The Apache Software Foundation Board of Directors Meeting Minutes September 22, 2010 1. Call to order The meeting was scheduled for 10:00am (Pacific) and began at 10:03 when a sufficient attendance to constitute a quorum was recognized by the chairman. The meeting was held via teleconference, hosted by Jim Jagielski and VMware. 2. Roll Call Directors Present: Shane Curcuru Doug Cutting Bertrand Delacretaz Roy T. Fielding Jim Jagielski Geir Magnusson, Jr. Sam Ruby Noirin Shirley Greg Stein Officers Present: Philip M. Gollucci Craig L Russell Guests: Les Hazlewood 3. Minutes from previous meetings Minutes are found under the URL: http://www.apache.org/foundation/board/calendar.html A. The meeting of 2010-08-18 The minutes of this meeting were tabled until the next meeting. B. The meeting of 2010-09-11 See: board_minutes_2010_09_11 The minutes of this meeting were tabled until the next meeting. 4. Executive Officer Reports A. Chairman [Doug] Thanks again to Sally for helping to arrange our annual face-to-face meeting earlier this month! This tradition pays throughout the year. With the opportunity to better know other directors, we reduce our chances of wasteful flamewars and increase the likelihood of teamwork. Also, dedicating a full day meant we could take the time required to discuss some difficult issues in depth. Last weekend, the Board's mailing list saw another airing of a project's desire to switch from Subversion to Git for source code management (SCM). The Board declined to address this beyond remarking that SCM for ASF projects should continue to run on hosts that the ASF controls and that further details should be worked out directly with the infrastructure team. In particular it seems that infrastructure volunteers are needed to resolve various issues before read/write Git can be fully supported. B. President [Jim] Since the appointment, Justin and I have been coordinating the transition. At this stage, it is mostly moving stuff (contacts, emails, queries) from Justin's plate onto mine; since Justin knew he would be stepping down, he wisely chose to hold off on some issues until his replacement was on board. Signatory and credit card transitions are being handled by Craig, Sam and Geir. The issue of ASF support for git (actually more than just "support" for git, which we do now in some fashion anyway) was brought up again. One result of the thread however is that Nick Burch, Tony Stevenson, Philip Gollucci are planning a small get-together at Atlanta to more fully discuss git, focusing on what it would take, infra-wise, to more fully support git (if possible). I've been in contact with Ebon Worland, our Account Manager at Corporation Service Company (CSC) regarding the officer transition. Sam and I had a concall meeting with Karen Sandler from SFLC, mostly to start the transition process from Justin. Both Sam and I agreed that SFLC had done more work for us than we had been previously aware of, and that we will work to ensure that better "transparency" of SFLC's efforts will be recorded and reported. While at the f2f, I renewed HALO's 6-month extension. The invoice/ bill has been recorded and approved. The RFP for the ASF's Exec. Assistant was released on Sept. 8th. So far we have received some very good candidates. I have followed up with each submitter and hope to have a final candidate by the next board meeting. C. Treasurer [Geir] Books are up to date - $20 discrepancy remains (haven't spent time). Current balances are total cash of $461,436.34 at Wells Fargo and $27,649.12 at Paypal. There have been no lockbox deposits since last report. Tasks Done: - paid D&O insurance In Progress: - bills to be paid - preparation for FY2010 US Tax filing. Still working on QB but CPA and I are active on this - find the $20 discrepancy in checking Statement of Financial Income and Expense - August 2010 Ordinary Income/Expense Income Interest Income 97.06 Total Income 97.06 Expense Bank Service Charges 374.55 Insurance 1,422.00 Postage and Delivery 136.65 Program Expenses Infrastructure Colocation Expenses 518.00 Hardware Purchases 573.00 Infrastructure Staff 16,500.00 Total Infrastructure 17,591.00 Public Relations PRC Travel 2,599.48 Total Public Relations 2,599.48 Conference Expenses 5,779.00 Total Program Expenses 25,969.48 Total Expense 27,902.68 Net Ordinary Income -27,805.62 Net Income -27,805.62 Statement of Financial Position - as of August 31, 2010 Aug 31, 10 Aug 31, 09 $ Change % Change ASSETS Current Assets Checking/Savings Paypal 12,513.63 12,513.63 0.00 0.0% Wells Fargo Analyzed Account 190,622.04 167,521.60 23,100.44 13.8% Wells Fargo Savings 285,745.59 284,410.81 1,334.78 0.5% Total Checking/Savings 488,881.26 464,446.04 24,435.22 5.3% Accounts Receivable Accounts Receivable 100,000.00 0.00 100,000.00 100.0% Total Accounts Receivable 100,000.00 0.00 100,000.00 100.0% Total Current Assets 588,881.26 464,446.04 124,435.22 26.8% TOTAL ASSETS 588,881.26 464,446.04 124,435.22 26.8% LIABILITIES & EQUITY Liabilities Current Liabilities Credit Cards ASF Credit Card - Phil Golucci 573.00 0.00 573.00 100.0% ASF Credit Card - Paul Querna 0.00 893.23 -893.23 -100.0% ASF Credit Card - Ruby 940.51 39.90 900.61 2,257.2% ASF Credit Card - Erenkrantz 0.00 1,002.96 -1,002.96 -100.0% Total Credit Cards 1,513.51 1,936.09 -422.58 -21.8% Total Current Liabilities 1,513.51 1,936.09 -422.58 -21.8% Total Liabilities 1,513.51 1,936.09 -422.58 -21.8% Equity Retained Earnings 616,490.28 363,648.74 252,841.54 69.5% Net Income -29,122.53 98,861.21 -127,983.74 -129.5% Total Equity 587,367.75 462,509.95 124,857.80 27.0% TOTAL LIABILITIES & EQUITY 588,881.26 464,446.04 124,435.22 26.8% D. Secretary [Craig] Filing of grants and contributor license agreements is running smoothly. 40 ICLAs; one CCLA; and two software grants were received in August. E. Executive Vice President [Noirin] Nothing to report for the 11 days of holding this role. :-P F. Vice Chairman [Greg] Nothing to report for the 11 days of holding this role. :-P 5. Additional Officer Reports A. VP of JCP [Geir Magnusson Jr] See Attachment 1 B. VP of Brand Management [Shane Curcuru] See Attachment 2 C. VP of Fundraising [Serge Knystautas / Shane] See Attachment 3 D. VP of Marketing and Publicity [Sally Khudairi / Sam] See Attachment 4 E. VP of W3C Relations [Sam Ruby] See Attachment 5 F. Apache Legal Affairs Committee [Sam Ruby] See Attachment 6 G. Apache Security Team Project [Mark Cox / Noirin] See Attachment 7 H. Apache Conference Planning Project [Noirin Shirley ] [verbal report] Starting to ramp up activities around ApacheCon Atlanta. Will follow up with Edd Dumbill regarding Apache track at OSCON. I. Apache Infrastructure Team [Philip Gollucci / Jim] See Attachment 9 J. Apache Travel Assistance Committee [Gavin McDonald / Bertrand] See Attachment 10 The board is concerned about the possibility of ASF being liable for medical treatment due to accidents by attendees whose attendance is sponsored by TAC. Although considered unlikely, TAC will be advised to come up with a disclaimer that attendees agree that ASF is not liable for anything. If travel insurance is deemed necessary by TAC, then the committee is empowered to provide it out of the existing budget. 6. Committee Reports A. Apache APR Project [Jeff Trawick / Roy] See Attachment A B. Apache Archiva Project [Maria Odea Ching / Doug] See Attachment B C. Apache Axis Project [Glen Daniels / Jim] See Attachment C D. Apache C++ Standard Library Project [Martin Sebor / Henri] See Attachment D E. Apache Camel Project [Hadrian Zbarcea / Greg] See Attachment E F. Apache Cayenne Project [Andrus Adamchik / Doug] See Attachment F G. Apache Commons Project [Phil Steitz / Jim] See Attachment G H. Apache Excalibur Project [Carsten Ziegeler / Noirin] See Attachment H I. Apache Felix Project [Richard Hall / Henri] See Attachment I J. Apache Gump Project [Stefan Bodewig / Roy] See Attachment J Shane appreciates the great report and a lifetime of build services. K. Apache Harmony Project [Tim Ellison / Greg] See Attachment K L. Apache HTTP Server Project [William A. Rowe Jr. / Shane] See Attachment L M. Apache Incubator Project [Noel J. Bergman / Sam] See Attachment M There is concern about the Bluesky project. Seems that committers come and go. The project seems to operate outside the ASF. Will this project graduate? AI Sam find out what is going on with this project. N. Apache Jackrabbit Project [Jukka Zitting / Bertrand] See Attachment N O. Apache Karaf Project [Guillaume Nodet / Bertrand] See Attachment O P. Apache Labs Project [Bernd Fondermann / Greg] See Attachment P If labs want to make a release, then they can join the incubator and try to build a community around the code. AI Greg discuss this with lab folks. Q. Apache Lucene Project [Grant Ingersoll / Jim] See Attachment Q R. Apache OFBiz Project [Jacopo Cappellato / Henri] See Attachment R S. Apache OpenWebBeans Project [Gurkan Erdogdu / Noirin] See Attachment S T. Apache Pivot Project [Greg Brown / Doug] See Attachment T U. Apache Portals Project [David Sean Taylor / Shane] See Attachment U V. Apache ServiceMix Project [Chris Custine / Roy] No report was received this month. Please report next month. AI Roy follow up with project. W. Apache Sling Project [Felix Meschberger / Sam] See Attachment W X. Apache SpamAssassin Project [Daryl C. W. O'Shea / Bertrand] See Attachment X Y. Apache Synapse Project [Paul Fremantle / Greg] See Attachment Y AI Greg find out if there is a problem; no releases since 2008. Z. Apache Tiles Project [Greg Reddin / Henri] See Attachment Z AA. Apache Tomcat Project [Mladen Turk / Shane] See Attachment AA AB. Apache UIMA Project [Marshall Schor / Noirin] See Attachment AB AC. Apache Velocity Project [Henning Schmiedehausen / Roy] See Attachment AC AD. Apache Wicket Project [Martijn Dashorst / Jim] See Attachment AD AE. Apache Xalan Project [David Bertoni / Doug] See Attachment AE AI Sam follow up to see if any problems here. AF. Apache XMLBeans Project [Cezar Andrei / Sam] See Attachment AF AI Sam follow up and ask then to report next month. All submitted reports were approved by general consent 7. Special Orders A. Establish the Apache Pig project WHEREAS, the Board of Directors deems it to be in the best interests of the Foundation and consistent with the Foundation's purpose to establish a Project Management Committee charged with the creation and maintenance of open-source software related to parallel analysis of large data sets for distribution at no charge to the public. NOW, THEREFORE, BE IT RESOLVED, that a Project Management Committee (PMC), to be known as the "Apache Pig Project", be and hereby is established pursuant to Bylaws of the Foundation; and be it further RESOLVED, that the Apache Pig Project be and hereby is responsible for the creation and maintenance of software related to parallel analysis of large data sets; and be it further RESOLVED, that the office of "Vice President, Apache Pig" be and hereby is created, the person holding such office to serve at the direction of the Board of Directors as the chair of the Apache Pig Project, and to have primary responsibility for management of the projects within the scope of responsibility of the Apache Pig Project; and be it further RESOLVED, that the persons listed immediately below be and hereby are appointed to serve as the initial members of the Apache Pig Project: * Benjamin Reed * Daniel Dai * Alan Gates * Giridharen Kesavan * Olga Natkovich * Pradeep Kamath * Santhosh Srinivasan * Yan Zhou * Jeff Zhang * Ashutosh Chauhan * Richard Ding * Dmitriy Ryaboy * Thejas Nair NOW, THEREFORE, BE IT FURTHER RESOLVED, that Olga Natkovich be appointed to the office of Vice President, Apache Pig, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed; and be it further RESOLVED, that the initial Apache Pig PMC be and hereby is tasked with the creation of a set of bylaws intended to encourage open development and increased participation in the Apache Pig Project; and be it further RESOLVED, that the Apache Pig Project be and hereby is tasked with the migration and rationalization of the Apache Hadoop Pig sub-project; and be it further RESOLVED, that all responsibilities pertaining to the Apache Hadoop Pig sub-project encumbered upon the Apache Hadoop Project are hereafter discharged. This resolution was passed unanimously by roll call vote. Jim volunteers to help the new project by monitoring the private mailing list for the first few months. B. Establish the Apache Hive project WHEREAS, the Board of Directors deems it to be in the best interests of the Foundation and consistent with the Foundation's purpose to establish a Project Management Committee charged with the creation and maintenance of open-source software related to parallel analysis of large data sets for distribution at no charge to the public. NOW, THEREFORE, BE IT RESOLVED, that a Project Management Committee (PMC), to be known as the "Apache Hive Project", be and hereby is established pursuant to Bylaws of the Foundation; and be it further RESOLVED, that the Apache Hive Project be and hereby is responsible for the creation and maintenance of software related to parallel analysis of large data sets; and be it further RESOLVED, that the office of "Vice President, Apache Hive" be and hereby is created, the person holding such office to serve at the direction of the Board of Directors as the chair of the Apache Hive Project, and to have primary responsibility for management of the projects within the scope of responsibility of the Apache Hive Project; and be it further RESOLVED, that the persons listed immediately below be and hereby are appointed to serve as the initial members of the Apache Hive Project: * Namit Jain (namit@apache.org) * John Sichi (jvs@apache.org) * Zheng Shao (zshao@apache.org) * Edward Capriolo (appodictic@apache.org) * Raghotham Murthy (rsm@apache.org) * Ning Zhang (nzhang@apache.org) * Paul Yang (pauly@apache.org) * He Yongqiang (heyongqiang@apache.org) * Prasad Chakka (prasadc@apache.org) * Joydeep Sen Sarma (jsensarma@apache.org) * Ashish Thusoo (athusoo@apache.org) NOW, THEREFORE, BE IT FURTHER RESOLVED, that Namit Jain be appointed to the office of Vice President, Apache Hive, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed; and be it further RESOLVED, that the initial Apache Hive PMC be and hereby is tasked with the creation of a set of bylaws intended to encourage open development and increased participation in the Apache Hive Project; and be it further RESOLVED, that the Apache Hive Project be and hereby is tasked with the migration and rationalization of the Apache Hadoop Hive sub-project; and be it further RESOLVED, that all responsibilities pertaining to the Apache Hive sub-project encumbered upon the Apache Hadoop Project are hereafter discharged. This resolution was passed unanimously by roll call vote. Bertrand volunteers to help the new project by monitoring the private mailing list for the first few months. C. Establish Apache Shiro Project WHEREAS, the Board of Directors deems it to be in the best interests of the Foundation and consistent with the Foundation's purpose to establish a Project Management Committee charged with the creation and maintenance of open-source software related to application security, for distribution at no charge to the public. NOW, THEREFORE, BE IT RESOLVED, that a Project Management Committee (PMC), to be known as the "Apache Shiro Project", be and hereby is established pursuant to Bylaws of the Foundation; and be it further RESOLVED, that the Apache Shiro Project be and hereby is responsible for the creation and maintenance of a software project related to application security; and be it further RESOLVED, that the office of "Vice President, Apache Shiro" be and hereby is created, the person holding such office to serve at the direction of the Board of Directors as the chair of the Apache Shiro Project, and to have primary responsibility for management of the projects within the scope of responsibility of the Apache Shiro Project; and be it further RESOLVED, that the persons listed immediately below be and hereby are appointed to serve as the initial members of the Apache Shiro Project: * Les Hazlewood (lhazlewood@apache.org) * Kalle Korhonen (kaosko@apache.org) * Peter Ledbrook (pledbrook@apache.org) * Jeremy Haile (jhaile@apache.org) * Craig L Russell (clr@apache.org) NOW, THEREFORE, BE IT FURTHER RESOLVED, that Les Hazlewood be and hereby is appointed to the office of Vice President, Apache Shiro, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed; and be it further RESOLVED, that the Apache Shiro Project be and hereby is tasked with the migration and rationalization of the Apache Incubator Shiro podling; and be it further RESOLVED, that all responsibility pertaining to the Apache Incubator Shiro podling encumbered upon the Apache Incubator PMC are hereafter discharged. This resolution was passed unanimously by roll call vote. It was noted that the PMC includes an Apache Member (Craig). 8. Discussion Items The board went into executive session for 10 minutes. Regarding the Microsoft petition for certiorari that has been circulating on the internet: As Vice President, Legal Affairs, Sam has the authority to speak for the foundation. It is likely that he will represent the ASF to agree to support Microsoft in the petition. 9. Review Outstanding Action Items * Roy: Update /dev with rule that invitation only dev meetings are OK, provided that such meetings are discussed on the dev list, and that all committers are included. Status: not done * Geir: Invoice Google for GSOC Status: Noirin will take this AI * Sam: Investigate Xalan licensing dispute. Status: Instructed the PMC that they are free to proceed - either by applying the patch, rejecting the patch, requiring an ICLA, or even adopting enhanced pedigree requirements such as those that Harmony uses. https://issues.apache.org/jira/browse/XALANJ-2438 * Sam: Resolve the NTLM action item for the Incubator. Status: Pursuing via JIRA (suggest the board action be dropped). Do NOT feel that the various Microsofts non-assert covenants help us, but absent a known patent, this is little different than not having a covenant. Notably Microsoft did not list a patent that applies to this standard when the enumerated patents that apply to other standards. Larry is pursing with Microsoft in parallel. https://issues.apache.org/jira/browse/LEGAL-80 * Doug/Philip: Initiate a discussion as to what items the board should periodically request be included in reports (example: diversity) to the mailing list. (Original context: JackRabbit) Infrastructure section Status: In Progress * Doug: Communicate the need to address the question of xml-security vs Santuario for all the resources, and the fact that board reports are public. Status: In Progress * Jim: Start the process of hiring an EA based on the job description that Sander produced. Status: RFP released. Already rec'ing good, qualified candidates. Jim should have a proposed candidate and budget for next month's board meeting. 10. Unfinished Business 11. New Business 12. Announcements Roy will be unable to attend next month's board meeting; he will have limited availability in general over the next five weeks 13. Adjournment Adjourned at 11:33am (Pacific) ============ ATTACHMENTS: ============ ----------------------------------------- Attachment 1: Report from the VP of JCP late - will give verbal if allowed. Nothing to report - no real news from JavaOne. Expect real news from the October 2 face to face. ----------------------------------------- Attachment 2: Report from the VP of Brand Management No board-level issues noted. Operations And Community ======================== Submitted a [DRAFT] Event Branding Guidelines to concom@ to provide some much more specific rules for third parties running events using our marks; this is becoming a very popular question with many third parties wanting to run Apache project-branded or related events; some of the branding of these events is starting to cause concern. Apache Project Branding Guidelines still awaiting sufficient personal time to kickoff (kindergarten started last week!). External Requests ================= Answered several non-infringing questions from third parties. Received a new report of a third party in Indonesia mis-using our branding; will work with legal-internal@ as needed to review how best to file any appropriate complaints. ----------------------------------------- Attachment 3: Report from the VP of Fundraising Yahoo is due to be invoiced. I need to coordinate with Greg to confirm where the invoice needs to be sent. My biggest concern right now is sponsor maintenance. I feel like I'm handling most other fundraising duties well that are mostly unglorious paper pushing, such as thank you letters, book deals, processing new sponsors, etc... However when I first became the fundraising VP in late 2009, the overriding concern I heard from sponsors and other involved ASF'ers was that sponsors needed more attention. That remains the case as I'm not communicating to them enough. In Boston, I spoke with Sally about how she could help, and how we can coordinate to reach sponsors ahead of the game. I'm going to be sending them notes about ApacheCon to hopefully meet some, as well as letting them know about PR opportunities that Sally has as part of her tasks. We'll work to stay ahead of upcoming events. Greg, Sally, and I have been moving towards looking for more smaller sponsors. We think there would be small-medium corporations that would find the bronze and maybe even silver sponsorship attractive. This would lessen dependence on individual large sponsors, and we think this could scale, though we have yet to determine how to best market that sponsorship. ----------------------------------------- Attachment 4: Report from the VP of Marketing and Publicity STATUS: - Budget: no expenses during this time frame. Jim signed the HALO 6-month contract extension, to begin on 1 October. - Fundraising liaison: the second face-to-face meeting took place with Serge and Sally during the ASF Board Meeting. - Press Releases: no press releases were issued over PRNewsWire during this time. - Informal Announcements: the following announcements were posted on the ASF blog and Twitter feed: -- 30 August: Registration Opens for ApacheCon North America 2010 -- 9 September: The ASF is seeking a part-time Executive Assistant -- 11 September: Announcing The New ASF Executive Officers Special thanks to the Infra team for automating the news headlines from blog post to apache.org home and news pages! The "Did You Know?" Twitter campaign is ongoing. We're still seeking success stories -- please forward to Sally at press-AT-apache-DOT-org. - Media Relations: the ASF blog on ComputerWorldUK launched with the first article published by Bertrand Delacretaz. The ComputerWorld team are fixing their blogging application, so it may take a few more weeks before our next articles are live. - Future Announcements: upcoming announcements include next release of Subversion, next release of Maven, and ApacheCon keynotes + sponsors. - ApacheCon liaison: Sally is working with our new PR team on day-to-day outreach, including securing media coverage, signing on media partners, and placing bylined articles from speakers + planners. - (Non-ASF) Industry Events and Outreach liaison (in partnership with ConCom): -- 30 September-1 October: Open World Forum/Paris -- things seem rather quiet from the organizer's end; we haven't heard from them since early Summer. -- 7-8 October: Lucene Revolution/Boston -- we've been offered free booth space which will be staffed by Glen, Shane, and Sally. -- 13-19 November: Supercomputing (SC10)/New Orleans -- we've been offered the chance to share a booth with the Linux Fund. Sally will likely be there and is following up on this; we'll need at least one other ASF-er there as well. Volunteers welcome! - PR Newswire account: we have used 8 of the 10 pre-paid flat-rate press releases on PR Newswire. The remaining 2 releases are available until 6 October 2010. Our additional set of 10 are available until 30 April 2011. ----------------------------------------- Attachment 5: Report from the VP of W3C Relations No board level issues. The W3C is still contemplating the next steps on the proposed new W3C license. The HTML WG has proposed a schedule for getting to an (initial) last call: http://lists.w3.org/Archives/Public/public-html/2010Sep/0074.html ----------------------------------------- Attachment 6: Status report for the Apache Legal Affairs Committee Progress is being made on addressing the two board level action items: https://issues.apache.org/jira/browse/LEGAL-80 https://issues.apache.org/jira/browse/XALANJ-2438 Microsoft recently filed a petition for certiorari in the US Supreme Court in the Microsoft v. I4I case. Larry is pursuing additional information. The likely outcome is that we should express our support for Microsoft's petition. Mozilla has release a draft alpha of MPL 2, which is intended to be Apache License, Version 2.0 compatible. Pursuant to our discussion in the F2F board meeting, Larry has put out a call for additional attorney volunteers. None of the people identified so far have participated in legal-discuss to date, which is a bit of a concern, but nobody has been ruled out. Absent a General Counsel, we still have the potential problem of "lawyer shopping". I'm looking to identity concrete cases of problems when it occurs. None have been identified since the F2F :-) Meanwhile, we should be able to mitigate this somewhat by limiting access to multiple lawyers to the Officers that routinely would have need to access such resources. I believe that would be President; VP, Brand Management; and VP, Legal Affairs. ----------------------------------------- Attachment 7: Status report for the Apache Security Team Project For August 2010: There continues to be a steady stream of reports of various kinds arriving at security@apache.org. These continue to be dealt with by the security team. 1 Support question 3 Security vulnerability question, but not a vulnerability report 4 Vulnerability reports of which 2 Vulnerability report [hadoop via security@hadoop.apache.org] 1 Vulnerability report [jackrabbit, via security@apache.org] (Was normal bug) 1 Vulnerability report [Traffic Master, via security@apache.org] ----------------------------------------- Attachment 8: Status report for the Apache Conference Planning Project ----------------------------------------- Attachment 9: Status report for the Apache Infrastructure Team Gavin McDonald is in the final phase of migrating all necessary Solaris zones from helios to FreeBSD jails. Hudson master has moved to a new machine (aegis) and begun using LDAP, thanks to Tony Stevenson and Niklas Gustavsson. Jukka Zitting notes it may be time to start experimenting with running Hudson slaves on EC2. Sander Temme is preparing eve (Xserve) for hudson and buildbot usage. Daniel Shahaf patched the downloads script to deal with a potential XSS vulnerability. Unfortunately some stray code wound up in production due to anakia deployment issues, which took the downloads script down for several hours. Sander Striker signed a Dell "letter of liability" for Dutch equipment purchases for SARA. Stefan Bodewig was given full infra karma due to his vmgump contributions. Ulrich Staerk was given full infra karma based on his work on s.apache.org, jira, and confluence. We received 2 disks from Silicon Mechanics and replaced a failed disk in eos(www). The replaced disk will be shipped back to Silicon Mechanics under RMA. We ordered a disk array from Silicon Mechanics to be drop-shipped to Bart van der Schans in the Netherlands for eventual deployment at SARA. Cost was ~$5700. Started up a project for creating a custom CMS for Apache. Initially it will target www.apache.org, with something for people to review around Apachecon in November. Gavin McDonald proposed some new equipment purchases to build our our VM infrastructure. Upayavira completed the domain transfer for ofbiz.org. Ari Maniatis is pursuing hosting an svn mirror in Australia. Don Brown is pursuing the idea of getting support for the Confluence auto-export plugin. Go Don! ----------------------------------------- Attachment 10: Status report for the Apache Travel Assistance Committee Travel Assistance Report September 2010 ======================================= Atlanta ------- We have confirmation from the organizer that Hotel rooms are booked and it seems most people have signed up for the Conference. Tony, one of our Judges and TAC man on the ground has confirmed he is able to attend. As mentioned previously, we have re-opened applications for a brief one week period, for any committers whose circumstances have changed since the initial opening period. We reserved a little bit of budget for this purpose and have added extra questions as to why they did not apply initially and what has changed since then etc. With just over 5 weeks to go, there is not much more to do apart from any final applicants and then work with planners as to what we can get out TAC applicants to help with. Hursley ------- Hursley has ended, Nick/Upayavira whom attended will hopefully provide a summary for us next month as to how it went, was it worth our participation etc. We had one applicant pull out mid-week before the event at the last minute due to a personal injury. We have asked about insurance so we can claim back any costs if possible, the applicant stated he had no insurance. We will amend our question set and requirements in light of this, and will no longer be accepting any applicants unless they can provide proof of their travel insurance. The remaining applicants that did attend were a delight apparently. ----------------------------------------- Attachment A: Status report for the Apache APR Project Releases -------- There have been no new releases from the APR project in this period. There are a handful of fixes ready to release in the current stable branches of both APR and APR-Util. Community --------- New committers: Dan Poirier Philip M. Gollucci Stefan Fritsch Rainer Jung Paul J. Reder Neil Conway Of these six, Neil is new to the ASF as a committer, while the others have been committers on other ASF projects. Additionally, commit access was offered to another member of the community -- Kevac Marko -- but no response was received. This relatively high influx of committers represents a thorough search of candidates for committership and subsequent discussion among PMC members. Approxmiately 45 feature requests and 80 bug reports are open at this time. Mailing list activity has been relatively low for the past four to five months. (One cause may be that there have been no proposed releases being discussed or voted on.) Development ----------- APR and APR-Util are mostly in maintenance mode. The bulk of the commits in this quarter have been for compatibility with more build tool versions or for general cleanup. Issues ------ There are no board-level issues at this time. An ongoing project-level concern is to ensure that adequate attention is paid to members of the broader community reporting bugs and/or providing patches. ----------------------------------------- Attachment B: Status report for the Apache Archiva Project Archiva Board Report for September 2010 ----------------------------------- Below are the important events that happened in the project since the last board report. Releases -------- * Archiva 1.3.1 released on June 18, 2010 Community --------- * GSOC project for staging repositories support and artifact promotion in Archiva by Eshan Sudharaka has been completed. Student was able to meet the requirements that were identified during the proposal period and was given a passing grade. Next step is to review the code which is currently sitting on a branch and merge it to trunk. * No new committers and/or PMC members were accepted during the quarter. Development ----------- * Development on trunk has slowed down. There was a discussion last month to do a milestone release of trunk once the code contribution from the GSOC project is merged. Issues ------ No board level issues at this time. ----------------------------------------- Attachment C: Status report for the Apache Axis Project We voted to release Axis2/Java 1.5.2, which is currently in progress with Andreas Veithen as RM. As mentioned in June, Axis2 core is now fully Nexus enabled, and this will be our first official release using the new system. HUGE props to Andreas for shouldering the brunt of the work cleaning and polishing our POMs in order to get that going. We need to do the same to our other subprojects. Two new committers (Lori Van Gulick and Lahiru Gunathilake) were voted in, and they are both also automatically PMC members based on our current policy. Community participation is light but steady. We could be responding to user concerns a tad faster, but things are going fine, JIRAs being fixed, etc. Yes, we still need to finish moving our website over to axis.apache.org from ws.apache.org so that poor Gavin can get rid of that lingering open JIRA. No other board-level issues to raise. ----------------------------------------- Attachment D: Status report for the Apache C++ Standard Library Project This is a delayed report (by 1 month). Notable changes since previous report (May 2010): Very little project activity since the last report. No significant issues were reported, some some discussion took place on the dev list. An external contributor has submitted a patch of moderate size for review. No new committers or PMC members have been added. Sun C++ has started shipping last stable release of stdcxx, 4.2.1. Future plans: Release the stdcxx 4.2.2 bugfix update. Attempt to increase project activity and find and set up an alternate build and test infrastructure. ----------------------------------------- Attachment E: Status report for the Apache Camel Project Community: * No issues that require the board attention. * The project community continue to grow at the same fast pace. * No new committers or changes in the PMC Development: * Development continues with new features and fixes on trunk * The community started a discussion about moving to a new major release Camel 3.0 * On the 1.x branch we discussed and agree to have one final release in Q4 and then discontinue development of that branch. * We corrected the few issues we had with xml files missing the AL2 license. There are only a few text test files that miss the license now, which I am working on fixing. * We are planning a new camel 2.5.0 release this week. Releases: * Camel 2.4.0 released. ----------------------------------------- Attachment F: Status report for the Apache Cayenne Project Development * Released Cayenne 3.0.1 (September 7), which is a bug-fix release (no new API changes). * Extensive discussion regarding release procedures led to better release artifacts. More specifically, we now have a full buildable source distro, instead of a handicapped one we had before. Binary assemblies are made out of that signed source distro in the spirit of the approach described by Roy Fielding here: [1]. Our revised process is documented here: http://cayenne.apache.org/release-guide.html * Cayenne 3.1 is under development. Most recent activities included refactoring of the core services to take advantage of the new built-in Dependency Injection container. Community * Activity on the user mailing list has been normal. * Hats off to Sally Khudairi for getting the unprecedented press coverage of Cayenne in July. Even though we were late with the press release (Cayenne 3.0 final was out in May) due to the PMC inexperience with these matters, it was still rather successful. A few more articles may still be coming. [1] http://mail-archives.apache.org/mod_mbox/www-legal-discuss/200904.mbox/%3CEA990BCE-46D0-4D06-9067-30203292E067@gbiv.com%3E ----------------------------------------- Attachment G: Status report for the Apache Commons Project General ======= Continued healthy activity across multiple components and responsiveness on both dev and user lists. Two GSOC projects completed successfully, both related to Commons SCXML. A user filed a security report related to Commons Fileupload. [1] The PMC investigated and concluded that the reported issue was not in fact a security exposure in Commons Fileupload itself, but rather a feature request. A patch release including the requested feature was subsequently published. No issues requiring Board attention at this time. Releases ======== Commons Parent pom.xml 16 and 17 Commons Pool 1.5.5 Commons Lang 3.0 Beta Commons Fileupload 1.2.2 Commons Daemon 1.0.3 Commons Compress 1.1 Community ========= * Simone Tripodi (simonetripodi) joined us as a new Commons committer. ----------------------------------------- Attachment H: Status report for the Apache Excalibur Project There are no known issues and nothing else happened. Excalibur is stable and used by some projects. Again, this quarter has been absolutely quiet with zero activity, neither in the mailing lists nor in subversion (and no releases of course). ----------------------------------------- Attachment I: Status report for the Apache Felix Project Community * Added Sanjeeb Sahoo as a committer. Software * Recent subproject releases: o Bundle Repository (1.6.4) o Configuration Admin (1.2.8) o Event Admin (1.2.4) o File Install (3.0.2) - Maintenance release for auto-bundle deployer. o Framework (3.0.1, 3.0.2) - Core OSGi framework maintenance releases. o Framework Security (1.4.0) - Framework security provider implementation maintenance release. o iPOJO Arch for Gogo (1.0.0) - Initial release of Gogo shell command for inspecting iPOJO components. o iPOJO Core, Annotations and Manipulator (1.6.4) - Maintenance release for OSGi-based component framework. o Main (3.0.1, 3.0.2) - Framework launcher maintenance releases. o Remote Shell (1.1.0) - Minor feature improvement release to simple telnet service. o SCR (Declarative Services) (1.6.0) o Web Console (3.1.0, 3.1.2) o Web Console Memory Usage Plugin (1.0.2) Licensing and other issues * Karaf subproject promoted to TLP. * Need to have discussion on how to handle provisional OSGi APIs in our releases. It is not clear if we should include provisional OSGi API since it is not officially released by the OSGi Alliance and is therefore subject to change and/or not always officially sanctioned (i.e., made publicly available by the OSGi Alliance). At a minimum, we need to define an approach to informing users if provisional API is included that it is not [yet] official OSGi API. ----------------------------------------- Attachment J: Status report for the Apache Gump Project Apache Gump is a cross-project continuous integration server. It is different from "usual" CI servers in that it expects the individual project builds to succeed; its purpose is to check the integration of a project with the latest code rather than a fixed version of the project's dependencies. If you want a more traditional nightly build server, Gump is not for you. Use Gump if you want to know when a change in your dependencies breaks your project or when your changes break other projects. Gump's intention isn't so much to be a CI server but rather a vehicle that makes people look beyond their project's boundaries and helps the projects to collaborate. Gump is written in Python and supports several build tools and version control systems. The Apache installation of Gump builds many ASF projects and their dependencies. It started in the Java part of the foundation but also builds projects like APR, HTTPd and log4net. == Summary == Big infrastructure changes, light development, no issues. == Issues == There are no Board level issues. == Community == The Gump project really consists of two parts, the code base for the project and the ASF installations[1] running this code base to build many ASF projects as well as some related projects. The code base mostly does what its current users need so there isn't much development going on at all. No new committers have been added. All ASF committers have write access to the metadata that configure the ASF installations. There are a few people contributing across all projects and a few additional people maintaining the metadata of the projects they are interested in the most. No changes to the PMC. == Development == While migrating to the new servers a few issues with Gump's database access have been identified and fixed. A new "builder" has been added that removes the boilerplate code previously required when installing a file to the local Maven repository. We've managed to build a few projects that have been failing for a long time in Gump - among them the ASF projects Forrest, Lucene, Cactus and big parts of Cocoon. We've also added builds for Solr, Tika and PDFBox. Some projects that have been failing for a long time and will likely never become buildable again have been removed. Also we've disabled a few builds (mostly running some sort of tests) that caused Gump to hang for an hour (Gump's timeout for build processes). == Releases == The ASF installations of Gump work on the latest code base almost all of the time. The project is in a state of a perpetual beta. There have been no releases. == Infrastructure == Our main machine vmgump has been replaced by a brand new virtual Ubuntu machine. The old database has been migrated to keep history. Since the new machine now runs OpenJDK6 rather than an "official" Java environment a few dependencies on Sun VMs have shown up in some project's builds. We used to have a Solaris zone which has now been replaced by a FreeBSD jail. The installation is working very well and we see almost the same build failures and successes on FreeBSD as on Linux. Many thanks to the infrastructure team for the support during the migration - and for all the other stuff you do. == Statistics == As of Sun, 12 Sep 2010 the ASF installations check out a bit less than 200 source trees (113 from the ASF repository) and try to build a bit less than 600 "projects". A complete Gump run takes more than nine hours on vmgump and eight on the FreeBSD jail. [1] the main instance at http://vmgump.apache.org/gump/public/ and a FreeBSD jail at http://gump.zones.apache.org/gump/public/ ----------------------------------------- Attachment K: Status report for the Apache Harmony Project Summary ======= The Apache Harmony community remains healthy, and has recently created new milestone builds. The lack of a JCK continues to be an issue for Harmony, with still no end in sight. Development and Releases ======================== The Harmony community continues to publish regular milestones from the 5.0 SE and 6.0 SE branches. We have just finished a vote on the Apache Harmony 5.0 Milestone 15 and Apache Harmony 6.0 Milestone 3 source and are in the process of pushing them out to the mirrors. These new milestones are primarily bug fix releases with about 70 JIRAs having been fixed between them. In addition to code defect fixing, there is work on a new JSSE implementation based upon OpenSSL. There is also continued work on "Harmony Select", which is a headless runtime profile derived from the existing code, with regular builds now taking place on the Apache Hudson servers. We have had new developers in the project, producing a jdb debug client, and improving our imageio functionality. Traffic on the developer mailing list is steady, representing the increased maturity of the code. People remain responsive to questions and comments. Community ========= There were no changes to the Harmony PMC or committers during the last reporting period, and there are now 50 committers of which ~7 were active this period. The Harmony community includes Google Summer of Code participants who are making a good contribution to the code and community, and a number of new contributors from face-to-face community events. Other ===== As the Board is aware, a recent lawsuit concerning Oracle vs. Google has resulted in various commentators speculating about Google's use of Apache Harmony code. The Apache Harmony PMC have not been notified of any involvement. ----------------------------------------- Attachment L: Status report for the Apache HTTP Server Project Development =========== 2.3.6-alpha was released in June, followed by 2.3.8-alpha in August, which represent trunk activity. 2.2.16 was released in July, corresponding to the current stable branch. Community ========= Stefan Fritsch was added to the PMC. No other changes to commit access or PMC roster in this period. The dev, users and docs lists remain active, while apreq dev is largely quiet at this time. modules-dev continues to provide an active resource for non-ASF httpd module developers. Security ======== The project continues to address issues raised, both 2.2.16 and 2.3.8-alpha addressed security concerns under specific configurations and patches to 2.0 were published. Known bugs and faux-vulnerability reports continue to be referred to the dev@ list for open discussion, with one notable exception; One open issue was deflected to the user agent developers, as the httpd security team determined that the origin of the flaw was not in the server's behavior, and the project awaits disclosure by the appropriate authors before discussing additional resolutions publicly. There are no board level issues at this time. ----------------------------------------- Attachment M: Status report for the Apache Incubator Project In the past month, there have been 12 PMC Additions: Benson Margulies, Scott Deboy, Dennis Lundberg, Maria Ching, Mark Struberg, Bryan Duxbury, Chris Douglas, Tim Williams, Richard Hirsch, James Carman, Andrzej Bialecki, Stefan Seelmann. The Lucene Connector Framework project is seeking to go TLP soon, and wants to change its name. The proposed name of Apache Connector Framework is considered controversial because it takes a generic domain, but does not cover existing HTTPd connectors, Tomcat connectors, Java Connector Architecture, etc. The Board is already aware of the issue, having been asked to weigh in on whether or not the Board would approve Apache Connector Framework as the TLP. The comments so far from the Board mirror those of the Incubator PMC, which is fairly split on whether or not the name is a good choice, or if it is too generic/broad. The PMC voted to incubate Isis, which will "bring together a collection of open source projects that collectively support the rapid development of domain-driven applications." Isis is based on the existing Naked Objects Framework open source project. The PMC is voting to accept: - Gora, which will be "an ORM framework for column stores such as Apache HBase and Apache Cassandra with a specific focus on Hadoop." - Alois, a Ruby-based "log collection and correlation software with reporting and alarming functionalities. There has been some controversy over issue of real-time communication (e.g., chats), but that should be a matter for the Mentors to correct. I would expect the Board and the PMC to reject any attempt of the project to graduate if it fails to move development and decision making to the mailing lists. - Kitty, which will "provide a lightweight utility for managing Tomcat and Geronimo application servers with powerful performance diagnostics and troubleshooting abilities. Based on the Board's input that such is permitted, the Incubator is experimenting with allowing Committers to be voted in by the podlings, directly, without PMC intervention. The PMC voted to graduate Shiro as a TLP. --------------------------------------------------------------- = Aries = Aries will deliver a set of pluggable Java components enabling an enterprise OSGi application programming model. Aries entered incubation on September 22, 2009. There are currently no issues requiring IPMC or Board attention. The following sub-components are actively being developed: * Application * Subsystems * Blueprint * JPA * JNDI * Transaction * Quiesce * Samples There continues to be a vibrant community as shown by the activity on the mailing list this year. We have recently completed our 0.2-incubating release. This is our second release since entering incubation. This release is in support of Geronimo 3.0 which uses Apache Aries. The OSGi Enterprise Compliance Tests have been run against Blueprint, JMX, JNDI and transactions modules and the results have been published to the aries-dev mailing list and are available from the Aries web site Top 2 or 3 things to resolve before graduation: * Build community [done] * Create a release [done] * Address project scope concerns raised during acceptance vote = BeanValidation = Apache Bean Validation will deliver an implementation of the JSR303 Bean Validation 1.0 specification. BVAL entered incubation on March 1, 2010. A list of the three most important issues to address in the move towards graduation. * First release of artifacts - Done * Grow the community and committer base - ongoing * Decide on graduation target of TLP or subproject - TBD Any issues that the Incubator PMC or ASF Board might wish/need to be aware of? * None at this time. How has the community developed since the last report? * New committer Matt Benson has started working on a branch to upgrade to commons-lang v3. How has the project developed since the last report? * 0.2-incubating was released on August 20th. = Bluesky = BlueSky has been incubating since 01-12-2008. It is an e-learning solution designed to help solve the disparity in availability of qualified education between well-developed cities and poorer regions of China. The Summer vacation ranges from July-September, a brand new semester has begun, meanwhile some developers graduated and some fresh developers come. We used to develop RealClass with Anjuta which generates many useless files both hard to maintain and probably violate ASL. I've convey my opinion in dev list and tried to transplant Tserver to QT, and it works and cost me little time. Some of the developers are also interesting in it, we will discuss the next step in dev mailing list. *transplant Tserver's interface from GTK to QT; *Test QT version Tserver and found out it works well; next step: * Discuss starting a branch of transplanting RealClass on dev mailing list. * Gradually transplant and commit source code. = Chukwa = Chukwa is a distributed log collection and processing system built on top of Hadoop. It is a former Hadoop subproject. Bill Graham has officially granted committer access. Jiaqi Tan has accepted invitation of becoming Chukwa commiter, and pending infrastructure to setup committer access. Chukwa mailing lists have been moved into incubator.apache.org. Chukwa 0.5 is in the process of migrating data storage layer to HBase for faster read/write random access. Chukwa Agent has been improved with new REST API for controlling Chukwa Agent operations. = ESME = Enterprise Social Messaging Experiment (ESME) is a secure and highly scalable microsharing and micromessaging platform that allows people to discover and meet one another and get controlled access to other sources of information, all in a business process context. ESME entered the incubator in 2008-12-02. The following items have been performed since the last reporting period * A new committer - Imtiaz Ahmed H E - has joined the team * Final preparations for Release 1.1 with 77 completed JIRA issues! * Planning for Release 1.2 The following items are planned for the next reporting period: * Completion of Release 1.1 * Development work on Release 1.2 Top 2 or 3 things to resolve prior to graduation * Increase community involvement in the project * Another Apache release = Etch = Preliminary board report for Etch due to being late: Etch was accepted into Incubator on 2 September 2008. Etch is a cross-platform, language- and transport-independent framework for building and consuming network services. The Etch toolset includes a network service description language, a compiler, and binding libraries for a variety of programming languages. The activity in the Etch project was very low in the last months. This led to a discussion regarding how to continue with the project. Etch has definitely suffered from the fact that Etch's initial committer team at Cisco was dismantled. This summer the project got its first non-ex-Cisco committers. The mentioned discussion showed the will of some of the committers to drive the project more actively. We want to publish release 1.1 during the next report period. Technically the release package should be ready. A discussion on whether to include the new C binding in this release or the next one has been started. This project definitely needs more drive and more action from the committers to become a viable Apache incubator project. We are willing to do more to make it an active project again. Top issues currently are: * publish release 1.1 * update the web site and documentation * setup a build server on apache's hudson * task planning for release 1.2 Note from Martijn Dashorst (Niclas Hedhman concurs): The mentors proposed to stop the incubation of Etch due of lack of community momentum. The actions put forward by the new committers give some hope that Etch might have a future, so we are going see if the community gains some momentum. As a technology Etch is viable, as evidenced by its use in BMW and other production sites. Our concerns are mostly that the developer community has been dead for over a year with just one (large) commit. Last week did show increased activity, we're going to see if this continues to increase and a viable community arises. = Hama = Hama was accepted into Incubator on 20 May 2008. Hama is a distributed scientific package on Hadoop for massive matrix and graph data. Recent Activity: * We designed the User-Interface primarily for BSP programming. * We made a Job Client, Job Manage System for BSP computing framework. Currently, it works on local system, but we're working hard for distributed system. * We made an BSP examples, e.g., Pi Estimator, Serialize Printing The following is planned for next reporting period: * We'll freeze the features and release a beta when all issues for 0.2 version are fixed. Before this project can graduate we need to encourage more participation in the project and grow the community. = Kato = Kato was accepted into the Incubator on 6 November 2008. Kato is a project to develop the Specification, Reference Implementation, and TCK for JSR 326: the JVM Post-mortem Diagnostics API. Recent Activity: * While Oracle has expressed a continued interest in the JSR-326, there has been no change in the podling's status since the last report in June. * As in June, the project is effectively paused until Oracle's involvement in the Kato podling has been clarified. The credibility of the standard relies on there being more than one major Java VM vendor involved. The following is planned for next reporting period: * To be determined once Oracle's involvement has been established. Before this project can graduate we need to encourage more participation in the project and grow the community. = Lucene Connector Framework = Apache Connectors Framework is an incremental crawler framework and set of connectors designed to pull documents from various kinds of repositories into search engine indexes or other targets. The current bevy of connectors includes Documentum (EMC), FileNet (IBM), LiveLink (OpenText), Patriarch (Memex), Meridio (Autonomy), SharePoint (Microsoft), RSS feeds, and web content. Apache Connectors Framework also provides components for individual document security within a target search engine, so that repository security access conventions can be enforced in the search results. Apache Connectors Framework has been in incubation since January, 2010. It has recently been moved from a planned subproject of Lucene to a planned top-level project. A list of the three most important issues to address in the move towards graduation: 1. A final top-level-appropriate name choice for the project needs to be confirmed 2. Nightly builds and javadoc need to be set up, and a release process needs to be defined 3. The first official release needs to be executed Any issues that the Incubator PMC (IPMC) or ASF Board wish/need to be aware of? 1. We'd like to know whether there is any official Apache position on inclusion of NTLM implementations in ASF projects, since we've gotten mixed signals on this from other developers. This represents a crucial piece of functionality needed to support LiveLink, Meridio, SharePoint, RSS, and Web connectors properly. How has the community developed since the last report? We have had quite a lot of use of the software from most areas of the world, and offers of contribution of connectors as well. ACF now has several regular contributors, in addition to its dedicated user base. The name changes we are undergoing will likely inconvenience many of these users, which is why this is a critical issue to resolve promptly. A book is also planned and will be written over the next nine months. How has the project developed since the last report? Plans for a first release have been executed almost completely. Better tests have been added, although not for proprietary connectors. An API has been added to aid integration support. Tree reorganization has taken place to assist with Maven integration. Online end-user documentation is complete. A quick-start example, based on Jetty and Derby, has been written and should assist novice users in getting set up quickly. = Lucy = Lucy will be a loose port of the Lucene search engine library, written in C and targeted at dynamic language users. Lucy was voted into the Incubator on July 22, 2010. Issues for Incubator PMC or ASF Board: * There are some potential licensing issues that are currently being clarified with legal-internal. The results will have an impact on the starting code base for Lucy and ultimately a significant impact on the podling's momentum. These issues should be closely watched. Progress since the last report: * Mailing lists created * Initial Website created: http://incubator.apache.org/lucy/ * Audit of existing KinoSearch code base for Software Grant has begun. * Legal issues regarding usage of Perl C API header files provisionally resolved (LEGAL-79). = NPanday = NPanday allows projects using the .NET framework to be built with Apache Maven. NPanday allows .NET projects to be converted into Maven projects thus allowing them to fully utilize the other technologies driven by Maven. NPanday has been incubating since August, 2010. The development of NPanday has not yet started in Apache since we are still waiting for the Infrastructure to be fully setup. We still need to finish our importing of the source code from codeplex as well as the information from the issue tracker. There has been a continuous discussion for the plans of NPanday 2.0, some of the major tasks consist of support for .NET 4.0 and VS2010. NPanday Infrastructure Established: * Established mailing lists NPanday questions; npanday-users@incubator.apache.org (subscribe by posting to npanday-users-subscribe@incubator.apache.org) NPanday development; npanday-dev@incubator.apache.org (subscribe by posting to npanday-dev-subscribe@incubator.apache.org) NPanday commits; npanday-commits@incubator.apache.org (subscribe by posting to npanday-commits-subscribe@incubator.apache.org) * Established the committer accounts for the committers from codeplex There are no issues for the Incubator PMC or board at this time. = Nuvem = Apache Nuvem will define an open application programming interface for common cloud application services, allowing applications to be easily ported across the most popular cloud platforms. Nuvem was accepted for Incubation on June, 2010. The Nuvem Project is slowly getting started. The project will be featured at a JavaOne 2010 Session (all demos will be from Apache Nuvem) S314011 - Developing composite applications for the Cloud using Apache Tuscany Mark Little wrote an article about the Nuvem project and how it might relate with libCloud and Deltacloud. http://www.infoq.com/news/2010/08/apache-nuvem = OODT = OODT is a grid middleware framework for science data processing, information integration, and retrieval. OODT is used on a number of successful projects at NASA's Jet Propulsion Laboratory/California Institute of Technology, and many other research institutions and universities. A list of the three most important issues to address in the move towards graduation 1. Port OODT code and license headers into ASF license headers 2. OODT contributions from at least 2 other organizations besides JPL 3. At least one OODT incubating release, hopefully in the first few months Any issues that the Incubator PMC (IPMC) or ASF Board wish/need to be aware of? No, not at this time. How has the community developed since the last report? The OODT community voted in a new committer, Cameron Goodale on July 15, 2010. There have been several contributions from individuals from other organizations, notably the contribution of OODT@Apache logos in OODT-17 by Paul Vee from CHLA, the work on OODT XMLPS from David Kale of CHLA in OODT-29, as well as use cases contributed by Dr. Bruce Barkstrom (in OODT-28). We've also had some more JPL'ers join the mailing lists (Paul Zimdars), as well as another NASA contributor, Mark Foshee from Marshall Space Flight Center. Dan Crichton has been invited to give a keynote at ApacheCon NA. How has the project developed since the last report? OODT was voted into the Incubator by the IPMC on January 22, 2010. Development has progressed at a rapid pace. Chris has input 2 releases into JIRA (0.1-incubating and 0.2-incubating), and currently 18 of the 23 issues scheduled for 0.1-incubating have been completed. Of the remaining 5, 2 of the issues (OODT-3 and OODT-15) are basically finished. OODT-29 (reported by David Kale from CHLA) proposes to contribute a configurable XML product/profile server add on to web-grid (which was imported in OODT-27 by Chris Mattmann) based on Chris Mattmann's existing handler being deployed at CHLA, originally developed on the EDRN project. The remaining 2 issues both involve cleaning up license dependencies (one for the pushpull component in OODT-22 and another for clearing the profile/product server dependency on jacorb in OODT-25). We are *this close* to wrapping up the 0.1-incubating release. We even have a release manager: David Woollard has volunteered to push out the release, with guidance from Chris Mattmann. Probably the most visible development to report is that OODT@Apache now has an official website! http://incubator.apache.org/oodt/. Sean Kelly led the way, with contributions from Chris Mattmann and Andrew Hart and Paul Vee in OODT-16/OODT-17. = RAT = RAT is a Java library that scans files for known licenses and reports files that lack any of them. Three front-ends to said library exist in form of a command line client, an Ant task and a Maven plugin. RAT entered the Incubator in January 2008. RAT 0.7 incubating has been released at June 30th. After the release of RAT 0.7 a discussion of what a matching graduation target for RAT could be started. It seems that most users of RAT think a TLP would be the best fit. Development activity on RAT is very low, a total of six people have committed 59 changes in 2010 - only two people performed more than five commits. At least twenty of the total commits were due to the release process of 0.7. Hyrum Wright is working on a Python based reimplementation of RAT's ideas under the name Mouse inside a lab http://svn.apache.org/repos/asf/labs/mouse/ = River = Apache River is a distributed computing architecture, based on the JSK Starter Kit Source code donated by Sun Microsystems, for the Jini Specification. While generally referred to as a Service Architecture, it might be more easily explained to those familiar with Dependency Injection as a Protocol Independent, Distributed Dependency Injection Architecture, suited to both hardware and software. Instead of depending on Protocols directly for communication, everything is abstracted behind a Java interface, allowing protocols and implementations to be swapped freely, programming languages other than Java can also participate. River has been appointed an additional mentor and has seen much increased activity on the mailing list in recent weeks and months. The next release 2.2.0 is scheduled for December, although some discussion on whether this is a major release or not continues. The Incubator PMC and Apache River PPMC have approved one new committer for the project, the votes passed in August. Current development efforts are still focused on a java.security.Policy Provider with the following features: * Dynamic Grants at Runtime, based on CodeSource, Code Signer Certificate chains , ProtectionDomain or ClassLoader. * Dynamic Revoke of Grant's at Runtime Reviewing newly donated code updates and patches, including: * New CodebaseAccessClassLoader and associated changes * New StreamServiceRegistrar Interface and other additions * New ConcurrentDyamicPolicyProvider Additionally: * Work is being performed on TaskManager by our newest committer * Increasing the test coverage, build process and Ant vs Maven work is ongoing * Entry-level documentation is starting to appear We are experiencing increasing interest on our developer mailing list. 3 most important issues: 1. Code review and acceptance of newly submitted patches. 1. Streamline the build and test process. 1. Get our new committer svn accounts set up and grow our developer pool. ----------------------------------------- Attachment N: Status report for the Apache Jackrabbit Project Apache Jackrabbit is a fully conforming implementation of the Content Repository for Java Technology API (JCR, specified in JSR 170 and 283). The Apache Jackrabbit project is in good shape. We have no board-level issues at this time. o Releases We released one Jackrabbit 2.1 patch release in August: * Apache Jackrabbit 2.1.1 on August 11th o Legal We are aware of the new branding guidelines, but have yet to review our web site and other documentation for compliance. o Community / Development No new committers were added in this quarter. There's been some interest on the user list about people getting more involved in maintaining some less active parts of our codebase. We're trying to encourage and mentor such efforts. As usual, we saw a temporary dip in mailing list and development activity during the summer, but we're already back to normal. The Jackrabbit trunk has seen quite a few improvements especially in access control, thread-safety and performance, and we plan to ship these improvements in a Jackrabbit 2.2 release in near future. We received a vulnerability report through security@apache.org, but the problem turned out to be a normal bug with no security implications. o Infrastructure The new Hudson master seems to be working better than the previous one. ----------------------------------------- Attachment O: Status report for the Apache Karaf Project Community ========= We added the following committers: * Hiram Chirino * James Strachan * Ioannis Canellos James and Hiram were committers before we moved to TLP and asked to get their committership back, so they've been voted in back. Ioannis is a new Apache committer. We also have other active contributors, so we expect some new committers in the coming months. Development =========== No releases this month so far, but development continues towards our next point release of Karaf, with attention coming from users testing new features and suggesting improvements. We expect to release this new version before the end of the month. Issues for board consideration ============================== None so far. The community is growing and healthy. ----------------------------------------- Attachment P: Status report for the Apache Labs Project Apache Labs hosts small and emerging projects from ASF committers. [SUMMARY] There has been moderate activity at Labs in the last quarter. The PMC took care of stati for labs which saw no activity for a long time. We present one issue to the board, please see below. [DETAILS] == Labs Statistics == - new: 2 - status changes (last 3 months): 14 (see 'Housekeeping') - total number: 34 - active: 12 - idle: 15 - promoted: 3 - completed: 3 - labs with commits: magma, penihip, jaxMas, mouse == New Labs = oak (PI: Jukka Zitting): No, not a re-implementation of ancient Java, but "HTTP-based hierarchical resource store", written in JS and Clojure. Mouse (PI: Hyrum Wright): A light-weight license checker and release audit tool (similar to RAT). == Re-activated labs == None. == Housekeeping, Status changes == During the last quarter, we identified all labs with no activity for at least one year. We notified their PIs and - after a vote - changed all their stati to idle, if the PI hadn't himself already taking care of this. This is why we see a lot of labs going to 'idle' this quarter. Here's the list: errbase, dworker, mboxer, dislocate, speedyfeed, apiary, agora, nucleus, discordia, boardcast, webarch, badca, clouds, pinpoint We fixed some DOAP files, too. == Status overview page == Tim Williams coded a script to generate a nice labs status overview[2]. == Community == We welcome Tim Williams to the PMC. == (No) Releases == A lab can't do a release, and we all accept and understand this. More precisely, according to the project's bylaws, the PMC can't vote on a release. On the other hand, committers working on a lab might want to cut releases, either for use outside of the ASF, or simply to signal a certain level of maturity to attract others to the project. For me this makes perfectly sense. I don't think it makes sense to work on a lab without ever wanting to make other people aware of it and make them use it in one way or the other. So it was discussed on our dev ML[1] if private releases are a way to do this, meaning the PI or any other person takes the code, tars it up and calls it a release, without having a Lab PMC vote, and without tagging it "Apache". Now, we'd like to hear the board's general position on this topic, especially any corner cases and gotchas we have to take into account. Thanks for any feedback. == Lab hacking == Same as last quarter: Development activity was low last quarter, mailing list conversations on coding-related topics practically non-existent. [1] http://s.apache.org/X2M [2] http://s.apache.org/labs_tim ----------------------------------------- Attachment Q: Status report for the Apache Lucene Project === Lucene Status Report: Sept, 2010 === TLP The Lucy project has been moved to Incubator where it intends to become a TLP. LUCENE JAVA/Solr Lucene Java is a search-engine toolkit and Solr is a search server built on top of Lucene. The community is very active. The community is working towards 2.9.4, 3.0.3, 3.1 and 4.0 releases. LUCENE.NET Lucene.NET is a .NET based port of Lucene Java. Development appears to have stagnated and the PMC is beginning to look into issues here. Open Relevance Project The Open Relevance Project is a project aimed at providing Lucene and others tools for judging the quality of search and machine learning approaches. The community is not very active, but we don't expect it to be very high volume either. The community has started some discussion around what goals the project should have. PyLucene PyLucene is a Python integration of Lucene Java. Development is active. PyLucene 3.0.2-1 and 2.9.3-1 were released on July 3rd, 2010. As a development milestone, experimental Python 3.1.2 ports of PyLucene and JCC were completed July 12th, 2010. ----------------------------------------- Attachment R: Status report for the Apache OFBiz Project The Apache Open For Business Project (Apache OFBiz) is an open source enterprise automation software project. By enterprise automation we mean: ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM, and so on. We have no issues that require Board assistance at this time. *Releases* - The process of bug fixing the latest release branch (10.04, created in April 30, 2010) is going on (by backporting bug fixes from the trunk); we don't have scheduled a date for the creation of the release from this branch (will be named 10.04RC1) but it should be voted soon *Community and Project* - No new committers or PMC members - Community interaction remains strong, user and dev mailing lists traffic is high - Significant new development continues, for highlights see: http://cwiki.apache.org/confluence/display/OFBIZ/Main+New+Features *Infrastructure/Legal* - we are in the process (INFRA-2625) of transferring the ownership of the domain "ofbiz.org" (the OFBiz pre-ASF domain) to the ASF; this should be intended as a first step in the attempt to get a better control of the domains and resources that deal with OFBiz (this has been discussed in the trademark list) ----------------------------------------- Attachment S: Status report for the Apache OpenWebBeans Project OpenWebBeans is an ASL-licensed implementation of the JSR-299: Contexts and Dependency Injection for the Java EE platform which is defined as JSR-299. OpenWebBeans has graduated from the Incubator in 16, December 2009. Last quarter, we have worked on the following items, * Fixed critical bugs, * Started integration activity with OpenEJB and Geronimo, * Published new releases, * Integrated checkstyle project. Board Issues * There are no issues that require Board attention. Development * Working on refactoring because of integration and performance issues. * Adding new features. New Releases * Released Apache OpenWebBeans-1.0.0-alpha-2 * Released Apache OpenWebBeans-1.0.0-alpha-1 Discussions * We have discussed our commit policy regarding big code check-ins. We have decided that TCK and other test suites must be run and passed successfully before committing such big changes. Community * Development mailing list activity has been increasing over time, * Gerhard Petracek has been accepted as a new committer. ----------------------------------------- Attachment T: Status report for the Apache Pivot Project Apache Pivot is an open-source platform for building rich Internet applications in Java. Development: - Pivot 1.5.1 was released on August 20. Work continues on both Pivot 1.5.2 and Pivot 2.0. Community: - Chris Bartlett was added as a committer in July. Dev and user lists continue to be active. Board: - There are no issues that require the board's attention at this time. ----------------------------------------- Attachment U: Status report for the Apache Portals Project -- New Releases -- none -- New Committers -- none -- Status -- 1. Pluto No new development since 2.0.2 release on June 11, 2010 2. Jetspeed-2 No new releases, bug fixes and several new features developed. 3. Portals Applications No new releases, bug fixes and several new features developed. 4. Portals Bridges No new releases, bug fixes and several new features developed. Development has slowed down for summer after several long release cycles ending. ----------------------------------------- Attachment V: Status report for the Apache ServiceMix Project ----------------------------------------- Attachment W: Status report for the Apache Sling Project Sling is an OSGI-based scriptable web framework that uses a Java Content Repository, such as Apache Jackrabbit, to store and manage content. Sling graduated as a TLP on June 17th, 2009. There are no issues which require board attention at the moment. Community * This period showed strong activity towards the release of the Sling 6 distributable. This shows in a number of bugs being fixed and new functionality being added. * Added Justin Edelson to the PMC (2010/08/26) * Federico Paparoni successfully completed his GSoC project, creating a mini-CMS that will be useful as a substantial example application. * Added Clemens Wyss as a committer (2010/09/17) Releases * 2010/08/03 Adapter Manager 2.0.6, Engine 2.1.0, Settings 1.0.0 * 2010/08/21 Sling API 2.1.0 * 2010/08/25 Web Console Branding 1.0.0, Web Console Security Provider 1.0.0 * 2010/08/27 Authentication Core 1.0.0, Authentication Form 1.0.0, Authentication OpenID 1.0.0, Authentication Selector 1.0.0 * 2010/08/27 Authentication Core 1.0.2 * 2010/08/30 Commons ClassLoader 1.2.0, JCR ClassLoader 3.1.2 * 2010/09/06 Eventing 2.4.0, Commons Threads 3.0.2 * 2010/09/10 JCR API, JCR Base, JCR Content Loader, and Jackrabbit Server 2.1.0 Documentation * Added two non-committer documentation contributors (Jean-Christophe Kautzmann and Alison Heimoz) * Website documentation is steadily improving including the creation of targeted templates like http://sling.apache.org/site/how-to-manage-events-in-sling.html Licensing and other issues * none ----------------------------------------- Attachment X: Status report for the Apache SpamAssassin Project Status report for the Apache SpamAssassin Project - Dan McDonald became our latest mass-check corpus volunteer; we now have enough ham email in our contributed corpus, again, to be able to generate and publish nightly rule updates - we continue to solicit new mass-check contributors; the more ham and spam emails that we can test rules against the better the accuracy of SpamAssassin's published rulesest - development activity is quiet, but no major issues are outstanding - users' list is active; questions get asked and answered ----------------------------------------- Attachment Y: Status report for the Apache Synapse Project Community The Synapse community keeps going well. Mailing list traffic is solid and continuous, with new users on a regular basis. Releases There is a lot of work going on towards a 2.0 release. Board issues None identified. ----------------------------------------- Attachment Z: Status report for the Apache Tiles Project Summary It has been another slow quarter for Apache Tiles with one release and a bit of discussion about future development. Releases Tiles 2.2.2 was released early in the quarter and has been declared GA quality by the Tiles PMC. Development Discussions have started about moving the sandbox development tree to the trunk as a basis for Tiles 3. ----------------------------------------- Attachment AA: Status report for the Apache Tomcat Project Summary: The project continues to be active on a number of fronts. There are no issues requiring Board attention at this time. Releases: Apache Tomcat 7.0.2 - released Apache Tomcat 7.0.1 - not released Apache Tomcat 6.0.29 - released Apache Tomcat 6.0.28 - released Apache Tomcat 6.0.27 - not released Apache Tomcat 5.5.31 - voted (announcement pending) Apache Tomcat 5.5.30 - released Security: We've been working closely with security issue reports and the Apache Security committee on quickly replying to issues, resolving them, and coordinating public disclosures. CVE-2010-2227: Remote Denial Of Service and Information Disclosure Vulnerability Several flaws in the handling of the 'Transfer-Encoding' header were found that prevented the recycling of a buffer. A remote attacker could trigger this flaw which would cause subsequent requests to fail and/or information to leak between requests. This flaw is mitigated if Tomcat is behind a reverse proxy (such as Apache httpd 2.2) as the proxy should reject the invalid transfer encoding header. CVE-2010-1157: Information disclosure in authentication headers The WWW-Authenticate HTTP header for BASIC and DIGEST authentication includes a realm name. If a element is specified for the application in web.xml it will be used. However, a is not specified then Tomcat will generate realm name using the code snippet request.getServerName() + ":" + request.getServerPort(). In some circumstances this can expose the local host name or IP address of the machine running Tomcat. Development: Development was concentrated mainly on fixing bugs for the current releases and pushing those releases out. The GSOC work completed. It was touch and go whether or not it was going to be successful for a while but we ended up with some cool enhancements and additions fixes to Tomcat 7's JMX support which allow a user to configure a working Tomcat instance over JMX from an absolute bare minimum starting point. The student appears to be continuing with their involvement with the project. Tomcat 7 has reached about 10% of total Tomcat downloads (not counting mirrors) which is pretty good considering it is still beta. Community: There was lot of activity on Users list recently and we are planning to offer a commit privileges to couple of most active users that are also willing to be involved into development by providing code patches. ----------------------------------------- Attachment AB: Status report for the Apache UIMA Project Status report for the Apache UIMA Project Apache UIMA's mission: the creation and maintenance of open-source software related to the analysis of unstructured data, guided by the UIMA Oasis Standard. Releases: Maven Build tooling artifacts (e.g., parent POMs, maven helper plugins and resources) that we will be using for our actual releases have been released. This was our first use of the Apache Nexus repository and staging mechanism. We expect a release of UIMA itself, shortly, using this new tooling. 2010-1-26 2.3.0 (Incubator - last release) release of Java SDK, Annotator add-on package, UIMA-AS (Async scaleout), and UIMA-CPP (C++ enablement) Development: Some users complained about the difficulty in getting through the one-time-setups needed to build. Some of this is because we're a bit on the bleeding edge for maven build tooling; some of the difficulties are going away as bugs are fixed in the underlying build tooling. A small annoyance in how UIMA's "ResultSpecification" worked led to a careful examination of a multitude of "corner cases", and eventually, to a complete redo of this part of the code. Jira issues continue to come in and get worked on at a moderate rate, including several in the UIMA-AS (Asynchronous Scaleout) area related to various error recovery scenarios, mostly. A Maven-Central-upload event on Sept. 7 that placed many partial entries for Eclipse 3.6 artifacts (missing POMs and JARs) ended up breaking our builds; this was reported to the maven-dev list, and it is being looked into. We worked around this issue by adding dependencies to our already version-locked-down Eclipse artifacts, to lock down the transitively depended-on Eclipse artifacts. Community: No changes Issues: No Board level issues at this time ----------------------------------------- Attachment AC: Status report for the Apache Velocity Project This has been a quiet period for the Apache Velocity project since the last board report. Anthony Petrelli has reorganized the Velocity Engine code base and build system to be based on Maven. Traffic on the user lists seems slower than typical, with a new inquiry every couple of days. Responses remain fairly quick, with 3 or 4 committers actively monitoring the lists and responding to questions. No new PMC members were voted in since the last board report. There are no issues requiring board attention. ----------------------------------------- Attachment AD: Status report for the Apache Wicket Project Apache Wicket is a Java framework for creating highly dynamic, component oriented web applications. Things worthy of note: - Voted in two new committers and made them PMC members: Martin Grigorov and Peter Ertl. - Released Apache Wicket 1.4.10, 1.4.11 and 1.5-m1 - Started release vote for 1.5-m2 but it was canceled due to a critical bug in submitting forms using Ajax and firefox 3.6. This sparked a new release for 1.5-m2 and 1.4.12, which are both being voted on right now. - Confluence autoexport based CMS was replaced with Jekyll based templating system using svnpubsub to sync with wicket.apache.org - New committers are hard at work fixing bugs, enthusiastically implementing new features, and seem to enjoy getting their hands dirty. - We still have our eye on possible new committers but want to ensure our newest members are in good shape. No issues require the attention of the board. ----------------------------------------- Attachment AE: Status report for the Apache Xalan Project ----------------------------------------- Attachment AF: Status report for the Apache XMLBeans Project ------------------------------------------------------ End of minutes for the September 22, 2010 board meeting.