Re: [VOTE] Explore creating a reusable JWT Library

[David Blevins <da...@gmail.com>]

> On Mar 31, 2018, at 2:16 AM, Romain Manni-Bucau <rm...@gmail.com> wrote:
> 
> It was more as a "if im always the only one seeing tomee differently i can
> leave to let you space". Not as a threat.

That's a generous sentiment.  Either way the best outcome is that you stay and we all learn the lesson that disagreeing is ok and healthy.  How is the most important part.

Disagreement can be an incredibly productive and innovative thing if done right.  By definition, that means this project is sitting on some incredible innovative potential.

A concrete way I think we can measure ourselves is by the number of people who feel comfortable voting.  I would consider a vote of 20 people that included 3 -1 votes to be significantly more healthy than a vote of 3 people and all +1s.

> [...]
> There is no veto at apache if you check rules closely. All is more about
> respect and overall consensus IIRC.

I want to be careful that we don't learn a false lesson as Apache does have technical vetos.  These are more meant for line-of-code level input vs community direction.

The intention of the two votes was to make the line a little more clear.

 - The first vote "Merge Pull Request 123 - MicroProfile JWT support" was intended to flush out line-of-code level technical issues with the PR: breaks the build; doesn't follow code style; introduces security issues.  It's ultimately a Review-than-Commit vote and a -1 should be viewed as a technical veto.

 - The second vote "Explore creating a reusable JWT Library" was intended to determine overall desire on what the next step should be.  No commit being reviewed, more of a community level discussion.  A -1 should not be viewed as a veto.


-David

Re: [VOTE] Explore creating a reusable JWT Library

[Romain Manni-Bucau <rm...@gmail.com>]

CXF doesn't do that AFAIK and fully relies on the JVM API, Tomcat has some
code (
https://github.com/apache/tomcat/blob/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java)
but it is not much reusable so having a kind of commons-keys (bouncycastle
@asf to not hide it ;)).


Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>

2018-05-02 10:28 GMT+02:00 Matthew Broadhead <matthew.broadhead@nbmlaw.co.uk
>:

> aren't there apache projects already dealing with public key formats?  cxf
> must have done a lot of work on that?  would this just be a wrapper to
> existing libs?
>
>
>
> On 02/05/18 10:03, Jean-Louis Monteiro wrote:
>
>> PCS8 "standard" or not is probably the one to no miss
>>
>> --
>> Jean-Louis Monteiro
>> http://twitter.com/jlouismonteiro
>> http://www.tomitribe.com
>>
>> On Wed, May 2, 2018 at 6:27 AM, Rudy De Busscher <rd...@gmail.com>
>> wrote:
>>
>> Primarily what I'd like to do is really nail the public key format
>>>> manipulation.  I did a huge amount of research in this and would like to
>>>> come up with an extremely well tested library that can natively read all
>>>> the dominate file formats PKCS 1 & 5 PEM, JWK{S} and has command-line
>>>>
>>> tools
>>>
>>>> for converting between them.
>>>>
>>>
>>> That would be super awesome. I have been working on the same thing the
>>> past
>>> month or so.
>>>
>>> Rudy
>>>
>>> On 2 May 2018 at 00:13, David Blevins <da...@gmail.com> wrote:
>>>
>>> Requested a repo we could potentially use for this.
>>>>
>>>> Primarily what I'd like to do is really nail the public key format
>>>> manipulation.  I did a huge amount of research in this and would like to
>>>> come up with an extremely well tested library that can natively read all
>>>> the dominate file formats PKCS 1 & 5 PEM, JWK{S} and has command-line
>>>>
>>> tools
>>>
>>>> for converting between them.
>>>>
>>>> This could be useful to both the TomEE and Geronimo MicroProfile JWT
>>>>
>>> impls.
>>>
>>>>
>>>> --
>>>> David Blevins
>>>> http://twitter.com/dblevins
>>>> http://www.tomitribe.com
>>>>
>>>> On Apr 4, 2018, at 5:32 AM, Jean-Louis Monteiro <
>>>>>
>>>> jlmonteiro@tomitribe.com> wrote:
>>>>
>>>>> The code still is in a PR (#123) for the moment
>>>>>
>>>>> I'm in to help.
>>>>> Still some small fixes to do and I'd like MP-Config to be used to
>>>>>
>>>> configure
>>>>
>>>>> keys, issues, and others.
>>>>>
>>>>> --
>>>>> Jean-Louis Monteiro
>>>>> http://twitter.com/jlouismonteiro
>>>>> http://www.tomitribe.com
>>>>>
>>>>> On Wed, Apr 4, 2018 at 1:06 PM, Mark Struberg
>>>>>
>>>> <struberg@yahoo.de.invalid
>>>
>>>> wrote:
>>>>>
>>>>> As noted elsewhere: the vote question was a mixture of 'what do you
>>>>>> think' (consensus -> majority vote)  and 'is it ok' (technical ->
>>>>>>
>>>>> unanimous
>>>>
>>>>> vote).
>>>>>> I'd also be in favour to do the generic parts in Geronimo and only do
>>>>>>
>>>>> the
>>>>
>>>>> integration in TomEE. So yes, in a consensus vote I'd also vote -1. If
>>>>>>
>>>>> this
>>>>
>>>>> is interpreted as commit vote then I vote -0
>>>>>> The work is the same and as long as it's been done I'm fine either
>>>>>>
>>>>> ways.
>>>
>>>> Now that we did all the 3 weeks of rambling and discussions let's
>>>>>>
>>>>> focus
>>>
>>>> on
>>>>
>>>>> the important stuff.
>>>>>> Where is the code? Who did already work on it? Or do we again have 30
>>>>>> people discussing but just 2 working? ;)
>>>>>>
>>>>>> LieGrue,strub
>>>>>>     On Wednesday, 4 April 2018, 01:14:57 CEST, David Blevins <
>>>>>> david.blevins@gmail.com> wrote:
>>>>>>
>>>>>> On Mar 31, 2018, at 2:16 AM, Romain Manni-Bucau <
>>>>>>>
>>>>>> rmannibucau@gmail.com
>>>
>>>> wrote:
>>>>>>
>>>>>>> It was more as a "if im always the only one seeing tomee differently
>>>>>>>
>>>>>> i
>>>
>>>> can
>>>>>>
>>>>>>> leave to let you space". Not as a threat.
>>>>>>>
>>>>>> That's a generous sentiment.  Either way the best outcome is that you
>>>>>>
>>>>> stay
>>>>
>>>>> and we all learn the lesson that disagreeing is ok and healthy.  How
>>>>>>
>>>>> is
>>>
>>>> the
>>>>
>>>>> most important part.
>>>>>>
>>>>>> Disagreement can be an incredibly productive and innovative thing if
>>>>>>
>>>>> done
>>>>
>>>>> right.  By definition, that means this project is sitting on some
>>>>>> incredible innovative potential.
>>>>>>
>>>>>> A concrete way I think we can measure ourselves is by the number of
>>>>>>
>>>>> people
>>>>
>>>>> who feel comfortable voting.  I would consider a vote of 20 people
>>>>>>
>>>>> that
>>>
>>>> included 3 -1 votes to be significantly more healthy than a vote of 3
>>>>>> people and all +1s.
>>>>>>
>>>>>> [...]
>>>>>>> There is no veto at apache if you check rules closely. All is more
>>>>>>>
>>>>>> about
>>>>
>>>>> respect and overall consensus IIRC.
>>>>>>>
>>>>>> I want to be careful that we don't learn a false lesson as Apache does
>>>>>> have technical vetos.  These are more meant for line-of-code level
>>>>>>
>>>>> input vs
>>>>
>>>>> community direction.
>>>>>>
>>>>>> The intention of the two votes was to make the line a little more
>>>>>>
>>>>> clear.
>>>
>>>> - The first vote "Merge Pull Request 123 - MicroProfile JWT support"
>>>>>>
>>>>> was
>>>
>>>> intended to flush out line-of-code level technical issues with the PR:
>>>>>> breaks the build; doesn't follow code style; introduces security
>>>>>>
>>>>> issues.
>>>
>>>> It's ultimately a Review-than-Commit vote and a -1 should be viewed
>>>>>>
>>>>> as a
>>>
>>>> technical veto.
>>>>>>
>>>>>> - The second vote "Explore creating a reusable JWT Library" was
>>>>>>
>>>>> intended
>>>
>>>> to determine overall desire on what the next step should be.  No
>>>>>>
>>>>> commit
>>>
>>>> being reviewed, more of a community level discussion.  A -1 should not
>>>>>>
>>>>> be
>>>>
>>>>> viewed as a veto.
>>>>>>
>>>>>>
>>>>>> -David
>>>>>>
>>>>>>
>>>>>>
>>>>
>

Re: [VOTE] Explore creating a reusable JWT Library

[Matthew Broadhead <ma...@nbmlaw.co.uk>]

aren't there apache projects already dealing with public key formats?  
cxf must have done a lot of work on that?  would this just be a wrapper 
to existing libs?


On 02/05/18 10:03, Jean-Louis Monteiro wrote:
> PCS8 "standard" or not is probably the one to no miss
>
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
>
> On Wed, May 2, 2018 at 6:27 AM, Rudy De Busscher <rd...@gmail.com>
> wrote:
>
>>> Primarily what I'd like to do is really nail the public key format
>>> manipulation.  I did a huge amount of research in this and would like to
>>> come up with an extremely well tested library that can natively read all
>>> the dominate file formats PKCS 1 & 5 PEM, JWK{S} and has command-line
>> tools
>>> for converting between them.
>>
>> That would be super awesome. I have been working on the same thing the past
>> month or so.
>>
>> Rudy
>>
>> On 2 May 2018 at 00:13, David Blevins <da...@gmail.com> wrote:
>>
>>> Requested a repo we could potentially use for this.
>>>
>>> Primarily what I'd like to do is really nail the public key format
>>> manipulation.  I did a huge amount of research in this and would like to
>>> come up with an extremely well tested library that can natively read all
>>> the dominate file formats PKCS 1 & 5 PEM, JWK{S} and has command-line
>> tools
>>> for converting between them.
>>>
>>> This could be useful to both the TomEE and Geronimo MicroProfile JWT
>> impls.
>>>
>>> --
>>> David Blevins
>>> http://twitter.com/dblevins
>>> http://www.tomitribe.com
>>>
>>>> On Apr 4, 2018, at 5:32 AM, Jean-Louis Monteiro <
>>> jlmonteiro@tomitribe.com> wrote:
>>>> The code still is in a PR (#123) for the moment
>>>>
>>>> I'm in to help.
>>>> Still some small fixes to do and I'd like MP-Config to be used to
>>> configure
>>>> keys, issues, and others.
>>>>
>>>> --
>>>> Jean-Louis Monteiro
>>>> http://twitter.com/jlouismonteiro
>>>> http://www.tomitribe.com
>>>>
>>>> On Wed, Apr 4, 2018 at 1:06 PM, Mark Struberg
>> <struberg@yahoo.de.invalid
>>>> wrote:
>>>>
>>>>> As noted elsewhere: the vote question was a mixture of 'what do you
>>>>> think' (consensus -> majority vote)  and 'is it ok' (technical ->
>>> unanimous
>>>>> vote).
>>>>> I'd also be in favour to do the generic parts in Geronimo and only do
>>> the
>>>>> integration in TomEE. So yes, in a consensus vote I'd also vote -1. If
>>> this
>>>>> is interpreted as commit vote then I vote -0
>>>>> The work is the same and as long as it's been done I'm fine either
>> ways.
>>>>> Now that we did all the 3 weeks of rambling and discussions let's
>> focus
>>> on
>>>>> the important stuff.
>>>>> Where is the code? Who did already work on it? Or do we again have 30
>>>>> people discussing but just 2 working? ;)
>>>>>
>>>>> LieGrue,strub
>>>>>     On Wednesday, 4 April 2018, 01:14:57 CEST, David Blevins <
>>>>> david.blevins@gmail.com> wrote:
>>>>>
>>>>>> On Mar 31, 2018, at 2:16 AM, Romain Manni-Bucau <
>> rmannibucau@gmail.com
>>>>> wrote:
>>>>>> It was more as a "if im always the only one seeing tomee differently
>> i
>>>>> can
>>>>>> leave to let you space". Not as a threat.
>>>>> That's a generous sentiment.  Either way the best outcome is that you
>>> stay
>>>>> and we all learn the lesson that disagreeing is ok and healthy.  How
>> is
>>> the
>>>>> most important part.
>>>>>
>>>>> Disagreement can be an incredibly productive and innovative thing if
>>> done
>>>>> right.  By definition, that means this project is sitting on some
>>>>> incredible innovative potential.
>>>>>
>>>>> A concrete way I think we can measure ourselves is by the number of
>>> people
>>>>> who feel comfortable voting.  I would consider a vote of 20 people
>> that
>>>>> included 3 -1 votes to be significantly more healthy than a vote of 3
>>>>> people and all +1s.
>>>>>
>>>>>> [...]
>>>>>> There is no veto at apache if you check rules closely. All is more
>>> about
>>>>>> respect and overall consensus IIRC.
>>>>> I want to be careful that we don't learn a false lesson as Apache does
>>>>> have technical vetos.  These are more meant for line-of-code level
>>> input vs
>>>>> community direction.
>>>>>
>>>>> The intention of the two votes was to make the line a little more
>> clear.
>>>>> - The first vote "Merge Pull Request 123 - MicroProfile JWT support"
>> was
>>>>> intended to flush out line-of-code level technical issues with the PR:
>>>>> breaks the build; doesn't follow code style; introduces security
>> issues.
>>>>> It's ultimately a Review-than-Commit vote and a -1 should be viewed
>> as a
>>>>> technical veto.
>>>>>
>>>>> - The second vote "Explore creating a reusable JWT Library" was
>> intended
>>>>> to determine overall desire on what the next step should be.  No
>> commit
>>>>> being reviewed, more of a community level discussion.  A -1 should not
>>> be
>>>>> viewed as a veto.
>>>>>
>>>>>
>>>>> -David
>>>>>
>>>>>
>>>

Re: [VOTE] Explore creating a reusable JWT Library

[Jean-Louis Monteiro <jl...@tomitribe.com>]

PCS8 "standard" or not is probably the one to no miss

--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com

On Wed, May 2, 2018 at 6:27 AM, Rudy De Busscher <rd...@gmail.com>
wrote:

> >
> > Primarily what I'd like to do is really nail the public key format
> > manipulation.  I did a huge amount of research in this and would like to
> > come up with an extremely well tested library that can natively read all
> > the dominate file formats PKCS 1 & 5 PEM, JWK{S} and has command-line
> tools
> > for converting between them.
>
>
> That would be super awesome. I have been working on the same thing the past
> month or so.
>
> Rudy
>
> On 2 May 2018 at 00:13, David Blevins <da...@gmail.com> wrote:
>
> > Requested a repo we could potentially use for this.
> >
> > Primarily what I'd like to do is really nail the public key format
> > manipulation.  I did a huge amount of research in this and would like to
> > come up with an extremely well tested library that can natively read all
> > the dominate file formats PKCS 1 & 5 PEM, JWK{S} and has command-line
> tools
> > for converting between them.
> >
> > This could be useful to both the TomEE and Geronimo MicroProfile JWT
> impls.
> >
> >
> > --
> > David Blevins
> > http://twitter.com/dblevins
> > http://www.tomitribe.com
> >
> > > On Apr 4, 2018, at 5:32 AM, Jean-Louis Monteiro <
> > jlmonteiro@tomitribe.com> wrote:
> > >
> > > The code still is in a PR (#123) for the moment
> > >
> > > I'm in to help.
> > > Still some small fixes to do and I'd like MP-Config to be used to
> > configure
> > > keys, issues, and others.
> > >
> > > --
> > > Jean-Louis Monteiro
> > > http://twitter.com/jlouismonteiro
> > > http://www.tomitribe.com
> > >
> > > On Wed, Apr 4, 2018 at 1:06 PM, Mark Struberg
> <struberg@yahoo.de.invalid
> > >
> > > wrote:
> > >
> > >> As noted elsewhere: the vote question was a mixture of 'what do you
> > >> think' (consensus -> majority vote)  and 'is it ok' (technical ->
> > unanimous
> > >> vote).
> > >> I'd also be in favour to do the generic parts in Geronimo and only do
> > the
> > >> integration in TomEE. So yes, in a consensus vote I'd also vote -1. If
> > this
> > >> is interpreted as commit vote then I vote -0
> > >> The work is the same and as long as it's been done I'm fine either
> ways.
> > >> Now that we did all the 3 weeks of rambling and discussions let's
> focus
> > on
> > >> the important stuff.
> > >> Where is the code? Who did already work on it? Or do we again have 30
> > >> people discussing but just 2 working? ;)
> > >>
> > >> LieGrue,strub
> > >>    On Wednesday, 4 April 2018, 01:14:57 CEST, David Blevins <
> > >> david.blevins@gmail.com> wrote:
> > >>
> > >>> On Mar 31, 2018, at 2:16 AM, Romain Manni-Bucau <
> rmannibucau@gmail.com
> > >
> > >> wrote:
> > >>>
> > >>> It was more as a "if im always the only one seeing tomee differently
> i
> > >> can
> > >>> leave to let you space". Not as a threat.
> > >>
> > >> That's a generous sentiment.  Either way the best outcome is that you
> > stay
> > >> and we all learn the lesson that disagreeing is ok and healthy.  How
> is
> > the
> > >> most important part.
> > >>
> > >> Disagreement can be an incredibly productive and innovative thing if
> > done
> > >> right.  By definition, that means this project is sitting on some
> > >> incredible innovative potential.
> > >>
> > >> A concrete way I think we can measure ourselves is by the number of
> > people
> > >> who feel comfortable voting.  I would consider a vote of 20 people
> that
> > >> included 3 -1 votes to be significantly more healthy than a vote of 3
> > >> people and all +1s.
> > >>
> > >>> [...]
> > >>> There is no veto at apache if you check rules closely. All is more
> > about
> > >>> respect and overall consensus IIRC.
> > >>
> > >> I want to be careful that we don't learn a false lesson as Apache does
> > >> have technical vetos.  These are more meant for line-of-code level
> > input vs
> > >> community direction.
> > >>
> > >> The intention of the two votes was to make the line a little more
> clear.
> > >>
> > >> - The first vote "Merge Pull Request 123 - MicroProfile JWT support"
> was
> > >> intended to flush out line-of-code level technical issues with the PR:
> > >> breaks the build; doesn't follow code style; introduces security
> issues.
> > >> It's ultimately a Review-than-Commit vote and a -1 should be viewed
> as a
> > >> technical veto.
> > >>
> > >> - The second vote "Explore creating a reusable JWT Library" was
> intended
> > >> to determine overall desire on what the next step should be.  No
> commit
> > >> being reviewed, more of a community level discussion.  A -1 should not
> > be
> > >> viewed as a veto.
> > >>
> > >>
> > >> -David
> > >>
> > >>
> >
> >
>

Re: [VOTE] Explore creating a reusable JWT Library

[Rudy De Busscher <rd...@gmail.com>]

>
> Primarily what I'd like to do is really nail the public key format
> manipulation.  I did a huge amount of research in this and would like to
> come up with an extremely well tested library that can natively read all
> the dominate file formats PKCS 1 & 5 PEM, JWK{S} and has command-line tools
> for converting between them.


That would be super awesome. I have been working on the same thing the past
month or so.

Rudy

On 2 May 2018 at 00:13, David Blevins <da...@gmail.com> wrote:

> Requested a repo we could potentially use for this.
>
> Primarily what I'd like to do is really nail the public key format
> manipulation.  I did a huge amount of research in this and would like to
> come up with an extremely well tested library that can natively read all
> the dominate file formats PKCS 1 & 5 PEM, JWK{S} and has command-line tools
> for converting between them.
>
> This could be useful to both the TomEE and Geronimo MicroProfile JWT impls.
>
>
> --
> David Blevins
> http://twitter.com/dblevins
> http://www.tomitribe.com
>
> > On Apr 4, 2018, at 5:32 AM, Jean-Louis Monteiro <
> jlmonteiro@tomitribe.com> wrote:
> >
> > The code still is in a PR (#123) for the moment
> >
> > I'm in to help.
> > Still some small fixes to do and I'd like MP-Config to be used to
> configure
> > keys, issues, and others.
> >
> > --
> > Jean-Louis Monteiro
> > http://twitter.com/jlouismonteiro
> > http://www.tomitribe.com
> >
> > On Wed, Apr 4, 2018 at 1:06 PM, Mark Struberg <struberg@yahoo.de.invalid
> >
> > wrote:
> >
> >> As noted elsewhere: the vote question was a mixture of 'what do you
> >> think' (consensus -> majority vote)  and 'is it ok' (technical ->
> unanimous
> >> vote).
> >> I'd also be in favour to do the generic parts in Geronimo and only do
> the
> >> integration in TomEE. So yes, in a consensus vote I'd also vote -1. If
> this
> >> is interpreted as commit vote then I vote -0
> >> The work is the same and as long as it's been done I'm fine either ways.
> >> Now that we did all the 3 weeks of rambling and discussions let's focus
> on
> >> the important stuff.
> >> Where is the code? Who did already work on it? Or do we again have 30
> >> people discussing but just 2 working? ;)
> >>
> >> LieGrue,strub
> >>    On Wednesday, 4 April 2018, 01:14:57 CEST, David Blevins <
> >> david.blevins@gmail.com> wrote:
> >>
> >>> On Mar 31, 2018, at 2:16 AM, Romain Manni-Bucau <rmannibucau@gmail.com
> >
> >> wrote:
> >>>
> >>> It was more as a "if im always the only one seeing tomee differently i
> >> can
> >>> leave to let you space". Not as a threat.
> >>
> >> That's a generous sentiment.  Either way the best outcome is that you
> stay
> >> and we all learn the lesson that disagreeing is ok and healthy.  How is
> the
> >> most important part.
> >>
> >> Disagreement can be an incredibly productive and innovative thing if
> done
> >> right.  By definition, that means this project is sitting on some
> >> incredible innovative potential.
> >>
> >> A concrete way I think we can measure ourselves is by the number of
> people
> >> who feel comfortable voting.  I would consider a vote of 20 people that
> >> included 3 -1 votes to be significantly more healthy than a vote of 3
> >> people and all +1s.
> >>
> >>> [...]
> >>> There is no veto at apache if you check rules closely. All is more
> about
> >>> respect and overall consensus IIRC.
> >>
> >> I want to be careful that we don't learn a false lesson as Apache does
> >> have technical vetos.  These are more meant for line-of-code level
> input vs
> >> community direction.
> >>
> >> The intention of the two votes was to make the line a little more clear.
> >>
> >> - The first vote "Merge Pull Request 123 - MicroProfile JWT support" was
> >> intended to flush out line-of-code level technical issues with the PR:
> >> breaks the build; doesn't follow code style; introduces security issues.
> >> It's ultimately a Review-than-Commit vote and a -1 should be viewed as a
> >> technical veto.
> >>
> >> - The second vote "Explore creating a reusable JWT Library" was intended
> >> to determine overall desire on what the next step should be.  No commit
> >> being reviewed, more of a community level discussion.  A -1 should not
> be
> >> viewed as a veto.
> >>
> >>
> >> -David
> >>
> >>
>
>

Re: [VOTE] Explore creating a reusable JWT Library

[David Blevins <da...@gmail.com>]

Requested a repo we could potentially use for this.

Primarily what I'd like to do is really nail the public key format manipulation.  I did a huge amount of research in this and would like to come up with an extremely well tested library that can natively read all the dominate file formats PKCS 1 & 5 PEM, JWK{S} and has command-line tools for converting between them.

This could be useful to both the TomEE and Geronimo MicroProfile JWT impls.


-- 
David Blevins
http://twitter.com/dblevins
http://www.tomitribe.com

> On Apr 4, 2018, at 5:32 AM, Jean-Louis Monteiro <jl...@tomitribe.com> wrote:
> 
> The code still is in a PR (#123) for the moment
> 
> I'm in to help.
> Still some small fixes to do and I'd like MP-Config to be used to configure
> keys, issues, and others.
> 
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
> 
> On Wed, Apr 4, 2018 at 1:06 PM, Mark Struberg <st...@yahoo.de.invalid>
> wrote:
> 
>> As noted elsewhere: the vote question was a mixture of 'what do you
>> think' (consensus -> majority vote)  and 'is it ok' (technical -> unanimous
>> vote).
>> I'd also be in favour to do the generic parts in Geronimo and only do the
>> integration in TomEE. So yes, in a consensus vote I'd also vote -1. If this
>> is interpreted as commit vote then I vote -0
>> The work is the same and as long as it's been done I'm fine either ways.
>> Now that we did all the 3 weeks of rambling and discussions let's focus on
>> the important stuff.
>> Where is the code? Who did already work on it? Or do we again have 30
>> people discussing but just 2 working? ;)
>> 
>> LieGrue,strub
>>    On Wednesday, 4 April 2018, 01:14:57 CEST, David Blevins <
>> david.blevins@gmail.com> wrote:
>> 
>>> On Mar 31, 2018, at 2:16 AM, Romain Manni-Bucau <rm...@gmail.com>
>> wrote:
>>> 
>>> It was more as a "if im always the only one seeing tomee differently i
>> can
>>> leave to let you space". Not as a threat.
>> 
>> That's a generous sentiment.  Either way the best outcome is that you stay
>> and we all learn the lesson that disagreeing is ok and healthy.  How is the
>> most important part.
>> 
>> Disagreement can be an incredibly productive and innovative thing if done
>> right.  By definition, that means this project is sitting on some
>> incredible innovative potential.
>> 
>> A concrete way I think we can measure ourselves is by the number of people
>> who feel comfortable voting.  I would consider a vote of 20 people that
>> included 3 -1 votes to be significantly more healthy than a vote of 3
>> people and all +1s.
>> 
>>> [...]
>>> There is no veto at apache if you check rules closely. All is more about
>>> respect and overall consensus IIRC.
>> 
>> I want to be careful that we don't learn a false lesson as Apache does
>> have technical vetos.  These are more meant for line-of-code level input vs
>> community direction.
>> 
>> The intention of the two votes was to make the line a little more clear.
>> 
>> - The first vote "Merge Pull Request 123 - MicroProfile JWT support" was
>> intended to flush out line-of-code level technical issues with the PR:
>> breaks the build; doesn't follow code style; introduces security issues.
>> It's ultimately a Review-than-Commit vote and a -1 should be viewed as a
>> technical veto.
>> 
>> - The second vote "Explore creating a reusable JWT Library" was intended
>> to determine overall desire on what the next step should be.  No commit
>> being reviewed, more of a community level discussion.  A -1 should not be
>> viewed as a veto.
>> 
>> 
>> -David
>> 
>> 

Re: [VOTE] Explore creating a reusable JWT Library

[Jean-Louis Monteiro <jl...@tomitribe.com>]

The code still is in a PR (#123) for the moment

I'm in to help.
Still some small fixes to do and I'd like MP-Config to be used to configure
keys, issues, and others.

--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com

On Wed, Apr 4, 2018 at 1:06 PM, Mark Struberg <st...@yahoo.de.invalid>
wrote:

>  As noted elsewhere: the vote question was a mixture of 'what do you
> think' (consensus -> majority vote)  and 'is it ok' (technical -> unanimous
> vote).
> I'd also be in favour to do the generic parts in Geronimo and only do the
> integration in TomEE. So yes, in a consensus vote I'd also vote -1. If this
> is interpreted as commit vote then I vote -0
> The work is the same and as long as it's been done I'm fine either ways.
> Now that we did all the 3 weeks of rambling and discussions let's focus on
> the important stuff.
> Where is the code? Who did already work on it? Or do we again have 30
> people discussing but just 2 working? ;)
>
> LieGrue,strub
>     On Wednesday, 4 April 2018, 01:14:57 CEST, David Blevins <
> david.blevins@gmail.com> wrote:
>
>  > On Mar 31, 2018, at 2:16 AM, Romain Manni-Bucau <rm...@gmail.com>
> wrote:
> >
> > It was more as a "if im always the only one seeing tomee differently i
> can
> > leave to let you space". Not as a threat.
>
> That's a generous sentiment.  Either way the best outcome is that you stay
> and we all learn the lesson that disagreeing is ok and healthy.  How is the
> most important part.
>
> Disagreement can be an incredibly productive and innovative thing if done
> right.  By definition, that means this project is sitting on some
> incredible innovative potential.
>
> A concrete way I think we can measure ourselves is by the number of people
> who feel comfortable voting.  I would consider a vote of 20 people that
> included 3 -1 votes to be significantly more healthy than a vote of 3
> people and all +1s.
>
> > [...]
> > There is no veto at apache if you check rules closely. All is more about
> > respect and overall consensus IIRC.
>
> I want to be careful that we don't learn a false lesson as Apache does
> have technical vetos.  These are more meant for line-of-code level input vs
> community direction.
>
> The intention of the two votes was to make the line a little more clear.
>
>  - The first vote "Merge Pull Request 123 - MicroProfile JWT support" was
> intended to flush out line-of-code level technical issues with the PR:
> breaks the build; doesn't follow code style; introduces security issues.
> It's ultimately a Review-than-Commit vote and a -1 should be viewed as a
> technical veto.
>
>  - The second vote "Explore creating a reusable JWT Library" was intended
> to determine overall desire on what the next step should be.  No commit
> being reviewed, more of a community level discussion.  A -1 should not be
> viewed as a veto.
>
>
> -David
>
>

Re: [VOTE] Explore creating a reusable JWT Library

[Mark Struberg <st...@yahoo.de.INVALID>]

 As noted elsewhere: the vote question was a mixture of 'what do you think' (consensus -> majority vote)  and 'is it ok' (technical -> unanimous vote). 
I'd also be in favour to do the generic parts in Geronimo and only do the integration in TomEE. So yes, in a consensus vote I'd also vote -1. If this is interpreted as commit vote then I vote -0
The work is the same and as long as it's been done I'm fine either ways. Now that we did all the 3 weeks of rambling and discussions let's focus on the important stuff. 
Where is the code? Who did already work on it? Or do we again have 30 people discussing but just 2 working? ;)

LieGrue,strub
    On Wednesday, 4 April 2018, 01:14:57 CEST, David Blevins <da...@gmail.com> wrote:  
 
 > On Mar 31, 2018, at 2:16 AM, Romain Manni-Bucau <rm...@gmail.com> wrote:
> 
> It was more as a "if im always the only one seeing tomee differently i can
> leave to let you space". Not as a threat.

That's a generous sentiment.  Either way the best outcome is that you stay and we all learn the lesson that disagreeing is ok and healthy.  How is the most important part.

Disagreement can be an incredibly productive and innovative thing if done right.  By definition, that means this project is sitting on some incredible innovative potential.

A concrete way I think we can measure ourselves is by the number of people who feel comfortable voting.  I would consider a vote of 20 people that included 3 -1 votes to be significantly more healthy than a vote of 3 people and all +1s.

> [...]
> There is no veto at apache if you check rules closely. All is more about
> respect and overall consensus IIRC.

I want to be careful that we don't learn a false lesson as Apache does have technical vetos.  These are more meant for line-of-code level input vs community direction.

The intention of the two votes was to make the line a little more clear.

 - The first vote "Merge Pull Request 123 - MicroProfile JWT support" was intended to flush out line-of-code level technical issues with the PR: breaks the build; doesn't follow code style; introduces security issues.  It's ultimately a Review-than-Commit vote and a -1 should be viewed as a technical veto.

 - The second vote "Explore creating a reusable JWT Library" was intended to determine overall desire on what the next step should be.  No commit being reviewed, more of a community level discussion.  A -1 should not be viewed as a veto.


-David