The Apache Software Foundation Blog

Sunday March 08, 2020

The Apache Software Foundation Statement on the COVID-19 Coronavirus Outbreak

As a global organization with contributors on every continent, safeguarding our community is our highest concern, especially during the public health emergency presented with the COVID-19 coronavirus outbreak.


The World Health Organization and US Centers for Disease Control continue to release updates: we are actively monitoring the situation as part of our commitment to helping protect individuals from contracting or spreading the virus. 


Effective immediately, The Apache Software Foundation (ASF) strongly recommends suspending all travel associated with official ASF business and events through May 2020, after which we will reassess the restriction period. This applies to official Apache Conferences*, including Apache Roadshows in Washington DC (25 March) and Chicago (18-19 May), as well as beneficiaries of the ASF Travel Assistance Committee.


Of course, exceptions need to be considered. We implore those who must travel to review the WHO's Travel Advice https://www.who.int/emergencies/diseases/novel-coronavirus-2019/travel-advice and the Centers for Disease Control and Prevention's comprehensive Information for Travel reports at https://www.cdc.gov/coronavirus/2019-ncov/travelers/index.html 


With email being the ASF's primary method of communication for more than two decades, we do not anticipate significant disruption to ASF operations or to Apache Projects and their communities. Where possible, those organizing in-person assemblies may wish to consider holding virtual events or postponing, as opposed to cancelling.


Many members of our community work remotely. Whilst working from home may not be possible for some, we urge everyone to practice caution and be proactive with frequent hand-washing, using hand sanitizer, covering coughs and sneezes, and handling food safely. We urge those who are at risk or feeling unwell to stay home and take care of themselves. As symptoms can take more than three weeks to appear in those affected, we commend those who encourage their friends, family, and coworkers to take proper precautions.


We will continue to monitor this rapidly changing situation, and endeavor to provide updates as early as possible.


*Please follow the Notice on Apache 2020 Conferences at https://s.apache.org/zgm8m for the latest updates on Apache events.


# # #

Friday March 06, 2020

The Apache News Round-up: week ending 6 March 2020

Welcome, March! We've had a great week within the Apache community. Here's what happened:

Success at Apache – the monthly blog series that focuses on the people and processes behind why the ASF "just works".
 - "Google Summer of Code Mentorship --inside the GSoC 2019 Mentor Summit" by Sanyam Goel and Kevin A. McGrail https://s.apache.org/ejj5q   

Apache Month In Review – a summary what the Apache community has been up to in February 2020 https://s.apache.org/Feb2020

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - The Apache Software Foundation Operations Summary: Q3 FY2020 (November 2019 - January 2020) https://s.apache.org/r6s5u
 - Next Board Meeting: 18 March 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - Notice on Apache 2020 Conferences https://s.apache.org/zgm8m

Apache Community Development  – the committee that welcomes new participants to the Apache community and mentors them in "The Apache Way".

 - Beijing, China, joins Indore, India, as the latest Apache Local Community (ALC) Chapter https://s.apache.org/t4m3x
 - About the Apache Local Community program https://s.apache.org/alc

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.87%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 824 Apache contributors changed 2,401,358 lines of code over 3,496 commits. Top 5 contributors, in order, are: Andrea Cosentino, Mark Thomas, Claus Ibsen, Paul J. Davis, and Tomaz Muraus.   

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache CouchDB 3.0.0 released https://couchdb.apache.org/
 - Apache HBase 1.4.13 released https://hbase.apache.org/

Cloud Computing --
 - The Apache Software Foundation Announces Apache® BrooklynTM v1.0 https://s.apache.org/ladi7

Databases --
 - Apache Derby 10.15.2.0 released https://db.apache.org/

IoT --
 - Apache PLC4X 0.6.0 released https://plc4x.apache.org/  

Libraries --
 - Apache Log4j 2.13.1 released https://logging.apache.org/

Messaging --
 - Apache Qpid JMS 0.49.0 released https://qpid.apache.org/
 - Apache Curator 4.3.0 released https://curator.apache.org/

Programming Languages --
 - Apache Groovy 2.4.19 released https://groovy.apache.org/

Servers --
 - Apache Traffic Server 8.0.6 and 7.1.9 released https://trafficserver.apache.org/


Did You Know?

 - Did you know that Netflix uses Apache Druid to manage its 1.5 trillion-row data warehouse requirements that include what users see when tapping the Netflix icon or logging in from a browser across platforms? http://druid.apache.org/

 - Did you know that the Apache Airflow community will be at Airflow Summit, 3-5 June in Mountain View? http://airflow.apache.org/

 - Did you know that WIRIS Math and Science uses ApacheMXNet to power MathType for Handwritten Math Recognition? https://mxnet.apache.org/


Apache Community Notices:

 - Apache Month In Review: February 2020 – overview of events that have taken place within the Apache community https://s.apache.org/Feb2020

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - Pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Thursday March 05, 2020

Notice on Apache 2020 Conferences

In light of the World Health Organization raising the threat level about the COVID-19 coronavirus outbreak, we have decided, after much consideration, to cancel the following events:

Note that the Apache Roadshow/Seattle, scheduled for 10-12 June 2020, has been postponed.

The safety of our event attendees, speakers, sponsors, and staff is of the utmost importance. We are committed to minimizing our global community’s potential health risk, exposure to border health inspections, and increased travel restrictions.

Event organizers will be in contact with delegates regarding further updates.

= = =

UPDATES --9 March: added Chicago Roadshow to cancellation list; added postponement notice for Seattle Roadshow.

For the latest developments, follow @ApacheCon on Twitter and ASF Events on LinkedIn.

Wednesday March 04, 2020

The Apache Software Foundation Operations Summary: November 2019 - January 2020

FOUNDATION OPERATIONS SUMMARY

Third Quarter, Fiscal Year 2020 (November 2019 - January 2020)

"The Foundation's unique approach has created many industry standards and will likely continue to do so for many more years. Apache projects are famous not just for great technology, but for their longevity and vendor-independence."
Doug Cutting, ASF Member and Chief Architect at Cloudera (ASF Platinum Sponsor)


> Conferences and 
Events http://apachecon.com/

During this period we held two major Apache events. Q3 was fairly quiet for Conferences. We did not hold any events during this period, but were busy with early planning happening for several upcoming events.

ApacheCon North America 2020 will be held in New Orleans in September https://www.apachecon.com/acna2020/

We will be holding several Apache Roadshows in the coming months:

Sponsorship opportunities and speaking opportunities are available for all of these events.

> Community Development http://community.apache.org/

One of the key themes this quarter was the discussion of how to encourage ASF participation locally by establishing Apache Local Communities (ALC). The ALC comprises local groups of Apache enthusiasts, called an 'ALC Chapter' that will be responsible for organising local Apache related events. To create the necessary oversight for these groups we have agreed a set of governance processes including how they are formed, roles and responsibilities, how events are to be organised and how to dissolve a group if it is no longer active.

We have received the requests to establish the ALC Chapters in Beijing, Warsaw and Budapest and these are currently under consideration. Our existing active ALC Chapter in Indore ran an event on Open Source and ASF Awareness for school students.

We have applied on behalf of the ASF to be a GSoC mentoring organisation for 2020 and are waiting for the response. In preparation we have setup a wiki page to collect GsoC ideas from our Apache project communities.

During January we prepared for participation in FOSDEM as we were once again allocated a booth at the event. Volunteers from many of our projects signed up to spend time on the booth or to make themselves available to talk to attendees. As usual Community Development co-ordinated the booth and managed the giveaways for the event.

As well as ApacheCon and the Apache Roadshows planned for 2020, we are continuing to actively support any third party events that we can.

Despite the holiday season our mailing list traffic has increased slightly this quarter.

> Committers and Contributions http://apache.org/licenses/contributor-agreements.html

Over the past quarter, 1,581 contributors committed 42,338 changes that amount to 14,073,594 lines of code across Apache projects. The top 5 contributors, in order, were: Tilman Hausherr (1,010 commits), Andrea Cosentino (788 commits), Mark Robert Miller (771 commits), Mark Thomas (681 commits), and Jean-Baptiste Onofré (616 commits).

All individuals who are granted write access to the Apache repositories must submit an Individual Contributor License Agreement (ICLA). Corporations that have assigned employees to work on Apache projects as part of an employment agreement may sign a Corporate CLA (CCLA) for contributing intellectual property via the corporation. Individuals or corporations donating a body of existing software or documentation to one of the Apache projects need to execute a formal Software Grant Agreement (SGA) with the ASF.

During Q3 FY2020, the ASF Secretary processed 187 ICLAs, 6 CCLAs, and 6 Software Grants. History of Apache committer growth can be seen at https://projects.apache.org/timelines.html

> Brand Management http://apache.org/foundation/marks/

Operations —the work of the Brand Management team falls broadly into one of four categories:

- providing advice to projects

- granting permission to use our marks

- trademark transfers and registrations

- addressing potential infringements of our marks

The volume of work this quarter has again increased significantly compared to the previous quarter. This has mostly been driven by starting work on a number of draft policies where we are looking to clarify policy around a number of uses of Apache marks.

The topics covered in the advice provided to projects this quarter included setting up an external package registry, podling naming, community managed sites, registration of marks, 'official' social media accounts, assignment of marks, name changes, event sponsorship and linking to external support services.

This quarter has seen requests to use Apache marks for marketing material, events, books, scientifc papers, Websites, t-shirts with nearly all requests being granted, subject to our Trademark Usage Policy. The few requests that are not granted often relate to using a derivtaive of our logos --something we do not permit.

This quarter a number of the event approval discussions resulted in changes to the proposed evenmst dates to avoid clashes with other planned ASF events.

Registrations —the registration of APACHE in the US completed this quarter.

A number of registrations came up for renewal this quarter. We review each renewal as it comes up and, as a result, opted not to renew some of those registrations. The remaining renewals are in now progress.

We also started a small number of new registrations this quarter.

Infringements potential infringements are brought to our attention from both internal and external sources. The majority of infringements we see are accidental and our project communities are able to resolve these quickly and informally with occasional input from the Brand Management team. A small number of issues take longer to resolve. We made progress on some of these this quarter and hope that that progress will continue next quarter.

We continue to work to resolve the significant infringement mentioned in the last quarterly report. Along side that projects have resolved a number of minor issues during this quarter.

And finally…

The Brand Management team welcomes your comments and suggestions as well as any questions you might have. Please see https://www.apache.org/foundation/marks/contact for our contact details.

> Security http://apache.org/security/

We continued to work on handling incoming security issues, keeping projects reminded of their outstanding issues, allocation of CVE names, and other general oversight and advice.

For Q3 we tracked 94 new vulnerability reports across 46 projects. (Q3 last year for comparison was 88 reports). Those reports led to 37 published CVE vulnerabilities.

We published metrics for the whole of 2019 including discussion of high severity issues in a report https://s.apache.org/security2019 


> Privacy http://apache.org/foundation/policies/privacy.html

The board has rekindled the privacy effort. Currently we're working on three parallel tracks; developing a general policy from which we can derive day to day implementations and operating procedures, capturing/collecting the areas where we know we've historically dropped balls while also dealing with the day to day operational aspects (such as requests). The complexity is that we have on the one hand the purpose of the Apache Software Foundation; allowing a community to develop code for the common good. With all that that entails (such as having healthy, transparent and trust in the community). And on the other hands we have the rights and worries of both those in our community and our end users; whose privacy we would like to protect as well as we can. And the two can collide; e.g. for a software grant or things having to do with finance; we need to keep a fair amount of personally identifiable information on file. But at the same time - we want to protect the privacy of our community. Yet for the health of our community - a certain level of transparency is needed; as do some governance processes (e.g. those where developers approve a release as an official release of the foundation). For next two quarters the focus will likely shift to developing SoP's for day to day implementation (and automation) & hunting down where we have 'needless' data.


> Infrastructure http://apache.org/dev/infrastructure.html

This quarter has been relatively quiet for the Infrastructure team, given the holidays and New Year.

Our biggest highlight was hiring Andrew Wetmore as a Technical Writer and Editor, to bring his experience to our set of web pages, wiki content, and assorted documentation. For twenty years, the Foundation has organically written a large number of words. Andrew will corral this set of content into a coherent whole, with two goals in mind: to assist our development community with information about Infrastructure and its services, and to provide better guidance to users and new community members.

Continuing with a reflection of our history, we have decades of email archives. These have been provided on mail-archives.apache.org to the public. This quarter, we finally announced the decommission of our old archive system, in favor of the lists.apache.org service. The archive will be turned off some time during the next quarter, with redirects left in place to handle the myriad of links established over time.

For many years, the Foundation has been investing in CI/CD (Continuous Integration / Continuous Development). Primarily through our Jenkins installation, but also through integrations with third-party services. We have begun testing new Jenkins-based tooling to improve our management of clusters of nodes for assignment/use by our projects.

Our hope is this will help us continue to scale with the increasing demands of the Apache communities.

Fundraising is pleased to report another successful quarter of smooth operations. Renewals and business-as-usual work has been executed as planned. We've had a "typical" flow of new Sponsors and returning Sponsors with a few exciting Sponsor "upgrades" this quarter. This quarter we also completed our first targeted cash donation to an Apache project (Cordova).

We're pleased to also report further participation and "cross department" collaboration within The ASF. Fundraising support for Events has remained a focus this quarter as we ramp up for the several 2020 events. Additional focus is being placed on documentation, process, repeatability, and ensuring our Event Sponsors have a smooth experience all around. TAC and Fundraising are also collaborating more to encourage Event participation via Targeted Sponsorships -- more to come!

Process-wise, we continue improving the internals of the Fundraising mechanics to ensure smooth operation as well as improved documentation. We've recently adopted an improved procedure for meeting minutes and action items to further ensure nothing falls through the cracks.

Our planned outreach activities are all on track for Sponsors and we remain responsive to changes in organizational structures as our contacts enter and depart roles. We enjoyed meeting several of our Sponsors at COSCon in Shanghai in early November. Finally, we also updated our link policy for the "thanks page" to comply with popular webmaster recommendations by adding rel="sponsored" tags to new links and upon Sponsor renewals.

We are delighted to share the results of a very successful individual giving campaign that ran from late November through the end of calendar year 2019. The proceeds of the campaign were $14,240 in total which represents a 222% increase from previous years! The donations were comprised of 112 individual donations and 3 corporate gifts. We truly felt the love as some donations included heartfelt notes of thanks and encouragement for our mission.

Thank you to all our Sponsors --

  • PLATINUM: Amazon Web Services, Cloudera, Comcast, Facebook, Google, LeaseWeb, Microsoft, Pineapple Fund, Verizon Media, Tencent
  • GOLD: Anonymous, ARM, Bloomberg, Handshake, Huawei, IBM, Indeed, Union Investment, Workday
  • SILVER: Aetna, Alibaba Cloud Computing, Baidu, Budget Direct, Capital One, Cerner, Inspur, ODPi, Private Internet Access, Red Hat, Target
  • BRONZE: Airport Rentals, The Blog Starter, Bookmakers, Cash Store, Bestecasinobonussen.nl, CarGurus, Casino2k, Cloudsoft, The Economic Secretariat, Emerio, Footprints Recruiting, Gundry MD, HostChecka.com, Host Advice, HostingAdvice.com, Journal Review, LeoVegas Indian Online Casino, Mutuo Kredit AG, Online Holland Casino, ProPrivacy, PureVPN, RX-M, SCAMS.info, Site Builder Report, Start a Blog by Ryan Robinson, Talend, The Best VPN, Top10VPN, Twitter, Web Hosting Secret Revealed, Xplenty
  • TARGETED PLATINUM: CloudBees, DLA Piper, JetBrains, Microsoft, OSU Open Source Labs, Sonatype, Verizon Media
  • TARGETED GOLD: Atlassian, The CrytpoFund, Datadog, PhoenixNAP, Quenda
  • TARGETED SILVER: Amazon Web Services, HotWax Systems, Rackspace
  • TARGETED BRONZE: Bintray, Education Networks of America, Google, Hopsie, No-IP, PagerDuty, Peregrine Computer Consultants Corporation, Sonic.net, SURFnet, Virtru

To sponsor The Apache Software Foundation, visit http://apache.org/foundation/sponsorship.html . To make a one-time or monthly recurring donation, please visit https://donate.apache.org/

= = =

Report prepared by Sally Khudairi, Vice President Marketing & Publicity, with contributions by Rich Bowen, Vice President Conferences; Mark Cox, Vice President Security; Sharan Foga, Vice President Community Development; Myrle Krantz, Treasurer; David Nalley, Vice President Infrastructure; Tom Pappas, Vice President Finance; Daniel Ruggeri, Vice President Fundraising; Greg Stein, ASF Infrastructure Administrator; Mark Thomas, Vice President Brand Management; and Dirk-Willem van Gulik, Vice President Data Privacy.

For more information, subscribe to the announce@apache.org mailing list and visit http://www.apache.org/, the ASF Blog at http://blogs.apache.org/, the @TheASF on Twitter, and https://www.linkedin.com/company/the-apache-software-foundation.

(c) The Apache Software Foundation 2020.

# # #

Success at Apache: Google Summer of Code Mentorship --inside the GSoC 2019 Mentor Summit

by Sanyam Goel & Kevin A. McGrail

Sanyam first came to the ASF as a Google Summer of Code (GSoC) student in 2017; since then he has become a committer and contributor to Apache Fineract and active participant with Apache community initiatives. Sanyam, along with Kevin (a.k.a. “KAM”), a long-time  ASF Member involved with the Apache Incubator and SpamAssassin projects, were selected to represent the Apache Software Foundation at GSoC’s 2019 Mentor Summit.

Google Summer of Code is a global program focused on introducing students to open source software development. Students work on a 3 month programming project with an open source organization during their break from university.


Since its inception in 2005, the program has brought together 15,000+ student participants and 25,000+ mentors from over 118 countries worldwide. Google Summer of Code has produced 36,000,000+ lines of code for 686 open source organizations.


As a part of Google Summer of Code, student participants are paired with a mentor from the participating organizations, gaining exposure to real-world software development and techniques. Students have the opportunity to spend the break between their school semesters earning a stipend while working in areas related to their interests.


About the ASF and GSOoC: “The Apache Software Foundation has been a GSoC mentoring organization every year since the program’s inception. As a mentoring organization, the ASF is able to draw attention and new talent to many of its projects; Apache projects benefit from contributions and galvanize new community members by mentoring students; and students have an invaluable opportunity to gain experience by working directly with the individuals behind Apache projects. This, in turn, enriches the Apache community as a whole, and furthers the ASF’s mission of providing software for the public good.”


At the ASF, GSoC is overseen by Apache Community Development (“ComDev”), the committee that welcomes new participants to the Apache community and mentors them in “The Apache Way”. Former ComDev VP and Google Summer of Code administrator Ulrich Stärk, along with Apache OpenMeetings VP and GSoC mentor, Maxim Solodovnik, helped lead the ASF’s participation in GSoC this year, with the support of numerous Apache community members.


The ASF provides an established framework for intellectual property and financial contributions that simultaneously limits contributors potential legal exposure. Through a collaborative and meritocratic development process known as “The Apache Way”, Apache projects deliver enterprise-grade, freely available software products that attract large communities of users. The pragmatic Apache License makes it easy for all users, commercial and individual, to deploy Apache products.


As we gear up for Google Summer of Code 2020, we wanted to take a moment and share some of the experiences from last year’s GSOC!


In Google Summer of Code 2019, 23 students were selected by a careful analysis and ranking.  17 students successfully completed their Google Summer of Code projects with the support of 45 mentors spread across dozens of Apache projects that include Allura, AsterixDB, Beam, Camel, Fineract, Gora, Kudu, Mnemonic, Nemo (Incubating), OODT, SpamAssassin, and more.


Quick Report on the GSoC 2019 Numbers for Apache.org:

Accepted projects: 23

1st evaluation: 22 passed, 1 failed

2nd evaluation: 17 passed, 5 failed

3rd evaluation: all passed


Total Apache Mentors: 45


Sanyam and KAM were lucky enough to be selected as the delegates of the Apache Software Foundation for the GSoC Mentor Summit & the 15th GSoC anniversary.


On 10th March 2019 we got our invitations from Google: “You have been invited to be a Mentor for The Apache Software Foundation in Google Summer of Code 2019”.


With this invitation, there comes a huge pool of responsibilities to mentor students.  For Sanyam, it was his first time to provide mentorship at such a great level and to drive the complete project with the college student.


Sanyam: “By providing the complete guidance throughout the GSoC Period at the same time, though I had provided mentorship to at the university level to juniors in college. I also learned to manage the project and how to play the role of project lead to fulfill the project with the timelines with the student.


I was really excited to meet Google Open Source team in person and Kevin A. Mc Grail (KAM) along with 332 mentors from 162 organizations and 42 countries to share their ideas about open source and to discuss their experience of GSoC 2019. I would like to thank Ulrich Stärk and Maxim Solodovnik for serving as an organization admin for the ASF community.”


-----------------------------------------------------------------------------------------------------------------------------


Day 1: Thursday | Munich, Germany - Marriott München


Day 1 of the summit is started by checkin into the Marriott Hotel, where we met the Google OPSO team just near the entrance and reception of the hotel.

Google OPSO team was very welcoming and welcomed every mentor by providing a Goodie bag along with a mouth watering sweet.


At the reception, we met Mario Behling from FOSSASIA community along with mentors from various organisations like Mifos Initiative, SCoRE Labs and DBpedia where we talked about the pocket science project. 

Then we all headed to lunch, where we met dove into the discussions about the OSS and how umbrella organisation manages the student applications to select the students for Google Summer of Code.


GSoC Mentor Summit started with the opening reception dinner along with opening notes from the Google OPSO team which lead to a small game named as person scavenger hunt which had a sole purpose to connect and meet the mentors from different organisations and to interact with them to discuss more about open source with some drinks and food.


-----------------------------------------------------------------------------------------------------------------------------

Day 2: Friday | Munich, Germany - Fun Day (City Scavenger hunt / Castle Tour)

On the celebration of the 15th anniversary of GSoC, Google allocated an extra day this year at the mentor summit for fun activities like Castle tour and City Scavenger hunt.


Sanyam participated in the Scavenger hunt where some group of mentors had to explore the city on their own to find the clues and the top 2 teams got the prize. Sanyam was lucky enough to be with the winners team. And some mentors like KAM went for a really nice castle tour thanks to our host, Google.


The day ended up with informal conversations among the mentors over dinner and games in the ballroom of the Marriott.


-----------------------------------------------------------------------------------------------------------------------------

Day 3: Saturday | Munich, Germany - Unconferences (Yay!!)

Day 3 was one of the most exciting days at the event. We had a lot of sessions organized by different organisations in the form of an unconference, which is “a loosely structured conference emphasizing the informal exchange of information and ideas between participants, rather than following a conventionally structured programme of events.”

Mentors organized the unconference sessions on Saturday and Sunday. The unconference slots were planned with two rounds of lightning talks but ended with three rounds of lightning talks :-). A lightning talk is a platform for organisations to present on the work of their GSoC 2019 and GCI 2018 for 3 minutes. KAM also presented a lightning talk for ASF and Apache SpamAssassin on Saturday morning.

After lunch, all the mentors and the Google OPSO team gathered in a lawn just outside the Marriott for a group photograph.

[“GSoC 2019 Mentors Photo”]


We were involved in various unconferences sessions like:

How to get more Women interested in FOSS

The Fundraising Session (Presented by Kevin A. McGrail)

Source code preservation

Google Season of Docs (GSoD)

Intro to licenses and why we need them


After attending all the talks, we also discussed how to retain students after the completion of the GSoC period.


After the last lightning talk we all managed to spend some more time together to enjoy dinner, playing foosball, making funny poses on the photo booth along with enjoying the famous chocolate room (Oh, did we forget to mention about the famous chocolate table? This year, Google managed to have a complete room of chocolates!) where mentors across the globe shared the local country chocolates with each other!


Day 4: Sunday | Munich, Germany - Final day  :( 

Unfortunately, it was the last day of the mentor summit. The day started with continuation of lightning talks where Sanyam and KAM almost managed to attend all the lightning talks and got to know more about the other GSoC organisations and their amazing projects from GSoC 2019.


We attended some more unconference sessions on the following topics

GCI Info & Feedback with Google

GSoC Feedback session

Breaking the barrier for the newcomers

Interviews at Silicon Valley


Then we all headed for the final lunch of the summit.  By this point, most of us knew each other and some are planning to extend the trip by visiting some other cities, or some are planning to return back to their home countries. We all gathered for the closing session and all mentors had made a great network of cool people in the open source community!


We have also met a lot of mentors who were previously GSoC students. We had a lot of discussions about the experiences of being a student as well as a mentor, what motivated them to become a mentor and how they're contributing to their community.


Left to Right: Joey Schlichting, Sanyam Goel & Kevin A. McGrail


Overall, it was one of the lifetime experiences for every representative. The trip was full of memories and we got to learn so much, we also made new and special friends throughout the summit.


The GSoC Mentor Summit-2019 was a wonderful experience and we would like to thank the Google, The Apache Software Foundation, and once again, the ASF GSoC Organisation Admins, Ulrich Stärk and Maxim Solodovnik and the event hosts from the Google Open Source Team.


GSoC 2020 is underway now and we are just gathering project ideas and mentors.  Students looking to get involved, please see http://community.apache.org/gsoc.html


Sanyam Goel started his journey with ASF by participating in GSoC 2017 as a student and continued contributing actively to OSS, currently serving as a committer of Apache Fineract. He also participated as a mentor in Google Code In and Outreachy programs for Mifos Initiative and DIAL community and always keen to spread the word about OSS to create an impact around the globe and focus on reducing the barriers for newcomers into OSS.

Kevin A. McGrail, better known as KAM, is a VP emeritus of the Apache SpamAssassin project where he has battled spammers for years.  In addition to helping the SpamAssassin project, he has served as in the office of treasurer and fundraising for the Apache Software Foundation.  He is also a member of the Apache Incubator project where he mentors new projects at the ASF including echarts, IoTDB & brpc. In his $dayjob, he works at InfraShield.com doing cybersecurity for critical infrastructure.

= = =

"Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works" https://blogs.apache.org/foundation/category/SuccessAtApache 

Tuesday March 03, 2020

The Apache Software Foundation Announces Apache® Brooklyn(TM) v1.0

Advanced Open Source framework for modelling, monitoring, and managing applications used by global systems integrators, Cloud software and service providers, and major enterprises across financial services, supply chain management, and more.

Wakefield, MA —3 March 2020— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, today announced Apache® BrooklynTM v1.0, the latest version of the Open Source framework for modelling, monitoring, and managing applications.

"I am excited to see the 1.0 release of Apache Brooklyn," said Geoff Macartney, Vice President of Apache Brooklyn. "This reflects the maturity and stability that Brooklyn has reached after nearly five years as a Top-Level Apache project."

Apache Brooklyn provides a single tool that includes a REST API and GUI for:

  • managing provisioning and application deployment;
  • monitoring an application’s health and metrics;
  • understanding the dependencies between components; and 
  • applying complex policies to manage the application.

Apache Brooklyn uses declarative YAML blueprints to describe an application and all its components. Blueprints can be treated as an integral part of the application, and as modular components that can be composed and reused in many ways. Brooklyn blueprints incorporate policies that actively manage a deployed application by reacting to sensor data such as application health or load, and take actions such as replacing nodes or growing a cluster. Brooklyn’s design is influenced by Autonomic computing and promise theory and implements the OASIS CAMP and TOSCA standards.

Apache Brooklyn 1.0 highlights include:

  • Support for public and private clouds, available out-of-the-box thanks to integrated Apache jclouds, as well as private infrastructure
  • A modern, user-friendly, web-based UI including the drag-and-drop Blueprint Composer
  • REST API and CLI tools, suitable for power users, automation and scripting
  • A stable blueprint language and API
  • “Batteries included” entities and policies covering clusters, auto-scaling, replacing unhealthy components, and more

"Apache Brooklyn has been in use for some time in production environments," said Richard Downer, Apache Brooklyn 1.0 release manager. "I’m delighted we can now announce our 1.0 release. Everyone should feel confident building on and deploying Apache Brooklyn 1.0 and know that the Brooklyn Project Management Committee has prioritised the long-term stability of Brooklyn."

Apache Brooklyn is in use by global systems integrators, providers of Cloud software and services, as well as mission-critical applications for major enterprises in financial services, supply chain management, and more.

"We are delighted to see Apache Brooklyn reach this milestone," said David Cairns, CTO for innovation at Fujitsu Digital Technology Services. "Apache Brooklyn powers Fujitsu AIOps solutions with policy-based autonomics to detect service deterioration or outage and can automatically re-locate Cloud applications and services from one cloud provider to another to elevate resilience and uptime." 

"Reaching v1.0 reflects the maturity of Apache Brooklyn and we appreciate the community’s effort," said Ross Gray, CEO at Cloudsoft. "Cloudsoft AMP is built on Apache Brooklyn and helps customers eliminate manual processes, cut effort by 75%, and reduce infrastructure spend by as much as 66%."

Apache Brooklyn blueprints for many well-known applications and tools, including ElasticSearch, clustered MySQL, and DNS management, as well as Apache projects such as Cassandra, CouchDB, Kafka, Solr, Storm, ZooKeeper and more, are all freely available under the Apache License v2. The Apache Brooklyn community warmly welcomes new code, testing, blueprints, documentation, presentations, and other contributions.

"Brooklyn is a powerful tool for unified modelling, deployment and lifetime management of applications," added Macartney. "This latest release is a great opportunity for a wider audience to try Brooklyn for themselves and find out how it can help them create and manage their applications, be it in the Cloud, on-premise, or in a hybrid environment. We look forward to growing our community as people discover all that Brooklyn can do."

Availability and Oversight
Apache Brooklyn software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Brooklyn, visit https://brooklyn.apache.org/ and https://twitter.com/ApacheBrooklyn

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation (ASF) is the world’s largest Open Source foundation, stewarding 200M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 765 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with 7,600 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 has become an industry standard within the Open Source world, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Anonymous, ARM, Baidu, Bloomberg, Budget Direct, Capital One, CarGurus, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Huawei, IBM, Indeed, Inspur, Leaseweb, Microsoft, ODPi, Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, Tencent, Union Investment, Workday, and Verizon Media. For more information, visit http://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "Brooklyn", "Apache Brooklyn", "Cassandra", "Apache Cassandra", "CouchDB", "Apache CouchDB", "jclouds", "Apache jclouds", "Kafka", "Apache Kafka", "Solr", “Apache Solr", "Storm", “Apache Storm", "ZooKeeper", and "Apache ZooKeeper" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Sunday March 01, 2020

Apache Month in Review: February 2020

Welcome to the second monthly overview of events from the Apache community, brought to you by the just-released Apache Roller, v.6.0 (Roller is our blogging software that we use every day). Here's a summary of what happened in February:

New this month --

 - Happy 25th Anniversary, Apache HTTP Server! http://httpd.apache.org/

 - Happy 20th Anniversary, Apache Subversion! https://s.apache.org/ApacheSVN20

 - "Success at Apache: Literally" by Chris Thistlethwaite https://s.apache.org/xjcrj

 - Apache Month in Review: January 2020 https://blogs.apache.org/foundation/date/20200205


Important Dates --

 - Next Board Meeting: 18 March 2020. http://apache.org/foundation/board/calendar.html

 - Apache Roadshow/DC 25 March --Registration Open; Sponsorships available-- topics include Apache Projects and CARE Initiatives, Cybersecurity, and Start‑Ups. Held in partnership with George Mason University https://www.apachecon.com/usroadshowdc20/

 - Apache Roadshow/Chicago 18-19 May --CFP Open; Sponsorships available-- https://www.apachecon.com/chiroadshow20

 - Apache Roadhshow/Seattle 10-12 June --Sponsorships available https://www.apachecon.com/searoadshow20

 - ApacheCon North America/New Orleans 28 September-2 October --CFP Open; Sponsorships available-- tracks include Big Data, Cloud, Community, Content Delivery, FinTech, Geospatial, Graphing, IoT, Observability, Search, Servers, and more. https://www.apachecon.com/


Infrastructure --

Our seven-member Infrastructure team on three continents oversees our highly-reliable, distributed network under the leadership of VP Infrastructure David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure supports 300+ Apache projects and their communities across ~200 individual machines, 1,400+ repositories, more than half a petabyte of software source releases, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly checks to ensure services are available around the clock. The average uptime in February was 99.91%.


Committer Activity --

In February, 773 Apache Committers changed 4,756,280 lines of code over 12,812 commits. The Committers with the top 5 highest contributions, in order, were: Andrea Cosentino, Paul J. Davis, Claus Ibsen, Duo Zhang, and Mark Thomas.


Project Releases and Updates --

New releases from Apache Arrow (Big Data); Avro (Big Data); Beam (Big Data); Commons (Libraries); DeltaSpike (Libraries); Flink (Big Data); Groovy (Programming Languages); Guacamole (Network-Client); HBase (Big Data); HttpComponents (Servers); Jackrabbit (Content); Kylin (Big Data); NiFi (Big Data); OFBiz (ERP); PDFBox (Content); POI (Content); Qpid (Messaging); Tomcat (Servers); Velocity (Libraries).

The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. Releases from incubating podlings include APISIX (Cloud-native microservices API gateway) and Milagro (Cryptography) ...also, welcome NLPCraft (Java API for NLU apps) as the latest podling undergoing development in the Apache Incubator http://incubator.apache.org/

# # #

To see our Weekly News Round-ups, visit https://blogs.apache.org/foundation/ and click on the calendar in the upper-right side (we publish every Friday). For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter.

Friday February 28, 2020

The Apache News Round-up: week ending 28 February 2020

Farewell, February --we're wrapping up the month with another great week. Here are the latest updates on the Apache community's activities:

Happy 20th Anniversary Apache Subversion! Huzzah to the community-led version control software and source code management tool https://s.apache.org/ApacheSVN20

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 18 March 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 1) Apache Roadshow/DC --25 March in CHANTILLY, VA. Registration open; Sponsorship opportunities available. Topics include Apache Projects & CARE Initiatives (with George Mason University Center for Assurance Research & Engineering); Cybersecurity; and Open Source Software in Start-Ups. https://www.apachecon.com/usroadshowdc20/
 2) Apache Roadshow/Chicago --18-19 May in CHICAGO, IL. CFP open. Sponsorship opportunities available. https://www.apachecon.com/chiroadshow20/
 3) Apache Roadshow/Seattle --10-12 June in REDMOND, WA. Sponsorship opportunities available. Topics include Data and Analytics, ML and AI, Java, Cloud, Containers, Servers, and Web Frameworks. https://www.apachecon.com/searoadshow20
 4) ApacheCon North America --28 September - 2 October in NEW ORLEANS, LA. CFP open; Registration open; Sponsorship opportunities available. Topics include Big Data Integration, Community, IoT, Search, Geospatial, Graphing, Integration, Servers, and more. Apache Project content includes Camel, Cassandra, Cloudstack, Fineract, Flagon, Gobblin, Groovy, HTTP Server, Ignite, Karaf, Observability, Solr/Lucene, Tomcat, and Traffic Server/Traffic Control, among others. https://www.apachecon.com/acna2020/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.96%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 908 Apache contributors changed 12,988,552 lines of code over 3,974 commits. Top 5 contributors, in order, are: Paul Davis, Nick Vatamaniuc, Carlos Rovira, Andrea Cosentino, and Nicola Ferraro. 

Apache Project Announcements – the latest updates by category.

API --
 - Apache APISIX 1.1 and Dashboard 1.0 (Incubating) released https://apisix.apache.org/

Big Data --
 - Apache NiFi 1.11.2 and 1.11.3 released https://nifi.apache.org/
 - Apache Kylin 2.6.5 and 3.0.1 released https://kylin.apache.org/

Content --
 - Apache PDFBox 2.0.19 released
https://pdfbox.apache.org/

Servers --
 - Apache HttpComponents Client 5.0 GA released https://hc.apache.org/
 - Apache Tomcat 10.0.0-M1 released https://tomcat.apache.org/


Did You Know?

 - Did you know that new podlings undergoing development in the Apache Incubator include NLPCraft (natural language processing resource scheduler), NuttX (real-time embedded operating system), and YuniKorn (standalone Big Data resource scheduler)?http://incubator.apache.org/projects/#current

 - Did you know that Target uses Apache Druid for their enterprise-scale dashboarding/analytics platform? http://druid.apache.org/

 - Did you know that Apache Open Office has a new English dictionaries extension release? http://openoffice.apache.org/


Apache Community Notices:

 - Apache Month In Review: January 2020 – overview of events that have taken place within the Apache community https://s.apache.org/1bbb1

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - Pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Thursday February 27, 2020

The Apache Software Foundation Announces 20th Anniversary of Apache® Subversion®

Community-led Version Control Software and Source Code Management Tool Available on Most Integration Servers, Integrated Development Environments, Issue Tracking Systems, and more. 

Wakefield, MA —27 February 2020— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the 20th Anniversary of Apache® Subversion®, the popular centralized software version control system.

Apache Subversion ("SVN") allows users to commit code, manage changes, and recover previous versions of all sorts of data across files and directories. Subversion is ideal for distributed teams who need to easily audit and act on modification logs and versioning history across projects. Subversion originated at CollabNet in 2000 as an effort to create an Open Source version-control system similar to the then-standard CVS (Concurrent Versions System) but with additional features and functionality. Subversion was submitted to the Apache Incubator In November 2009, and became an Apache Top-Level Project in February 2010.

"We are very proud of Subversion's long history, and remain committed to our mission statement," said Stefan Sperling, Vice President of Apache Subversion. "Subversion has moved well beyond its initial goal of creating a compelling replacement for CVS. In 2010 our mission statement was updated to ‘Enterprise-class centralized version control for the masses’.”

Over its 20-year history, Subversion has grown to become the most popular version control system on the market, and remains the leading centralized versioning and revision control software today. Millions of users worldwide depend on the collaboration-friendly system to easily access all files and historical data simultaneously without code conflicts or corruption. Subversion accommodates a wide variety of integrated development environments (IDEs), and is well-suited for large projects. 

Apache Subversion has been broadly adopted for mission-critical code distribution and collaboration workflow by Adobe Dreamweaver, Eclipse, Google, Halliburton, Microsoft Visual Studio, Python, Ruby, Skype, SourceForge, and WordPress, among many organizations and development communities. The ASF uses Apache Subversion in its own infrastructure, housing millions of lines of code in more than 1.8 Million commits across 300 Apache Top-Level Projects and sub-projects.

"One of the best decisions of my life was emailing up Karl (Fogel) to see if he was interested in moving the Open Source community beyond CVS," said Brian Behlendorf, co-founder of CollabNet and co-founder of The Apache Software Foundation. "Essential to Subversion's success was the core team of Karl, Ben (Collins-Sussman), and Mike (Pilato) working publicly, spending the difficult time on design docs and helping newbies up the learning curve, with the goal of building as a community what three people (even the best) alone could not do. 20 years later I'm not surprised to see it continuing to innovate, to add features, to fix bugs, and to push the envelope forward. Git still needs competition :) But it's also the best example, and essential example, for why community matters more than code. It's the Subversion community that made it successful, that made the code continuously better, that left no CVS user behind, and that did so with the technical precision and super-human decency all other projects should aspire to."

"Twenty years later, Subversion is no longer the upstart -- it is mature software, and still going strong," said Karl Fogel, original founding developer of Subversion, and Partner at Open Tech Strategies. "Subversion continues to be widely used, especially in enterprise settings, because of its reliability, the simplicity of its conceptual model, its ability to handle large files, and features like path-based access control and optional file-locking. In situations where Subversion's centralized model is the right tool for the job, it really shines: we use it for our entire internal corporate tree, for example, because the path-based authorization is crucial. To get some other viewpoints on where Subversion has come over 20 years, I took a walk through the main project's support forums and the forums of TortoiseSVN, the popular open source SVN client application for Windows. I was delighted by what I saw: a diversity of uses and users, fast and helpful responses, and a focus on practical needs. Starting two decades ago, Subversion helped bring version control beyond developers to a wider audience, and it continues to do that today."

"Today we've got a plethora of fast, reliable, and efficient version control systems, but twenty years ago we had exactly zero: CVS was the only widely used version control system and it still failed in unpredictable ways (including bitrot that was undetectable until you tried to check out old code)," said Brian Fitzpatrick, one of Subversion’s earlier developers. "Even though most people use Git today in the Open Source world, Subversion was the catalyst that allowed folks to move from CVS to Git and so many other modern day version control systems. While the core team wrote a great deal of Subversion's code, we also spent a great deal of time communicating outside of our office in Chicago in an effort to build a larger Subversion community--an effort that eventually paid off more than tenfold."

"When we gathered in my basement in early 2000, thinking about what paths Subversion should follow, none of us imagined what would be accomplished over the next twenty years," said Greg Stein, an early developer of Subversion, and former Vice President of Apache Subversion. "We focused on improving the experience of CVS users and administrators. We overshot our own expectations within just a few years, creating a system that millions have found worthy. From our humble beginnings, I couldn't be more proud of what the community has accomplished."

"Technology is at its best when it brings people together," said Matt Mullenweg, Founder and Lead Developer at the WordPress Foundation. "SVN has brought countless people together over the years and I wish it much continued success."

"Reliable and powerful version management is essential for our product development. Today, more than 100 of our employees regularly use Apache Subversion with several million lines of source code in our Subversion repository," said Roland Wagner, Head of Product Marketing at CODESYS Group. "Our success with Subversion convinced us to become the first company to develop a connected product for the area of industrial automation with the launch of CODESYS SVN. Many of the over 100,000 CODESYS users worldwide work with CODESYS SVN whichsignificantly simplifies the development of their industrial IEC 61131-3 application software, when realizing automation projects for factories and plants, mobile machines, buildings and energy systems. We thank and congratulate the Subversion community on its 20th anniversary!"

"After 20 years, Apache Subversion continues to deliver on our goal with a stable and portable version control system that powers software projects of all sizes being developed on any of the popular operating system platforms," added Sperling. "Apache Subversion repositories store valuable mission-critical assets of companies and organizations across the globe. Subversion remains an essential source code management tool for developers at every level --we welcome their participation on our lists and community."

Availability and Oversight
Apache Subversion software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Subversion, visit http://subversion.apache.org/

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation is the world’s largest Open Source foundation, stewarding 200M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 765 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with 7,200 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 has become an industry standard within the Open Source world, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Anonymous, ARM, Baidu, Bloomberg, Budget Direct, Capital One, CarGurus, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Huawei, IBM, Indeed, Inspur, Leaseweb, Microsoft, ODPi, Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, Tencent, Union Investment, Workday, and Verizon Media. For more information, visit http://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "Subversion", "Apache Subversion", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Friday February 21, 2020

The Apache News Round-up: week ending 21 February 2020

It's Friday already! We're wrapping up another great week with the following activities:

Happy 25th Anniversary Apache HTTP Server! Raise a glass to the project and community that started it all. Hats off for its longevity as the world's most popular Web server for a quarter century. Many happy returns http://httpd.apache.org/

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 18 March 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 1) Apache Roadshow/DC --25 March in CHANTILLY, VA. Registration open; Sponsorship opportunities available. Topics include Apache Projects & CARE Initiatives (with George Mason University Center for Assurance Research & Engineering); Cybersecurity; and Open Source Software in Start-Ups. https://www.apachecon.com/usroadshowdc20/
 2) Apache Roadshow/Chicago --18-19 May in CHICAGO, IL. CFP open. Sponsorship opportunities available. https://www.apachecon.com/chiroadshow20/
 3) Apache Roadshow/Seattle --10-12 June in REDMOND, WA. Sponsorship opportunities available. Topics include Data and Analytics, ML and AI, Java, Cloud, Containers, Servers, and Web Frameworks. https://www.apachecon.com/searoadshow20
 4) ApacheCon North America --28 September - 2 October in NEW ORLEANS, LA. CFP open; Registration open; Sponsorship opportunities available. Topics include Big Data Integration, Community, IoT, Search, Geospatial, Graphing, Integration, Servers, and more. Apache Project content includes Camel, Cassandra, Cloudstack, Fineract, Flagon, Gobblin, Groovy, HTTP Server, Ignite, Karaf, Observability, Solr/Lucene, Tomcat, and Traffic Server/Traffic Control, among others. https://www.apachecon.com/acna2020/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.93%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 810 Apache contributors changed 4,791,832 lines of code over 3,495 commits. Top 5 contributors, in order, are: Andrea Cosentino, Claus Ibsen, Andi Huber, Bharath Vissapragadam, and Carlos Rovira.  

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Avro 1.9.2 released https://avro.apache.org/
 - Apache HBase 2.1.9 released https://hbase.apache.org/

Content --
 - Apache Jackrabbit 2.21.0 and Oak 1.4.26 released https://jackrabbit.apache.org/
 - Apache POI 4.1.2 released https://poi.apache.org/

Messaging --
 - Apache Qpid Broker-J 7.1.8 released https://qpid.apache.org/

Programming Languages --
 - Apache Groovy 3.0.1 released https://groovy.apache.org/

Servers --
 - Apache Tomcat 7.0.100 released https://tomcat.apache.org/
 - Apache HttpComponents Core 5.0 GA released https://hc.apache.org/


Did You Know?

 - Did you know that newcomers to Apache are encouraged to get started and learn about The Apache Way with the friendly folks at ASF's Community Development (ComDev) project? http://community.apache.org/

 - Did you know that Boston Children's Hospital uses Apache cTAKES to link phenotypic and genomic data for the Precision Link Biobank? http://ctakes.apache.org/

 - Did you know that Netflix uses Apache Druid to optimize streaming in real time? http://druid.apache.org/

Apache Community Notices:

 - Apache Month In Review: January 2020 – overview of events that have taken place within the Apache community https://s.apache.org/1bbb1

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - Pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday February 14, 2020

The Apache News Round-up: week ending 14 February 2020

Happy Friday (and Valentine's Day for those who celebrate) --let's review what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 February 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 1) Registration open; Sponsorship opportunities available: Apache Roadshow/DC --25 March in CHANTILLY, VA. Topics include Apache Projects & CARE Initiatives (with  George Mason University Center for Assurance Research & Engineering); Cybersecurity; and Open Source Software in Start-Ups. https://www.apachecon.com/usroadshowdc20/
 2) CFP open. Sponsorship opportunities available: Apache Roadshow/Chicago --18-19 May in CHICAGO, IL. https://www.apachecon.com/chiroadshow20/
 3) Sponsorship opportunities available. Apache Roadshow/Seattle --10-12 June in REDMOND, WA. Topics include Data and Analytics, ML and AI, Java, Cloud, Containers, Servers, and Web Frameworks. https://www.apachecon.com/searoadshow20
 4) CFP open; Registration open; Sponsorship opportunities available: ApacheCon North America --28 September - 2 October in NEW ORLEANS, LA. Topics include Big Data Integration, Community, IoT, Search, Geospatial, Graphing, Integration, Servers, and more. Apache Project content includes Camel, Cassandra, Cloudstack, Fineract, Flagon, Gobblin, Groovy, HTTP Server, Ignite, Karaf, Observability, Solr/Lucene, Tomcat, and Traffic Server/Traffic Control, among others. https://www.apachecon.com/acna2020/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.85%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 943 Apache contributors changed 3,276,658 lines of code over 3,818 commits. Top 5 contributors, in order, are: Andrea Tarocchi, Andrea Cosentino, Claus Ibsen, Lukasz Lenart, and Duo Zhang.

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Arrow 0.16.0 released https://arrow.apache.org/

Content --
 - Apache Jackrabbit Oak 1.22.1 released https://jackrabbit.apache.org/

Cryptography
 - Apache Milagro (Incubating) Crypto-C V2.0.1 released https://milagro.apache.org/

Libraries --
 - Apache Commons Compress 1.20 released https://commons.apache.org/compress/
 - Apache Commons CSV 1.8 released https://commons.apache.org/proper/commons-csv/

Programming Languages --
 - Apache Groovy 3.0.0 released https://groovy.apache.org/

Servers --
 - Apache Tomcat 8.5.51 and 9.0.31 released http://tomcat.apache.org/


Did You Know?

 - Did you know that Apache Impala now supports Apache Hudi (incubating), Hive, and ORC? http://impala.apache.org/

 - Did you know that the Apache NetBeans C/C++ donation by Oracle is nearing completion? Review and final stage countdown is on https://lists.apache.org/thread.html/rc62f519d5a203d1624cbc5116e0db399fed8ce7560bc7594a93e6fd8%40%3Cdev.netbeans.apache.org%3E

 - Did you know that you can access your favorite Apache project logos at http://apache.org/logos/ ?

Apache Community Notices:

 - Apache Month In Review: January 2020 – overview of events that have taken place within the Apache community https://s.apache.org/1bbb1

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday February 07, 2020

The Apache News Round-up: week ending 7 February 2020

Welcome, February! We're wrapping up another great week with the following activities:

ASF Security Report 2019 – the state of security across all Apache projects with key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues https://s.apache.org/tbyxg

Success at Apache – the monthly blog series that focuses on the people and processes behind why the ASF "just works".
 - "Success at Apache: Literally" by Chris Thistlethwaite https://s.apache.org/xjcrj

Apache Month In Review: January 2020 – a new monthly overview of events that have taken place within the Apache community https://s.apache.org/1bbb1

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 February 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFP Open: ApacheCon North America - 28 September - 2 October - tracks include Big Data, Cloud, Community, Content Delivery, FinTech, Geospatial, Graphing, IoT, Observability, Search, Servers, and more. https://www.apachecon.com/
 - Registration Open: Apache Roadshow/DC - 25 March - topics include Apache projects in CARE initiatives, cybersecurity, start-ups, and more. https://www.apachecon.com/usroadshowdc20/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.89%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 879 Apache contributors changed 2,008,768 lines of code over 3,559 commits. Top 5 contributors, in order, are: Andrea Cosentino, Claus Ibsen, Jean-Baptiste Onofré, Mark Thomas, and Tilman Hausherr.    

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Flink 1.9.2 released https://flink.apache.org/
 - Apache Beam 2.19.0 released https://beam.apache.org/
 - Apache NiFi 1.11.1 released https://nifi.apache.org/

Content --
 - Apache Jackrabbit Oak 1.6.20 and 1.8.20 released https://jackrabbit.apache.org/

Enterprise Processes Automation / ERP --
 - Apache OFBiz 16.11.07 released https://ofbiz.apache.org

Libraries --
 - Apache Velocity Engine 2.2 released https://velocity.apache.org/
 - Apache DeltaSpike 1.9.3 released https://deltaspike.apache.org/

Network Client --
 - Apache Guacamole 1.1.0 released https://guacamole.apache.org/

Did You Know?

 - Did you know that the following Apache projects are celebrating their anniversaries this month? Many happy returns to Apache HTTP Server (25 years!); Gump and Portals (16 years); Directory, MyFaces, and Xerces (15 years); Tapestry (14 years); Roller (13 years); Cassandra and Subversion (10 years); Chemistry (9 years); BVal and OpenNLP (8 years); Clerezza and Crunch (7 years); Knox, Open Climate Workbench, and Spark (6 years); DataFu (2 years); and Unomi (1 year). https://projects.apache.org/committees.html?date

 - Did you know that, over past year, the ASF processed 759 Individual Contributor License Agreements, 34 Corporate Contributor License Agreements, and 40 Software Grants? https://s.apache.org/Apache2019Digits

 - Did you know that Apache Airflow is having its first MeetUp in Bangalore? http://airflow.apache.org/

Apache Community Notices:

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Wednesday February 05, 2020

Apache Month in Review: January 2020

We're pleased to introduce a new monthly overview of events that have taken place within the Apache community. Below is the wrap-up of our activities in January:

New this month --

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - Apache Software Foundation 2019 Security Report https://s.apache.org/tbyxg

 - Launch of 2020 ASF Community Survey https://s.apache.org/pzol5

 - Update on "Trillions and Trillions Served", the documentary on the ASF https://s.apache.org/ASF-Trillions


Important Dates --

 - Registration open: Apache Roadshow/DC 25 March --tracks include Apache Projects and CARE Initiatives, Cybersecurity, and Start‑Ups. https://www.apachecon.com/usroadshowdc20/

 - Now open: CFP for ApacheCon North America --tracks include Big Data, Cloud, Community, Content Delivery, FinTech, Geospatial, Graphing, IoT, Observability, Search, Servers, and more. https://www.apachecon.com/

 - Next Board Meeting: 19 February 2020. http://apache.org/foundation/board/calendar.html


Infrastructure --

The ASF's distributed, seven-member Infrastructure team oversees our highly-reliable, distributed network under the leadership of VP Infrastructure David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure supports 300+ Apache projects and their communities across ~200 individual machines, 1,400+ repositories, more than half a petabyte of software source releases, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly checks to ensure services are available around the clock. The average uptime in January was 99.94%.


Committer Activity --

In January, 898 Apache Committers changed 4,835,906 lines of code over 14,064 commits. The Committers with the top 5 highest contributions, in order, were: Dan Haywood, Andrea Cosentino, Jean-Baptiste Onofré, Claus Ibsen, and Andi Huber.

Project Releases and Updates --

New releases from Apache Beam (Big Data), Commons Codec (Libraries), Commons VFS (Libraries), Crail (incubating; Libraries), Daffodil (incubating; Libraries), Drill (Big Data), Druid (Big Data), Geode (Big Data), Groovy (Programming Languages), HttpComponents (4 releases; Servers), IoTDB (incubating; IoT); Jackrabbit (5 releases; Content), Juneau (Libraries), Libcloud (2 releases; Cloud Computing), Lucene/Solr (2 releases; Search), NiFi (Big Data), OpenNLP (Machine Learning), OpenWebBeans (Libraries), Parquet (Big Data), Pulsar (Messaging), Qpid (Messaging), SpamAssassin (Mail), and Wicket (2 releases; Web Frameworks).

The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. YuniKorn (Resource Scheduler) is the latest podling undergoing development in the Apache Incubator http://incubator.apache.org/

The Apache Attic provides process and solutions to make it clear when an Apache project has reached its end of life. Apache ODE (Orchestration) has retired to the Attic https://attic.apache.org/

# # #

Monday February 03, 2020

Success at Apache: Literally

by Chris Thistlethwaite

I became part of the Apache community as a member of the ASF Infrastructure team in 2016, and was elected an ASF Member in 2019.

Browsing through the other "Success at Apache" posts made me reflect on the word "success". Years ago, I was asked in a job interview, "How do you define success?". After a pause, I asked back, "In what?", which threw the interviewer off a bit. That's just too broad of a question for me to define one answer: success in a career, success as a human, success as a team member, success at a software release, the list goes on and on. 

Every day there's a giant list of possible successes and failures, and that’s even before you get to work ...so keep that in mind as you continue reading.

In August of 2016 I came across a blog post that would change my life forever. 

At the time, I was looking for a new job that was taking longer than I expected. Taking a long shot, I sent off a very sparse email replying to the post. Two days later David Nalley (VP Infrastructure) replied, introducing me to Daniel Gruno who'd be doing the first round of interviewing. Fast forward a few months, and, spoiler alert: I got the job.

My first day "in the office" was in Seville, Spain, on November 14th during ApacheCon EU. Let me jump back a bit: most of the "Success at Apache" posts talk about the extensive background the authors have, both in the Open Source community and the ASF. While I use httpd, LAMP, etc. all the time, I never really found out how the "sausage was made". Apache has well-made products and the philosophy of how they were built intrigued me. My career until that point has mostly been inside Microsoft shops, usually with me suggesting FOSS solutions in meetings and only getting to use them in small-ish batches. A few MySQL boxes here, a few other Linux machines there, but not "full stack" kinda stuff: I ran it where I could but I was very happy with Microsoft products. "Best tool for the job", right? 

Anyway, back to Spain. I don't travel as much as I should, my Spanish is terrible (or enough to get me into a bar fight), and I'm traveling to a country I've never been to.

Friday November 11th was the last day at my previous job. Saturday afternoon, I left my wife and kid to jump on a plane for Seville, Sunday-ish I landed, and on Monday I started work in another country, at a job that was 98% Linux-based (Windows Jenkins build nodes), with people whom I’ve never seen before because no one used video chat during the interviews --at a conference held by the foundation I now work for. 

You may ask yourself, "How did I get here?", as I sure did: queue "Once in a Lifetime" by the Talking Heads...

My time at the ASF has been very interesting to say the least. With such a huge range of users of Apache software, some days I'm helping a large global company trying to get a product out the door, other days I'm troubleshooting a broken commit for someone working in their basement between dinner and baths for the kids. That's what makes this place special: those contributions help the community and help the common good of the project. The unique perspective I have is from within Infra. We don't just support the ASF, we support all projects in one way or another. One project might just be getting started with automated builds in Jenkins while another has been using CI/CD for years. That's a true strength of the ASF: disparate parts come together as a whole in a way that wouldn't work otherwise. Some days my job has nothing to do with technology, it's just getting the right people together on an email to figure out how to solve a problem, leveraging the different parts.

As mentioned earlier, "success" is a moving target, and at Apache, it's no different. Though in my case, any success at my job means I'm helping the ASF become successful, which in turn helps the projects and communities it supports. Behind every commit is a person, just working towards their own success.

I'm glad that I took the chance to respond to the job opening. Every job, company, and environment have a fair share of unpredictably and diversity. At the ASF, those traits are celebrated, leveraged, leaned on, and held up by the great people I get to work with and the community that I'm proud to be a part of.


Chris Thistlethwaite has been fixing problems and herding cats since before he can remember. He likes digging through log files to find solutions to complex problems and then turning his findings into pretty charts and graphs. After working at Avenue A | Razorfish, Sharebuilder, and some small startups, he brought his unique perspective on DevOps/Systems Engineering to the ASF Infrastructure team, where he specializes in monitoring systems. In his spare time, he enjoys homelabbing and spending time with his family.

= = =

"Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works" https://blogs.apache.org/foundation/category/SuccessAtApache

Friday January 31, 2020

Apache Software Foundation Security Report: 2019

Synopsis: This report explores the state of security across all Apache Software Foundation projects for the calendar year 2019. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues.

Released: 31 January 2020

Author: Mark Cox, Vice President Security, The Apache Software Foundation

Background
The security committee of The Apache Software Foundation (ASF) oversee and co-ordinate the handling of vulnerabilities across all of the 300+ Apache projects.  Established in 2002 and comprising of all volunteers, we have a consistent process for how issues are handled, and this process includes how our projects must disclose security issues.

Anyone finding security issues in any Apache project can report them to security@apache.org where they are recorded and passed on to the relevant dedicated security teams or project management committees (PMC) to handle.  The security committee see all the issues reported across all the addresses and keep track of the issues throughout the vulnerability lifecycle.  

The security committee is responsible for ensuring that issues are dealt with properly and will actively remind projects of their outstanding issues and responsibilities.  As a board committee, we have the ability to take action including blocking their future releases or, worst case, archiving a project if such projects are unresponsive to handling their security issues.  This, along with the Apache Software License, are key parts of the ASF’s general oversight function around official releases, allowing the ASF to protect individual developers and giving users confidence to deploy and rely on ASF software.  

The oversight into all security reports, along with tools we have developed, gives us the ability to easily create statistics on the issues. 

Statistics for 2019
In 2019 our security addresses received in total over 18,000 emails. After spam filtering and thread grouping this comes to 620 non-spam threads.  Unfortunately many security reports do look like spam and so the security team are careful to review all messages to ensure real reports are not missed for long.



Diagram 1: Breakdown of ASF security email threads for calendar year 2019*

Diagram 1 gives the breakdown of those 620 threads.  138 threads (22%) were people confused by the Apache License.  As many projects use the Apache License, not just those under the ASF umbrella, users can get confused when they see the Apache License and they don't understand what it is.  This is most common for example on mobile phones where the licenses are displayed in the settings menu, usually due to the inclusion of software by Google released under the Apache License.

The next 162 of the 620 (26%) are email threads that are not spam but are also not reports of new vulnerabilities.  These are generally people asking support-type questions or how old vulnerabilities were dealt with.

That left 320 reports of new vulnerabilities in 2019, which spanned across 84 of the top level projects.  These 320 reports are a mix of both external reporters and internal; for example where a project has found an issue themselves and followed the ASF process to assign it a CVE name and address it.  Note that we don’t track the reporter affiliation, and ASF reporters often use non-ASF email addresses for reporting, so we can’t give a break down of internal vs external reports .

The next step is that the appropriate project triages the report to see if it's really an issue or not.  At this stage invalid reports, or things that are not actually vulnerabilities at all, get rejected back to the reporter.  Of the remaining issues that are accepted they are are assigned appropriate CVE names and eventually fixes are released.

As of January 1st 2020, 19 of those 320 reports were still under triage (i.e. the project had not yet determined if the report is accepted or rejected).  The process of triage and investigation varies in time depending on the project, availability of resources, and number of issues to be assessed.  As a general guideline we try to ensure projects have triaged issues within 90 days of the report.  The timeline for the fixing of issues depends on the schedules of the projects themselves and issues of lower severity are most often held to future pre-planned releases.  

The remaining closed 301 reports led to us assigning 122 CVE names.  Some vulnerability reports may include multiple issues, some reports are across multiple projects, and some reports are duplicates where the same issue is found by different reporters, so there isn't an exact one-to-one mapping of accepted reports to CVE names.  The Apache Security committee handle CVE name allocation and are a Mitre Candidate Naming Authority (CNA), so all requests for CVE names in any ASF project are routed through us, even if the reporter is unaware and contacts Mitre directly or goes public with an issue before contacting us. 

Noteworthy events
During 2019 there were a few events worth discussion; either because they were severe and high risk, they had readily available exploits, or otherwise due to media attention.   These included:

  • January 2019: Securonix published a report outlining an increase of attacks of Apache Hadoop instances that have not been configured with authentication.  Public exploits and a Metasploit module exist to perform remote code execution on unprotected Hadoop YARN systems.

  • April 2019: A flaw in Apache HTTP Server 2.4 (CVE-2019-0211).  A user who has access to write scripts on a web server could elevate those privileges to root.  A public exploit is available for this issue.

  • April 2019: A flaw in older versions of Apache Axis that parsed a file retrieved insecurely from an expired domain, allowing remote code execution (CVE-2019-0227).

  • June 2019: Jonathan Leitschuh contacted us after finding a number of Java build dependencies were being downloaded over insecure paths (i.e. HTTP rather than HTTPS).  We did not classify these as security vulnerabilities in themselves as exploiting them would require MITM attacks at build time.  We worked with ASF projects including those identified by the reporter to ensure that we use secure URLs.  Now, in 2020, a number of repositories are requiring secure URLs.

  • August 2019: The Black Duck Synopsys team reviewed older Struts releases and advisories and found some discrepancies in the reported affected versions.   The Struts team worked through their findings and issued corrections where needed.  This can be important if users are running older versions that they don't think are affected by an issue based on the advisories, but they actually are.  However, those same users are likely vulnerable to the other issues that have since been fixed and so we'd always recommend users upgrade to the latest version of Struts to ensure they have a version that contains fixes for all the published security issues.

  • August 2019: Netflix found a number of denial of service vulnerabilities affecting various HTTP/2 implementations. ASF projects containing HTTP/2 implementations were investigated and analysed the issues reported. Both Apache HTTP Server and Apache TrafficServer released updates to address denial of service issues that affected them.  Apache Tomcat also made performance improvements to HTTP/2 handling but the issues were not classed as denial of service.

  • September 2019: A RiskSense report highlighted vulnerabilities known to be used by Ransomware which included four in ASF projects.  The four vulnerabilities were all fixed in earlier years and all had updates and mitigations available before any ransomware took advantage of them.  Users should always ensure they pay attention to security updates in any ASF projects they use and prioritise updating for any remote or critical vulnerabilities. The four vulnerabilities were:

     -- CVE-2016-3088 in Apache ActiveMQ.  Targeted by XBash, this issue was trivial to exploit.  It was fixed in Active MQ 5.14.0 and mitigation was also available.

     -- CVE-2017-12615 in Apache Tomcat.  It is surprising to see this issue on the list as it affects a non-default and quite unlikely flaw.  However, it's an issue that is probed by Lucky (a variant of "Satan"), so if there is a server configured in this way it will get exposed. This issue only affected Windows platforms on non-default config, it was fixed in Tomcat 7.0.81, and mitigation is also available.  Note that Lucky will also do brute force attacks targeting weak passwords on  accessible Tomcat Web Admin consoles.

     -- CVE-2017-5638 in Apache Struts.  This issue is known to be exploited in the wild, however the first exploitation was discovered after the advisory and fix was published.  Used by Lucky (a variant of Satan).  It was fixed in Struts 2.3.32 and 2.5.10.1, and a mitigation is also available.

     -- CVE-2018-11776 in Apache Struts.  This issue is also used by Lucky.  It was fixed in Struts 2.3.35, 2.5.17, a possible mitigation is available but upgrading is advised.

  • Dec 2019: A flaw in Apache Olingo allowing XML External Entity (XXE) attacks (CVE-2019-17554).  This issue could be used, for example, to retrieve arbitrary files from a server.  A public exploit example exists for this issue.

  • A number of flaws in Apache Solr through the year that could allow remote code execution.  Public exploits exist for some of the issues as well as a Metasploit module.

  • The European Commission EU-FOSSA 2 project sponsored bug bounty programs for users finding security issues in both Apache Kafka and Apache Tomcat.  No issues were fixed in Apache Kafka.  Two issues were fixed in Apache Tomcat: CVE-2019-0232 (Important severity, affecting Windows platforms, public exploits including a Metasploit module are available) and CVE-2019-0221 (Low severity).   As well as running the bug bounties, EU-FOSSA 2 also sponsored a successful hackathon in June 2019.
Conclusion

Apache Software Foundation projects are highly diverse and independent.  They have different languages, communities, management, and security models.  However one of the things every project has in common is a consistent process for how reported security issues are handled.

The ASF Security Committee work closely with the project teams, communities, and reporters to ensure that issues get handled quickly and correctly.  This responsible oversight is a principle of The Apache Way and helps ensure Apache software is stable and can be trusted.

This report gave metrics for calendar year 2019 showing from the 18,000 emails received we triaged over 300 vulnerability reports leading to fixing just over 100 (CVE) issues.  If you have vulnerability information you would like to share with or comments on this report please contact us.

# # #

graphic created by http://sankeymatic.com/build/ using code :

Threads [138] License Confusion

Threads [162] Support Questions

Threads [320] Vulnerability Reports

Vulnerability Reports [19] Under Triage

Vulnerability Reports [301] Closed

Closed [122] CVE

1000x600

colour B source

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation