I gotcha - and I'm glad your brought it up. As you said, that's what this email thread is for :)
I think it is probably best that we leave it as the broad/general statement that it is - it is conceivable that we might add something else to the framework later on and I wouldn't want to be limited because our mission statement implies that it might be out of scope. I think that kind of stuff is better left to the community to decide. Just thinking out loud... Les On Thu, Aug 5, 2010 at 12:15 PM, Kalle Korhonen <kalle.o.korho...@gmail.com> wrote: > Security is still bigger than "authentication, authorization, session > management and cryptography" combined. Cryptography may be a huge part > of the project, but we are mainly users of the cryptographic > algorithms rather than providers of them. On session management I > agree, and probably should be noted if we wanted to be specific but > suppose it can be seen as being included in overall "related to > application security" statement. I'm fine leaving the statement broad > but that's about the only topic in the resolution we should discuss so > I wanted to make sure that we agree with it. > > Kalle > > > On Thu, Aug 5, 2010 at 11:35 AM, Les Hazlewood <lhazlew...@apache.org> wrote: >> Yeah, I just copied Cayenne's resolution and changed only what >> absolutely needed to be changed to make it Shiro-specific. I thought >> this would be the 'safest' route to quickest approval since the >> Incubator graduation criteria page specifically recommended that it be >> used as an example from which we could create our own. >> >> And I'm surprised to hear the potential suggestion to limit our domain >> to only authentication and authorization. Session Management and >> Cryptography are two huge parts of the overall project! At least >> based on our project origins and current mission statement, Shiro is >> supposed to be the most comprehensive application security framework >> available. I personally feel that we should retain this mission, >> which is why I left the wording very general. >> >> Just my .02, >> >> Les >> >> On Thu, Aug 5, 2010 at 10:48 AM, Kalle Korhonen >> <kalle.o.korho...@gmail.com> wrote: >>> Back to the original matter now. I added Craig on the resolution and >>> didn't make other edits. I think it should be called "Project >>> Resolution" rather than "Graduation Resolution" but since it'd change >>> the url and only the content matters I didn't bother. I'm not a huge >>> fan of the fancy sentences either (I do not believe for a second that >>> legal language for some reason needs to be complicated) but I don't >>> think we have a lot of leeway in the matter and even if we did, it's >>> not worth the effort. While the resolution is not the same as a >>> mission statement, it includes a mission statement which is the only >>> part in it that matters to me and which we might want to expand on a >>> bit. Specifically the resolution says "The Apache Shiro Project be and >>> hereby is >>> responsible for the creation and maintenance of a software >>> project related to application security". Does that cover all and only >>> what the project and we are set to do? I don't have any exact >>> suggestions - it's a bit short but could do even as is. We could >>> though specifically limit our domain to "authentication and >>> authorization" - security as a whole is more than just those two >>> aspects. >>> >>> Kalle >>> >>> >>> On Wed, Aug 4, 2010 at 12:40 PM, Kalle Korhonen >>> <kalle.o.korho...@gmail.com> wrote: >>>> Thanks Les, will review. >>>> >>>> I don't want to turn this into a voting thread and I don't think we >>>> need a formal vote on it either, but +1 from me as well for Craig to >>>> stay on, we couldn't have gotten this far without him! >>>> >>>> Kalle >>>> >>>> >>>> On Wed, Aug 4, 2010 at 11:59 AM, Les Hazlewood <lhazlew...@apache.org> >>>> wrote: >>>>> A huge +1 from me for Craig joining the PMC. Thanks for offering Craig! >>>>> >>>>> Les >>>>> >>>>> On Wed, Aug 4, 2010 at 11:40 AM, Craig L Russell >>>>> <craig.russ...@oracle.com> wrote: >>>>>> >>>>>> On Aug 4, 2010, at 11:03 AM, Alan D. Cabrera wrote: >>>>>> >>>>>>> You are correct. Mentors do not automatically become project members. >>>>>> >>>>>> Correct. >>>>>> >>>>>> However, it's generally considered a good idea to have at least one >>>>>> Apache >>>>>> Foundation Member on each PMC. Often this is the PMC chair. Sometimes the >>>>>> mentors volunteer to stay on at least for a while to help the new PMC get >>>>>> settled. >>>>>> >>>>>> I'd be happy to help out by being on the new PMC if you'll have me. >>>>>> >>>>>> Craig >>>>>>> >>>>>>> >>>>>>> Regards, >>>>>>> Alan >>>>>>> >>>>>>> On Aug 4, 2010, at 10:31 AM, Les Hazlewood wrote: >>>>>>> >>>>>>>> A quick note: >>>>>>>> >>>>>>>> I assume Mentors are not to be automatically listed as project members >>>>>>>> since their relationship with the project is to help through the >>>>>>>> incubation process, and (formally) their responsibility with the >>>>>>>> incubator podling is released upon graduation (per the last paragraph >>>>>>>> in the Graduation Resolution). >>>>>>>> >>>>>>>> This is *not* a reflection of any desire not to have them as project >>>>>>>> members should they wish to participate - it merely reflects my >>>>>>>> understanding of the role/scope of an Incubator Mentor. >>>>>>>> >>>>>>>> Cheers, >>>>>>>> >>>>>>>> Les >>>>>>>> >>>>>>>> On Wed, Aug 4, 2010 at 10:23 AM, Les Hazlewood <lhazlew...@apache.org> >>>>>>>> wrote: >>>>>>>>> >>>>>>>>> I've posted my initial draft of the Apache TLP Graduation Resolution >>>>>>>>> here: >>>>>>>>> >>>>>>>>> https://cwiki.apache.org/confluence/display/SHIRO/Graduation+Resolution >>>>>>>>> >>>>>>>>> Please review and comment. >>>>>>>>> >>>>>>>>> Thanks! >>>>>>>>> >>>>>>>>> Les >>>>>>>>> >>>>>>> >>>>>> >>>>>> Craig L Russell >>>>>> Architect, Oracle >>>>>> http://db.apache.org/jdo >>>>>> 408 276-5638 mailto:craig.russ...@oracle.com >>>>>> P.S. A good JDO? O, Gasp! >>>>>> >>>>>> >>>>> >>>> >>> >> >
