Re: Security restrictions
Alan D. Cabrera wrote: On May 17, 2008, at 10:33 AM, Robert Burrell Donkin wrote: On Sat, May 17, 2008 at 6:25 PM, Alan D. Cabrera [EMAIL PROTECTED] wrote: I'm beginning to regret not slogging through all those threads about the IP checks in relation to security. Ok, I'm actually glad that I didn't waste my time. WRT security...? (maybe it's just slipped my mind but i don't recall much about IP and security) Is there a check list available for me to use for a podling? a guide is being drafted in http://incubator.apache.org/guides/mentor.html Apparently OpenSAML had all sorts of these IP issues. For example, we have to worry about IDEA. The main isssue OpenSAML (if I remember what I read) was mainly about RSA (http://marc.info/?l=incubator-generalw=2r=1s=opensaml) -- -- cordialement, regards, Emmanuel Lécharny www.iktek.com directory.apache.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Security restrictions
Alan D. Cabrera wrote: On May 17, 2008, at 10:33 AM, Robert Burrell Donkin wrote: On Sat, May 17, 2008 at 6:25 PM, Alan D. Cabrera [EMAIL PROTECTED] wrote: I'm beginning to regret not slogging through all those threads about the IP checks in relation to security. Ok, I'm actually glad that I didn't waste my time. WRT security...? (maybe it's just slipped my mind but i don't recall much about IP and security) Is there a check list available for me to use for a podling? a guide is being drafted in http://incubator.apache.org/guides/mentor.html Apparently OpenSAML had all sorts of these IP issues. For example, we have to worry about IDEA. Please don't confuse security and cryptography. For example, here is some security advice from Bruce Schneier ;-) http://www.schneier.com/essay-173.html You can use all kinds of cryptography and still end up with a completely unsecure system. Wikipedia says that IDEA is patent protected until 2010/11: http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm That is a general problem with patents, it is not specific to cryptography or security. If you are aware of any patents that might apply to your podling, maybe you should take that to [EMAIL PROTECTED] A specific thing for cryptography are export notifications, but as I understand it, that is not your concern at the moment. http://www.apache.org/dev/crypto.html cheers, Roland - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
legal-discuss moderation versus IP clearance
All, I've followed the instructions of the IP clearance documentation and sent in a software grant to both secretary@ and [EMAIL PROTECTED] However, the legal-archive message was never moderated to pass through. Is nobody watching that list? If so, should we add more volunteers to legal-archive, or should we drop the requirement to send a message to [EMAIL PROTECTED] Martijn - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Q: ip-clearance step 5
Step 5 of the IP clearance states: If the source is referenced by checksum in the grant, commit the canonical tarball for the donated code into the incubator drop area together with a checksum and a detached signature. This will ensure that apache has a legal record of the grant. Complete and commit the completed form. Where do I commit the code and in what form? I have a kitten-auth.zip file, should the zip file be committed or the unzipped code? Should it be committed into a directory inside http://svn.apache.org/repos/asf/incubator/ and what should the be? or does the code go directly into the project? Martijn -- Buy Wicket in Action: http://manning.com/dashorst Apache Wicket 1.3.3 is released Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: legal-discuss moderation versus IP clearance
On Sun, May 18, 2008 at 12:18 PM, Martijn Dashorst [EMAIL PROTECTED] wrote: All, I've followed the instructions of the IP clearance documentation and sent in a software grant to both secretary@ and [EMAIL PROTECTED] However, the legal-archive message was never moderated to pass through. Is nobody watching that list? If so, should we add more volunteers to legal-archive, or should we drop the requirement to send a message to [EMAIL PROTECTED] the legal committee is responsible for this process so this is probably a call for them. so, this probably needs asking on legal discuss. IMHO subversion is better than email for archiving so i would be happy to drop the legal-archive post from the process - robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Q: ip-clearance step 5
On Sun, May 18, 2008 at 12:36 PM, Martijn Dashorst [EMAIL PROTECTED] wrote: Step 5 of the IP clearance states: If the source is referenced by checksum in the grant, commit the canonical tarball for the donated code into the incubator drop area together with a checksum and a detached signature. This will ensure that apache has a legal record of the grant. Complete and commit the completed form. Where do I commit the code and in what form? I have a kitten-auth.zip file, should the zip file be committed or the unzipped code? apache needs a record of the checksummed artifact. this is likely to be the zipped code. Should it be committed into a directory inside http://svn.apache.org/repos/asf/incubator/ and what should the be? or does the code go directly into the project? the code goes into the project (IMHO the process is too heavyweight and needs revision) - robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Q: ip-clearance step 5
On 5/18/08, Robert Burrell Donkin [EMAIL PROTECTED] wrote: Where do I commit the code and in what form? I have a kitten-auth.zip file, should the zip file be committed or the unzipped code? apache needs a record of the checksummed artifact. this is likely to be the zipped code. I've attached it to a JIRA issue (http://issues.apache.org/jira/browse/WICKET-1610). But the IP-Clearance form asks for the code to reflect the new copyright information: Check and make sure that the files that have been donated have been updated to reflect the new ASF copyright. This means I shouldn't commit the zipped code, but the code itself, modify it to make it ASF policy compliant, and then hold the acceptance vote? (IMHO the process is too heavyweight and needs revision) Heavyweight is not the biggest problem. It is mostly confusing and contradictory. Martijn - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Q: ip-clearance step 5
On Sun, May 18, 2008 at 7:08 PM, Martijn Dashorst [EMAIL PROTECTED] wrote: On 5/18/08, Robert Burrell Donkin [EMAIL PROTECTED] wrote: Where do I commit the code and in what form? I have a kitten-auth.zip file, should the zip file be committed or the unzipped code? apache needs a record of the checksummed artifact. this is likely to be the zipped code. I've attached it to a JIRA issue (http://issues.apache.org/jira/browse/WICKET-1610). But the IP-Clearance form asks for the code to reflect the new copyright information: Check and make sure that the files that have been donated have been updated to reflect the new ASF copyright. AIUI that statement is incorrect This means I shouldn't commit the zipped code, but the code itself, modify it to make it ASF policy compliant, and then hold the acceptance vote? the principle is very simple: apache needs to record the artifact that has the right checksum IMHO the best practice is to record the artifact in a JIRA and then commit the uncompressed code as is into a separate area before updating it. this ensures that the conversion process is recorded. (IMHO the process is too heavyweight and needs revision) Heavyweight is not the biggest problem. It is mostly confusing and contradictory. IMO it's confusing and contardictory nature arises from it's weight - robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Q: ip-clearance step 5
On May 18, 2008, at 6:52 AM, Robert Burrell Donkin wrote: apache needs a record of the checksummed artifact. this is likely to be the zipped code. FTR, Apache only needs this if there is no other way to map the contribution to the contributor. The easiest way to map them is to have the contributor (or their employee) commit the code directly to subversion or attached to jira/bugzilla, in which case the checksum is unnecessary. Roy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Reports Overdue for: Abdera, NMaven, WSP4J, XAP
I see activity on the mailing lists for all of these projects, and see active Mentors ... so where are the reports? I will not be readily available to pick up changes tomorrow morning, so we need them now. --- Noel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [VOTE] Apache Tuscany Graduation as TLP
I went back, for nostalgic fun, and reviewed the discussions from when Tuscany was originally proposed and debated. Tuscany has come a long way, from an initial proposal to do something for which there was not even a specification. +1 Congratulations. --- Noel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Reports Overdue for: Abdera, NMaven, WSP4J, XAP
Just updated NMaven. Thanks, Shane On Sun, May 18, 2008 at 7:39 PM, Noel J. Bergman [EMAIL PROTECTED] wrote: I see activity on the mailing lists for all of these projects, and see active Mentors ... so where are the reports? I will not be readily available to pick up changes tomorrow morning, so we need them now. --- Noel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Reports Overdue for: Abdera, NMaven, WSP4J, XAP
Just updated NMaven. Got it. :-) --- Noel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Reports Overdue for: Abdera, NMaven, WSP4J, XAP
Got Abdera's, too. --- Noel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Reports Overdue for: Abdera, NMaven, WSP4J, XAP
Abdera's is updated. - James On Sun, May 18, 2008 at 8:26 PM, Noel J. Bergman [EMAIL PROTECTED] wrote: Got Abdera's, too. --- Noel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Reports Overdue for: Abdera, NMaven, WSP4J, XAP
Heh... sorry, hit reply before I actually read the note I was replying to :-) On Sun, May 18, 2008 at 8:32 PM, James Snell [EMAIL PROTECTED] wrote: Abdera's is updated. - James On Sun, May 18, 2008 at 8:26 PM, Noel J. Bergman [EMAIL PROTECTED] wrote: Got Abdera's, too. --- Noel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- - James Snell http://www.snellspace.com [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Mentor recruit for Hama project
Hi Edward, I think you're going to be in for some significant challenges in growing a community in what appears to be a fairly specialised field - but if you're up for that challenge I will be happy to mentor the project, so you can go ahead and add my name. Just to clarify - this is intended to be a standalone project, not a subproject of hadoop? Thanks, Brett 2008/5/18 Edward J. Yoon [EMAIL PROTECTED]: Hello all, The Hama team is looking for a couple more mentor volunteers in addition to our current volunteers (Ian Jeff). We really want to be accepted into incubator status and we realize we need to learn more of the culture of the Apache community so that we can work effectively with the Incubator and with the other communities that are important to our proposal (Hadoop, Hbase and Mahout). The Hama domain of parallel matrix computation is very challenging and has been the target of significant mathematical and computer science research. We believe that the benefits of supporting large matrix computations efficiently on very large scale Hadoop clusters are immense and we have great enthusiasm for this endeavor. With hard work and the support of the larger Apache community we believe we can be successful. -- Best regards, Edward - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Brett Porter Blog: http://blogs.exist.com/bporter/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]