Re: [VOTE] Apache Dubbo graduation to Top Level Project

[Mark Thomas]

On 18/04/2019 13:24, Huxing Zhang wrote:
> Hi All,
> 
> After a discussion in the Apache Dubbo community on the dev mailing
> list[1], choosing PMC chair[2], forming the PMC members[3], completing
> the maturity model[4], and discussing the resolution proposal[5], I
> would like to call a vote for Apache Dubbo graduating to a top level
> project.
> 
> Please vote on the proposal to graduate Dubbo as TLP to submit to the
> Incubator PMC.
> 
> Vote:
> [X] +1 - Recommend graduation of Apache Dubbo as a TLP

Mark

Re: [IMPORTANT][PPMC] Invitation to be Dubbo PMC member

[Mark Thomas]

On 09/04/2019 03:12, Huxing Zhang wrote:

> If you are willing to be a PMC member after graduation, please respond
> YES to this thread by replying to dev@dubbo.apache.org no later than
> 2019-04-12 (Friday).
> If you are not subscribing the private list, please remember to
> subscribe to the private@ list.

I'll probably continue to lurk on the private@ list (and maybe the dev@
list) after graduation but I do not wish to be on the PMC.

Mark

Re: [DISCUSS] PMC Chair of Dubbo

[Mark Thomas]

On 04/04/2019 03:26, Huxing Zhang wrote:
> Hi All,
> 
> According to [1], in the "Preparing a Charter" section, we need to
> decide PMC chair.

Just to nitpick here.

The PMC does not decide on who is the chair. The board does.

The PMC makes a recommendation to the board as to who should be
appointed the PMC chair. The board nearly always accepts that
recommendation.

> This is previously discussed on the "[DISCUSS] Graduate Apache
> Dubbo(incubating) as a Top Level Project" thread, but it looks like it
> is easily ignored. Therefore I am starting a dedicated thread to
> discuss this.
> 
> I personally am suggesting Ian Luo as PMC chair. Ian is leading the
> Dubbo project, and has rich experience in RPC/service framework. I
> think he is the best candidate.

Leading is a word that always makes me nervous around ASF projects.

The role of PMC chair is an unusual one. PMC chairs are officers of the
foundation and, as such, have quite a lot of authority. However, if they
ever need to use that authority then it usually means things have gone
very badly wrong.

If everything is working as it should, the role of PMC chair is mostly
an admin role. Applying for new accounts, writing quarterly reports, etc.

The most important part of a PMC chair's role is to write quarterly
reports for the board that *accurately* describe the current state of
the project community. Note: not the technical state of the project, but
the state of the project community. I'd strongly recommend reading
through the minutes of the last few board meetings to get an idea of
what makes a good project report in the eyes of the board.

Mark

Re: [DISCUSS] Graduate Apache Dubbo(incubating) as a Top Level Project

[Mark Thomas]

On 30/03/2019 11:00, Huxing Zhang wrote:

Hi All,

It has been more than 1 year since Dubbo joins the ASF
incubator(2018-02-16). During incubation I think Dubbo community has
been growing in a fast and healthy way, and also learned a lot about how
to collaborate in Apache way.


Agreed.


I think it is time to discuss the graduation as a Top level project for Dubbo.


Agreed.


Until now, what we've achieved:


Different people will focus on different things when it comes to judging 
a podling's readiness for graduation. Concentrating of the points I 
consider key...



### Releases
Totally 10 release since incubation





The release process has been well-documented and there are 6 different
release managers: Jun Liu, Yong Zhu, Victory Cao, Huxing Zhang, Mercy
Ma, Ian Luo.


This is very positive.


### Community building:
- PPMC 19(+8 since incubation, excluding mentors)
- committers 35(+18 since incubation)
The committers varies from Alibaba, Weidian, Jingdong, Qunar, Youzan,
Netease, Meituan-Dianping, Rongguan, Handuyishe, Didi, NetsUnion,
Caocaokeji, Huawei, GomeFinance, Asiainfo-sec, iFlytek, Keep and etc.


Great increase in both numbers and diversity of committers.


- The number of contributors has grown from 70+ to 186


Another positive sign.


- Discussion are happening on the mailing list


This has really improved over the last 6 months.


Based on the data above, I think Dubbo is ready for graduation.
How do you folks think?


+1

One quick check. Dubbo has not been registered anywhere as a trademark 
by Alibaba has it?


Mark

Re: [VOTE]: Release Apache Dubbo (Incubating) 2.6.6 [RC2]

[Mark Thomas]

On 04/03/2019 11:34, Minxuan Zhuang wrote:
> Hello Incubator Community,
> 
> The Apache Dubbo community has voted on and approved a proposal to release
> Apache Dubbo (Incubating) version 2.6.6.
> 
> We now kindly request the Incubator PMC members review and vote on this
> incubator release.
> 
> Apache Dubbo™ (incubating) is a high-performance, java based, open source
> RPC framework. Dubbo offers three key functionalities, which include
> interface based remote call, fault tolerance & load balancing, and
> automatic service registration & discovery.
> 
> Dubbo community vote and result thread:
> https://lists.apache.org/thread.html/c1cff6eb1ec9ce2877a38a16145cf41a6ab3f2a6989a0f276da2226a@%3Cdev.dubbo.apache.org%3E
> 
> The release candidates (RC2):
> https://dist.apache.org/repos/dist/dev/incubator/dubbo/2.6.6
> 
> Git tag for the release (RC2):
> https://github.com/apache/incubator-dubbo/tree/dubbo-2.6.6
> 
> Hash for the release tag:
> ba7f6f38c36675268ba64f21e97d02bda7a731dc
> 
> Release Notes:
> https://github.com/apache/incubator-dubbo/blob/dubbo-2.6.6/CHANGES.md
> 
> The artifacts have been signed with Key : DA2108479B0C1E71, which can be
> found in the keys file:
> https://dist.apache.org/repos/dist/dev/incubator/dubbo/KEYS
> 
> The vote will be open for at least 72 hours or until necessary number of
> votes are reached.
> 
> Please vote accordingly:

Comments (no action required)
- The source archive does not contain the Maven wrapper.
- The source archive does not include the .gitignore file
- Hashes match
- Signatures are valid
- Build from source archive completes without error

Trivial (fix in next release if project thinks it is an issue)
- The source archive name has a suffix "-source-release". Generally
  projects just use "-src".
- The binary archive names has a suffix "-bin-release." Generally
  projects just use "-bin"
- The naming convention does not seem consistent. I'd expect bin/src or
  binary/source not bin/source.

Major (must fix before release)
- The KEYS files contains the short fingerprints. It is trivial to forge
  these. All keys must be listed with the full fingerprint (40 chars).



Provided that the major issue listed above is addressed:

> [X] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason

Mark

Re: [VOTE]: Release Apache Dubbo Spring Boot Project (Incubating) 2.7.0 [RC4]

[Mark Thomas]

On 01/02/2019 09:51, Mercy Ma wrote:



> [X] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason

Mark


Notes (no action required):
Signatures and hashes match
.gitignore file not included in source release
Maven wrapper not present in source release
mvn verify completed successfully

Minor issues (fix for next release):
There are a lot of .flattened-pom.xml files in the source release that
are not in the repo.

Re: Release Apache Dubbo OPS(Incubating) 0.1[RC3]

[Mark Thomas]

On 03/02/2019 03:52, Minxuan Zhuang wrote:



> Please vote accordingly:
> 
> [X] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason

Mark


Notes (no action required):
Signatures and hashes match.
The Maven wrapper is present in the repository but not the source release.
The .gitignore files have been excluded from the source release.
Various npm warnings during the build process
"mvn verify" completed successfully when run from the unpacked source
distribution

Minor issues (consider fixing for next release):
sha512 hashes are missing * that indicates that the hashed files are
binaries

There appear to be some unnecessary .gitkeep files in the repository

Re: Upcoming Event: Apache Dubbo(incubating) Guangzhou Meetup

[Mark Thomas]

On 12/01/2019 15:05, Huxing Zhang wrote:
> Hi Mark,
> 
> On Fri, Jan 11, 2019 at 8:48 PM Mark Thomas  wrote:
>>
>> On 10/01/2019 08:59, chenwei qi wrote:
>>> Hi Mark,
>>>
>>> Thanks for your kindly review. I will answer your questions orderly as
>>> following:
>>>
>>>> Who is the "we" that will be checking?
>>> The PPMC members will check the list and they will decide the checking
>>> date. As the meetup will be held on Jan.19, I suggest the check works from
>>> Jan.14 to Jan.16, last 3 days.
>>>
>>>> What will they be checking for?
>>> As it is the 1st time Apache Dubbo™ Meetup will be held in Guangzhou, face
>>> to face discussion among deep users there can be useful. But the meetup
>>> registration can be up to 300-400, too many for discussion. Check from the
>>> registration information is to select out the deep user.
>>>
>>>> Where is the on-list discussion that decided a) that checking was
>>> required and b) what to check for?
>>> The criteria of user selection is not suitable to be discussed publicly, I
>>> think it is better to discuss with Dubbo PPMC privately.
>>
>> You appear to have missed the key point.
>>
>> A whole bunch of decisions appear to have been made about a Dubbo event
>> with ZERO discussion of those decisions on any Dubbo mailing list.
>> Public or private.
> 
> The discussion happened on mailing list from initializing the
> event[1], calling for talks [2] to the schedule[3].
> The process for invite a small group of users was discussed there[3].

No, it wasn't. The decision to have an "End User Discussion" session was
made entirely off-list. There was no discussion of the criteria that
would be used to select invites either yet from somewhere (i.e. not on
list) a survey was developed that attendees had to fill in if they
wanted to be invited to this session.

Neither was there any discussion of which talks to select or any other
aspect of the schedule on-list before the final schedule was presented.

> [1] 
> https://lists.apache.org/thread.html/ff3a0797e15256738280647f6604e7f5f8eaf6299efe859ced85b5f0@%3Cdev.dubbo.apache.org%3E
> [2] 
> https://lists.apache.org/thread.html/45364fe72f1b2c7bfb1d01f736316775c9ca99a0d9964c68dfa043e3@%3Cdev.dubbo.apache.org%3E
> [3] 
> https://lists.apache.org/thread.html/ef1b4e039954554082a15faa78bc04b234d04348aaa46d816a690339@%3Cdev.dubbo.apache.org%3E
> 
>> That is simply not how podlings are expected to
>> operate. What is most worrying is that at no point did any PPMC member
>> say during these off-list discussions "Hang on. We should be doing this
>> on the mailing list."
> 
> I think there is some misunderstanding about who should be running the
> event. It is the PPMCs who should be running this event, but the fact
> is that most of the work are done by organizers, rather than PPMCs.

If an event is to presented as a podling meet-up then it needs to be
organised by the podling, on list.

If it is organised by a third-party then it should be presented as a
third-party event, not a podling event.

The original message claimed that the PPMC would be organising the
event. I can find every little evidence of that being the case in either
the public or private archives.

> I
> didn't pay too much attention on this, which is my fault

I don't view this as a failing of any one individual. Learning how this
stuff works is part of being a podling. I did think that the podling was
further along in this than appears to be the case.

> and I agree
> that the event organizers should work more closely with the PPMC. The
> organizers are fresh to Apache way, which is quite different from
> their day-to-day work, so I think it may take some time for them to
> get used to it. I will keep an eye on this, and trying my best to
> encourage them to be on the list.
> 
> 
>>
>> I also disagree that the criteria need to be discussed in private but
>> that point is debatable.
> 
> I am not sure it should go public or not until I see the criteria,  so
> I think we should discuss it privately first, if the PPMC decides that
> it can go publicly, then we can announce it later.

Fair enough.

Mark

Re: Upcoming Event: Apache Dubbo(incubating) Guangzhou Meetup

[Mark Thomas]

On 10/01/2019 08:59, chenwei qi wrote:
> Hi Mark,
> 
> Thanks for your kindly review. I will answer your questions orderly as
> following:
> 
>> Who is the "we" that will be checking?
> The PPMC members will check the list and they will decide the checking
> date. As the meetup will be held on Jan.19, I suggest the check works from
> Jan.14 to Jan.16, last 3 days.
> 
>> What will they be checking for?
> As it is the 1st time Apache Dubbo™ Meetup will be held in Guangzhou, face
> to face discussion among deep users there can be useful. But the meetup
> registration can be up to 300-400, too many for discussion. Check from the
> registration information is to select out the deep user.
> 
>> Where is the on-list discussion that decided a) that checking was
> required and b) what to check for?
> The criteria of user selection is not suitable to be discussed publicly, I
> think it is better to discuss with Dubbo PPMC privately.

You appear to have missed the key point.

A whole bunch of decisions appear to have been made about a Dubbo event
with ZERO discussion of those decisions on any Dubbo mailing list.
Public or private. That is simply not how podlings are expected to
operate. What is most worrying is that at no point did any PPMC member
say during these off-list discussions "Hang on. We should be doing this
on the mailing list."

I also disagree that the criteria need to be discussed in private but
that point is debatable.

Mark

Re: Upcoming Event: Apache Dubbo(incubating) Guangzhou Meetup

[Mark Thomas]

On 09/01/2019 12:45, chenwei qi wrote:
> Hi all,
> 
> The upcoming Apache Dubbo meetup will be held on Jan.19, 2019 in
> Guangzhou, China. The meetup will be held into 2 parts: 
> 
>   * 9:30-11:30   End User Discussion
>   * 13:30-18:00 Seven Talks
> 
> The morning discussion is invitation only, if you are interested in it,
> please click: http://hdxu.cn/MF9ud, fill the registration form and
> survey seriously. An invitation will be sent to you in advance after we
> check.

Who is the "we" that will be checking?

What will they be checking for?

Where is the on-list discussion that decided a) that checking was
required and b) what to check for?

Mark


> 
> We warmly welcome your attending to the meetup and here is the details:
> 
>   * *Date:* Jan.19, 2019  9:30-18:00
>   * *Location: * A320, A321 in Yinbao Building, No.289 of Guangzhou
> Avenue, Yuexiu District, Guangzhou
> 
> * Register the meetup *
> 
> If you cannot attend the meetup offline, we recommend you attend the
> meetup in following ways: 
> * online
>  *
> * Participate the survey *
> *
> *
> EDM邮件设计-广州---12.25英文.png
> 
> Yours,
> Baike

Re: [Notification of V2.7.0] Status, TODOs, Possible Release Schedules.

[Mark Thomas]

On 07/01/2019 05:14, Ian Luo wrote:
> Imteyaz,
> 
> Fastjson is simply another third-party dependency for this project.
> Besides, it's licensed under Apache Software License v2, so it is perfectly
> fine to use it without any document work as long as we don't include its
> source code.

You may need to update the NOTICE file.

Mark


> 
> Thanks,
> -Ian.
> 
> 
> On Fri, Jan 4, 2019 at 5:38 PM Imteyaz Khan  wrote:
> 
>> Not saying wrong or unallowed. What I mean to say as part of release
>> process, do we need to provide any document if we are using
>> com.alibaba.fastjson package in our code or we have to replace it. This a
>> question from me not an any conclusion :) .
>>
>>
>> On Fri, Jan 4, 2019 at 1:54 PM LiZhenNet  wrote:
>>
>>> What's wrong about it ?  Is fastjson unallowed used in Dubbo？
>>>
>>> Imteyaz Khan  于2019年1月4日周五 下午2:04写道：
>>>
 Yes. import statement refer to package com.alibaba.fastjson, below are
>>> the
 search result

 The Search "com.alibaba.fastjson" (14 hits in 11 files)


>>>
>> dubbo\dubbo-cluster\src\test\java\org\apache\dubbo\rpc\cluster\loadbalance\LoadBalanceBaseTest.java
 (1 hit)
 Line 32: import com.alibaba.fastjson.JSON;


>>>
>> dubbo\dubbo-common\src\main\java\org\apache\dubbo\common\utils\StringUtils.java
 (1 hit)
 Line 24: import com.alibaba.fastjson.JSON;


>>>
>> dubbo\dubbo-compatible\src\test\java\org\apache\dubbo\generic\GenericServiceTest.java
 (1 hit)
 Line 36: import com.alibaba.fastjson.JSON;


>>>
>> dubbo\dubbo-metadata-report\dubbo-metadata-report-api\src\test\java\org\apache\dubbo\metadata\support\AbstractMetadataReportFactoryTest.java
 (1 hit)
 Line 25: import com.alibaba.fastjson.JSON;


>>>
>> dubbo\dubbo-rpc\dubbo-rpc-api\src\main\java\org\apache\dubbo\rpc\filter\AccessLogFilter.java
 (1 hit)
 Line 33: import com.alibaba.fastjson.JSON;


>>>
>> dubbo\dubbo-rpc\dubbo-rpc-api\src\main\java\org\apache\dubbo\rpc\support\MockInvoker.java
 (1 hit)
 Line 34: import com.alibaba.fastjson.JSON;


>>>
>> dubbo\dubbo-rpc\dubbo-rpc-dubbo\src\main\java\org\apache\dubbo\rpc\protocol\dubbo\filter\TraceFilter.java
 (1 hit)
 Line 32: import com.alibaba.fastjson.JSON;


>>>
>> dubbo\dubbo-rpc\dubbo-rpc-dubbo\src\main\java\org\apache\dubbo\rpc\protocol\dubbo\telnet\InvokeTelnetHandler.java
 (2 hits)
 Line 30: import com.alibaba.fastjson.JSON;
 Line 31: import com.alibaba.fastjson.JSONObject;


>>>
>> dubbo\dubbo-serialization\dubbo-serialization-fastjson\src\main\java\org\apache\dubbo\common\serialize\fastjson\FastJsonObjectInput.java
 (1 hit)
 Line 22: import com.alibaba.fastjson.JSON;


>>>
>> dubbo\dubbo-serialization\dubbo-serialization-fastjson\src\main\java\org\apache\dubbo\common\serialize\fastjson\FastJsonObjectOutput.java
 (3 hits)
 Line 21: import com.alibaba.fastjson.serializer.JSONSerializer;
 Line 22: import com.alibaba.fastjson.serializer.SerializeWriter;
 Line 23: import com.alibaba.fastjson.serializer.SerializerFeature;


 On Fri, Jan 4, 2019 at 8:29 AM jun liu  wrote:

> Hi,
>
> Are there any IP Clearance work that need to be done but we have
>>> missed?
>
> Jun
>
>> On Jan 4, 2019, at 10:56 AM, jun liu  wrote:
>>
>> Hi,
>>
>> I have created a new branch ‘2.7.0-release’, this branch will work
>> as
> the codebase of v2.7.0, for stability purpose, I think we should code
> freeze the codebase, so please only submit necessary bugfix or
 enhancement
> patches to this branch.
>>
>> Activity can go as normal on master branch.
>>
>> For detailed release candidates of v2.7.0 I will search the commit
> history and sort them out, will send to this thread once it’s done.
>>
>> Jun
>>
>>> On Dec 27, 2018, at 11:53 PM, jun liu >  ken.lj...@gmail.com>> wrote:
>>>
>>> Hi, All
>>>
>>> I am writing this mail to
>>>
>>> * Keep you refreshed of the latest status about v2.7.0.
>>> * Call for efforts on code review and tests
>>> * Discuss possible release schedules of v2.7.0.
>>>
>>> About v2.7, it’s going to be a milestone version, in which will
>> make
> some significant changes. Most importantly, we will complete all IP
> Clearance related works. Technically speaking, it’s from this version
>>> on
> that a Dubbo release starts fully follows the Apache rules
>> (lawfully),
> totally independent from any other third-party organizations or
 companies.
> Secondly, this version will include many new features that have
>>> received
> wide attention from the community, by supporting these features, we
>> can
> better resolve the community’s long accumulated demands. Last but not
> least, we have made some architectural changes in this version, made
 Dubbo
> closer to the micro-service architecture, 

Re: The issues of [Enhance the test coverage] project are here waiting for you

[Mark Thomas]

On 19/12/2018 12:23, Xin Wang wrote:

Hi all
 It's been a long time since I started this project. I am very
pleased to announce that the test coverage of Dubbo is now 64%.
We have achieved the goal of stage 1: unit test coverage > 60%.


Congratulations to all involved. Great work.

Mark




A lot of people submitted prs, the contributors and the number of their prs
are as follows:

YunKun Huang (@htynkn) 5
Ian Luo (@beiwei30) 3
Kimm King (@kimming)   2
Xin Wang (@lovepoem) 1
Zonghai Shang (@zonghaishang) 1
Song Kun   (@satansk)1
xialongfei (@stoneapple) 1
钟剑 (@DeadLion)1
Yang Tao(@whanice)   1
Qin Yulin (@qinnnyul)  1
Yong Zhu (diecui1202) 1

Thank you very much for your contribution.
Now there are two issues( issues 1690 [1] and  issue 1692 [2] )  left , and
then the project will be completed. If anybody want to take part in, please
leave a message on these issues?
Thank you !

[1] https://github.com/apache/incubator-dubbo/issues/1690
[2] https://github.com/apache/incubator-dubbo/issues/1692

Xin Wang  于2018年4月27日周五 上午10:24写道：


Hi,all
   In order to enhance the test coverage, now the project is started:
https://github.com/apache/incubator-dubbo/projects/1,
you can also see the related issues in the other entrance page:
https://github.com/apache/incubator-dubbo/issues/1702
   The test coverage guide is here:
https://github.com/apache/incubator-dubbo/wiki/Test-coverage-guide

   Welcome everyone to join in，you can comment on the issue that you're
interest with.

Xin Wang
lovep...@hotmail.com

Re: Dubbo Registry Nacos 0.0.2 available now

[Mark Thomas]

It would be better to announce a non-ASF release using a non-ASF e-mail
address. It would also be good to make it clear that this is a non-ASF
release.

On a related topic, if this component is remaining outside the ASF it
will need to change its name.

Mark


On 14/12/2018 02:09, Mercy wrote:
> Hi, community,
> 
> I'm glad to announce that dubbo-registry-nacos 0.0.2
>  has been released and is
> now available from Maven Central
> .
> 
> This release integrates Nacos as a Dubbo registry, If you are not
> familiar with Nacos, please refer to Nacos Quick Start
>  for instructions on how
> to start a Nacos server.
> 
> You could get the source code, samples, and document from
> https://github.com/dubbo/dubbo-registry-nacos.
> 
> Kind Regards,
> Mercy Ma

Duplicate notifications

[Mark Thomas]

FYI:

https://issues.apache.org/jira/browse/INFRA-17412

Mark

Re: [Help Wanted] The sha512 hash is missing the '*' marker

[Mark Thomas]

On 19/10/18 09:14, jun liu wrote:
> Hi, Mark
> 
>> On Oct 4, 2018, at 7:16 PM, Mark Thomas  wrote:
>>
>> +1 binding
>>
>> The sha512 hash is missing the '*' marker to indicate that this is a
>> binary file. Minor issue but one that was present on the previous
>> release and should have been fixed by now.
> 
> Can you provide more information about what to do to meet this requirements? 
> Maybe a guide link will be enough, I can further check for what to do.

https://linux.die.net/man/1/sha512sum

You want '-b'

Mark


> 
> Does someone else know about this issue? It’s now being tracked with this 
> ticket: https://github.com/apache/incubator-dubbo/issues/2459
> 
> Best regards,
> Jun
> 
> 

Community growth

[Mark Thomas]

Hi,

I don't recall if I sent this before but I was discussing community 
growth with some of the Dubbo committers and the other mentors today and 
I wanted to highlight this post:


https://lists.apache.org/thread.html/33a6c3aa0fffa6e961aa2b861ebde333d898a5e1062d0d71d0e13d46@%3Cdev.community.apache.org%3E

Even if you have seen it before,m it is worth reading again.

Mark

GitHub notifications

[Mark Thomas]

All,

You may have noticed that the GitHub notifications are now threaded. 
This should make it a lot simpler to follow activity.


Many thanks to the ASF infra team for implementing this feature request.

Mark

Re: dubbo.io is not available now

[Mark Thomas]

On 21/09/18 03:32, Jerrick Zhu wrote:
> hi, community
> 
> Now dubbo.io is not available, any changes no that?
> 
> Anyone can help to check it now?

No directly related, but what are the plans - if any - to transfer that
domain to the ASF?

Mark

Re: [DISCUSS] A metric to measure the response time to issues/prs

[Mark Thomas]

On 12/09/18 05:53, Huxing Zhang wrote:
> Hi,
> 
> I just find an article [1] complaining about the response time to pull
> request and issues.
> 
> I think we can use a metric to measure the response time, and I found this 
> [2].
> 
> It looks like we are not doing very well.
> 
> Does the community think it is useful to have such an metric?
> 
> Is there anything we can do to improve it?

I'd suggest not worrying about the metric and concentrating on growing
the community. Look for people who contribute and keep the bar low for
committership.

Mark

Re: The chats must be public

[Mark Thomas]

Repeating (with minor edits for this context) what I have said on a
similar topic on another thread:

The criteria that the ASF looks for in communication
channels used by projects are (in no particular order):

- open to all
- asynchronous
- available off-line
- full history
- searchable
- archived on ASF controlled systems
- low bandwidth / minimal system requirements

E-mail may seem a little 'old school' at times but it is one of the few
technologies that meets all of the above. Which is why most of our
systems are configured to echo stuff back to the relevant mailing list.

These days I'm used to an always on internet connections with speeds in
the 10s of megabits where I don't need to worry about the cost (even
when I am out and about) but it is worth remembering that not everyone
is in that position. It wasn't really that long ago that I could
sometimes be found working on Apache projects via a 9600 bits per second
dial-up connection that I paid for by the second. It was perfectly
possible for me to follow what was going on by connecting for a few
minutes every couple of hours, syncing my email, making a few commits if
I had anything to commit and then disconnecting and continuing to work
off-line. If a large proportion of communication had happened via a
Gitter like interface there is no way I would have been able to follow
the project.

I'll also note that I am deliberately ignoring Gitter. It isn't an
'official' communication channel for the project so I should not need to
follow it to keep track of what is going on and any decisions that are
being made.

I accept that there are times were using a 'real-time' communication
channel is more efficient. However, it excludes every member of the
community that isn't participating in that channel at that point in
time. The default position at the ASF is that it is better for
communication to be a little less efficient for a few in order for the
entire community to participate.

Cheers,

Mark



On 08/09/18 13:58, Kun Song wrote:
> Gitter is very popular among open source projects. The famous projects on 
> github often have a Gitter channel for users as well as a channel for 
> developers. Email list is good for some serious discussions, and Gitter is 
> good for real time discussions.
> 
> Gitter is born for github projects, from it, you can send a message with well 
> formatted code, and it will show you every activity about this projects.
> 
> So I think we can have both email list and Gitter, they will complement one 
> another perfectly.
> 
> 
>> 在 2018年9月7日，上午11:32，Jerrick Zhu  写道：
>>
>> hi, community
>>
>> Now, we have some chat groups, which are used to discuss about dubbo, such
>> as:
>>
>> * Dingtalk group, nearly 30 people, committers and contributors
>> * WeChat group, contains committers, contributors, and many users
>>
>> I think we need to public these chat groups, so that all people can join
>> us.
>>
>> Maybe Gitter? or Slack ?
>>
>> Or maybe we can drop the chat, just use the mailing list and github issue
>> for discuss.
>>
>> Any other suggestions?
>>
>> Sincerely.
>>
>> jerrick
> 

Re: [VOTE] Release Apache Dubbo (Incubating) 2.6.3 [RC5]

[Mark Thomas]

On 05/09/18 11:39, Jerrick Zhu wrote:
> On Wed, Sep 5, 2018 at 6:10 PM Mark Thomas  wrote:



>> This fails consistently for me:
>>
>> ---
>> Test set: com.alibaba.dubbo.config.AbstractInterfaceConfigTest



>> Whether this failure is significant enough to halt the release is
>> something for those more knowledgeable about Dubbo than I to decide.
>>
> 
> This is the result of mutual influence of unit test cases, not the
> functional problem. So IMO, this release could be go ahead. What do other
> people think?

Generally, if the reason for a unit test failure is well understood and
the root cause is a bug in the unit test then I would lean towards
continuing the release.

Mark

Re: [VOTE] Release Apache Dubbo (Incubating) 2.6.3 [RC5]

[Mark Thomas]

On 03/09/18 03:32, Jun Liu wrote:



> Please vote accordingly:
> [X] +1 approve 
> [ ] +0 no opinion 
> [ ] -1 disapprove with the reason

Notes:
==

Hash and signature match.

Source zip matches Git tag (apart from expected differences of
.gitignore and Maven wrapper)

Builds and all tests except one pass.


Issues from previous RC still present in this RC:
=

The sha512 hashes are missing the '*' marker that indicates they are
hashes for binary files rather than text files. Trivial issue. New RC
not required.


New issues
==

Tests seem to expect 127.0.0.2 to be a valid IP. If this is the case,
consider documenting the requirements to run the tests somewhere obvious
in the source tree. Trivial issue. New RC not required.

I see the following test failures:
  Oracle Java 8 update 181
  Ubuntu 18.04.1 LTS (fully patched)
  Maven 3.5.4

This fails consistently for me:
---
Test set: com.alibaba.dubbo.config.AbstractInterfaceConfigTest
---
Tests run: 38, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.119
sec <<< FAILURE! - in com.alibaba.dubbo.config.AbstractInterfaceConfigTest
checkApplication1(com.alibaba.dubbo.config.AbstractInterfaceConfigTest)
Time elapsed: 0.006 sec  <<< FAILURE!
junit.framework.ComparisonFailure: expected:<10[0]> but was:<10[]>
at
com.alibaba.dubbo.config.AbstractInterfaceConfigTest.checkApplication1(AbstractInterfaceConfigTest.java:90)

I note that this test has been observed to fail for other community
members in earlier RCs.

I can recreate this failure on the command line but not in an IDE.

Whether this failure is significant enough to halt the release is
something for those more knowledgeable about Dubbo than I to decide.


Mark

Re: [DRAFT] Dubbo incubator Report - September 2018

[Mark Thomas]

On 29/08/18 09:55, Justin Mclean wrote:
> HI,
> 
> Just a couple of questions below for people to ponder and I think it worth 
> having a discussion on list about this. I don’t think having this external 
> repo is a bad idea or against ASF policy but long term it could harm the 
> project. For instance only contributions to the Apache project can be 
> considered when voting committers or PMC members in. So contribution to the 
> eco system doesn't accrue merit in the project eyes. You may run into 
> licensing and other IP issues without ICLA to cover all contributions. 
> Projects in the eco system may not follow the release or other ASF policies. 
> I can see that several already don’t follow the ASF licensing policy, which 
> is OK as they are not ASF projects, but if you want to use them with Dubbo 
> that could cause issues. You see the sort of issues that could occur here?
> 
> What do other mentors think about this?

I think it is something to keep an eye on. I'm simply not familiar
enough with the contents of the external repo to feel comfortable saying
whether I think the current split is correct or not.

Generally, I would expect it to be in the best interests of the Dubbo
community to have as much as possible in a single place (here at the
ASF) but where there are good reasons that can't happen (licensing, too
niche) then an external repo managed by this community is a model that
has been used by other projects.

However, maintaining an external repo is a risk. The Dubbo community
needs to keep a close eye on it and ensure that anything there is there
for a good reason and that the repo is not abused as a way to bypass the
ASF community.

Mark

Re: [Help Wanted] A tricky issue when preparing for 2.6.3 Apache release vote.

[Mark Thomas]

On 28/08/18 05:56, Huxing Zhang wrote:
> On Mon, Aug 27, 2018 at 10:44 AM jun liu  wrote:
>>
>> The sonatype team have deleted all artifacts of 2.6.3 from central 
>> repository. I will start 2.6.3 RC4 vote now.

Just a thought.

Some users may have downloaded 2.6.3 while it was on Maven central. If
you now release 2.6.3 you could end up in the position where if a user
reports they are using 2.6.3 you don't know which of the two 2.6.3
versions they are using.

If the diff between the accidentally released RC and what ends up being
formally released as 2.6.3 has zero functional impact then you are
probably OK but there always the risk that there will be something.

It is worth considering throwing away that version number and moving to
2.6.4 for the next release.

More generally, version numbers are viewed as 'cheap' at the ASF. It
isn't a big deal to decide not to use one for some reason. Tomcat, for
example, doesn't use RCs. Most of our release votes pass first time but
if they don't we fix the issue, increment the version number and try again.

I have seen other projects decide not to use a version number of various
reasons that all, generally, boil down to confusion over exactly what
that version number represents. Moving to a new version number is often
the simplest way to avoid potential confusion.

Mark

Re: Suggest to publish artifacts to snapshot repository when CI passes

[Mark Thomas]

On 23/08/18 11:26, Huxing Zhang wrote:
> Hi,
> 
> On Thu, Aug 23, 2018 at 12:54 PM Ian Luo  wrote:
>>
>> I'm not quite sure if it's done, but what I suggest is, if it's not done
>> yet, we should consider to add instruction in .travis.yaml to publish all
>> artifacts to snapshot repository every time when CI passes, to make
>> everyone's life easier.
> 
> I think we should publish the snapshot to Apache repository[1] for 2.7.x.
> I am afraid that it could not be done automatically if we are using
> third party CI system like travis.
> Maybe we can use any of the Apache CI system[3] in order to publish
> the snapshot.

I'm sure you can. Tomcat does this from buildbot but I'd be surprised if
you couldn't do it from any of the CI systems.

As an aside, Tomcat has seen the benefit of using multiple CI systems as
a failing test found by one CI system often passes on another. It might
be viewed as 'old school' by Apache Gump has been particularly good at
finding issues.

Mark

Re: Which version to move dubbo-rpc-xxx dubbo-serialization-xxx dubbo-remoting-xxx and dubbo-registry-xxx to dubbo ecosystem

[Mark Thomas]

On 23/08/18 02:47, Jerrick Zhu wrote:



> The question is whether we need to deploy 2.7.0-SNAPSHOT to central
> repository so that these moving modules can build successfully.

The short answer is you can't do that. Anything on Maven Central has to
be an official release and the -SNAPSHOT marker doesn't really fit with
that.

There are several options:
- formally release a milestone
- use the ASF's snapshot repo

>From later discussion it looks like the snapshot repo is being explored.

Mark

Re: Use of "Team N" in issues and PRs

[Mark Thomas]

On 18/08/18 10:24, Ian Luo wrote:
> Mark,
> 
> Here's one relevant topic I would like to discuss with you. I understand
> the Apache way encourages *open* discussion. In my opinion, the interaction
> on GitHub issue is one kind of the open discussion, and many modern open
> source projects leverages this as the major channel. What's your opinion on
> this?

>From an ASF perspective there are no concerns if that is how a project
prefers to communicate (primarily because all the discussion is echoed
back to an ASF mailing list).

Personally, it isn't my favourite but I think that is more to do with
how it is integrated into ASF mailing lists than anything else (ASF
mailing lists are the primary way I follow what is going on across
multiple areas of the ASF). I don't like the way questions, bugs and PRs
all end up in the same place and the lack of threading makes it hard to
follow - especially with a high activity project like Dubbo.

One of the things on my TODO list for ApacheCon NA is to sit down with
the infra folks and figure out if we can improve the integration -
particularly the threading.

More generally, the criteria that the ASF looks for in communication
channels used by projects are (in no particular order):

- open to all
- asynchronous
- available off-line
- full history
- searchable
- archived on ASF controlled systems
- low bandwidth / minimal system requirements

E-mail may seem a little 'old school' at times but it is one of the few
technologies that meets all of the above. Which is why most of our
systems are configured to echo stuff back to the relevant mailing list.

These days I'm used to an always on internet connections with speeds in
the 10s of megabits where I don't need to worry about the cost (even
when I am out and about) but it is worth remembering that not everyone
is in that position. It wasn't really that long ago that I could
sometimes be found working on Apache projects via a 9600 bits per second
dial-up connection that I paid for by the second. It was perfectly
possible for me to follow what was going on by connecting for a few
minutes every couple of hours, syncing my email, making a few commits if
I had anything to commit and then disconnecting and continuing to work
off-line. If all communication had happened via a GitHub like interface
there is no way I would have been able to follow the project.

Cheers,

Mark

PS I see there is a Dubbo session at ApacheCon NA. I'd be more than
happy to sit down with anyone that is interested and chat about any
questions, concerns, etc. they may have about how the ASF works, why
things are the way the are and any other ASF related questions.


> 
> Thanks,
> -Ian.
> 
> On Sat, Aug 18, 2018 at 10:31 AM jun liu  wrote:
> 
>>>
>>> To provide some examples:
>>>
>>> I am employed by Pivotal and Pivotal employs the committers on the
>>> Spring Boot project which embeds Apache Tomcat. From time to time I
>>> receive a work e-mail, slack message or similar along the lines of "We
>>> think we have found a bug in Tomcat. Can you look at it?". My response
>>> is invariably "Sure. Please create an issue in the Tomcat issue tracker
>>> and I'll take a look."
>>>
>>> I also receive direct email from Tomcat users asking for help with an
>>> issue they are having. This happens often enough that I have a e-mail
>>> template for the reply that directs them to ask their question on the
>>> users@ mailing list.
>>
>> These examples impressed me a lot, actually, I am experiencing this now.
>> People from work sometimes report issues about Dubbo through internal
>> communication channels (IM or work email). And I have to admit that in some
>> cases, I have chosen to directly discuss problems with them but forgot to
>> bring them to the community, which means I misused the two roles of work
>> and open source.
>>
>> Most of the times, language becomes the excuse for making the wrong
>> decisions, because some colleagues and users of Dubbo in china are not good
>> enough in English. For those users, maybe we can encourage them to provide
>> both the Chinese and English descriptions when reporting issues, for
>> example, write the Chinese version first and then directly translate to
>> English using Google.
>>
>> I think that the way Mark's been doing is right for running an open source
>> project, I will also try to “Redirect everyone reporting issues to the
>> mailing list or Github issue tracker".
>>
>> Best regards,
>> Jun
>>
>>> On 16 Aug 2018, at 19:17, Mark Thomas  wrote:
>>>
>>> On 15/08/18 14:09, Jerrick Zhu wrote:
>>>> Hi, mark
>>>>
>>>> Sorry for disturbing all

Re: [VOTE]: Release Apache Dubbo (Incubating) 2.6.3 [RC3]

[Mark Thomas]

On 12/08/18 08:12, Jun Liu wrote:



> Please vote accordingly:
> [ ] +1 approve 
> [ ] +0 no opinion 
> [X] -1 disapprove with the reason (binding)

The sha512 hashes are missing the '*' marker that indicates they are
hashes for binary files rather than text files. Trivial issue. Can be
addressed in the next release.

I'd expect the files to be named "apache-dubbo..." not "dubbo...". Nice
to have (not all Apache projects use this naming convention). Something
to consider for the next release.

Consider including mvnw and mvnw.cmd in the source release so it is
simpler to get started with the build from a source release.

The 2.6.3 tag does not agree with the source release. This is a
significant issue and enough for me to vote against the release. A diff
shows most (all?) of the pom.xml have a version of "2.6.4-SNAPSHOT" in
the tag but "2.6.3" in the source release.

I dug into this a little. At first I thought the tag / commit in the
vote was wrong. It is. But is isn't just that. If I go back to

a8be0eaaddab198ed03b0150d4db03e2b22f023f

things are better but:
a) there are still differences
b) the tag includes multiple commits after this point


Mark

Re: Use of "Team N" in issues and PRs

[Mark Thomas]

On 15/08/18 14:09, Jerrick Zhu wrote:
> Hi, mark
> 
> Sorry for disturbing all of you.

No need to apologise. The additional traffic wasn't, and isn't, a concern.

My concern was that it appeared that there was some sort of organisation
going on that the project wasn't aware of.

A secondary concern was that multiple teams seemed to be writing PRs for
the same issue.

> This is an activity for students to participate in open source project,
> it's held by department named BaiJi, Alibaba. They came us and asked us

If by us, you mean "the Alibaba employees who work on Dubbo" then that
request should have been redirected to the Dubbo community - which means
the dev@ mailing list.

If by us, you mean "the Dubbo community" then I don't recall seeing that
request on this list.

My concern here is that folks appear to have mixed up their "employee"
hat and their "Apache committer" hat. It is easy to do and so is
something to keep in mind. A good general rule is that whenever you find
yourself discussing anything related to the project at work (or anywhere
that isn't the project mailing lists), ask yourself "Why isn't this on
the dev@ list?". In my experience it is nearly always the case that the
conversation needs to move to the mailing list.

To provide some examples:

I am employed by Pivotal and Pivotal employs the committers on the
Spring Boot project which embeds Apache Tomcat. From time to time I
receive a work e-mail, slack message or similar along the lines of "We
think we have found a bug in Tomcat. Can you look at it?". My response
is invariably "Sure. Please create an issue in the Tomcat issue tracker
and I'll take a look."

I also receive direct email from Tomcat users asking for help with an
issue they are having. This happens often enough that I have a e-mail
template for the reply that directs them to ask their question on the
users@ mailing list.

> to
> provide some simple issues that students can fully engage OS project, and
> we agreed. We also wants more guys to join Dubbo, to contribute.

Please be aware that some people read "guys" as referring exclusively to
men. I recommend that you try to use a more inclusive term. I tend to
use "folks". "people" usually works as an alternative as well.

I do think this is an excellent way to increase interest in Dubbo and
expand the community. Please don't take anything I am saying as
discouragement of this effort. I am fully supportive of it.

> Now we have noticed that the PRs came together and generate so many emails,
> which had disturbed you. We will consider other more effective ways, such
> as one team fix issues separated from each other.

It bears repeating. The volume of email was not a concern. It was the
appearance of some sort of organisation of project effort going on that
the project community was not aware of. That rings alarms bells for me
in my role as a mentor.

Regarding separating issues between teams, there are pros and cons of
multiple teams trying to fix the same issue. The work might be
duplicated but, equally, they might learn from the different approaches
that the other teams took. I don't have a view one way or the other. All
I suggest (and this is more for the people managing the students) is
that the issue is thought about to ensure that the students get the best
possible experience.

> Do you guys have any other suggestions?

More of a comment than a suggestion. Given the volume of activity on the
notifications@ list, the activity on dev@ seems rather low. I'd expect
to see more discussion, more commentary, more planning given the
activity levels. It is possible that this discussion, commentary and
planning just isn't happening but I do find myself wondering if it is
happening off-list. If that is the case, it *really* needs to start
moving on to dev@ list.

Cheers,

Mark

Use of "Team N" in issues and PRs

[Mark Thomas]

Why have we started to see around 50% of issues and PRs marked with a
Team number?

Mark

Re: [VOTE]: Release Apache Dubbo (Incubating) 2.6.3 [RC2]

[Mark Thomas]

On 02/08/18 09:59, YunKun Huang wrote:
> +1 to release
> 
> I have check unit test with Mac & java 8
> 
> One mirror issue: 
>   ChangeLogs in source zip file has some spell issue, somehow it fixed in 
> Github but not include in zip file.

This needs tracking down.

The source zip should be an exact match for the Git tag. If it isn't
then the RC is invalid.

Mark


> 
> On 2018/08/02 05:47:03, Yong Zhu  wrote: 
>> +1
>>
>> All test cases pass, my environment:
>> * JDK: 1.8
>> * OS: Mac OSX
>>
>> On Thu, Aug 2, 2018 at 1:11 PM YunKun Huang  wrote:
>>
>>> I run `mvn clean pakcage` in Mac with java 8. All pass
>>>
>>> On 2018/08/02 01:39:03, Huxing Zhang  wrote:
 Hi,

 On Wed, Aug 1, 2018 at 5:44 PM, Andrea Del Bene 
>>> wrote:
> Hi,
>
> running 'mvn clean test' on 2.6.3 release branch and on 2.6.x tag I
>>> get a
> failure with the following unit test:
>
>
>>> ---
> Test set: com.alibaba.dubbo.config.AbstractInterfaceConfigTest
>
>>> ---
> Tests run: 38, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.127
>>> sec
> <<< FAILURE! - in com.alibaba.dubbo.config.AbstractInterfaceConfigTest
> checkApplication1(com.alibaba.dubbo.config.AbstractInterfaceConfigTest)
> Time elapsed: 0.006 sec  <<< FAILURE!
> junit.framework.ComparisonFailure: expected:<10[0]> but was:<10[]>
> at
>
>>> com.alibaba.dubbo.config.AbstractInterfaceConfigTest.checkApplication1(AbstractInterfaceConfigTest.java:90)
>
> I'm working on Ubuntu 16.04 64 bit, Maven 3.5.3 and Java 1.8.0_181. At
>>> the
> moment I have no clue about what might be wrong. On branch master
> (2.7.0-SNAPSHOT) everything is ok, every test passes.

 This is weird, the test passed without any error on my MACOS laptop.
 Are you constantly getting this error? If so I guess the best way is
>>> debugging.
 This test basically writes the property to a file, and then read it
 back in
>>> com.alibaba.dubbo.config.AbstractInterfaceConfig#checkApplication.

 If it occurs occasionally, I would suggest to add some logs in
 com.alibaba.dubbo.config.AbstractInterfaceConfig#checkApplication to
 see what happened to
 ConfigUtils.getProperty(Constants.SHUTDOWN_WAIT_KEY);

>
>
> On Wed, Aug 1, 2018 at 10:06 AM, Huxing Zhang 
>>> wrote:
>
>> +1 (binding) to release.
>>
>> I've checked:
>>
>> * incubator in name
>> * Disclaimer exists
>> * sha512 chesum ok
>> * signature ok
>> * git tag matches
>> * NOTICE and LICENSE exist in META-INF of jar files of binary release.
>> * Unit test passed on Java 8 + OSX
>> * Tested elegant shutdown with Tomcat 8.5.30
>>
>> Minor issues:
>> * There are some typo in CHANGES.md, I saw it fixed in 2.6.3 release
>> branch, but not included in the release candidate.
>> * I think we need to add more examples to the convenient binary
>> release, so that users can quickly try Dubbo out, currently there is
>> only packaged jars.
>>
>> On Tue, Jul 31, 2018 at 11:51 AM, Jun Liu  wrote:
>>> Hello Dubbo Community,
>>>
>>> This is a call for vote to release Apache Dubbo (Incubating) version
>> 2.6.3.
>>>
>>> The release candidates (RC2):
>>> https://dist.apache.org/repos/dist/dev/incubator/dubbo/2.6.3
>>>
>>> Git tag for the release (RC2):
>>> https://github.com/apache/incubator-dubbo/tree/dubbo-2.6.3
>>>
>>> Hash for the release tag:
>>> a8be0eaaddab198ed03b0150d4db03e2b22f023f
>>>
>>> Release Notes:
>>>
>>> https://github.com/apache/incubator-dubbo/blob/2.6.3-release/CHANGES.md
>>>
>>> The artifacts have been signed with Key : 28681CB1, which can be
>>> found
>> in the keys file:
>>> https://dist.apache.org/repos/dist/dev/incubator/dubbo/KEYS
>>>
>>> The vote will be open for at least 72 hours or until necessary
>>> number of
>> votes are reached.
>>>
>>> Please vote accordingly:
>>>
>>> [ ] +1 approve
>>> [ ] +0 no opinion
>>> [ ] -1 disapprove with the reason
>>>
>>> The previously RC1 vote thread:
>>> https://lists.apache.org/thread.html/6371153d4fd5645615c14518f70f42
>> 3134b08148c2fba72e5bb63a55@%3Cdev.dubbo.apache.org%3E
>>>
>>> Thanks,
>>> The Apache Dubbo (Incubating) Team
>>>
>>> Best regards,
>>> Jun
>>>
>>
>>
>>
>> --
>> Best Regards！
>> Huxing
>>
>
>
>
> --
> Andrea Del Bene.
> Apache Wicket committer.



 --
 Best Regards！
 Huxing

>>>
>>

Re: [Discuss]Suggestion for solve issues more quickly and effectively

[Mark Thomas]

On 10/07/18 07:04, jun liu wrote:
> Hi All, 
> 
> Now the community has become very active, pull requests and issues are being 
> reported in a certain amount every day, in contrast, our response seems not 
> fast enough and issues bumped up. 
> 
> I've thought of a duty table for temporarily solving this problem, committers 
> on duty are responsible for responding to community activities, classify 
> issues and resolve/assign issues, by doing that, we can guarantee at least 
> some of the committers devote enough time to the community every day. 
> 
> Remember that we still need to encourage users to participate in any kind of 
> contribution, and anyone can still participate in the community at any time.
> 
> Here’s an example duty form: 
> https://github.com/apache/incubator-dubbo/wiki/Duty-Form
> Remember label issues: 
> https://github.com/apache/incubator-dubbo/wiki/Label-an-Issue
> 
> Do you guys have any ideas of how to achieve this goal?

Just remember that every committer is a volunteer and that they get to
choose what they work on. Allocating committers to tasks isn't something
that happens on an ASF project.

Growing the community is the obvious answer to an increasing backlog of
issues. If you haven't already seen it I strongly recommend reading this
post that talks about Apache Beam's experience in this area:

https://lists.apache.org/thread.html/33a6c3aa0fffa6e961aa2b861ebde333d898a5e1062d0d71d0e13d46@%3Cdev.community.apache.org%3E

Mark

Re: Donate dubbo-php-framework

[Mark Thomas]

On 04/07/18 07:27, Huxing Zhang wrote:
> On Wed, Jul 4, 2018 at 1:20 PM, Ian Luo  wrote:
>> cool, now we have a field-tested php solution for the community:)
>>
>> Thanks,
>> -Ian.
>>
>> On Wed, Jul 4, 2018 at 11:41 AM robinkang(康彬) 
>> wrote:
>>
>>> hi, guys
>>>
>>>with the help of Ian Luo and yong zhu, we have transferred our
>>> dubbo-php-framework to dubbo community  , its git address is :
>>>
>>> https://github.com/dubbo/dubbo-php-framework,  we wish you will like it,
>>> and make it better togother : )
> 
> Hi mentors,
> 
> One thing need to confirm here: Is ip clearance process needed here?> I got 
> confused when I was doing the ip clearance for dubbox
> documentation last time, it turned out that the ip clearance process
> is for TLP.
> I did some search on the incubator list, and found this[2], but it
> seems it is still under discussion.

If the code is going to move to an ASF repository then there needs to be
something that shows that the copyright holders have granted the
necessary rights for that to happen. Depending on where the code came
from that might be a software grant, it might be a contributor license
agreement, it might be several contributor license agreements or it
might be a fork of ALv2 code with any necessary entries in the NOTICE file.

Mark



> 
> [1] 
> https://lists.apache.org/thread.html/e0f8f5e308752903220535c8e6f4c0a5ec92bde78700676409e43087@%3Cgeneral.incubator.apache.org%3E
> [2] 
> https://lists.apache.org/thread.html/1e0f67758623ab688929830bf90e2aff446df7c2c286c4898cc7c893@%3Cgeneral.incubator.apache.org%3E
> 
>>>
>>> -邮件原件-
>>> 发件人: Yong Zhu [mailto:diecui1...@gmail.com]
>>> 发送时间: 2018年5月23日 11:04
>>> 收件人: dev@dubbo.apache.org
>>> 抄送: redshi(史红哲); royzhu(朱乐超)
>>> 主题: Re: Donate dubbo-php-framework
>>>
>>> That's great. Welcome to Dubbo community.
>>>
>>> Jerrick
>>>
>>> On Wed, May 23, 2018 at 10:49 AM, Ian Luo  wrote:
>>>
 Robin,

 It's awesome. We really need dubbo PHP implementation, and now it
 looks we will have one soon :) You can put it in dubbo eco system
 which's hosted under github.com/dubbo.

 Welcome to community.

 Cheers,
 -Ian.

 On Tue, May 22, 2018 at 8:49 PM robinkang(康彬)
 
 wrote:

> Hello Dubbo community,
>
> We hava developed dubbo-php-framework which compatible with dubbo java.
> This framework include client , server and registry, it is a
> complete solution for micro-service on php platform,  have running
> on our product environment for two years more.
>
> Now, we would like to donate to Dubbo community, and we have signed
> SGA
 by
> following
> https://github.com/apache/incubator-dubbo/wiki/Software-donation-guide
>>> .
> The source code will be open sourced soon.
>
> Tks
>
> 免责声明
>
>
> 此电子邮件包含本公司的机密或者专用信息，仅供标明收件地址的个人或团体使用。如果您不是此电子邮件的预期收件人，请勿阅读、复制、
 转发或存储此邮件。如果您已误收此邮件，请通知发件人并删除全部原始信息（包括任何原始信息的备份），并且禁止散布或分发全部或部分原始信息。
 本公司对于因转载本电子邮件而产生的任何损失不承担任何责任，也不担保本电子邮件中信息的准确性、适当性或完整性，
 并且对此产生的任何错误或疏忽不承担任何责任。
>
> lexinfintech, Inc. 
>
>

>>>
>>> 免责声明
>>>
>>>
>>> 此电子邮件包含本公司的机密或者专用信息，仅供标明收件地址的个人或团体使用。如果您不是此电子邮件的预期收件人，请勿阅读、复制、转发或存储此邮件。如果您已误收此邮件，请通知发件人并删除全部原始信息（包括任何原始信息的备份），并且禁止散布或分发全部或部分原始信息。本公司对于因转载本电子邮件而产生的任何损失不承担任何责任，也不担保本电子邮件中信息的准确性、适当性或完整性，并且对此产生的任何错误或疏忽不承担任何责任。
>>>
>>> lexinfintech, Inc. 
>>>
>>>
> 
> 
> 

Re: [incubator-dubbo-website] branch asf-site updated: Google Analytics support

[Mark Thomas]

On 03/07/18 10:08, Ian Luo wrote:
> Well, this is good catch. Thanks, Mark.
> 
> I did a quick research on web (with google search engine :p), it looks like
> Google Analytics has not been GDPR compliant yet, but google is working
> hard to prepare for it [1].
> 
> We are working hard to prepare for the EU’s General Data Protection
>> Regulation (GDPR). Keeping users’ information safe and secure is among our
>> highest priorities at Google. Over the years, we have spent a lot of time
>> working closely with Data Protection Authorities in Europe, and we have
>> already implemented strong privacy protections that reflect their guidance.
>> We are committed to complying with the new legislation and will collaborate
>> with partners throughout this process.
> 
> 
> I guess it is pretty safe to integrate it into dubbo website, or do you
> have any other good alternative to suggest?

I take the opposite view. I would view it as very risky to integrate
Google analytics if it is not GDPR compliant.

In terms of alternatives, it depends what problem you are trying to solve.

Mark


> 
> Thanks,
> -Ian.
> 
> 
> 1. https://privacy.google.com/businesses/compliance/#?modal_active=none
> 
> On Tue, Jul 3, 2018 at 4:49 PM Mark Thomas  wrote:
> 
>> Is the Dubbo community sure that Dubbo's use of Google Analytics is GDPR
>> compliant?
>>
>> Mark
>>
>>
>>
>>  Forwarded Message 
>> Subject: [incubator-dubbo-website] branch asf-site updated: Google
>> Analytics support
>> Date: Tue, 03 Jul 2018 03:42:25 +
>> From: i...@apache.org
>> Reply-To: dev@dubbo.apache.org
>> To: comm...@dubbo.apache.org 
>>
>> This is an automated email from the ASF dual-hosted git repository.
>>
>> iluo pushed a commit to branch asf-site
>> in repository
>> https://gitbox.apache.org/repos/asf/incubator-dubbo-website.git
>>
>>
>> The following commit(s) were added to refs/heads/asf-site by this push:
>>  new b6522c4  Google Analytics support
>> b6522c4 is described below
>>
>> commit b6522c43b74348276ec261042f4d8bc51d6da966
>> Author: beiwei30 
>> AuthorDate: Tue Jul 3 11:41:43 2018 +0800
>>
>> Google Analytics support
>> ---
>>  index.html | 10 ++
>>  1 file changed, 10 insertions(+)
>>
>> diff --git a/index.html b/index.html
>> index dd6584b..5d0c5b5 100644
>> --- a/index.html
>> +++ b/index.html
>> @@ -19,6 +19,16 @@
>> https://f.alicdn.com/react/15.4.1/react-dom.min.js</a>
>> ">
>> > src="
>> <a  rel="nofollow" href="https://cdn.jsdelivr.net/npm/react-router-dom@4.2.2/umd/react-router-dom.min.js">https://cdn.jsdelivr.net/npm/react-router-dom@4.2.2/umd/react-router-dom.min.js</a>
>> ">
>> 
>> +
>> +   
>> +   > src="<a  rel="nofollow" href="https://www.googletagmanager.com/gtag/js?id=UA-112489517-1&quot">https://www.googletagmanager.com/gtag/js?id=UA-112489517-1&quot</a>;>
>> +   
>> +   window.dataLayer = window.dataLayer || [];
>> +   function gtag(){dataLayer.push(arguments);}
>> +   gtag('js', new Date());
>> +
>> +   gtag('config', 'UA-112489517-1');
>> +   
>>  
>>   
>> \ No newline at end of file
>>
>>
> 

Re: CI and JavaDoc

[Mark Thomas]

On 04/07/18 02:18, Huxing Zhang wrote:
> Hi,
> 
> On Wed, Jul 4, 2018 at 1:02 AM, Andrea Del Bene  wrote:
>> Hi Dubbers!
>>
>> I know you are super busy-at the moment, but I'd like to add to your TODO
>> list a task to host Dubbo JavaDoc on your Apache site. At the moment
>> JavaDocs are available at http://www.javadoc.io but it would be nice to
>> host them in-house. Normally this is done on the CI server at the end of
>> the build coping javadoc files to the site server.
> 
> Welcome!
> 
> +1 to host them in-house, I saw tomcat's Javadoc hosting on the
> official site[1].
> 
> Actually the Javadoc files are generated in Travis CI for every
> commit, but I am not quite sure how to sync these files to the site
> server.
> 
> Maybe there is not enough privilege for a 3rd-party service to have
> write access to apache repositories.
> 
> Do you have any experience on how to achieve that?

The Tomcat docs (including the Javadoc) are only updated (effectively
manually) when we do a release so they always refer to the latest
release of each branch.

If you publish docs from the CI server then you run the risk of the docs
and the latest release getting out of sync and that can cause user
confusion.

Other projects publish the docs for the latest release and the docs for
the current development HEAD in separate areas on their website.

If you want to publish from CI to the project website you'll need to do
that from an ASF owned CI system.

Mark

> 
> 
> [1] http://tomcat.apache.org/tomcat-8.5-doc/api/index.html
> 
>>
>> Thank you in advance
>>
>> Andrea Del Bene.
>> Apache Wicket committer.
> 
> 
> 

Fwd: [GitHub] beiwei30 closed pull request #2051: rename access log in unit test from 'alibaba' to 'alibaba.log'

[Mark Thomas]

You should consider a further rename to remove the reference to alibaba
completely (and any similar file names). References to specific
commercial entities in the code can give the wrong impression regarding
project independence.

Mark


 Forwarded Message 
Subject: [GitHub] beiwei30 closed pull request #2051: rename access log
in unit test from 'alibaba' to 'alibaba.log'
Date: Mon, 09 Jul 2018 06:44:52 -
From: GitBox 
Reply-To: dev@dubbo.apache.org
To: notificati...@dubbo.apache.org

beiwei30 closed pull request #2051: rename access log in unit test from
'alibaba' to 'alibaba.log' URL:
https://github.com/apache/incubator-dubbo/pull/2051

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git
a/dubbo-rpc/dubbo-rpc-api/src/test/java/org/apache/dubbo/rpc/filter/AccessLogFilterTest.java
b/dubbo-rpc/dubbo-rpc-api/src/test/java/org/apache/dubbo/rpc/filter/AccessLogFilterTest.java
index 5db1127791..8e5c426697 100644
---
a/dubbo-rpc/dubbo-rpc-api/src/test/java/org/apache/dubbo/rpc/filter/AccessLogFilterTest.java
+++
b/dubbo-rpc/dubbo-rpc-api/src/test/java/org/apache/dubbo/rpc/filter/AccessLogFilterTest.java
@@ -57,7 +57,7 @@ public void testDefault() {
  @Test
 public void testCustom() {
-URL url = URL.valueOf("test://test:11/test?accesslog=alibaba");
+URL url = URL.valueOf("test://test:11/test?accesslog=alibaba.log");
 Invoker invoker = new
MyInvoker(url);
 Invocation invocation = new MockInvocation();
 accessLogFilter.invoke(invoker, invocation);




This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org
For additional commands, e-mail: notifications-h...@dubbo.apache.org

Fwd: [incubator-dubbo-website] branch asf-site updated: Google Analytics support

[Mark Thomas]

Is the Dubbo community sure that Dubbo's use of Google Analytics is GDPR
compliant?

Mark



 Forwarded Message 
Subject: [incubator-dubbo-website] branch asf-site updated: Google
Analytics support
Date: Tue, 03 Jul 2018 03:42:25 +
From: i...@apache.org
Reply-To: dev@dubbo.apache.org
To: comm...@dubbo.apache.org 

This is an automated email from the ASF dual-hosted git repository.

iluo pushed a commit to branch asf-site
in repository
https://gitbox.apache.org/repos/asf/incubator-dubbo-website.git


The following commit(s) were added to refs/heads/asf-site by this push:
 new b6522c4  Google Analytics support
b6522c4 is described below

commit b6522c43b74348276ec261042f4d8bc51d6da966
Author: beiwei30 
AuthorDate: Tue Jul 3 11:41:43 2018 +0800

Google Analytics support
---
 index.html | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/index.html b/index.html
index dd6584b..5d0c5b5 100644
--- a/index.html
+++ b/index.html
@@ -19,6 +19,16 @@
https://f.alicdn.com/react/15.4.1/react-dom.min.js";>
https://cdn.jsdelivr.net/npm/react-router-dom@4.2.2/umd/react-router-dom.min.js";>

+
+   
+   https://www.googletagmanager.com/gtag/js?id=UA-112489517-1";>
+   
+   window.dataLayer = window.dataLayer || [];
+   function gtag(){dataLayer.push(arguments);}
+   gtag('js', new Date());
+
+   gtag('config', 'UA-112489517-1');
+   
 
  
\ No newline at end of file

Re: Promoting Dubbo in social media

[Mark Thomas]

On 21/06/18 15:45, Huxing Zhang wrote:
> Hi,
> 
> I am planning to register a Twitter account using the
> priv...@dubbo.apache.org mail address, because it is a private mail
> address, and all the PPMC can share the login credentials, any concern
> about it?

FYI, the ASF provides a (P)PMC private area in svn for this sort of
thing. Some PMCs encrypt on top of that. Whether you choose to do that
or not is up to you.

Mark


> 
> On Thu, Jun 21, 2018 at 4:16 PM, Yong Zhu  wrote:
>> +1 for Twitter, face to all over the world.
>>
>> On Thu, Jun 21, 2018 at 1:25 PM Ian Luo  wrote:
>>
>>> +1, let's tweat :)
>>>
>>> On Thu, Jun 21, 2018 at 8:57 AM Yunkun Huang  wrote:
>>>
 good idea.

 I think to choose only one is easy to start this work.

 On 2018/06/20 13:31:02, Huxing Zhang  wrote:
> Hi All,
>
> In order to help promote Dubbo to the world, I am thinking about
> setting up a social media account for Dubbo, for example, we can
> choose one (or more) of the following:
>
> * Twitter
> * Facebook
> * Weibo
> * Wechat Official Accounts
> * Others
>
> Of course the official website will have the latest news, but I think
> a Twitter account will definitely help to build the community from not
> only China but all over the world.
>
> I have checked some of the ASF incubating project, e.g. Skywalking[1],
> ServiceComb[2], they all have official twitter accounts.
>
> [1] https://twitter.com/AsfSkyWalking
> [2] https://twitter.com/ServiceComb
>
> --
> Best Regards！
> Huxing
>

>>>
> 
> 
> 

Re: Project decisions need to be made on list

[Mark Thomas]

On 14/06/2018 15:36, Huxing Zhang wrote:

On Thu, Jun 14, 2018 at 3:09 PM, Mark Thomas  wrote:

All,

I have seen multiple instances in the last few weeks of announcements being
made without any prior list discussion.

Please can I remind all members of the Dubbo community that project
decisions must be made on list. That typically means:
- there is a proposal
- there is a discussion


One technical question: Some of the contributors may find themselves
difficult to express their ideas in English.
Is there some way to help them? What I can think is:

1. Chinese follows English on the mailing list
2. Another Chinese public channel (e.g. gitter) to discuss, and then
back to mailing list
3. Using English anyway

What do you guys think?

What I have recommended in the past is:
- express the problem as best you can in English (if that is not at all,
  that is fine)
- then repeat but using your native language

A combination of the above and Google translate is nearly always enough 
for someone familiar with the topic to work out what is meant.


Once the project decides how it wants to handle this, it needs to be 
added, in multiple languages, to the relevant project pages on how to 
contribute / participate.


Mark





- the discussion reaches a consensus (rarely, a VOTE is held)
- the consensus is announced as a decision of the project

Normally, the above steps would take place on the dev@ list. Depending on
circumstances, it could also occur in other locations such as the issue
tracker. Whereever it does happen, it must be a public forum and the whole
community must have an opportunity to contribute to the discussion.

Mark

Project decisions need to be made on list

[Mark Thomas]

All,

I have seen multiple instances in the last few weeks of announcements 
being made without any prior list discussion.


Please can I remind all members of the Dubbo community that project 
decisions must be made on list. That typically means:

- there is a proposal
- there is a discussion
- the discussion reaches a consensus (rarely, a VOTE is held)
- the consensus is announced as a decision of the project

Normally, the above steps would take place on the dev@ list. Depending 
on circumstances, it could also occur in other locations such as the 
issue tracker. Whereever it does happen, it must be a public forum and 
the whole community must have an opportunity to contribute to the 
discussion.


Mark

Fwd: [GitHub] chickenlj commented on issue #1574: circuitBreaker

[Mark Thomas]

Please see question in-line:


 Forwarded Message 
Subject: [GitHub] chickenlj commented on issue #1574: circuitBreaker
Date: Tue, 12 Jun 2018 03:01:12 -
From: GitBox 
Reply-To: dev@dubbo.apache.org
To: notificati...@dubbo.apache.org

chickenlj commented on issue #1574: circuitBreaker
URL: 
https://github.com/apache/incubator-dubbo/pull/1574#issuecomment-396450564

 Hello wanhuhou,
  Thanks for your contribution, instead of a circuitbreaker i think 
your implementation is more like a new policy of LoadBalance.   And 
after having a discussion with the dubbo team,



Where / when did this discussion take place? I've been following the 
lists but I could have missed it. Please provide a pointer.


Mark



 i think below is the enhancements we should do:
   * A foundamental Metrics module.
   * Add a new LoadBalance Policy which can detect node healthy.
   * Add a new Cluster Policy which can short-circuit and switch to 
fallback automically. More like a embedded circuitbreaker.

   * Provide a demo of integrating Hystrix with Dubbo.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org
For additional commands, e-mail: notifications-h...@dubbo.apache.org

Re: Dubbo new logo and new website

[Mark Thomas]

On 07/06/18 07:16, Huxing Zhang wrote:
> Hi community,
> 
> Just want to let the community to know that I am working with some of
> the Alibaba folks to create a new website and new logo.

Isn't the need (or not) for a new website something that the community
should decide?

> The new website/logo will have complete fresh design, including the
> following contents:
> 
> * home page
> * documentation
> * blogs
> * community
> * events
> 
> All of them will have English/Chinese versions.
> 
> The implementation is still under way, and would be available in a
> separate Github repo once finished.

That sounds like a code dump. That isn't how things are meant to work at
Apache.

> The new repo is designed to be a combination of current
> incubator-dubbo-docs and incubator-dubbo-website.

That sounds like a high level design decision I'd expect to see happen
on the mailing list.

> I have a quick question for this, if the community have decided to
> accept the new logo/website, can a  Software Grant or CLA cover it?

It depends on the detail. I think the higher level issues I've outlined
above need to be worked through first.

Mark

Re: [VOTE]: Release Apache Dubbo (Incubating) 2.6.2 [RC2]

[Mark Thomas]

On 04/06/18 08:14, Huxing Zhang wrote:
> Dear Dubbo Mentors,
> 
> We still need 1 more binding vote to pass the incubator community vote.
> 
> It will be great if we can pass it before the June's podling report.
> 
> Would you please help to vote for it?

I'm reviewing the release now.

Mark


> 
> On Tue, May 29, 2018 at 4:47 PM, Jun Liu  wrote:
>> Hello All,
>>
>> This is a call for vote to release Apache Dubbo (Incubating) version 2.6.2.
>>
>> The Apache Dubbo community has voted on and approved a proposal to release 
>> Apache Dubbo (Incubating) version 2.6.2.
>>
>> We now kindly request the Incubator PMC members review and vote on this 
>> incubator release.
>>
>> Apache Dubbo™ (incubating) is a high-performance, java based, open source 
>> RPC framework. Dubbo offers three key functionalities, which include 
>> interface based remote call, fault tolerance & load balancing, and automatic 
>> service registration & discovery.
>>
>> Dubbo vote thread:
>> https://lists.apache.org/thread.html/38560cb159a5c32d0cf98485c9fe791505fbc52d18d86a37713582f0@%3Cdev.dubbo.apache.org%3E
>>  
>> 
>>
>> Dubbo vote result thread:
>> https://lists.apache.org/thread.html/0b1e022a32e136ff0a9b42e7ef7da5ccc7d256d175394c2d5858f1cf@%3Cdev.dubbo.apache.org%3E
>>  
>> 
>>
>> The release candidates:
>> https://dist.apache.org/repos/dist/dev/incubator/dubbo/2.6.2 
>> 
>>
>> Git tag for the release:
>> https://github.com/apache/incubator-dubbo/tree/dubbo-2.6.2 
>> 
>>
>> Hash for the release tag:
>> 5eeb240337ccfbc820d4bde023d8cf643f33d735
>>
>> Release Notes:
>> https://github.com/apache/incubator-dubbo/blob/2.6.2-release/CHANGES.md 
>> 
>>
>> The artifacts have been signed with Key : 28681CB1, which can be found in 
>> the keys file:
>> https://dist.apache.org/repos/dist/dev/incubator/dubbo/KEYS 
>> 
>>
>> The vote will be open for at least 72 hours or until necessary number of 
>> votes are reached.
>>
>> Please vote accordingly:
>> [ ] +1 approve
>> [ ] +0 no opinion
>> [ ] -1 disapprove with the reason
>>
>> Thanks.
>> Jun Liu,
>> on behalf of The Apache Dubbo (Incubating) Team
> 

Re: [VOTE]: Release Apache Dubbo (Incubating) 2.6.2 [RC1]

[Mark Thomas]

On 22/05/18 02:53, Jun Liu wrote:
>> Where did the community discuss this? I'd expect to see a discussion on
>> a mailing list before a decision is announced.
> 
> Haven’t discussed yet, i will start one now.

Ah. OK. Just a phrasing issue then. No problem.

Using "I think we should ..." rather than "We plan..." (or something
along those lines) would make it clearer that it was your
idea/suggestion rather than a community decision.

Mark

> 
> Best regards,
> Jun
> 
>> On 22 May 2018, at 2:15 AM, Mark Thomas <ma...@apache.org> wrote:
>>
>> On 21/05/18 07:32, Jun Liu wrote:
>>
>> 
>>
>>> we plan to solve this problem and start a new round of voting.
>>
>> Where did the community discuss this? I'd expect to see a discussion on
>> a mailing list before a decision is announced.
>>
>> Mark
> 

Re: [VOTE]: Release Apache Dubbo (Incubating) 2.6.2 [RC1]

[Mark Thomas]

On 21/05/18 07:32, Jun Liu wrote:



> we plan to solve this problem and start a new round of voting.

Where did the community discuss this? I'd expect to see a discussion on
a mailing list before a decision is announced.

Mark

Re: [Mentors] IP clearance

[Mark Thomas]

On 13/05/2018 06:17, Justin Mclean wrote:

Hi,

A lot of work has been done on the IP clearance. [1]

IMO given the 4 people mention in the JIRA to be contacted has all contributed 
less than 10 lines of code each I don't see this as holding up the release 
while we wait for a reply / ICLA from them. Absolute worse case code can be 
removed in a later release.

What do other mentors think about this?


No concerns here.

Dubbo is ALv2 licensed so contributions are automatically under the ALv2 
unless marked otherwise at the time.


<10 lines is a very small amount of code.

The risks are about as low as they can get so I don't see any reason 
here to hold up a release.


Mark




Thanks,
Justin

1. https://issues.apache.org/jira/browse/DUBBO-3

Re: [DRAFT] Dubbo Incubator Report - May 2018

[Mark Thomas]

On 28/04/18 09:04, Huxing Zhang wrote:
> Hi Community,
> 
> Below is a draft of Dubbo Incubator Report, May 2018. Please feel
> free to comment if you have any concern.
> 
> ---
> 
> Dubbo
> 
> Dubbo is a high-performance, lightweight, java based RPC framework.
> 
> Dubbo has been incubating since 2018-02-16.
> 
> Three most important issues to address in the move towards graduation:
> 
>   1.First ASF release
>   2.IP clearance
>   3.Community building
> 
> Any issues that the Incubator PMC (IPMC) or ASF Board wish/need to be
> aware of?
> 
> None.
> 
> How has the community developed since the last report?
> * 1 student application has been formally accepted by GSoC (Raghu on
> Protocol Buffer integration)
> * A complete list of contributors who is singed or not signed
> ASF/Alibaba CLA has been summarized

Typo. s/singed/signed/

Mark

Re: [GitHub] zsw12013 commented on issue #109: ApplicationConfig.application == null

[Mark Thomas]

On 15/04/18 18:31, GitBox wrote:
> zsw12013 commented on issue #109:  ApplicationConfig.application == null
> URL: 
> https://github.com/apache/incubator-dubbo-spring-boot-project/issues/109#issuecomment-381423415

This comment is not appropriate on an ASF mailing list.

Now is probably a good point to mention the code of conduct:
https://www.apache.org/foundation/policies/conduct.html

The comment will be deleted shortly.

Mark

Re: [incubator-dubbo.wiki] branch master updated: Do not expose private mail list

[Mark Thomas]

On 16/04/18 02:33, Huxing Zhang wrote:
> I thought if the private mailing list address goes publicly, it might be 
> abused.
> 
> Is cc-ing dev@ better than private@?

While the contents of private@ is, well, private, the fact that it
exists is not private. It is like the security@ list in that respect. It
is OK to say the lists exist and ask people to use them in the
appropriate circumstances.

If anyone abuses any ASF mailing list, public or private, there are
tools available to deal with that. Mentors and/or the infra team can
advise if that becomes necessary.

Generally, SGA, ICLAs etc are kept private so private@ is the right place.

HTH,

Mark


> 
> On Mon, Apr 16, 2018 at 12:19 AM, John D. Ament <johndam...@apache.org> wrote:
>> On Sun, Apr 15, 2018 at 12:13 PM Mark Thomas <ma...@apache.org> wrote:
>>
>>> On 14/04/18 13:15, hux...@apache.org wrote:
>>>> This is an automated email from the ASF dual-hosted git repository.
>>>>
>>>> huxing pushed a commit to branch master
>>>> in repository
>>> https://gitbox.apache.org/repos/asf/incubator-dubbo.wiki.git
>>>>
>>>>
>>>> The following commit(s) were added to refs/heads/master by this push:
>>>>  new 3a003bd  Do not expose private mail list
>>>> 3a003bd is described below
>>>>
>>>> commit 3a003bd9d5595757e1f58f45ba70dd26d5a1ba60
>>>> Author: Huxing Zhang <huxing.zh...@gmail.com>
>>>> AuthorDate: Sat Apr 14 20:15:24 2018 +0800
>>>>
>>>> Do not expose private mail list
>>>
>>> Why?
>>>
>>
>> 2nd'd.  I see a lot of benefits to CC'ing the project's list from secretary
>> POV.  In case the submitter forgot to mention associate project it gives
>> them a hint where to look.
>>
>>
>>>
>>> Mark
>>>
>>>
>>>> ---
>>>>  Software-donation-guide.md | 2 +-
>>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/Software-donation-guide.md b/Software-donation-guide.md
>>>> index df3cd46..d03797c 100644
>>>> --- a/Software-donation-guide.md
>>>> +++ b/Software-donation-guide.md
>>>> @@ -9,7 +9,7 @@ If you are donating significant amount of code or
>>> documentation to Apache Dubbo
>>>>  3. Fill in the blanks (see below as an example)
>>>>  4. Request your boss to sign it
>>>>  5. Scan it
>>>> -6. Send an email to secret...@apache.org, and cc
>>> priv...@dubbo.apache.org
>>>> +6. Send an email to secret...@apache.org
>>>>
>>>>   Example:
>>>>
>>>>
>>>
>>>
> 

Re: [incubator-dubbo.wiki] branch master updated: Do not expose private mail list

[Mark Thomas]

On 14/04/18 13:15, hux...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
> 
> huxing pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/incubator-dubbo.wiki.git
> 
> 
> The following commit(s) were added to refs/heads/master by this push:
>  new 3a003bd  Do not expose private mail list
> 3a003bd is described below
> 
> commit 3a003bd9d5595757e1f58f45ba70dd26d5a1ba60
> Author: Huxing Zhang 
> AuthorDate: Sat Apr 14 20:15:24 2018 +0800
> 
> Do not expose private mail list

Why?

Mark


> ---
>  Software-donation-guide.md | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/Software-donation-guide.md b/Software-donation-guide.md
> index df3cd46..d03797c 100644
> --- a/Software-donation-guide.md
> +++ b/Software-donation-guide.md
> @@ -9,7 +9,7 @@ If you are donating significant amount of code or 
> documentation to Apache Dubbo
>  3. Fill in the blanks (see below as an example)
>  4. Request your boss to sign it
>  5. Scan it
> -6. Send an email to secret...@apache.org, and cc priv...@dubbo.apache.org
> +6. Send an email to secret...@apache.org
>  
>   Example:
>  
> 

Re: List moderation

[Mark Thomas]

On 12/04/18 08:50, Huxing Zhang wrote:
> On Thu, Apr 12, 2018 at 3:48 PM, Mark Thomas <ma...@apache.org> wrote:
>> On 12/04/18 03:47, Huxing Zhang wrote:
>>> Hi,
>>>
>>> I would like to volunteer. Please add me as moderator.
>>
>> Which list(s)? All of them?
> 
> Yes, all of them.

Done. Enjoy :)

Mark

> 
>>
>> Mark
>>
>>
>>>
>>> On Thu, Apr 12, 2018 at 3:28 AM, Mark Thomas <ma...@apache.org> wrote:
>>>> All,
>>>>
>>>> Currently moderation for each of the dubbo mailing lists is being
>>>> performed by a single mentor.
>>>>
>>>> Ideally, there need to be at least 3 moderators. Even more ideally, the
>>>> more widely spread their time-zones the better.
>>>>
>>>> Are there any volunteers from the committers to act as moderator for one
>>>> or more of the dubbo lists? If you'd like to volunteer, reply here and
>>>> I'll get you set up.
>>>>
>>>> More details here:
>>>> http://apache.org/dev/committers.html#mail
>>>>
>>>> Mark
>>>
>>
> 

Re: DubboX papers donate to Dubbo

[Mark Thomas]

On 12/04/18 06:58, Huxing Zhang wrote:
> Hi Mentors,
> 
> This is documentation donation request, can a SGA cover this?

Yes.

Mark


> 
> On Wed, Apr 11, 2018 at 3:21 PM, Huxing Zhang  wrote:
>> Hi,
>>
>> Very glad to hear that!
>>
>> Pull request can be found here:
>> https://github.com/apache/incubator-dubbo-docs/pull/14
>>
>> We need confirm the next steps before merging it.
>>
>> On Wed, Apr 11, 2018 at 12:04 PM, Von Gosling  wrote:
>>> Glad to see and welcome DubboX project. Before we start the formal donation 
>>> proposal for DubboX, please let us learn[1][2] more about  the IP-Clearance 
>>> of the components donation  :-)
>>>
>>>
>>> [1] http://incubator.apache.org/ip-clearance/
>>> [2] http://incubator.apache.org/ip-clearance/rocketmq-cpp-sdk.html
>>>
>>>
>>> Best Regards,
>>> Von Gosling
>>>
 在 2018年4月11日，10:49，Yong Zhu  写道：

 Wonderful, dubbo will become better because of your donation and joining.

 2018-04-11 9:55 GMT+08:00 Ian Luo :

> wow, that's great, would you mind to integrate the doc into
> https://github.com/apache/incubator-dubbo-docs, even though we could do it
> ourselves if you don't have time :)
>
> Thanks,
> -Ian.
>
> On Tue, Apr 10, 2018 at 5:05 PM, 林嘉琦  wrote:
>
>> Hello,
>> I decided to donate DubboX to Dubbo,including the papers of
>> DubboX. Besides, I have changed the license of papers to Apache 2.0.
>> The papers are in here:https://dangdangdotcom.github.io/dubbox/
>>
>> Github account : chidaodezhongsheng
>>
>>
>>
>
>>>
>>
>> --
>> Best Regards！
>> Huxing
> 

List moderation

[Mark Thomas]

All,

Currently moderation for each of the dubbo mailing lists is being
performed by a single mentor.

Ideally, there need to be at least 3 moderators. Even more ideally, the
more widely spread their time-zones the better.

Are there any volunteers from the committers to act as moderator for one
or more of the dubbo lists? If you'd like to volunteer, reply here and
I'll get you set up.

More details here:
http://apache.org/dev/committers.html#mail

Mark

Re: [GitHub] CLAassistant commented on issue #884: 添加method class缓存

[Mark Thomas]

I thought the CLA assistant had been removed.

Mark


On 05/04/2018 05:17, GitBox wrote:

CLAassistant commented on issue #884: 添加method class缓存
URL: https://github.com/apache/incubator-dubbo/pull/884#issuecomment-345502043
  
  
[![CLA assistant check](https://cla-assistant.io/pull/badge/not_signed)](https://cla-assistant.io/apache/incubator-dubbo?pullRequest=884) Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our [Contributor License Agreement](https://cla-assistant.io/apache/incubator-dubbo?pullRequest=884) before we can accept your contribution.**qi** seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please [add the email address used for this commit to your account](https://help.github.com/articles/why-are-my-commits-linked-to-the-wrong-user/#commits-are-not-linked-to-any-user).You have signed the CLA already but the status is still pending? Let us [recheck](https://cla-assistant.io/check/apache/incubator-dubbo?pullRequest=884) it.



This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
  
For queries about this service, please contact Infrastructure at:

us...@infra.apache.org


With regards,
Apache Git Services

Re: Website Branding Policy

[Mark Thomas]

On 22/03/18 08:27, Huxing Zhang wrote:
> Hi,
> 
> I've updated the website with comments from Justin and Mark.
> 
> It should look better now.

It does but I'm afraid you used the old ASF feather logo rather than the
new one. Can you update it please?


> 
> On Tue, Mar 20, 2018 at 6:47 PM, Mark Thomas <ma...@apache.org> wrote:
>> Putting on my VP Brand Management hat. Some responses in-line.
>>
>> On 20/03/18 08:32, Huxing Zhang wrote:
>>> On Tue, Mar 20, 2018 at 4:09 PM, Justin Mclean <jus...@classsoftware.com> 
>>> wrote:
>>
>> 
>>
>>>>> 2. At the bottom of the page, there is a link to promote EDAS, which a
>>>>> product in Alibaba Cloud, is that proper to do so?
>>>>
>>>> IMO I’d say no. You could make a page and link to projects that use Dubbo 
>>>> but it mustn’t be seen as promotion of one particular vendor or solution.
>>>
>>> I will remove that content.
>>
>> +1.
>>
>> A page that lists projects / companies that use Dubbo is fine but:
>> - you should use no-follow links
>> - those links should not be on the project homepage
>>
>> The rationale is that we don't want to devalue what we offer our
>> sponsors in terms of logo placement, recognition, etc. while at the same
>> time we do want projects to be able to demonstrate how/where they are used.
>>
>> 
>>
>>>>> 5. About the trademarks, shall we confirm with trademark@ before
>>>>> adding ™ or ® to Apache Dubbo (incubating)? Google tells me that ™
>>>>> means it is an unregistered trademark while  ® means it is registered
>>>>> trademark in US. So probably we should go for ™ ?
>>>>
>>>> Go with TM. May need another discussion if we need to register it.
>>
>> +1.
>>
>> You should think about completing the podling name search. While it
>> isn't required for graduation, if the outcome is that a rename is
>> required (unlikely but the podling name search will confirm that) then
>> you want to know sooner rather than later. Registration is something to
>> consider post graduation.
>>
>>>>> 6. Do we have official logo for Dubbo? If we have one, we need to add
>>>>> ™ to that logo.
>>>>
>>>> No expert on this but AFAIK there’s no need to add TM in the logo.
>>
>> It isn't required legally but it is ASF policy. See:
>> http://www.apache.org/foundation/marks/pmcs#graphics
>>
>> Mark
> 

Re: Website Branding Policy

[Mark Thomas]

Putting on my VP Brand Management hat. Some responses in-line.

On 20/03/18 08:32, Huxing Zhang wrote:
> On Tue, Mar 20, 2018 at 4:09 PM, Justin Mclean  
> wrote:



>>> 2. At the bottom of the page, there is a link to promote EDAS, which a
>>> product in Alibaba Cloud, is that proper to do so?
>>
>> IMO I’d say no. You could make a page and link to projects that use Dubbo 
>> but it mustn’t be seen as promotion of one particular vendor or solution.
> 
> I will remove that content.

+1.

A page that lists projects / companies that use Dubbo is fine but:
- you should use no-follow links
- those links should not be on the project homepage

The rationale is that we don't want to devalue what we offer our
sponsors in terms of logo placement, recognition, etc. while at the same
time we do want projects to be able to demonstrate how/where they are used.



>>> 5. About the trademarks, shall we confirm with trademark@ before
>>> adding ™ or ® to Apache Dubbo (incubating)? Google tells me that ™
>>> means it is an unregistered trademark while  ® means it is registered
>>> trademark in US. So probably we should go for ™ ?
>>
>> Go with TM. May need another discussion if we need to register it.

+1.

You should think about completing the podling name search. While it
isn't required for graduation, if the outcome is that a rename is
required (unlikely but the podling name search will confirm that) then
you want to know sooner rather than later. Registration is something to
consider post graduation.

>>> 6. Do we have official logo for Dubbo? If we have one, we need to add
>>> ™ to that logo.
>>
>> No expert on this but AFAIK there’s no need to add TM in the logo.

It isn't required legally but it is ASF policy. See:
http://www.apache.org/foundation/marks/pmcs#graphics

Mark

Re: About the parent pom, groupId and package name of Dubbo project

[Mark Thomas]

On 19/03/18 11:29, shang zonghai wrote:


> case 2: The user is convenient to upgrade dubbo to apache version( change 
> com.alibaba.xxx to com.apache.xx),  consumer and server upgrades at the same 
> time.

Possibly just a copy/paste error but note it is *org*.apache

Mark

Re: On a user list

[Mark Thomas]

On 08/03/18 08:09, jun liu wrote:
> Thanks for your advice to dubbo community, Adrian. 
> 
> I agree with the potential problems or even challenges you mentioned. But 
> when other channels are not forced to be closed, people can still have 
> discussions on github issues or gitter channels, only remember to bring the 
> decision making ones here the @dev list.

My strong recommendation is that all development discussion moves to the
dev@ list.

Projects can have a range of user support channels (IRC, Gitter,
HipChat, mailing list, Stack overflow) as the project feels necessary.

> Finally, i’d like to see the github issue to be a pure place for tracking 
> determined requirements, enhancements, bugs or high suspicious bugs,

That seems sensible to me. Mixing bugs and support issues in the same
tracker might make it hard for people to work with.

> while casual discussions or decisions can be raised here. I don’t know  
> whether a github issue should working that way, but a user/dev list would 
> definitely helps to reach there, so i would choose to be a good boy and 
> follow the mentor’s guidance, see what will happen using both mailing list 
> and github issue at the incubator phase.
> 
> I expect to see the amazing features happen: any issues raised with apache 
> github will be sent to the @dev list automatically after a proper repo 
> migration.

Given Dubbo has an issues@ list I'd expect it to go there but the Dubbo
community can choose how it wants to handle that.

Mark


> Also only my own opinion, a new fellow in apache and the github community.
> 
> Best regards,
> Jun Liu
> 
> 
>> On 7 Mar 2018, at 4:46 PM, Adrian Cole  wrote:
>>
>> Hi, folks.
>>
>> I understand that conventionally apache incubator projects don't have
>> user lists. I suspect someone more familiar can give the whole story
>> on that, but I assume the rationale is to be a bit cautious while the
>> project matures. Notably, this is maturing in the Apache way, conduct
>> and community.
>>
>> That said, I was a bit alarmed to see a suggestion that all users
>> should be routed to the dev list from github.
>> https://github.com/alibaba/dubbo/issues/1393
>>
>> The reason I was concerned was just the huge following dubbo has..
>> 2.7k watchers if not ignoring will receive this advice :) Perhaps
>> prematurely, I'm worried that redirecting routine users to the dev
>> list will be hard to undo once people establish a pattern. I feel we
>> could stop that pattern up-front by having a user list and suggesting
>> that instead.
>>
>> Please bear in mind that I don't have a lot of experience with dubbo
>> and people communicating on the "wrong list" isn't necessarily bad. I
>> might just be a bit scared due to the scale of the existing community
>> here.
>>
>> Thoughts welcome, and if none, thanks for letting me express myself :)
>>
>> -A
> 

Re: On double dubbo starters

[Mark Thomas]

On 07/03/18 11:41, Ian Luo wrote:
> Hi Mark,
> 
> Pls. check my comments below.

Thanks for the additional information.

Until the code transitions to the ASF (which I hope is fairly soon), and
especially if the community needs a release, then you are able to
publish releases as you have done previously.

Once the code transitions to the ASF, the ASF release policy applies.
Depending on where you start from, it can take a little work to get
everything aligned to the policy but that only needs to be done once.

Mark


> 
> Thanks,
> -Ian.
> 
> 
>> On 7 Mar 2018, at 6:09 PM, Mark Thomas <ma...@apache.org> wrote:
>>
>> On 07/03/18 09:49, Ian Luo wrote:
>>> Hi Adrian,
>>>
>>> First of all, my apology for the confusion. The project under dubbo [1] 
>>> group is the official project we plan to maintain in long term for Spring 
>>> Boot support. I encourage you try it first and share your feedback if 
>>> there’s any. 
>>>
>>> In order to not block Adrian’s work, I suggest to publish it with the 
>>> existing groupId/artifactId since we can always republish with the new 
>>> groupId/artifactId in the next release cycle after the transition finishes.
>>>
>>> To dubbo’s mentors, I am not sure if it is appropriated for my proposal. 
>>> Pls. correct me once you read the message since we plan to release 
>>> spring-boot-starter officially very soon (by the end of this week or the 
>>> early of the next week).
>>>
>>> Thanks,
>>> -Ian. 
>>>
>>> 1.  https://github.com/dubbo/dubbo-spring-boot-project 
>>
>> Hi,
>>
>> I need a little more information before offering an opinion.
>>
>> 1. Who is the "we" that intends to publish the release?
> 
> [iluo]: Here “we” means dubbo development team. 
> 
>>
>> 2. How will the release be named (including Maven co-ordinates)?
> 
> [iluo]: It will be com.alibaba.boot:dubbo-spring-boot-starter at this moment. 
> 
>>
>> 3. Is it intended that this code will become part of Apache Dubbo? If
>> so, what stage is this code at in its transition to the ASF?
> 
> [iluo]: It’s a side project [1] of Apache Dubbo. All projects under dubbo 
> group [2] will be included in this transition, you could check details from 
> JIRA issue DUBBO-3 [3].
> 
> 
> 1. https://github.com/dubbo/dubbo-spring-boot-project
> 2. https://github.com/dubbo
> 3. https://issues.apache.org/jira/projects/DUBBO/issues/DUBBO-3
> 
>>
>> Thanks,
>>
>> Mark
>>
>>
>>>
>>>
>>>> On 7 Mar 2018, at 5:04 PM, Adrian Cole <adrian.f.c...@gmail.com> wrote:
>>>>
>>>> Hi, all
>>>>
>>>> I'm working on spring-cloud-sleuth tracing integration with dubbo.
>>>> We've had users requesting dubbo for a while now for spring boot
>>>> applications.
>>>>
>>>> https://github.com/spring-cloud/spring-cloud-sleuth/issues/710
>>>>
>>>> One of the commitments we made was to have dubbo tracing included for
>>>> spring boot 2 applications, leveraging the efforts we made in the
>>>> Zipkin library Brave (which similarly had a backlog of dubbo
>>>> interest).
>>>>
>>>> The good news is that, I've been able to get this working, which is 
>>>> awesome.
>>>>
>>>> https://github.com/openzipkin/sleuth-webmvc-example/compare/add-dubbo-tracing
>>>>
>>>> I'm only waiting a couple small patches and we are ready to go! The
>>>> community have been great and the plugin changes quickly in the right
>>>> direction.
>>>>
>>>> I ran into a glitch as I was told that the plugin I use, the "alibaba"
>>>> variant, is not official. Rather, the "dubbo" one was.
>>>>
>>>> https://github.com/alibaba/dubbo-spring-boot-starter < I am using this
>>>> and it works
>>>> https://github.com/dubbo/dubbo-spring-boot-project < haven't tried this, 
>>>> yet
>>>>
>>>> I would like to try the other version, but it seems to be in release
>>>> limbo. For example, it is not published anywhere and there are some
>>>> concerns about publishing it while apache takes its course.
>>>>
>>>> https://issues.apache.org/jira/projects/DUBBO/issues/DUBBO-3
>>>>
>>>> Meanwhile, I actually like the plugin I am using and the person
>>>> maintaining it is good. This is a tough situation to be in where what
>>>> is working is not recommended, and what is recommended I have to build
>>>> or consume snapshot of.
>>>>
>>>> How should we proceed on this?
>>>> -A
> 
> 

Re: On double dubbo starters

[Mark Thomas]

On 07/03/18 09:49, Ian Luo wrote:
> Hi Adrian,
> 
> First of all, my apology for the confusion. The project under dubbo [1] group 
> is the official project we plan to maintain in long term for Spring Boot 
> support. I encourage you try it first and share your feedback if there’s any. 
> 
> In order to not block Adrian’s work, I suggest to publish it with the 
> existing groupId/artifactId since we can always republish with the new 
> groupId/artifactId in the next release cycle after the transition finishes.
> 
> To dubbo’s mentors, I am not sure if it is appropriated for my proposal. Pls. 
> correct me once you read the message since we plan to release 
> spring-boot-starter officially very soon (by the end of this week or the 
> early of the next week).
> 
> Thanks,
> -Ian. 
> 
> 1.  https://github.com/dubbo/dubbo-spring-boot-project 

Hi,

I need a little more information before offering an opinion.

1. Who is the "we" that intends to publish the release?

2. How will the release be named (including Maven co-ordinates)?

3. Is it intended that this code will become part of Apache Dubbo? If
so, what stage is this code at in its transition to the ASF?

Thanks,

Mark


> 
> 
>> On 7 Mar 2018, at 5:04 PM, Adrian Cole  wrote:
>>
>> Hi, all
>>
>> I'm working on spring-cloud-sleuth tracing integration with dubbo.
>> We've had users requesting dubbo for a while now for spring boot
>> applications.
>>
>> https://github.com/spring-cloud/spring-cloud-sleuth/issues/710
>>
>> One of the commitments we made was to have dubbo tracing included for
>> spring boot 2 applications, leveraging the efforts we made in the
>> Zipkin library Brave (which similarly had a backlog of dubbo
>> interest).
>>
>> The good news is that, I've been able to get this working, which is awesome.
>>
>> https://github.com/openzipkin/sleuth-webmvc-example/compare/add-dubbo-tracing
>>
>> I'm only waiting a couple small patches and we are ready to go! The
>> community have been great and the plugin changes quickly in the right
>> direction.
>>
>> I ran into a glitch as I was told that the plugin I use, the "alibaba"
>> variant, is not official. Rather, the "dubbo" one was.
>>
>> https://github.com/alibaba/dubbo-spring-boot-starter < I am using this
>> and it works
>> https://github.com/dubbo/dubbo-spring-boot-project < haven't tried this, yet
>>
>> I would like to try the other version, but it seems to be in release
>> limbo. For example, it is not published anywhere and there are some
>> concerns about publishing it while apache takes its course.
>>
>> https://issues.apache.org/jira/projects/DUBBO/issues/DUBBO-3
>>
>> Meanwhile, I actually like the plugin I am using and the person
>> maintaining it is good. This is a tough situation to be in where what
>> is working is not recommended, and what is recommended I have to build
>> or consume snapshot of.
>>
>> How should we proceed on this?
>> -A
> 

Re: Private channel for reporting security issues

[Mark Thomas]

On 02/03/18 03:23, Huxing Zhang wrote:
> Hi Mark,
> 
> Thanks for the information.
> In that case, I am +1 for secur...@dubbo.apache.org.
> 
> Further question: if the venerability report is related to some
> project Dubbo depends on, what kind of action should Dubbo security
> team take?
> 
> Should we accepted, update to the fixed version, and then announce it?

Typically (the process can and does vary based on circumstances) we'd
redirect the reporter to the project with the vulnerability. Once that
project has fixed it, we'd update the dependency. Once that project
announces the vulnerability with a CVE reference, we'd announce that we
were vulnerable using the same CVE reference.

Figuring out where the root cause lies for a given vulnerability -
particularly across projects - can get 'interesting'.

On a related topic it is perfectly possible to depend on a project that
has a known vulnerability without being vulnerable (e.g. because we
don't use the affected functionality).

Mark


> 
> On Thu, Mar 1, 2018 at 6:24 PM, Mark Thomas <ma...@apache.org> wrote:
>> On 01/03/18 02:59, Echo Wang wrote:
>>>>
>>>> 1) priv...@dubbo.apache.org
>>>
>>>
>>> +1
>>
>> With my mentor hat on:
>>
>> No.
>>
>> All security vulnerability reports need to be visible to the ASF
>> security team and if they are reported directly to the private@ list
>> that doesn't happen.
>>
>> The podling needs to choose which of the following addresses it wishes
>> to publish for security reports and then make sure that the chosen
>> address is clearly signposted:
>>
>> 1. secur...@dubbo.apache.org
>> 2. secur...@apache.org
>>
>> If the podling chooses the first, the podling will need to request that
>> that list is set up by INFRA. All security@.apache.org lists
>> are automatically copied to the ASF security team.
>>
>> If the podling chooses security@a.o (the ASF wide security address),
>> that team will then forward reports to priv...@dubbo.apache.org
>>
>> Now is probably also a good time for the project community to review the
>> security vulnerability handling process:
>>
>> http://www.apache.org/security/committers.html
>>
>> Mark
> 

Possible issues with Jira self-serve: Was: JIRA email notification

[Mark Thomas]

[moving dev@dubbo to bcc]

Infra folks,

FYI - some issues that were identified with the Dubbo Jira project that
was created via the self-serve app.

>From a quick look it appears the following projects also have the same
issues:
- Apache Commons Testing
- Apache Coral
- Apache Nemo
- Apache PLC4X

I've fixed Dubbo but didn't have time to fix these others.

Mark


 Forwarded Message 
Subject: Re: JIRA email notification
Date: Mon, 26 Feb 2018 19:35:57 +1100
From: Justin Mclean 
Reply-To: dev@dubbo.apache.org
To: dev@dubbo.apache.org

HI,

> There were three issues.
> 1. Dubbo had not be assigned a notification scheme.
> 2. j...@apache.org was not on the allow list for issues@dubbo.a.o
> 3. The permission scheme was set incorrectly which was preventing mail
> from being sent to issues@dubbo.a.o

(should have been "_Default Permission Scheme_" but was "Default
software scheme")


This was set up via the infra self serve app [1], perhaps it needs some
work?

Thanks,
Justin

1. https://selfserve.apache.org

Re: JIRA email notification

[Mark Thomas]

On 26/02/18 08:07, Mark Thomas wrote:
> On 26/02/18 08:02, Huxing Zhang wrote:
>> Hi Mark,
>>
>> Thanks! It works for me now!
> 
> Individual notifications should be working now but I'm still not seeing
> mails to issues@dubbo.a.o yet.

Should be fixed now.

There were three issues.

1. Dubbo had not be assigned a notification scheme.
2. j...@apache.org was not on the allow list for issues@dubbo.a.o
3. The permission scheme was set incorrectly which was preventing mail
from being sent to issues@dubbo.a.o

Again, this would normally be something a podling should raise an infra
Jira ticket for. It just so happens that I had the necessary time amd
karma to fix this.

Mark

> 
> Mark
> 
> 
>>
>> On Mon, Feb 26, 2018 at 3:40 PM, Mark Thomas <ma...@apache.org> wrote:
>>> This would normally be a task for infrastructure but let me take a look
>>> first.
>>>
>>> Mark
>>>
>>> On 26/02/18 07:36, Von Gosling wrote:
>>>> Hi,
>>>>
>>>> It seems that email notification is not work well. Also, if we hope to 
>>>> receive all issues, we must subscribe issue email list  - 
>>>> issues-subscr...@dubbo.incubator.apache.org 
>>>> <mailto:issues-subscr...@dubbo.incubator.apache.org>.
>>>>
>>>> Best Regards,
>>>> Von Gosling
>>>>
>>>>> 在 2018年2月26日，15:15，Huxing Zhang <hux...@apache.org> 写道：
>>>>>
>>>>> Hi,
>>>>>
>>>>> Does anyone receive the email from JIRA[1] update? Cause I haven't
>>>>> received any email once there is an update.
>>>>>
>>>>> Although my setting is do not notify me if it is changed by me, but I
>>>>> do see update from others[2].
>>>>>
>>>>> Any ideas?
>>>>>
>>>>> [1] https://issues.apache.org/jira/projects/DUBBO/issues
>>>>> [2] 
>>>>> https://issues.apache.org/jira/projects/DUBBO/issues/DUBBO-3?filter=allopenissues
>>>>>
>>>>> --
>>>>> Best Regards！
>>>>> Huxing
>>>>
>>>>
>>>
>>
>>
>>
> 

Re: JIRA email notification

[Mark Thomas]

On 26/02/18 08:02, Huxing Zhang wrote:
> Hi Mark,
> 
> Thanks! It works for me now!

Individual notifications should be working now but I'm still not seeing
mails to issues@dubbo.a.o yet.

Mark


> 
> On Mon, Feb 26, 2018 at 3:40 PM, Mark Thomas <ma...@apache.org> wrote:
>> This would normally be a task for infrastructure but let me take a look
>> first.
>>
>> Mark
>>
>> On 26/02/18 07:36, Von Gosling wrote:
>>> Hi,
>>>
>>> It seems that email notification is not work well. Also, if we hope to 
>>> receive all issues, we must subscribe issue email list  - 
>>> issues-subscr...@dubbo.incubator.apache.org 
>>> <mailto:issues-subscr...@dubbo.incubator.apache.org>.
>>>
>>> Best Regards,
>>> Von Gosling
>>>
>>>> 在 2018年2月26日，15:15，Huxing Zhang <hux...@apache.org> 写道：
>>>>
>>>> Hi,
>>>>
>>>> Does anyone receive the email from JIRA[1] update? Cause I haven't
>>>> received any email once there is an update.
>>>>
>>>> Although my setting is do not notify me if it is changed by me, but I
>>>> do see update from others[2].
>>>>
>>>> Any ideas?
>>>>
>>>> [1] https://issues.apache.org/jira/projects/DUBBO/issues
>>>> [2] 
>>>> https://issues.apache.org/jira/projects/DUBBO/issues/DUBBO-3?filter=allopenissues
>>>>
>>>> --
>>>> Best Regards！
>>>> Huxing
>>>
>>>
>>
> 
> 
> 

Re: JIRA email notification

[Mark Thomas]

This would normally be a task for infrastructure but let me take a look
first.

Mark

On 26/02/18 07:36, Von Gosling wrote:
> Hi,
> 
> It seems that email notification is not work well. Also, if we hope to 
> receive all issues, we must subscribe issue email list  - 
> issues-subscr...@dubbo.incubator.apache.org 
> .
> 
> Best Regards,
> Von Gosling
> 
>> 在 2018年2月26日，15:15，Huxing Zhang  写道：
>>
>> Hi,
>>
>> Does anyone receive the email from JIRA[1] update? Cause I haven't
>> received any email once there is an update.
>>
>> Although my setting is do not notify me if it is changed by me, but I
>> do see update from others[2].
>>
>> Any ideas?
>>
>> [1] https://issues.apache.org/jira/projects/DUBBO/issues
>> [2] 
>> https://issues.apache.org/jira/projects/DUBBO/issues/DUBBO-3?filter=allopenissues
>>
>> -- 
>> Best Regards！
>> Huxing
> 
>