Re: [microprofile-wg] [BALLOT][PLAN REVIEW]MicroProfile 7.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [microprofile-wg] [BALLOT][PLAN REVIEW]MicroProfile 7.0 - Voting ends April 1st

From: Jan Westerkamp <jan.westerkamp@xxxxxxx>
Date: Sun, 31 Mar 2024 23:17:28 +0200
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ijug.eu; dmarc=pass action=none header.from=ijug.eu; dkim=pass header.d=ijug.eu; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=C6hdMrpAchzpAl2OILbzjjg0gSnYSXQQiXYnSuulTXU=; b=CKC9MD0WNueaieNzTqHz3ZTw2iZkV8nJiCC6GukfLbfJAjDBnfs41XgQfjjeOmBWJoIvkBDI+ci3I5irtBkp6Tqwtj8YwGQ6MWUh+1dC+XsEjuHytjJUGE0eh6gt32xm+xK883f+riusfORGYKAG1Gl28ZB5d9Blrw2IeUohwvTIY68vJEqVb+3W8GPHUz5gV1xePPsIUk2M+rWyP2DRs1USF9b8E25TVgL2uxYX0WejcU13RWdeJoHN4KTPhDv9U490WyoI7ZSU1YBLU/bCZl1RgqQ2ZLw6rCDXlevrZsH4qeqTyaCdbwB5vjgyuPEUI9oqeZoOC4u02fOyGTYXjg==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DsM4eZ1RvAiOX63PZoJcGE1Oq0q+DVESgcYHXIA5yPItlKRXNPXtMwyhnb7p0kGiH/vVaMXA3cGGXKnRRi1NYldZ5tvQPxEo4YboU9AwhKz8WnHEjRnkaCXpdFJGLxE6+syeb4rHBAWIUT0PnsnGWgPeAU4g+x0HTwi1dBW94uisYbxShsIujFxv3SuaukaAi13GdjBDTdnjjZJYfPJUmLPmmmz8sgbbcFRsl2wVdbRUtebIjxZCtkkIj9FvdrVszOrI03iu6K5glhf8y2/A79rOSi1V8Z3v558q9rXlbuCameeyFwv9gxc/9MXJsBkUT6IS+mumJERQ+omntEF6Mg==
Delivered-to: microprofile-wg@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/microprofile-wg/>
List-help: <mailto:microprofile-wg-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/microprofile-wg>, <mailto:microprofile-wg-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/microprofile-wg>, <mailto:microprofile-wg-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla Thunderbird

-1 (iJUG)

Why:

Doing a release for MP 7.0, that is not only based on Jakarta EE 10 CoreProfile and instead based on Jakarta EE 9.1, is a bad design, asdependencies are outdated, will require a newer environment or try to be"compatible" with multiple environments that contain breaking changes,which will result in an unclean dependency tree and preventing testingagainst correct environment.

Loosely coupling things might sound well on the first view, as this issoftware architecture best practice, but in fact MP depends on JakartaEE! Weakening these dependencies (instead of managing it) opens the doorfor randomness, which is the exact opposite of the intention of aspecification. Not depending on something not required is good,depending on a wide range of required things is bad and wishful thinkingonly - specially regarding the next points: security and maintenance.

The fact, that (for a long time) known CVEs not patched in this umbrellaspec release MP component specs - by intention - is really severe!

With this release plan security is a non-goal!

Current users of MicroProfile plan to continue/use it for seriousprojects, may be also in critical infrastructure. You might have heardabout recent EU regulations (NIS2, CRA), that raises the bar regardingsecurity requirements and liability. There are some exceptions for OpenSource projects and foundations, but not for somebody who wants to dobusiness with it.

With this in mind and representing a user organisation view, I only canvote against it.


Best,

Jan

Am 25.03.24 um 21:34 schrieb Emerson Castaneda via microprofile-wg:

To approve and ratify the Plan Review of the MicroProfile 7.0Specification, a Steering Committee Representatives vote is requested.Please respond with +1 (positive), 0 (abstain), or -1 (reject). Anyfeedback that you can provide to support your vote will be appreciated.
The MicroProfile Specification Process requires the SpecificationCommittee and the Community to provide feedback during the approvalprocess using the relevant documents:
https://github.com/microprofile/microprofile-wg/pull/238
This ballot runs for seven days, so it ends on April 1st, 2024. Theballot requires a Super-majority positive vote of the SteeringCommittee members. There is no veto. Community input and Communityvotes are welcomed. However, only the votes delivered by SteeringCommittee Representatives will be counted.
--
Thank you
Emerson Castaneda on behalf of MicroProfile Steering Committee

_______________________________________________
microprofile-wg mailing list
microprofile-wg@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/microprofile-wg

References:
- [microprofile-wg] [BALLOT][PLAN REVIEW]MicroProfile 7.0 - Voting ends April 1st
  - From: Emerson Castaneda

Prev by Date: [microprofile-wg] [BALLOT COMPLETE] [MicroProfile OpenAPI 4.0] Plan Review
Next by Date: Re: [microprofile-wg] [BALLOT][PLAN REVIEW]MicroProfile 7.0 - Voting ends April 1st
Previous by thread: Re: [microprofile-wg] [BALLOT][PLAN REVIEW]MicroProfile 7.0 - Voting ends April 1st
Next by thread: Re: [microprofile-wg] [BALLOT][PLAN REVIEW]MicroProfile 7.0 - Voting ends April 1st
Index(es):
- Date
- Thread

Breadcrumbs