Hi all,
A user report regarding a broken link on `projects.apache.org`[1]
brought my attention to the amount of out-of-date metadata we publish:
* Our DOAP file has not been updated in ages. It contained out of date
links. We should probably regenerate it at each release. On
`projects.apache.org` this would give a result like Maven's[2].
* Our `<developers>` and `<contributors>` sections in POM files are also
out of date. It contains people that are not active, does **not**
contain people that are active and some affiliations might not be up to
date.
To better understand what the `<developers>` option should contain, I
looked at the documentation[3] and asked on Slack[4]. The documentation
says:
> Developers are presumably members of the project's core development.
Note that, although an organization may have many developers
(programmers) as members, it is not good form to list them all as
developers, but only those who are immediately responsible for the code.
A good rule of thumb is, if the person should not be contacted about the
project, they do not need to be listed here.
And of course the Maven team contradicts itself, by listing all PMC
Members, Committers and even Emeritus members in their POM file[5].
We have probably two options here:
1. My favorite is to break the semantics of `<developer>` an add two
teams in `logging-parent`: an "Apache Logging Services Security Team"
with address `secur...@logging.apache.org` and an "Apache Logging
Services PMC" with this mailing list as address.
2. List team members only in `logging-parent` and keep the list
up-to-date. If we go for this option:
* We should remove inactive members from the POM file.
* If we add some people there, we should at least add the whole
Project Management Committee. These are the people currently
"immediately responsible for the code" and even Log4cxx and Log4net
developers assume responsibility and vote on Log4j releases. Adding our
few active committers does not hurt either.
* The list should be somehow ordered, with the people that should
be contacted first at the top. I think the order should be PMC Chair,
PMC Member, Committer.
* We should not list affiliations, unless our employer explicitly
pays us to work on Log4j and would like to be listed.
I started a draft PR for option 2[6].
What do you think?
Piotr
[1] https://github.com/apache/logging-log4j2/issues/3536
[2] https://projects.apache.org/project.html?maven
[3] https://maven.apache.org/pom.html#Developers
[4] https://the-asf.slack.com/archives/C7Q9JB404/p1742287422781009
[5] https://mvnrepository.com/artifact/org.apache.maven/maven-core/3.9.9
[6] https://github.com/apache/logging-parent/pull/351
