We need a clear agreement specifically about enabling Discussions and on which repositories, since Infra will have to enable it for us on them, Discussions is not self-service.
Might be simplest to just start a thread, and then when its clear, either start a vote or do a lazy consensus statement that the request will be placed on <date>. On Thu, 18 Apr 2024 at 14:41, Christopher Shannon <christopher.l.shan...@gmail.com> wrote: > > Is there anything stopping us from enabling Github Discussions for now? It > seems like we had consensus on that part. > > On Tue, Apr 16, 2024 at 2:15 PM Matt Pavlovich <mattr...@gmail.com> wrote: > > > Robbie/JB- > > > > Good calls outs, thanks! I did not mean to skew into contribution guide as > > far as I did. I will take a pass at cleaning up. > > > > Thanks, > > Matt > > > > > On Apr 16, 2024, at 11:56 AM, Robbie Gemmell <robbie.gemm...@gmail.com> > > wrote: > > > > > > The security bits are also detailed in all the repositories already by > > > default at the org level, e.g > > > https://github.com/apache/activemq-artemis/?tab=security-ov-file (or > > > repositories can define their own policy, e.g > > > https://github.com/apache/activemq/?tab=security-ov-file#readme ). > > > Though we can of course make references to it clearer. > > > > > > On Tue, 16 Apr 2024 at 17:48, Jean-Baptiste Onofré <j...@nanthrax.net> > > wrote: > > >> > > >> Hi Matt > > >> > > >> Imho, we are mixing two topics here: > > >> 1. The ticket management system > > >> 2. The contribution guide > > >> > > >> So, let me try to clarify: > > >> > > >> [PROPOSAL] > > >> > > >> I'm in favor of GH Issues, but we don't yet have a strong consensus > > >> about that. I would propose a new thread about that to give a chance > > >> to anyone to speak, and move to a vote. > > >> > > >> [README/CONTRIBUTION GUIDE] > > >> > > >> First, ICLA is not strictly required before committership (the Apache > > >> 2.0 license already covered contributor, it has been discussed on > > >> LEGAL Jira). > > >> Second, you don't report security issues on a mailing list, you go to > > >> secur...@apache.org. > > >> Explaining how to report issue, create PR, contribute (e.g. > > >> contribution guide) is fine and welcome. > > >> > > >> Regards > > >> JB > > >> > > >> On Tue, Apr 16, 2024 at 5:37 PM Matt Pavlovich <mattr...@gmail.com> > > wrote: > > >>> > > >>> @dev- > > >>> > > >>> I appreciate all the good feedback and discussion. A number of good > > points, suggestions and perspectives. Overall, I see an uptick in community > > interest in contributing to ActiveMQ and that’s a great thing! I believe > > that modernizing the toolkit, reducing contribution friction and lowering > > load on committers/PMC will help keep the community healthy going forward > > =). > > >>> > > >>> I've made a pass at summarizing the points and take-aways from the > > [DISCUSS] thread below. Please reply with suggested add/edit/removes. > > >>> > > >>> [Key community Use Cases] > > >>> > > >>> UC-1. Issue - User opens an Issue and may or may not intend (or be > > able) to produce a PR to address the report. > > >>> > > >>> UC-2. PR-onl - User opens a PR without an Issue to address their > > requested fix. > > >>> > > >>> UC-3. Security report - User identifies a security issue and needs to > > report > > >>> > > >>> > > >>> [Proposal] > > >>> > > >>> Action-1. Enable GH issues and flip JIRA to read-only > > >>> > > >>> Action-2. Update README in repo to be more of a 'how to engage with > > the community' vs a project overview > > >>> > > >>> > > >>> [Update README document to include] > > >>> > > >>> Update-1. Provide a link for users to create an issue > > >>> > > >>> Update-2. Provide a link to the mailing list for reporting a security > > issue > > >>> > > >>> Update-3. Provide a link for users to submit a CLA > > >>> > > >>> > > >>> [Committer/PMC operating] > > >>> > > >>> Op-A. For use case #2 where user creates a PR without an issue, before > > approval committer/pmc may instruct contributor to provide signed CLA and > > open a corresponding issue if the complexity warrants. The PR comment can > > then be updated with the issue id for reference and linking. > > >>> > > >>> Op-B. Use of GHT Project(s) for planning and tracking Issue & PR for > > releases. > > >>> > > >>> Thanks, > > >>> Matt Pavlovich > > > >
