The Apache Software Foundation Board of Directors Meeting Minutes September 17, 2008 1. Call to order The meeting was scheduled for 10:00am (Pacific) and began at 10:01 when a sufficient attendance to constitute a quorum was recognized by the chairman. The meeting was held via teleconference, hosted by Jim Jagielski and Covalent. IRC #asfboard on irc.freenode.net was used for backup purposes. 2. Roll Call Directors Present: Bertrand Delacretaz Justin Erenkrantz J Aaron Farr Jim Jagielski Geir Magnusson Jr (except 11:34-12:03) William Rowe Jr Sam Ruby Henning Schmiedehausen Directors Absent: Greg Stein Guests: Paul Fremantle Kevan Miller (until 11:53) Brett Porter Paul Querna Noirin Shirley (10:06 to 11:52) Henri Yandell 3. Minutes from previous meetings Minutes (in Subversion) are found under the URL: https://svn.apache.org/repos/private/foundation/board/ A. The meeting of July 16, 2008 See: board_minutes_2008_07_16.txt Approved by General Consent. B. The meeting of August 20, 2008 See: board_minutes_2008_08_20.txt Approved by General Consent. 4. Executive Officer Reports A. Chairman [Jim] Foundation-wise, the last month has been relatively quiet. However, there are some outstanding issues related to board and board-level activities, such as contract renewals (past due and soon-due) and invoicing and payments. Note that an extension for filing our tax return was requested and handled by Aaron and Sam. It also worthwhile to note that many reports from PMC indicate projects which are simply "ticking along" with no real active development, but no real issues either. Is this an issue of stagnation, or simply the result of software which does what it is supposed to do, and that's good enough? The board list has mostly been quiet, with just a surge of activity recently regarding the "ACK policy" with PMC changes. I gave 2 small interviews over the last month, one regarding Open Source in general and the other about the ASF specifically. I am also currently working on the State Of The Feather talk scheduled for ApacheCon US. B. President [Justin] Most of my time over the last month has been dealing with a variety of sponsor-facing issues. I believe that this is an inevitable outcome of the growth of our sponsorship program. In coordination with the PRC (see their report this month), to help out with these tasks, sponsor relations should become a more active priority for HALO. However, due to the nature of the responsibilities of the office, I believe it is crucial that those of us with "titles" remain actively engaged with the sponsors so that they continue to feel that we, as a Foundation, are engaged with our sponsors at the utmost level. I will reiterate that Paul and Sander have been valuable additions to easing the burdens of this office. Paul has continued his very good job leading the infrastructure team. Sander, as detailed in his report, has continued to be of assistance in attending some events in Europe where my appearence was initially requested. I continue to thank them for their service! As discussed in earlier reports, the OSU OSL advisory group has begun in earnest and the members have begun providing their feedback and direction in regards to the direction of OSU OSL. A press release should be issued in the next month that will announce the formation of the group and will likely include a quote from me. I apologize, but I have not yet had the cycles to send out the contracts for renewal. I hope to do soon, but delegating this to someone else may be better. I do admit that such activities are highly prone to getting dropped by me and that's largely unacceptable. Finding a way to automatically delegate some of these "back-office" tasks would be appreciated. I will also note that I received many calls over the Labor Day weekend regarding our 'past due' invoice from Dell. These calls were not appreciated, and I would like to discuss how we are going to prevent similar recurrences in the future. I do continue to receive a few scattered pieces of mail from WF. Any correspondance has either been forwarded to the Secretary or a synopsis sent to the board mailing list. Our Sunstarsys and HALO contracts are up for renewal at the end of this month as well. It is my recommendation that both contracts be renewed. [bdelacretaz says: do we have a budget for reimbursing expenses for people (Justin and Sander for example) who represent the ASF at various events?] Action items: Jim to renew contract with Sec Assistant Sam to renew contract with Sunstarsys Justin to renegotiate contract with the Exec Assistant C. Treasurer [J Aaron] This last month has been a busy one for me and I'm still catching up on a number of tasks. As Jim mentioned, we've filled an extension on our taxes as I found some discrepancies between how I had been accounting for our pledges / donations versus previous years. This has required me to go back and rework the tax forms. The good news is that this month we have proper reports including accounts receivable and liabilities (credit cards). Notes about finances this month: - There have been *no* deposits via the lockbox - The accounts receivable represents the platinum sponsorship by Yahoo! and Microsoft. I've been in touch with both and we're just waiting for payments. Statement of Financial Income and Expense August 20 through September 17, 2008 TOTAL Ordinary Income/Expense Income Interest Income 244.61 Contributions Income Unrestricted 444.83 Total Contributions Income 444.83 Total Income 689.44 Expense Bank Service Charges 259.13 Contract Labor 1,800.00 Insurance 1,450.00 Program Expenses Public Relations Staff 2,222.22 Infrastructure Staff 6,000.00 Hardware Purchases 10,073.86 Total Program Expenses 18,296.08 Total Expense 21,805.21 Net Ordinary Income -21,115.77 Net Income -21,115.77 Statement of Financial Position As of September 17, 2008 Sep 17, 08 Aug 20, 08 $ Change % Change ASSETS Current Assets Checking/Savings Paypal 748.94 304.11 444.83 146.3% Wells Fargo Analyzed Account 71,708.73 96,442.32 -24,733.59 -25.7% Wells Fargo Savings 157,938.87 157,694.26 244.61 0.2% Total Checking/Savings 230,396.54 254,440.69 -24,044.15 -9.5% Accounts Receivable Accounts Receivable 200,000.00 200,000.00 0.00 0.0% Total Accounts Receivable 200,000.00 200,000.00 0.00 0.0% Total Current Assets 430,396.54 454,440.69 -24,044.15 -5.3% TOTAL ASSETS 430,396.54 454,440.69 -24,044.15 -5.3% LIABILITIES & EQUITY Liabilities Current Liabilities Credit Cards ASF Credit Card - Ruby 0.00 2,642.67 -2,642.67 -100.0% ASF Credit Card - Erenkrantz -19.95 494.99 -514.94 -104.0% Total Credit Cards -19.95 3,137.66 -3,157.61 -100.6% Total Current Liabilities -19.95 3,137.66 -3,157.61 -100.6% Total Liabilities -19.95 3,137.66 -3,157.61 -100.6% Equity Retained Earnings 261,975.10 261,975.10 0.00 0.0% Net Income 168,441.39 189,327.93 -20,886.54 -11.0% Total Equity 430,416.49 451,303.03 -20,886.54 -4.6% TOTAL LIABILITIES & EQUITY 430,396.54 454,440.69 -24,044.15 -5.3% Discussion items: Are sponsors tied to our fiscal year or calendar? Sponsorship starts at the point of sponsorship, and will often span fiscal years and calendar years. For this reason (among others), it makes sense to switch to accrual accounting. Jim to work with Aaron to close the loop on sponsor invoices Would it make sense to offload the data entry of the bill pay? Answer: no. Aaron to follow up on the Google SoC invoice (Re-)appointment of treasurer tabled, will revisit month to month. Aaron will continue in the interim. D. Secretary [Sam] 2 grants, 32 iclas, and 2 cclas were processed since the last report. Jim approved the updated minutes for July, and the minutes for August are now available. Craig Russell commented on the rate of typos in data entry. The specific document he chose to highlight was processed by the previous secretary assistant, but the issue exists equally with the current secretary assistant. It has not proven to be a problem with the infrastructure team, Sebb continues to his audit both of historical and realtime documents, and when people note typos, they are promptly fixed. While I'm continuing to monitor this, I'm not treating it as an problem at this time. The Secretary Assistant has been proceeding on the assumption that her contract was renewed, despite it expiring at the end of last month. She's on break from school Sept 27 through Oct 12, and while she will will focus on the backlog of scanning archived documents at that time, if there is other work that needs to be done, she has more free cycles during that period. While it was my intention to delegate bills received to the secretary assistant once the process was running smoothly, invoices continue to pile up in the svn:financials/Bills/received directory. I have yet to forward Justin's actual credit card to him. He has access to the numbers and security codes. If it isn't urgent, I'll take care of this at ApacheCon. Otherwise, I'll mail it now. I have not received any additional credit cards (Paul, Sander). Filed a form 8868 income tax extension. Sam to mail credit card to Justin. Sam to redirect commit messages for the bills directory to board E. Executive Vice President [Sander Striker / Justin] No report submitted. Executive officer reports approved as submitted by General Consent. 5. Additional Officer Reports 1. VP of JCP [Geir Magnusson Jr] See Attachment 1 2. Apache Legal Affairs Committee [Sam Ruby] See Attachment 2 3. Apache Security Team Project [Mark Cox / Sam] See Attachment 3 4. Apache Conference Planning Project [Lars Eilebrecht / Geir] See Attachment 4 5. Apache Audit Project [William Rowe] See Attachment 5 6. Apache Public Relations Project [Jim Jagielski] See Attachment 6 Geir notes that he too is on the OSCON program committee. Clarification: Wicket was not happy with the PRC 7. Apache Infrastructure Team [Paul Querna / Justin] See Attachment 7 Paul continues to work the issue on the incompatible drive trays. Additional officer reports approved as submitted by General Consent. 6. Committee Reports A. Apache APR Project [Bojan Smojver / Greg] See Attachment A B. Apache Archiva Project [Maria Odea Ching / J Aaron] See Attachment B Brett clarified that a public Archiva is just a running instance of the server. C. Apache Cayenne Project [Andrus Adamchik / Bill] See Attachment C D. Apache Commons Project [Torsten Curdt / Jim] See Attachment D E. Apache Excalibur Project [Carsten Ziegeler / Bertrand] See Attachment E F. Apache Felix Project [Richard Hall / Justin] See Attachment F G. Apache Gump Project [Stefan Bodewig / Henning] See Attachment G H. Apache Harmony Project [Tim Ellison / Greg] See Attachment H I. Apache HttpComponents Project [Erik Abele / Jim] See Attachment I Sam to follow up with Henk J. Apache iBATIS Project [Clinton Begin / Bertrand] See Attachment J K. Apache Incubator Project [Noel J. Bergman / Geir] See Attachment K Sam expressed a concern that Pig isn't focused on graduation. The board continues to be concerned over BlueSky. L. Apache Jackrabbit Project [Jukka Zitting / Henning] See Attachment L Henning to communicate that every project that uses Google Analytics needs to have a published privacy policy. M. Apache Labs Project [Stefano Mazzocchi / Bill] See Attachment M Bill notes that all crypto source code is subject to notification and export control, not simply "released" code N. Apache Lucene Project [Grant Ingersoll / Sam] See Attachment N O. Apache OFBiz Project [David E. Jones / J Aaron] See Attachment O P. Apache Portals Project [David Sean Taylor / Justin] See Attachment P Q. Apache Quetzalcoatl Project [Gregory Trubetskoy / Greg] See Attachment Q R. Apache ServiceMix Project [Guillaume Nodet / Jim] See Attachment R S. Apache Shale Project [Gary VanMatre / Sam] See Attachment S T. Apache SpamAssassin Project [Daryl C. W. O'Shea / J Aaron] See Attachment T U. Apache Synapse Project [Paul Fremantle / Justin] See Attachment U We talked about tracking IANA registrations, and decided not to pursue it at this time. V. Apache Tiles Project [Greg Reddin / Henning] See Attachment V W. Apache Tomcat Project [Mladen Turk / Geir] See Attachment W X. Apache Web Services Project [Glen Daniels / Bill] See Attachment X Bill to nudge the project to consider converting some of the bigger subprojects to top-level. Y. Apache Wicket Project [Martijn Dashorst / Bertrand] See Attachment Y Z. Apache XMLBeans Project [Cezar Andrei / J Aaron] See Attachment Z Committee reports approved as submitted by General Consent. 7. Special Orders A. Change the Apache Labs Project Chair WHEREAS, the Board of Directors heretofore appointed Stefano Mazzocchi to the office of Vice President, Apache Labs, and WHEREAS, the Board of Directors is in receipt of the resignation of Stefano Mazzocchi from the office of Vice President, Apache Labs, and WHEREAS, the Project Management Committee of the Apache Labs project has chosen by vote to recommend Bernd Fondermann as the successor to the post; NOW, THEREFORE, BE IT RESOLVED, that Stefano Mazzocchi is relieved and discharged from the duties and responsibilities of the office of Vice President, Apache Labs, and BE IT FURTHER RESOLVED, that Bernd Fondermann be and hereby is appointed to the office of Vice President, Apache Labs, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Special Order 7A, Change the Apache Labs Project Chair, was approved by Unanimous Vote of the directors present. B. Empower PMC chairs to change the membership of their PMCs without requiring explicit acknowledgement by the board. WHEREAS, the Board of Directors deems it to be in the best interests of the Foundation and consistent with the Foundation's purpose to delegate the ability to appoint the membership of Project Management Committees to the officers of the corporation given charge of them; NOW, THEREFORE, BE IT RESOLVED, that the Vice President positions charged with the management of the Project Management Committees of each of the Project Management Committees of the Apache Software Foundation are hereby assigned the further authority to and responsibility of appointing the membership of their respective Project Management Committees, and the responsibility of notifying the Board of Directors of any change of their respective Project Management Committees within forty-eight (48) hours each time the Committee's membership changes. This item was tabled until next month C. Establish the Travel Assistance Committee WHEREAS, the Board of Directors deems it to be in the best interests of the Foundation and consistent with the Foundation's purpose to establish an ASF Board Committee charged with promoting and facilitating attendance at events which are of interest to ASF projects by individuals within the ASF community at-large whom would otherwise not be able to attend due to financial constraints; NOW, THEREFORE, BE IT RESOLVED, that an ASF Board Committee, known as the "Apache Travel Assistance Committee ", be and hereby is established pursuant to Bylaws of the Foundation; and be it further RESOLVED, that the Apache Travel Assistance Committee be and hereby is responsible for organization and oversight of efforts to provide assistance, including but not limited to financial support, to individuals to attend events, as approved by the Apache Travel Assistance Committee, that are consistent with the ASF's mission to produce open-source software; and be it further RESOLVED, that Gavin McDonald shall serve at the direction of the Board of Directors as the chair of the Apache Travel Assistance Committee and have primary responsibility for managing the Apache Travel Assistance Committee; and be it further RESOLVED, that the persons listed immediately below be and hereby are appointed to serve as the members of the Apache Travel Assistance Committee: * Ross Gardler * Noirin Shirley * Nick Burch * Matt Benson * William A. Rowe, Jr. * Upayavira * Gavin McDonald Special Order 7C, Establish the Travel Assistance Committee, was approved by Unanimous Vote of the directors present. D. TAC Funding Requirements Proposal WHEREAS ApacheCon US 08 is an event for which travel awards should be granted in accordance with the purposes of the foundation, and WHEREAS The Travel Assistance Committee shall determine an application form suitable for interested individuals to apply for travel assistance and for the committee to score said applications in a fair and equitable manner, and NOW, THEREFORE, BE IT RESOLVED, that $30,800 be budgeted for travel and lodging to accommodate 20 travel award grants for the ApacheCon US 2008 event, based on reasonable airfare not to exceed $850 and assuming half the cost of accommodation between Nov 3 and Nov 8 (or cover the entire cost at double occupancy) and cover up to $550 for registration to the event. Special Order 7D, TAC Funding Requirements Proposal, was approved by Unanimous Vote of the directors present. E. HALO Worldwide Contract Renewal WHEREAS, the Public Relations Committee is responsible for organization and oversight of efforts to handle public relations, and WHEREAS, HALO Worldwide has been contracted to support the work of the PRC, and WHEREAS, the current 1 year contract expires as of September 30th, 2008, and WHEREAS, the Public Relations Committee has determined that the contract should be renewed for another 1 year term not to exceed $60,000; NOW, THERFORE, BE IT RESOLVED, that the Chair of the Relations Committee, Jim Jagielski, is hereby directed to proceed with contracting HALO Worldwide for the services necessary to support the work of the PRC. Special Order 7E, HALO Worldwide Contract Renewal, was approved by Unanimous Vote of the directors present. 8. Discussion Items * SpamAssassin is requesting that the current "intent for use" trademarks ("SPAMASSASSIN" and "POWERED BY SPAMASSASSIN") be filed as "actual use" trademarks. Larry Rosen has volunteered to do the necessary filing. The board approved the expense (expected to be less than $500). 9. Review Outstanding Action Items * Jim to follow up with Geir to work with QPid on rationale and licensing Update: Kept open * Jim to follow up with Grant re: TREC Update: Contacted Iadh Ounis and Ellen Voorhees regarding our hopes and intent. As of Sept 16th, have no heard back. * Geir to work with the PRC to work out how to pro-actively generate press interest around the JCP/TCK issue. Update: None so far. * Bertrand to review scheduling of podling reports with incubator. See https://issues.apache.org/jira/browse/INCUBATOR-78 Update: No news, but nothing's urgent either. People have been fixing the manually created schedule. * Aaron to follow up with Quetzalcoatl on the implications of this project going dormant. Update: Will morph into a discussion on an "Attic" project * Henning to follow up on hardware utilization report w/infrastructure Update: No update, did not find time. Will make time this month. * Jim to request that the Security team include the projects for which the vulnerability was reported in their reports. Update: Security team is aware of the request. * Aaron to follow up with Hivemind requesting clarification on what "no active" really means and asking for a new report to be submitted next month including this information. Update: Will combine with the "Attic" project action item * Henning to pursue a report for HttpComponents Update: Erik Abele adds his excuses and notes that he just added one for this month. * Justin to find out if the results of the Lenya developer meeting was made public (i.e., no binding decisions were made at the meeting). Update: Kept open * Bill to obtain clarification as to which library Santuario was talking about and as to whether they are following the process for IP clearance. Update: Clarified, addressing IP clearance confusion * Sam to pursue a either a board report from Shale, or a resolution to terminate the PMC. Update: Looks like we got a board report this month. :-) * Bill to seed a STATUS file with potential tasks, primarily for the Executive Assistant, but also potentially for the Secretarial Assistant, to pick up. Update: Will go into infrastructure/site/foundation * Jim to review the updated and annotated minutes for 2008_07_16. Update: Done 10. Unfinished Business 11. New Business 12. Announcements 13. Adjournment Adjourned at 12:16 p.m. (Pacific) ============ ATTACHMENTS: ============ ----------------------------------------- Attachment 1: Report from the VP of JCP There's really nothing of interest to report. This is a combination of end-of-summer doldrums combined with the disappointing stasis within the JCP itself. There are several of us on the EC that are still talking, still pushing and still hopeful we can unwedge things and at risk of appearing histrionic, save Java. There's an upcoming F2F next week, and while I have no idea what we might talk about other than rehash platitudes about adding "transparency" and "openness" into a future JCP, I'm hoping we'll find a nice place for dinner. I'll have more comments at the meeting. ----------------------------------------- Attachment 2: Status report for the Apache Legal Affairs Committee Things continue to run smoothly. I'm pleased with the number of active participants. An abstract question was asked about an ability to commit to a project given exposure to prior ideas from a previous employer. In general, such a situation causes us no major concerns, though the situation may vary based on the specific projects and specific employers in question. PDFBox was originally BSD licensed and obtained software grants from all of the primary authors. A question was asked regarding small contributions from people who they are no longer able contact. Given the size of the contributions in question, the original license, and the fact that reasonable efforts were made to locate such people, it was determined that this was not a concern. A FAQ was added that older versions of Apache software licensed under Apache Software License 1.0 are still licensed as such. Creative Commons Share-Alike Attribution version 3.0 license has been approved, provided the materials in question are unmodified. Previously, only the 2.5 version had been approved. A JIRA was opened on documenting release voting procedures. No owner. Larry helped resolve an issue where a company wished to rewrite our CCLA. Our policy is that we don't accept modified ICLAs or CCLAs. SyntaxHighlighter (LGPL) was approved for use on people.apache.org pages. Nobody seems to know the licensing status of BEA's StAX implementation, so most projects are simply routing around it. Larry has volunteered to register SpamAssassin trademarks. Given that the PRC and the SA PMCs are OK with this, if the board approves the expenditure, I'll tell him to proceed. David Crossley has produced a first draft of a project naming document. He's been on the list for over a year, and starting in July of this year has picked up his participation. Routine copyright/notice questions from Felix, CouchDB, JAMES and the Incubator. RSA's implementation of MD4/MD5 says one thing in their licensing headers and a quite different thing on their IETF IPR statement. I think we are covered, but we still need to settle how to document this properly. Bluesky inquired about moving away from some (unspecified) C++ Standard library implementation to STLPORT, presumably for licensing reasons. Everything I have heard to date indicates that we would be comfortable with either implementation. Google Analytics continues to be explored. Justin expressed an opinion that, while a bit stronger than I recall the board expressing, is one that I'm quite pleased and comfortable with: namely that we start from a presumption of data of this type being open to all, and work backwards from there -- making closed only what we must. A discussion has just started on the legal implications of contests involving prizes. If the prizes themselves are donated, and are substantial, we may have to consider such as targeted donations. ----------------------------------------- Attachment 3: Status report for the Apache Security Team Project There continues to be a steady stream of reports of various kinds arriving at security@apache.org. These continue to be dealt with promptly by the security team. Statistics missing for this month and will be updated for next month including the breakout of issues per project as requested at the last board meeting. ----------------------------------------- Attachment 4: Status report for the Apache Conference Planning Project General News ------------ * no general news ApacheCon US 2008 News ---------------------- * Several updates and improvements to the conference and social Web site have been and are still being made. Otherwise there are no news since last report. ApacheCon Europe 2009 News -------------------------- * We are working on getting the new CFP system ready, and the CFP announcement published. ApacheCon US 2009 News ---------------------- * no news since last report ----------------------------------------- Attachment 5: Status report for the Apache Audit Project No records received, ergo no action to take at present and nothing to report. ----------------------------------------- Attachment 6: Status report for the Apache Public Relations Project During the last month, initial discussions with OSCON were started regarding how the ASF could get more involved (and visible) at the conference. It was noted that Sam Ruby and Craig Russell are on the OSCON Program Committee. Since the initial query, there has been no update as of yet. A concall was held on September 9th between the PRC (attending: Justin, Sander and Craig) and HALO regarding the "next steps" in how to utilize HALO over the next few months in anticipation of the renewal of the contract later this year. The general consensus was that tasking HALO to primarily handle the Sponsorship relationship and renewals was of prime importance. Other tasks, such as PR review will (hopefully) by taken up by PRC members. Tuscany is currently working on a PR. Also being worked on is a Press Announcement on ApacheCon US and our "voluntourism" plans for the conference, drawing more people and more community participation for the event. The PRC was contacted regarding our opinion on whether to file the Actual Use documents for the SpamAssassin trademark. The PRC indicated that this was acceptable. A new Bronze sponsor is in the works. The PRC was made aware of an online store using the Apache Wicket mark without approval. The store was contacted and asked to stop. The Wicket PMC was then contacted to see if this was a mark usage that they would like to see; they indicated it was. The PRC indicated that we needed a formal agreement to allow for the use and drafted one. This issue is still in progress, but various members of the Wicket PMC are not happy with the speed in which this is being handled. A discussion was started on the PRC list regarding using some sort of tracking mechanism (eg: JIRA) to help coordinate activities. The HALO contract is up for renewal this month. A resolution has been added to the agenda authorizing the PRC chair to negotiate the renewal, which will be at the same rate as last year. Finally, the chair is getting quite upset that, even though the ranks and roster of the PRC increase, very few PRC members participate in activities or discussions or even help with various tasks or issues. Certainly having a JIRA (or similar) in place will help decrease the number of dropped balls, but what will really help is if more people were doing the juggling. HALO Report below: The activities below reflect the tasks undertaken during the 1-31 August 2008 timeframe. CONTENT DEVELOPMENT o (no ASF-issued announcements made during this time period) o Reviewed Tuscany draft announcement o Drafted outline of Sponsorship newsletter OUTREACH & LIAISON o Planning ASF Sponsor Liaison meeting at ApacheCon MEDIA RELATIONS/COORDINATION o Handled several press inquiries on general sponsorship process (triggered by July's Microsoft announcement) ----------------------------------------- Attachment 7: Status report for the Apache Infrastructure Team We've fallen a bit behind our machine upgrade schedule due mainly to persistent concerns over the stability of FreeBSD on eris (svn). The machines that need to be brought online are loki (a cold spare) and hermes (a drop-in replacement for the existing x345 which serves mail). Dealing with intermittent problems with the build process on the hudson zone. Transferred the vmsa vmware instance to a zone on odyne for performance reasons. Created roughly 2 dozen new committer accounts. Sebastian Bazley continues his work rationalizing foundation records and authoring supporting scripts. An issue came up regarding the ability, or lack thereof, of purging sensitive data from the svn repository. No action was taken at this time. Yahoo! has been in touch with us to resume talks about a build farm donation. ----------------------------------------- Attachment A: Status report for the Apache APR Project The activity on the project in the last 3 months (June 9 2008 to Sept 9 2008) was as follows: APR trunk: 29 commits APR util trunk: 67 commits APR 1.3.x: 36 commits APR util 1.3.x: 64 commits APR 1.2.x: 1 commit APR util 1.2.x: 0 commits APR 0.9.x: 3 commits APR util 0.9.x: 0 commits APR iconv trunk: 0 commits APR iconv 0.9.x: 0 commits site: 5 commits Current stable release of APR is 1.3.3, released August 14. There was another release (1.3.2) in this period, on June 23. Current stable release of APR util is 1.3.4, released August 15. There was another release (1.3.2) in the period, on June 23. There were no new APR iconv releases. The 1.2.x branches of APR/APR util are now obsolete and will not have any more releases. In this period the project was mostly busy fixing bugs in releases based on new stable branches. Talk about the new stable release already started, with clean compilation on MinGW platform flagged as one of the goals. And, of course, more bug fixing. Most recently, new work on apr_crypto implementations based on OpenSSL and Mozilla NSS has been committed to trunk. ----------------------------------------- Attachment B: Status report for the Apache Archiva Project Releases -------- * 1.1 was released on July 20, 2008. * 1.1.1 was released on August 11, 2008. * 1.1.2 release will be coming up in the next couple of days and development for 1.2 is also on-going. Community --------- * Discussions about setting up a public Archiva and a Planet Archiva blog aggregator have been going around the dev list. Issues ------ No board level issues at this time. ----------------------------------------- Attachment C: Status report for the Apache Cayenne Project Development * Wrapping up 3.0M5 release. * Google Summer of Code work completed. Our single Summer of Code project (student - Andrey Razumovsky, mentor - Kevin Menard) was a huge success, resulting in significant improvements made to CayenneModeler GUI mapping tool. Andrey expressed the intention to further participate in Cayenne past the Summer of Code program. Community * Activity on the user and development lists has been steady. ----------------------------------------- Attachment D: Status report for the Apache Commons Project General ======= o Activity: all time low on both the user and dev mailing lists o Commons-compress and git: We have a contributor that already has a CLA on file. He has been the top commons-compress contributor for a while. Making him a committer has not felt appropriate yet (for various reasons). While most design discussion where still on the list some discussions ended up offlist via IM due to personal contact. Another contributor and committer (in fact me - Torsten) has been mentoring him hoping to keep him involved and lead him to a release. Unfortunately this turned out to be a major rewrite. So we ended up sending code back and forth as working together in svn wasn't an option. When this got too cumbersome we used git to share the code. Now when someone else turned up to help out the question came up how to deal with the new codebase. While legally all contributors have a CLA on file and the full history is available this 'incident' has been perceived as negative by the PMC in general. As all code should be covered by the CLAs it has been accepted into svn as a new branch anyway. Development will continue from there. o Component commons-exec has been promoted to proper http://mail-archives.apache.org/mod_mbox/commons-dev/200806.mbox/%3c48650EF8.9010905@gmx.at%3e o Vote passed to accept flatfile codebase as a new sandbox component - now awaiting IP clearance. http://mail-archives.apache.org/mod_mbox/commons-dev/200808.mbox/%3c596611.56279.qm@web55106.mail.re4.yahoo.com%3e Releases ======== o JXPath 1.3 http://mail-archives.apache.org/mod_mbox/commons-dev/200808.mbox/%3c369853.24376.qm@web55108.mail.re4.yahoo.com%3e o BeanUtils 1.8.0 http://mail-archives.apache.org/mod_mbox/commons-dev/200808.mbox/%3c55afdc850808310837w5f4aa2d9sccd8c625b6f28d65@mail.gmail.com%3e o commons-build-plugin 1.1 http://mail-archives.apache.org/mod_mbox/commons-dev/200807.mbox/%3c55afdc850807150911u464ef913g86651e2489b2e46e@mail.gmail.com%3e o commons-parent 11 and commons-sandbox-parent 7 http://mail-archives.apache.org/mod_mbox/commons-dev/200807.mbox/%3c55afdc850807210648k574dafc0lbe2a689bb3808d@mail.gmail.com%3e Community ========= o No new sandbox committers o No new committers o No new PMC members ----------------------------------------- Attachment E: Status report for the Apache Excalibur Project There are no known issues. Excalibur is stable and used by some projects. Again, this quarter was very quiet with zero activity, neither in the mailing lists nor in subversion (and no releases of course). While this quietness reflects the state of the code (stable with no need for changes, updates) it also shows that there is no high interest in it anymore. Heavy users of Excalibur like Cocoon are moving to other solutions (just because there is newer stuff out there - which is good), so sooner or later we have to think about the future of Excalibur as a project. But for now I think we should just continue for some months and decide sometime next year if putting the project to a rest is a better option. ----------------------------------------- Attachment F: Status report for the Apache Felix Project Community * Presented iPOJO at the OSGi Community Event in Berlin in June. * Added committers Edward Yakop and Makas Lau for Log Service contribution. * Received a contribution from Dieter Wimberger for a bundle that provides simple remote telnet access to the Felix shell. * Receiving web site documentation contributions from Richard Jackson; Richard has been granted karma to modify the wiki for his contributions. Software * Still working on incorporating the new Log Service contribution from PAX; largely delayed due to a naming issue and lack of time. * Release version 1.2.0 of Felix (includes Framework 1.2.0, Main 1.2.0, Shell 1.0.2, Shell TUI 1.0.2, Bundle Repository 1.2.0). This release marks the first steps toward bundle fragment support in Felix, which is one of the last major hurdles to full OSGi R4 specification compliance; however, there is still plenty of work to be done to complete this feature. * Released various other subprojects (e.g., iPOJO, UPnP, SCR, Maven SCR Plugin, Maven Bundle Plugin, File Install). * Working on creating an official bundle repository to make it easier for the community to use subprojects. Licensing and other issues * None. ----------------------------------------- Attachment G: Status report for the Apache Gump Project Infrastructure: * no news is good news. Technical: * the installation is happily chugging along but no active development Other: * still all Apache committers have access to metadata in svn. * no releases. ----------------------------------------- Attachment H: Status report for the Apache Harmony Project Summary ======= The Apache Harmony project delivered another milestone release containing Google Summer of Code contributions, bug fixes, and a notified security fix. The community is quiet but steady at the moment. The lack of a JCK continues to be an issue for Harmony. Development & Releases ====================== Development continues to be focused primarily on the Java 5 SE code stream and associated development tooling, with work on the Java 6 SE stream being limited to core areas of the class library. Work on the VM, JIT, and GC has slowed noticeably. Milestone build 5.0M7 was declared on August 21, 2008. This milestone includes a number of fixes and enhancements, as evidenced by over 125 JIRA issues resolved and over 600 commits since our last milestone published at the start of May. Noteworthy enhancements include: * improved performance, especially in object serialization and pack200 decoding. * a new 'javap' tool for class file disassembly, and good progress on 'policytool' the security policy management tool. * lots of fixes in the Swing widget toolkit. Six Google Summer of Code projects were assigned for mentoring by members of the Harmony community, but only two of those completed. We would particularly like to thank AndrĂ¡s Belicza (policytool) and Tharindu Mathew (Swing enhancements) for their contributions to the project! Security ======== In July, the ASF security group advised the Harmony PMC of a vulnerability in our code. The issue is fixed in the milestone 7 release. The details of the vulnerability have not been fully publicly disclosed yet. Community ========= The community continues to operate in a healthy manner, with a noticeable quiet period over summer. We are pleased to see some Harmony code is being used in Sun's performance release of Java SE 6 (an improved TreeMap), and work done in the JikesRVM 3.0 project that enables that VM to run Harmony class library code. There were no changes to committers or PMC membership during this period. There are currently 38 committers, ~18 of whom were active this period. ----------------------------------------- Attachment I: Status report for the Apache HttpComponents Project -- Status -- There are no items needing immediate attention of the board except to note that we've missed the last report due to my fault - I'm again very sorry for that. Fortunately Oleg Kalnichevski immediately stepped up to make sure that we are not missing it again this months - thanks! -- Releases -- We have had one release since the last report: 29 August 2008 - HttpComponents HttpClient 4.0 beta 1 -- Community -- No arrivals or departures. We have been getting a reasonable amount of feedback and contributions in terms of patches and development ideas. A number of patches have been contributed by the users of Apache Synapse. Several committers on the project expressed willingness to support the incubation of the Droids project, currently at home at Apache Labs. Droids is an intelligent standalone robot framework that may become a part of the HttpComponents community after incubation. An alternative destination of Droids may be the Lucene TLP in case a too strong emphasis on the HTTP protocol proves to be too constraining for Droids. There is quite some activity on both user and developer mailing lists. Overall the whole community looks and behaves quite healthy. -- Migration -- Items still in work: - finalize and approve project bylaws - re-instate deployment of website via Subversion (currently deployed by Maven due to TLP migration) -- Development -- HttpClient beta1 has been released. The first beta brings yet another round of API enhancements and improvements in the area of connection management. Among the most notable ones is the capability to handle stateful connections such as persistent NTLM connections and private key authenticated SSL connections. This is the first API stable release of HttpClient 4.0. All further releases in the 4.0 code line will maintain API compatibility with this release. General Notes. HttpClient & HttpCore are now shipped with the Google Android platform. We see this a major endorsement of our work. The project is also still waiting for an answer from MS in regard to the licenses required for an implementation of NTLM. We have been quiet about that in the last couple of months but will try to resume activity in this area around ApacheCon US. ----------------------------------------- Attachment J: Status report for the Apache iBATIS Project iBATIS is currently undergoing its greatest evolution since its creation six years ago. The iBATIS 3.0 Core is a complete rewrite and a significant redesign of the foundation of iBATIS. The new Core enables new APIs to be built on top of the iBATIS framework more easily than predecessors, which were heavily bound to an XML based configuration. Two new APIs have already been developed: a Compatibility API (for 2.0 backward compatibility), and the new Monarch API. The iBATIS 3.0 Compatibility Kit runs the full iBATIS 2.0 unit test suite. The core itself includes over 500 tests of its own, thus doubling the number of tests and significantly improving the test coverage overall. The Monarch API will bring iBATIS into 2009 with full support for JDK 1.5 language features and modern configuration and development paradigms. iBATIS.NET has aligned its version numbers with iBATIS, and thus its next major version will be 3.0 as well. iBATIS.NET will implement the same features as the Monarch framework as described on the iBATIS 3.0 Whiteboard Wiki and is is actually closer to a beta release than its Java counterpart. RBatis will likely be deprecated and replaced with Ruby bindings for JRuby that will run on top of the iBATIS 3.0 Core. It is our intention to also consider Groovy and even JavaScript bindings. The iBATIS team has changed since the last board report. This is the first board report by Clinton Begin as iBATIS Chair. Ted Husted will remain a PMC member. Roberto Rabe has stepped down from the iBATIS PMC and has entered emeritus status. Sven Boden, Brice Ruth and Jon Tirsen have also entered emeritus status. ----------------------------------------- Attachment K: Status report for the Apache Incubator Project The Incubator continues to run smoothly. In the large, we have good participation and oversight from the PMC. PhotArk and Etch are in the process of getting started. Qpid and UIMA are working on putting out new releases. CouchDB is in search of new/additional Mentors. As mentioned in the August report, we continue to have concerns about BlueSky, which failed to formally report again this month. However, there is an e-mail on their list that indicates that they are hearing our concerns, and are starting to take some steps towards improvement and resolution on the issues, q.v., http://www.mail-archive.com/bluesky-dev@incubator.apache.org/msg00245.html. *** The PMC is reminding all Incubator projects that an important item for the report is what needs to be done to satisfy graduation requirements. *** ------------------------------------------------------ === BlueSky === Did not report. From the developer mailing list, we have the following status comments: - Two modules of the project,that is DTU and Tserver, have been modified by using stlport to replace gpl based c++ code expected for some minor mistakes. - The official website has been updated and formal reports are added. - We strive hard to learn the related contents of how to incubate successfully. === JSecurity === JSecurity is a powerful and flexible open-source Java security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. JSecurity has been incubating since June 2008. Since last month, a new external release has been issued (0.9.0-RC2), and some bug fixes, and discussion about the configuration format. The code source should be injected to the Apache repository soon, when the external 0.9.0 release will be out. It's a matter of days, may be a week, accordingly to the latest discussion on the mailing list. JIRA is set up, but it should be used. The status is being maintained at http://svn.apache.org/repos/asf/incubator/jsecurity/STATUS === log4php === log4php is a port of the log4j package for PHP. Very limited activity over the last 3 months. 3 external patches, provided via JIRA were submitted in September, and these are in the process of being vetted and will likely be committed. There are external users but almost no activity on the mailing lists. Incubating since 07/2007 === Pig === Pig is a platform for analyzing large data sets that consists of a high-level language for expressing data analysis programs, coupled with infrastructure for evaluating these programs. The salient property of Pig programs is that their structure is amenable to substantial parallelization, which in turns enables them to handle very large data sets. * Pig's infrastructure is in good shape. We just announced our first release from the incubator Pig 0.1.0! In addition, a major system redesign is underway that introduces type system, improves performance, and provides better platform for future work. The rework is expected to complete in October 2008. * The development community is growing with addition of Daniel Dai as a new committer. More work needed to attract developers to the project. * The user community is also growing with more activity on the user mailing list. In addition, a tutorial and user function repository were added to help users to come up to speed on the product. Also there is ongoing work on the user documentation. Incubating since: October 2007 === RAT === Did not report. === River === River is aimed at the development and advancement of the Jini technology core infrastructure. Jini technology is a service oriented architecture that defines a programming model which both exploits and extends Java technology to enable the construction of secure, distributed systems which are adaptive to change. This reporting period showed almost no activity, which is quite disappointing. Based on the question by one of our mentors "What's up with River" it became clear some active committers were forced to downsize their participation due to being drowned by other activities, in case of many of the Sun committers this is due to a change of jobs. There are however signs that others, well known in the Jini community, want to lend their hand and help with getting out our next release. Things that needs to be done before graduation: * the API in the {{{com.sun}}} namespace must be changed to {{{org.apache}}}, probably has to await the incorporation of patches lingering around and after our automated test framework is in place * overall participation of non Sun committers must increase and we should grow our community by getting more people involved Incubating since: December 2006 === Shindig === Shindig is a reference implementation of the !OpenSocial and gadgets stack. Incubating since: 2007-12-06 High-level status summary: Shindig preparing for an incubation release of the v0.8 !OpenSocial spec * On track for an incubation release of Shindig on September 30, compliant to !OpenSocial v0.8.1 * Active community, code base is maturing well, and is in use by many very large sites * Apache-provided Zone is up and running * 2 new committers, actively seeking more * Top 2 things to resolve prior to graduation: * Improve diversity of committers (progress, but on-going) * Run through at least one release (0.8 release will be a good one) === Hama === Hama is a parallel matrix computational package based on Hadoop. Incubating since: 19 May 2008 * The Hama website was published. * The automated CI server for Hama integration builds was installed. * The users were beginning to evaluate/report the function and perfomance of the Hama. We need to make a guide for the users and developers. === Empire-db === Apache Empire-db is an Open Source relational data persistence component which allows database vendor independent dynamic query definition as well as safe and simple data retrieval and updating. Empire-db entered the incubator on July 8th, 2008 - we've finalized migration from sf.net to apache - commits are coming in - issue tracker is being used - first release tries to go through the incubator - no new additions to the committer roster or ppmc === PhotArk === Apache !PhotArk will be a complete open source photo gallery application including a content repository for the images, a display piece, an access control layer, and upload capabilities. PhotArk has been accepted for Incubation in August 19. SVN, the mailing Lists and Committer accounts are ready. The Community is just starting to work on website and initial code. ----------------------------------------- Attachment L: Status report for the Apache Jackrabbit Project Apache Jackrabbit is a fully conforming implementation of the Content Repository for Java Technology API (JCR, specified in JSR 170). The Apache Jackrabbit project is in good shape. We have no board-level issues at this time. o Releases No releases were made since the last report. o Legal We use Google Analytics to track usage of our web site. We are working with site-dev@ and legal-discuss@ to resolve the recent concerns about how the site usage data can be made available equally to everyone. o Community No new committers or PMC members were added since the last report. There has been a decrease in mailing list and commit activity in the past quarter and we've seen some cases of issues or questions being dropped. This is partly because of the summer vacations but also due to a number of core committers having been otherwise occupied. We'll keep an eye on the situation and expect things to normalize soon. We will participate and present Apache Jackrabbit in the upcoming ApacheCon US. o Development We keep working towards Jackrabbit 1.5 in near future and Jackrabbit 2.0 (and the JSR 283 reference implementation) later on. o Infrastructure No issues at the moment. ----------------------------------------- Attachment M: Status report for the Apache Labs Project It was a mostly quiet quarter for the Labs project with two or three highlights worth noting. = Labs statistics = - new: 2 - JaxMas (est. 2008-07, PI: Jochen Wiedmann) - Magma (est. 2008-09, PI: Simone Gianni) - status changes (last 3 months): 0 - total number: 23 - active: 22 - idle: 1 - promoted: 0 - completed: 0 - labs with commits: pinpoint, droid, vysper, jaxmas = Cryptography = We asked every lab for information about whether it includes cryptographic software. It is still an open work item to complete this process by recording this information at the right places and issue notification emails. = Change to the PMC chair = On the public list, Stefano Mazzocchi announced his intention to step down as PMC chair due to time restrictions. New candidate(s) were drafted and finally Bernd Fondermann was voted as PMC chair candidate on the public list. A special order draft to change the PMC chair was brought before the board for your kind consideration. = New labs = A new lab, JaxMas, was conceived by Jochen Wiedmann. JaxMas is a "poor mans JAXR provider for running JAXR based unit tests". Another new lab, Magma, was concieved by Simone Gianni. Magma is a "research about using AOP on the front line to provide an integration framework for Apache technologies" = Droids planning to move out = Lab Droids (est. 2007-02, PI: Thorsten Scherler) is considering moving on to the Incubator. Currently, the lab is preparing incubation, including drafting a proposal at the Incubator Wiki and looking for a champion and mentors. We are very excited about that, since providing an ecosystem for projects on the way from the first line of code until incubation is one of the goals of the Labs project, and Droids - if successful - would be the first lab to follow this path ultimately. Some discussion came up, here and on the Incubator's general list, about the process how to proceed with labs aiming to become a project's subproject, instead of going TLP. According to our bylaws, going through the Incubator is inevitable. And the Incubator surely is the right place to determine how to properly deal with that. ----------------------------------------- Attachment N: Status report for the Apache Lucene Project === Lucene Status Report: 17th of September, 2008 === TLP The TLP has accepted a software grant to bring geographic search capabilities to Lucene and Solr. CRYPTOGRAPHY Nutch uses PDFBox and thus has a dependency on BouncyCastle. https://issues.apache.org/jira/browse/NUTCH-621 has been opened and is in process. Steps 1 through 3 have been completed and the Nutch team is completing step 4. LUCENE JAVA Lucene Java is a search-engine toolkit. Development has been active and we are nearing the release of 2.4. SOLR Solr is a full text search server. Development and the community is active. Shalin Shekhar Mangar was added as a committer. Solr 1.3 will be released in the next few days. NUTCH Nutch is a web-search engine: crawler, indexer and search runtime. Development activity (measured by number of commits) has been low, mainly bug fixes and minor enhancements. There are however some nice new exciting features, currently under discussion attached to Jira. LUCY Lucy will develop a shared C-based core for ports of Lucene to other languages, such as Perl, Python and Ruby. No progress has been made this quarter, but we have been in contact with the committers and they are still interested in the project and plan to be more active in the near future. LUCENE.NET (incubating) No change since last report. There is some brewing of bringing in a couple of new committers, but no official action on that yet. This project does seem to have a small community of users, with the occasional tricky question posted to the e-mail list. It's a fairly straightforward port, so several that have needed help with it have asked general questions in the java-user@lucene community. TIKA (incubating) Apache Tika is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Tika is discussing graduating from the incubator. MAHOUT Apache Mahout is a new subproject of the Lucene PMC with the goal of building a suite of scalable machine learning libraries for text and data mining. We know have Map-Reduce implementations of several clustering algorithms, 2 classification algorithms based on bayesian statistics and support for scaling fitness functions in genetic algorithms. We had 2 successful GSOC students participate over the summer. We are nearing our first, 0.1, release. ----------------------------------------- Attachment O: Status report for the Apache OFBiz Project Report for Sep 2008 for OFBiz (Open For Business) as a top level project. The Apache Open For Business Project (Apache OFBiz) is an open source enterprise automation software project. By enterprise automation we mean: ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM, and so on. We have no issues that require Board assistance at this time. Community: - There have been no new committers or PMC members since the last report. - A lot of activity (and new subscribers) both in the user and dev mailing lists. - We put considerable effort in defining the schedule for the OFBiz Symposium @ ApacheCon US 2008; several contributors from a wide variety of organizations will present 2 days of OFBiz conference and BOF sessions, and there will be 2 training courses on the Mon/Tue before the conference; there has been a refreshing amount of interest in the event and participation in presentations and attendance is looking really good. Project: - New features and enhancements have been added by different committers and contributors, including a new special purpose application (MyPage). - We have established a focus on framework cleanups and business application enabling features in preparation for a release; this is continuing, though with slower progress due to (apparently) a busier than normal season for OFBiz related consulting services, though that is also a good sign for the long term growth and stability of the community; the goal is to prepare for a versioned release of the framework instead of all of OFBiz in order to narrow the scope and make it easier to define and monitor, and once done the hope is that this will help popularize the OFBiz framework and further grow the user and contributor communities around the project. ----------------------------------------- Attachment P: Status report for the Apache Portals Project -- New releases -- Pluto 1.1.6 - Aug. 11, 2008 -- New committers -- none -- Status -- 1. Pluto Refactoring Work is in progress on the Pluto 2.0 SPI Refactoring branch. The goal of this branch is to bring Pluto trunk and Jetspeed trunk back in alignment. A little history: Pluto 1.x, a new architecture severely broke backward compatibility with the previous 1.0 API and SPI by replacing the container object model (OM) interfaces with directly and hard coded use of the new Deployment Descriptor based *classes*, and almost all SPI Factory interface usages have been replaced by direct and Pluto container internal (only) instantiation of singletons or Portlet API implementation classes. These changes "broke" Jetspeed, as it was coded to the more pluggable 1.0 API/SPI. To make a long story short, we hope to have the SPI Refactoring branch merged back in this summer and Jetspeed and Pluto back in alignment from the trunks. We hope to complete this work by ApacheCon. 2. Pluto JSR-286 Portlet API 2.0 Specification Release Work is also near completion on the Portlet API 2.0 specification implementation. One the Pluto Refactoring branch is ready, it will be merged in and we will work towards releasing a Portlet API 2.0 compliant release of Pluto. We hope to complete this work by ApacheCon. 3. Apache Con, Portals meetup We are planning another meetup for New Orleans, perhaps again with the Wicket team, like we did in Amsterdam 4. Jetspeed-2 Continued work towards a 2.2 release this summer and merging with the Pluto Refactoring branch when available. Lots of commits in the last two weeks on the security refactoring. ----------------------------------------- Attachment Q: Status report for the Apache Quetzalcoatl Project Things continue to be very quiet on the Quetz/mod_python front. No new releases have been made since the last report and none are planned for the near future. ----------------------------------------- Attachment R: Status report for the Apache ServiceMix Project Since the last report, ServiceMix has released the following things: * First set of OSGi bundles * ServiceMix Specs 1.0.1 * ServiceMix 3.2.2 * ServiceMix Kernel 1.0.0-rc2 * Second set of OSGi bundles * ServiceMix Specs 1.1.0 * depends-maven-plugin 1.0 (a maven plugin used in some of our projects) * ServiceMix Kernel 1.0.0 is currently under vote The ServiceMix Specs project contains OSGi enhanced versions of some Java EE specifiations. Those are mostly repackaged versions of ASL licensed specs, but it also contains full code of some specifications too (the JBI specification and the JAXB specifications that were needed to be able to enhance them for OSGi). We've discussed moving at least those JAXB specs to Geronimo, but no work has been done on that so far. The ServiceMix Bundles project contains jars repackaged as OSGi bundles which are used in ServiceMix 4.x. The JBI components from ServiceMix 3.x have now been extracted into their own svn subtree to be able to release them independently and share them between ServiceMix 3.x and 4.x. The short term goal is to release those as well as ServiceMix 3.3 and new milestones of ServiceMix 4.0 in the coming weeks. The ServiceMix zone has been set up and we will work on putting live demos of ServiceMix when time permits. ----------------------------------------- Attachment S: Status report for the Apache Shale Project Shale is still working towards the 1.0.5 release. All the artifacts are published to the Maven repo and the mirrors. The only thing lacking is updating the website. There has not been a lot of activity on the mailing lists over the past several months. Questions are being responded to but few patches offered. Shale has two subversion branches, 1.0.x, 1.1.x. Shale's subversion trunk his positioned at 1.1.0-SNAPSHOT. This branch holds a few enhancements that are not found in the 1.0.X branch. In particular, there are some features added to the test framework that are not offered in the 1.0.5 branch. There has not been any recent release planning for the 1.1.x branch. Shale contains several subprojects. We recently voted to discontinue support for the tiles integration subproject. Apache MyFaces Tomahawk has provided an integration library that is more current providing support for JSF 1.1 and 1.2. Several of the Shale projects have been discussion points for JSF 2.0 planning. The following is a list of Shale libraries/sub projects along with recent issues or discussion points: * Application Controller - This project uses Apache Common Chain to add pluggable filter chaining. MyFaces Trinidad has a similar strategy used for installing decorators and other pluggable services. * Clay - Shale brought in an eclipse plugin to manage Clay's xml metadata. This was fast-tracked through the incubator. This plugin is still in the sandbox. JSF 2.0 will provide an alternative to JSP for view composition. The proposed solution will not have some of the features in Clay but will be part of the core JSF Runtime. * Core Library - All other shale libraries have a dependency on this library. * Dialog Manager - There was a recent reported serialization issue on the mailing list. The person reporting the issue was not able to help with the problem resolution. * Dialog Manager SCXML - This project provides an alternative base Dialog Manager implementation using Apache Commons SCXML. * Remoting - The JSF 2.0 experts group is reviewing this project. * Spring Integration - Adds Spring's IOC container into the EL resolver chain. Spring 2.0 provides the same integration with JSF. * Test Framework - There has been a lot of interest in this library. This is one of the few libraries that have not been re-invented by other projects. Many in the Myfaces community would like to move this library under their umbrella. Unfortunately, there has not been many recent patches or contributions offered. * Tiger Framework - The JSF 2.0 experts group is reviewing this project. * Validator Support - This project utilizes Commons Validator to build JSF validators and converters. The client-side validation is the most popular feature. Unfortunately, JSF doesn't make it easy to provide rich validators that are not coupled with a component library. * View Controller - This project was based on JSF 1.1 and one of the original Shale libraries. It extends the JSF lifecycle. This became less important as JSF 1.2 provided support for before and after phase listeners attached to the view and the ability to extend the JSF lifecycle. Another feature that View Controller attempted was better exception handling. This is also a topic being discussed in JSF 2.0. ----------------------------------------- Attachment T: Status report for the Apache SpamAssassin Project - we released Apache SpamAssassin 3.2.5 on June 12, 2008 - not a lot of development over the summer, which has been a slow period for us over the last few years - we've vacated the "vmsa" VMWare instance to take our load off of that machine and moved into a new solaris zone on odyne - I took over as PMC chair from Justin Mason, thanks Justin! - we're in the process of getting PRC, legal and then board approval to get "actual use" documents filed for our existing "SPAMASSASSIN" and "POWERED BY SPAMASSASSIN" "intent to use" trademarks filed; apparently this will be inexpensive and we have some volunteers on the legal list to get this done ----------------------------------------- Attachment U: Status report for the Apache Synapse Project Notable Happenings: ------------------------------ We voted in two new committers: Asanka Abeysinghe and Afhkam Azeez. We registered two ports (8280 and 8243) as with IANA http://www.iana.org/assignments/port-numbers Releases ------------- We haven't done a release since the last board report, but we expect to do one before the next board report. Community ---------------- We believe the community is continuing to grow in terms of mailing list traffic, JIRA contributions, patches. We continue to have an excellent relationship with the HTTPComponents project and wish to thank them for all the help and assistance they have given Synapse with our HTTP transports. Export controls ---------------------- We have now done our TSU notification and the latest release has the correct documentation. The next release will ship with the BouncyCastle JAR that excludes the patented IDEA algorithm. ----------------------------------------- Attachment V: Status report for the Apache Tiles Project Tiles 2.1.0 has been released. It is a beta quality release that contains some significant enhancements and new capabilities. The documentation is the main factor that prevents 2.1.0 from achieving the GA quality label. Work is continuing on that front. No new committers or PMC members have been added this quarter. Martin Cooper stepped down from the PMC. Mailing list traffic remains steady with many questions from users. We are still hoping some of these contributers will start submitting patches and increase their involvement in the community. The project could use a few more active committers. ----------------------------------------- Attachment W: Status report for the Apache Tomcat Project Summary -------------- The project continues to be active on a number of fronts. There are no issues requiring Board attention at this time. Releases ------------- We cut a number of releases incorporating majority of our active branches. Tomcat 6.0.18 was released last month, both primarily bug fix and security fix release over the previous 6.0.16 release. Although we tagged 6.0.17 it wasn't released due to security fixes that were incorporated in 6.0.18. Tomcat Native connector 1.1.14 was released, primarily bug fix release over the previous 1.1.13 release. Tomcat Native connector 1.1.15 was released, fixing IPV4/IPV6 bug over the previous releases. Finally Tomcat 5.5.27 was released, fixing bugs and security issues over the previous 5.5.26 release. Security ------------ We've been working closely with security issue reports and the Apache Security committee on quickly replying to issues, resolving them, and coordinating public disclosures. The following security issues has been resolved: CVE-2008-1232 The message argument of HttpServletResponse.sendError() call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. 6.0.x: Fixed, released and announced 5.5.x: Fixed in the SVN and announced 4.1.x: Fixed in the SVN and announced CVE-2008-1947 The Host Manager web application did not escape user provided data before including it in the output. This enabled a XSS attack. 6.0.x: Fixed, released and announced 5.5.x: Fixed, released and announced CVE-2008-2370 When using a RequestDispatcher the target path was normalised before the query string was removed. 6.0.x: Fixed, released and announced 5.5.x: Fixed, released and announced 4.1.x: Fixed in the SVN and announced CVE-2008-2938 If a context is configured with allowLinking="true" and the connector is configured with URIEncoding="UTF-8" then a malformed request may be used to access arbitrary files on the server. 6.0.x: Fixed, released and announced 5.5.x: Fixed, released and announced 4.1.x: Fixed in the SVN and announced CVE-2008-0128 When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute. 4.1.x: Fixed in the SVN and announced Development ------------------- Development was concentrated mainly on security issues and fixing bugs for the current releases. We are currently in discussions to use some of the code Costin was working on for more then 3 years inside 'Tomcat Lite' branch. Mod_jk had a lots of bug fixes since last released version, so we plan to release a new version 1.2.27 this month. Community ----------------- After last quarter's new committers and PMC members, there were no changes the committership nor PMC membership this time. The new commit policy is working very fine, and we've been very active both in commit and release volume. ----------------------------------------- Attachment X: Status report for the Apache Web Services Project = Web Services PMC Report for September 2008 = Summary - activity is pretty steady in the Web Services community. A couple of new committers, a new PMC member, some new releases, nothing earth-shaking. Glen STILL hasn't sent the PMC-emeritus message to the members that were identified as inactive last round(!). === Notable Happenings === Deepal finally got the gumption up to move the transports out into a separate WS-Commons project - this enables two things, a) more modularity in Axis2, and b) Synapse will now be able to develop transports in WS-Commons as well, so we can share them in a more effective way. Colm OhEigeartaigh is a new committer on WSS4J. Fred Dushin, standard-bearer for WSS4J, was happily introduced into the PMC. The 1.4.1 release of Axis2 fixed a number of bugs, including some that were preventing Rampart from doing its job effectively. === Code Releases [since the last report] === * Axis2 1.4.1 * Axis2/C 1.5.0 * Rampart 1.4.1 === Subproject News === (I'm now including a summary of each subproject as requested last time - please let me know if this seems too verbose) No news below means nothing particularly notable for the board occurred this quarter. ==== Apache Axis2 ==== Apache Axis2 is the third generation Web service framework of the Apache Web service stack. A highly extensible message processing engine focused on SOAP messages, it includes plugins for services, transports, MessageReceivers, and Modules (message interceptors). The 1.4.1 release fixed quite a few bugs in 1.4, and enabled Rampart to move forward. We're continuing to do cleanup and refactoring as appropriate on the trunk in preparation for Axis2 1.5 which will be based on Java5. ==== Kandula ==== Apache Kandula is an implementation of Web Services Coordination, Atomic Transaction and Business Activity protocols. The project provides implementations for both Apache Axis (kandula-1 branch) and Apache Axis2 (kandula-2 branch) platforms. ==== Apache Axis ==== Apache Axis is a web services framework implementing the W3C SOAP standard. ==== Apache Woden ==== Woden is an open source Java implementation of the W3C WSDL 2.0 specification. Woden is working towards an M8 release. Woden has seen some more activity recently from new contributors including a restructing of the Woden source repository to follow Maven conventions. ==== JaxMe2 ==== JaxMe 2 is an open source implementation of JAXB, the specification for Java/XML binding. No notable happenings. ==== Apache Scout ==== Apache Scout is an implementation of the JSR 93 (JAXR), which is a java API to XML registries such as jUDDI. Status: We did an 1.0rc2 release which has brought us very close to making the final 1.0 release. ==== Apache jUDDI ==== jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI) specification for Web Services. Status: jUDDI is about to start the release vote on 2.0rc6. This might be the last rc before 2.0 can go final. Development on jUDDI 3 has started. jUDDI 3.0 will support the UDDI v3 API. Some major technology changes for jUDDI 3.0 are that it will leverage JAXB and JPA and hopefully generate a lot of code that was handcrafted in jUDDI 2.0. ==== Apache Rampart ==== Rampart provides the WS-Security and WS-SecureConversation support for Apache Axis2 using Apache WSS4J as the base. The configuration model uses the WS-Policy framework and supports WS-SecurityPolicy specification. "Rahas" module in Rampart implements the WS-Trust specification with a security token service implementation and a client API to carryout token exchanges with the security token service. ==== Apache Rampart/C ==== Apache Rampart/C is the security module for Apache Axis2/C. It's an effort to implement WS-Security Specification 1.0. Rampart/C also comes with an XML-Crypto library known as OMXMLSecurity. In addition Apache Rampart/C configurations are based on security policy assertions as per WS-Security Policy specificatoin 1.1 ==== Apache Sandesha2 ==== Sandesha2 is an implementation of WS-ReliableMessaging specifications for Apache Axis2. By using Sandesha2 you can add reliable messaging capability to the Web services you have hosted in Axis2. You can also use Sandesha2 with Axis2 client to interact with already hosted web services in a reliable manner. ==== Apache Sandesha2/C ==== Sandesha2/C is a C implementation of WS-ReliableMessaging specifications(both 1.0 and 1.1) for Apache Axis2/C projects. Sandesha2/C is inter operable with Axis2/Java implementation and .net implementations. ==== Apache Savan ==== Savan is a Publisher/Subscriber implementation for Apache Axis2. Some new work has been happening on Savan, including cleanup and some restructuring to get the sample working out of the box. ==== Apache Savan/C ==== Savan/C is a Publisher/Subscriber implementation for Apache Axis2/C projects written in C Language. ==== Apache Axis2/C ==== Apache Axis2/C is an effort to implement Axis2 architecture in C. Apache Axis2/C can be used to provide and consume Web Services. ==== Apache WSIF ==== Apache Web Services Invocation Framework (WSIF) is a simple Java API for invoking Web services, no matter how or where the services are provided as long as it is described in WSDL. ==== Apache WS-Commons ==== Apache WS-Commons is a collection of projects that are primarily used as parts of various WS projects but useful even outside the WS space. WS-Commons houses Apache Axiom - the streaming XML object model, Apache XmlSchema - an object model to manipulate XML schema documents, Apache Neethi - the WS-Policy implementation and various other smaller projects such as tcpmon. ==== Apache Muse ==== Apache Muse is a Java implementation of WS-ResourceFramework, WS-Notification, and WS-DistributedManagement. It provides code generation tools and APIs that aid users in creating standards-compliant interfaces for manageable resources. Muse-based interfaces can be deployed in a J2EE or OSGi environment. ==== Apache XML-RPC ==== Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. No notable happenings. ----------------------------------------- Attachment Y: Status report for the Apache Wicket Project Status report for the Apache Wicket Project September 2008 Apache Wicket is a Java framework for creating highly dynamic, component oriented web applications, and was established as an Apache project in June 2007. In memory of Maurice Marrink Our community was shocked by the tragic death of Maurice Marrink on August 1st, 2008. As the result of a tragic car accident, Maurice and his brother Michel passed away, and left a gaping hole in their family. Maurice joined the Wicket community in 2005, and was invited to join the Wicket PMC in March of 2008. His involvement in our community is sorely missed. I have spoken with his family and they are proud of his achievements for the Wicket community, and are comforted with the numerous tokens of support they received. The Wicket PMC is grateful to have worked with Maurice, he will be missed. Summary Work on 1.4 and 1.3.5 continues, mailing list traffic during the summer months was (fortunately) low, Wicket in Action was published. A grassroots effort for a Wicket merchandise shop is stalled in PRC. Community No new committers were added, but we have a couple of folks we are watching on the watch list. Nino Martinez Wael had opened a merchandise shop with Apache Wicket shirts, nappies, and mugs. The Wicket PMC was aware of this undertaking and welcomes this effort. Communication with the PRC however is difficult and slow, which has drained any energy Nino put forward into his effort. The Wicket community rejoices in the availability of Wicket in Action, written by Eelco Hillenius and Martijn Dashorst over the course of almost 3 years. This book has been anticipated for a very long time. Software No releases have been made in this period. ----------------------------------------- Attachment Z: Status report for the Apache XMLBeans Project On July 8, there has been a new official XMLBeans release v2.4.0 that included numerous features and bug fixes requested by the community. A few of the improvements in this release: . Finer grained support for CDATA . Upgraded support for Saxon 9 . Added more fine-grained control over XML to Java name mapping . Add support for JVM-supported encodings . Advanced XPath and XQuery support is provided through Saxon-9.0.0.4. . Bug fixes The community continues to grow both through presence on the mailing list but also by adding a new committer. The project voted this quarter on the addition of Wing Yew Poon as a new committer. There are no other issues requiring board's attention at this time. ------------------------------------------------------ End of minutes for the September 17, 2008 board meeting.