creating jsr277-discuss@apache.org

[Brett Porter <br...@apache.org>]

Hi,

I have discussed this with Stanley and he has obtained confirmation. We
can go ahead with internal discussion as required.

The restrictions are entirely up to us as long as we continue to respect
the conditions of the JSPA. This means that discussions must remain
confidential, but that no NDAs are required.

The EG list content can be shared with the group. Once the group is
assembled, we can discuss whether we will try to get all messages
forwarded on, or whether they'd just prefer to get summaries.

However, all that said, since there is no legal firewall of the NDA, I
think we should ask the board to verify we can do this. They are meeting
next week.

Regardless, we can go ahead with creating this list. Geir - are you able
to do this?

Here is how I believe the list should be set up:

Moderators: myself, anyone else volunteering?
Subscription: moderated. Need to verify that subscribers are committers.
Posting: moderated.
Archive: private, available to committers on minotaur

Please let me know if I can do anything to help, or if you'd like me to
copy infra@ again/use JIRA.

Thanks,
Brett

Re: creating jsr277-discuss@apache.org

[Brett Porter <br...@apache.org>]

Geir Magnusson Jr wrote:
> There's the rub.  What does it mean "discussions muct remain confidential"?

Section 9 of the JSPA that says that things marked confidential must be
kept so up until made available for public review or 3 years passes. The
EG has been requested that all phone calls, mailing list traffic and the
wiki be kept confidential.

I'm certain given the emphasis on that that a request to make everything
public would have been declined, however I've led the discussion in that
direction for the future. I asked whether I could send any information
about progress to the board for a report that would be opened to the
public after a number of months, and was told that I would have to
request that it not be made public if sent to the board.

As I said in the last email, its entirely unclear to me what your goal
is. It would be helpful if you could go back and clarify that. But
removing the confidentiality is not something that is going to happen
overnight.

Are there any JSRs I can refer to that have already done this? I know
JDO2 does their TCK and RI development in the open, but AFAICT the EG
discussions are not.

> I'm assuming that Stanley assumed you were asking if NDA's between Sun
> and our individuals was required (the answer is 'no', of course, as
> they're participating as ASF, not individuals), 

No, he understood what I meant.

> but by stating that we
> keep to the conditions of the JSPA and the conditions remain
> confidential, the onus is back on us, and thus I'd argue we didn't get
> very far as we are extending obligations of the JSPA to those
> participating in our name.

That's exactly what he said. I never would have assumed you wanted me to
try and get the JSR to operate outside the conditions of the JSPA as
that most certainly would have been shot down in flames.

> This isn't an issue for the board.

I would expect that your next point would be. That's really what I
meant. I'm not asking we draw them into any discussion (they've got
plenty else to deal with!) but rather approve anything that comes out of
this - or do you have authority to do so as an officer? Shouldn't doing
so still be recorded in the minutes of a board meeting?

> I'll find out if there is
> a way we can setup the list w/o NDAs through some other mechanism with
> which we (the ASF) can reasonably demonstrate that we upheld the terms
> of the JSPA w/o some confidentiality agreement/awareness with the
> participants that we are choosing to include.

Thanks. Can you give some thoughts on what this might be, or how you are
going about this? If its another signed piece of paper that's not an
NDA, or something else that still requires special access restrictions
on our servers then we're really back in the same boat as I think its
the paperwork and the infra work that were considered the barriers to
entry here.

Is accepting membership sufficient? I don't see anything in the bylaws
that indicate it is, but just a thought of at least one group that might
be able to get easier access.

> In order to not hold this up any further while we figure it out, I'll
> set things up 

Great.

> so that the only thing moderated is subscription, which
> I'll do and ensure that each sub has the NDA on file (for now).  

I can do that as well. We can just ask that they use their Apache
address (or alias listed in committers) to subscribe.

That doesn't really answer what we do with the archives which would
still be open to all committers or at least members.

> Given
> the small group subscribing, do you see any need to moderate the
> postings themselves?

There's 3 choices:
(a) moderate postings. People can post if not subscribed which might be
helpful.
(b) bounce messages not from subscribed members.
(c) open list. spam sink.

(a) or (b) are fine with me. I'd suspect anyone that hasn't signed an
NDA can send anything via jcp-open@ so (a) would only be helpful for
people sending from the wrong address, which isn't a big deal.

- Brett

Re: creating jsr277-discuss@apache.org

[Geir Magnusson Jr <ge...@pobox.com>]

Brett Porter wrote:
> Hi,
> 
> I have discussed this with Stanley and he has obtained confirmation. We
> can go ahead with internal discussion as required.
> 
> The restrictions are entirely up to us as long as we continue to respect
> the conditions of the JSPA. This means that discussions must remain
> confidential, but that no NDAs are required.

There's the rub.  What does it mean "discussions muct remain confidential"?

I'm assuming that Stanley assumed you were asking if NDA's between Sun 
and our individuals was required (the answer is 'no', of course, as 
they're participating as ASF, not individuals), but by stating that we 
keep to the conditions of the JSPA and the conditions remain 
confidential, the onus is back on us, and thus I'd argue we didn't get 
very far as we are extending obligations of the JSPA to those 
participating in our name.

> 
> The EG list content can be shared with the group. Once the group is
> assembled, we can discuss whether we will try to get all messages
> forwarded on, or whether they'd just prefer to get summaries.
> 
> However, all that said, since there is no legal firewall of the NDA, I
> think we should ask the board to verify we can do this. They are meeting
> next week.

This isn't an issue for the board.

> 
> Regardless, we can go ahead with creating this list. 


I think you are leaping to a conclusion here.  I'll find out if there is 
a way we can setup the list w/o NDAs through some other mechanism with 
which we (the ASF) can reasonably demonstrate that we upheld the terms 
of the JSPA w/o some confidentiality agreement/awareness with the 
participants that we are choosing to include.

Geir - are you able
> to do this?
> 
> Here is how I believe the list should be set up:
> 
> Moderators: myself, anyone else volunteering?
> Subscription: moderated. Need to verify that subscribers are committers.
> Posting: moderated.
> Archive: private, available to committers on minotaur
> 
> Please let me know if I can do anything to help, or if you'd like me to
> copy infra@ again/use JIRA.
> 

In order to not hold this up any further while we figure it out, I'll 
set things up so that the only thing moderated is subscription, which 
I'll do and ensure that each sub has the NDA on file (for now).  Given 
the small group subscribing, do you see any need to moderate the 
postings themselves?

geir



> Thanks,
> Brett
> 
>