The Apache News Round-up: week ending 21 September 2018

Posted at 05:25PM Sep 21, 2018 by Sally in General  |   | 

The Apache® Software Foundation Welcomes Tencent as its Newest Sponsor at the Platinum Level

Joins ASF Platinum Sponsors Cloudera, Comcast, Facebook, Google, LeaseWeb, Microsoft, Oath, and Pineapple Fund in supporting the ASF's Mission of Providing Software For the Public Good

Wakefield, MA —20 September 2018— The Apache® Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today sponsorship by Tencent at the Platinum level.

Tencent is the first company from China to become a Platinum Sponsor of the ASF. Numerous individuals employed by Tencent are active contributors to several Apache projects, including Hadoop, HBase, Hive, MXNet (incubating), Parquet, and Spark.

"We are pleased to welcome Tencent, whose generosity, along with that of our other sponsors, offsets our day-to-day operating costs," said ASF Chairman Phil Steitz. "Sponsoring the ASF helps us successfully shepherd more than 300 projects and their communities, mentor dozens of open source innovations in the Apache Incubator, deepen community outreach, and furthers our mission of providing software for the public good 'The Apache Way'."

"We are very proud to join Apache family, as the first Platinum level sponsor from China, after a long time contributing on Open Source projects, include: Hadoop, HBase, Spark, etc.," said Huixing Wang, VP at Tencent Cloud. "Sponsoring ASF is an evidence that Tencent will encourage more talented engineers to join Open Source contributions and innovations, and we firmly believe that Open Source technology can make the world better."

Tencent joins the following ASF Sponsors:

Platinum —Cloudera, Comcast, Facebook, Google, LeaseWeb, Microsoft, Oath, and Pineapple Fund;
Gold —Anonymous, ARM, Bloomberg, Hortonworks, Huawei, IBM, Indeed, ODPi, Pivotal;
Silver —Aetna, Alibaba Cloud Computing, Budget Direct, Capital One, Cerner, Private Internet Access, Red Hat, Target, Union Investment;
Bronze —Airport Rentals, The Best VPN, The Blog Starter, Bookmakers, Cash Store, Casino Bonus, Casino2k, Cloudsoft, Emerio, HostChecka.com, HostingAdvice.com, HostPapa Web Hosting, The Linux Foundation, Mobile Slots, SCAMS.info, Site Builder Report, Talend, Twitter, Web Hosting Secret Revealed;
Platinum Targeted —DLA Pipser, Microsoft, Oath, OSU Open Source Labs, Sonatype;
Gold Targeted —Atlassian, The CrytpoFund, Datadog, PhoenixNAP, Quenda;
Silver Targeted —Amazon Web Services, Hotwax Systems,  Rackspace;
Bronze Targeted —Assembla, Bintray, Education Networks of America, Google, Hopsie, No-IP, PagerDuty, Peregrine Computer Consultants Corporation, Sonic.net, SURFnet, Virtru.

To Sponsor the ASF, visit http://apache.org/foundation/sponsorship.html

About Tencent and Tencent Cloud
Tencent uses technology to enrich the lives of Internet users. Our social products Weixin and QQ link our users to a rich digital content catalogue including games, video, music and books. Our proprietary targeting technology helps advertisers reach out to hundreds of millions of consumers in China. Our infrastructure services including payment, security, cloud and artificial intelligence create differentiated offerings and support our partners’ business growth. Tencent invests heavily in people and innovation, enabling us to evolve with the Internet.Tencent was founded in Shenzhen, China, in 1998. Shares of Tencent (00700.HK) are traded on the Main Board of the Stock Exchange of Hong Kong. https://www.tencent.com/

As the subsidiary of Tencent focused on developing cloud computing and artificial intelligence (AI) technologies, Tencent Cloud offers leading technological products and services and customized industry-specific solutions in the fields of cloud computing, big data, artificial intelligence to government agencies, corporations and individual developers around the world.

About The Apache Software Foundation (ASF)
Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server --the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 700 individual Members and 6,600 Committers successfully collaborate to develop freely available enterprise-grade software, benefiting billions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Anonymous, ARM, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Hortonworks, Huawei, IBM, Indeed, Inspur, LeaseWeb, Microsoft, Oath, ODPi, Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, and Union Investment. For more information, visit http://www.apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "Apache HTTP Server", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # # 

Posted at 04:01PM Sep 20, 2018 by Sally in General  |   | 

The Apache Software Foundation Operations Summary: May - July 2018

First Quarter, Fiscal Year 2019 (May - July 2018)

(c) The Apache Software Foundation 2018.

Posted at 02:28AM Sep 18, 2018 by Sally in General  |   | 

The Apache News Round-up: week ending 14 September 2018

Posted at 04:06PM Sep 14, 2018 by Sally in General  |   | 

The Apache News Round-up: week ending 7 September 2018

Posted at 06:13PM Sep 07, 2018 by Sally in General  |   | 

Success at Apache — 赢在 Apache: If it helps others, all the better.

by Sally Khudairi, with contributions by Ignasi Barrera, Von Gosling, Luke Han, Kevin A. McGrail, and Anthony Shaw. Translations by Ted Liu and David Zhenwei Dong.

I became active in The Apache Software Foundation at its inception in 1999. I am responsible for elevating the ASF's visibility, and supporting the Foundation by counseling 350+ Apache projects and their communities in the areas of messaging, outreach, and engagement.

As a global, virtual, and diverse community, the ASF relies on countless Apache Members, Committers, and Contributors to help share our values and explain our processes with others. We have grown from a single project to hundreds of projects and communities https://projects.apache.org/committees.html?date through "The Apache Way": an inclusive process and judicious reinforcement of "Community Over Code". 

We launched the "Success at Apache" blog series following the Media & Analyst Training at ApacheCon Seville in 2016. I asked ASF Board Member and VP Brand Management Mark Thomas his opinion on what he thinks are some of the reasons that the ASF "just works". His immediate response was: "project independence". I asked if he'd put that in writing —in his own words— as our community members' personal experiences help others see The Apache Way through their unique perspectives. Shortly afterwards, we published "Project Independence" https://blogs.apache.org/foundation/entry/success_at_apache_project_independence and "Success at Apache" was born https://blogs.apache.org/foundation/feed/entries/atom?cat=SuccessAtApache . 

Whilst English is the ASF's official language, localization often helps foster understanding,  encourage adoption, and onboard new contributors more quickly. A while back, ASF Member Ted Liu told me that he and some of his coworkers had translated a handful of our "Success at Apache" blog posts into Mandarin Chinese. He asked if it would be useful to us.

Why yes, of course: new approaches to promote and propagate The Apache Way are always appreciated.

. . . 

赢在 Apache

- Meritocracy, by Kevin A. McGrail, Vice President of ASF Fundraising. Translation by David Zhenwei Dong.

- Lowering Barriers to Open Innovation, by Luke Han, Vice President of Apache Kylin. Translation by David Zhenwei Dong.

- Scratch Your Own Itch, by Ignasi Barrera, a member of the Apache jclouds PMC. Translation by Ted Liu.

- Contributing to Open Source Even with a High-pressure Job, by Anthony Shaw, contributor to over 20 Open Source projects, including Apache Libcloud. Translation by Ted Liu.

- Open Innovation from a Non-native English Country, by Von Gosling, original co-founder of Apache RocketMQ. Translation by Ted Liu.

. . .

Ted's action reflects one of our greatest successes at Apache: the mindset of "If this is helpful to me, that's good (= "scratch your own itch"). If it helps others, all the better." 

After all, we didn't become the world's largest Open Source foundation by not being helpful. There's always something needing to be done in an all-volunteer community: if you'd like to help the ASF, we will happily accept your assistance where possible. Plus, helping others feels pretty great.

Whether contributing code and writing documentation http://apache.org/foundation/getinvolved.html , mentoring community members http://community.apache.org/ , supporting the ASF through an individual donation or corporate sponsorship http://apache.org/foundation/contributing.html , or serving in myriad other ways https://helpwanted.apache.org/ , we thank you.

For an immersive, rewarding experience with dozens of Apache projects and hundreds of user and developer community members, consider joining us at ApacheCon in Montreal 24-27 September 2018 http://apachecon.com/ . This year's event is extra special, as we're celebrating the 20th Anniversary of ApacheCon —huzzah! All are welcome https://blogs.apache.org/comdev/entry/my-first-experience-of-apachecon

We look forward to seeing you there and sharing your Success at Apache.

Sally Khudairi is Vice President of Marketing & Publicity at The Apache Software Foundation (ASF) where, in 2002, she was elected its first female and non-technical Member. Over her 25-year career in the Web, Khudairi has been lauded as a dynamic communications strategist and expert in next-generation innovations, and has played an integral role in building campaigns for some of the industry’s most prominent standards and organizations. Prior to launching the ASF in 1999, Khudairi was deputy to Sir Tim Berners-Lee as Head of Communications at the World Wide Web Consortium (W3C), overseeing the launch of 17 specifications that include PNG, CSS, HTML4 and XML. She is Managing Director/Luxury & Technology Practice lead at HALO Worldwide and Founder/Chief Marketing Officer at OptDyn.

= = =

"Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works" https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 02:03AM Sep 05, 2018 by Sally in SuccessAtApache  |   | 

The Apache News Round-up: week ending 31 August 2018

So long, August. Let's wrap up the month with a look back at our activities over the past week:

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 September. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ –the ASF's official global conference series, now in its 20th year.
 - 24-27 September: T-24 days to Montreal. Don't miss 100+ Apache project and community sessions, from CloudStack to Spark to Tomcat to Geospatial to Hackathon, BarCamp, and more. Join us! http://apachecon.com/acna18/

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield bouncy performance at 96.12% uptime. http://status.apache.org/

ASF Operations Factoid –this week, 288 Apache contributors changed 444,400 lines of code over 1,613 commits. Top 5 contributors, in order, are: Sijie Guo, Tellier Benoit, Kevin A. McGrail, Shawn McKinney, and Carlos Sanchez Gonzalez.

Apache Drill™ –an Apache Open Source SQL query engine for Big Data exploration.
 - Apache Drill 1.14.0 released https://drill.apache.org/

Apache HttpComponents™ Core –a set of HTTP/1.1 and HTTP/2 transport components that can be used to build custom client and server side HTTP services with a minimal footprint.
 - HttpComponents Core 5.0 beta3 released http://hc.apache.org/

Apache SystemML™ –a machine learning platform optimal for Big Data.
 - Apache SystemML 1.2.0 released http://systemml.apache.org/

Apache XMLBeans™ –a tool that allows access to the full power of XML in a Java friendly way.
- Apache XMLBeans 3.0.1 released https://xmlbeans.apache.org

Did You Know?

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 - Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Apache in 2017 - By The Digits https://s.apache.org/h8do

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

# # #

Posted at 01:53PM Aug 31, 2018 by Sally in General  |   | 

The Apache News Round-up: week ending 24 August 2018

** this post is our 500th "Foundation" entry on blogs.apache.org ... shout-outs, emojis, and ascii art welcome <g> **

Hello, hello! It's time for our Friday review of our activities over the past week:

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 September. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ –the ASF's official global conference series, now in its 20th year.
 - 24-27 September: T-31 days to Montreal --100+ sessions of Apache project and community-driven goodness. Have you registered yet? http://apachecon.com/acna18/

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield fab performance at 98.85% uptime. http://status.apache.org/

ASF Operations Factoid –this week, 389 Apache contributors changed 647,196 lines of code over 2,206 commits. Top 5 contributors, in order, are: Bridget Bevens, Andrea Cosentino, Willem Jiang, Peng Hui Jiang, and Kevin A. McGrail.

Apache Cayenne™ –a powerful, full-featured, Open Source framework created for developers working with relational databases.
 - Apache Cayenne 4.0 final released https://cayenne.apache.org/

Apache Commons™ Lang –a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
 - Apache Commons Lang 3.8 released http://commons.apache.org/

Apache Directory™ –an extensible and embeddable directory server entirely written in Java, and certified LDAPv3 compatible by The Open Group.
 - Apache DS 2.0.0.AM25 released http://directory.apache.org/

Apache Flink™ –an Open Source stream processing framework for distributed, high-performing, always-available, and accurate data streaming applications.
 - Apache Flink 1.5.3 released https://flink.apache.org/

Apache HAWQ^® –advanced Big Data query engine and analytic database in use at Alibaba, Haier, VMWare, ZTESoft, and hundreds more.
 - The Apache Software Foundation Announces Apache^® HAWQ^® as a Top-Level Project https://s.apache.org/V43L

Apache Qpid™ –implements the latest AMQP specification, the first open standard for enterprise messaging, and provides transaction management, queuing, distribution, security, management, clustering, federation and heterogeneous multi-platform support and a lot more.
 - Apache Qpid JMS AMQP 0-x 6.3.3 and Qpid JMS 0.36.0 released http://qpid.apache.org/

Apache Struts™ –an elegant, extensible framework for creating enterprise-ready Java Web applications.
 - Apache Struts 2.3.35 GA with Security Fixes and 2.5.17 GA with Security Fixes released http://struts.apache.org
 - CVE-2018-11776 Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 http://mail-archives.apache.org/mod_mbox/www-announce/201808.mbox/%3CDB5PR08MB10623BF00ACDCA92BF685C63AF300%40DB5PR08MB1062.eurprd08.prod.outlook.com%3E

Apache Syncope™ –an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology.
 - Apache Syncope 2.0.10 and 2.1.1 released http://syncope.apache.org/

Apache Tomcat™ –an Open Source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers technologies.
 - Apache Tomcat 8.5.33 and 9.0.11 released http://tomcat.apache.org/

Did You Know?

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 - Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Apache in 2017 - By The Digits https://s.apache.org/h8do

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

# # #

Posted at 02:29PM Aug 24, 2018 by Sally in General  |   | 

The Apache Software Foundation Announces Apache® HAWQ® as a Top-Level Project

Posted at 10:00AM Aug 23, 2018 by Sally in General  |   | 

The Apache News Round-up: week ending 17 August 2018

Happy Friday from the Apache community! Let's delve into what's happened over the past week:

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 September. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ –the ASF's official global conference series, now in its 20th year.
 - 24-27 September: we look forward to seeing you in Montreal. 100+ Apache community-driven sessions: register today http://apachecon.com/acna18/

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield superb performance at 98.54% uptime. http://status.apache.org/

ASF Operations Factoid –this week, 418 Apache contributors changed 760,843 lines of code over 2,533 commits. Top 5 contributors, in order, are: Gary Gregory, Benjamin Mahler, Uma Maheswara Rao G, Stephen Mallette, and Jeff Elsloo.

Apache Commons™ Compress –defines an API for working with compression and archive formats.
 - Apache Commons Compress 1.18 released http://commons.apache.org/
 - [CVE-2018-11771] Apache Commons Compress 1.7 to 1.17 denial of service vulnerability http://mail-archives.apache.org/mod_mbox/www-announce/201808.mbox/%3C87in4apjvv.fsf%40v45346.1blu.de%3E

Apache Commons™ RNG –library that provides a collection of implementations of random numbers generators.
 - Apache Commons RNG 1.1 released http://commons.apache.org/

Apache Groovy™ –a multi-faceted language for the Java platform.
 - Apache Groovy 2.5.2 released https://groovy.apache.org/

Apache Olingo™ –a Java library that enables developers to implement OData service providers (server) and consumers (clients) for OData V2 and V4.
 - Apache Olingo 4.5.0 released https://olingo.apache.org/

Apache Qpid™ –a messaging library for the Advanced Message Queuing Protocol 1.0 (AMQP 1.0, ISO/IEC 19464, http://www.amqp.org).
 - Apache Qpid Proton-J 0.29.0 released http://qpid.apache.org/

Did You Know?

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 - Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Apache in 2017 - By The Digits https://s.apache.org/h8do

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

# # #

Posted at 01:29PM Aug 17, 2018 by Sally in General  |   | 

The Apache News Round-up: week ending 10 August 2018

Another lovely week draws to a close. Here's what the Apache community has been up to:

Success at Apache –a monthly blog series that focuses on the processes behind why the ASF "just works".
 - The Apache Legal Shield - A Pragmatic View, by Bertrand Delacrétaz https://s.apache.org/tmi6

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 August. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ –the ASF's official global conference series. Celebrating 20 years of community-led programming.
 - 24-27 September: Join us in Montreal! Discounted hotel room rates are filling quickly --register today http://apachecon.com/acna18/
 - 8 October: Apache Roadshow and Open Source Job Fair/Fairfax, VA --Save The Date!

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield really nice performance at 97.66% uptime. http://status.apache.org/

ASF Operations Factoid –this week, 399 Apache contributors changed 786,435 lines of code over 2,144 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Stephen Mallette, Wes McKinney, Oleg Kalnichevski, and Clebert Suconic.

Apache Commons™ Configuration –software library that provides a generic configuration interface which enables an application to read configuration data from a variety of sources.
 - Apache Commons Configuration 2.3 released http://commons.apache.org/

Apache CouchDB™ –easy to use, Open Source database software with a scalable architecture. 
 - Apache CouchDB 2.2.0 released https://couchdb.apache.org/

Apache Flink™ –an Open Source stream processing framework for distributed, high-performing, always-available, and accurate data streaming applications.
 - Apache Flink 1.6.0 released https://flink.apache.org/

Apache Jackrabbit™ Oak –a scalable, high-performance hierarchical content repository designed for use as the foundation of modern world-class Web sites and other demanding content applications.
 - Apache Jackrabbit 2.16.3 and Jackrabbit Oak 1.8.6 released http://jackrabbit.apache.org/

Apache Kafka™ –distributed, fault tolerant, publish-subscribe messaging.
 - Apache Kafka 2.0.0 released https://kafka.apache.org/

Apache Pulsar (incubating) –a highly scalable, low latency messaging streaming platform running on commodity hardware.
 - Apache Pulsar 2.1.0-incubating released https://pulsar.incubator.apache.org/

Apache Qpid™ Proton –a messaging library for the Advanced Message Queuing Protocol 1.0.
 - Apache Qpid Proton-J 0.27.3 and 0.28.1 released http://qpid.apache.org/

Apache ServiceComb (incubating) –a Restful based service-registry that provides micro-services discovery and micro-service management.
 - Apache ServiceComb Service-Center 1.0.0 and ServiceComb Java-Chassis version 1.0.0 released http://servicecomb.incubator.apache.org/

Apache Tomcat™ –an Open Source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies.
 - CVE-2018-8037 Apache Tomcat - Information Disclosure http://mail-archives.apache.org/mod_mbox/www-announce/201808.mbox/%3C0c616b4d-4e81-e7f8-b81d-1bb4c575aa33%40apache.org%3E

Apache Traffic Server™ – a high-performance Web proxy cache that improves network efficiency and performance by caching frequently-accessed information at the edge of the network.
 - Apache Traffic Server 6.2.3 and 7.1.4 released http://trafficserver.apache.org/

Did You Know?

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 - Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Apache in 2017 - By The Digits https://s.apache.org/h8do

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

# # #

Posted at 01:42PM Aug 10, 2018 by Sally in General  |   | 

Success at Apache: the Apache Legal Shield - a pragmatic view

by Bertrand Delacretaz

I became active in the ASF in 2001 via Gianugo Rabellino -- he was the one who started the discussions with Apache Fop about me donating the jfor XLS-FO to RTF converter that I had developed earlier. It was already too late to uninvent RTF which is a terrible format, but I digress. I am currently a member of the Board of Directors of the ASF and have been doing a lot of thinking (and presentations) about what makes the ASF tick in terms of collaboration and Shared Neurons.

Section 12.1 of the Apache Bylaws https://www.apache.org/foundation/bylaws describes the legal protection that the Apache Software Foundation provides to our directors, officers and members.

I'm not a lawyer by far, however, and that language is a bit hard for me to parse, so I thought I'd try to clarify what this means for our contributors and learn more about it in the process.

If you go into detail there's certainly more to it but I think the items below are the absolute basics that every PMC member https://www.apache.org/foundation/how-it-works.html should understand in order to benefit from the legal shield that the Foundation provides.

What is a "Legal Shield" ?

An important goal of the Apache Bylaws and policies is to isolate our contributors from any legal action that might be taken against the Foundation, if they act as specified in those policies.

That's what we mean by "legal shield": a way for our individual volunters to be sheltered from legal suits directed at the Foundation's projects, as mentioned in our "How the ASF works" document https://www.apache.org/foundation/how-it-works.html .

Acts of the Foundation

The first thing is to make sure our software releases are "Acts of the Foundation" as opposed to something that people do in their own name. This is natural if we follow our release policy https://www.apache.org/legal/release-policy.html , which defines a simple release approval process for releasing source code that makes the project's PMC https://www.apache.org/foundation/how-it-works.html responsible for the release, as opposed to our individual contributors and release managers.

This means that if the released software is ever involved in legal action and someone has to testify or produce information as part of a subpoena, or worse, it's the Foundation which is in charge of that and not our individual contributors. These things happen from time to time, not very often but they can represent a lot of work and aggravation that none of us are looking for. The 2011 subpoena to Apache around Java and Android http://www.groklaw.net/articlebasic.php?story=20110509221136468 is just one example of that. Produce documents reflecting all communications between someone and Apache, how fun is that?

The goal of our release process is to make it very clear what an Apache Release is, and also clarify that anyone using our software in other ways, by getting it directly from our code repositories for example, does so at their own risk. If it's not an Apache Release we didn't give it to them, they grabbed it on their own initiative and have to accept the consequences of that.

The Rest is for Contributors

This leads to a second and related item: developer builds, which happen much more often than releases, often daily, and that people can easily download and use.

Those builds are meant for contributors to our projects, to use in development and testing as part of their contribution activities.

To avoid any confusion, it is important to clearly label them as such, and to draw a clear line between them and official Apache Releases. They should only be advertised in places where developers who are part of our communities (as opposed to the general public) can see them, and with suitable disclaimers.

In our world of continuous deployment and automated builds, the lines between what's a release and what's just tagged code that works for someone are often blurred. That's totally fine from a technical point of view, and often desirable when one wants to move fast, but we shouldn't forget about the possible legal implications ot distributing software.

Let's make sure we take advantage of the well-designed Apache Legal Shield that the Foundation provides to us, by strictly following our release policy and clearly specifying what is what in terms of downloadable software.

I never thought I'd write a blog post on a legal topic, so here's the FUN DISCLAIMER: As mentioned, I am not a lawyer by far, and the above should not be considered legal advice - just a pragmatic view that can hopefully help our contributors better understand the related issues. For legal advice, consult your own legal advisor! And if you're thirsty after reading all this, get a drink and give a toast to the ASF and its founders!

Many thanks to the fellow Apache members who provided feedback and additional ideas for this post.

. . . 

Bertrand Delacretaz works as a Principal Scientist with the Adobe Research team in Basel, Switzerland. He spends a good portion of his time advocating and implementing Open Development as a way to make geographically dispersed teams more efficient and more fun for his coworkers. Bertrand is also an active Member of the Apache Software Foundation, currently on his tenth term on the Foundation's Board of Directors (Fiscal Year 2018-2019).

Posted at 12:21AM Aug 07, 2018 by Sally in SuccessAtApache  |   | 

The Apache News Round-up: week ending 3 August 2018

Posted at 04:22PM Aug 03, 2018 by Sally in General  |   | 

The Apache News Round-up: week ending 27 July 2018

Farewell, July! Let's check out the Apache community's activities from the past week:

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 August. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ –the ASF's official global conference series. Join us!
 - 24-27 September: Registration for ApacheCon North America/Montreal is open http://apachecon.com/acna18/
 - 8 October: Apache Roadshow and Open Source Job Fair/Fairfax, VA --Save The Date!
 - Media and Community Partner opportunities available for *all* official Apache events: drop us a note at press@apache.org to help.

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield zippity performance at 93.91% uptime. http://status.apache.org/

ASF Operations Factoid –this week, 506 Apache contributors changed 968,003 lines of code over 3,133 commits. Top 5 contributors, in order, are: Tellier Benoit, Karl Heinz Marbaise, Andrea Cosentino, Roberto Cortez, and Gary Gregory.

Apache Accumulo™ –a sorted, distributed key/value store that provides robust, scalable Big Data storage and retrieval.
 - Apache Accumulo 1.9.2 released https://accumulo.apache.org/

Apache Calcite™ –a framework for writing Big Data management systems.
 - Apache Calcite 1.17.0 released http://calcite.apache.org/

Apache Directory™ Fortress –computer security access management facility written in Java.
 - Apache Fortress 2.0.1 released https://directory.apache.org/fortress/

Apache HBase™ –Open Source, distributed, versioned, non-relational database.
 - Apache HBase 2.1.0 released https://hbase.apache.org/

Apache HttpComponents™ HttpAsyncClient–a library for client-side HTTP communication built on HttpCore.
 - HttpComponents HttpAsyncClient 4.1.4 GA released http://hc.apache.org/

Apache Kafka™ –distributed, fault tolerant, publish-subscribe messaging.
 - CVE-2017-12610: Authenticated Kafka clients may impersonate other users http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAOJcB383nmC%2BpxBXoc2JcuD4TXgQrvgjCuovNavmt6sFs4%2BsBQ%40mail.gmail.com%3E
 - CVE-2018-1288: Authenticated Kafka clients may interfere with data replication http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAOJcB3905-NRw3baEUGhEaqKipzQ%2BNryJHsK%3DAtF_aFFsF1nOA%40mail.gmail.com%3E

Apache OpenWhisk (incubating) –distributed serverless computing platform.
 - CVE-2018-11756 PHP Runtime for Apache OpenWhisk http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAAC1_d4geVGr-%2BOk95Gq9C9P81BXUDT3d9N7-2r%2BqsiPrM5r3w%40mail.gmail.com%3E
 - CVE-2018-11757 Docker Skeleton Runtime for Apache OpenWhisk http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAAC1_d7x6buq1aREekk_Eh9SjevQLPLkXc%2BaidiFBMcNz7GGwQ%40mail.gmail.com%3E

Apache Qpid™ –messaging tools that speak AMQP and support many languages and platforms.
 - Apache Qpid JMS 0.35.0 released http://qpid.apache.org/

Apache Tomcat™ –an Open Source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies.
 - CVE-2018-8019 Apache Tomcat Native Connector - Mishandled OCSP invalid response http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721095943.GA24320%40minotaur.apache.org%3E
 - CVE-2018-8020 Apache Tomcat Native Connector - Mishandled OCSP responses can allow clients to authenticate with revoked certificates http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721101944.GA45239%40minotaur.apache.org%3E
 - CVE-2018-1336 Apache Tomcat - Denial of Service http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E
 - CVE-2018-8037 Apache Tomcat - Information Disclosure http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E
 - CVE-2018-8034 Apache Tomcat - Security Constraint Bypass http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E

Did You Know?

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 - Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Apache in 2017 - By The Digits https://s.apache.org/h8do

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

# # #

Posted at 04:18PM Jul 27, 2018 by Sally in General  |   | 

The Apache News Round-up: week ending 20 July 2018

Greetings, all. It's time to review the Apache community's activities from the past week:

Support Apache –help offset the ASF's day-to-day operating expenses and keep Apache software for everyone.
 - Consider an individual contribution or corporate sponsorship or matching gift program. Every dollar counts. http://apache.org/foundation/contributing.html

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 August. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ –the ASF's official global conference series. Join us!
 - 24-27 September: Registration for ApacheCon North America/Montreal is open http://apachecon.com/acna18/
 - 8 October: Apache Roadshow and Open Source Job Fair/Fairfax, VA --Save The Date!
 - Media and Community Partner opportunities available: contact press@apache.org if you can help.

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield great performance at 92.39% uptime. http://status.apache.org/

ASF Operations Factoid –this week, 505 Apache contributors changed 1,356,389 lines of code over 3,304 commits. Top 5 contributors, in order, are: Rakesh Radhakrishnan, Gary Gregory, Shawn McKinney, Andrea Cosentino, and Julian Reschke.

Apache Commons™ DBCP –database connection pooling services.
 - Apache Commons DBCP 2.5.0 released http://commons.apache.org/

Apache Ignite™ –a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale.
 - Apache Ignite 2.6.0 released https://ignite.apache.org/
 - [CVE-2018-1273] Apache Ignite impacted by security vulnerability in Spring Data Commons http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
 - [CVE-2018-8018] Possible Execution of Arbitrary Code via Apache Ignite GridClientJdkMarshaller http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAK0qHnrpBcaDc65bjdX1jEqr6L9a%2BOWcouC9P6JwEY1vh9gbhQ%40mail.gmail.com%3E

Apache NiFi™ –an easy to use, powerful, and reliable system to process and distribute data.
 - Apache NiFi 1.7.1 released https://nifi.apache.org/

Apache Phoenix™ –enables OLTP and SQL-based operational analytics for Apache Hadoop.
 - Apache Phoenix 5.0.0 released http://phoenix.apache.org/

Apache Qpid™ –a messaging library for the Advanced Message Queuing Protocol 1.0 (AMQP 1.0, ISO/IEC 19464, http://www.amqp.org).
Apache Qpid Proton-J 0.27.2 and 0.28.0, and Qpid JMS AMQP 0-x 6.3.2 released http://qpid.apache.org/

Apache Subversion™ –leading Open Source version control system.
 - Apache Subversion 1.9.9 and 1.10.2 released https://subversion.apache.org/

Did You Know?

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 - Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Apache in 2017 - By The Digits https://s.apache.org/h8do

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

# # #

Posted at 04:57PM Jul 20, 2018 by Sally in General  |   |