(09:26:39) alefebvr: Hello
(09:26:54) gsauthier: Hi alefebvr
(09:26:58) alefebvr: :-)
(09:27:33) alefebvr: alefebvr must apologize for not having typed the 9 March meeting minutes :-(
(09:28:17) alefebvr: hello Guest4509
(09:28:29) gsauthier: So this time I'll try to do the minutes :)
(09:28:38) alefebvr: *er* who are you Guest4509 ?
(09:29:04) Guest4509 est désormais connu sous le nom de clementescoffier
(09:29:10) clementescoffier: hello
(09:29:12) alefebvr: that's better Cl?ment !
(09:29:46) gsauthier: clementescoffier: Hi
(09:29:48) clementescoffier: sorry... it took me a while before figuring how to change my name ...
(09:29:55) gsauthier: hehe
(09:30:41) esdaniel: good morning Clement, congrats again on making maturity
(09:31:56) gsauthier: Christophe just told me that he will be unable to connect (3G key issue)
(09:33:02) gsauthier: So at least, we should wait for Sebastien Andre and Rafael Marins
(09:33:33) gsauthier: And esdaniel :) he probably have some words to say on security
(09:33:43) gsauthier: Hi JeremyC
(09:33:47) JeremyC: Hi all
(09:34:16) clementescoffier: thanks esdaniel !
(09:34:31) gsauthier: Do you want to start now, or can we wait for 5 additional minutes ?
(09:36:13) gsauthier: Hi esdaniel, I didn't see you :)
(09:36:19) alefebvr: just sent a reminder on the list
(09:36:37) esdaniel: Hi gsauthier, keeping a low profile :-p
(09:36:38) gsauthier: Me too, but just for rafael and seb
(09:36:47) gsauthier: :)
(09:38:55) alefebvr: "j'attendra, le jour et la nuit, j'attendrai toujours ton retour" :-)
(09:40:04) gsauthier: OK, maybe we can just start now ?
(09:40:10) alefebvr: S?bastien says he cannot connect...
(09:40:25) gsauthier: there will be the transcript for the people joining later
(09:40:58) esdaniel: hmm, alefebvr - is he logged into Freenode then?  If so he might need to register his nickname
(09:41:14) esdaniel: http://www.ehow.com/how_2252158_reserve-irc-nickname-nickserv.html
(09:41:25) gsauthier: Maybe he can just do like clement and use the web interface
(09:41:42) gsauthier: clementescoffier: you do not have any registered nicknames?
(09:42:22) alefebvr: just sent him e-mail telling him to try the web interface
(09:42:34) esdaniel: of course he also needs to use the key/password as well
(09:42:37) alefebvr: salut S?bastien !
(09:42:39) gsauthier: Hi contrail
(09:42:41) gsauthier: :)
(09:42:41) contrail: hello
(09:42:48) contrail: c'etait pas facile ;)
(09:42:53) clementescoffier: gsauthier: no I don't
(09:43:02) clementescoffier: after 30s it change my name to Guestxxx
(09:43:11) clementescoffier: and then I just used /nick new_name
(09:43:20) gsauthier: :)
(09:43:37) gsauthier: OK let's start
(09:43:56) alefebvr: so, agenda ?
(09:44:12) alefebvr: Proposed agenda:
(09:44:12) alefebvr: * Infrastructure (git status, ...)
(09:44:12) alefebvr: * New projects
(09:44:12) alefebvr: * Graduations
(09:44:12) alefebvr: * Mentors
(09:44:27) gsauthier: * SQuAT / Security
(09:44:31) alefebvr: yes
(09:44:40) alefebvr: let's start with Infrastructure.
(09:44:49) gsauthier: * Proposal from French security hacker community via Philippe Langlois 
(09:44:59) gsauthier: JeremyC: what the news ?
(09:45:13) alefebvr: what is the status of Gitorious ?
(09:45:20) alefebvr: I think it is operational, right ?
(09:45:32) JeremyC: currently in progress :
(09:45:39) JeremyC: gitorious over http
(09:45:39) clementescoffier: well, operational is maybe too much
(09:45:53) clementescoffier: I've a couple of issues with the wiki part (cannot delete pages)
(09:46:00) clementescoffier: but the git supprot works
(09:46:24) JeremyC: still doesn't work (always have the remote HEAD refers to nonexistent ref, unable to checkout. error)
(09:46:31) JeremyC: (by http)
(09:46:33) gsauthier: Yes, I've started with the OW2 POM and I can use it without issues
(09:47:24) gsauthier: JeremyC is currently working to have git repositories available throught HTTP (in addition to git:// and ssh://)
(09:47:28) alefebvr: clement: "issues with the wiki part" -> wiki of what?
(09:47:53) JeremyC: there is a wiki by project in gitorious
(09:47:54) clementescoffier: gitorious allows opening wikis for projects
(09:48:07) clementescoffier: but the wiki support is quite 'new' and instable
(09:49:24) gsauthier: Maybe we can disable wikis in gitorious ?
(09:49:42) alefebvr: since we have other wikis (otherwise, that will yet again multiply wikis...)
(09:49:47) clementescoffier: at least advertise that they should not really rely on them...
(09:49:56) gsauthier: clementescoffier: Sure
(09:50:03) alefebvr: good
(09:50:52) gsauthier: Maybe this is something to add tohttp://www.ow2.org/view/ITInfrastructure/Gitorious
(09:50:54) alefebvr: what are your perspectives Jeremy for the http support ?
(09:50:55) JeremyC: wiki is optional, gitorious ask at project creation if we want a wiki for this project
(09:51:29) alefebvr: (I mean when do you think it should be working, do you have hope that it will work on day?)
(09:51:40) alefebvr: one day (I need a new keyboard)
(09:52:15) JeremyC: yes, it will work
(09:52:35) JeremyC: I will try tomake it work next week
(09:52:55) gsauthier: goo
(09:52:58) gsauthier: good
(09:53:01) gsauthier: (me too)
(09:53:41) gsauthier: Continuing about wikis ...
(09:53:55) gsauthier: XWikis of the projects ?
(09:54:27) alefebvr: Hello Denis
(09:54:28) clementescoffier: right, chameleon would like to switch to a new version of xwiki
(09:54:32) JeremyC: currently test migration with 3 projects : Jonas, Easybeans and Jasmine
(09:54:50) gsauthier: everybody would like to upgrade to new xwikis :)
(09:54:57) alefebvr: we were discussing Gitorious status (works, HTTP should work next week, people should not use the wikis that come with Gitorious but the OW2 wikis)
(09:55:23) alefebvr: How are the tests going with the 3 pilots ?
(09:55:28) alefebvr: Hello Florent
(09:55:44) fbenoit: hi
(09:55:50) DenisCaromel: Hi
(09:56:06) alefebvr: How are the tests going with the 3 pilots (JOnAS, EasyBeans, JASMINe) with migration to the new xwiki ?
(09:56:07) JeremyC: "migration" works, but in the new version administration application is no more bundled with xwiki, and I can't find a way to import it currently
(09:56:26) clementescoffier: JeremyC: did you ask on the xwiki ML ?
(09:56:33) alefebvr: yes, I saw your mail. Ludovic has replied. Is his reply satisfactory ?
(09:57:05) alefebvr: You should deactivate your skin before trying the import.
(09:57:05) alefebvr: There must be incompatibility between your skin and the new import code.
(09:57:05) alefebvr: To deactivate:
(09:57:05) alefebvr: - make sure xwiki.cfg has the default
(09:57:05) alefebvr: - make sure your XWiki.XWikiPreferences object has not setting for the skin
(09:57:05) alefebvr: You can try adding ?skin=colibri to the URL, but that might not be enough as the import feature uses additional calls that might not use the default skin.
(09:57:08) alefebvr: Ludovic
(09:57:14) JeremyC: maybe, because without administration appliaction, it's difficult to try to remove the skin
(09:57:19) alefebvr: (Ludovic's reply)
(09:57:33) alefebvr: chicken and egg, right?
(09:58:00) alefebvr: well, he says you modify the xwiki.cfg to deactivate the skin
(09:58:27) alefebvr: (should not need admin support coz you do it in the file)
(09:58:55) alefebvr: clement: the XWiki Support <support@xwiki.com> address was in copy, not the list
(09:58:59) JeremyC: xwiki.cfg as the default skin
(09:59:11) JeremyC: XWikiPreferences doesn't
(09:59:31) alefebvr: so you're saying you already have the right parameters ?
(09:59:38) JeremyC: I can't edit this page, and find a way to desactivate current skin to use the default one
(09:59:46) JeremyC: in xwiki.cfg
(09:59:47) JeremyC: yes
(10:00:17) alefebvr: and adding ?skin=colibri to the URL doet not work either?
(10:00:21) gsauthier: so, we can do another try for migration before crying for help to XWiki support ? :)
(10:00:49) alefebvr: I like Clement's suggestion to use the xwiki mailing lists
(10:00:55) JeremyC: ?skin doesn't change anything for me
(10:01:12) gsauthier: Sure, or IRC, I've got very responsive feedback on #xwiki
(10:01:27) alefebvr: so use their IRC then?
(10:01:29) JeremyC: I will do some try before sending again a sos to xwiki
(10:01:30) esdaniel: xwiki IRC +1
(10:01:44) gsauthier: anyway, as long as we can achieve this task :)
(10:02:08) alefebvr: 1) try, 2) ask for help on IRC, 3) use the support Bazooka
(10:02:12) JeremyC: (I will try today and I will ask ludovic this afternoon)
(10:02:17) alefebvr: goo
(10:02:17) alefebvr: d
(10:02:42) gsauthier: BTW, can we try to have some deadline on this ?
(10:02:44) alefebvr: what about the Nexus sync stuff?
(10:02:55) alefebvr: (sorry for jumpoing)
(10:03:00) gsauthier: Or prioritize the actions we must do in infra ?
(10:03:17) gsauthier: ok let's talks about organization later
(10:03:21) gsauthier: Nexus
(10:03:38) clementescoffier: well... it sounds like we really should switch to nexus
(10:03:41) gsauthier: instance is still available
(10:03:49) clementescoffier: central sync start to be pretty long now (several hours)
(10:03:55) gsauthier: BTW there was a new version released this week
(10:04:31) gsauthier: I was in discussion with Sonatype to have a good organizational POM
(10:04:44) clementescoffier: gsauthier: there is a new version of nexus every 2 weeks ...
(10:04:50) gsauthier: :)
(10:05:54) gsauthier: So I'll release the new OW2 POM next week (with the sonatype feedback)
(10:06:11) gsauthier: and then we can use it ...
(10:06:20) gsauthier: we'll have to find candidates projects
(10:06:22) clementescoffier: ok, once done you you inform the TC, because each project has to release a new parent pom (using that one)
(10:06:28) gsauthier: yep
(10:06:35) clementescoffier: well, in chameleon we have frequent module release
(10:06:43) clementescoffier: we can simply use a specific module
(10:07:02) gsauthier: ok for me, i'll ping the TC when ready
(10:07:52) chamerling: Hi all, sorry to be late, some problems with my internet connection
chamerling ChanServ 
(10:08:02) gsauthier: Hi chamerling
(10:08:31) mdutoo: hi all, had some technical problems as well
(10:09:05) gsauthier: For IT, I just wanted to add that Jeremy started some wiki pages describing services offered by OW2
(10:09:20) gsauthier: http://www.ow2.org/view/ITInfrastructure/WebHome
(10:09:40) gsauthier: It still work in progress but it will be helpful for newcomers
(10:10:02) mdutoo: nice
(10:10:20) alefebvr: Hi Marc !
(10:10:50) gsauthier: What could be nice is to gather all the issues encountered by newcomers and try to give them answers in theses pages ...
(10:11:02) chamerling: +1 this will also be useful for mentoring, services are good but also we need to add how to create accounts, etc
(10:11:29) chamerling: for example Gforge and SVN accounts are linked
(10:11:31) gsauthier: So, please, if you have IT questions a,nd you don't find the answer in theses pages, send a mail to the TC for improvments
(10:11:35) chamerling: Atlassian tools account procedure
(10:11:43) chamerling: etc...
(10:12:02) gsauthier: yep
(10:12:05) clementescoffier: well that would be good
(10:12:36) clementescoffier: right now for example, a couple of Chameleon commiter cannot release for a strange reason (cannot login by ssh)
(10:12:48) clementescoffier: (I didn't really look into the issue, but I will ASAP)
(10:13:19) gsauthier: clementescoffier: that's exactly the kind of issues we could explain in the wiki
(10:13:32) gsauthier: 'cause that's known issues
(10:13:49) clementescoffier: gsauthier: yes ! But first I need to figure out what's the issue there
(10:14:46) alefebvr a quitté le salon (quit: Ping timeout: 246 seconds)
(10:16:01) esdaniel: forgive me for saying, in some cases we can even look to 'record desktops' and provide video guidance for more complicated workflows
(10:16:37) gsauthier: So to sum up IT discussions with tasks:
(10:16:37) gsauthier: * Git over HTTP: (JeremyC) ok when ?
(10:16:37) gsauthier: * Wiki on gitorious: (JeremyC) ok next week
(10:16:37) gsauthier: * XWiki migration: (jeremyC) when ?
(10:16:37) gsauthier: * Nexus: pom to be released (Guillaume) next week
(10:16:37) gsauthier: * IT pages: (all) continuous improvment
(10:17:03) gsauthier: did I miss something ?
(10:17:23) clementescoffier: ok for me
(10:17:50) chamerling: ok
(10:17:52) alefebvr [~alefebvr@freeway.rd.francetelecom.com] a rejoint le salon.
(10:17:53) mode (+o alefebvr) par ChanServ
(10:18:00) JeremyC: (git and xwiki migration, trying before end of april)
(10:18:15) gsauthier: JeremyC: thanks
(10:18:36) gsauthier: Agenda:
(10:18:57) gsauthier: * New projects
(10:18:57) gsauthier: * Graduations
(10:18:57) gsauthier: * Mentors
(10:18:57) gsauthier: * SQuAT and 'security'
(10:18:57) gsauthier: * Proposal from French security hacker community via Philippe Langlois  
(10:19:08) gsauthier: New projects ...
(10:19:17) gsauthier: alefebvr: ?
(10:19:54) contrail: yes ?
(10:20:49) mdutoo: hi there contrail
(10:21:08) mdutoo: just been submitted and already at the tc :)
(10:21:19) contrail: we setup the SVN structure for the contrail project yesterday
(10:21:22) contrail: :)
(10:21:44) contrail: actually I have few questions related to the initialization
(10:21:59) gsauthier: please ask
(10:22:27) contrail: about the forge, we agreed to use WebSVN instead of FishEye
(10:22:48) contrail: to save resources... so we don't need fisheye anymore
(10:23:02) contrail: there is a pb with the svn hook
(10:23:15) contrail: because the commi emails are empty
(10:23:47) contrail: is it posible to fix it?
(10:23:48) chamerling: @contrail maybe you can see that directly with @JeremyC ;)
(10:23:55) contrail: ok
(10:24:17) gsauthier: this is probably another topic to cover in IT/FAQ :)
(10:24:34) contrail: about the release repo, is there a maximum size?
(10:24:52) gsauthier: AFAIK, no
(10:25:22) contrail: we should release rpm, debs and an ISO linux distrib
(10:25:23) gsauthier: but we're running out of disk spaces theses days with all the accumulated maven snaphosts
(10:25:39) contrail: and also a virtual machine as well...
(10:25:43) gsauthier: so quite big
(10:25:47) contrail: yes
(10:26:02) chamerling: @gsauthier so we have to switch to nexus soon to limitate number of snapshoits
(10:26:11) gsauthier: i'm sure that OW2 may accept a machine donation :)
(10:26:23) gsauthier: yes, that's a reason I want to move to nexus soon
(10:26:28) chamerling: this is a big issue
(10:26:40) chamerling: where is the hardware described in the wiki?
(10:26:50) esdaniel: alefebvr / jeremyc: to date we've not been versioning vms, this will have a significant change on storage demands
(10:26:57) gsauthier: Xsalto (Grenoble)
(10:27:06) esdaniel: contrail: can you help provide a heads-up on storage expectations please
(10:27:40) esdaniel: contrail: not now of course, please email jeremyc and aledebvr
(10:27:43) contrail: yes, I'll give more info as soon as I can
(10:27:48) esdaniel: thank you
(10:27:57) contrail: actually it will take some time b4 we are able to release a distrib...
(10:28:14) esdaniel: cool, gives us time to prepare for it ;-)
(10:28:55) clementescoffier: gsauthier: chamerling : well the snapshot limitation requires 1) unique timestamp policy, and 2) using necessary the maven version number policy (1.0.0-SNAPSHOT => 1.0.0)
(10:29:28) gsauthier: with maven3 , we have the timestamp policy by default
(10:29:48) alefebvr: (sorry I had lost the connection)
(10:30:24) chamerling: @gsauthier with nexus you can create cronjobs to delete snapshots and to keep just the N last ones
chamerling ChanServ 
(10:30:49) gsauthier: chamerling: yes, so we can keep maven snapshots repository under control
(10:30:57) clementescoffier: chamerling: this works only if you're using the maven version scheme, it was a critical issue @ akquinet
(10:31:16) gsauthier: but in the contrail case, I suppose that VM will not be released as maven artifacts, isn't it ?
(10:31:21) chamerling: yes true, it is just using best practices
(10:31:31) clementescoffier: chamerling: so, using this feature imposes to use the maven versions to all projects
(10:31:52) contrail: yes, we won't release a VM or a linux distrib very often
(10:32:13) gsauthier: clementescoffier: maven repository is for maven artifacts/projects, they *have* to use maven numbering convention..; what's the issue with that ?
(10:33:09) contrail: BTW not the entire contrail project uses maven, there is some C, C++, python... as well
(10:33:23) clementescoffier: gsauthier: well, maven versions are not really compatible with OSGi as you know...
(10:33:46) gsauthier: contrail: yep, so using nexus will not help in your case :)
(10:34:03) clementescoffier: clementescoffier: in chameleon, we relase only odd numbers ... this is NOT the maven policy
(10:34:08) gsauthier: we will probably have to buy some new harddisk sometime in the future
(10:34:29) contrail: I was talking about the space in this directory http://contrail.ow2.org/
(10:34:33) gsauthier: clementescoffier: as long as the number finish with -SNAPSHOT .... :)
(10:34:52) clementescoffier: gsauthier: well, then Neuxs don't clean the snapshots correctly
(10:34:58) alefebvr: @jeremy -> how old are our machines ?
(10:35:09) alefebvr: @jeremy -> would it help to purchase new disks ?
(10:36:16) chamerling: @JeremyC @alefebvr time to buy a NAS, no? or to plan to
(10:36:24) chamerling: ;)
(10:36:45) gsauthier: :)
(10:37:31) gsauthier: alefebvr: concerning new projects from compatible, what are the news ?
(10:37:41) esdaniel: fyi... we've spoken before about elastic storage but for now we've kept things simple
(10:39:09) alefebvr: for C1, the status is
(10:39:41) alefebvr: 1) they have a private sandbox forge project, which is NOT an OW2 project, and which they use for sharing files internally for the project (documentation for example)
(10:39:45) JeremyC: our machine are 2 years old
(10:40:18) alefebvr: 2) they have just released an snmp4cloud project, but the submission needs to be reworded (it is not acceptable)
(10:40:33) alefebvr: I'll send them the Nuxeo submission as an example of a "good" one
(10:40:49) alefebvr: I have no visibility otherwise of other projects they will want to submit
(10:41:07) alefebvr: maybe Ed knows more about their roadmap for submitting projects?
(10:41:19) gsauthier: can't we have a C1 public project with subprojects ?
(10:41:40) gsauthier: if C1 expands to tenth of projects ...
(10:42:27) esdaniel: C1 roadmap still evolving as they're still in the state-of-the-art evaluation stage
(10:42:51) esdaniel: outputs are beginning to be more clearly defined - such as Parpaillon SNMP
(10:42:59) clementescoffier: \msg gsauthier
(10:43:08) chamerling: @JeremyC @gsauthier will be nice ti have somewhere a full HW description and some stats about disk space left for example
(10:43:17) esdaniel: for now it's what one can call a slow-burner that will pick up momentum over next 6 months
(10:43:29) esdaniel: i'll give a clearer report at the next TC on C1 roadmap
(10:44:18) chamerling a quitté le salon
(10:44:58) alefebvr: the logic is not 1 big project with lots of subprojects, the scope is too large
(10:45:03) alefebvr: that would not make sense
(10:45:31) alefebvr: they may want to group some projects together, but the scope is "open source middleware for the cloud", so it would be monstruous to have 1 single project
(10:45:32) gsauthier: alefebvr: ok
(10:45:37) alefebvr: and would not encourage re-user
(10:45:43) alefebvr: re-use
(10:45:45) alefebvr: and sharing
(10:46:43) gsauthier: ok
(10:47:21) gsauthier: Does it makes sense to group some projects together just like apache top level projects ?
(10:48:08) clementescoffier: well ... this lead to jakarta explosion
(10:48:16) clementescoffier: all java project under the same TLP ...
(10:48:35) clementescoffier: this was pretty painful for Apache
(10:48:38) gsauthier: I was just wondering .... :)
(10:48:48) alefebvr: I think this is a good discussion
(10:48:52) mdutoo: Eclipse are doing it well
(10:49:12) alefebvr: this was the work that we had intended to do with the Himalaya programme in OW2, but never managed
(10:49:29) alefebvr: Eclipse is easier, they have a single framework, we don't
(10:49:39) alefebvr: Apache has the same problem
(10:49:40) mdutoo: but I think there are 2 separate uses : grouping as a mean of making the list of projects clearer to newcomers, and grouping as a mean of "institutional" management internally at OW2
(10:49:42) gsauthier: ok, I thought that Himalay was only about synchronized release train
(10:50:20) esdaniel: himalaya: http://docs.google.com/viewer?a=v&q=cache:MmtP6kDhz4gJ:www.ow2.org/xwiki/bin/download/Community/TechnologyCouncil/Himalaya-Prez-Draft.pdf+ow2+himalaya&hl=en&gl=fr&pid=bl&srcid=ADGEESjycnPD6fPOIZzb-Brhq7JnRtbozh-vm7gvHp8hNPBeAis6WkccE41yg6SBbxOh-ih8iZGKJXOLo0AqDRMRMPPHc7HSoFoYI-jW3hnQWCvMyKZ4SjSfxGFKr9iIxk2WpTzZoixl&sig=AHIEtbSVOz0XX_rlJDGtMnJL2k8VQSNlfQ
(10:50:22) alefebvr: well, yes gsauthier, in one sense, if you want to synchronize, it means you have identified what integrates together
(10:50:54) mdutoo: in Eclipse, they also have "packages" ex Eclipse SOA or Eclipse PHP or Eclipse mobile, that are piloted by "industry working groups"
(10:51:15) mdutoo: that's a third use of grouping
(10:52:12) gsauthier: the eclipse packages means some common roadmap for integrated components
(10:52:36) alefebvr: so it is more an organisation of how to "synchronize" projects together, with groups of projects that are meant to be integrated
(10:52:38) alefebvr: right ?
(10:52:50) gsauthier: this is something OW2 cannot push alone. Integrated projects must participate actively in this work
(10:52:55) mdutoo: yep, including integration at feature level
(10:52:56) alefebvr: would it make sense to identify such groups in OW2 ?
(10:53:00) mdutoo: I agree
(10:53:15) mdutoo: well, a compatible one group could be one here maybe
(10:53:27) alefebvr: e.g. Talend+Bonita+xxx, JOnAS+JASMINe+EasyBeans+JORAM+CMI+xxx
(10:53:28) alefebvr: etc
(10:54:05) gsauthier: hmm a Java EE group ?
(10:54:08) mdutoo: it depends...
(10:54:31) mdutoo: Talend lately integrates parts of Bonita, however Bonita still wants to have its own releases
(10:54:35) gsauthier: cause JOnAS can be used by all kind of application (bonitasoft, xwiki, exo, ... nuxeo)
(10:54:41) esdaniel: this will sound cheesy but better to align with business than technology
(10:55:02) mdutoo: same for JOnAS : I think JOnAS could be coupled with easybeans etc release, but easybeans still wants to be able to do its own releases in addition
(10:55:03) DenisCaromel: ProActive has now an interface to Bonita
(10:55:45) mdutoo: esdaniel : i agree, that's the point of eclipse packages, and nobody will be interested by a given package if it is not consistent on a feature level
(10:55:54) gsauthier: yeah, but i guess that it does not make sense to tie the ProActive release strategy on bonita releases plan, right
(10:55:56) gsauthier: ?
(10:56:15) mdutoo: i'd agree (but im not involved)
(10:56:52) DenisCaromel: No it does not, in our case it is rather a problem of integrating ProActive contributions to Bonita base code
(10:57:03) alefebvr: however, a nice spaghetti-map of the code base could help understand what can work with what
(10:57:35) alefebvr: maybe not align everyone's roadmaps, but identify what can be integrated with what
(10:57:51) alefebvr: with the risk that it becomes an unreadable spaghetti plate
(10:57:53) gsauthier: so having eclipse like "package" is difficult for us: too many possible packages, testing combinations are exploding, and it should comes from the projects, not from OW2 (bottom-up approach)
(10:58:01) mdutoo: well that was a part of himalaya as well : compatibility matrix
(10:58:09) mdutoo: which im not convicted by
(10:58:32) alefebvr: I agree, a full compatibility matrix is not realistic
(10:58:48) mdutoo: because "compatibility" can be anything, and having a compatible with b and b with c does almost never guarantee that a+b+c are compatible
(10:58:50) alefebvr: by the time we'll have done it, it will be obsolete
(10:58:57) esdaniel: reminds me of distro packaging / versioning with many sub-projects
(10:59:31) alefebvr: note the work currently underway "BI4Cloud" of grouping a number of middleware for BI, and integrating them, in a single appliance
(10:59:44) mdutoo: showing compatibility in a matrix is showing our value, but releases and groups should not be made based on that
(10:59:47) gsauthier: esdaniel: the difference is that there is a common will to have a distro: right now, do we have this common will shared by projects ?
(11:00:01) mdutoo: well, bi4cloud would be such a business driven package
(11:00:02) alefebvr: don't think so, but users do !
(11:00:44) alefebvr: I think we already have 2 "packages" : BI and JavaEE
(11:00:53) alefebvr: at large
(11:01:13) clementescoffier: well... in chameleon we're also building (internal) distributions
(11:01:39) gsauthier: Yeah, for javaEE it's easy; we (Bull) have control on all the components so we can (and we do) release them together...
(11:02:07) gsauthier: but what happen if 2 (or more) companies are involved ?
(11:02:12) alefebvr: instead of defining an Himalaya which we will never reach, why not publish what we already have ?
(11:02:39) alefebvr: "2 companies" -> how do you synchronize with ScalAgent for JORAM ?
(11:03:50) gsauthier: alefebvr: we ask them politely :)
(11:03:54) alefebvr: when FT did EJB2 persistence with Bull, we synchronized by visiting Echirolles offices a lot
(11:04:26) gsauthier: yeah
(11:04:33) alefebvr: let's try to summarize
(11:05:36) gsauthier: that's the shared will
(11:06:31) alefebvr: 1. we need to show another vision of the code base than flat list of projects
(11:06:44) alefebvr: 2. when possible, we should deliver assemblies
(11:07:00) alefebvr: About 2, e.g. JOnAS, BI4Cloud, and surely others
(11:07:08) alefebvr: About 1, how do we do it ?
(11:07:29) gsauthier: alefebvr: I heard some talking about classification in OW2 lately ...
(11:08:41) gsauthier: What is probably expected by people making decision is business features
(11:08:53) gsauthier: not technology
(11:09:03) mdutoo: recently ccarbone said that the trove categorization should be updated
(11:09:20) gsauthier: mdutoo: thanks that was that
(11:09:24) esdaniel: this was also requested / proposed by stefane/nuxeo
(11:10:11) esdaniel: nuxeo proposed to explore more 'useful' ontologies, is that correct, Alefebvr?
(11:10:17) alefebvr: yep
(11:10:31) alefebvr: I asked Stephane to send a counter-proposal for a taxonomy
(11:10:59) alefebvr: he hasn't yet
(11:11:11) alefebvr: I agree taxonomy will help
(11:11:14) alefebvr: but...
(11:11:28) alefebvr: in the same group you could well have competing projects which are not integratable
(11:11:38) alefebvr: but it would help
(11:12:06) esdaniel: i would not rely on nuxeo to propose, stefane made the observation though is not prepared to step forward and propose something
(11:12:12) alefebvr: :-)
(11:13:01) gsauthier: Ok before going further this road, maybe we could simply start discussing this on TC list, to see if other projects may be interested and join the party ?
(11:13:54) mdutoo: about business classification : entreprise applications, BI, SOA / XML / service integration, data & process integration, communication / protocol / ORB...
(11:14:21) gsauthier: And we try to move on to the next topics of the TC meeting (maybe we can stop at 12h00 :) )
(11:14:24) mdutoo: about "kind of" classification : solution, framework, library, plugin (to X)
(11:14:37) gsauthier: protocol / ORB ... in business classification ?
(11:15:00) mdutoo: well, you can put ORBs under communication
(11:15:16) mdutoo: when I said communication, I didn't mean chatting, but protocols ex. for telecom industry
(11:15:18) esdaniel: agree with gsauthier: we can move this thread to the wiki and discuss asynchrnously there and begin evolving a new ontology together
(11:15:32) gsauthier: esdaniel: right
(11:15:39) mdutoo: and obviously "collaboration" classification
(11:16:06) gsauthier: Can we move to the next topics ?
(11:16:29) gsauthier: * Graduations
(11:16:29) gsauthier: * Mentors
(11:16:40) contrail: is there enough time for a  question about registrations?
(11:17:07) contrail: I have to provide a registration procedure for contrail developers
(11:17:43) contrail: and some asked me about LDAP
(11:18:03) contrail: because I told them they will have to register on each tool
(11:18:22) contrail: is there a project to centralize authentications?
(11:18:25) esdaniel: who is contrail mentor?
(11:18:31) contrail: what can I answer?
(11:18:35) gsauthier: hey, simple question :)
(11:18:36) gsauthier: no
(11:18:38) contrail: chamerling
(11:19:07) contrail: maybe I should ask christophe directly
(11:19:08) gsauthier: LDAP is used on some part of the IT
(11:19:27) gsauthier: forge and project xwiki and svn are sharing a commons user base
(11:19:33) esdaniel: ok, chamerling / jermeyc will help you get the answers
(11:19:43) gsauthier: but other services may have separate authentication bases
(11:20:04) contrail: ok, thank you very much ~
(11:20:16) gsauthier: thats' the kind of information I expect to see on the IT pages on the wiki we were' talking about previously
(11:20:31) gsauthier: So graduations :)
(11:20:36) mdutoo: (about the previous classification topic, I quite like http://www.ow2.org/view/Activities/ProjectsByFunction , however "tool" is too big, there should be also an "SOA" classification with all petals components rather than having them spread across others
(11:21:16) gsauthier: So far, on the 3 projects in hold for graduation, only Chameleon send us the graduation form
(11:21:30) chamerling: I am back, sorry
(11:21:36) gsauthier: as there was no objections, Chameleon graduated last week
(11:22:12) gsauthier: BTW, clementescoffier is there a graduation form somewhere or you have created the doc on your own ?
(11:22:18) alefebvr: mdutoo: please propose a better subdivision of tool
(11:23:17) gsauthier: alefebvr: should we send a reminder to the remaining projects to have them graduated ?
(11:24:11) alefebvr: I did ask Cedric Carbone, they're working on it
(11:24:48) alefebvr: but yes, an official reminder from the chairman to them and to Cassidian would be goo
(11:24:50) alefebvr: d
(11:25:01) alefebvr: or from me :-)
(11:25:19) gsauthier: I can do that :)
(11:25:37) alefebvr: new projects -> Sirocco -> are we done with the discussion?
(11:25:42) alefebvr: can we proceed to the vote?
(11:25:54) alefebvr: we need a mentor -> I can be mentor since they are colleagues
(11:25:55) mdutoo: As I said, there should be 2 vertical classifications, one business (in what context it is useful : the existing one, or entreprise applications, BI, collaboration, SOA / XML / service integration, data & process integration, communication / protocol / ORB...), the other "kind of" (what level of answer to business need is provided : solution, framework, library, plugin (to X))
(11:26:24) alefebvr: oh, a matrix !
(11:26:28) alefebvr: ;-)
(11:26:31) mdutoo: (sorry I was talking to alefebvr)
(11:26:47) alefebvr: (I work in a company that has a matrix organization, a real nightmare)
(11:27:00) gsauthier: Yeah, we need a mentor for Sirocco
(11:27:02) alefebvr: but yes, you are right Marc, there are 2 aspects
(11:27:04) mdutoo: alefebvr: well, the "kind of" classification is rather seconday to the first, like a tag
(11:27:39) alefebvr: yes, a tag
(11:27:47) gsauthier: So, Sirocco is good for vote
(11:27:54) alefebvr: wonderful
(11:28:34) alefebvr: what about m2net ?
(11:28:42) alefebvr: Bull never got back to us on this one...
(11:29:35) gsauthier: Last mail on this one was 2 months ago
(11:30:15) gsauthier: I can try to resurect that stuff :)
(11:30:38) mdutoo: alefebvr: the "tool" classification today contains projects pertaining to SOA / XML (petals master, frascati, xquare), ORBs (carol, jonathan, tribe), component frameworks (chameleon, fractal & al) that would be dispatched according to this classification
(11:31:08) gsauthier: alefebvr: any other points about projects ?
(11:31:23) alefebvr: don't think so about projects
(11:31:45) gsauthier: OK, so Security with esdaniel :)
(11:32:02) alefebvr: except m2net to resurrect "m2net back from the dead" (sounds like the title of a B horror movie)
(11:32:30) gsauthier: :)
(11:32:51) esdaniel: understanding what the SQuAT initiative aims to achieve I first want to ask the TC why 'security' is not part of this?
(11:33:37) alefebvr: 'security' is too vague (like "middleware")
(11:33:49) alefebvr: security in what sense ? no malicious viruses in the code ?
(11:34:12) esdaniel: anyone else have a view on this?
(11:34:20) alefebvr: squat = quality and trustworthiness, so security is intrinsically in it
(11:34:40) alefebvr: squat includes security in its definition
(11:34:49) esdaniel: it appears to me that security needs to be a first-class citizen of this initiative
(11:34:52) alefebvr: now, the question is: are we doing somethng for security ? no.
(11:35:03) alefebvr: please define security
(11:35:07) esdaniel: and get more visibility as part of the SQuAT initiative
(11:35:18) alefebvr: but yes, I agree
(11:35:34) alefebvr: let us start with what we have already, and add security stuff
(11:36:19) esdaniel: yes indeed, though i think it would help that this is not an after-thought and moved to a more prominent position
(11:36:27) gsauthier: Do we plan to have a "security report" just like sonar reports as part of the graduation criteria ?
(11:36:41) clementescoffier: sorry gsauthier, was away for a couple of minutes
(11:36:49) clementescoffier: no I took the graduation form from the web site
(11:36:56) gsauthier: clementescoffier: ok thanks
(11:37:04) clementescoffier: (word document exported to pdf)
(11:37:06) alefebvr: security report would be good.
(11:37:23) alefebvr: what is security (sorry for being so insistant and stupid)
(11:37:34) esdaniel: getting back to the definition, forgive me for cheating and referring to wikipedia: http://en.wikipedia.org/wiki/It_security
(11:37:44) esdaniel: this is otherwise known as #infosec
(11:38:16) gsauthier: Are there tools to test security of your application ?
(11:38:26) alefebvr: which part of security will we test?
(11:38:29) esdaniel: my recommendation is that to support the decision process of IT directors / DSIs who will already welcome the SQuAT concept is to evolve some kind of security aspect to SQuAT
(11:38:41) alefebvr: yes, it is a good idea !
(11:38:56) esdaniel: this is really the first time i think this has been discussed in TC so i don't expect us to have the answers today
(11:39:13) alefebvr: are we in "secure coding" related to the wikipedia definition ?
(11:39:48) esdaniel: yes, to take an example of the issues microsoft has experienced due to poor code security quality
(11:39:59) esdaniel: it has cost them millions in both fixing and brand reputation
(11:40:30) esdaniel: to assume this problem would not be an issue for ow2 codebase is a dangerous view to take i believe
(11:40:32) alefebvr: can you Ed please explain Langlois' proposals of "security code sprints" ?
(11:41:23) esdaniel: yes, so - while we're trying to actually discover what we can use to give us some kind of indication of 'quality' of security we've received a proposal from langlois
(11:41:52) esdaniel: we can do the background info later, for now the offer is very appealing IMHO
(11:42:13) gsauthier: is this some kind of security training ?
(11:42:37) esdaniel: langlois has proposed to gather 15-40 of his security hackers to go to work on an ow2 project and do their worst, so to speak, i.e. find the holes and exploits in the codebase
(11:42:43) gsauthier: how to write secure code ? how to use security mechanism available, ... ?
(11:43:05) gsauthier: sounds fun
(11:43:25) gsauthier: just like in hacker movies ;)
(11:43:25) alefebvr: this could then help us better define what we would be able to test, identify tools, etc, right ?
(11:43:45) alefebvr: how to securely introduce malicious code in open source ?
(11:43:49) esdaniel: yeah - now the initial idea was to get ow2 to back a hackathon and an aribitrary project picked 'out of the hat' woudl be selected, could even be a no-OW2 project
(11:44:16) esdaniel: however... the cost for this will be c. 1000 € so at present i see no way to justify budget for a non-ow2 project
(11:44:34) esdaniel: nor to pick an arbitrary project either as that is discriminating member funds
(11:44:35) esdaniel: so...
(11:45:06) esdaniel: what i feel is do-able is for any ow2 project that would like a security audit by the best of the french security hacker community
(11:45:18) gsauthier: I suspect not all our projects could be battle tested this way ...
(11:45:38) esdaniel: i can tell you it will only cost you 1000 €, which is a phenomenally good value
(11:45:39) gsauthier: librairies for example
(11:45:57) esdaniel: i.e. 15 to 40 hackers for one day is a hell of a lot more than the 1000 € requested
(11:46:10) gsauthier: sure
(11:46:29) esdaniel: and they're good, i attended langlois' conference here in Paris, it rivals DefCon in terms of the talent in attendance and the quality of the talks
(11:46:35) mdutoo: wow ! but yes, what about the setup ? only projects that expose remote interfaces can be candidate per ex ?
(11:46:37) gsauthier: how do they proceed ?
(11:46:45) gsauthier: mdutoo: good question
(11:47:18) esdaniel: some of the cool stuff you can think about is how they use binary instrumentation to crack executables and hot-patch them using tools such as this from Intel: http://www.pintool..org
(11:47:28) esdaniel: http://www.pintool.org
(11:48:04) esdaniel: no, not just remote interfaces, i think one has to keep a very open mind as to what the possibilites are
(11:48:31) esdaniel: never forget the risks of social hacking and once an intruder is inside the perimeter there are many more issues to contend with
(11:48:43) esdaniel: imainge man in the middle attacks on middleware
(11:48:47) gsauthier: I known, but I don't want them to battle test my linux system to enter in. I want them to battle test my stuff
(11:49:03) esdaniel: yeah, they will battle-test the project codebase
(11:49:28) esdaniel: and if you're not doing things securely you'll find out
(11:49:35) gsauthier: when you mean project codebase, it's a running instance or this is only a source code review ?
(11:49:53) esdaniel: now, i suggest we can get into more detail with phillipe langlois if this idea has an interest amongst any of you
(11:50:06) gsauthier: looks appealing
(11:50:38) gsauthier: I propose to discuss that in TC
(11:50:44) gsauthier: on the list
(11:50:49) esdaniel: i would imagine both, i.e. an instance running and also source because any hacker wanting to hack a project can download and inspect the source
(11:50:58) esdaniel: ok
(11:51:03) alefebvr: would be good to meet him face to face
(11:51:08) alefebvr: what about Solutions Linux ?
(11:51:16) gsauthier: good idea
(11:51:24) alefebvr: By the way, Cathy is looking at a room for our F2F TC meeting
(11:51:40) gsauthier: nice
(11:52:39) alefebvr: could be just after the OW2 session on May 12, in the same room
(11:52:44) alefebvr: or in a separate room
(11:52:54) alefebvr: sounds the best option for the date/time
(11:53:07) gsauthier: great
(11:53:24) esdaniel: sure, i did into you at inthecloud, or at least i was supposed to have :-$
(11:53:24) esdaniel: cool, thanks for listening and i'll follow up accordingly for sol-linux f2f with philippe
(11:53:24) esdaniel: meanwhile, if anyone wants to progress this today that is entirely feasible
(11:53:59) esdaniel: and as per earlier observations, yes - conducting one of these hackathons provides insights into tools for testing and reporting on security
(11:54:11) mdutoo: I agree
(11:54:20) mdutoo: esdaniel: good proposition
(11:54:23) gsauthier: thanks esdaniel
(11:54:26) alefebvr: me too, could help us understand what it is all about
(11:54:29) alefebvr: thanks Ed !
(11:54:39) esdaniel: thank you - i sincerely hope it makes the codebase even more valuable for adoption
(11:55:02) alefebvr: we NEED some action about code security, no doubt about it
(11:55:12) alefebvr: the question is what...
(11:55:32) esdaniel: perhaps we can discuss with philippe at sol-linux f2f
(11:55:43) gsauthier: yep, meeting security experts will be helpful
(11:55:56) alefebvr: about SolLinux on 12 May, we have the room until 2pm (but the OW2 session finishes at 1), and maybe later, but no guarantee
(11:56:24) gsauthier: Ok, we've finished the topics on the agenda
(11:56:32) gsauthier: Any other stuff to share ?
(11:56:32) esdaniel: dinner also an option if we're around in the evening
(11:57:13) alefebvr: we're looking at Ingres letting us use their rooms (they are at La D?fense too)
(11:57:21) alefebvr: I think we are done ?
(11:57:30) gsauthier: Good for me
(11:57:32) alefebvr: unless you want to talk about the new TC web pages ?
(11:57:37) alefebvr: ;-)
(11:58:00) alefebvr: for which you really really did a great job Guillaume
(11:58:00) gsauthier: I'm open for comments/feedback on TC space in the wiki :)
(11:58:44) alefebvr: just to share with others : we're discussing with Guillaume how to trace information about project lifecycle (submission, vote, status changes)
(11:58:48) gsauthier: We still need an application to manage TC members, and other stuff about project lifecycle (proposal -> incubation -> graduation -> archive)
(11:59:05) alefebvr: I was thinking of extending the project Dashboard to add such information (in order to avoid multiplying xwiki stuff)
(11:59:56) alefebvr: "application to manage TC members" -> do you mean 1) list their name on the page, 2) trace when they joined, 3) manage their mailing list membership ?
(12:00:11) gsauthier: We'll come back to you when things will settle a lit bit
(12:00:28) gsauthier: yep, could be :)
(12:01:42) gsauthier: there is SOAP API in latest sympa, so we could even subscribe peoples automatically
(12:01:45) gsauthier: :)
(12:01:48) alefebvr: thanks for sharing this with the TC (it's the dark side of the jobs we have to do for running the TC...)
(12:02:03) alefebvr: Jeremy, which sympa version do we run?
(12:02:33) gsauthier: 5.3.4
(12:02:45) gsauthier: latest is 6.1.4
(12:03:53) gsauthier: Anyway, I want to have more stuff on the wiki :) Expects new things in the future ...
(12:04:00) alefebvr: (I know, all iknformation is on the website http://www.ow2.org/view/ITInfrastructure/ )
(12:04:10) gsauthier: :)
(12:04:21) alefebvr: and everyone should be welcome to contribute to the wiki ?
(12:04:43) gsauthier: with the appropriate rights, yes
(12:05:08) gsauthier: 12h04 and we're done
(12:05:24) gsauthier: this meeting was probably a little too long
(12:05:47) clementescoffier: ok
(12:05:50) clementescoffier: so bye !
(12:05:56) chamerling: c u
(12:05:58) chamerling a quitté le salon
(12:06:02) gsauthier: Thanks you all for attending !
(12:06:02) contrail: bye
(12:06:04) alefebvr: okedoke
(12:06:09) alefebvr: bon app?tit :-)
(12:06:16) gsauthier: oui bon app'
(12:07:42) esdaniel: bye, ttfn
(12:08:05) esdaniel: btw everyone is welcome to always hang out here, guillaume, florent and I are normally here