Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse-ide-wg] Mitigating Risk...

Hi,

I wanted to share the following content and insights that Scott Lewis posted on the cross-projects mailing list recently that are directly relevant to the activities and focus of the working group.

Scott is the key driver behind the Eclipse Communications Framework (ECF) project which is used even by the Platform project:

https://projects.eclipse.org/projects/rt.ecf/who

Below is what he shared.  Thanks Scott for sharing and for keeping ECF current and relevant!

Regards,
Ed


Hi Simrel folks,

As the lead of long-time participant project (ECF), I've personally experienced (as well as watched in horror) the problem of diminishing maintenance resources that now seems endemic to simrel projects and to the simrel itself.

I heard that yesterday there was a meeting at the White House about fears of the 'next log4j' [1].

Today I read this story [2] about Google and IBM suggesting a 'critical projects list' as a step toward (reportedly) a better model (read $) for ongoing maintenance of 'critical projects'.

My first thought:   Where is Eclipse, EF, simrel and supporting projects wrt this/these efforts?  Of course everyone thinks of their own project as 'essential' , but more broadly I would be much more comfortable if the choices wrt 'criticality' and what is/is not 'infrastructure' were made based upon a clear representation of consumer needs.   It seems from the zdnet reporting (which may not be accurate of course) that mostly corporate and commercial concerns wrt open source maintenance are currently being identified.

I just wanted to raise this among the projects participating in the simrel.   I'm not sure how any of this is going to be approached, but am hoping that the simrel project leads and teams can find a way to participate in these efforts, as I think there is a huge amount of knowledge and experience here about open source maintenance via transparency, successful, scalable, community collaboration.

Scott

[1] https://www.zdnet.com/article/after-log4j-white-house-worries-about-the-next-big-open-source-flaw/

[2] https://www.zdnet.com/article/log4j-after-white-house-meeting-google-calls-for-list-of-critical-open-source-projects/

And this follow up thought:

Another thought

https://www.zdnet.com/article/for-security-alone-we-could-try-paying-open-source-projects-properly/




Back to the top