Hi Flagon Community Members!
I thought I’d push out a State of the Podling to alert folks to awesome things that are going on, things we need to work on, and things that are being worked on now. I think this is also a good thread to share thoughts about new major developments so that the community can take the opportunity to comment, share thoughts and ideas for which directions we should go next! The Good Stuff: NEW MENTORS! Over the past year we had some challenges with mentors. Two of our mentors vanished during our name change and during some other challenging times. Dave Meikle heroed up and really helped us out through our last two releases and mop up some issues that were hanging over us for months. HUGE thanks to Dave! Dave has also reached out to his own network @ASF and brought in Tim Allison (Lucene, TIKA). Also, General@ followed up on our last quarterly report and solicited a 3rd mentor for us—Furkan Kamaci (DLab (Incubating), DataSketches (Incubator), Nutch, Clerezza). Please join me in welcoming our new Mentors! I feel super optimistic that this team will not only help us release compliant artifacts, but help us grow our community. I’m also extremely excited that they collectively represent some of the Apache projects that have the most synergy with our own scope and philosophy. YAY! NEW RELEASES! We re-released v1.0.0 and the long-time-in-the-making v2.0.0! One major outcome of our v2.0.0 is that we now have a pristine UserALE.js repo, this should accelerate community growth by making pull requests less intimidating and easier to merge. Tell your friends. NEW, BRANDED SOCIAL MEDIA and DISTRIBUTION OUTLETS! To pivot off our new release and upcoming releases, I’ve created new Twitter and NPM accounts. These are within the current PPMC’s control, meaning that we have more control on who has access. For committers that want to act as back-up release managers, PM me and we can talk about getting you write access to our npm package ‘flagon-userale’. To follow our new Twitter account, follow ‘@ApacheFlagon’ Near-term minor developments: BUG SQUASHES! We have a few updates and bug fixes to do. Specifically, our UserALE.js WebExtension is showing some undesirable behavior. Currently, I’m working on this issue, pull-requests are welcome and you can track my investigation under release 2.1.0 [1]. PROTOTYPE POLLUTION Synchronously, I’m keeping track of how the NPM community is dealing with Prototype Pollution wrt UserALE.js. Having done a little research on the topic, I feel good that UserALE.js won’t pose our users security vulnerabilities as we don’t rely on some of the major exploits (e.g., merge operations). However, deep in our dependency tree lurks a few packages caught up resulting in over 100 npm vulnerability messages on build. These are sub-dependencies of major dependencies like gulp, nodemon—these are very large projects. I have haunted their boards and posted. My understanding is that npm itself is updating their “immutable” registry allowing these sub dependencies to update old versions to limit their impact on larger packages. In some cases these vulnerabilities have been resolved, but the registry hasn’t caught up. Nonetheless, I’ll be tracking patches from our major dependencies and pushing patches when these are available, as they are available. You can track progress on this under release 2.0.1 [2]. Big Decisions: DISTILL Probably the best way to expedite graduation and grow our community is by pushing the content that we’ve been promising all along. UserALE.js provides a discriminating capability in logging, but beyond Kibana dashboards, we don’t really support advanced analytics to support, beyond a few references to academic papers. DISTILL was supposed to be the capability, but currently its slave to TAP as a demonstration python env. We have some great thoughts on what the next iteration of DISTILL should look like [3]. This might be too ambitious to start. Perhaps we should start smaller with some simple python libraries for getting, slicing, and visualizing data, then moving back into the original stack concept for Distill as a service that can be used in python environments, and serve a python environment for other visualization applications. I’ll peel out a separate thread on this. Stay tuned! UserALE.pyqt5, UserALEv3, TAP One of the big decisions we have is what to do with some ancient projects that we might not have bandwidth to support. UserALE.pyqt5 hasn’t had attention in a long time and UserALEv3 pre-dates UserALE.js—most of its functionality has already been rolled up. We should consider shelving these. Stay tuned for a separate thread on this. TAP is also very buggy, and now riddled with vulnerabilities. We should have a discussion in a different thread on where to go with TAP and how too refactor. BRANDING! We need a logo, folks! Please send to dev@ any thoughts you have. If we get a few ideas, we’ll spin out into a new thread. Thanks folks! We’re looking good and poised for growth… and for some fun developments. Best, -J [1] https://issues.apache.org/jira/projects/FLAGON/versions/12345442 <https://issues.apache.org/jira/projects/FLAGON/versions/12345442> [2] https://issues.apache.org/jira/projects/FLAGON/versions/12345942 <https://issues.apache.org/jira/projects/FLAGON/versions/12345942> [3] https://cwiki.apache.org/confluence/display/FLAGON/Distill+0.2.0 <https://cwiki.apache.org/confluence/display/FLAGON/Distill+0.2.0>
