The Apache Software Foundation Board of Directors Meeting Agenda November 16, 2003 1. Call to order The meeting was scheduled for 7:32PM PDT -0700. A sufficient attendance to constitute a quorum was recognized by the chairman at 7:32pm, at which point the meeting was called to order. The meeting was held at a conference room at the Alexis Park hotel in Las Vegas, site of the concurrent ApacheCon conference. 2. Roll Call Directors Present At Roll: Brian Behlendorf Ken Coar Mark Cox Roy Fielding Dirk-Willem van Gulik Ben Laurie Sam Ruby Greg Stein Directors Absent At Roll: Jim Jagielski Guests: Chuck Murcko (who joined later via conference call) Tina Greene from Security Travel (conference planner) (joined later) Shane Caraveo (attending as an ASF member) Geir Magnusson (wants to talk about TCK license and Geronimo) Brian Fitzpatrick (fundraising) 3. Minutes and supplements from previous meetings A. The meeting of February 26, 2003 Minutes are not yet available for approval. [Sam Ruby] B. The meeting of September 17, 2003 CVS - board:/board_minutes_2003_09_17.txt [Jim Jagielski] Not read yet, so unapproved. C. The meeting of October 22, 2003 CVS - board:/board_minutes_2003_10_22.txt [Jim Jagielski] Not read yet, so unapproved. 4. Officer Reports A. Chairman [Greg] Defaulted to presentation given at the Members' meeting earlier that night. B. President [Dirk] Defaulted to presentation given at the Members' meeting earlier that night. C. Treasurer [Chuck] A repeat of the report from the Member's Meeting: Chuck reports that the foundation has just over $100,000 in its accounts at present, down from $115,000 one year ago. This decline is due primarily to the fact that the Foundation began to assume its own hardware and colocation costs this year. We now have contributions by PayPal as well as by check, which together have offset approximately 25% of the Foundation's year-to-date operating costs. It is unknown whether this percentage will increase next year. ASF continues to maintain a royalty relationship with Jinx Hackwear, but this has not produced any appreciable income to date. ASF fundraising has been limited so far to installing the PayPal link on the Foundation's Contributions web page. Proposals for increased visibility for fundraising activities on the Foundation web site have not made progress, due in part to objections voiced by the membership during discussions on this issue. In the coming year, it will be important for the Foundation to be able to generate income from sources other than those already mentioned, in order to offset the costs of operating our own infrastructure, and reduce the burden of support on those members who contribute goods and services. Additional income will be needed if we choose to undertake activities such as increased public relations activity, or participation in standards groups. D. Exec. V.P. and Secretary [Jim] A repeat of the report from the Member's Meeting: Jim reports that the ASF is receiving a steady stream of CLAs, thanks mostly to the Spam Assassin "donation" and the Geronimo development effort. The present method of handling CLAs is admittedly non-efficient. In many cases the FAXes are of poor quality and hard to read. Plus, it places a burden on infrastructure to know when to create accounts and on PMCs to know when someone can be given commit privs. There is a SOW, of sorts, in infrastructure to streamline this process. Occasionally, other items are received at the ASF "office," such as legal letters (eg: the JBoss letter) or deliveries for members. Items pertaining to the ASF proper, especially legal issues, are brought to the full attention of the board, for discussion and consensus. Deliveries are returned to the sender, with notice of the member's shipping address (obtained from members.txt). 5. Special Orders Pre-A. Discussion with Tina Greene about the payment of ApacheCon speakers Tina "came to apologize to the board for the disaster that paying the speakers became." "This is not excusing my behavior; this is expressing my sincere apology and trying to make amends. I understand this reflects poorly on the convention and the board. We did not get the attendance that I had hoped for, and we lost a lot of money" Tina reported. When it came time to pay the speakers, she was lent the money and started to pay the speakers. Emergencies came up, and she thought more money would come in to pay certain other receivables. She paid 3/4ths of them, but didn't adequately communicate what was going on. This was not premeditated. This year we're close to being in the black. Everyone has now been paid, including Stas as of an hour ago. Now, everyone is paid at the show. "I'm very sorry, the best thing I can do is continue to put on a good show." Now, when speakers check out of the hotel, they are given a check. This has nothing to do with other members of her staff. Brian noted that it seemed that the worst crime was lack of communication, and opinion that Ben agreed with. Dirk suggested that if the problem was simply one of cashflow, then maybe the ASF could help. Tina stated that she believes there is a very strong potential for this show and she still believes passionately in it. There is a lot of momentum in the show now, and changes in corporate climate and attitudes. A. Alter the Chair of the Apache Maven Project WHEREAS, the membership of the Apache Maven Project Management Committee (PMC) have recommended Jason van Zyl to serve as chairman of the Apache Maven PMC; and WHEREAS, the previously appointed chairman of the Apache Maven PMC, Dion Gillard, has stepped down from his position as Vice President, Apache Maven, in favor of Jason van Zyl's appointment to that position. NOW, THEREFORE, BE IT RESOLVED, that Jason van Zyl be and hereby is appointed to the office of Vice President, Apache Maven, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Approved by unanimous vote. B. Rename Perl-Apache Project to the Apache Perl Project RESOLVED, that the Perl-Apache project shall hereafter be referred to as the Apache Perl project, in order to be consistent with other Apache projects, and the Apache Perl PMC shall initially be composed of the current composition of the Perl-Apache PMC. Motion to defer until clarity around item C is achieved, approved. C. Alter the Chair of the Apache Perl Project WHEREAS, the membership of the Apache Perl Project Management Committee (PMC) have recommended Eric Cholet to serve as chairman of the Apache Perl PMC; and WHEREAS, the previously appointed chairman of the Apache Perl PMC, Doug MacEachern, has stepped down from his position as Vice President, Apache Perl, in favor of Eric Cholet's appointment to that position. NOW, THEREFORE, BE IT RESOLVED, that Eric Cholet be and hereby is appointed to the office of Vice President, Apache Perl, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Discussion: has Eric Cholet been asked if he would accept this appointment? Motion to table until Eric is consulted, approved. D. Notification: In July 2003, Greg paid (out of pocket) for the Mirapath equipment, a total of $2187.28. Greg has requested that the ASF issue a reimbursement check for the amount. Discussion: If needed, Brian B. might be able to find the receipt. E. Roy T. Fielding resignation from Board of Directors Roy has expressed his desire to resign from the Board of Directors of the ASF. His written resignation was submitted and accepted. F. Appoint a new Director to fill Roy's vacated position Greg notes there is no requirement in bylaws to fill slot ASAP. There was discussion about appointment versus election as well as the potential candidates. Brian asked if we do this as a public vote, and there was general discussion on this topic. Greg proposed tabling this and taking it to the membership. Ben nominated Brian to run this and Brian accepted and volunteered. There was discussion on whether to use Roy's voter tool for this. It was agreed that nominations would be held for 10 days. 6. Committee Reports A. Apache Ant Project [Conor MacNeill] See Attachment A Sam Ruby clarified ant-myrmidon removal was not a request from Peter Donald, but a suggestion that Peter agreed with. Ken notes they are "cooking with gas" in a good way. Reported accepted by general consent. B. Apache HTTP Server Project [Sander Striker] See Attachment B Reported accepted by general consent. C. Apache Perl Project [Doug MacEachern] See Attachment C There was some discussion on whether the board should revisit the PMC chair change. The general agreement was that we should wait to hear from Eric first. Reported accepted by general consent. D. Apache XML Project [Berin Lautenbach] See Attachment D Dirk noted that there were some issues with xerces-p; there's an ongoing discussion with how that project has no effective peer review, and no effective release process. The suggestion was made that it should be merged into xerces-C. Roy remarked that we've always required three +1's for a release, whereas Dirk noted that it's a problem if CPAN were to point to snapshots rather than releases. Greg indicated that XML's question is whether they can leave release approval up to the PMC individuals on each project and it was noted that the three +1s should be committers, but don't have to be on PMC. This resulted in general discussion about how PMCs can be responsible for oversight. Roy stated that the issue came from himself, not the XML PMC, suggesting that they're not conducting enough oversight. The general consensus was that oversight needs to be *active*, not just passive; Sam states that he can claim credibly that code is peer-reviewed, but not that the PMC is actively overseeing things. Dirk will write mail to XML PMC saying that the board understands their problem, will clarify what oversight means, and that the XML project has gotten too big and we should split it up. And then cover the bases from every committer being a PMC member, to other options for oversight. Reported accepted by general consent. E. Apache Cocoon Project [Steven Noels] See Attachment E No report. F. Fund-raising Committee [Chuck Murcko] See Attachment F Brian Fitzpatrick came to discuss this with the board. There are a number of things that the FR Committee would like to do; There was discussion about putting a link on the front page to Jinx. The recommendation was putting a link that says "buy apache swag" going to Jinx. They would also like to see a small section titled "support the ASF" on www.apache.org with information about how to contribute via paypal, sending a check, donating hardware, pro-bono legal work, etc... A "Thanks" page for companies who are supporting us would also be appropriate and nice to have, with a logo and short mention of the company, up to our discretion. The Fund-raising Committee is seeking guidance on the following items: The would like to see all project pages have a link to "support the ASF" page - Should we require it? They needed to "hunt down" people to put a link to ApacheCon so the current setup isn't adequate or efficient. What does the ASF need the money for? Would like formal appointment of Fitz and Cliff to committee Ken noted that Jinx wants to send 100% of profits to us, so we should do this soon. Greg reminded the Board that the Fundraising committee can make decisions around this. Fitz explained that we need justification for why we're raising money and it was noted that we have a pool of funds that we don't want to dive into, and real colo costs now. Roy stated that need a larger kitty for the defense fund. $1M is minimum for a patent defense. Ken asked if we should allocate a budget for travel for speakers, etc? There was general agreement that it would be a good thing, also boosting Sally's PR budget. Greg moved to add Fitz, Shane, and CLiff Skolnick to the Fund-raising Committee and to remove Roy. This was approved by unanimous consent. Mark noted that LinuxJewelry is saying they were donating profits, yet we have not heard anything nor received any donations. They're Australia based. It was asked that the fundraising committee look into this. This was assigned to Fitz to look into. Reported accepted by general consent. 7. Unfinished Business A. Proposed 2.0 license and related CLA, software grant changes Roy said that he plans to put up a revised version of the license soon. More public review is required and if we get more serious comments, then we should revise again, otherwise it gets put to a vote. Greg brought up the "the PHP thing". Greg volunteers to communicate with PHP about new ASF license and software-grant, to get to closure on this issue. 8. New Business Geir brought up the topic of Geronimo and the "code similarity" letter from JBoss's lawyers. He indicated that the PMC is preparing responses to the exhibits mentioned. He asked if the ASF will want to do a letter back to JBoss's lawyers and asked the next steps. It was agreed that we should continue generating the responses, with help from Geronimo contributers, at which point these will be reviewed by the ASF lawyers. Geir indicated some TCK issues. He noted that the ASF will get a side letter to approve distribution and asked if he could sign the TCK agreement? Greg moved that Geir Magnusson Jr. be named VP, Java Community Process of the Apache Software Foundation (a more proper proposal text will be formulated later). This was agreed upon by unanimous vote. Board acknowledged that Ken added Rich Bowen, Shane Curcuru, and Cliff Skolnick to the Apachecon committee. 9. Announcements 10. Adjournment Greg moves to adjourn at 21:48. This was seconded at which point the meeting was adjourned. ============ ATTACHMENTS: ============ ----------------------------------------- Attachment A: Status report for the Apache Ant Project From: "Conor MacNeill" Date: Thu, 13 Nov 2003 20:42:51 +1100 o Ant 1.5.4 Ant 1.5.4 was released on August 12th, 2003 This was a minor maintenance release of the Ant 1.5 branch. It addressed just two particular problems - the change to the javah entry point in the latest Sun JDK release and the Visual Age tasks. The latter, being only compatible with JDK 1.1, were included to give users of this task a working release prior to the Ant 1.6 release which depends on JDK 1.2+ o Ant 1.6 Beta Two betas of Ant 1.6 have been released to date. Beta 1 was released on 30th Septamber, 2003 followed by Beta 2 on October 17. Ant 1.6 has been well received as it provides a number of new features for simplifying and reusing build components. A short summary of the new features is * Delayed Task construction, Top levels tasks * Antlib - a packaging of ant components into a library * namespace support * macrodef task for composing ant tasks into larger, reusable tasks * scriptdef for building tasks from scripting languages * presetdef for defining tasks based on a specific configuration for another ant task * input management and redirection for exec and java tasks A bucketload of other fixes and changes as described here http://cvs.apache.org/dist/ant/v1.6beta2/ The betas have generated a lot of interesting discussion on the dev list in particular about the operation of macrodef and namespaces. A third beta will definitely be produced. o Legal Issues None. The PMC has received a request from Peter Donald through Stefan Bodewig for the removal of the Myrmidon codebase. The PMC will consider and I expect will go ahead and remove this module from CVS. o PMC meeting the PMC will shortly hold a virtual meeting to consider a few maintenance issues. These include the composition of the PMC, moving inactive PMC members and committers to emeritus status, etc. As previously noted, Diane Holt has indicated that she will no longer be able to act as a PMC member. We thank her for her many contributions to Ant over the years. o Community The dev list has been very active following the 1.6 beta. The discussion has been cooperative and healthy. Likewise the user list continues to be very active. ----------------------------------------- Attachment B: Status report for the Apache HTTP Server Project From: Sander Striker Date: Sat, 15 Nov 2003 13:01:21 -0600 * httpd Both Apache HTTP Server 1.3 and 2.0 have made releases the last quarter. 1.3 releases have been security/bug-fix releases, which is expected given the 1.3 tree is in maintenance mode. 2.0 has made several releases, security related as well as normal. There is effort to push out the first 2.1 release, ramping up to 2.2. Maybe the 2.1 release will see the day of light during ApacheCon. On the dev list there is a discussion about the stagnation of development. Solutions to this problem are being discussed in the thread (subject: the wheel of httpd-dev life is surely slowing down, solutionsplease). There have been several speculations on the cause of the slow-down. The thread is still active. * httpd-docs The docs list has been slow of late, the most significant contribution being Kess' configure docs. There seems to be a temporary lull in contributions. * httpd-test The httpd-test/perl-framework infrastructure (i.e. Apache::Test) is being under an active development. The actual httpd tests repository hasn't changed much. * mod_python There have been several releases made of mod_python. The project is making progress and consistently keeps doing so. One unfortunate aspect is that not enough PMC members are always actively involved with this project, making releases somewhat harder, since votes don't come in quick enough. It would be an idea to track the development in the mod_python area more intensively for a bit to see if there are new potential committers and potential PMC members are available there. * Contributor License Agreement A renewed effort to get a CLA of all contributors on file has started. I hope to report next quarter that we have a 100% coverage. ----------------------------------------- Attachment C: Status report for the Apache Perl Project From: Stas Bekman Date: Sat, 15 Nov 2003 16:25:09 -0800 * Releases mod_perl 1.29 was released on October 13. It is a security release that patches around a security issue introduced by the recently released Perl 5.8.1. The mod_perl 1.x is a maintenance track designed to work with httpd 1.3.x. mod_perl-1.99_10 was released on September 29 with a great deal of new features and bug fixes. The committers believe that this release is one of the last milestones before the long awaited 2.0 release. The mod_perl 1.99 series is a development track designed to become mod_perl 2.0; it works with httpd 2.0.x. Apache::Test 1.04 was released on September 29, and 1.05 was released on October 24. Apache::Test provides a framework which allows module writers to write test suites than can query a running mod_perl enabled server. It is used by mod_perl, httpd and several third party applications. * Development Development on mod_perl 2.0 and Apache::Test is moving at a healthy pace. The collaboration with Perl developers, much needed since mod_perl is quite tied to Perl's internals, has been excellent. mod_perl developers have expressed the wish that their relationship with httpd-dev evolve in the same direction. * Users As always the mod_perl user list is thriving. Usage is growing steadily, with 1.6M or 4.7M sites depending on which survey you look at. * PMC Philippe Chiasson was unanimously voted in as a new PMC member on October 14. ----------------------------------------- Attachment D: Status report for the Apache XML Project General Comments ================ Things have been relatively quiet on the broader project front. The sub-projects are all going well, and the XMLBeans effort is now fully into the incubation process. xml.apache.org has now moved all sub-projects to using the ASF mirroring system, and a consolodated download page has been created for all files in the over-arching project. A fantastic effort from all concerned. PMC === Membership On the PMC membership front, Ilene Seelemann stepped down from the PMC for personal reasons, and Brian Minchau stepped in as the replacement Xalan representative. Erwin van der Koogh was also voted in to become the replacement xml-security representative after Christian stepped down. Oversight Dirk recently raised the question of oversite of the Xerces-P sub-project, particularly around releases of code. There is a feeling that this is too much of a one man shop / no peer review/oversight or peer-reviewed releases. Given that it is a thin layer on C++ we may simply tie it in with xerces-c for the real releases. However this is still under discussion. As an input to this discussion, the PMC would like to understand the board's position on the requirement of an umbrella PMC to vote on all sub-project code-releases. Currently the XML PMC does not do this - we rely on individual PMC members within each sub-project to ensure appropriate processes are being followed. Issues needing attention: ========================= Legal In the August report, we sought the endorsement of the board for the sending of e-mails to submit notification of export of cryptographic code for the xml-security Java and C++ libraries. This was discussed, but no final conclusion was indicated on board@. The e-mails below are proposed, and it is suggested (subject to board approval) that these come from Berin Lautenbach as the chair of the XML PMC. We would also like to understand whether it is permissable (given recent discussions between Ben Laurie and the FreeBSD folk) to release compiled versions of the libraries. EMAIL 1 - Java Code To crypt@bis.doc.gov, enc@ncsc.mil, enc@ncsc.mil Subject TSU NOTIFICATION SUBMISSION TYPE: TSU SUBMITTED BY: Berin Lautenbach SUBMITTED FOR: Apache Software Foundation POINT OF CONTACT: Apache's XML Security Project PHONE and/or FAX: security-dev@xml.apache.org MANUFACTURER: N/A PRODUCT NAME/MODEL #: XML-Security-J Library ECCN: 5D002 NOTIFICATION: Web site - http://xml.apache.org/security/Java CVS repository - http://cvs.apache.org/viewcvs.cgi/xml-security/src/ (When Released) http://www.apache.org/dist/xml/security/java-library/ NOTE: Current downloadable release code does not contain the new XML-Encryption code, only digital signature code. See CVS repository for new code. EMAIL 2 - C++ Code To crypt@bis.doc.gov, enc@ncsc.mil, enc@ncsc.mil Subject TSU NOTIFICATION SUBMISSION TYPE: TSU SUBMITTED BY: Berin Lautenbach SUBMITTED FOR: Apache Software Foundation POINT OF CONTACT: Apache's XML Security Project PHONE and/or FAX: security-dev@xml.apache.org MANUFACTURER: N/A PRODUCT NAME/MODEL #: XML-Security-C Library ECCN: 5D002 NOTIFICATION: Web site - http://xml.apache.org/security/c CVS Repository - http://cvs.apache.org/viewcvs.cgi/xml-security/c/src/ Download directory - http://www.apache.org/dist/xml/security/c-library/ NOTE: Current downloadable release code does not contain the new XML-Encryption code, only digital signature code. See CVS repository for new code. Axkit ===== The cvs repository has been temporaily branched to allow for some exploritory development into a new pipeline mechanism which will allow for seamless incremental caching, cacheable logic sheets, automatic SAX chaining and an easier pipeline extension mechanism. Since this work is likely to change a number of the internal API's, it's been kept separate from the core until the full impact of it can be accessed. Some fairly intensive design sessions occured in the group in order to try and find ways to support things such as SOAP and DAV more simply at the pipeline level, and this work is expected to come to fruition as part of the new pipeline design. An initial port to Apache2 has been started with some success, but isn't in a releasable state at the moment. This is currently on hold while we decide whether we want the new pipeline code in for 2.0, so we can then port it forwards. A number of UTF-8 conversion bugs have been fixed in the core. These manifested in users seeing Latin-1 characters output, while the encoding declaration said UTF-8. Work on adding a number of new transformation languages has started and should be released soon, concerning mostly STX and TT2. The XSP engine has been enhanced with XSLT-style interpolated attribute value templates. Batik ===== Implementation of the Batik distribution miroring. Nightly builds are in place as well as release signing. Large number of bug fixes. The team thinks SVG is now the only SVG implementation we know of which passes all the W3C Test Suite tests, excluding declarative animation. The team is planning a 1.5.1 release after ApacheCon. Commons ======= We have released a beta of our popular Resolver component, and hope to have a full 1.1 release out in time for version-matching with Ant which points its users to the Resolver for optional tasks. We also have the start of a plan in place to regularlize the version numbering and releases of our external xml-apis.jar component. We hope we can get the Xalan and Xerces teams to help us ship JAXP-TCK passed versions of xml-apis.jar that can then be used across many ASF projects that deal with XML. -- ShaneCurcuru FOP === We were finally able to freeze our maintenance branch so we can concentrate on working on the redesign. As we have very few active people in the Java department (that's different with support) progress is slow. At least, we are starting to get feedback and even patches for the redesign so we are on a good course in spite of the circumstances. -- Jeremias Maerki Forrest ======= Forrest-0.5 was released in mid-September. Work on version 0.6 has so far been focussed on re-organising the build process to be more efficient. A new version of the forrestbot has begun. We continue to update our version of Cocoon to stay just off the bleeding edge. This has been useful for both projects. Progress on Forrest-0.6 has slowed a little and some of the main committers must be occupied by other things. The last report noted that all Cocoon committers are now Forrest committers, but we have only seen one or two. There is also one new Forrest committer. Some of the users seem to be de-lurking on the mailing list, which is a good sign. No known license issues. Xalan-C ++ ========== There were no new releases, so there was no functional change, however Xalan-C++ did change its distribution to use the mirrors sites (see http://xml.apache.org/mirrors.cgi or http://www.apache.org/dyn/closer.cgi/xml/xalan-c). -- Brian Minchau Xalan-J/XSLTC ============= Xalan-J 2.5.2 was released in late October 2003. The changes were: * bug fixes (see http://xml.apache.org/xalan-j/readme.html) * downloading of Xalan-J moved to the various mirror sites around the world (see http://xml.apache.org/mirrors.cgi or http://xml.apache.org/xalan-j/downloads.html ) which is also what the other Apache projects did. Unrelated to the 2.5.2 release, development work was started on the xslt20-compiled branch to support XSLT 2.0 and Xpath 2.0 (both drafts) with XSLTC. -- Brian Minchau Xerces-C++ ========== Xerces-C has 2 new committers. There have been many bug fixes and considerable work is going into serializable grammars, stateless grammars, PSVI and schema component model. The new memory management scheme is now stable and we think the memory leaks have all been plugged. Entity resolver support has now been enhanced. We hope to release this year. Xerces-J ======== In the last couple of months, considerable progress has been made in tracking the DOM level 3 Core and Load/Save specifications. Our XInclude implementation has also become considerably more correct and complete. A new release will likely occur some time this month, which will highlight these changes along with some work on performance. Xerces-P ======== The Xerces-P project made a number of bug fix releases on the 2.3.0 stable release (2.3.0-2, -3, and -4). The main focus was smoothing out the initial support for Windows and Mac OS X, and general project cleanup. There is also now a win32 binary available for the project. Also, the project switched over to SVN for maintain the source code, and the project WWW site. The project WWW page is now up-to-date, but has not yet migrated over to using Forrest. -- Jason Stewart Xindice ======= No particular progress in Xindice land. Still waiting to find time in fixing documentation and packaging a release, but both the user and dev lists have little or no traffic, and committers seem to be busy elsewhere. A careful consideration about the future of this project should be carried on: Xindice is widely used, yet it seems unable to attract a stable and healthy developer community. XML-Security ============ The XML-Security subproject has continued work on implementations of the XML-Encryption standard. An alpha is nearly ready for public release for the C++ library. Some work has also been done on the Java library, but the pace here is slower. ----------------------------------------- Attachment E: Status report for the Apache Cocoon Project ----------------------------------------- Attachment F: Status report for the Fund-raising Committee There has been no activity by the fundraising committee in the last two months. A meeting of the committee at the Conference has been discussed for Sunday 11/16. __________________________________________________________ End of minutes for the November 16, 2003 board meeting.