Thank you for bringing this suggestion to the mailing list, Samveen. There have been parallel discussions occurring in the GitHub issue and the mailing list and it is difficult to tell if everyone is following along with both discussions.
I agree that handing off the xCAT ecosystem to a new entity is a question that will need to be resolved if we can identify a new set of maintainers to continue the project. When discussing how we might handle handing off the project internally, Software in the Public Interest (SPI) was discussed as a possible avenue to pursue. If a critical mass of new maintainers can be achieved, I think there are a variety of options that would be workable. For package signing keys, I would suggest transitioning to a new set of keys and a public announcement about the transition. The interest in continuing the project is well received and IBM is interested in continuing to participate in the project in a reduced capacity if the project is able to continue. ________________________________ From: Samveen Gulati via xCAT-user <xcat-user@lists.sourceforge.net> Sent: Monday, October 2, 2023 1:52 PM To: xcat-user@lists.sourceforge.net <xcat-user@lists.sourceforge.net> Cc: Samveen Gulati <samv...@yahoo.com> Subject: [EXTERNAL] Re: [xcat-user] Announcement: xCAT Project End-Of-Life planned for December 1, 2023 Hi all, There are a few sticking points for handing off the xCAT ecosystem to any entity outside IBM. The important bits that I can immediately think of are as below: - Continuity of package repositories and Package signing keys. - Ownership of the Github XCAT2 organization and all attached resources - Project ownership of the Sourceforge project - Domains attached to xCAT (xcat.org et. al.) - License ownership >From IBM's perspective, all these need to be handed of to a trustworthy >entity, as any entity in control of this intellectual equity can easily >destroy the ecosystem at best, and easily and silently spread malware across >all the clusters at worst. My suggestion for a solution to this problem was that xcat community join an existing umbrella project that can ensure that both IBM as well as the community are safe and secure during and after any transition period (some more info at https://github.com/xcat2/xcat-core/issues/7405#issuecomment-1715422156 ). However, this will require some amount of prep work. If anyone has any experience with umbrella projects, it'll be great to have some guidance on how to proceed. Kilian Cavalotti (Stanford University HPC) checked with Stanford's organizational entities, but there isn't any entity that might be able to handle something like this. Apache's Incubator might be nice, but it's a long process, and the code will need to be re-licensed to something compatible with ASL to be allowed into the incubator. I haven't the legal skills to compare, but if someone has the bandwidth to audit the licensing, it would be another task off the ToDo list (which is yet to be made). In the meantime, I'm reading the docs at https://www.spi-inc.org/ already, but would greatly appreciate non-neophyte help. Regards, -- Samveen S. Gulati The best-laid schemes o' mice an 'men Gang aft agley, An'lea'e us nought but grief an' pain, For promis'd joy! -- Robert Burns (The best laid plans of mice and men often go awry, and bring nothing but grief and pain of the ..) _______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
_______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
