The Apache Software Foundation Board of Directors Meeting Minutes March 18, 2009 1. Call to order The meeting was scheduled for 10:00am (Pacific) and began at 10:02 when a sufficient attendance to constitute a quorum was recognized by the chairman. The meeting was held via teleconference, hosted by Jim Jagielski and Springsource. IRC #asfboard on irc.freenode.net was used for backup purposes. 2. Roll Call Directors Present: Bertrand Delacretaz Justin Erenkrantz J Aaron Farr Jim Jagielski Geir Magnusson Jr William Rowe Jr Sam Ruby Henning Schmiedehausen Greg Stein Directors Absent: none Guests: Paul Querna Jukka Zitting Gavin McDonald Henri Yandell Bill Stoddard (10:24 - 11:00) 3. Minutes from previous meetings Minutes (in Subversion) are found under the URL: https://svn.apache.org/repos/private/foundation/board/ A. The meeting of See: board_minutes_2009_02_18.txt Approved by General Consent. 4. Executive Officer Reports A. Chairman [Jim] We are less than a week away from ApacheCon EU 2009, which is note- worthy because it kicks off our decade of the ASF media push. Sally is coordinating interviews and other media-related engagements to promote this very cool event. The membership application for us to "join" W3C is still, at last check, still "in process." It feels good for us to be better at handling paperwork than other organizations! Both the board and member mailing lists have been relatively quiet. The foundation and the board are ticking along. I have sent a contract renewal to our current secretarial assistant for a duration of 3 months. It is expected that we will have our EA on board before the contract expires, and we can let the EA provide feedback on whether to continue the contract as well as what changes may be required. At present, I have not yet seen the contract filed, but there were issues with the faxing to the eFax line; If the SA has not rec'd it after I refaxed it on 3/17/09, I will scan and Email. I will be presenting and attending ACEU09, and have a number of interviews and meetings already setup. Sally will be coordinating my schedule for these events. B. President [Justin] This month has largely been focused on preparations for the upcoming ApacheCon in Amsterdam next week. Like Jim, I will be at ACEU09 in Amsterdam next week and I will also be relying upon Sally to help coordinate my schedule for the duration of the event. Conversations regarding ApacheCon continue with VP, ConCom and the producer. Late last month, we had a conversation with Karen Sandler from the SFLC and the producers. This was a very beneficial call as Karen helped to clarify the rules regarding sponsorships. There were also several calls related to the budget - largely focused on the upcoming event. As of now, AC EU is projecting to be at or near the break even point financially. Discussions about how to appropriately scope AC US to minimize financial risks in this economic climate will be had as part of the AC US planning meeting immediately after the conclusion of AC EU. I expect substantial progress to be made over the next month. I also helped Geir get set up with the associated Wells Fargo MyCEO access - he now has a 'dongle' and online access. Sam should be coordinating signer access for Geir. BUDGET COMMITTEE UPDATE: A preliminary budget is in Subversion. Both PRC and Infrastructure have discussed and submitted their requested allocations. Due to scheduling conflicts, the Budget Committee has not yet had a chance to review the total numbers yet, but since all members of the committee will be in Amsterdam next week, I am hopeful that we should be able to carve out some time to go over the numbers and come to a consensus within the committee. I still believe we are on track to have a budget to approve for April's meeting (next month). If any one has any comments on the budget, I would encourage that they share them sooner rather than later! ADMINISTRATIVE SEARCH COMMITTEE UPDATE: Sander (via email): "I've been working on a draft rfp, but disappointingly didn't come up with something presentable yet. I should have flagged that I had an issue with the round tuit supply chain the last weeks. That said, I think that next week f2f we can hash something out relatively quickly." Jim volunteered to help C. Treasurer [Geir] The transition between Aaron and myself is going smoothly. I have access to Wells Fargo CEO system, and solved the much-dreaded "create a PIN for the RSA token" riddle. Contributions received : - Intuit - Microsoft (from August 2008 invoice) No PayPal contributions listed in this report. Will have update next month. Taxes : we are unable to file another extension. Plan is to just grind them out and send a letter explaining situation, apologizing, promising to never do it again, and ask for leniency from the IRS. Todo : - taxes - 1099's for last year's contractors - get setup with PIN for online banking in QB - get setup w/ "retail" account for checkwriting and > 90 day CC reports (so I can bring QB up to date for taxes) - review contributor invoicing and billing process w/ fundraising - review switching from accrual to cash accounting - automate CC transaction download to QB - shift bookkeeping to monthly calendar rather than board calendar - produce month/month report for better near-term tracking - figure out why SA didn't get paid for jan or feb - more that I'm forgetting Statement of Financial Income and Expense February 19 through March 17, 2009 (Accrual Basis) Ordinary Income/Expense Income Interest Income 37.85 Total Income 37.85 Expense Bank Service Charges 301.19 Licenses and Permits 341.00 Postage and Delivery 43.85 Program Expenses Travel Assistance 7,193.52 Public Relations Staff 3,636.36 Infrastructure Staff 6,000.00 Colocation Expenses 1,068.03 Total Program Expenses 17,897.91 Total Expense 18,583.95 Net Ordinary Income -18,546.10 Net Income -18,546.10 Note that this is on an accrual basis, and thus there was infrastructure expense from January that got posted to QB today, so they "fell out" of this report, even though it was paid for 3/10/09. (IOW, we have no formal record of those expenses in board reports. I'll be happy to post an "updated" for the previous period if it's necessary) The Apache Software Foundation Statement of Financial Position Accrual Basis - As of March 17, 2009 Mar 17, 09 Mar 17, 08 $ Change % Change ASSETS Current Assets Checking/Savings Paypal 10,217.60 3,917.93 6,299.67 160.8% Wells Fargo Analyzed Account 44,397.08 112,157.04 -67,759.96 -60.4% Wells Fargo Savings 298,688.88 156,584.82 142,104.06 90.8% Total Checking/Savings 353,303.56 272,659.79 80,643.77 29.6% Accounts Receivable Accounts Receivable 5,000.00 0.00 5,000.00 100.0% Total Accounts Receivable 5,000.00 0.00 5,000.00 100.0% Total Current Assets 358,303.56 272,659.79 85,643.77 31.4% TOTAL ASSETS 358,303.56 272,659.79 85,643.77 31.4% LIABILITIES & EQUITY Liabilities Current Liabilities Credit Cards ASF Credit Card - Ruby 43.85 0.00 43.85 100.0% ASF Credit Card - Erenkrantz -27.95 -14,770.81 14,742.86 99.8% ASF Credit Card - Jagielski 0.00 -199.08 199.08 100.0% Total Credit Cards 15.90 -14,969.89 14,985.79 100.1% Total Current Liabilities 15.90 -14,969.89 14,985.79 100.1% Total Liabilities 15.90 -14,969.89 14,985.79 100.1% Equity Retained Earnings 261,975.10 241,114.20 20,860.90 8.7% Net Income 96,312.56 46,515.48 49,797.08 107.1% Total Equity 358,287.66 287,629.68 70,657.98 24.6% TOTAL LIABILITIES & EQUITY 358,303.56 272,659.79 85,643.77 31.4% Current outstanding AR is Joost. We need to issue "thank you" to all donors over $75; treasurers will collect the information, the SA will execute D. Secretary [Sam] 5 grants, 74 iclas, 2 cclas were processed. This was a mix of arriving and archived documents. Curiously, quite a few documents in the archived box were encountered that were scanned prior to being shipped to Raleigh. Of course that wasn't noticed until after a large batch was rescanned... The Secretary Assistant purchased a new scanner with a document feeder. The scan quality also is improved. Small adjustments were made to the Workbench script in an attempt to reduce the error rate and to deal better with rescans. I can confirm the receipt of the bridging SA contract. Unless there has been activity that I'm unaware of, I'm extremely skeptical that a new EA will be selected, on board, and in a position to make a recommendation at the 2.5 months remaining. That being said, it should there be a need to create another extension for even as small as one month, that should not pose a problem. After a long period of appearing like clockwork, the SA did not receive payment for the month of February. The treasurer has been notified. We've recently had several cases where people have sent faxes and the've never been received. I've done some "dumpster diving" through the archives and not found them. Not sure what's going on. If anybody wants to participate, the apmail private-arch officers secretary archives are available. What would be helpful in such inquiries would be for people to provide approximate dates as to when the fax was originally was sent. E. Executive Vice President [Sander Striker] [no report submitted] Executive officer reports approved as submitted by General Consent. 5. Additional Officer Reports 1. VP of JCP [Geir Magnusson Jr] See Attachment 1 2. Apache Legal Affairs Committee [Sam Ruby] See Attachment 2 3. Apache Security Team Project [Mark Cox / Justin] See Attachment 3 4. Apache Conference Planning Project [Lars Eilebrecht / Sam] See Attachment 4 BarCamp is free, and the Hackathon requires a fee... we are unhappy with that situation. The rates are determined by SCP. 5. Apache Public Relations Project [Jim Jagielski] See Attachment 5 apache.com again raised as an issue Intuit confirmed as a bronze sponsor. 6. Apache Infrastructure Team [Paul Querna / Justin] See Attachment 6 Justin confirms that the $150-160k figure includes staffing 7. Apache Travel Assistance Committee [Gavin McDonald / Bertrand] See Attachment 7 One of the TAC applicants directly approached on of the ASF sponsors directly for more money. This is unacceptable behavior. The airfare has already been paid. This particular applicant will not be eligible for travel assistance for the next three years anyway. Jim, the TAC, and the PRC will coordinate. Additional officer reports approved as submitted by General Consent. 6. Committee Reports A. Apache Abdera Project [Garrett Rooney / J Aaron] See Attachment A J Aaron to pursue a report for Abdera B. Apache APR Project [Bojan Smojver / Henning] See Attachment B C. Apache Archiva Project [Maria Odea Ching / Greg] See Attachment C D. Apache Attic Project [Henri Yandell / Jim] See Attachment D E. Apache Buildr Project [Alex Boisvert / Bill] See Attachment E F. Apache Camel Project [Hadrian Zbarcea / Geir] See Attachment F G. Apache Cayenne Project [Andrus Adamchik / Justin] See Attachment G H. Apache Commons Project [Torsten Curdt / Bertrand] See Attachment H I. Apache CouchDB Project [Damien Katz / Henning] See Attachment I J. Apache Excalibur Project [Carsten Ziegeler / Bill] See Attachment J K. Apache Felix Project [Richard Hall / Sam] See Attachment K L. Apache Gump Project [Stefan Bodewig / Jim] See Attachment L Question: Should this move to infra? Answer: would not solve any problem, will leave it as is. M. Apache Harmony Project [Tim Ellison / Greg] See Attachment M Greg to approach PMC to inquire what the Harmony project plans would be if no JCK were forthcoming for an extended (two+ years) time... N. Apache iBATIS Project [Clinton Begin / J Aaron] See Attachment N We'll expect another report from iBatis in June following their normal schedule. O. Apache Incubator Project [Noel J. Bergman / Geir] See Attachment O Henning will poke Shindig at ApacheCon. P. Apache Jackrabbit Project [Jukka Zitting / J Aaron] See Attachment P Q. Apache JAMES Project [Danny Angus / Bertrand] See Attachment Q Bertrand to pursue a report for JAMES R. Apache Labs Project [Bernd Fondermann / Greg] See Attachment R Looks like Vysper is shaping up for incubation. S. Apache Lucene Project [Grant Ingersoll / Justin] See Attachment S T. Apache OFBiz Project [David E. Jones / Jim] See Attachment T Zone are available but not as reliable. Jim to follow up. U. Apache POI Project [Nick Burch / Sam] See Attachment U V. Apache Portals Project [David Sean Taylor / Geir] See Attachment V David indicated that he will provide a report next month. W. Apache Qpid Project [Carl Trieloff / Bill] See Attachment W X. Apache Quetzalcoatl Project [Gregory Trubetskoy / Henning] See Attachment X Y. Apache ServiceMix Project [Guillaume Nodet / Bill] See Attachment Y Z. Apache SpamAssassin Project [Daryl C. W. O'Shea / Greg] See Attachment Z AA. Apache Synapse Project [Paul Fremantle / Jim] See Attachment AA AB. Apache Tiles Project [Greg Reddin / Bertrand] See Attachment AB AC. Apache Tomcat Project [Mladen Turk / Geir] See Attachment AC AD. Apache Web Services Project [Glen Daniels / J Aaron] See Attachment AD Aaron to request some outline of a plan for spinning out subprojects in their next (3 month) report. AE. Apache Wicket Project [Martijn Dashorst / Henning] See Attachment AE AF. Apache Xalan Project [Vacant / Sam] See Attachment AF Resolution for a new chair later in the agenda. AG. Apache XMLBeans Project [Cezar Andrei / Justin] See Attachment AG Committee reports approved as submitted by General Consent. 7. Special Orders A. Termination of the HiveMind PMC WHEREAS, the Board of Directors deems it no longer in the best interest of the Foundation to continue the Apache HiveMind project due to the inactivity of the community WHEREAS, the HiveMind PMC is unable to further fulfill the responsibilities of creation and maintenance of open-source software based on the HiveMind services and configuration microkernel, for distribution at no charge to the public NOW, THEREFORE, BE IT RESOLVED, that the Apache HiveMind Project is hereby terminated; and be it further RESOLVED, that the Attic PMC be and hereby is tasked with maintenance of the HiveMind framework software; and be it further RESOLVED, that the Apache HiveMind PMC be and hereby is no longer responsible for the creation and maintenance of open-source software based on the HiveMind services and configuration microkernel, for distribution at no charge to the public, based on software licensed to the Foundation; and be it further RESOLVED, that the office of "Vice President, Apache HiveMind" is hereby terminated; and be it further RESOLVED, that the Apache HiveMind PMC is hereby terminated. Special Order 7A, Termination of the HiveMind PMC, was approved by Unanimous Vote of the directors present. B. Update Public Relations Committee Membership WHEREAS, the Public Relations Committee (PRC) of The Apache Software Foundation (ASF) expects to better serve its purpose through the periodic update of its membership; and WHEREAS, the PRC is a Board-appointed committee whose membership must be approved by Board resolution, NOW, THEREFORE, BE IT RESOLVED, that the following ASF members be added as Public Relations Committee members: Sally Khudairi Craig Russell Special Order 7B, Update Public Relations Committee Membership, was approved by Unanimous Vote of the directors present. C. Appoint David Bertoni as Apache Xalan chairman WHEREAS, the Board of Directors heretofore appointed Brian Minchau to the office of Vice President, Apache Xalan, and WHEREAS, the Board of Directors is in receipt of the resignation of Brian Minchau from the office of Vice President, Apache Xalan; NOW, THEREFORE, BE IT RESOLVED, that Brian Minchau is relieved and discharged from the duties and responsibilities of the office of Vice President, Apache Xalan, and BE IT FURTHER RESOLVED, that David Bertoni be and hereby is appointed to the office of Vice President, Apache Xalan, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Special Order 7C, Appoint David Bertoni as Apache Xalan chairman, was approved by Unanimous Vote of the directors present. 8. Discussion Items We noted that the NYTimes article on Hadoop does not contain the word "Apache". PRC to work with the PMC chair on how to deal with PR. Perhaps a Webinar is appropriate? Perhaps a web page of instructions as a first step? 9. Review Outstanding Action Items 10. Unfinished Business 11. New Business 12. Announcements 13. Adjournment Adjourned at 11:09 a.m. (Pacific) ============ ATTACHMENTS: ============ ----------------------------------------- Attachment 1: Report from the VP of JCP We're starting to see resolution to the outstanding requests for TCK's from Sun. The request for JSR-200 (Network Transfer Format of Java Archives) was denied - it is part of Java SE and not considered a separable TCK. The request for JSR-196 (JASPI) has been lost inside Sun. I'm going to attempt to get the do-over fast-tracked at the end of this week. The request for JSR-311 (JAXRS) is complete and the TCK available to us. There has been a bit of discussion in the community about the Apache/Sun fight over the Java SE TCK, triggered by our "no" vote for Java EE 6. For example : http://java.dzone.com/news/apache-and-sun-still-not http://www.theregister.co.uk/2009/03/05/sun_enterprise_java_opensource/ Finally, I requested an EC vote on the following resolution to take place immediately. I expect it to be part of the public minutes : Resolved: It is the position of the EC that: TCK licenses must not be used to discriminate against or restrict compatible implementations of Java specifications by including field of use restrictions on the tested implementations or otherwise. Licenses containing such limitations do not meet the requirements of the JSPA, the agreement under which the JCP operates, and violate the expectations of the Java community that JCP specs can be openly implemented. This is in response to a simply awful article on Sun, Harmony and changes in the JCP where Sun positioned the current situation as having EC backing because the EC made the current rules. http://www.javaworld.com/javaworld/jw-03-2009/jw-02-opening-up-jcp.html ----------------------------------------- Attachment 2: Status report for the Apache Legal Affairs Committee Active month, nothing requiring board attention beyond a passing mention of staffing. Summary: internal: LGPL optional library for testing CouchDB (OK) DOM4J (BSD style license, accepted) JSR 173 license (replaced with an ALv2 equiv) Protocol Buffer License (verified as BSD) Unicode data license (ICU: OK) MSV license (category X: due to FOU) License Headers question (dealing with BSD) Question as to when CCLAs are required (QPid) OASIS license of XSDs (not separately licensed?) OLIO fragment cache license (MIT) ICLA required for student under contract? (wouldn't hurt) Use of Prolog (the language) (OK) Abstract question on documentation (need specifics) outside: Permission to reuse our CLA form itself (granted!) Question as to whether the ECCN "conveys" to commercial users (answer: exemption may not apply - consult a lawyer) General question as to whether ASF code can be sublicensed commercially (can and does) Hypothetical Discussion between Bruce Perens and Larry Rosen (over my head) Referred elsewhere: Two separate potential violation of an ASF Trademark (to PRC) Advice for book authors (to PRC) IP-clearance question (to incubator) ----------------------------------------- Attachment 3: Status report for the Apache Security Team Project For Feb 2009: There continues to be a steady stream of reports of various kinds arriving at security@apache.org. These continue to be dealt with promptly by the security team. 2 Support question 2 Security vulnerability question, but not a vulnerability report 3 Phishing/spam/attacks point to site "powered by Apache" 1 User was hacked, but it wasn't ASF software at fault 4 Vulnerability report ----------------------------------------- Attachment 4: Status report for the Apache Conference Planning Project General News ------------ * The conference committee is planning to have another Apache event in Asia for 2009, similar to the one held in Beijing in 2008. Details are still to be defined. ApacheCon Europe 2009 News (23-27 March) ---------------------------------------- * Lars Eilebrecht replaces Noirin Shirley as the lead for the conference as she has unfortunately become unavailable, and will not be able to attend the conference. Ross Gardler, and Shane Curcuru will be helping as co-leads with the conference. * BarCampApache was changed to be free of charge. * On Monday and Tuesday evening Meetups for the Apache projects Wicket, Jackrabbit, Lucene, Maven, and Portals will be held. Each Meetup is self-organized by each project, and can be attended free of charge. ApacheCon US 2009 News (2-6 November) ------------------------------------- * The Call for Papers deadline was extended until March, 14th, and is now closed with 210 submissions. Acceptances and rejections should be emailed by the end of April. * The planning meeting is scheduled at the Mövenpick March 28 & 29. The planners team includes Bill Rowe (lead), Cliff Skolnick (co-lead), Lars Eilebrecht, Shane Curcuru, Danese Cooper, Jean-Frederic Clere, Ross Gardler, Noel Bergman, Sally Khudairi, Justin Erenkrantz, Santiago Gala, Rich Bowen and Noirin Shirley (the last three are unlikely to attend the Amsterdam meeting at this point). * Conference registration is planned to be opened by May 2009. ----------------------------------------- Attachment 5: Status report for the Apache Public Relations Project The last 4 weeks has seen quite a bit of work within the PRC, with a number of outstanding items finally "done". o The Logo/Trademark page is now up! This is, as is the 3rd party licensing page, a work in progress, but is a substantial step in the right direction. o We are busy with PR activities for both our 10th anniversary and with ACEU (in support of that) o We are adding SallyK and CraigR to the PRC (see above resolution) o Worked on and released QPid PR at the start of the month. o Worked on and released 10 Anniversary Press Conference Media Alert o Coordinated discussion between Geir and OpenSource Release Feed regarding our NO vote on Java EE 6 o "Finalized" budget for PRC o It looks like Intuit is officially a Bronze sponsor. o Sally has been in contact with current Sponsors, in the hopes of coordinating a meet-and-greet at ACEU09. Unfortunately, a number of sponsors will not be attending, so we will have a somewhat smaller get-together than originally planned. HALO's report is as follows: During ApacheCon: - MIT/UInnsbruck study on Apache as online brand leading community-driven innovation kicks off; researchers will be onsite on Tuesday (only) for face-to-face interviews; - ASF "Filmworks" project will kick off on Wednesday and run through Friday of next week. We will sponsor Michael Wechner as director and two additional film crew members; this covers travel and hotel expenses for three days; - Coordinating 10th Anniversary celebration cake to be unveiled at the Welcome Reception on 25 March; - trying to launch "greeting card" campaign on blogs.apache.org for folks to send their well-wishes and comments to the ASF (honoring 10 years of excellence, etc.) HALO's been in touch with all the Sponsors, having finally connected with Google (good call; notes to follow) and Progress/IONA/FUSE (their Sponsorship is up for renewal this month). All Sponsors have also been invited to participate in the branding study and ASF Filmworks projects. Follow up with NYTimes on Hadoop story and related ASF branding; Shane wants to follow through with Larry's suggestion on getting all our projects/marks properly attributed, working with the PMCs, and a clear(er) policy on the Website. We also have an Overview page for the PRC, as well as Media and Analyst Relations guidelines (includes information on writing press releases), and ASF Highlights 1999-2009 document. ----------------------------------------- Attachment 6: Status report for the Apache Infrastructure Team Replaced a failed disk in eris (svn). Discussed what to do about disused accounts on people.apache.org. No actions taken at this time. Replaced a failed disk in eos (websites). Norman Maurer rebuilt the array to be based on raidz2 instead of raidz1, and upgraded the operating system to Solaris 10u6 + patches. Gavin McDonald convinced Yahoo! to open up the buildbot server port on ceres (builds). Discussed a budget - the general consensus is that the infra budget should be $150K-$160K per year, but folks on the budget committee are looking for a more detailed breakdown of the hardware portion. Discussed an infra meetup between various open source organizations, with the intent to fund travel should it come to fruition. Norman Maurer convinced the SpamAssassin PMC to move their IO- intensive jobs to their zone on odyne. Shipped the errant SAS cable back to provantage.com. git.zones.apache.org was setup on odyne for Jukka Zitting to work on. Coordinated the move of planetapache.org to planet.apache.org/committers, with the help of several member volunteers. Henri Yandell carefully upgraded all of our Jira installations to 3.13.2. Sebastian Bazley continued his work validating foundation records. Henk Penning continued his work handling mirror requests. ----------------------------------------- Attachment 7: Status report for the Apache Travel Assistance Committee Status report for the Apache Travel Assistance Committee (March 2009) General News ============ ApacheCon fast approaches, all tickets are booked, all hotel rooms are sorted, am awaiting confirmation but I believe all have also registered for the event also. Most applicants required documentation proof from the Hotel and from the ASF confirming our invitations to them for ApacheCon. These were also all sent out. So, I believe we are all done in this regard, but over the next week I will cross T's and dot i's getting the last remaining feedback that all is well and in place for and with all applicants. Thanks go to Upayavira for his finding a good Travel Agent; and for being liaison throughout, right up until final payments were made. Thanks also to Justin and Sam for getting the payment done so swiftly. We tried a shepherd system this time around where each shepherd looked after all aspects needed to get their two applicants through to booking, no clue where we nabbed that idea from ;) - it worked well. The last couple of reports have mentioned that we will be obtaining feedback from the ApacheCon US TAC attendees. This month saw the Questionnaire go out to those attendees. Of the six questionnaires, we have received full feedback returned from four so far, they are excellent replies and we look forward to presenting that information next month when we expect the other two to come through also. ----------------------------------------- Attachment A: Status report for the Apache Abdera Project ----------------------------------------- Attachment B: Status report for the Apache APR Project The activity on the project in the last 3 months (Dec 9 2008 to Mar 9 2009) was as follows: APR trunk: 101 commits APR util trunk: 32 commits APR 1.4.x: 17 commits APR util 1.4.x: 27 commits APR 1.3.x: 13 commits APR util 1.3.x: 16 commits APR 0.9.x: 0 commits APR util 0.9.x: 1 commit APR iconv trunk: 0 commits APR iconv 0.9.x: 0 commits site: 1 commit Current stable release of APR is 1.3.3, released Aug 14 2008. Current stable release of APR util is 1.3.4, released Aug 15 2008. Current stable APR iconv release is 1.2.1, released Nov 15 2007. APR/APU trunk is now targeting 2.x, a new major version. A new branch, 1.4.x has been started as well, to cover all desired 1.x features that cannot go into 1.3.x, due to versioning rules. The 1.3.x. branch received quite a few bug fixes, many of which were backports from the trunk. ----------------------------------------- Attachment C: Status report for the Apache Archiva Project Releases -------- * No releases since last board report. Community --------- * Development work for 1.2 is still on-going. 69 issues already fixed and 35 more to go before the release. * An Archiva session is scheduled for ApacheCon Europe at the end of the month. Issues ------ No board level issues at this time. ----------------------------------------- Attachment D: Status report for the Apache Attic Project The HiveMind PMC have voted to move to the Attic. The Attic PMC will be working with the board to effect resolutions such that oversight over HiveMind is passed over to the Attic PMC. Focus next month will be on making the change such that HiveMind is now recognizably in the Attic. ----------------------------------------- Attachment E: Status report for the Apache Buildr Project Since our February report, we had 12 new issues reported and 6 enhancements suggested; 12 issues were fixed, 4 based on patches from non-committers. We've been planning a 1.3.4 release since January but it has not happened yet. We have a volunteer for the release so the last hurdle is just making it happen. There were some discussions related to clarifying our usage of git and improving contribution/patch workflow with git. The discussion culminated by the contribution of a tiny tool called "gitflow" that facilitates the use of git while maintaining our Subversion repository as the system of reference. Still, post-commit git synchronization issues remain and manual merging is often necessary. ----------------------------------------- Attachment F: Status report for the Apache Camel Project Apache Camel PMC Board Report, March 2009 Community: * The Camel community continues to be very active and growing. * Increased traffic on the development and user lists indicate wider adoption of Camel. * No new committers. Development: * Lots of contributions from committers and community on trunk. * We just issued the first milestone release of Camel 2.0. * Final release of Camel 2.0 planned for next quarter. * Development on the camel 1.x is slowing down while the focus shifted to 2.0. * Camel 1.x will be still maintained for the foreseeable future. Releases: * Camel 2.0-M1 released. ----------------------------------------- Attachment G: Status report for the Apache Cayenne Project Development * Significant development activity on the Cayenne core and the Modeler. Addressed a few long-standing user requests. * 3.0M5 got released in December 2008. * Added GoogleAnalytics to the web site in January. Community * Activity on the user and development lists has been steady. * An issue was raised on the PMC list about the procedure of working with non-English speaking contributors. We are receiving a stream of patches from such a person, but we don't have a mechanism for making this contributor a committer, as there's no direct communication with this person on the mailing list, only communication done by proxy. Currently there's no resolution, and communication continues in a national language via one of the PMC members, and all the submissions are still done via patches. ----------------------------------------- Attachment H: Status report for the Apache Commons Project General ======= o Activity has picked up a bit on both the user and dev lists again. The compress component has gained some traction is soon a candidate for proper. o The question has come up how to handle the inclusion of external code that is covered under Apache 1.1 license. (Adding both headers? Keep it as 1.1?) The author was contacted and changed the license to 2.0 which resolved the problem for us. http://markmail.org/thread/k7tlvz6u36m7vvhe But it would be good to have an answer on this anyway. o New sandbox components - money https://svn.apache.org/repos/asf/commons/sandbox/money/ - new java5 version of dbutils https://svn.apache.org/repos/asf/commons/sandbox/dbutils/ Releases ======== o Digester 1.8.1 http://markmail.org/message/mrxs4ht2naguavw6 o Digester 2.0 http://markmail.org/message/chcxgta5k73aeh3z o Configuration 1.6 http://markmail.org/message/zywv26ptqvfjxlq3 Community ========= o No new sandbox committers o New committer - Mark Thomas - Dan Fabulich - Paul Benedict o New PMC members - Stefan Bodewig - Siegfried Goeschl ----------------------------------------- Attachment I: Status report for the Apache CouchDB Project CouchDB is a document oriented database. - Community - Continued growth on the mailing lists, In Feburary 800+ messages on dev and 500+ on user. New chapters of the upcoming O'Reilly book on CouchDB have been released and are receiving feedback. The 2 new committers we voted in last month, Paul Davis and Adam Kocoloski, are now actively checking in code. - Releases - We've a lot of progress releasing 0.9.0, the first beta release of Couchdb. We are now feature complete and we have 12 tickets are currently blocking the 0.9 release. With feature work done things should stabilize quickly. ----------------------------------------- Attachment J: Status report for the Apache Excalibur Project There are no known issues. Absolutely zero activity in all places, so nothing to report. If this state continues for the next quarters we should consider moving the project to the Attic by the end of the year. ----------------------------------------- Attachment K: Status report for the Apache Felix Project Community * Niclas Hedhman stepped down from the Felix PMC. * Additional contributions from David Bosschaert of the CXF community for patches to Felix to support distributed OSGi features from the next OSGi specification release. * Proposed contribution of new OSGi shell from Peter Kriens, based on a proposed new OSGi R4.2 specification. * Received code contributions for File Install subproject from community members Sahoo and Filippo Diotalevi. * Marcel did a 15 minute lightning talk about Dynamic Deployment with Apache Felix at FOSDEM '09 in Brussels. Software * Attempt to integrate PAX Logging into Felix has apparently been abandoned due to lack of time by those involved. * Preparing to release version 1.6.0 of Felix. * Released version 1.4.1 of Felix (includes Framework 1.4.1 and Main 1.4.1); there were several small fixes and improvements in this release, but the main focus was to release patches needed by the CXF community to support distributed services. * Released various other subprojects (e.g., iPOJO 1.2.0, Web Console 1.2.2, Remote Shell 1.0.4, Config Admin 1.0.10, Maven Bundle Plugin 2.0.0). * Checked in a testing harness for both bundles and the framework itself based on bnd (from Peter Kriens). * Added ConfigAdmin support and support for NIO for HTTPS to the HTTP Service implementation. * Committed Device Access specification implementation, which was contributed by Dennis Geurts. Licensing and other issues * None. ----------------------------------------- Attachment L: Status report for the Apache Gump Project Infrastructure: * no news is good news. Technical: * Gump has seen some development activity sparked by JUnit migrating to github but we don't expect too much to happen in the future. Gump is more of a service by now, not a typical development project - which is fine with us. * the installation is happily chugging along with active metadata maintenance Other: * still all Apache committers have access to metadata in svn. * no releases. ----------------------------------------- Attachment M: Status report for the Apache Harmony Project Summary ======= The Apache Harmony community remains healthy and continues to enhance the body of Java runtime technology under its management. There is a new project milestone build imminent and a new committer has recently been appointed. The lack of a JCK continues to be an issue for Harmony. Development and Releases ======================== The Harmony community is focused on improving the quality of the existing code, and completing the last remaining providers and tools usually associated with Java runtimes. The code is currently undergoing release management towards a Java 5.0 M9 release expected to be declared by the end of this month. Our last release was in November 2008. Contributions into the code base are numerous. New work being delivered in the upcoming release includes: - performance: across multiple areas, including class library improvements and JIT compiler global propagation optimizations, integer MUL/DIV/REM strength reduction, and so on. - pack200: a new implementation of the JSR-200 compression technology for Java bytecodes. - porting work: in the class libraries for AIX and zOS operating systems. - bug fixing: focus on our test case enhancements, and on passing the Eclipse Test Suite. We have enhanced the community-hosted builds with new jobs running on the Apache Hudson infrastructure. This gives a valuable insight into the state of the builds for developers who do not run their own continuous integration server. Security ======== No reported security incidents this period. Community ========= We are delighted to have Aleksey Shipilev accept an offer to become a committer for Harmony. Aleksey has contributed to many areas of Harmony including performance and community discussion over a sustained period. There were no changes to the PMC during this period. There are currently 39 committers, of which ~14 were active this period. After a discussion around our use of Google Analytics, we decided to remove the analytics tracker code from our website rather than update the privacy policy. The Harmony project intends to participate once again in the Google Summer of Code program, and discussion around suitable projects is underway on the developer mailing list. ----------------------------------------- Attachment N: Status report for the Apache iBATIS Project ----------------------------------------- Attachment O: Status report for the Apache Incubator Project After last month's report, the Incubator has started the process of recognizing the dormant status of projects that are in that condition. The most serious issue that happened this past month is recorded in the Empire-DB report, the gist of which is that a Committer had provided a third-party with his SVN credentials. That issue is covered in detail below. BlueSky, Cassanda, Log4PHP, and Shindig all failed to report. Comments are below, in-line with each project. ---- Individual Project Status: = Bluesky = Bluesky failed to report. Reviewing their mailing list, there is activity in the project, just no report. = Cassandra = Cassandra failed to report. They did recognize and discuss the need for a report, but failed to provide one, anyway. The Cassandra Project is a distributed storage system for managing structured/unstructured data while providing reliability at a massive scale. = Click = Click is a page and component oriented Java web framework. Click has been incubating since July 2008. Tasks completed since December: * Replaced all incompatible licensed libraries * Click 2.0.1 was released from the Apache Incubator * New JIRA was created and issues imported from old version Top priorities: * Review the current diversity in the developer community = Empire-db = This is an out of schedule board report, that the Incubator PMC asked us to provide due to the following incident: === The situation === A committer "C" of Empire-db had the idea to create and provide an example application that demonstrates how to use Apache Empire-db together with Apache CXF. Initially he intended to write the code himself, but then he found himself too busy and never really got around doing it. So he decided to ask a student S instead to write the code for him using his templates and ideas. S then wrote the code with a little aid of C and he got paid for it. The work contract S had with C said that all rights over the code would exclusively belong to C. When the coding was finished, C asked S to submit the code using his Apache SVN account. For that C temporarily logged S in from within Eclipse to SVN on one of C's computers (Please note: the login was performed by C the password itself was not given to S). C then also asked S subscribe and write to the Empire-db-dev mailing list to resolve problems he had with the Maven project layout. C believed that all actions taken were legitimate and in the best interest of the project and the ASF. === The issues === When a Mentor of the Empire-db project became aware of this transaction, he raised strong concerns regarding the following two issues: 1. Legal concerns that an ICLA from S would be required for the code that was contributed. 2. Security concerns, whether access to the SVN could have been abused by S or the password for the SVN account for C could have been revealed by S. Furthermore he pointed out, that sharing an account - even temporarily - is not approved by the community and hence must under no circumstances be repeated. These concerns were also forwarded to the Incubator private mailing list, where the actions taken by C also upset many people. There was a clear verdict, that the mentor's concerns and disapproval were shared by everyone else. C was surprised by the reaction of the Incubator PMC and defended himself with the following arguments: 1. Since C is the exclusive legal owner of all rights over the code that was submitted, only he could contribute it to the ASF anyway. Hence an ICLA for S is from a legal point of view not required, even though he might be the originator. 2. It is very unlikely and there is absolutely no reason to believe that the account has been abused or compromised by S in any way, since the login was only valid for the actual Eclipse session. For people of the same company, working in the same LAN, there might be technically easier ways of compromising an account. Even so he takes full responsibility for everything that is or was done under his account. C posted his statements on the Empire-db private mailing list and it is unclear whether all people interested in this subject had the opportunity to read these arguments. The respondents were not all convinced by these arguments and the legal issue still has not been fully resolved. However, still there is a strong common agreement on the disapproval of account sharing. === The resolve === C acknowledges and respects the opinion of the community. As far as the sharing of this account is concerned, he publicly assures not to repeat it with any of this Apache accounts. In order to resolve any remaining concerns the following actions were taken by C and S as requested from the Incubator board: 1. S has signed and submitted an ICLA to the ASF. 2. C has changed this SVN password = ESME = Enterprise Social Messaging Experiment (ESME) is a secure and highly scalable microsharing and micromessaging platform that allows people to discover and meet one another and get controlled access to other sources of information, all in a business process context. ESME entered the incubator in 2008-12-02. Community: * Additional community members have submitted their iCLA with the aim of becoming more involved * Siemens press release about ESME, reviewed by the Apache PRC and published at http://url.ie/1bjo Development: * Somewhat reduced activity last month, and questioning as to why this is happening. * Good progress on the Twitter API, implementation nearly finished. Top 2 or 3 things to resolve prior to graduation * Move all collaboration to the esme-dev mailing list * Increase community involvement in the project * Provide instructions for people to build, install and evaluate EMSE by themselves = Etch = Etch was accepted into Incubator on 2 September 2008. Etch is a cross-platform, language- and transport-independent framework for building and consuming network services. The Etch toolset includes a network service description language, a compiler, and binding libraries for a variety of programming languages. We've prepared a bug fix release (1.0.2) which has been submitted for an incubator vote. The 1.0.2 release also includes updated licensing information in compliance with Apache standards. A 1.1 release with proper package and namespace changes is being prepared as well. The 1.1 release will also include experimental code for a c and python binding. Our problem with finding a home for our continuous build continues. Various plans have been proposed and failed due to lack of a Windows-friendly c# build environment. While we will continue for awhile to host this build at Cisco, we need to find a more neutral and open place to do public builds. Cisco folks continue to be the primary source of discussion and commits. There are some external nibbles, but none that are ready to pitch-in in a serious way yet. More work needs to be done on the web site to make steps to participation more evident. Work also needs to be done on the build environment to make it a bit more forgiving. Outstanding items: * Check and make sure that the papers that transfer rights to the ASF been received... * Check and make sure that the files that have been donated have been updated to reflect the new ASF copyright... * Check and make sure that for all code included with the distribution that is not under the Apache license... * Check and make sure that all source code distributed by the project is covered by one or more of the following approved licenses... = Hama = Hama has been incubating since 19 May, 2008. It is a parallel matrix computational package based on Hadoop Map/Reduce. Recent developments: * We constructed interfaces of matrix and vector. * We implemented sparse/dense matrix-matrix multiplication and dot products. * We implemented shell and user can use shell to manage matrices. * We start implementation of the sparse matrix and sparse graph which is a graph with sparse matrix. Required before graduation: * More practical examples of matrix manipulation * Increase community size and activity * First Apache release = Kato = Kato was accepted into the Incubator on 6 November 2008. Kato is a project to develop the Specification, Reference Implementation, and TCK for JSR 326: the JVM Post-mortem Diagnostics API Recent Activity: * The corporate CCLA has been received by ASF. * Initial code contribution has been contributed. The following is planned for next reporting period: * Contributed code to be built. * API Java doc to be built and put onto website. * Development of reference implementation (RI) of Kato API. * Development of working TCK. = Log4php = Log4php failed to report. Log4php has been in the Incubator since 2004, and was retired once already, then reviewed by new interest appeared. Reviewing the mailing list, Log4php appears to still be very much a one person project, with Christian Grobmeier as the sole participant. I see no sign of a user community, nor a developer community. Is there any thought on what should be the discposition of the project? Apache Labs? Something else? = OpenWebBeans = !OpenWebBeans will be an ASL-licensed implementation of the Web Beans Specification which is defined as JSR-299. !OpenWebBeans entered the incubator in October 26, 2008. The following items have been made after the last report * We have got a new committer who is Mark Struberg. * We released the M1 version * We published our new site via Maven Belows are the next steps for coming days; * We will release the M2 version. * We will create additional documentation in the project web site. * We will implement additional examples that show the usage of the OpenWebBeans * We will continue to attract new committers into the project. = Pivot = Pivot is an open-source platform for building rich internet applications in Java. Pivot was accepted into incubation on the 26 January 2009. The Pivot community missed the last report, largely due to after acceptance a period of 'no action' ensued. The Pivot project has now taken off. One initial committer is lost in action and has been removed from the initial committer list, as well as the couple of patches that he supplied has been reverted. The remaining 4 committers have submitted CLAs, accounts has been created, authorization setup, Jira has been created, Confluence space has been created, and we are soon to do the initial codebase submission. All activities of setting up the podling has been tracked in https://issues.apache.org/jira/browse/PIVOT-1 = RAT = After a long quiet period, there seems to have been a definite change of momentum. A major stumbling block has been the absence of released version of the codebase after the move to Apache. Once this has happened, it should be possible to start on some more interesting topics. Preparation of a 0.6 release ongoing (and looking good). Hopefully due in April. The scan code that generates http://incubator.apache.org/audit/ (by auditing the distribution directories) is probably just about good enough for wider distribution and use by other projects at Apache. This will be targeted for release before May. Discussions are ongoing about a Google SoC originating in Harmony but more naturally in scope at RAT Top Issues Before Graduation: 1. ATM RAT is too small for a TLP but not clearly in scope for any existing TLPs 2. Regain momentum = River = River is aimed at the development and advancement of the Jini technology core infrastructure. Jini technology is a service oriented architecture that defines a programming model which both exploits and extends Java technology to enable the construction of secure, distributed systems which are adaptive to change. River has been incubating since December 2006. The River project is not doing well. Practically all original committers are inactive and while there are interested users and even some pretty active discussions about the future of River, that interest isn't showing up as patches or other more constructive contributions. We've seen some effort towards making the QA test suite more accessible, and there is interest in doing another release. However, nobody is actively working on new features or bigger improvements. It has been suggested that River needs a major new vision, but it's debatable whether that would do better as a fresh new project. In any case nobody is actively pushing for anything like that. There is still hope for River, but at this rate the project is heading for termination. Issues before graduation: * Re-activate the development community * Migrate packages to org.apache.river * Another Apache release = Shindig = Shindig failed to report. Reviewing the Shindig mailing list shows considerable activity, with in the realm of 1000+ messages per month. = Stonehenge = Stonehenge was accepted in December 2008 Stonehenge continues to make progress. There is now code committed for Ruby, PHP, Axis2/Java and .NET. We are working on the wiki documentation on how to get started and run the samples. Sun are working on an implementation for Metro and we hope to get some contribution from Apache CXF too. Discussion and mailing lists are slowly getting into place and the SVN and JIRA are all in place and being used. Main Activities: * .NET Stock Trader code contributed * Java and PHP Stock Trader code contributed * New tree structure for all contributions created * All existing code moved from contrib to trunk * new committers from SUN Microsystems identified and came online * Goals and exit criteria of Milestone 1 release being defined. ----------------------------------------- Attachment P: Status report for the Apache Jackrabbit Project Apache Jackrabbit is a fully conforming implementation of the Content Repository for Java Technology API (JCR, specified in JSR 170). The Apache Jackrabbit project is in good shape. We have no board-level issues at this time. o Releases We made the following two releases from the 1.5 branch: * Apache Jackrabbit 1.5.2 on January 20th * Apache Jackrabbit 1.5.3 on February 27th The 1.5.2 release contained a fix to the security issue CVE-2009-0026 (Cross site scripting issues in webapp). This was the first security issue we had received through security@, and we had some initial confusion on how we should react to such issues. The security team was very helpful in guiding us. We also made the following component releases from the older 1.4 branch: * jackrabbit-core 1.4.7 on January 20th * jackrabbit-core 1.4.8 on January 29th * jackrabbit-core 1.4.9 on March 3rd To get the JCR Commons subproject started we created and released a standalone Jackrabbit parent POM: * org.apache.jackrabbit:parent:2 on February 6th o Legal No issues at the moment. o Community / Development Michael Duerig joined the Jackrabbit team as a committer and PMC member. The JCR Commons subproject was started after related discussion and a vote. We are still in the process of setting up this new subproject. To respond to earlier feedback from the board: we decided *not* to move these components to Apache Commons to avoid splitting the development community. There is continuous interest in the JCR-based CMIS implementation we are developing in our sandbox. Florent Guillaume, who is not (yet) an Apache committer, is working on a related codebase in an external Mercurial repository under the working name "Chemistry". There are concerns over the development being split over different source repositories. For now we hope to bring all development into Apache svn and plan to manage the effort as organic growth within the Jackrabbit project, possibly targetting a subproject once the effort matures. Another option is to push the effort to the Incubator as a new podling. Starting with the 1.5.3 release our release notes include a section that acknowledges everyone who has contributed to that release. The contents of this section is based on the contribution report in Jira. Work in Jackrabbit trunk continues and I expect us to release Jackrabbit 1.6.0 in a few months. After the 1.6 release we'll most likely start targeting Jackrabbit 2.0 for release later this year. Jackrabbit 2.0 will require Java 5 as the base platform. o Infrastructure We have migrated our Hudson CI builds to the new minerva.apache.org slave server. The CI builds are now configured to deploy snapshots to the new repository.apache.org server. We are planning to start using the repository.apache.org server also for staging Maven releases. The Jackrabbit zone that we used earlier for CI builds is being removed as we no longer need it. We have configured monthly Google Analytics reports to be sent to our development mailing lists. This is not truly optimal as each report needs to be separately approved by a moderator (due to the variable sender address), but for now this works well enough as a mechanism of sharing site statistics with everyone interested. ----------------------------------------- Attachment Q: Status report for the Apache JAMES Project ----------------------------------------- Attachment R: Status report for the Apache Labs Project Labs is an open space for committer's coding experiments. Business-as-usual in the past quarter here at Labs, without anything requiring board attention. == Labs Statistics == last 3 months: - new: 1 - status changes: 0 - labs with commits: magma, vysper, BananaDB, noggit, orthrus all-time: - total number: 24 - active: 22 - idle: 1 - promoted: 1 - completed: 0 == New or Reactivated Labs == BananaDB (PI Karl Wettin) was started in January. It is about a "Filesystem based hashtable, living in the filesystem rather than in RAM. Aims at becoming a general embedded key/value pair DB with transactions, secondary indices and annotational API." Orthrus (PI Paul Querna) became alive. Substantial code was committed to its svn trunk. == Small and mature projects == A very interesting discussion spun up[1] about where small (in terms of code, features and community) and mature (in terms of features, code quality and thus releasability) projects would have a place here at ASF. The consensus was that there currently is none, while there was no consensus if that is good or bad and what might be a solution to it. == Lab hacking == Magma still busy in terms of commits and JIRAs. Other labs saw more selective development. == GSoC09 == The Vysper Lab is reaching out for GSoC09 students with one proposal [2]. [1] http://mail-archives.apache.org/mod_mbox/labs-labs/200902.mbox/%3C4999223E.9040601@apache.org%3E [2] http://wiki.apache.org/general/SummerOfCode2009#vysper-project ----------------------------------------- Attachment S: Status report for the Apache Lucene Project === Lucene Status Report: March, 2009 === TLP Jukka Zitting was added to the PMC. The PMC also accepted a software grant to add PyLucene, a Python based port of Lucene into the Lucene family. LUCENE JAVA Lucene Java is a search-engine toolkit. Development has been active and we are working towards the release of 2.9. 2.4.1 was released on March 9, 2009. SOLR Solr is a full text search server. Development and the community is active. Solr is working towards the release of 1.4 NUTCH Nutch is a web-search engine: crawler, indexer and search runtime. Nutch is in the process of releasing version 1.0 LUCY After some public debate on the (lack) of progress on the project, we will be keeping a close eye on it over the next six months. People have expressed an interest in seeing it continue and some progress has been made to that end. LUCENE.NET (incubating) The .NET community is picking up some steam and has begun looking into graduation from the incubator. MAHOUT Apache Mahout is working towards building a suite of scalable machine learning libraries for text and data mining. Some progress has been made on adding more clustering algorithms as well as perceptron and winnow. We are working on the processes for a 0.1 release and expect to do that release soon. PyLucene PyLucene was donated by the Open Source Applications Foundation. Andi Vajda and Mike McCandless are the initial committers on the project. PyLucene is working towards it's first release as an Apache hosted project. TIKA Apache Tika is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. The first candidate for the 0.3 release is already in place and the release should be pushed out in March. Metadata handling and metadata frameworks like XMP have been a source of much discussion, but so far no clear consensus on has been reached on whether or how the metadata features in Tika should be extended. A wiki was created for Tika. ----------------------------------------- Attachment T: Status report for the Apache OFBiz Project Report for Mar 2009 for OFBiz (Open For Business) as a top level project. The Apache Open For Business Project (Apache OFBiz) is an open source enterprise automation software project. By enterprise automation we mean: ERP, CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM, and so on. We have ONE issue that require Board assistance at this time. Please see the Infrastructure section for details. Community: - No new PMC members have been added. - One new committer has been added: Bruno Busco (2009-01-15). Project: - Planning on a release branch around the end of this month (March 2009). - Significant progress has been made on security issues, especially those particular to webapps (like XSS, XSRF, etc). - Significant new framework functionality is in place to support user configured pages (portal/portlet style), and user editable content (stored in filesystem, can interact with source repository, supports templating and scripting and such just like previous tools) - Refinement and fleshing out of business-oriented project functionality is progressing based on the Universal Business Process Library (http://docs.ofbiz.org/x/fRY) mentioned last month. Jira tasks and contributions based on some of this is starting to get into the project. Infrastructure: - ISSUE: This issue is related to the non-ASF hosting issues for project resources included in the report last time (Dec 2008), and to a new objective that came from discussion at ApacheCon in New Orleans in Nov 2008. We are working on migrating all OFBiz project management tools to actually run on OFBiz (including software enhancements and data conversion tools), including moving from Confluence to OFBiz and from Jira to OFBiz, and also running a dynamic internationalized project web site in OFBiz. The issue with this is how and where to host it. We didn't get a lot of response from infra about this, and it seems like there isn't really much precedence for this as their are not facilities in place to host this sort of thing, especially just for one project. Various other ASF Members (and some Board members) expressed interest at ApacheCon in hosting more ASF stuff on software that is developed within the ASF, and that is very compatible with what we want to do in OFBiz. In other words, whatever is done now will hopefully mature over the next few months to a point where not only OFBiz can use it for project resources, but other ASF projects can as well. Because various people involved with OFBiz either are hosting companies or work with hosting companies it isn't hard to find a place to host this, even a monitored production environment, but unless we somehow made that official ASF infrastructure there are PRC as well as survivability issues with it. Comments and recommendations from the board are needed to help guide this effort. It will be a little while, probably at least until the next board report (3 months from now), before we are ready to try anything on a production scale to replace existing OFBiz project resources. ----------------------------------------- Attachment U: Status report for the Apache POI Project Community --------- No new committers or PMC members this quarter. In the run up to our previous board report, we had identified a few possible new committers. Some mentoring has happened this quarter, but the people have drifted away somewhat, so no voting has occured. We continue to keep an eye out for anyone else. There was much "lively" debate in December, which saw Andrew Oliver resign. The rest of the PMC has asked Andrew to reconsider, and David Fisher has been taking the lead on this. If we are unable to get Andrew to reconsider soon, we'll with much sadness follow the proceedure for removing him from the pmc, and removing his svn commit. Traffic on the dev list has been about steady this quarter, with a lot of that covering licensing (see below). The user list traffic is slightly down, but in keeping with the drop seem in the same quarter this year. Bug report numbers seem about the same, though we've been having a bug push to close off older bug reports this quarter. We have one talk coming up at ApacheCon EU, and several committers attending, so we hope to make some good progress in the hackathon. Licensing, Notices etc ---------------------- We are very grateful to the work Jukka Zitting has been helping us with this quarter on making sure we're following all the best practices. One thing to come out of this was that we did have one datafile under a non-approved license, but with all the information on its licensing clearly listed in the Notice file. Once the error had been pointed out, we worked quickly with the VSDump to get the file in question re-licensed, though in the mean time the dev list did feature a heated debate, including Andrew's resignation (see above). With Jukka's continuing help, and plenty of input from the community, we've tidied up a few more loose ends, and we hope that by the 3.5 final release we'll be up to the standard of the best apache projects in this area. Releases -------- There have been no releases to POI 3.2 (our last version with no OOXML support) this quarter. We have instead focused all our efforts on POI 3.5. We have had two more beta releases of POI 3.5 (with OOXML support) this quarter. The number of supported features continues to grow, and we once again are aiming to do the final release next quarter... With ApacheCon EU coming up, there's a chance we actually will do! ----------------------------------------- Attachment V: Status report for the Apache Portals Project ----------------------------------------- Attachment W: Status report for the Apache Qpid Project Community: - Voted on Robbie Gemmell as committer - Lots of new people supplying patches, and contributing, good list of people working towards committership. Releases: - Working on our next release close down, will most likely complete next month. ----------------------------------------- Attachment X: Status report for the Apache Quetzalcoatl Project No new developments to report for Quetzalcoatl this quarter. No new versions released, no major issues discovered. The pace of development and Jira issues is very very slow. ----------------------------------------- Attachment Y: Status report for the Apache ServiceMix Project Development continues towards a release of ServiceMix 4, while we also keep on working on improving and stabilizing ServiceMix 3. The upcoming release already gets a fair share of the attention on the mailing, with early adopters helping out by testing, raising issues and suggesting improvements. Preparing for our next major release, we have released: * ServiceMix Specs 1.2.0 * a set of 13 osgi bundles for 3thd party dependencies We have added 4 new committers to the project: - Ulhas Bhole - Jamie Goodyear - Edell Nolan - Jean-Baptiste Onofre The last board report already mentioned the addition of Gianfranco Boccalon and Andrea Zopello, whose ICLAs have also been processed in meanwhile. In the PMC, we welcome Chris Custine as our newest member! A Google Analytics Privacy Policy page has been set up and a link has been added to the footer of all our website pages. ----------------------------------------- Attachment Z: Status report for the Apache SpamAssassin Project - users' mailing list seems to be healthy with a number of questions being asked and most, if not all, questions be answered/resolved daily - we haven't heard anything about our trademarks being registered, we'll have to ping Larry about that - we've been working with ReturnPath (a major email accreditor) to have them improve their DNSBLs, respond better to abuse by their customers, work better with SpamAssassin users (regarding abuse reports concerning their customers) and help us better guage our install base; they've also started accrediting email from 140.211.11.2 for us gratis if spam (e.g. backscatter, or relayed-via-list spam) is relayed through that IP, we may lose the accreditation, but it won't affect our status in a negative way -- we won't get blacklisted; so there's no downside there - jm moved I/O heavy operations off spamassassin.zones onto spamassassin2.zones at the request of infrastructure --Daryl C. W. O'Shea, on behalf of the SpamAssassin PMC. ----------------------------------------- Attachment AA: Status report for the Apache Synapse Project Notable Happenings: ------------------------------ We are working hard towards the Synapse 1.3 release. There are a lot of good fixes going into the trunk and we are currently updating to using the Axis2 1.5 codestream. Community ---------------- We believe the community is continuing to grow in terms of mailing list traffic, JIRA contributions, patches. We've had one very demanding (and lacking some social skills) user taking a lot of attention. Export controls ---------------------- We have now done our TSU notification and the latest release has the correct documentation. The next release will ship with the BouncyCastle JAR that excludes the patented IDEA algorithm. ----------------------------------------- Attachment AB: Status report for the Apache Tiles Project RELEASES In this quarter the Apache Tiles PMC released version 2.1.1 as beta quality. After that release we found a security flaw related to Tiles' support for JSP EL expressions. The flaw is documented here: http://tiles.apache.org/framework/security/security-bulletin-1.html The release was not pulled, but the bulletin above includes a recommendation not to use it. A subsequent 2.1.2 release. The 2.1.2 release also fixed some other bugs and hardened some features for the 2.1.x series. Thus it was released as the first GA release of the 2.1.x series. DEVELOPMENT On the development front, we are moving towards FreeMarker and Velocity support. A plan has been prepared a plan for future releases. That plan, at a high level, includes the aforementioned Freemarker and Velocity support in the 2.2.x series, and more revolutionary changes for a 3.0.x series. The full plan can be seen here: http://cwiki.apache.org/confluence/display/TILES/Post+2.1.x+Release+Plan COMMUNITY Recent months have seen a slight uptick in user mailing list activity. We are still in dire need of more committers to add some better diversity to the development team. We continue to encourage patches and other submissions. To date, it seems there are a lot of people experimenting with Tiles and using it in production environments, but there is very little interest from the outside in helping further develop the project. The developer community has not changed in a very long time, but we are still able to find a qorum for releases and other things. ----------------------------------------- Attachment AC: Status report for the Apache Tomcat Project Apache Tomcat Board Report, March 2009 Summary -------------- The project continues to be active on a number of fronts. There are no issues requiring Board attention at this time. Releases ------------- We didn't cut any release from the last board report. However we are in the process of releasing mod_jk 1.2.28 and Tomcat 6.0.19. Security ------------ We've been working closely with security issue reports and the Apache Security committee on quickly replying to issues, resolving them, and coordinating public disclosures. CVE-2009-0781 - Cross-site scripting vulnerability The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective. Fixed in the SVN for all major Tomcat branches. We are working on few other security issues not mentioned here because they have not been publicly disclosed yet. Development ------------------- Development was concentrated mainly on security issues and fixing bugs for the current releases. Community ----------------- There were no changes in the committership nor PMC membership during this quarter. ----------------------------------------- Attachment AD: Status report for the Apache Web Services Project New PMC Members: Andreas Veithen New committers: Sara Mitchell Dobri Kitipov Code releases: Axiom 1.2.8 XmlSchema 1.4.4 WSS4J 1.5.5 and 1.5.6 jUDDI Summary: Web Services has been grooving along at a reasonably steady pace, nothing in particular requiring board attention at this time. We are still gearing up for Axis2 1.5, which is only pending a release of the newly-refactored WS-Commons transport project. As soon as the transports go 1.0, Axis2 1.5 will release an RC followed by a final. After 1.5 is out the door we expect rapid releases by the Rampart and Sandesha subprojects as well, which will bring the published releases in line with the new functionality on the trunk. At some point in the near future we need to revive the "splitting the PMC and retiring a few projects" discussion, now that a bit of time has passed since the last round. The PMC chair continues his well-established pattern of NOT getting around to sending the "PMC cleanup" mails to our extremely inactive brethren and then removing them from the PMC list. This isn't causing any problems, but hopefully noting this here will help said PMC chair to get off his butt and get it done. Individual sub-project reports follow. (no content after the project description means no specifics to report) * Apache Axis2 * Apache Axis2 is the third generation Web service framework of the Apache Web service stack. A highly extensible message processing engine focused on SOAP messages, it includes plugins for services, transports, MessageReceivers, and Modules (message interceptors). * Kandula * Apache Kandula is an implementation of Web Services Coordination, Atomic Transaction and Business Activity protocols. The project provides implementations for both Apache Axis (kandula-1 branch) and Apache Axis2 (kandula-2 branch) platforms. * Apache Axis * Apache Axis is a web services framework implementing the W3C SOAP standard. Still hoping to release 1.5 and then retire the project, but no progress on this for this quarter. * Apache Woden * Woden is an open source Java implementation of the W3C WSDL 2.0 specification. * JaxMe2 * JaxMe 2 is an open source implementation of JAXB, the specification for Java/XML binding. Trunk updated to support Java 6. Preparing release of 0.6. * Apache Scout * Apache Scout is an implementation of the JSR 93 (JAXR), which is a java API to XML registries such as jUDDI. * Apache jUDDI * jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI) specification for Web Services. * Apache Rampart * Rampart provides the WS-Security and WS-SecureConversation support for Apache Axis2 using Apache WSS4J as the base. The configuration model uses the WS-Policy framework and supports WS-SecurityPolicy specification. The "Rahas" module in Rampart implements the WS-Trust specification with a security token service implementation and a client API to carry out token exchanges with the security token service. * Apache WSS4J * Apache WSS4J is an implementation of the OASIS Web Services Security (WS-Security) from OASIS Web Services Security TC . WSS4J is primarily a Java library that can be used to sign and verify SOAP Messages with WS-Security information. With WSS4J's latest release, the package now fully supports everything needed to interoperate with Microsoft's WS-Trust interop tests. Woo! * Apache Rampart/C * Apache Rampart/C is the security module for Apache Axis2/C. It's an effort to implement WS-Security Specification 1.0. Rampart/C also comes with an XML-Crypto library known as OMXMLSecurity. In addition Apache Rampart/C configurations are based on security policy assertions as per WS-Security Policy specification 1.1 * Apache Sandesha2 * Sandesha2 is an implementation of WS-ReliableMessaging specifications for Apache Axis2. * Apache Sandesha2/C * Sandesha2/C is a C implementation of WS-ReliableMessaging specifications(both 1.0 and 1.1) for Apache Axis2/C projects. Sandesha2/C is inter operable with Axis2/Java implementation and .net implementations. * Apache Savan * Savan is a Publisher/Subscriber implementation for Apache Axis2. * Apache Savan/C * Savan/C is a Publisher/Subscriber implementation for Apache Axis2/C projects written in C Language. * Apache Axis2/C * Apache Axis2/C is an effort to implement Axis2 architecture in C. Apache Axis2/C can be used to provide and consume Web Services. * Apache WSIF * Apache Web Services Invocation Framework (WSIF) is a simple Java API for invoking Web services, no matter how or where the services are provided as long as it is described in WSDL. * Apache WS-Commons * Apache WS-Commons is a collection of projects that are primarily used as parts of various WS projects but useful even outside the WS space. WS-Commons houses Apache Axiom - the streaming XML object model, Apache XmlSchema - an object model to manipulate XML schema documents, Apache Neethi - the WS-Policy implementation and various other smaller projects such as tcpmon. The WS-Commons transports project is preparing to release version 1.0 of each of the current Axis2 transports. * Apache Muse * Apache Muse is a Java implementation of WS-ResourceFramework, WS-Notification, and WS-DistributedManagement. It provides code generation tools and APIs that aid users in creating standards-compliant interfaces for manageable resources. Muse-based interfaces can be deployed in a J2EE or OSGi environment. * Apache XML-RPC * Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. ----------------------------------------- Attachment AE: Status report for the Apache Wicket Project Apache Wicket is a Java framework for creating highly dynamic, component oriented web applications, and was established as an Apache project in June 2007. Things worthy of note: - Added Jeremy Thomerson as a Committer and PMC member - Work on 1.3.6 and 1.4 final is progressing slowly - Waiting for final discussions to settle regarding generics for 1.4 - ApacheCon presentation, training and Meetup - Martijn visits London Wicket Meetup April 1st - Rename Wicket to WicketFX so we can get a spot in JavaOne (none of our submitted talks were accepted) No issues require attention from the board (rename action is not an actual issue). ----------------------------------------- Attachment AF: Status report for the Apache Xalan Project ----------------------------------------- Attachment AG: Status report for the Apache XMLBeans Project The activity on the mailing lists stays at the same levels with a slight increase in the last few weeks. There were a few bugs on JIRA that were promptly responded and closed. Also a bigger feature is in discussion that came from a non committer. For this quarter, there were no new releases though there were code fixes going into trunk. There were no new committers and no PMC changes and no other issues requiring board's attention. ------------------------------------------------------ End of minutes for the March 18, 2009 board meeting.