The Apache Software Foundation Blog
The Apache Software Foundation Operations Summary: 1 November 2020 - 31 January 2021
FOUNDATION OPERATIONS SUMMARY
Third Quarter, Fiscal Year 2021 (November 2020 - January 2021)
"We’re proud to be a part of the ASF community and look forward to continued support of its mission to provide Open Source software for the public good."
—Joel Marcey, Open Source Developer Advocate and Ecosystem Lead at Facebook (ASF Platinum Sponsor)
> Conferences and Events http://apachecon.com/
We held no events during the reporting period.
We have begun discussion of dates and details for ApacheCon 2021, and expect to have an announcement by March 1st. This event will, once again, be an online-only event.
Please watch @apachecon (on Twitter) for that announcement.
> Community Development http://community.apache.org/
During December an Apache Roadshow China was held in conjunction with COSCon. The event was a great success and we are looking forward to participation at future events.
A key theme this quarter was communication and ensuring our community was being kept informed of what is happening. As a result, we have been experimenting with a new format for the Apache News Roundup have been trialling it with the community. A range of short videos have been created focussed on different but hopefully useful topics. Feedback from the community has been extremely positive.
We applied for and were accepted for an online booth at FOSDEM. Throughout January most of our efforts were focussed on preparing for our participation at FOSDEM. Even with the very short timeframe, several of our volunteers worked quickly and efficiently to put together an online presence for us during the event.
A request has been received to try and establish an Apache Local Community (ALC) in Nigeria so we are currently looking for an ASF member or PMC members from any Apache project that live locally that can become the main point of contact. These are part of the minimum requirements for governance when establishing a new ALC group.
We are in the final stages of our Google Summer of Code (GSoC) application so have also been gathering ideas from our projects.
Our mailing list has seen a large increase in traffic this quarter. Some of the increase is related to GSoC proposal requests being received from our projects. Yet even with the break for the holidays, it was good to see our discussion activity grow.
> Committers and Contributions http://apache.org/licenses/contributor-agreements.html
Over the past quarter, 1,424 contributors committed 64,101 changes that amount to 35,706,852 lines of code across Apache projects. The top 5 contributors, in order, were: Andrea Cosentino (1,544 commits), Xiang Xiao (1,301 commits), Jean-Baptiste Onofré (971 commits), Kaxil Naik (907 commits), and Gary Gregory (878 commits).
All individuals who are granted write access to the Apache repositories must submit an Individual Contributor License Agreement (ICLA). Corporations that have assigned employees to work on Apache projects as part of an employment agreement may sign a Corporate CLA (CCLA) for contributing intellectual property via the corporation. Individuals or corporations donating a body of existing software or documentation to one of the Apache projects need to execute a formal Software Grant Agreement (SGA) with the ASF.
During Q3 FY2021, the ASF Secretary processed 198 ICLAs, 4 CCLAs, and 16 Software Grants. History of Apache committer growth can be seen at https://projects.apache.org/timelines.html
> Brand Management http://apache.org/foundation/marks/
Operations —the work of the Brand Management team falls broadly into one of four categories:
- providing advice to projects
- granting permission to use our marks
- trademark transfers and registrations
- addressing potential infringements of our marks
As with previous quarters we provided both Apache projects and external parties with advice on the correct use of Apache marks in a range of scenarios including branding of YouTube channels, Docker images Registrations, publishing, translations of project websites, tshirts, and stickers. The COVID-19 pandemic doesn't appear to reduced the number of project related events although all of the ones approves this quarter were, unsurprisingly, on-line events.
This quarter we worked with the KAFKA project and counsel to develop a KAFKA specific branding policy for KAFKA clients and connectors.
Another element of the advice we provide is naming advice for podlings. This quarter we provided advice to a project considering applying to join the Apache incubator and to three podlings.
Other advice provided this quarter included advice on using non-ASF logos on a project website and whether or not a project's mark was registered. We also rejected a mid-directed infringement claim for a non-ASF controlled website that just happened to be hosted on httpd.
This quarter we started the process of updating the official ASF address associated with our registrations. There are costs associated with this process but we still anticipate brand expenditure for this year to remain within budget.
The APACHE IGNITE registration for China completed this quarter.
The registrations for APACHE and APACHE FLINK in China, BROOKLYN in the US continued to progress this quarter.
We worked with counsel and the current registrants to progress the transfer of ownership of the APISIX marks in China and SERVICECOMB marks in the US and EU to the ASF.
This quarter we saw an increase in people and organisations using derivations of the Apache License, version 2 without changing the primary branding of the license. While we do not object to the creation of such derivative licenses, we do want to ensure that they do not cause
confusion amongst end-users. Therefore, we monitor for such licenses and work with the authors to ensure that the licenses are clearly branded so that they will not be confused with the Apache License, version 2.
We have made some progress towards addressing infringing products sold in various online stores but have not yet resolved these issues.
It is usually members of our project communities who are first to identify potential infringements. This quarter we provided advice to a number of PMCs as to the best approach to take to address a potential infringement.
The Brand Management team welcomes your comments and suggestions as well as any questions you might have. Please see https://www.apache.org/foundation/marks/contact for our contact details.
> Security http://apache.org/security/
We continued to work on handling incoming security issues, keeping projects reminded of their outstanding issues, allocation of CVE names, and other general oversight and advice.
For Q3 we tracked 138 new vulnerability reports across 47 projects. Those reports led to 36 published CVE vulnerabilities. The previous Q3 for comparison was 95 reports leading to 41 CVE.
We published a security report for calendar year 2020: https://s.apache.org/SecurityReport2020
The CVE project released a new automation API and the ASF became the first organisation to get a live CVE name using it. Instead of the security team holding a pool of names requested in advance we now allocate them on demand, with the service taking care of emails to the PMC and other previously manual parts of the process. We released an internal tool providing projects dealing with security issues a way to edit, validate, and submit their entries to Mitre. We aim to have the CVE database updated within a day of an issue being published. We expect more automation available during 2021 allowing us to streamline the CVE process for projects even further.
A few questions were answered on the privacy list. Most of the requests were around our use of the mailing lists. It was recommended that any person, who has privacy concerns over mailing list data, is redirected to vp-privacy@ or to the privacy@ list directly (if the request is not sensitive itself).
A GIT repository was created for working on policies. Apart from that, privacy did not handle critical issues so far. In the next few weeks we will see working drafts for mailing list archives.
> Infrastructure http://apache.org/dev/infrastructure.html
The Infrastructure has done well over the past quarter, maintaining cost controls and keeping our team home and healthy.
This past quarter has seen a large change in our back-office, with how we manage our US-based employees. While it took a lot of effort, it did not impact our team's operations. We are up and rolling smoothly, after these changes.
There was a scare in the security around some of our automated CI/CD systems, which we quickly handled. In the end, the initial concern did not pan out to any real problems. Yet we learned and expanded some of our Best Practices, and implemented a scanner to monitor for future security concerns in this area.
The team has started a monthly "Builds" conference call to bring the broader community together to talk "all things builds". This has enabled a sharing of ideas, helped us advance more of our CI/CD infrastructure, and highlighted the pain points that our communities are seeing.
Our background work has continued, as usual, in areas such as testing a CDN deployment, improved integration between the ASF and GitHub, investigating a move from our on-premise Atlassian products to their cloud-based services, and our mail system upgrade.
> Treasury and Financial Statement --map against https://s.apache.org/FY2019AnnualReport
The Treasurer, Myrle Krantz, and the Assistant Treasurer, Trevor Grant have contributed to keeping The Foundation in excellent fiscal shape with all tax and compliance forms filed on time. Latest public filings can be found at http://www.apache.org/foundation/records/. We have advised that officers minimize expenses until there is more certainty in global economic outlooks. Officers have done an excellent job at cost control throughout the fiscal year, and we hope that in the coming fiscal year that the need for austerity will be reduced. We transitioned, this quarter, from accounting provided by Virtual to accounting provided by IgniteSpot. Benefits we have seen from this transition include:
- better transparency into accounting and smoother budgeting processes by moving from QuickBooks Enterprise to QuickBooks Online,
- better automation of our processes via the integration of QuickBooks Online with Bill.com and our banking solutions, and
- reduced costs.
We are pleased with the enthusiastic support IgniteSpot has provided Fundraising with invoicing and reporting, and we hope to see this continue. The transition has forced us to examine our internal processes, and given us opportunities to improve them.
In the process of transitioning accountants, we have also transitioned PEO providers. We now employ ADP Total Source directly. In addition we have transitioned to a new physical mailing address and a new registered agent. We thank Greg Stein, David Nalley, and Ruth Suehle for the truly excellent collaboration which made a change of this extent possible. We thank Virtual for their many years of service. The Apache Software Foundation would not be where we are today without the tireless efforts of Virtual to modernize our accounting processes and make them sustainable. In all, the transition has been extremely smooth. Our books were imported without difficulties. Thanks to the work Myrle Krantz and Greg Stein performed earlier this year to introduce bill.com, there were no interruptions in our vendor payments. And thanks to heightened attention by Sally Khudairi, and Daniel Ruggeri and IgniteSpot, there were no interruptions to sponsor invoicing. The financial report has a few more details than past quarterly reports. We have adjusted reporting to include mention of restricted funds. ASF Treasury has gone above and beyond to support fundraising this quarter. In particular, to make possible a two year platinum sponsorship before the end of the sponsor’s fiscal year, Myrle Krantz, with support from Greg Stein, and direction from Sally Khudairi interfaced with a sponsor’s PO system and generated and submitted last minute estimates and invoices. This team worked through multiple iterations over the course of several hours on New Year’s Eve and New Year’s Day to get it right. This was possible, in part, because the ASF Treasury now has access to our own books via QuickBooks Online. We have added a bank account at TDBank to our mix of financial instruments. The majority of our cash remains in a CDARS account at Boston Private which provides FDIC insurance for the full amount.
> Diversity and Inclusion http://diversity.apache.org/
Diversity & Inclusion
Q3 of FY2021 focused on wrapping up the first research on the current status of D&I at the ASF, securing funds for one more year of Outreachy internships and planning for FY2022. Below is a breakdown of these accomplishments.
Wrapping the research on the current status of Diversity and Inclusion at the ASF
This project was composed of two initiatives: The ASF Community Survey and a User Experience Research for contributors of underrepresented groups. These two initiatives concluded in Q2 and we have a final draft https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=173087952 to be published in multiple channels, such as research publications and conferences like ApacheCon.
Continuing the internships for underrepresented groups through Outreachy.org
The third period of Outreachy internships is underway and we have six interns for six different Apache projects https://cwiki.apache.org/confluence/display/EDI/2020-11-25+Outreachy+Meeting+notes . We secured $52,000 in sponsorship from Google to continue with this program for one more year. The sponsorship will be processed in March 2021.
The findings and recommendations from the research completed in FY2021 will be the platform for taking action in FY2022. The D&I committee will have the following goals in FY2022:
- Act on the findings and recommendations from the research done in FY2021
- Continue the Outreachy Internships
- Re-application of the community survey to measure changes since the survey was last done in 2020.
The ultimate objective is to scope and define a project that will help us take the current state of D&I at the ASF to better neights. We will partner with Bitergia again, this is the firm that conducted the research and ran the ASF community survey in 2020. One of the alternatives we’re strongly considering is the creation of a program that helps podlings in the incubator develop strong practices for inclusion, enabling the projects to be diverse from the moment they graduate from incubation. This is still one are of consideration, and we’ll have the final selection by the end of the quarter.
> Fundraising http://apache.org/foundation/contributing.html
As was noted in prior quarterly reports, Fundraising continues to move along well operationally. In addition to performing regular renewals, we are further honing our processes by experimenting with automation and tooling to augment our work. In this quarter, we are pleased to note that all ApacheCon sponsorships have completed and closed in the early quarter. Additionally, we managed to continue business-as-usual during a very busy December as the foundation onboarded a new accounting provider and platform.
We continue maintaining cautious optimism as we weather the current pandemic with our Sponsors and are tremendously thankful for the continued sponsorship despite the hard times. While we regret that two Bronze sponsors chose not to renew their sponsorship this quarter, we are thrilled to welcome a new Platinum Sponsor, Gold Sponsor, Silver Sponsor, and Bronze Sponsor! This growth in sponsorships is a heart warming indication that the amazing work done here at The ASF is recognized and appreciated in the global community. To that point, we are pleased to see that this quarter saw a higher than typical number of individual donations to the foundation.
The joy we feel from the continued support of our individual and corporate sponsors simply cannot be overstated. In the tough times leading into and during the initial days of the pandemic, like many others, we just did not know what to expect. After all, the only income our all-volunteer-led foundation receives comes from sponsorships. The ASF is known to house projects that creates industries, evolves the technology landscape, improves the world we live in - and we do it in a way that is fair and equitable to all who participate regardless of background. This is all entirely possible because of the generosity of our sponsors… especially during difficult days.
With a truly humble and grateful heart: THANK YOU for continuing to support us during this storm.
The list of all Sponsors is available at http://apache.org/foundation/thanks . To become an ASF Sponsor, visit http://apache.org/foundation/sponsorship.html . To make a one-time or monthly recurring donation, please visit https://donate.apache.org/ .
= = =
Report prepared by Sally Khudairi, Vice President Marketing & Publicity, with contributions by Rich Bowen, Vice President Conferences; Mark Cox, Vice President Security; Griselda Cuevas, Vice President Diversity & Inclusion; David Nalley, Vice President Infrastructure; Sharan Foga, Vice President Community Development; Christian Grobmeier, Vice President Data Privacy; Myrle Krantz, Treasurer; Daniel Ruggeri, Vice President Fundraising; Greg Stein, Infrastructure Administrator; and Mark Thomas, Vice President Brand Management.
For more information, subscribe to the firstname.lastname@example.org mailing list http://apache.org/foundation/mailinglists.html#foundation-announce and visit http://www.apache.org/ , the ASF Blog at http://blogs.apache.org/ , the @TheASF on Twitter https://twitter.com/TheASF , and LinkedIn https://www.linkedin.com/company/the-apache-software-foundation .
(c) The Apache Software Foundation 2021.
# # #
Posted at 03:22PM Mar 15, 2021 by Sally Khudairi in Newsletter | |