Success at Apache: Welcoming Communities Strengthens the Apache Way

2020-04-06 Thread Sally Khudairi
[this announcement. including embedded links and images, is available at 
https://s.apache.org/tcs0m ]

by Jarek Potiuk

During my career, I have been a software engineer, Tech Lead Manager at Google, 
a robotics engineer at an AI and robotics startup, and am currently the CTO of 
a software house, Polidea, which I helped grow from 6 to 60 people within 6 
years. 

Over the past year and a half I was a user, then contributor, then committer, 
and now a Project Management Committee (PMC) member of Apache Airflow.

Although I took on many roles through the years, including being the main 
organizer of the international tech conference (MCE), deep in my heart I was 
always a software engineer. It took me many years to find a place where I could 
explore my true potential. Then I became part of the Apache community. I first 
learned about the Apache Software Foundation (ASF) 20 years ago when I used the 
Apache HTTP server at the beginning of my career. I had only made small 
contributions to OSS projects up to that point, and becoming involved with 
Apache Airflow was the first time I contributed seriously to one. As a 
Principal Software Engineer at Polidea, several of our customers were using 
Apache Airflow and wanted to contribute back to the project to help other 
users. Better integrations of services with Airflow would significantly improve 
future releases of the software. 

The needs of our customers made me and my team go from users of the project to 
contributors and more. We have people in our software house who understand open 
source, know how to follow the OSS rules, and contribute changes from customers 
to help other people in the community. We know how to communicate well, we can 
also represent a vendor-neutral point of view because we represent the view of 
several customers and collaborate with all the stakeholders in the project. 
People in our company also contribute to other OSS projects, such as Apache 
Beam and Flink. 

We also discovered a great model where our customers wanted us to contribute to 
an open-source project to make it better because they were using it and wanted 
to improve it for future users. This allowed us to do it full time (or even 
150% of the time if you add all the out-of-hours contributions). I invite you 
to read about it in my blog post The evolution of Open Source - standing on the 
shoulders of giants.

Committing to Apache 

I found exactly what I was looking for in the Apache Software Foundation. It’s 
a great organization for people like me: individual contributors who are also 
good at working with others, the ones who don’t shy away from organizing and 
making things happen, who thrive when they can do meaningful work with others. 

This made me think: since the ASF is so great, how come for 20 years I was not 
contributing to OSS projects more? And since so many software engineers use 
Apache technology, why is participation not more common? I got lucky because I 
was in a position that allowed and supported my contributions to an open-source 
project. For me, it’s a dream-come-true. But what about others? There must be 
more people willing to contribute and get involved in the OSS community, they 
probably just don’t know how to go about it yet or did not like the experience.

So here I am, sharing my thoughts on what can be done to help others to get to 
know ASF sooner and get involved.

Apache Airflow and the initial experience 

Apache Airflow is an exciting project. It is a platform created by the 
community to programmatically author, schedule and monitor workflows. It 
started in AirBnB in 2014, was submitted to the ASF incubator in March 2016 and 
it graduated to a top-level project in January 2019.

When I started working with the Apache Airflow project, I quickly realized that 
it was hard for me to contribute to. It was not clear how to develop and debug 
Airflow, how to start, and how to communicate. The project had a number of 
channels for communication including a developer list, a Slack channel, issues 
and pull requests alongside the code. As a newcomer, it was not easy to 
understand which channel is used for what and whether it’s OK to raise certain 
issues using those channels. It was not clear what were the common protocols: 
for example how to see that one thread is a discussion and one is voting on an 
already discussed topic. 

Is our community welcoming enough?

At a party after a conference where I spoke about Apache Airflow, I had a long 
discussion with a young engineer who was new to the field, Fabian. Fabian told 
me that often OSS projects create some invisible barriers around communication 
and onboarding. I explained to him the “Apache Way” and how transparency and 
openness help with those barriers, fiercely protecting the fact that “we are 
open”. We carried on with our friendly discussion and it was really eye-opening.

That conversation stayed with me for a while. After some time, I realized that 
maybe our 

[ANNOUNCE] Apache Jackrabbit Oak 1.10 retired

2020-04-06 Thread Julian Reschke

Dear users of Apache Jackrabbit,

the Apache Jackrabbit Team has decided to drop support and deprecate the 
1.10 branch of Apache Jackrabbit Oak. Branch, tags and releases will 
still be available for future references, but will not show up on the 
download page anymore. Users are encouraged to upgrade to the latest 
release of the newest maintenance branch (1.22.2).


See , 
 and 
 for further information.


Best regards, Julian


[ANNOUNCE] Apache Wicket 9.0.0-M5 released

2020-04-06 Thread Andrea Del Bene

The Apache Wicket PMC is proud to announce Apache Wicket 9.0.0-M5!

Apache Wicket is an open source Java component oriented web application
framework that powers thousands of web applications and web sites for
governments, stores, universities, cities, banks, email providers, and
more. You can find more about Apache Wicket at https://wicket.apache.org

This release marks another minor release of Wicket 9. We
use semantic versioning for the development of Wicket, and as such no
API breaks are present breaks are present in this release compared to
9.0.0.

New and noteworthy

--

With this milestone Wicket introduces support for content security 
policy (CSP) which
is active by default and prevents inline JavaScript and CSS code from 
been executed.
For more details about CSP support see Wicket 9 migration guide linked 
below.



Using this release

--

With Apache Maven update your dependency to (and don't forget to
update any other dependencies on Wicket projects to the same version):


    org.apache.wicket
    wicket-core
    9.0.0-M5


Or download and build the distribution yourself, or use our
convenience binary package you can find here:

 * Download: http://wicket.apache.org/start/wicket-9.x.html#manually

Upgrading from earlier versions
---

If you upgrade from 9.y.z this release is a drop in replacement. If
you come from a version prior to 9.0.0, please read our Wicket 9
migration guide found at

 * http://s.apache.org/wicket9migrate

Have fun!

— The Wicket team




    The signatures for the source release artefacts:


Signature for apache-wicket-9.0.0-M5.zip:

    -BEGIN PGP SIGNATURE-

iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl6FsXoACgkQh48B+qjT
VuEZiA//fgy42gNrnUBO6Cbs6ZvJwzMLURlVuD/mrHZx5iLgnr7p9qgJzEZSfdF/
U0JPztMq6/crgi+aXPCjxzKdnGNlu665g3Xxyc3dr+N8psoWptGsBREBTtynQU2n
Pu9ir1THAE9qdr4MbqRZbH5wQGklPnLTfoTV6BS0HK4mmPCblK7eYBZlz7QnbOAL
MwuShMRLZ0phKZ3rwXFSJcWoZGyx6cmHPjs04VJkCdbtcOwBMNIzoU5CgbShvVt9
eXobPkOniJ2Ijr/B1ROVMrFOC7uduJilFj2dk+icZZgrO6177pDO57bX1It3Ts3J
UbOJKdtBIHMD9XNe1ANPodMMwxA5Q0hUpjsehPqZVFgYpEfHxyPENVkjlabqHOt/
8ySL79MfOGzckNPUrR16HS0RTrBjsSrLnif5bHcaFyIg6UL0RrdOlJaI6CU01V/Y
zPBtI3Dm1R4acUCrU08nScoeR+uS7F6oTSQD2X+pEsBG6euX0q1fV4HhtVQSRIFU
pSrSAavkQjUL0tl6ik8HeGOlMFXT66U0Q6gnI/KmxcHZAroWU6j2qvYOcfawIEkw
qZfgo0ZnJN4/VxAl51+On64LkaxpCCBCh8+yZ2DW7efcKDWElXpC1IOhvuFTYDgt
WouuIOaT0Hdura6SBdp6WYwwLzUP/nk1s6A6EfYtpanlWxblzLE=
=062g
-END PGP SIGNATURE-

Signature for apache-wicket-9.0.0-M5.tar.gz:

    -BEGIN PGP SIGNATURE-

iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAl6FsXoACgkQh48B+qjT
VuHV3Q//QlqtUlnAtEn2KN0XdinerjOrG8Ny9M7/apRqVjij57Ye+LrIPWnd0+Bj
WqTVx/4nuJ/HcC+e1fwrSkekSZW0n2ecO9GKo/k7KyDRxsbKnPyCP3JjqJfhDf/R
6seFXrGJWLfQo844kuLJz5Ug3wjEqiOQk2HmgXTQmUdcGlTsXAioSkHttLNQjLZC
bF2LD3ZqwJw0R/7o1t4WAi1h7iriGKGrehgk6k/9h8DKTvKGduEDfWtSPu4R8Ogr
/i71FQt5w+87wKLP/viUHkIg0+KAHGmVu9Qz1AYHLc20oJv63N273ZeiIRuFWmCj
jw+1WfJUQvxFxfV1CxNCl/IBGPjD4FS3sygg867uEgShNFVNzVA+vplEDRl3i9e9
GaMgQsfVBi8eZzoGtgga0cQhgOU4hvOwv8lHNaC6XHYV18/p6j9P1tthtPsL2Krk
AzFfJ3Ym/gRf2thKop4iMn2xU16bu1D33zSPJ3C0kGlWqHQFw5+gBLNLOthv3YyV
LZGqSmsPg2sNcWDPqaUGQAVGNXmogjpbw6X9aEx2VtXfLQItRMNJq6lpoCtPQryK
UhgTTb4z4wE1dUDhyuIAVgKXgtUdKg7Q8oxmIfV4zl4OdRzBCYuHJ8md0Q7Tg0PC
BiSUhll+1igfRg1tUYItJ7TtV6uqdRZIg+YMsZ98ZKp24xcy1rI=
=GdAn
-END PGP SIGNATURE-



    CHANGELOG for 9.0.0-M5:

** Bug

    * [WICKET-6715] - FileUpload class should not  implement IClusterable
    * [WICKET-6745] - CSP: inline JS in server and client time response 
filters
    * [WICKET-6746] - HttpsMapper cannot deal with resources over 
websockets

    * [WICKET-6752] - Some dependencies contain CVEs
    * [WICKET-6753] - res/modal.js using aria-labelledby where it 
should be using aria-label

    * [WICKET-6754] - Iteration stops with nested containers
    * [WICKET-6755] - MockServletContext does not decode real path
    * [WICKET-6756] - Avoid URL.getFile() when actually expecting paths.
    * [WICKET-6757] - Avoid URL.getFile during mime type detection.
    * [WICKET-6758] - NPE in AbstractWebSocketProcessor after session 
times out


** New Feature

    * [WICKET-6727] - Configurable CSP
    * [WICKET-6729] - allow adding IHeaderResponseDecorator without 
replacing all others

    * [WICKET-6730] - Global access to secure random data

** Improvement

    * [WICKET-6724] - CSP: Inline Javascript in AjaxLink
    * [WICKET-6725] - CSP: display:none in Component.renderPlaceholderTag
    * [WICKET-6726] - CSP: inline styling and js in Form submitbutton 
handling

    * [WICKET-6731] - CSP: inline JS in SubmitLink
    * [WICKET-6732] - CSP: inline JS in Link and ExternalLink
    * [WICKET-6733] - CSP: enable by default
    * [WICKET-6735] - CSP: inline styling in 
FormComponentFeedbackBorder/Indicator

    * [WICKET-6736] -