ppkarwasz opened a new pull request, #490: URL: https://github.com/apache/logging-parent/pull/490
### What Replace the fixed list of five named PMC members in `<developers>` with two stable, role-based team entries: - **Apache Logging Services PMC** (`[email protected]`) for general development matters - **Apache Logging Services Security Team** (`[email protected]`) as the security contact Both carry the ASF `<organization>`, a team/security page URL, and a free-form `<role>`. ### Why The previous list had the problems any hand-maintained contributor roster has: - **It is always incomplete.** A fixed list inevitably omits contributors, and the choice of who appears is arbitrary. Git history (and, for the ASF, the [project team page](https://logging.apache.org/team-list.html) and `projects.apache.org`) already track this accurately and automatically. - **Contact details go stale.** People change employers, time zones, and email addresses, and eventually stop working on the project. A POM published inside a release is immutable, so any individual detail is a future inaccuracy. - **Listing individuals implies a support obligation.** People named in the POM are not necessarily willing or able to answer questions about the project. Stable team aliases route questions to whoever is currently active. The `<developers>` section is **not** free to delete, though: Maven Central requires at least one developer with a `name` and `email` (see the [Central requirements](https://central.sonatype.org/publish/requirements/)). The two meta-entries satisfy that requirement while pointing at durable, monitored channels instead of individuals. ### Who actually consumes this data? Very little tooling reads `<developers>` programmatically, which is itself an argument against maintaining a detailed list. The consumers that do matter are served better by this change: - **Maven Central publishing validation** requires the section to be non-empty. Satisfied. - **`maven-project-info-reports-plugin`** generates `team-list.html` from this section, but we do **not** use Maven Site Plugin. - **SBOM tooling (CycloneDX / SPDX)** maps `<developers>` to SBOM authors and `<organization>` to manufacturer/supplier, so adding `<organization>` improves provenance metadata. ### Inheritance / downstream impact `<developers>` is inherited by child projects. These entries therefore apply to the whole Apache Logging Services family, and child POMs **should not override them**. A comment in the POM documents this intent. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
