[jira] [Updated] (COMDEV-452) Apache APISIX: Support local file and data center configuration conversion, import and export

[JinChao Shuai (Jira)]

 [ 
https://issues.apache.org/jira/browse/COMDEV-452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

JinChao Shuai updated COMDEV-452:
-
Description: 
 

*Apache APISIX* is a dynamic, real-time, high-performance API gateway.

It provides rich traffic management features such as load balancing, dynamic 
upstream, canary release, circuit breaking, authentication, observability, and 
more.

{*}Page{*}: [https://apisix.apache.org/]

*Github:* [https://github.com/apache/apisix]

 

*Project title:*

Datacenter and local file configuration conversion, export and import are 
supported via Apache APISIX CLI.

 

*Background:* 

Apache APISIX supports running in standalone mode. At this point, Apache APISIX 
will rely on the local configuration file `conf/apisix.yaml` for routing and 
policy settings.

Apache  APISIX CLI supports the conversion, import and export of data center 
and local file configuration data, making Apache APISIX easier to switch and 
apply between different environments and scenarios.

 

*Task:* 

Add two commands `bin/apisix conf_export` and `bin/apisix conf_import` to 
Apache APISIX CLI, and complete the conversion, import and export of remote 
data center and local file configuration data through the above commands.

*Difficulty:* Normal
*Project size:* ~350 hours.

 

*References:*

[https://github.com/apache/apisix/blob/master/docs/en/latest/stand-alone.md]

  was:
*Apache APISIX* is a dynamic, real-time, high-performance API gateway.

It provides rich traffic management features such as load balancing, dynamic 
upstream, canary release, circuit breaking, authentication, observability, and 
more.

{*}Page{*}: [https://apisix.apache.org/]

*Github:* [https://github.com/apache/apisix]

 

*Project title:* 

Datacenter and local file configuration conversion, export and import are 
supported via Apache APISIX CLI.

 

*Background:* 

Apache APISIX supports running in standalone mode. At this point, Apache APISIX 
will rely on the local configuration file `conf/apisix.yaml` for routing and 
policy settings.

Apache  APISIX CLI supports the conversion, import and export of data center 
and local file configuration data, making Apache APISIX easier to switch and 
apply between different environments and scenarios.

 

*Task:* 

Add two commands `bin/apisix conf_export` and `bin/apisix conf_import` to 
Apache APISIX CLI, and complete the conversion, import and export of remote 
data center and local file configuration data through the above commands.

*Difficulty:* Normal
*Project size:* ~350 hours.

 

*References:*

https://github.com/apache/apisix/blob/master/docs/en/latest/stand-alone.md


> Apache APISIX: Support local file and data center configuration conversion, 
> import and export
> -
>
> Key: COMDEV-452
> URL: https://issues.apache.org/jira/browse/COMDEV-452
> Project: Community Development
>  Issue Type: New Feature
>  Components: GSoC/Mentoring ideas
>Reporter: JinChao Shuai
>Priority: Major
>  Labels: APISIX, gsoc2022
>
>  
> *Apache APISIX* is a dynamic, real-time, high-performance API gateway.
> It provides rich traffic management features such as load balancing, dynamic 
> upstream, canary release, circuit breaking, authentication, observability, 
> and more.
> {*}Page{*}: [https://apisix.apache.org/]
> *Github:* [https://github.com/apache/apisix]
>  
> *Project title:*
> Datacenter and local file configuration conversion, export and import are 
> supported via Apache APISIX CLI.
>  
> *Background:* 
> Apache APISIX supports running in standalone mode. At this point, Apache 
> APISIX will rely on the local configuration file `conf/apisix.yaml` for 
> routing and policy settings.
> Apache  APISIX CLI supports the conversion, import and export of data center 
> and local file configuration data, making Apache APISIX easier to switch and 
> apply between different environments and scenarios.
>  
> *Task:* 
> Add two commands `bin/apisix conf_export` and `bin/apisix conf_import` to 
> Apache APISIX CLI, and complete the conversion, import and export of remote 
> data center and local file configuration data through the above commands.
> *Difficulty:* Normal
> *Project size:* ~350 hours.
>  
> *References:*
> [https://github.com/apache/apisix/blob/master/docs/en/latest/stand-alone.md]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

[jira] [Created] (COMDEV-452) Apache APISIX: Support local file and data center configuration conversion, import and export

[JinChao Shuai (Jira)]

JinChao Shuai created COMDEV-452:


 Summary: Apache APISIX: Support local file and data center 
configuration conversion, import and export
 Key: COMDEV-452
 URL: https://issues.apache.org/jira/browse/COMDEV-452
 Project: Community Development
  Issue Type: New Feature
  Components: GSoC/Mentoring ideas
Reporter: JinChao Shuai


*Apache APISIX* is a dynamic, real-time, high-performance API gateway.

It provides rich traffic management features such as load balancing, dynamic 
upstream, canary release, circuit breaking, authentication, observability, and 
more.

{*}Page{*}: [https://apisix.apache.org/]

*Github:* [https://github.com/apache/apisix]

 

*Project title:* 

Datacenter and local file configuration conversion, export and import are 
supported via Apache APISIX CLI.

 

*Background:* 

Apache APISIX supports running in standalone mode. At this point, Apache APISIX 
will rely on the local configuration file `conf/apisix.yaml` for routing and 
policy settings.

Apache  APISIX CLI supports the conversion, import and export of data center 
and local file configuration data, making Apache APISIX easier to switch and 
apply between different environments and scenarios.

 

*Task:* 

Add two commands `bin/apisix conf_export` and `bin/apisix conf_import` to 
Apache APISIX CLI, and complete the conversion, import and export of remote 
data center and local file configuration data through the above commands.

*Difficulty:* Normal
*Project size:* ~350 hours.

 

*References:*

https://github.com/apache/apisix/blob/master/docs/en/latest/stand-alone.md



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: Welcome Willem Jiang as a New PMC Member

[Aditya Sharma]

Congratulations Willem!

Thanks and Regards,
Aditya Sharma

On Thu, Feb 24, 2022 at 12:19 PM Swapnil M Mane 
wrote:

> Hi everyone,
>
> The ComDev PMC has invited Willem Jiang to become a member of the committee
> and we are glad to announce that he has accepted the nomination.
>
> Willem has been a great open-source supporter, deeply understand Apache
> Way and
> has helped organise and run various events in China. He is actively
> involved
> in the ALC initiative in China. He is the chapter lead of ALC Beijing
> and a mentor of ALC Shenzhen.
> Also, he has been an integral part of ApacheCon Asia and played a
> vital role in organising and executing ApacheCon Asia.
> Along with his active participation in community development, he is
> also part of numerous other Apache projects as well.
>
> Please join me in welcoming Willem and congratulating him on his new role.
>
> Thanks,
> Swapnil M Mane,
> On behalf of the ComDev PMC
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org
>
>

Re: Draggable dialog box

[Maxim Solodovnik]

from mobile (sorry for typos ;)


On Sun, Feb 27, 2022, 06:22 Sangeeta Verma  wrote:

> Hi Max,
> I am trying to create a draggable dialog box with a textbox on it. Knowing
> there exists a button what are the steps to create a movable dialog box? I
> tried .html.Panel class with html. But I can't load this using
> setResponsePage(class, pageparameters)
> Thought of asking you directly.
>

Well
In OM code we are using SPA approach
So we are using AJAX updates

For movable dialog box you need jquery-ui
You can find lots of examples at

http://www.7thweb.net/wicket-jquery-ui/

Sorry if I spammed you. Another thing is to know what is the usage or
> clients number, total number of clients using openmeetings.. any
> approximate idea. How to present some numbers to clients?
>

No sure I understood the question :(
Do you need
- total number of registered users
- the number of users how online now
- the number of users in particular room
?


> Thank you Max. Hope you are doing great otherwise.
>
>
> Regards,
> S
>

RE: Willing to join the community

[163]

Dear Rajdeep Tiwari,

Welcomed to join us, you could check out the Apache Linkis(Incubating)
if interested.

Apache Linkis(Incubating) builds a computation middleware layer to
decouple the upper applications and the underlying data engines,
provides standardized interfaces (REST, JDBC, WebSocket etc.) to
easily connect to various underlying engines (Spark, Presto, Flink,
etc.), while enables cross engine context sharing, unified job engine
governance and orchestration.

You can visit Linkis website[1] for more information about Linkis. You
could refer to the following guidelines[2] about how to contribute for
the Linkis project.
Additionally, here're some "easy to fix issues" of Linkis[3], they're
good for newcomers. Have fun: )

[1] https://linkis.apache.org/ 
[2] https://linkis.apache.org/community/how-to-contribute 

[3] https://github.com/apache/incubator-linkis/issues/1161 


Andy
Best Regards.



On 2022/02/21 00:26:30 RAJDEEP TIWARI wrote:
> Hello, I am Rajdeep Tiwari, currently pursuing  B.Tech in computer science
> and technology.
> I am in 3rd year .I am willing to join and work in this community.
> Can anybody please assign me.
> I know C, C++ ,JAVA , JSP.
> Beginners issue.
> 
> Sent from Mail for Windows
> 

Re: Thoughts on alternative communication channels for our communities

[Tomasz Urbaszek]

I'm reading this discussion from the beginning (thanks to ML). I can be
mistaken but there are two issues:

1. A community communication channel. A place where users can interact,
discuss and seek help. This should be a place for users and the community
should use whatever serves best.
2. Decision making channel. In this case we seek for an ability to archive
and search (dev@ mailing list) but we also seek engagement from wider
community (not offered by dev@ list).

In case of 1 we have poor chance to unify things (for example Slack vs
WeChat). In case of 2 we can take advantage of the fact that every project
now is on Github. For example what Apache Superset is doing looks
impressive: https://github.com/apache/superset/projects/7 They still do the
voting on mailing list
https://lists.apache.org/thread/t2yc69rm60o7mlrp114r9rmdm96k7cwg but we may
consider using some bots for handling this integration (possibly in both
directions).

Issues and discussions can be deleted. In this case we can consider using
pull requests that support the same (or at least similar) threading
functionality as issues/discussions. We have nice tool for tracking
changes, reviewing and suggesting. This is more similar to what Kubernetes
is doing for theirs "enchantment proposals":
https://github.com/kubernetes/enhancements/pull/1353.

This is just idea but Github is common to every project. It's something we
all have, so why not start there?
In fact maybe we can take some lessons from "newer" communities like CNCF
projects that are no longer ML centric?

Bests,
Tomek

On Mon, 28 Feb 2022 at 20:20, Jarek Potiuk  wrote:

> >
> >
> > Will someone be granted commit access, and become PMC
> > member without providing an email address?
> >
>
> Why not if the mailing list is not mandatory? But I think it's not a matter
> of
> "having" a mailing address. It's more about subscribing and actively
> discussing
> using the devlist. Those two are completely different and not
> really related IMHO.
>
>
> > Not everyone interested in the development of FLOSS is willing
> > (or having the time) to become a community manager in every
> > new channel that pops up.
> >
>
> But there is no such need. It's enough that (when the community agrees on
> a channel) - all people from that community will know and use it. And they
> are
> already on this channel (see below).
>
> Should we have to jump through (other) no less arbitrary hoops
> > instead?
> >
>
> By all means yes. If the community decides, some people in the community
> will have to jump through some hoops (possibly). But more often than not
> those will be either very small hoops (the UI, ease of use for many of the
> solutions, lack of friction had greatly improved over the last 20 years)
> or everyone has done it already.
>
> In the case of Airflow (if we talk about switching to Github Discussions)
> what we are talking about is ~ 1900 people having to subscribe to the
> devlist and learn to use it vs. exactly 0 (!) people having to subscribe to
> the
> GH issues/discussions and learning to use it (we all already do it daily
> anyway - it is just not "blessed" as the "official channel").
>
> Looks like no brainer.
>
>
> > Regards,
> > Gilles
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> > For additional commands, e-mail: dev-h...@community.apache.org
> >
> >
>

Re: Effective ways of getting individuals funded to work on ASF projects

[Jarek Potiuk]

>
>
> I don’t care why people pay Tidelift nor do I see a reason I should have
> to.

The fact that you see no added
> value doesn’t mean people won’t pay them, even if it is just so they can
> feel
> that they are contributing to the open source they use.


Proposal:

I think we all agree that ASF meets the criteria of Tidelift already.
Why don't Tidelift (in the places where open-source projects included are
listed) explain that ASF projects meet the criteria, and any one is free
to deal directly with the committers of all ASF projects directly (with
links to the list to projects and committers which are all publicly
available)

The goal of Tidelift is achieved, the rules of ASF are followed. All money
will
go directly to the committers, Tidelift has less coordination and
communication
to do.

Does this make sense?

J,

Re: Effective ways of getting individuals funded to work on ASF projects

[Ralph Goers]

You are still confusing how individuals in ASF projects can work with Tidelift 
(or vice versa) vs why anyone would pay them. I don’t care why people pay 
Tidelift nor do I see a reason I should have to. The fact that you see no added 
value doesn’t mean people won’t pay them, even if it is just so they can feel 
that they are contributing to the open source they use.

I’m glad you get paid by Google, although I am not sure that it is the same 
group that spoke with the Logging Services PMC. But the fact is, you should 
be able to be paid by anyone who wants to pay you, assuming they aren’t 
expecting things of you as an individual that you cannot guarantee.

The important difference with Tidelift is that they are not asking for any 
specific work to be done, rather they are paying to ensure the project meets 
certain standards and will still be around for a good while. To be honest, 
I can appreciate that. I’ve seen a lot of projects on GitHub that are pretty 
neat but have lots of issues and PRs that no one is looking at and no 
commits have been done in years.  

Ralph



> On Feb 28, 2022, at 12:40 PM, Jarek Potiuk  wrote:
> 
> Ralph:
> 
>> The ASF doesn’t “need” Tidelift. Nor do we need Google. But there are
> individuals who work on projects who would welcome the opportunity to be
> paid by them
> 
> I am being paid for part of my time with Google (among others). With
> contract that recognizes that I cannot "do stuff they want"
> if the community will not agree to it.
> 
> Let's enable it for others and show them the path how to do it.
> 
> Neither Google nor I needed Tidelift for that. I still do not see what
> Tidelift could
> provide to either me or Google as the intermediary if they cannot influence
> what
> individuals running the project will do. I am scratching my head over and
> over
> and I can't see what it is.
> 
> Joshua:
> 
> I read the doc carefully. Few times. And I still am puzzled on what
> Tidelift provides
> to either individuals or stakeholders who want to pay those individuals for
> ASF
> projects. The processes are there, maintainers are there, responsible
> disclosure
> is there. Why stakeholders or ASF or individuals would need Tidelift as an
> intermediary ? I don't get it.
> 
> J.
> 
> 
> On Mon, Feb 28, 2022 at 7:30 PM Joshua Simmons 
> wrote:
> 
>> Good $localtime, folks! I just want to underscore a really important
>> section of the document I provided yesterday, as it seems this detail is
>> lost in the mix. Tidelift very deliberately does not direct development.
>> I'll remain on the sidelines here as y'all deliberate, but I want to make
>> sure we're operating from the same set of facts.
>> 
>> 
>> *Why Tidelift works with maintainers*We want the open source projects used
>> by our customers—your downstream users—to be as healthy and secure as
>> possible. We believe this requires directly supporting maintainers and
>> their work, both financially and through providing tools and resources that
>> make it easier for them to be successful.
>> 
>> 
>> *What Tidelift expects from maintainers*Maintainers provide two things to
>> our customers: information (licensing details, context on CVEs) and
>> continuity (comfort that the package is maintained and is highly likely to
>> continue to be maintained). We also expect maintainers to abide by a Code
>> of Conduct. Neither Tidelift nor our customers direct development of
>> Tidelift-supported packages.
>> 
>> 
>> *What Tidelift expects of projects*We only work with projects that meet
>> certain standards: there must be a responsible vulnerability disclosure
>> process in place, and clear licensing metadata. While mature projects have
>> these standards in place, many of the open source projects we work with
>> have just 1 or 2 maintainers, and it’s not unusual for them to implement
>> these standards as part of preparing to work with us.
>> 
>> Some projects–such as those at the ASF–can’t implement those things on our
>> behalf due to policy constraints. Good news is that those projects tend to
>> already meet these standards! Our goal here is to promote good governance.
>> 
>> Josh Simmons (he/they), Sr. Ecosystem Strategy Lead @ Tidelift
>> 
>> @joshsimmons  |
>> joshua.simm...@tidelift.com
>> | bluesomewhere on IRC
>> TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar
>> ad astra per aspera 
>> 
>> 
>> On Mon, Feb 28, 2022 at 10:24 AM Jim Jagielski  wrote:
>> 
>>> Tidelift's model, which expects that maintainers do have direct and
>> almost
>>> unassailable control over a project, is not compatible with the Apache
>> Way.
>>> Tidelift's model works well with projects in which developers and
>>> maintainers can "do stuff" without worrying about building a consensus
>>> around whether or not their contributions are OK or not.
>>> 
>>> I'd like to see how that model and Apache could fit together, but I'm at
>> a
>>> loss to think about how. The main benefit that 

Re: Effective ways of getting individuals funded to work on ASF projects

[Rob Tompkins]

> On Feb 27, 2022, at 5:06 PM, Roman Shaposhnik  wrote:
> 
> Hi!
> 
> over the past couple of years there has been a number
> of efforts trying to figure out effective ways of getting funded
> for working on ASF projects as individuals and not employees
> at companies building on top of these projects.
> 
> Chris's recent experience is but one of them:
>https://lists.apache.org/thread/momxgzzyq03lz54knvzhxm16r8j40vog
> 
> My personal frustration with all these threads is that we never
> seem to arrive at any actionable suggestions for how developers
> like Chris can *easily* create these additional income streams.
> 
> Rightfully, we at ASF basically say that it must be a 3d party issue
> to solve. It very much is. The problem is that doing so one one-off
> just perpetuates the logistical pain of setting up contracts, etc. etc.
> This creates a pretty significant barrier and, as Chris's experience
> would suggest it typically becomes too insurmountable for individual
> developers.

I whole heartedly agree that this is indeed a problem. During my tenure at 
Capital One I repeatedly got poor reviews for making contributions to the ASF, 
even though I had gone through their trusted contributor program. It’s almost 
as if I had to hide my open source contributions from my employeer. I think 
this problem is far deeper and more systemic than people think it is at first 
sight.

-Rob

> 
> Sure, there have been interesting attempts to "hack the system"
> and use things like GitCoin, BugMark and a few others to solve for
> this "how do we get back to our open source roots when individuals,
> not corporations were the economic agents around open source".
> But I honestly don't know of any of them becoming viable either.
> At least not so far.
> 
> At the risk of tilting at windmills once again, I'd like to see if there's
> enough interest to take a crack at this problem yet again.
> 
> And in the spirit of "hacking the system" I'd like to suggest that we
> focus on a 3d party solving it for us. In fact, I suggest we pick a
> very particular 3d party -- TideLift
> 
> https://support.tidelift.com/hc/en-us/articles/4406293106324-Quickstart-guide
> 
> Now, before you exclaim "who the heck appointed TideLift to solve it for
> us?"
> I'd be the first one to admit that I picked them because I know them
> really well and I do think they are the closest to giving us some of the
> answers.
> But above all, I'm suggesting we look at TideLift because they seem to
> be very much willing to work with us on actually changing their engagement
> model to fit our needs. IOW, it is not like their rules are cast in stone
> -- we can
> assume they are malleable. If anyone knows of a similar 3d party -- let's
> discuss
> that too.
> 
> If, however, there's a general consensus about seriously looking
> at them as that 3d party -- I'd like to start collecting names of ASF
> developers (and PMCs) who would be willing to participate in
> a trial program with them of sorts and report back.
> 
> If you have comments on anything above -- please reply in-thread.
> 
> If you'd be interested in this trial -- you can either do that or just
> reply to me personally.
> 
> Thanks,
> Roman.


-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: Welcome Willem Jiang as a New PMC Member

[Aizhamal Nurmamat kyzy]

Welcome!

On Sun, Feb 27, 2022 at 10:27 PM Piergiorgio Lucidi 
wrote:

> Congratulations Willem!
>
>
>
> Il Gio 24 Feb 2022, 07:50 Swapnil M Mane  ha
> scritto:
>
> > Hi everyone,
> >
> > The ComDev PMC has invited Willem Jiang to become a member of the
> committee
> > and we are glad to announce that he has accepted the nomination.
> >
> > Willem has been a great open-source supporter, deeply understand Apache
> > Way and
> > has helped organise and run various events in China. He is actively
> > involved
> > in the ALC initiative in China. He is the chapter lead of ALC Beijing
> > and a mentor of ALC Shenzhen.
> > Also, he has been an integral part of ApacheCon Asia and played a
> > vital role in organising and executing ApacheCon Asia.
> > Along with his active participation in community development, he is
> > also part of numerous other Apache projects as well.
> >
> > Please join me in welcoming Willem and congratulating him on his new
> role.
> >
> > Thanks,
> > Swapnil M Mane,
> > On behalf of the ComDev PMC
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> > For additional commands, e-mail: dev-h...@community.apache.org
> >
> >
>

Re: Effective ways of getting individuals funded to work on ASF projects

[Jarek Potiuk]

Ralph:

> The ASF doesn’t “need” Tidelift. Nor do we need Google. But there are
individuals who work on projects who would welcome the opportunity to be
paid by them

I am being paid for part of my time with Google (among others). With
contract that recognizes that I cannot "do stuff they want"
if the community will not agree to it.

Let's enable it for others and show them the path how to do it.

Neither Google nor I needed Tidelift for that. I still do not see what
Tidelift could
provide to either me or Google as the intermediary if they cannot influence
what
individuals running the project will do. I am scratching my head over and
over
and I can't see what it is.

Joshua:

I read the doc carefully. Few times. And I still am puzzled on what
Tidelift provides
to either individuals or stakeholders who want to pay those individuals for
ASF
projects. The processes are there, maintainers are there, responsible
disclosure
is there. Why stakeholders or ASF or individuals would need Tidelift as an
intermediary ? I don't get it.

J.


On Mon, Feb 28, 2022 at 7:30 PM Joshua Simmons 
wrote:

> Good $localtime, folks! I just want to underscore a really important
> section of the document I provided yesterday, as it seems this detail is
> lost in the mix. Tidelift very deliberately does not direct development.
> I'll remain on the sidelines here as y'all deliberate, but I want to make
> sure we're operating from the same set of facts.
>
>
> *Why Tidelift works with maintainers*We want the open source projects used
> by our customers—your downstream users—to be as healthy and secure as
> possible. We believe this requires directly supporting maintainers and
> their work, both financially and through providing tools and resources that
> make it easier for them to be successful.
>
>
> *What Tidelift expects from maintainers*Maintainers provide two things to
> our customers: information (licensing details, context on CVEs) and
> continuity (comfort that the package is maintained and is highly likely to
> continue to be maintained). We also expect maintainers to abide by a Code
> of Conduct. Neither Tidelift nor our customers direct development of
> Tidelift-supported packages.
>
>
> *What Tidelift expects of projects*We only work with projects that meet
> certain standards: there must be a responsible vulnerability disclosure
> process in place, and clear licensing metadata. While mature projects have
> these standards in place, many of the open source projects we work with
> have just 1 or 2 maintainers, and it’s not unusual for them to implement
> these standards as part of preparing to work with us.
>
> Some projects–such as those at the ASF–can’t implement those things on our
> behalf due to policy constraints. Good news is that those projects tend to
> already meet these standards! Our goal here is to promote good governance.
>
> Josh Simmons (he/they), Sr. Ecosystem Strategy Lead @ Tidelift
> 
> @joshsimmons  |
> joshua.simm...@tidelift.com
> | bluesomewhere on IRC
> TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar
> ad astra per aspera 
>
>
> On Mon, Feb 28, 2022 at 10:24 AM Jim Jagielski  wrote:
>
> > Tidelift's model, which expects that maintainers do have direct and
> almost
> > unassailable control over a project, is not compatible with the Apache
> Way.
> > Tidelift's model works well with projects in which developers and
> > maintainers can "do stuff" without worrying about building a consensus
> > around whether or not their contributions are OK or not.
> >
> > I'd like to see how that model and Apache could fit together, but I'm at
> a
> > loss to think about how. The main benefit that those who fund the work is
> > not just an expectation that code will be fixed, etc, but a *requirement*
> > that it be done. They are paying for the guarantee. This requires a
> > development model in which those paid by Tidelift can forcibly introduce
> > code and contributions at will. This conflicts with the ASF development
> > model.
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> > For additional commands, e-mail: dev-h...@community.apache.org
> >
> >
>

Re: Thoughts on alternative communication channels for our communities

[Jarek Potiuk]

>
>
> Will someone be granted commit access, and become PMC
> member without providing an email address?
>

Why not if the mailing list is not mandatory? But I think it's not a matter
of
"having" a mailing address. It's more about subscribing and actively
discussing
using the devlist. Those two are completely different and not
really related IMHO.


> Not everyone interested in the development of FLOSS is willing
> (or having the time) to become a community manager in every
> new channel that pops up.
>

But there is no such need. It's enough that (when the community agrees on
a channel) - all people from that community will know and use it. And they
are
already on this channel (see below).

Should we have to jump through (other) no less arbitrary hoops
> instead?
>

By all means yes. If the community decides, some people in the community
will have to jump through some hoops (possibly). But more often than not
those will be either very small hoops (the UI, ease of use for many of the
solutions, lack of friction had greatly improved over the last 20 years)
or everyone has done it already.

In the case of Airflow (if we talk about switching to Github Discussions)
what we are talking about is ~ 1900 people having to subscribe to the
devlist and learn to use it vs. exactly 0 (!) people having to subscribe to
the
GH issues/discussions and learning to use it (we all already do it daily
anyway - it is just not "blessed" as the "official channel").

Looks like no brainer.


> Regards,
> Gilles
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org
>
>

Re: Thoughts on alternative communication channels for our communities

[Gilles Sadowski]

Le lun. 28 févr. 2022 à 19:09, Rich Bowen  a écrit :
>
>
>
> >> I still fail to understand the reason for looking for alternatives to
> >> MLs for managing ASF projects...
>
> It's less a question of us looking for alternatives, and more a question
> of observing the broader open source community and seeing that the
> younger/newer participants in this space want something different,
> expect something different, and are turned off by the current state of
> things.

Talking with newcomers may be more effective on alternative
channels, but if/when tools are introduced and their purpose
explained, the usage of a ML is not going to be the most
difficult ability to acquire for contributing to an ASF project.

Will someone be granted commit access, and become PMC
member without providing an email address?

> > Honestly -- I don't think we have a choice. At least I don't that we have
> > when it comes to users. Those will engage with us in whatever manner
> > they seem to perceive as most natural and it seems that in 2022 email
> > is definitely not the first thing that comes to the users' mind.
> >
> > So... the choice we have to make is to -- either meet our users where
> > they seem to be looking for us (or at least half-way) OR agree that
> > we will be forever cut off from quite a number of them.
>
> Yes, this is 100% it. I've long said that to reach our audience, you
> have to go where they are, and engage with them there. "Just subscribe
> to the mailing list", while an acceptable answer 10 years ago, is like
> speaking a foreign language today.

Not everyone interested in the development of FLOSS is willing
(or having the time) to become a community manager in every
new channel that pops up.

> The process (email this cryptic address, wait for the cryptic response
> that you get, and follow the instructions in it, and hope for the best,
> then email this *other* address to talk to us) is just too involved,
> unintuitive, and just seems intentionally byzantine, to the people we're
> trying to engage with today. It makes sense to me, because I've been
> doing it for almost 30 years. But we need to listen to our audience,
> because they are no longer interested in jumping through arbitrary hoops
> when they can just go ask on Reddit instead.

Should we have to jump through (other) no less arbitrary hoops
instead?

Regards,
Gilles

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: Effective ways of getting individuals funded to work on ASF projects

[Joshua Simmons]

Good $localtime, folks! I just want to underscore a really important
section of the document I provided yesterday, as it seems this detail is
lost in the mix. Tidelift very deliberately does not direct development.
I'll remain on the sidelines here as y'all deliberate, but I want to make
sure we're operating from the same set of facts.


*Why Tidelift works with maintainers*We want the open source projects used
by our customers—your downstream users—to be as healthy and secure as
possible. We believe this requires directly supporting maintainers and
their work, both financially and through providing tools and resources that
make it easier for them to be successful.


*What Tidelift expects from maintainers*Maintainers provide two things to
our customers: information (licensing details, context on CVEs) and
continuity (comfort that the package is maintained and is highly likely to
continue to be maintained). We also expect maintainers to abide by a Code
of Conduct. Neither Tidelift nor our customers direct development of
Tidelift-supported packages.


*What Tidelift expects of projects*We only work with projects that meet
certain standards: there must be a responsible vulnerability disclosure
process in place, and clear licensing metadata. While mature projects have
these standards in place, many of the open source projects we work with
have just 1 or 2 maintainers, and it’s not unusual for them to implement
these standards as part of preparing to work with us.

Some projects–such as those at the ASF–can’t implement those things on our
behalf due to policy constraints. Good news is that those projects tend to
already meet these standards! Our goal here is to promote good governance.

Josh Simmons (he/they), Sr. Ecosystem Strategy Lead @ Tidelift

@joshsimmons  | joshua.simm...@tidelift.com
| bluesomewhere on IRC
TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar
ad astra per aspera 


On Mon, Feb 28, 2022 at 10:24 AM Jim Jagielski  wrote:

> Tidelift's model, which expects that maintainers do have direct and almost
> unassailable control over a project, is not compatible with the Apache Way.
> Tidelift's model works well with projects in which developers and
> maintainers can "do stuff" without worrying about building a consensus
> around whether or not their contributions are OK or not.
>
> I'd like to see how that model and Apache could fit together, but I'm at a
> loss to think about how. The main benefit that those who fund the work is
> not just an expectation that code will be fixed, etc, but a *requirement*
> that it be done. They are paying for the guarantee. This requires a
> development model in which those paid by Tidelift can forcibly introduce
> code and contributions at will. This conflicts with the ASF development
> model.
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org
>
>

Re: Effective ways of getting individuals funded to work on ASF projects

[Jim Jagielski]

Tidelift's model, which expects that maintainers do have direct and almost 
unassailable control over a project, is not compatible with the Apache Way. 
Tidelift's model works well with projects in which developers and maintainers 
can "do stuff" without worrying about building a consensus around whether or 
not their contributions are OK or not.

I'd like to see how that model and Apache could fit together, but I'm at a loss 
to think about how. The main benefit that those who fund the work is not just 
an expectation that code will be fixed, etc, but a *requirement* that it be 
done. They are paying for the guarantee. This requires a development model in 
which those paid by Tidelift can forcibly introduce code and contributions at 
will. This conflicts with the ASF development model.

> On Feb 28, 2022, at 12:50 PM, Jarek Potiuk  wrote:
> 
>> So while I agree with everything Bertrand said I don’t think it resolves
> the real issue.
> TideLift is providing a guarantee to its customers that projects it
> sponsors meet certain
> standards. The standards they are looking for should really be set by the
> ASF, not
> individual projects.
> 
> This is the part I do not understand. What Tidelift can promise to their
> customers and on what basis?
> According to ASF rules where only individuals in the project can make
> decisions - this means that Tidelift
> has no mechanisms whatsoever to fulfill their promise.
> 
> And if ASF sets the standards - why do we need Tidelift at all ?
> To be perfectly blunt -  I am afraid that until Tidelift resolves any
> of the real problems of individual committers we mentioned with Bertrand
> (including facilitating direct relationship commiter <> stakeholder),
> I do not see what's the added value of Tidelift. Seems like unnecessary
> intermediary.
> 
> J.
> 
> 
> On Mon, Feb 28, 2022 at 5:10 PM Ralph Goers 
> wrote:
> 
>> First, I would like to clarify Gary’s email as I don’t think he
>> characterized it quite correctly.
>> The Logging PMC concluded we could not be part of an arrangement with
>> TideLift and
>> that the issues needed to be worked out at the foundation level. The
>> primary issue was
>> that TideLift had requirements on advertising and process details that
>> required approval
>> of the PMC in order for individuals to be able to be paid. We met with a
>> Google
>> security team in January and had similar issues where they required a
>> process that isn’t
>> aligned with the ASF’s requirements on how releases are to be performed.
>> 
>> Second, from my point of view the ASF should have discussions with
>> TideLift and Google to
>> see if those issues can be resolved. The ideal scenario would be that
>> TideLift and Google
>> can simply sponsor individuals from any ASF project because all ASF
>> projects must
>> conform to guidelines that meet their criteria - i.e. the PMC doesn’t even
>> have to be
>> involved. But this obviously requires that the foundation work with these
>> third parties to
>> either improve our processes where needed or get the third party to accept
>> our processes.
>> 
>> So while I agree with everything Bertrand said I don’t think it resolves
>> the real issue.
>> TideLift is providing a guarantee to its customers that projects it
>> sponsors meet certain
>> standards. The standards they are looking for should really be set by the
>> ASF, not
>> individual projects.
>> 
>> Ralph
>> 
>> 
>>> On Feb 28, 2022, at 5:03 AM, Bertrand Delacretaz 
>> wrote:
>>> 
>>> Hi,
>>> 
>>> Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk  a écrit :
 ...the relationships I have is direct relationship with the
 stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely
>> "removing
 bureaucratic obstacles" but they are not "between" me and my
>> stakeholders.
 They are "on a side". They get a small cut sometimes (which I gladly
>> pay)
 but I want to talk to the stakeholders directly without any
>> intermediaries
 and establish a long-term relationship with them as an individual
>>> 
>>> I think that's a key point, and listing such requirements for
>>> platforms that can help our contributors get funding sounds useful.
>>> 
>>> Here's a quick list of initial requirements that we might include:
>>> -Contributors can get steady funding for their work
>>> -ASF is out of the loop of financial transactions
>>> -Contributors must use a standard ASF disclaimer (draft at [1])
>>> -Contributors can establish a direct relationship with sponsors
>>> -Several "funding intermediaries" are available
>>> -ASF might define the wording that contributors can use when
>>> advertising themselves (based on facts, etc.)
>>> 
>>> I like the idea of the ASF facilitating these things.
>>> 
>>> Maintaining a comdev page that lists criteria like the above, with
>>> pointers to the relevant ASF policies, and lists intermediaries that
>>> our contributors have successfully used, might be a good start.
>>> 
>>> -Bertrand
>>> 
>>> [1] 

Re: Effective ways of getting individuals funded to work on ASF projects

[Ralph Goers]

I don’t agree. First, the “added value” Tidelift provides is not our problem. 
If they can’t attract customers then the individuals on the projects they 
support won’t get any money.

But, as I said, Tidelift could have a mechanism to fulfill their promises if 
the 
ASF had overall project requirements such as requiring that a project have 
3 active committers AND 3 active PMC members. The distinction might not 
seem like much but there are projects that are still functioning because they 
still have 3 PMC members but no one is committing anything. So when 
issues arise it could take a long timeto get a release cut to fix the issue 
since,  
presumably there could be a lot of dependency updates required.

“Why do we need Tidelift at all?”

The ASF doesn’t “need” Tidelift. Nor do we need Google. But there are 
individuals who work on projects who would welcome the opportunity to be 
paid by them. Currently, they cannot because Tidelift can’t guarantee 
anything to their customers regarding ASF projects and Google has security 
requirements that we can’t meet because they contract the ASF release policies.

Tidelift cannot resolve problems that are not in its control. Neither can ASF 
projects.

I had thought that both the VPs of Fundraising and Legal were going to reach 
out to Tidelift to discuss these issues. I don’t recall seeing any feedback 
from 
that to see if any progress was made.

> On Feb 28, 2022, at 10:50 AM, Jarek Potiuk  wrote:
> 
>> So while I agree with everything Bertrand said I don’t think it resolves
> the real issue.
> TideLift is providing a guarantee to its customers that projects it
> sponsors meet certain
> standards. The standards they are looking for should really be set by the
> ASF, not
> individual projects.
> 
> This is the part I do not understand. What Tidelift can promise to their
> customers and on what basis?
> According to ASF rules where only individuals in the project can make
> decisions - this means that Tidelift
> has no mechanisms whatsoever to fulfill their promise.
> 
> And if ASF sets the standards - why do we need Tidelift at all ?
> To be perfectly blunt -  I am afraid that until Tidelift resolves any
> of the real problems of individual committers we mentioned with Bertrand
> (including facilitating direct relationship commiter <> stakeholder),
> I do not see what's the added value of Tidelift. Seems like unnecessary
> intermediary.
> 
> J.
> 
> 
> On Mon, Feb 28, 2022 at 5:10 PM Ralph Goers 
> wrote:
> 
>> First, I would like to clarify Gary’s email as I don’t think he
>> characterized it quite correctly.
>> The Logging PMC concluded we could not be part of an arrangement with
>> TideLift and
>> that the issues needed to be worked out at the foundation level. The
>> primary issue was
>> that TideLift had requirements on advertising and process details that
>> required approval
>> of the PMC in order for individuals to be able to be paid. We met with a
>> Google
>> security team in January and had similar issues where they required a
>> process that isn’t
>> aligned with the ASF’s requirements on how releases are to be performed.
>> 
>> Second, from my point of view the ASF should have discussions with
>> TideLift and Google to
>> see if those issues can be resolved. The ideal scenario would be that
>> TideLift and Google
>> can simply sponsor individuals from any ASF project because all ASF
>> projects must
>> conform to guidelines that meet their criteria - i.e. the PMC doesn’t even
>> have to be
>> involved. But this obviously requires that the foundation work with these
>> third parties to
>> either improve our processes where needed or get the third party to accept
>> our processes.
>> 
>> So while I agree with everything Bertrand said I don’t think it resolves
>> the real issue.
>> TideLift is providing a guarantee to its customers that projects it
>> sponsors meet certain
>> standards. The standards they are looking for should really be set by the
>> ASF, not
>> individual projects.
>> 
>> Ralph
>> 
>> 
>>> On Feb 28, 2022, at 5:03 AM, Bertrand Delacretaz 
>> wrote:
>>> 
>>> Hi,
>>> 
>>> Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk  a écrit :
 ...the relationships I have is direct relationship with the
 stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely
>> "removing
 bureaucratic obstacles" but they are not "between" me and my
>> stakeholders.
 They are "on a side". They get a small cut sometimes (which I gladly
>> pay)
 but I want to talk to the stakeholders directly without any
>> intermediaries
 and establish a long-term relationship with them as an individual
>>> 
>>> I think that's a key point, and listing such requirements for
>>> platforms that can help our contributors get funding sounds useful.
>>> 
>>> Here's a quick list of initial requirements that we might include:
>>> -Contributors can get steady funding for their work
>>> -ASF is out of the loop of financial transactions
>>> -Contributors must use 

Re: Thoughts on alternative communication channels for our communities

[Rich Bowen]

I still fail to understand the reason for looking for alternatives to
MLs for managing ASF projects...


It's less a question of us looking for alternatives, and more a question 
of observing the broader open source community and seeing that the 
younger/newer participants in this space want something different, 
expect something different, and are turned off by the current state of 
things.



Honestly -- I don't think we have a choice. At least I don't that we have
when it comes to users. Those will engage with us in whatever manner
they seem to perceive as most natural and it seems that in 2022 email
is definitely not the first thing that comes to the users' mind.

So... the choice we have to make is to -- either meet our users where
they seem to be looking for us (or at least half-way) OR agree that
we will be forever cut off from quite a number of them.


Yes, this is 100% it. I've long said that to reach our audience, you 
have to go where they are, and engage with them there. "Just subscribe 
to the mailing list", while an acceptable answer 10 years ago, is like 
speaking a foreign language today.


The process (email this cryptic address, wait for the cryptic response 
that you get, and follow the instructions in it, and hope for the best, 
then email this *other* address to talk to us) is just too involved, 
unintuitive, and just seems intentionally byzantine, to the people we're 
trying to engage with today. It makes sense to me, because I've been 
doing it for almost 30 years. But we need to listen to our audience, 
because they are no longer interested in jumping through arbitrary hoops 
when they can just go ask on Reddit instead.


-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: Thoughts on alternative communication channels for our communities

[Matt Sicker]

Another chat solution to consider is Zulip [0]. Zulip's UI encourages
all chat messages to go under an appropriate thread which makes it a
bit easier to use for asynchronous communication. I think one of the
difficult aspects of using something like Slack or IRC for development
is a lack of nice threading which makes them more of a synchronous
communication tool rather than an asynchronous one. Using threads in
Zulip, it becomes a lot easier to navigate the chat without having to
read several days of chatter to find the topic you were looking for.

For what it's worth, I'm at that age near the line between people who
are used to using email and people who are used to using instant
messaging and group chats. I believe that a lack of good threading in
chat UIs is what tends to lead to the "always online" requirement to
keeping up with the chat, though most chat apps support threading at
this point, so I could be wrong.

Another issue with people and mailing lists these days are those who
don't know or care to tame their inbox. There's a reason why
smartphone notifications are used for marketing and such these days;
many people's inboxes are bursting with tens of thousands of unread
messages. It's been the double edged sword of simple and open
protocols: ease of abuse.

[0]: https://zulip.com

On Mon, Feb 28, 2022 at 6:04 AM Jarek Potiuk  wrote:
>
> >
> >
> > This is much easier to manage on any channel than "talking to the
> > group" which is IMO required for Apache-style development.
> >
> > What I mean is:
> > -Everybody sees the topics of all conversations fly by
> > -It's easy to ignore specific or most conversations
> > -It's easy to catch up after N days of absence while the rest of the
> > team has been active, by quickly skimming the thread's subject lines
> > -It's easy to use Precise Quoting in replies to enable deep conversations
> >
> > To me, the lack of first-class discussion threads, including a subject
> > line, in most chat-style channels makes it hard to support that style.
> >
>
> Yeah. I understand that - and Agree that "subject" is important in the
> "slower" conversations. Having #channels in slack somehow addresses it for
> "broader" topics, but in last few weeks many times in the conversations
> there I wrote: "Hey we've started this GitHubDiscussion here, let's move
> the discussion there" if we felt the need to "upgrade" casual chat
> to "meaningful discussion". And we did.
>
> That's why I also agree that for example slack might not be the "only" form
> of conversation for everything. It's one of the ways.
>
> I am also absolutely for deep discussions, analysis and all the arguments
> you mentioned. And GitHubDiscussions falls squarely in all the criteria you
> mentioned - including super easy reference to code (including automatically
> displaying snippets of code), issues, mentioning other users in-line,
> referring other discussions (autocompletable as you type so that you do not
> have to look it up and copy & paste), being able to use emoticons (yeah I
> am almost 50 but I think they make discussion more fun), easy quoting (and
> what I stress again) - ability to correct typos and update your comments
> in-line when you find out more with the right UPDATE: statements, adding
> checkboxes that you can check-off as the discussion progress etc. etc. are
> all there.
>
> I am very proficient in using devlist for some of that. I can personally do
> it rather easily and I've learned the etiquette when I started to
> use devlist more often. But it is all so much easier and more approachable
> using tools like GHDiscussions.
> Email has a lot of friction and simply many people are excluded by default
> and we "lose" their participation. I've been an Engineer and CTO of a
> mobile app development company and I know a lot about good, convenient UI
> and decreasing friction and how important it is.
>
> I think 20 years ago "devlist" as a 'common mechanism' was a great choice
> and facilitated "let's give everyone the possibility to participate". But
> from what I hear from people today (and feel myself), it has changed for
> many communities and if anything it "prevents participation" - it stopped
> fulfilling some of the basic premises it was started with.
>
> J.
>
>
>
> >
> > -Bertrand
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> > For additional commands, e-mail: dev-h...@community.apache.org
> >
> >

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: Effective ways of getting individuals funded to work on ASF projects

[Jarek Potiuk]

> So while I agree with everything Bertrand said I don’t think it resolves
the real issue.
TideLift is providing a guarantee to its customers that projects it
sponsors meet certain
standards. The standards they are looking for should really be set by the
ASF, not
individual projects.

This is the part I do not understand. What Tidelift can promise to their
customers and on what basis?
According to ASF rules where only individuals in the project can make
decisions - this means that Tidelift
has no mechanisms whatsoever to fulfill their promise.

And if ASF sets the standards - why do we need Tidelift at all ?
To be perfectly blunt -  I am afraid that until Tidelift resolves any
of the real problems of individual committers we mentioned with Bertrand
(including facilitating direct relationship commiter <> stakeholder),
I do not see what's the added value of Tidelift. Seems like unnecessary
intermediary.

J.


On Mon, Feb 28, 2022 at 5:10 PM Ralph Goers 
wrote:

> First, I would like to clarify Gary’s email as I don’t think he
> characterized it quite correctly.
> The Logging PMC concluded we could not be part of an arrangement with
> TideLift and
> that the issues needed to be worked out at the foundation level. The
> primary issue was
> that TideLift had requirements on advertising and process details that
> required approval
> of the PMC in order for individuals to be able to be paid. We met with a
> Google
> security team in January and had similar issues where they required a
> process that isn’t
> aligned with the ASF’s requirements on how releases are to be performed.
>
> Second, from my point of view the ASF should have discussions with
> TideLift and Google to
> see if those issues can be resolved. The ideal scenario would be that
> TideLift and Google
> can simply sponsor individuals from any ASF project because all ASF
> projects must
> conform to guidelines that meet their criteria - i.e. the PMC doesn’t even
> have to be
> involved. But this obviously requires that the foundation work with these
> third parties to
> either improve our processes where needed or get the third party to accept
> our processes.
>
> So while I agree with everything Bertrand said I don’t think it resolves
> the real issue.
> TideLift is providing a guarantee to its customers that projects it
> sponsors meet certain
> standards. The standards they are looking for should really be set by the
> ASF, not
> individual projects.
>
> Ralph
>
>
> > On Feb 28, 2022, at 5:03 AM, Bertrand Delacretaz 
> wrote:
> >
> > Hi,
> >
> > Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk  a écrit :
> >> ...the relationships I have is direct relationship with the
> >> stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely
> "removing
> >> bureaucratic obstacles" but they are not "between" me and my
> stakeholders.
> >> They are "on a side". They get a small cut sometimes (which I gladly
> pay)
> >> but I want to talk to the stakeholders directly without any
> intermediaries
> >> and establish a long-term relationship with them as an individual
> >
> > I think that's a key point, and listing such requirements for
> > platforms that can help our contributors get funding sounds useful.
> >
> > Here's a quick list of initial requirements that we might include:
> > -Contributors can get steady funding for their work
> > -ASF is out of the loop of financial transactions
> > -Contributors must use a standard ASF disclaimer (draft at [1])
> > -Contributors can establish a direct relationship with sponsors
> > -Several "funding intermediaries" are available
> > -ASF might define the wording that contributors can use when
> > advertising themselves (based on facts, etc.)
> >
> > I like the idea of the ASF facilitating these things.
> >
> > Maintaining a comdev page that lists criteria like the above, with
> > pointers to the relevant ASF policies, and lists intermediaries that
> > our contributors have successfully used, might be a good start.
> >
> > -Bertrand
> >
> > [1] https://community.apache.org/committers/funding-disclaimer.html
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> > For additional commands, e-mail: dev-h...@community.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org
>
>

Re: Effective ways of getting individuals funded to work on ASF projects

[Ralph Goers]

First, I would like to clarify Gary’s email as I don’t think he characterized 
it quite correctly. 
The Logging PMC concluded we could not be part of an arrangement with TideLift 
and 
that the issues needed to be worked out at the foundation level. The primary 
issue was 
that TideLift had requirements on advertising and process details that required 
approval 
of the PMC in order for individuals to be able to be paid. We met with a Google 
security team in January and had similar issues where they required a process 
that isn’t 
aligned with the ASF’s requirements on how releases are to be performed.

Second, from my point of view the ASF should have discussions with TideLift and 
Google to 
see if those issues can be resolved. The ideal scenario would be that TideLift 
and Google 
can simply sponsor individuals from any ASF project because all ASF projects 
must 
conform to guidelines that meet their criteria - i.e. the PMC doesn’t even have 
to be 
involved. But this obviously requires that the foundation work with these third 
parties to 
either improve our processes where needed or get the third party to accept our 
processes.

So while I agree with everything Bertrand said I don’t think it resolves the 
real issue. 
TideLift is providing a guarantee to its customers that projects it sponsors 
meet certain 
standards. The standards they are looking for should really be set by the ASF, 
not 
individual projects.  

Ralph


> On Feb 28, 2022, at 5:03 AM, Bertrand Delacretaz  
> wrote:
> 
> Hi,
> 
> Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk  a écrit :
>> ...the relationships I have is direct relationship with the
>> stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely "removing
>> bureaucratic obstacles" but they are not "between" me and my stakeholders.
>> They are "on a side". They get a small cut sometimes (which I gladly pay)
>> but I want to talk to the stakeholders directly without any intermediaries
>> and establish a long-term relationship with them as an individual
> 
> I think that's a key point, and listing such requirements for
> platforms that can help our contributors get funding sounds useful.
> 
> Here's a quick list of initial requirements that we might include:
> -Contributors can get steady funding for their work
> -ASF is out of the loop of financial transactions
> -Contributors must use a standard ASF disclaimer (draft at [1])
> -Contributors can establish a direct relationship with sponsors
> -Several "funding intermediaries" are available
> -ASF might define the wording that contributors can use when
> advertising themselves (based on facts, etc.)
> 
> I like the idea of the ASF facilitating these things.
> 
> Maintaining a comdev page that lists criteria like the above, with
> pointers to the relevant ASF policies, and lists intermediaries that
> our contributors have successfully used, might be a good start.
> 
> -Bertrand
> 
> [1] https://community.apache.org/committers/funding-disclaimer.html
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: Effective ways of getting individuals funded to work on ASF projects

[Jarek Potiuk]

I love the "summary" Bertrand. It's precisely what I had in mind but this
is is a very concise version of it :)

On Mon, Feb 28, 2022 at 1:04 PM Bertrand Delacretaz 
wrote:

> Hi,
>
> Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk  a écrit :
> >...the relationships I have is direct relationship with the
> > stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely "removing
> > bureaucratic obstacles" but they are not "between" me and my
> stakeholders.
> > They are "on a side". They get a small cut sometimes (which I gladly pay)
> > but I want to talk to the stakeholders directly without any
> intermediaries
> > and establish a long-term relationship with them as an individual
>
> I think that's a key point, and listing such requirements for
> platforms that can help our contributors get funding sounds useful.
>
> Here's a quick list of initial requirements that we might include:
> -Contributors can get steady funding for their work
> -ASF is out of the loop of financial transactions
> -Contributors must use a standard ASF disclaimer (draft at [1])
> -Contributors can establish a direct relationship with sponsors
> -Several "funding intermediaries" are available
> -ASF might define the wording that contributors can use when
> advertising themselves (based on facts, etc.)
>
> I like the idea of the ASF facilitating these things.
>
> Maintaining a comdev page that lists criteria like the above, with
> pointers to the relevant ASF policies, and lists intermediaries that
> our contributors have successfully used, might be a good start.
>
> -Bertrand
>
> [1] https://community.apache.org/committers/funding-disclaimer.html
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org
>
>

Re: Effective ways of getting individuals funded to work on ASF projects

[Bertrand Delacretaz]

Hi,

Le lun. 28 févr. 2022 à 11:06, Jarek Potiuk  a écrit :
>...the relationships I have is direct relationship with the
> stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely "removing
> bureaucratic obstacles" but they are not "between" me and my stakeholders.
> They are "on a side". They get a small cut sometimes (which I gladly pay)
> but I want to talk to the stakeholders directly without any intermediaries
> and establish a long-term relationship with them as an individual

I think that's a key point, and listing such requirements for
platforms that can help our contributors get funding sounds useful.

Here's a quick list of initial requirements that we might include:
-Contributors can get steady funding for their work
-ASF is out of the loop of financial transactions
-Contributors must use a standard ASF disclaimer (draft at [1])
-Contributors can establish a direct relationship with sponsors
-Several "funding intermediaries" are available
-ASF might define the wording that contributors can use when
advertising themselves (based on facts, etc.)

I like the idea of the ASF facilitating these things.

Maintaining a comdev page that lists criteria like the above, with
pointers to the relevant ASF policies, and lists intermediaries that
our contributors have successfully used, might be a good start.

-Bertrand

[1] https://community.apache.org/committers/funding-disclaimer.html

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: Thoughts on alternative communication channels for our communities

[Jarek Potiuk]

>
>
> This is much easier to manage on any channel than "talking to the
> group" which is IMO required for Apache-style development.
>
> What I mean is:
> -Everybody sees the topics of all conversations fly by
> -It's easy to ignore specific or most conversations
> -It's easy to catch up after N days of absence while the rest of the
> team has been active, by quickly skimming the thread's subject lines
> -It's easy to use Precise Quoting in replies to enable deep conversations
>
> To me, the lack of first-class discussion threads, including a subject
> line, in most chat-style channels makes it hard to support that style.
>

Yeah. I understand that - and Agree that "subject" is important in the
"slower" conversations. Having #channels in slack somehow addresses it for
"broader" topics, but in last few weeks many times in the conversations
there I wrote: "Hey we've started this GitHubDiscussion here, let's move
the discussion there" if we felt the need to "upgrade" casual chat
to "meaningful discussion". And we did.

That's why I also agree that for example slack might not be the "only" form
of conversation for everything. It's one of the ways.

I am also absolutely for deep discussions, analysis and all the arguments
you mentioned. And GitHubDiscussions falls squarely in all the criteria you
mentioned - including super easy reference to code (including automatically
displaying snippets of code), issues, mentioning other users in-line,
referring other discussions (autocompletable as you type so that you do not
have to look it up and copy & paste), being able to use emoticons (yeah I
am almost 50 but I think they make discussion more fun), easy quoting (and
what I stress again) - ability to correct typos and update your comments
in-line when you find out more with the right UPDATE: statements, adding
checkboxes that you can check-off as the discussion progress etc. etc. are
all there.

I am very proficient in using devlist for some of that. I can personally do
it rather easily and I've learned the etiquette when I started to
use devlist more often. But it is all so much easier and more approachable
using tools like GHDiscussions.
Email has a lot of friction and simply many people are excluded by default
and we "lose" their participation. I've been an Engineer and CTO of a
mobile app development company and I know a lot about good, convenient UI
and decreasing friction and how important it is.

I think 20 years ago "devlist" as a 'common mechanism' was a great choice
and facilitated "let's give everyone the possibility to participate". But
from what I hear from people today (and feel myself), it has changed for
many communities and if anything it "prevents participation" - it stopped
fulfilling some of the basic premises it was started with.

J.



>
> -Bertrand
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org
>
>

Re: Thoughts on alternative communication channels for our communities

[Bertrand Delacretaz]

Hi Jarek,

Le dim. 27 févr. 2022 à 23:11, Jarek Potiuk  a écrit :
> ...I use slack for async communication a lot. Including
> underrepresented in IT Outreachy (https://www.outreachy.org/)  interns that
> I am mentoring - from India, Peru and Nigeria that I am interacting with
> them over the last 3 months of their internship Most of that is
> asynchronous because I live in Poland which is about 12 hours apart from
> both India and Peru. And we have different holidays schedules...

I think what you're describing is 1:1 async communications, or "1 to
very small group".

This is much easier to manage on any channel than "talking to the
group" which is IMO required for Apache-style development.

What I mean is:
-Everybody sees the topics of all conversations fly by
-It's easy to ignore specific or most conversations
-It's easy to catch up after N days of absence while the rest of the
team has been active, by quickly skimming the thread's subject lines
-It's easy to use Precise Quoting in replies to enable deep conversations

To me, the lack of first-class discussion threads, including a subject
line, in most chat-style channels makes it hard to support that style.

-Bertrand

-
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Re: Effective ways of getting individuals funded to work on ASF projects

[Jarek Potiuk]

Yeah. I am observing (and also applauding) Chris's effort and the
problems/struggles, and I think the Tidelift (and similar) model does not
solve any of the problems of individual contributors who want to get paid.

I might be very wrong here - of course - no monopoly on understanding the
Apache Way, but I think there is a  big "philosophical" clash between
Tidelift's model and the ASF one. Mostly about "organization" vs.
"individual" relationships and customer relations.

I think the problem is that Tidelift establishes a relationship between
"stakeholders" and "tidelift", not between "stakeholders" and "individual
contributors". In the doc attached by Joshua it's clear those are "our
customers" (i.e. Tidelift customers). Tidelift works with similar
assumptions as Uber and other crowdsourcing "gig economies" - but those
only work because you need some platform so that "ride sharers" can find
"ride needers" and there is no 1-1 long term relationship between those. In
the OSS/ASF world this is different. Committers are "known" and easily
searchable. if a stakeholder in PLC4X wants to do smth with PLC4X - it's
obvious they should come to Chris - there is no need to have an
intermediate platform for that. And I think there is no need for education
and practices from such a platform. I've seen (as I build and successfully
sold a software house) there were numerous attempts on trying to build
business on being the "middle-man" between software developers and
customers - with the promise that the intermediate provides training,
common approach etc. and that the customers can trust the intermediary
ratner than software house which is hired (with an assumption - we can find
you another software house if it will not work and provide an overlook of
the process). But first of all, I never saw it working long term (because
you cannot delegate trust in this way) and secondly - here is a completely
different setup. There is no second Chris to talk to.

This is the huge difference between platforms I mentioned before and
Tidelift - the relationships I have is direct relationship with the
stakeholders. Let's deel, GitHub Sponsors, SAP Ariba are merely "removing
bureaucratic obstacles" but they are not "between" me and my stakeholders.
They are "on a side". They get a small cut sometimes (which I gladly pay)
but I want to talk to the stakeholders directly without any intermediaries
and establish a long-term relationship with them as an individual.

A the end what we really need is a help in:

* raising awareness among the stakeholders that they can establish
relationships with individual contributors directly
* making the stakeholders aware of the limits they can have in such
relationships
* making the stakeholders aware of the benefits they get from the
relationship even if they cannot "directly require the individuals to do
what they want"
* making it easier to reach out to the potential stakeholders
* helping to establish direct trust relationship between the individual and
stakeholders (not between individual -> intermediary -> stakeholders)
* not putting additional obligations and requirements on the individuals
(this is forbidden in ASF really as I understand it).
* helping with bureaucratic obstacles there

This might be a bit brutal for Tidelift-kind models, but ASF individual
contributors won't need the intermediary (just the bureaucratic stuff) any
more once the trust and relationship with a given stakeholder.

I think it's pretty different from what Tidelift provides for now.

J.


On Mon, Feb 28, 2022 at 9:31 AM Christofer Dutz 
wrote:

> Hi Roman,
>
> thanks for bringing this up here … I too want to help with exactly this. I
> tried starting a discussion on this on members@ but that sort of dried up
> and it felt a bit like a monologue or people simply telling me what didn’t
> work for them in the past and therefore I shouldn’t try on my own … but I
> keep on adding stuff in hope someone might be passively consuming.
>
> For this, in 2021 I invested quite a bit of work, time and even money in
> scouting solutions.
>
> I knew most things I tried, would not be successful, but I wanted to do
> them to see in which way they didn’t perform. And I’m glad I tried it.
> Because I did learn things, that I haven’t thought about before. So let me
> share this with you all. Not all things I learned will apply to all
> projects and all industries. My experience is greatly dominated by
> automation industry and my work on PLC4X.
>
> So initially I tried offering paid consulting, training, and
> implementation work for PLC4X. This failed, mainly because the Automation
> industry is not used to this concept. At least the concept of individual
> contractors. Most companies use Perferred-Vendor approaches. This is the
> same in more classical IT-consulting consuming industries. The main
> difference however is that in the automation industry there are no
> proxy-companies as there are in the other parts of the industry, which

Re: Effective ways of getting individuals funded to work on ASF projects

[Martin Desruisseaux]

There is a small but relatively successful funding happening right now. 
The Open Geospatial Consortium (OGC) is organizing a code sprint 
conjointly with ASF and another open-source organization (OSGeo) [1]. 
For this code sprint, OGC and OSGeo solicited their sponsors, but ASF 
could not (probably not the ASF way, and also geospatial may be too much 
a niche domain at ASF). The collected money goes to participants [2]. 
This is small (10,000$ a few weeks ago, I do not know the amount today) 
and only for short events, but this is the second year that this event 
happens and if successful enough, it may continue to happen next years. 
The advantage is that OGC takes in charge a lot of the burden of 
organizing those events. I wonder if ASF should participate to the calls 
for sponsors if such code sprints happen again, with some filtering for 
bothering only those who have an interest in the target domain 
(geospatial in this example).


    Martin

[1]https://www.ogc.org/pressroom/pressreleases/4659
[2}https://t.co/zxoN70sKLF

RE: Effective ways of getting individuals funded to work on ASF projects

[Christofer Dutz]

Hi Roman,

thanks for bringing this up here … I too want to help with exactly this. I 
tried starting a discussion on this on members@ but that sort of dried up and 
it felt a bit like a monologue or people simply telling me what didn’t work for 
them in the past and therefore I shouldn’t try on my own … but I keep on adding 
stuff in hope someone might be passively consuming.

For this, in 2021 I invested quite a bit of work, time and even money in 
scouting solutions.

I knew most things I tried, would not be successful, but I wanted to do them to 
see in which way they didn’t perform. And I’m glad I tried it. Because I did 
learn things, that I haven’t thought about before. So let me share this with 
you all. Not all things I learned will apply to all projects and all 
industries. My experience is greatly dominated by automation industry and my 
work on PLC4X.

So initially I tried offering paid consulting, training, and implementation 
work for PLC4X. This failed, mainly because the Automation industry is not used 
to this concept. At least the concept of individual contractors. Most companies 
use Perferred-Vendor approaches. This is the same in more classical 
IT-consulting consuming industries. The main difference however is that in the 
automation industry there are no proxy-companies as there are in the other 
parts of the industry, which individuals could use as proxies. In the past I 
have worked for numerous Banks by offering services through consulting 
companies that were listed as Preferred vendors. Usually even if a bank 
approached me directly, they then said: So, we’re going to take care of setting 
things up with company X, which is in our Preferred vendor-list, … This 
infrastructure is completely missing in the Automation sector.

In order to make it easier for potential customers to find people willing to 
help, we added:
https://plc4x.apache.org/users/commercial-support.html
To the Apache PLC4X website. This was a bit tricky to get right, but I think in 
the end we got it into a form that is in-line with the ASF and what we are 
allowed to do as a non-profit charity.

In parallel I took every chance to speak at conferences or publish in 
tech-magazines. However, our potential customers simply didn’t go to those 
conferences or read those magazines. The automation industry has industrial 
fairs instead of conferences and their magazines are all pay to play. So, you 
need to invest a lot of money to be noticed. This is 100% in conflict with the 
ASF’s mission, and I don’t really see any way how we can change this, unless 
companies are willing to sponsor Open-Source (and ASF) content or give us some 
space at industrial fairs. I definitely don’t see the ASF using it’s budget for 
that, unless it’s a targeted donation explicitly for this sort of thing.

I tried platforms like Github Sponsors (Where I must continuously keep on 
searching for how to find the page every time) https://github.com/sponsors/ … 
however this didn’t work at all. I think I had one sponsor for 2 or 3 months, 
but that was a friend from the ASF. The problem is that the industry is used to 
buying products and not to consuming services. Also, a donation is not targeted 
and doesn’t work well with industrial book-keeping.

I tried contacting companies like tidelift, but no matter what I did, I never 
got any response, but instead every time I got more spam wanting to tell me 
about how awesome open-source is (Yeah … tell me about it ;-) )

I tried setting up a crowd-funding platform. The problem with the existing ones 
was, that they are not made for sponsoring feature development for open-source 
projects. I didn’t want to invest more time in preparing marketing videos for a 
campaign that takes longer to prepare than to implement the feature. As I 
couldn’t find any, I decided to setup my own. As I’m lazy and my website was 
based on WordPress I used WP-Crowdfunding 
(https://www.themeum.com/product/wp-crowdfunding-plugin/) … but I knew I had to 
have this legally checked. So, I hired a lawyer to check what I was planning on 
doing (Which is quite tricky … not many lawyers seemed to be willing to do 
that, guess most are just concentrating on the usual stuff).

Turns out (at least in Germany) a classical crowdfunding is not possible. The 
problem is that if a campaign is not successful, you must pay back the invested 
money. Above that you are required by law to pay interest on that. This is 
where things start getting interesting: As soon as you pay interest, you offer 
bank-like services. And this requires you to run your business through BAFIN. 
Which is a HUGE amount of paperwork and probably even expensive. The only 
option I had, was to run it as a donation without any repayments.

Of course, this again brings up the problem that donations don’t go down well 
in corporate accounting. So, I wasn’t expecting much to happen on my new 
crowdfunding platform. But I thought: If this should happen to work, I would