Vote: "Movement back" Re: Objection on movement from xml-security to ws-security

[Christian Geuer-Pollmann <ge...@nue.et-inf.uni-siegen.de>]

--On Mittwoch, 29. Januar 2003 17:57 +1100 berin@ozemail.com.au wrote:

>> FYI, Here's the email that was sent to all concerned projects
>> (http://marc.theaimsgroup.com/?l=xml-apache-general&m=104316088830105&w=
>> 2)
> 
> I think the big problem here is that this came
> out a week ago, and a few days later the whole
> thing was signed and delivered with no "OK" vote
> from the security-dev project.  (Might have been
> nice to have some discussion just within sec-dev.)
> 
> Be that as it may - is there something somewhere
> that describes the charter of each project (XML
> and WS)?  The resolution that is referenced above
> says something, but not much.
> 
> Also, assuming the decision is made to bring
> back to XML (which appears the most sensible),
> what does that mean for the current refactoring
> of the XML project?  Should the security-dev 
> group be voting someone/some people in to 
> represent on the PMC?
> 
> Cheers,
>     Berin


You're right. I must admit that I was sleeping when I saw Sam's mail on
"RESOLVED, that WS ... is tasked with the migration of the XML Security".
In all discussions and votes I've seen on general@xml and xerces-dev@xml
and whereever else, there was always this "I say +1" voting scheme. I and
no other of the two existing committers of XML-Security in fact did any
vote. I did not trigger any discussion on security-dev as I did not
understand that this involved a movement into a new sub project. 

So there was no vote from the committers to move it from xml.apache.org to
ws.apache.org. 

There must be a vote to move it back. If this really is the procedure, OK...

Hereby, Axl and Erwin, I officially ask you on your opinion whether we
should make the request to the board to bring back XML-Security from
ws.apache.org to xml.apache.org.

geuerp: +1

Kind regards,
Christian

Re: Vote: "Movement back" Re: Objection on movement from xml-security to ws-security

[Axl Mattheus <ax...@sun.com>]

Christian Geuer-Pollmann wrote:

>--On Mittwoch, 29. Januar 2003 17:57 +1100 berin@ozemail.com.au wrote:
>
>  
>
>>>FYI, Here's the email that was sent to all concerned projects
>>>(http://marc.theaimsgroup.com/?l=xml-apache-general&m=104316088830105&w=
>>>2)
>>>      
>>>
>>I think the big problem here is that this came
>>out a week ago, and a few days later the whole
>>thing was signed and delivered with no "OK" vote
>>from the security-dev project.  (Might have been
>>nice to have some discussion just within sec-dev.)
>>
>>Be that as it may - is there something somewhere
>>that describes the charter of each project (XML
>>and WS)?  The resolution that is referenced above
>>says something, but not much.
>>
>>Also, assuming the decision is made to bring
>>back to XML (which appears the most sensible),
>>what does that mean for the current refactoring
>>of the XML project?  Should the security-dev 
>>group be voting someone/some people in to 
>>represent on the PMC?
>>
>>Cheers,
>>    Berin
>>    
>>
>
>
>You're right. I must admit that I was sleeping when I saw Sam's mail on
>"RESOLVED, that WS ... is tasked with the migration of the XML Security".
>In all discussions and votes I've seen on general@xml and xerces-dev@xml
>and whereever else, there was always this "I say +1" voting scheme. I and
>no other of the two existing committers of XML-Security in fact did any
>vote. I did not trigger any discussion on security-dev as I did not
>understand that this involved a movement into a new sub project.
>
Yip, your not the only one cauhgt napping.

>
>So there was no vote from the committers to move it from xml.apache.org to
>ws.apache.org. 
>
>There must be a vote to move it back. If this really is the procedure, OK...
>
>Hereby, Axl and Erwin, I officially ask you on your opinion whether we
>should make the request to the board to bring back XML-Security from
>ws.apache.org to xml.apache.org.
>
As far as I can gather from the "use ours 'cause it is better - speak" 
on the websites of the major Java component pushers (Sun, IBM, Oracle, 
...), none of them ships XML DSig and XMLEnc with their "Web Services - 
do it all toolkits". I might be wrong, I just scanned the web pages. I 
guess it does make sense to keep Web Services and XML Security apart. It 
may also be a good thing. XML Digital SIgnatures and XML Encryption will 
most propably be used in terms of Web Services more that in any other 
use case.

>
>geuerp: +1
>
axlm: +1 - Because I don't have a clear opinion yet.

>
>Kind regards,
>Christian
>
>
>
>  
>

Re: Vote-o-mania for xml-security

[Christian Geuer-Pollmann <ge...@nue.et-inf.uni-siegen.de>]

--On Donnerstag, 30. Januar 2003 21:08 +1100 Berin Lautenbach
<be...@ozemail.com.au> wrote:

>> As long as it is seperated enough from the Java distribution:
>> vdkoogh +1
> Which raises a really good point.
> 
> My initial thinking was to create a "c" subdirectory from the main CVS
> for _anything_ related to the C++ version.  Fits in with the convention
> already used for Xalan.  Anything not in "c" relates to the Java project.
> That way there is a clear separation between the two code-bases.
> Distributions would be done separately as well.
> 
> OK?

This means that we do not touch the current directory structure but only
add a c/ directory? Sounds good and easy. 

Another way (a little bit more work) would be something like

./docs/
./c/
./java/
./README.txt
./index.html

> Second question - the Apache license header used in the Java version
> includes some riders around original contributions from the WebSig
> project.  Strictly speaking that's not relevant to the C++ version, but I
> think it better to keep a single license header accross all the source.
> (Also I have every intention of every now and then taking pieces from the
> Java version where appropriate :> - I haven't up until now but....).
> 
> Sound OK?

No problem.

Kind regards,
Christian

Re: Vote-o-mania for xml-security

[Berin Lautenbach <be...@ozemail.com.au>]

Erwin van der Koogh wrote:

>>from the incubator process <http://incubator.apache.org/process.html>, the
>>C/C++ impl. does not necessarily have to be moved to the incubator, I guess
>>the same applies to the encryption code from Axl.
>>
>>(1) I hereby vote to include the C/C++ code into the Apache XML-Security
>>project.
>>
>>geuerp: +1
>>    
>>
>As long as it is seperated enough from the Java distribution:
>vdkoogh +1
>  
>

Which raises a really good point.

My initial thinking was to create a "c" subdirectory from the main CVS 
for _anything_ related to the C++ version.  Fits in with the convention 
already used for Xalan.  Anything not in "c" relates to the Java 
project.  That way there is a clear separation between the two 
code-bases.  Distributions would be done separately as well.

OK?

Second question - the Apache license header used in the Java version 
includes some riders around original contributions from the WebSig 
project.  Strictly speaking that's not relevant to the C++ version, but 
I think it better to keep a single license header accross all the 
source.  (Also I have every intention of every now and then taking 
pieces from the Java version where appropriate :> - I haven't up until 
now but....).

Sound OK?

Cheers,
    Berin

Re: Vote-o-mania for xml-security

[Erwin van der Koogh <vd...@apache.org>]

> from the incubator process <http://incubator.apache.org/process.html>, the
> C/C++ impl. does not necessarily have to be moved to the incubator, I guess
> the same applies to the encryption code from Axl.
> 
> (1) I hereby vote to include the C/C++ code into the Apache XML-Security
> project.
> 
> geuerp: +1
As long as it is seperated enough from the Java distribution:
vdkoogh +1

> (2) I hereby nominate Berin Lautenbach <be...@ozemail.com.au> as committer
> #4 to the XML-Security project to be responsible to the C/C++ code he has
> written.
> 
> geuerp: +1
vdkoogh +1

> (3) I hereby vote to include the Encryption code into the Apache
> XML-Security project.

> geuerp: +1
vdkoogh: +1

Erwin

Vote-o-mania for xml-security

[Christian Geuer-Pollmann <ge...@nue.et-inf.uni-siegen.de>]

OK, 

from the incubator process <http://incubator.apache.org/process.html>, the
C/C++ impl. does not necessarily have to be moved to the incubator, I guess
the same applies to the encryption code from Axl.

(1) I hereby vote to include the C/C++ code into the Apache XML-Security
project.

geuerp: +1

(2) I hereby nominate Berin Lautenbach <be...@ozemail.com.au> as committer
#4 to the XML-Security project to be responsible to the C/C++ code he has
written.

geuerp: +1

(3) I hereby vote to include the Encryption code into the Apache
XML-Security project.

geuerp: +1


Kind regards,
Christian




--On Mittwoch, 29. Januar 2003 09:59 +0100 Christian Geuer-Pollmann
<ge...@nue.et-inf.uni-siegen.de> wrote:

> Hi Berin,
> 
> what's the status of the C/C++ code? As I understood, you're signed the
> contributor agreement with the ASF. What happens with the code now? Does
> it go into the incubator or into xml-security or what are the next steps?
> 
> If it goes into xml-security, I have to nominate you as committer asap.
> 
> Kind regards,
> Christian

C/C++ Security implementation

[Christian Geuer-Pollmann <ge...@nue.et-inf.uni-siegen.de>]

Hi Berin,

what's the status of the C/C++ code? As I understood, you're signed the
contributor agreement with the ASF. What happens with the code now? Does it
go into the incubator or into xml-security or what are the next steps?

If it goes into xml-security, I have to nominate you as committer asap.

Kind regards,
Christian

Re: Vote: "Movement back" Re: Objection on movement from xml-security to ws-security

[Berin Lautenbach <be...@ozemail.com.au>]

For what it's worth - I'm of the same opinion - should sit with XML.

Cheers,
    Berin


Christian Geuer-Pollmann wrote:

>--On Mittwoch, 29. Januar 2003 17:57 +1100 berin@ozemail.com.au wrote:
>
>  
>
>>>FYI, Here's the email that was sent to all concerned projects
>>>(http://marc.theaimsgroup.com/?l=xml-apache-general&m=104316088830105&w=
>>>2)
>>>      
>>>
>>I think the big problem here is that this came
>>out a week ago, and a few days later the whole
>>thing was signed and delivered with no "OK" vote
>>from the security-dev project.  (Might have been
>>nice to have some discussion just within sec-dev.)
>>
>>Be that as it may - is there something somewhere
>>that describes the charter of each project (XML
>>and WS)?  The resolution that is referenced above
>>says something, but not much.
>>
>>Also, assuming the decision is made to bring
>>back to XML (which appears the most sensible),
>>what does that mean for the current refactoring
>>of the XML project?  Should the security-dev 
>>group be voting someone/some people in to 
>>represent on the PMC?
>>
>>Cheers,
>>    Berin
>>    
>>
>
>
>You're right. I must admit that I was sleeping when I saw Sam's mail on
>"RESOLVED, that WS ... is tasked with the migration of the XML Security".
>In all discussions and votes I've seen on general@xml and xerces-dev@xml
>and whereever else, there was always this "I say +1" voting scheme. I and
>no other of the two existing committers of XML-Security in fact did any
>vote. I did not trigger any discussion on security-dev as I did not
>understand that this involved a movement into a new sub project. 
>
>So there was no vote from the committers to move it from xml.apache.org to
>ws.apache.org. 
>
>There must be a vote to move it back. If this really is the procedure, OK...
>
>Hereby, Axl and Erwin, I officially ask you on your opinion whether we
>should make the request to the board to bring back XML-Security from
>ws.apache.org to xml.apache.org.
>
>geuerp: +1
>
>Kind regards,
>Christian
>
>
>
>  
>

Re: Vote: "Movement back" Re: Objection on movement from xml-security to ws-security

[Erwin van der Koogh <er...@koogh.com>]

> You're right. I must admit that I was sleeping when I saw Sam's mail on
> "RESOLVED, that WS ... is tasked with the migration of the XML Security".
> In all discussions and votes I've seen on general@xml and xerces-dev@xml
> and whereever else, there was always this "I say +1" voting scheme. I and
> no other of the two existing committers of XML-Security in fact did any
> vote. I did not trigger any discussion on security-dev as I did not
> understand that this involved a movement into a new sub project. 

I just started a new job and have only been skimming apache mails for about a
week and it turned out to be resolved :)

> So there was no vote from the committers to move it from xml.apache.org to
> ws.apache.org. 
> 
> There must be a vote to move it back. If this really is the procedure, OK...
> 
> Hereby, Axl and Erwin, I officially ask you on your opinion whether we
> should make the request to the board to bring back XML-Security from
> ws.apache.org to xml.apache.org.

It makes almost as much sense to move this to a WS project as it does moving
Xalan and Xerces, so I would vote against the move to WS and for a move back to
XML.

> geuerp: +1
vdkoogh +1