So what are the remaining items to kick this thing out of the Incubator?
Regards, Alan On Aug 5, 2010, at 12:37 PM, Kalle Korhonen wrote: > Hey at least we got a discussion out of it. I agree, I think we'll > keep it as is unless somebody suggests otherwise. > > Kalle > > > On Thu, Aug 5, 2010 at 12:33 PM, Les Hazlewood <lhazlew...@apache.org> wrote: >> I gotcha - and I'm glad your brought it up. As you said, that's what >> this email thread is for :) >> >> I think it is probably best that we leave it as the broad/general >> statement that it is - it is conceivable that we might add something >> else to the framework later on and I wouldn't want to be limited >> because our mission statement implies that it might be out of scope. >> I think that kind of stuff is better left to the community to decide. >> Just thinking out loud... >> >> Les >> >> On Thu, Aug 5, 2010 at 12:15 PM, Kalle Korhonen >> <kalle.o.korho...@gmail.com> wrote: >>> Security is still bigger than "authentication, authorization, session >>> management and cryptography" combined. Cryptography may be a huge part >>> of the project, but we are mainly users of the cryptographic >>> algorithms rather than providers of them. On session management I >>> agree, and probably should be noted if we wanted to be specific but >>> suppose it can be seen as being included in overall "related to >>> application security" statement. I'm fine leaving the statement broad >>> but that's about the only topic in the resolution we should discuss so >>> I wanted to make sure that we agree with it. >>> >>> Kalle >>> >>> >>> On Thu, Aug 5, 2010 at 11:35 AM, Les Hazlewood <lhazlew...@apache.org> >>> wrote: >>>> Yeah, I just copied Cayenne's resolution and changed only what >>>> absolutely needed to be changed to make it Shiro-specific. I thought >>>> this would be the 'safest' route to quickest approval since the >>>> Incubator graduation criteria page specifically recommended that it be >>>> used as an example from which we could create our own. >>>> >>>> And I'm surprised to hear the potential suggestion to limit our domain >>>> to only authentication and authorization. Session Management and >>>> Cryptography are two huge parts of the overall project! At least >>>> based on our project origins and current mission statement, Shiro is >>>> supposed to be the most comprehensive application security framework >>>> available. I personally feel that we should retain this mission, >>>> which is why I left the wording very general. >>>> >>>> Just my .02, >>>> >>>> Les >>>> >>>> On Thu, Aug 5, 2010 at 10:48 AM, Kalle Korhonen >>>> <kalle.o.korho...@gmail.com> wrote: >>>>> Back to the original matter now. I added Craig on the resolution and >>>>> didn't make other edits. I think it should be called "Project >>>>> Resolution" rather than "Graduation Resolution" but since it'd change >>>>> the url and only the content matters I didn't bother. I'm not a huge >>>>> fan of the fancy sentences either (I do not believe for a second that >>>>> legal language for some reason needs to be complicated) but I don't >>>>> think we have a lot of leeway in the matter and even if we did, it's >>>>> not worth the effort. While the resolution is not the same as a >>>>> mission statement, it includes a mission statement which is the only >>>>> part in it that matters to me and which we might want to expand on a >>>>> bit. Specifically the resolution says "The Apache Shiro Project be and >>>>> hereby is >>>>> responsible for the creation and maintenance of a software >>>>> project related to application security". Does that cover all and only >>>>> what the project and we are set to do? I don't have any exact >>>>> suggestions - it's a bit short but could do even as is. We could >>>>> though specifically limit our domain to "authentication and >>>>> authorization" - security as a whole is more than just those two >>>>> aspects. >>>>> >>>>> Kalle >>>>> >>>>> >>>>> On Wed, Aug 4, 2010 at 12:40 PM, Kalle Korhonen >>>>> <kalle.o.korho...@gmail.com> wrote: >>>>>> Thanks Les, will review. >>>>>> >>>>>> I don't want to turn this into a voting thread and I don't think we >>>>>> need a formal vote on it either, but +1 from me as well for Craig to >>>>>> stay on, we couldn't have gotten this far without him! >>>>>> >>>>>> Kalle >>>>>> >>>>>> >>>>>> On Wed, Aug 4, 2010 at 11:59 AM, Les Hazlewood <lhazlew...@apache.org> >>>>>> wrote: >>>>>>> A huge +1 from me for Craig joining the PMC. Thanks for offering Craig! >>>>>>> >>>>>>> Les >>>>>>> >>>>>>> On Wed, Aug 4, 2010 at 11:40 AM, Craig L Russell >>>>>>> <craig.russ...@oracle.com> wrote: >>>>>>>> >>>>>>>> On Aug 4, 2010, at 11:03 AM, Alan D. Cabrera wrote: >>>>>>>> >>>>>>>>> You are correct. Mentors do not automatically become project members. >>>>>>>> >>>>>>>> Correct. >>>>>>>> >>>>>>>> However, it's generally considered a good idea to have at least one >>>>>>>> Apache >>>>>>>> Foundation Member on each PMC. Often this is the PMC chair. Sometimes >>>>>>>> the >>>>>>>> mentors volunteer to stay on at least for a while to help the new PMC >>>>>>>> get >>>>>>>> settled. >>>>>>>> >>>>>>>> I'd be happy to help out by being on the new PMC if you'll have me. >>>>>>>> >>>>>>>> Craig >>>>>>>>> >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Alan >>>>>>>>> >>>>>>>>> On Aug 4, 2010, at 10:31 AM, Les Hazlewood wrote: >>>>>>>>> >>>>>>>>>> A quick note: >>>>>>>>>> >>>>>>>>>> I assume Mentors are not to be automatically listed as project >>>>>>>>>> members >>>>>>>>>> since their relationship with the project is to help through the >>>>>>>>>> incubation process, and (formally) their responsibility with the >>>>>>>>>> incubator podling is released upon graduation (per the last paragraph >>>>>>>>>> in the Graduation Resolution). >>>>>>>>>> >>>>>>>>>> This is *not* a reflection of any desire not to have them as project >>>>>>>>>> members should they wish to participate - it merely reflects my >>>>>>>>>> understanding of the role/scope of an Incubator Mentor. >>>>>>>>>> >>>>>>>>>> Cheers, >>>>>>>>>> >>>>>>>>>> Les >>>>>>>>>> >>>>>>>>>> On Wed, Aug 4, 2010 at 10:23 AM, Les Hazlewood >>>>>>>>>> <lhazlew...@apache.org> >>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> I've posted my initial draft of the Apache TLP Graduation Resolution >>>>>>>>>>> here: >>>>>>>>>>> >>>>>>>>>>> https://cwiki.apache.org/confluence/display/SHIRO/Graduation+Resolution >>>>>>>>>>> >>>>>>>>>>> Please review and comment. >>>>>>>>>>> >>>>>>>>>>> Thanks! >>>>>>>>>>> >>>>>>>>>>> Les >>>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> Craig L Russell >>>>>>>> Architect, Oracle >>>>>>>> http://db.apache.org/jdo >>>>>>>> 408 276-5638 mailto:craig.russ...@oracle.com >>>>>>>> P.S. A good JDO? O, Gasp! >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >>
