devoted first into extending it's usefulness beyond Apache-like open source projects then raising it's profile. Conversely, ATM there is no candidate top level project which could home Rat as a sub-project (suggestions welcomed). = River = River is aimed at the development and advancement of the Jini technology core infrastructure. Jini technology is a service oriented architecture that defines a programming model which both exploits and extends Java technology to enable the construction of secure, distributed systems which are adaptive to change. River has been incubating since December 2006.  * Recently there has been increased activity in River's development process with the arrival of three new committers: Jonathan Costers, Peter Firmstone and Tom Hobbs.  * AR2 is almost ready for release, and the committers are learning how to use the testing framework from Sun, and gradually move things to JUnit or more commonly understood testing systems.  * For testing reasons, additional server resources might be requested for the jtreg and integration tests; An HTTP proxy (River-306) and KDC server (River-307) are necessary.  * The decision was made to allow developers to use Java 5 new language features and change the com.sun.jini.* and com.artima.* namespaces to org.apache.river.* (River-261) after the release of AR2.  * Efforts are being made for preservation of existing documentation, mail lists and River dependent projects that currently exist outside of River. Sun is closing Jini and RMI mailing lists, including the archives, which contains a wealth of information.  * Consolidation of external Jini projects was discussed as optional add-ons, this discussion is still open, pending River incubation graduation. Mentor's (Niclas) additional reporting; It is good to see new fresh blood getting active in the community and a more positive atmosphere is starting to emerge, and I think the worries in the previous report is decreasing. = Shindig = Shindig is a reference implementation of the !OpenSocial and gadgets stack. The active community has built two parallel implementations of the !OpenSocial and gadgets spec; one in Java and one in PHP. Incubating since: 2007-12-06 High-level status summary during last quarter:    * stable release compliant to !OpenSocial v0.8.1 currently being reviewed by PMC    * updates for !OpenSocial v0.9 are implemented and in production on several sites that support !OpenSocial    * updated http://incubator.apache.org/shindig/ with a new layout and more resources    * held a logo contest and adopted a new logo = SocialSite = DID NOT REPORT = Wink = DID NOT REPORT = WSRP4J = The WSRP4J Project is an implementation of WSRP 1.0 Producer. WSRP is an OASIS specification that describes a protocol which allows portlets to be accessed remotely using Web Services. The WSRP4J Project has been adopted by the Portals PMC, while still in the Apache Incubator, with the intent to eventually graduate as a sub-project of Apache Portals. However, there has been no changes nor real activity in the WSRP4J project for quite some time. While the the interest for WSRP4J might seem to have dwindled, several active Apache Portals committers still belief there is a real potential to reactivate this project, especially in the light of the new WSRP 2.0 OASIS specification. As the only existing "open" standard in this area, interest for a formal release also has been expressed (privately) by several large organizations, including governmental. Furthermore, even while there hasn't been a formal WSRP4J (incubator) release so far, in reality its codebase has been adapted and is in use by non ASF products and projects quite a lot. But the primary reason why further development has been stalled is a legal one with regards to IPR.  Two parties of the WSRP technical committee, IBM and WebCollage, have stated patent claims on the WSRP specification.  See also: http://www.oasis-open.org/committees/wsrp/ipr.php.  Concerning the claims from IBM we think those are not limiting us to produce an ASF compliant release of WSRP4J.  But we are still not sure about the claims from WebCollage. Last year, with the help from legal-internal, we have pursuit to resolve these uncertainties, and there has been preliminary contact with WebCollage, but this has stalled again. We still hope we can resolve this satisfactory, but we do seek further help and legal advise how to proceed. ----------------------------------------- Attachment N: Status report for the Apache Jackrabbit Project Apache Jackrabbit is a fully conforming implementation of the Content Repository for Java Technology API (JCR, specified in JSR 170). The Apache Jackrabbit project is in good shape. We have no board-level issues at this time. o Releases We made the following releases from the 1.5 branch: * Apache Jackrabbit 1.5.4 on April 7th * Apache Jackrabbit 1.5.5 on April 28th * Apache Jackrabbit 1.5.6 on June 4th We also made the first alpha release of the upcoming Jackrabbit 2.0: * Apache Jackrabbit 2.0 alpha1 on June 4th o Legal The current Jackrabbit trunk and the 2.0 alpha1 release have a system dependency to an early "for review only" version of the JCR 2.0 API jar from JSR 283. No major concerns were raised when this case was discussed on the legal-discuss@ mailing list. o Community / Development Jackrabbit was present at the ApacheCon EU where we also organized a quite successful JCR meetup. The CMIS effort that started in the Jackrabbit sandbox has now become the Apache Chemistry project in the Incubator. The other podling with Jackrabbit as the sponsoring PMC, Apache Sling, is just about to graduate into a standalone TLP. The JCR 2.0 specification (JSR 283) is expected to become final in a few months, as soon as we've completed the required RI and TCK work in Jackrabbit trunk. We're producing source-only alpha releases of the 2.0 codebase to give people a chance to review all the new features and to better track our progress. We are also planning to release Jackrabbit 1.6 as the last minor release from the 1.x branch that's still based on the JCR 1.0 API. o Infrastructure We are about to start using the Nexus installation at repository.apache.org for staging and deploying our releases to the Maven repository. ----------------------------------------- Attachment O: Status report for the Apache Jakarta Project Status ====== Note: The board determined that the Jakarta report provided in May was lacking in detail. This report seeks to address this criticism. _From outgoing Chair, Martin van den Bemt_ It has been a while since I reported the last time. In june 2008 I announced that I wanted to be replaced because of time constraints, with no one volunteering. After that however I got caught up with what was happening in my personal life and also was shutdown for over 3 months, which ended up in a long period of silence. Now all major personal events (positive I might add, so please don't worry) have passed, I however still find myself fighting to find time (and energy) to spend at Apache. In the light of this, I hand in my resignation as VP Apache Jakarta. To my relief a discussion about the (in reality already effective) vacancy started and some people stood up to volunteer to take over the position. I myself regret the long absence and silence and I hope it didn't cause to much worry and problems. -- EOM -- _New chair?_ We are in the process of electing a new chair (voting is in progress). Apart from the need to elect a new chair the Jakarta has no board level issues at this time. Releases ======== * Cactus-1.8.1 - January 26, 2009 * BSF-3.0-b3 - April 5, 2009 * JMeter 2.3.3 - May 24, 2009 Subproject news =============== _BCEL_ No activity - maintenance mode. _BSF_ Did a 3.0 beta3 release to fix a bug for a user. Otherwise very quiet. -- sebb, antelder _Cactus_ Cactus version 1.8.1 was released in January. This version fixes a number of bugs, provides a maven2 plugin to cactify WAR and EAR files and a sample application showing how to test EJB3 projects. -- ptahchiev _ECS_ No activity - maintenance mode. _JCS_ There were a bunch of new features added at the end of last year. I'm in the process of fixing a few bugs and plan to cut a tag for a new release in the next month or so. -- asmuts _JMeter_ Lots of fixes and incremental improvements have been made to the JMeter code. JMeter user list is quite busy. There are a good few experienced JMeter users who help out with user questions. JMeter 2.3.3 was released on May 24. -- sebb _ORO_ No activity - maintenance mode. _Regexp_ No activity - maintenance mode. _Taglibs_ Standard Taglib (implementation of JSTL) migrated to Maven2. All non-deprecated Taglibs have migrated to Maven2. Discussing possibility of Taglibs moving to Tomcat with the Tomcat PMC. Random, Datetime and I18N taglibs deprecated (aka retired). An RDC 1.1 release is planned next month. -- bayard, rahul _Retired Projects_ * Slide [Report edited and submitted by Scott Eade with contributions by many.] ----------------------------------------- Attachment P: Status report for the Apache Labs Project Apache Labs hosts small and emerging projects from ASF committers. [SUMMARY] Nothing that requires board attention at this time. [DETAILS] == Labs Statistics == - new: 3 - status changes (last 3 months): 2 - orthrus (moved to Google Code) - vysper (moved to Apache MINA) - total number: 27 - active: 23 - idle: 1 - promoted: 1 - completed: 2 - labs with commits: bananadb, orthrus, magma, vysper, pinpoint, consite, clouds, penihip == New Labs = clouds (PI Steve Loughran): This is a special lab. It's not about code. It's about documentation of cloud related projects at Apache and provides general cloud info. Besides Steve, Robert Burrell Donkin is a major contributor to it. In Clouds' own words, its about "Architecture, tools and tests for integrating Apache products into to 'the cloud'". consite (PI J. Aaron Farr): consite is about "conference website management". The lab consists of "a web application for managing apachecons". penihip (PI David Crossley): penihip is a tool generating "new words by applying a caesar cipher to existing words". == Re-activated labs == None. == Completed labs == Orthrus (PI Paul Querna) has moved out of the ASF realm over to Google Code. Vysper lab (PI Bernd Fondermann) has been completed. Apache MINA voted to take it aboard as a subproject. Code and issues are already moved over, with confluence pages still to be done. == Outreach == There was a proposal to use the new blogging facilities to tell about new labs and maybe have a 'Lab of the Month' entry once in a while. Not much feedback on this. == Labs & Google Summer of Code == It has been discussed whether or not Labs can have GSoC students. The concern was that Labs does not provide a sufficient environment for mentoring and learning Open Source 'The Apache Way'. In the end, this also became the general consent. For reference: A substantial part of that discussion has taken place on the committer-only code-awards@a.o. list. For the Vysper lab (which already received interest from students at that point) we compromised to let it take students as a lab, if only the lab would move out immediately to some of the other projects where community is more homogeneous. This destination has now become Apache MINA. Michael Jakl gained a GSoC student slot for the Vysper lab for implementing the PubSub extension spec. == Lab hacking == Magma again saw many commits this months. Clouds received a number of contributions to its confluence pages. ----------------------------------------- Attachment Q: Status report for the Apache Lucene Project === Lucene Status Report: March, 2009 === TLP -The PMC voted to create a new subproject named the Open Relevance Project designed to collect and distribute collections, queries and relevance judgments for search (and other) testing. -The PMC added Mahout committers Sean Owen and Ted Dunning. -The PMC added PyLucene committer Andi Vajda. -The PMC added Nutch committer Dennis Kubes. LUCENE JAVA Lucene Java is a search-engine toolkit. Development has been active and we are working towards the release of 2.9. Lucene added Uwe Schindler as a core committer. SOLR Solr is a full text search server. Development and the community is active. Solr is working towards the release of 1.4. Solr added Mark Miller and Noble Paul as committers. NUTCH Nutch is a web-search engine: crawler, indexer and search runtime. Nutch 1.0 was released on March 28, 2009. Development is active, though slow. A major redesign and re-targeting of the project is planned and under discussion. LUCY Lucy is a C-based port of Lucene Java. Discussion has picked up on the Lucy dev mailing list and signs are positive, but we are still monitoring the project for viability. LUCENE.NET (incubating) Lucene.NET is a .NET based port of Lucene Java. Development and the community are active. Incubating project needs to look towards graduation soon. MAHOUT Apache Mahout is working towards building a suite of scalable machine learning libraries for text and data mining. Mahout released its first public release, version 0.1, on April 7, 2009. Mahout marked Ozgur Yilmazel, Erik Hatcher and Niranjan Balasubramanian as emeritus committers. PyLucene PyLucene is a Python integration of Lucene Java. Development is active. PyLucene 2.4.1 was first released on April 03, 2009. A refresher release, PyLucene 2.4.1-2, was released on May 23, 2009. TIKA Apache Tika is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Tika 0.3 was released in March, and we are planning to release version 0.4 soon. Tika development continues at a steady pace with no major roadblocks in sight. A Solr-based search feature built and hosted by Lucid Imagination was added to the Tika web site. ----------------------------------------- Attachment R: Status report for the Apache OFBiz Project Report for Jun 2009 for OFBiz (Open For Business) as a top level project. The Apache Open For Business Project (Apache OFBiz) is an open source enterprise automation software project. By enterprise automation we mean: ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM, and so on. Community: - No new PMC members have been added and no new committers have been added. Project: - The stable release09.04 branch was created on 17 April 2009, SVN revision 765913. The last release branch was done a bit over 2 years ago. - Worked with the PRC to write and distribute a press release about the new release branch. - The project web site has been redesigned and is deployed on http://ofbiz.apache.org - Significant new development continues, for highlights see: http://docs.ofbiz.org/display/OFBIZ/Main+New+Features - Community interaction remains strong: user mailing list traffic is about 75% of what is was in the last quarter, dev mailing has nearly double the traffic, and the commits remain about the same. This confirms a trend that seems to be happening where there is more collaboration per commit than has been done previously. - There is an effort underway to make additions to OFBiz to make it suitable to run the project itself (and replace Jira, Confluence, etc); there is no ETA for this but the effort is underway. ----------------------------------------- Attachment S: Status report for the Apache Portals Project -- New releases -- The Apache Portals team released three new Portals projects, all aligned to the new Portlet API 2.0 specification (JSR-286) on May 28, 2009: * Version 2.2.0 of the Jetspeed Enterprise Portal * Version 2.0.0 of the Pluto Container * Version 1.0 of several new Portals Applications -- New committers -- none -- Status -- 1. Pluto 2.0.0 released on May 28, 2009 Fully compliant to JSR-286 Portlet API 2.0 Specification Release Completed all work on Portlet 2.0 Specification compliance. Passing 2.0 TCK. Refactoring is completed. Jetspeed 2.2 and Pluto 2.0 are now back in full alignment of trunks. Post release commit activity has slowed down, to be expected, people worked hard on putting out this release. Activity on the users and dev lists has been moderate. The release seems stable, only a few problems reported. 2. Jetspeed 2.2.0 released on May 28, 2009 The most important effort of this release was JSR-286 (Portlet 2.0) conformance. Major New Features include: * Portlet API 2.0 Support and Compliance * Inter-Portlet Communication via Events * New High Speed Preferences Database Storage * New Extensible Security Model with LDAP Synchronization * Improved Documentation including 5 New Guides (Users Guide, Admin Guide, Developers Guide, Build Guide, Deploy Guide) * New Improved Administrative Portlets * New Skins * New Maven-2 Custom Build * Improved integration support for popular web development frameworks like Wicket, Spring MVC, JSF, and Struts Post release commit activity has slowed down, to be expected, people worked hard on putting out this release. Activity on the users and dev lists has been lower than expected. The release seems stable, only a few problems reported, mostly related to Maven build. We are working on a Roadmap for the 2.2.1 release and expect development to pickup heavily over the next few weeks. 3. Portals Applications 1.0 released on May 28, 2009 (I'll explain what this project is, since its a new, 1.0 release) Apache Portals Applications (APA) is a new collaborative software development project existing under the Apache Portals project. APA is dedicated to providing robust, full-featured, commercial-quality, and freely available Portlet Applications under the Apache license developed at the Apache Software Foundation. The APA project releases 1.0 versions of the following Portlet Applications and components, all targeted at the Portlet Specification 2.0 (JR-286): * Gems - A collection of reusable portlets including Flash, Google Maps, File, Event and Browser portlets. * Database Browser - A portlet application dedicated to the development and database portlet development including scrollable lists and data entry forms * Demo - A portlet application dedicated to learning Java and Groovy portlet programming and tutorials, as well as some helpful weather and bookmark portlets * RSS - A portlet application dedicated to the development of RSS portlet features * Web Content - A portlet application dedicated to the development of Web Content rewriting and IFrame based web content. * Logging - Apache Portals Applications Logging, (APA Logging), is a utility library used to setup and deploy logging to portlet applications Post release commit activity has slowed down, to be expected, people worked hard on putting out this release. Activity on the users and dev lists has been almost non-existent. The release seems stable, no problems reported. We expect development to continue on some of these sub-projects, but in my opinion we need to improve the community by getting more vendors and end users involved. IMO, the problem is that the Portlet API just hasn't received as much acceptance as anticipated. I believe we should look into supporting more accepted portal and mash-up standards relevant to our project's charter such as Gadgets. 4. Conformed to Maven/Nexus standards at Apache The release process took a lot longer than usual this time around. Our goal was to cleanup and improve our release process, and align with and learn from other projects at Apache. We invited developers from Geronimo and Maven to review our release process, and help us improve the process. We used Nexus to manage our Maven repositories at Apache. We hit a few bugs with Nexus that slowed us down on the first release, but once we got past that, the two other releases went quickly. Nexus really helps. ----------------------------------------- Attachment T: Status report for the Apache Quetzalcoatl Project This report is a repeat of the previous one: No new developments to report for Quetzalcoatl this quarter. No new versions released, no major issues discovered. The pace of development and Jira issues is very very slow. ----------------------------------------- Attachment U: Status report for the Apache Santuario Project Berin Lautenbach says: Well it's been a long time since I did a report which is clearly an indication it is time for me to move on. With this report I therefore wish to resign from the Chair position in Apache Santuario. A vote within the project has endorsed Raul Benito as our recommendation to step into the chair position, and I have attached a draft resolution at the base of this email. In terms of activity in the project, we have seen a number of bug fixes in both versions of the library and work has commenced on version 1.5 of the C++ version. No changes in the committer base, but we are expecting an additional committer by the time we next report. ----------------------------------------- Attachment V: Status report for the Apache ServiceMix Project We have release ServiceMix 4.0.0, which includes a bunch of subprojects released: * a set of 21 osgi bundles for third party dependencies * ServiceMix Kernel 1.1.0 * ServiceMix NMR 1.0.0 * JBI components 2009.01 release * 4 maven plugins (depends-maven-plugin 1.1, features-maven-plugin 1.1, jbi-maven-plugin 4.1, xfire-maven-plugin 4.1) * ServiceMix Utils 1.1.0 * ServiceMix 4.0.0 Following our JBI component roadmap, a new component has been released: * ServiceMix Exec Apache ServiceMix Kernel has been donated as Karaf to the Apache Felix TLP and a few committers have been granted commit rights to Felix to continue the work on Karaf. We are mentoring a Google Summer of Code project: Marcin Wilkos is building a web-based management console for ServiceMix 4 on top of the Felix Web Console. At this time, most of his work is targeted at the new Apache Felix Karaf project. From an infrastructure perspective, we started using Hudson for doing CI builds. The Apache infra team has also set up the Nexus instance at http://repository.apache.org so we can now use if for staging our releases under vote. There has been no new committers / pmc members this quarter. ----------------------------------------- Attachment W: Status report for the Apache SpamAssassin Project ----------------------------------------- Attachment X: Status report for the Apache Synapse Project Notable Happenings: ------------------------------ We are still working hard towards the Synapse 1.3 release! We expect it in the next month. We have an open question to the legal team regarding a committer and the CCLA that is an ongoing issue. Community ---------------- We believe the community is continuing to grow in terms of mailing list traffic, JIRA contributions, patches. We voted in a new committer Saliya Ekanayake. Export controls ---------------------- We have now done our TSU notification and the latest release has the correct documentation. The next release will ship with the BouncyCastle JAR that excludes the patented IDEA algorithm. ----------------------------------------- Attachment Y: Status report for the Apache Tiles Project It has been a very quiet quarter for Apache Tiles. There have not been any releases or community changes. Traffic was noticeably slower on the users@ list as well. Even so, there has been enough discussion to indicate continued interest in Tiles and its further development. ----------------------------------------- Attachment Z: Status report for the Apache Tomcat Project Summary -------------- The project continues to be active on a number of fronts. There are no issues requiring Board attention at this time. Releases ------------- We have released Tomcat 6.0.20. Tomcat 6.0.19 was not released due to some small packaging localization issues. We are currently in the release process for 5.5.28 and 4.1.40 versions. Tomcat 4.1.40 is likely to be the last 4.1.x release. Mod_jk 1.2.28 was released with numerous of binaries for selected platforms. Finally JDBC Pool 1.0.3 was released. Security ------------ We've been working closely with security issue reports and the Apache Security committee on quickly replying to issues, resolving them, and coordinating public disclosures. CVE-2008-5515 - Information disclosure vulnerability When using a RequestDispatcher obtained from the Request, the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory. Fixed and included in 6.0.20 release CVE-2008-5519 - Information disclosure vulnerability Situations where faulty clients set Content-Length without providing data, or where a user submits repeated requests very quickly, may permit one user to view the response associated with a different user's request. Fixed in the mod_jk 1.2.27 release, but was assigned CVE number later. CVE-2009-0033 - DoS vulnerability If Tomcat receives a request with invalid headers via the Java AJP connector, it does not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked from use for approximately one minute. Thus the behaviour can be used for a denial of service attack using a carefully crafted request. Fixed and included in 6.0.20 release CVE-2009-0580 - Information disclosure vulnerability Due to insufficient error checking in some authentication classes, Tomcat allows for the enumeration (brute force testing) of user names by supplying illegally URL encoded passwords. The attack is possible if FORM based authentication (j_security_check) is used with the MemoryRealm. Fixed in the SVN for all major Tomcat branches and included in the Tomcat 6.0.20 release. CVE-2009-0781 - Cross-site scripting vulnerability The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective. Fixed in the SVN for all major Tomcat branches and included in the Tomcat 6.0.20 release. CVE-2009-0783 - Information disclosure vulnerability Bugs 29936 and 45933 allowed a web application to replace the XML parser used by Tomcat to process web.xml, context.xml and tld files. In limited circumstances these bugs may allow a rogue web application to view and/or alter the web.xml, context.xml and tld files of other web applications deployed on the Tomcat instance. Fixed in the SVN for all major Tomcat branches and included in the Tomcat 6.0.20 release. Currently there are no pending security issues. Development ------------------- Development was concentrated mainly on security issues and fixing bugs for the current releases. Jakarta PMC proposed and we accepted to move the JSP Standard Tag Library technologies project (Taglibs) from Jakarta and continue its development inside Apache Tomcat. Also we are currently discussing to reorganize SVN repository to better server the multiple branches and project modularity. Tomcat 7 / Servlet 3.0 is still in the early stages of development. Community ----------------- There were no changes in the PMC membership during this quarter. We are very happy that Konstantin Kolinko joined us as a new committer. We are preparing the Tomcat day for this year Apache Con US, and it seems majority of Tomcat PMC members will be present on the conference giving it's best to promote a 10th year anniversary of both ASF and Apache Tomcat. ----------------------------------------- Attachment AA: Status report for the Apache Web Services Project ----------------------------------------- Attachment AB: Status report for the Apache Wicket Project Apache Wicket is a Java framework for creating highly dynamic, component oriented web applications, and was established as an Apache project in June 2007. Things worthy of note: - Released 1.3.6 and several release candidates for 1.4 - Our newest member Jeremy Thomerson has been building and releasing the release candidates for 1.4 No issues require attention from the board. ----------------------------------------- Attachment AC: Status report for the Apache XMLBeans Project ------------------------------------------------------ End of minutes for the June 17, 2009 board meeting.