Hi folks, Now that we just got a major release out (and NiFi Registry, MiNiFi Java, and NiFi FDS releases as well), I wanted to take this opportunity to emphasize the strengths that our community brings to the table. We have committers and contributors with a wide range of expertise who are able to provide wonderful features to the project. I think something that is sometimes difficult with our distributed and very busy community is balancing a proper review process with bringing down the PR backlog and ensuring we keep the community and development active.
As supported by the Powered by NiFi page [1], Twitter, and many presentations at conferences around the world, a number of organizations depend on NiFi for mission critical uses. While Apache software is provided without warranty, we have an obligation to our users to provide the best software possible. The infamous Equifax breach was due to an unpatched deployment of Apache Struts [2] which had a vulnerability. The resulting media coverage was obviously unkind to both entities. With this in mind, all code reviews must be thorough and to the best of the community’s ability. We all bring excellent skills to the table, and this makes the community stronger. Doing a simple license check and running the maven build to ensure unit tests and contrib-check still pass is not sufficient. Any code that comes into the core codebase must now be supported by the community at large moving forward. We use a Review-Then-Commit (RTC) process, which is different from some other Apache projects. Because of this, our process should be proactive and perform extensive testing and evaluation before any code is committed. This doesn’t just apply to feature work; NiFi is a large codebase, and core refactoring can have serious performance and behavioral interaction with other components. There is an ongoing effort to refactor pieces to be more interdependent and to adhere to the clearly defined internal framework vs. extension points and exposed API. All of this to say our vibrant community has delivered some incredible features and performance improvements, and it is important to continue pushing NiFi to be the best project it can be and ensure that we give all of our users the best experience possible. [1] https://nifi.apache.org/powered-by-nifi.html <https://nifi.apache.org/powered-by-nifi.html> [2] https://www.wired.com/story/equifax-breach-no-excuse/ Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69
signature.asc
Description: Message signed with OpenPGP using GPGMail
