Will,
Thanks a lot for the message and outlining proposed changes.
Right now, the 3 owners of the Github organization are David Blevins (he
has not been very active here for some time), Arjan and Alex, so either of
them should be able to help you or add you with the necessary credentials
(ideally make you owner)
https://github.com/orgs/javaee-security-spec/teams
shows there is a single team with everyone in it at the moment.
At least 2 or 3 teams seem advisable. One for EG members. If those with
admin rights can also be handled via a team (I remember we did in JSR 354
or 363) it seems a good idea to have an admin team.
Whether additional teams e.g. for the RI makes sense, hard to say. If there
are those who are not in the EG but say signed the OCA, it could help to
have a group/team for these participants, too. Most others probably would
work via PR and judgement by those with push/merge rights.
I am happy to help e.g. via the admin team/role, given I did that for a few
other JSRs, 354, 363 or to some extent also more recently when Dmitry took
the Spec Lead role of JSR 374.
Btw. maybe since at least EG Members Ivar, myself and David (Tomitribe)
should be in London at the EC F2F on Jan 10/11 we could also do a conf call
with Will, Alex or others (e.g. Ed) during that meeting?
Kind Regards,
Werner
On Mon, Dec 19, 2016 at 10:03 PM, Will Hopkins <will.hopkins_at_oracle.com>
wrote:
> Experts,
>
> I'd like to run some proposed changes to the GitHub organization and
> repositories by you all, to get your feedback.
>
> At the moment, the Source of Truth for the spec-api repository is java.net,
> and the repository is mirrored read-only to GitHub. The SoT for soteria is
> at GitHub, and it does not appear at all on java.net. This makes it
> confusing to know where to submit changes, and permissions on spec-api are
> not open for all EG members at the moment (although that can be fixed).
> Java.net is also slower and more difficult to use than GitHub.
>
> As spec lead, I need to be able to manage what is submitted to both spec
> and code repositories, and to ensure that all contributions are made by
> people who have signed the appropriate agreements. This is both to ensure
> that submissions are appropriate and to avoid any licensing issues with IP
> submitted to our repositories.
>
> I would like to propose some changes to the repositories to make the
> processes easier and more consistent across the board:
>
> - Split the spec, API, and RI out into separate repositories.
>
>
> - Make GitHub the SoT for those repositories, but mirror them to
> java.net.
>
>
> - Reset permissions on the GitHub organization and repositories such
> that:
>
>
> - Organization admins are myself, and, for fail-safe, one other person
> (perhaps Ivar or Werner, since they are EC members, or Ed Bratt, who's
> heavily involved with the JCP process and manages, among other things, the
> Glassfish project).
>
>
> - One, or perhaps two, owner/admins for each repository, who review
> and approve submissions. I would suggest myself for the spec repository,
> and an additional person -- perhaps Arjan? -- for code. The important thing
> is to ensure we can control what is checked in, without making the process
> too onerous.
>
> So, any thoughts? Does this seem reasonable?
>
> Thanks,
>
> Will
>
> --
> Will Hopkins | Platform Security Architect | +1.781.442.0310 <+1%20781-442-0310>
> Oracle Cloud Application Foundation
> 35 Network Drive, Burlington, MA 01803
>
>