The Apache Software Foundation Blog
The Apache News Round-up: week ending 1 December 2017
We're at the final stretch of the year --happy December! Let's review what we've been up to over the past week:
Support Apache –Adobe, Bloomberg, and Google are among the organizations who match or exceed the contributions made by their employees. If your employer has a Matching Gifts program, please consider adding The Apache Software Foundation to your list of beneficiary organizations. Every dollar counts. http://apache.org/foundation/contributing.html
ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
- Next Board Meeting: 20 December. Board calendar and minutes http://apache.org/foundation/board/calendar.html
- The Apache Software Foundation Operations Summary: August - October 2017 https://s.apache.org/j1GJ
ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
- 7M+ weekly checks yield happy performance at 99.73% uptime http://status.apache.org/
ASF Operations Factoid –this week, 98 Apache contributors changed 113,918 lines of code over 340 commits. Top 5 contributors, in order, are: Jonathan Hurley, Mark Thomas, Jacky Li, Andrew Gaul, and Francesco Chicchiriccò.
Apache CXF™ –an Open Source services framework that helps you build and develop services using frontend programming APIs like JAX-WS and JAX-RS.
- Apache Apache CXF 3.0.16 and CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017-12631 http://cxf.apache.org/
Apache Directory™ Kerby –a Java Kerberos binding.
- Apache Directory Kerby 1.1.0 released http://directory.apache.org/kerby/
Apache Groovy™ –a multi-facet programming language for the JVM.
- Apache Groovy 3.0.0-alpha-1 released https://groovy.apache.org/
Apache HttpComponents™ Client –a library for client-side HTTP communication.
- Apache HttpComponents Client 5.0 alpha3 released http://hc.apache.org/
Apache Impala™ –high performance analytic database for Apache Hadoop in-Cloud or on-premises.
- The Apache Software Foundation Announces Apache® Impala™ as a Top-Level Project https://s.apache.org/WpqC
Apache jclouds™ –Open Source multi-Cloud toolkit.
- Apache jclouds 2.0.3 released http://jclouds.apache.org/
Apache Qpid™ –client supporting the Advanced Message Queuing Protocol 1.0, based around the Apache Qpid Proton protocol engine and implementing the AMQP JMS Mapping as it evolves at OASIS.
- Apache Qpid C++ 1.37.0 released http://qpid.apache.org/
- [CVE-2017-15701] Apache Qpid Broker-J Denial of Service Vulnerability http://mail-archives.apache.org/mod_mbox/www-announce/201711.mbox/%3CCAFEMS4vr8tXkkmRj%2By6g0p3y3r9SqDL8Gf9%2BouhbKjPAsbJ04w%40mail.gmail.com%3E
- [CVE-2017-15702] Apache Qpid Broker-J Authentication Vulnerability on HTTP Ports http://mail-archives.apache.org/mod_mbox/www-announce/201711.mbox/%3CCAFEMS4s6PnZqKLHKiA9TJFb028JuObc_14%2BsU9Ev4OZojPUJ6A%40mail.gmail.com%3E
Apache Struts™ –an elegant, extensible framework for creating enterprise-ready Java Web applications.
- Apache Struts 2.5.14 GA released http://struts.apache.org/
Apache Tomcat™ –an Open Source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers technologies.
- Apache Tomcat 8.5.25, 9.0.2, and Tomcat Native 1.2.16 released http://tomcat.apache.org/
Did You Know?
- Did you know that the following Apache projects are celebrating anniversaries in December? Apache Portable Runtime (APR) (17 yrs); Logging Services (14 yrs); Cayenne, OFBiz, and Tiles (11 yrs); Synapse (10 yrs); Camel (9 yrs); Axis, OpenWebBeans, and Pivot (8 yrs); Aries (7 yrs); ACE (6 yrs); Flex (5 yrs); Helix (4 yrs); Falcon and Flink (3 yrs); Beam and Eagle (1 yr) -- Many Happy Returns! https://projects.apache.org/committees.html?date
- Did you know that Apache Groovy has been downloaded 40 million times since the beginning of 2017? http://groovy.apache.org/
- Did you know that Amazon Neptune is fully compatible with Apache TinkerPop? http://tinkerpop.apache.org/
Apache Community Notices:
- Foundation Statement –Apache Is Open. https://s.apache.org/PIRA
- "Success at Apache" focuses on the processes behind why the ASF "just works". 1) Project Independence https://s.apache.org/CE0V 2) All Carrot and No Stick https://s.apache.org/ykoG 3) Asynchronous Decision Making https://s.apache.org/PMvk4) Rule of the Makers https://s.apache.org/yFgQ 5) JFDI --the unconditional love of contributors https://s.apache.org/4pjM 6) Meritocracy and Me https://s.apache.org/tQQh 7) Learning to Build a Stronger Community https://s.apache.org/x9Be 8) Meritocracy. https://s.apache.org/DiEo 9) Lowering Barriers to Open Innovation https://s.apache.org/dAlg 10) All My Roads Led to Apache https://s.apache.org/l9OO 11) Scratch Your Own Itch. https://s.apache.org/7Amk
- Presentations from ApacheCon https://s.apache.org/Hli7 and Apache: Big Data https://s.apache.org/tefE are available; as well as videos https://s.apache.org/AE3m and audio recordings https://feathercast.apache.org/
- Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/and Twitter account https://twitter.com/ApacheCommunity
- The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html
- Members of the Apache community will be out in force at Open Source Summit Paris 6-7 December 2017 http://www.opensourcesummit.paris/
- ASF Quarterly Report: Operations Summary Q2 FY2018 https://s.apache.org/j1GJ
- ASF Annual Report is available at https://s.apache.org/FY2017AnnualReport
# # #
Posted at 04:05PM Dec 01, 2017 by Sally in General | |
The Apache Software Foundation Operations Summary: August - October 2017
Second Quarter, Fiscal Year 2018 (August - October 2017)
"As a large Cloud Infrastructure company, LeaseWeb relies on a number of Open Source technologies to deliver our services. The activities of The Apache Software Foundation –and in our case, the Apache CloudStack project in particular– allow us to keep bringing innovative, quality services to the market. We are very proud to be a sponsor!"
--Robert van der Meulen, Technical Evangelist, LeaseWeb (ASF Platinum Sponsor)
> President's Statement: Our steady growth continues, with 6 new Top-Level Projects this quarter. Fiscally, we remain on track for FY18, with expenses under control and income coming in on budget. Notable in this quarter was the Foundation's coordinated response to the Equifax data breach, which was ultimately determined to be caused by Equifax's failure to install patches provided for Apache® Struts™ exploit. This effort involved the Marketing and Publicity, Struts PMC, and ASF Security teams; as well as and a board member (Chris Mattmann) who participated in same-day broadcast media interviews.
- Conferences is increasingly looking to participate/co-locate with existing and lower cost events;
- Trademarks continues to show a steady increase is questions, answers, and merchandise;
- Infrastructure continued to expand the "self service" toolset, allowing authorized committers to perform operations that previously required infrastructure staff; and
- Marketing and Publicity led the response to the Equifax data breach.
> Conferences and Events: In May of this year, as mentioned in our last report, we ran ApacheCon North America in Miami. This was the final event produced under our agreement with The Linux Foundation. At a meeting in Miami, and in the time since then, we have been considering how we will run the event going forward, and have investigated a number of possible avenues. In this report, I discuss two of the ways that the Apache Software Foundation will be doing events in the coming year.
- Participating in existing events: As you know, there are many hundreds of events every year, and some of these events have substantial overlap with various Apache projects, or groups of Apache projects. It makes a lot of sense to participate in those events directly. To this end, we have reached out to a number of organizations that produce events, and requested an Apache track. We’ll set a theme for that track, based on the emphasis of the particular event, and curate the content that will be presented there. We'll try, in each case, to also provide an "Apache Way" talk, so that these audiences can learn more about how Apache operates. The first three events that fall into this category are LinuxCon China, Open Source Summit North America, and Open Source Summit Europe, produced by the Linux Foundation. These events may be found at https://www.lfasiallc.com/linuxcon-containercon-cloudopen-china , http://events.linuxfoundation.org/events/open-source-summit-north-america and http://events.linuxfoundation.org/events/open-source-summit-europe respectively, and the CFP for each event is now open, with an Apache category in each. The emphasis for these events is "Apache: Tomorrow's Technology Today", and focuses on incubating, or recently graduated, projects at Apache. We are also attempting to participate more fully in events that focus on a particular one of our projects, such as MesosCon, Spark Summit, and so on.
- Colocating with existing events: We are currently in talks with Berlin Buzzwords and FOSS Backstage - https://berlinbuzzwords.de/ - about running ApacheCon Europe colocated with their 2018 event, the week of June 10th, in Berlin. The overlap in our communities and our subject areas makes this a great fit, and we hope it will result in a cost savings for both events, and cross-pollination between the project communities. Look for announcements as soon as we have something firmly planned.
- Producing lower cost events: We are also working with the people that produce Flock - the Fedora user conference https://flocktofedora.org/ - about doing an event in that style for ApacheCon North America. We are currently hunting for a date, and should have an announcement soon. The Apache community has long asked for an event which is lower cost, possibly located at a University campus, without the frills of a major convention. This makes the event more accessible to student attendees, but also poses scheduling challenges.
- Sponsoring and Participating in Apache Events: If you are interested in sponsoring an upcoming Apache event, follow @ApacheCon on Twitter for announcements, calls for papers, and calls for sponsorship, over the coming months. We will be looking for sponsors and partners in each of the above categories.
If you have any questions or comments about our event strategy, please contact Rich Bowen, VP Conferences, at firstname.lastname@example.org
> Community Development: During this quarter our main focus was to promote an Apache presence at existing conferences with a booth or presentation content. In early September we were invited to present a 3 day track and a keynote at the Solutions Hamburg conference. This is an established conference that has approximately 5000 attendees. It was a good opportunity to reach a new audience and inform them about Apache and its projects. Our 3 day Apache track was presented in a combination of English and German and consisted of a Developer-Centric day, a DevOps-Centric day and a Foundation-Centric day. The most popular talks were related to Micro-Services and Open Source Licensing.
The Open Source Summit in Prague during October featured several Apache related presentations including a keynote and a mix of other technical and community related content. We also had the opportunity to present the results of our Apache Committers Diversity Survey as part of the Diversity Empowerment Summit. During the conference we were also able to record some attendee interviews for our podcast channel FeatherCast. Community Development ran the Apache booth at MesosCon EU which was co-located as part of the Open Source Summit. Feedback from attendees was very positive and showed a keen interest in learning more about other Apache projects as well as the Foundation itself.
Another task this quarter has been the preparation of marketing materials that can be used at events to help promote the role and mission of the ASF. An information brochure has been developed and translated into several languages. The brochure is currently available in English, Catalan, French, Italian, German, Spanish, Russian and Japanese. Also marketing related was the discussion about the introduction of Apache Community Business Cards. The idea is to have an Apache style business card that could be given out to people. This would be very useful for people who are at an event representing their Apache role or project or for volunteers at the ASF booth that want to give their out their contact information to someone they have been speaking to. Feedback to this has been extremely positive and we have will be promoting the use of community business cards to committers and projects.
Our mailing list traffic has increased this quarter as a result of several interesting discussions and the re-vitalisation of our task and issue tracker.
> Committers and Contributions: Over the past quarter, 1,647 contributors committed 47,831 changes that amount to 16,483,455 lines of code across Apache projects. The top 5 contributors during this timeframe are: Daniel Gruno (661 commits), Oliver Lietz (572 commits), Jian He (558 commits), Claus Ibsen (540 commits), and Varun Saxena (491 commits).
All individuals who are granted write access to the Apache repositories must submit an Individual Contributor License Agreement (ICLA). Corporations that have assigned employees to work on Apache projects as part of an employment agreement may sign a Corporate CLA (CCLA) for contributing intellectual property via the corporation. Individuals or corporations donating a body of existing software or documentation to one of the Apache projects need to execute a formal Software Grant Agreement (SGA) with the ASF.
During Q2 FY2018, the ASF Secretary processed 203 ICLAs, 13 CCLAs, and 4 Software Grants. Apache committer activity can be seen at http://status.apache.org/#commits
> Marketing and Publicity: Over the ASF's 18 year history, marketing and publicity activities have focused on raising awareness of the Foundation's collective successes that include highlighting milestones with Apache projects, communities, and events.
This quarter presented unprecedented levels of crisis communications activity in response to the Equifax data breach. Our all-volunteer technical and executive teams must be lauded for their extraordinary efforts in helping us respond to the media surge by identifying spokespeople in a very short timeframe, and preparing official statements across time zones and geographic locations, with special thanks to those who worked throughout their holiday vacations. We would like to recognize those who helped escalate and troubleshoot the issue internally, notably René Gielen, Łucasz Lenart, Mark Cox, and Mark Thomas, who contributed to countless editorial and interview preparation cycles, and Chris Mattmann, who participated in broadcast media interviews with primary television networks. We also worked with ASF legal counsel to draft our official response to the US House Committee's panel hearing.
We issued 9 press releases during this timeframe, as well as one Foundation statement. They include:
- MEDIA ALERT: The Apache Software Foundation Confirms Equifax Data Breach Due to Failure to Install Patches Provided for Apache® Struts™ Exploit https://s.apache.org/7bip
- Response From The Apache® Software Foundation To Questions From US House Committee On Energy And Commerce Regarding Equifax Data Breach https://s.apache.org/rjmv
- Foundation Statement: Apache Is Open. https://s.apache.org/PIRA
In total this quarter, we handled 92 media queries and appeared in 32,777 news articles.
> Brand Management: The fall quarter in the Northern Hemisphere brings a regular uptick in requests and questions, which continues to require effort to provide timely and complete answers to questioners, especially outside parties. We've also seen a large uptick in requests to create non-computer merchandise (shirts, giveaways, etc.) using Apache brands. Most of these requests are a good way to help promote awareness of Apache projects and their contributors, and are well in line with our policy: https://www.apache.org/foundation/marks/merchandise
While a few Apache project PMCs continue to actively monitor uses of their brand and raise issues appropriately, the rapid growth in popular projects, both in the Big Data space and elsewhere, continues to be an issue with our capacity to provide knowledgeable and timely responses to questions. We will be investigating new ways to invest in our ability to provide the branding and trademark services that our many Apache projects deserve.
All of the ASF's education and policies around trademark law for Open Source as well as brand management are published online, and we urge project participants and software vendors alike to review and ask us questions about them - please review our complete site map: http://www.apache.org/foundation/marks/resources
On the registration front, we continue to work with counsel to process renewals and registrations for projects. While most are straightforward, some are complex, and require a significant amount of both our limited volunteer officer time as well as our counsel's time.
As Apache projects power more of the Internet every day, we look to the companies that profit from Apache software products to fully respect Apache brands. We very much appreciate the companies that pass on their **completed** trademark registrations along with the codebases they donate to the Apache Incubator. Having existing registrations makes managing trademarks much simpler for the ASF.
While many companies continue to give credit to our volunteer communities, sadly some companies continue to take advantage of our non-profit work by unfairly co-opting Apache project brands or by interfering with Apache project governance.
Reviewing and correcting these mis-uses is an ongoing effort for the ASF Board, the Brand Management Committee, and all Apache projects.
Please contact the Apache Brand Management team http://www.apache.org/foundation/marks/contact with your questions or suggestions!
> Legal Affairs: The Apache Software Foundation (ASF) Legal Affairs team works diligently with our pro-bono legal counsel and answers legal questions, and addresses policy issues regarding license compatibility for The Apache Software Foundation.
In the last quarter, the Legal Affairs team worked with several ASF communities concerned about the use of Facebook's React.js web framework and its inclusion in Apache projects. After a detailed analysis and decision, the committee forbade the use of React within Apache projects under the Facebook BSD+Patents license. This also applied to other software licensed under BSD+Patents. After the September Apache Board meeting, Facebook decided to relicense the React.js software from BSD+Patents to the MIT license. This re-enabled the use of React.js within Apache projects.
The traditional legal questions surrounding license guidance on software included in Apache products continue to come in and to be answered in a timely fashion. In the last quarter, the committee has also helped requestors:
- Clarify how software grants should be accepted from external companies donating software to the ASF.
- Identify whether importing code version control system (VCS) history from external entities that may include category-X software should be handled.
- Understand the implications of downstream service providers that redistribute Apache Software under different licenses.
- Decide on the inclusion of public test files in repositories and whether it should be considered "fair use".
- Use externally licensed design software to construct an Apache project's website.
The committee is a Board committee and reports directly Apache Board of Directors. We are eager to meet and serve the needs of our projects, in collaboration with our pro-bono counsel.
> Infrastructure: Infrastructure has been busy with its continued program of decommissioning our hardware, and moving services onto Cloud-provided hardware and VMs. Over time, this has provided marked increases in our reliability and service to the Foundation's projects.
During this past quarter, we upgraded the Jenkins build master and added many more build nodes. The service is used by very many projects, with a great variety of needs. It is a challenge to keep pace, but the team has done well in this regard.
As in previous quarters, we have been moving more projects over to the GitHub-based set of tools. This program has been successful, and the Foundation's communities have been taking advantage of the offer.
Much of our work over the quarter has been behind-the-scenes -- managing our remaining hardware, dealing with service issues, updating our mail archive systems, and other tasks. However, in August, we did roll out a new user-facing tool for projects to directly perform many service requests which used to require a Jira ticket.
> Financial Statement:
> Fundraising: The ASF Fundraising team would like to welcome Assembla, Blog Starter, Mobile Slots and Wise Buyer to the Apache Family.
Over this past quarter we have been creating our Directed Sponsorship program working with sponsors to meet and recognize the specific needs of the foundation and our projects. We'll officially launch this in Q4 2017.
We'll also be increasing our sponsorship rates starting in January for the first time in our 18 year history!
As ever, thank you to our Sponsors http://apache.org/foundation/thanks . Your donations are tax-deductible to the extent permitted by law.
# # #
Report prepared by Sally Khudairi, Vice President Marketing & Publicity, with contributions by Sam Ruby, ASF President; Rich Bowen, Vice President Conferences; Sharan Foga, Vice President Community Development; Chris Mattmann, Vice President Legal Affairs; Shane Curcuru, Vice President Brand Management; Greg Stein, ASF Infrastructure Administrator; Tom Pappas, ASF Member and Vice President, Finance & Accounting at Virtual, Inc.; and Kevin McGrail, Vice President Fundraising.
For more information, subscribe to the email@example.com mailing list and visit http://www.apache.org/, the ASF Blog at http://blogs.apache.org/, the @TheASF on Twitter, and https://www.linkedin.com/company/the-apache-software-foundation.
(c) The Apache Software Foundation 2017.
Posted at 12:02AM Dec 01, 2017 by Sally in General | |