Re: [technology-pmc] Request review of Eclipse MicroProfile 1.2

[Wayne Beaton <wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx>]

Hi Gunnar. My apologies. I discussed this scenario with the project team. I should have given the PMC a heads up that this was happening.

There is a subtlety in the EDP that permits a project to include a subset of the project code in a release. Originally, this was changed to allow for projects to avoid including sandbox code in releases (the original EDP explicitly required that releases include all project code). If you combine this with the ability to name a release however you choose, you can release a project in parts as de facto components.

FWIW, the Eclipse Virgo project was the first to do this by separating their runtime and tools into separate releases. This is, obviously, a corner case that we don't encounter very often. 

I have cautioned the Eclipse Microprofile team of my concern that they take the necessary steps to avoid confusing their community. I'm a bit surprised to see so many different components releasing separately on the same day (or within a day). This seems like a lot more work than, say, having a single release with a description of the various components that are included, but I'll defer to the project team.

Since this is a corner case, the documentation may be a bit confusing.

For one, Kevin, keep in mind that the the IP Log Review is intended as a checkpoint to ensure that IP is being properly tracked, rather than an itemized manifest of what's included in the release. Last minute additions of CQs or contributions do not generally require that an IP Log be resubmitted. 

Also, bear in mind that the IP Log is for the entire project, so it should be the exact same for each de facto component release; one IP Log review request is sufficient when you're doing multiple component releases within a few days of each other. There is no magic number regarding the number of days that an IP Log is valid leading up to a release; so we need to use some judgement here.

Further, since the project is trying to release five separate components at the same time, it should be sufficient to send a single note to the PMC for approval.

AFAICT, the Eclipse MicroProfile Project requires PMC approval to separately release five components.

Health Metrics 1.0

JWT Propagation 1.0

Fault Tolerance 1.0

Config 1.1

Health Check 1.0

Kevin, do any of these releases include cryptography?

It appears that Eclipse MicroProfile Health Check is designated as "Type B" Due Diligence; is this intentional? If it is intentional, can you verify that all of the third-party content used by that component has been approved as Type B?

Thanks,

Wayne

On Thu, Aug 31, 2017 at 11:10 AM, Kevin Sutter <kwsutter@xxxxxxxxx> wrote:

You are absolutely correct, Gunnar.  In my limited view, MicroProfile is top-level project, but not from an Eclipse viewpoint.  :-)  Fully understand that, I should have been clearer.  Thanks.

Kevin

On Thu, Aug 31, 2017 at 7:47 AM, Gunnar Wagenknecht <gunnar@xxxxxxxxxxxxxxx> wrote:

Hi Kevin,

The Eclipse Development Process neither does define components nor partial releases with a project. However, you are free to organize the artifacts your project makes available as downloads in any way that best suites your project and community. From a process point of view, all these artifacts are released together in one release. This avoid unnecessary work - there is only one IP log and one review for the release no matter how many artifacts your project makes available.

FWIW, MicroProfile is not a top-level project. It is a project *within* the Technology top-level project. For example, there is only one single committer group and one project lead. That's much easier to handle than nested projects. There were nested projects in the past but this is a lot administrative overhead. Most projects migrated away into a flat structure.

HTH,
Gunnar

--
Gunnar Wagenknecht
gunnar@xxxxxxxxxxxxxxx, http://guw.io/

> On Aug 31, 2017, at 13:11, Kevin Sutter <kwsutter@xxxxxxxxx> wrote:
>
> Thanks, Gunnar!
>
> But, our project actually produces multiple releases.  We have component releases and we have the overall project release.  Are you indicating that if the overall project release includes all of the proposed component releases, then I only need to request a pmc review of the top level microprofile project? That would simplify our bookkeeping.
>
> Thanks, Kevin
>
> On Aug 31, 2017 02:11, "Gunnar Wagenknecht" <gunnar@xxxxxxxxxxxxxxx> wrote:
> Kevin,
>
> There is only one review as the project performs only one release. There is need to create release records for individual components of a project.
>
> +1 for MicroProfile 1.2
>
> -Gunnar
>
> --
> Gunnar Wagenknecht
> gunnar@xxxxxxxxxxxxxxx, http://guw.io/
>
>
>
>
>
>
> > On Aug 31, 2017, at 04:20, Kevin Sutter <kwsutter@xxxxxxxxx> wrote:
> >
> > Hi PMC,
> > We are in the process of doing the IP review for the next MicroProfile 1.2 release:
> >
> > https://projects.eclipse.org/projects/technology.microprofile/releases/1.2
> >
> > A review from the PMC would be appreciated.
> >
> > Thanks,
> > Kevin Sutter
> > Project Lead for Eclipse MicroProfile project
> > _______________________________________________
> > technology-pmc mailing list
> > technology-pmc@xxxxxxxxxxx
> > To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> > https://dev.eclipse.org/mailman/listinfo/technology-pmc
>
>

_______________________________________________
technology-pmc mailing list
technology-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/technology-pmc

--

Wayne Beaton

Director of Open Source Projects

The Eclipse Foundation