Outgoing Apache OpenOffice project management committee (PMC) chair Dennis
Hamilton has begun the discussion of a possible (note possible at
this point) shutdown of the project.
"In the case of Apache OpenOffice, needing to disclose security
vulnerabilities for which there is no mitigation in an update has become a
serious issue.
In responses to concerns raised in June, the PMC is currently tasked by the
ASF Board to account for this inability and to provide a remedy. An
indicator of the seriousness of the Board's concern is the PMC been requested
to report to the Board every month, starting in August, rather than
quarterly, the normal case. One option for remedy that must be considered is
retirement of the project. The request is for the PMC's consideration among
other possible options." (Thanks to James Hogarth.)
(Log in to post comments)![]()
Also of interest is this note on how the handling of CVE-2016-1513 went.
| From: | "Dennis E. Hamilton" <orcmid-AT-apache.org> | |
| To: | <dev-AT-openoffice.apache.org> | |
| Subject: | [DISCUSS] What Would OpenOffice Retirement Involve? (long) | |
| Date: | Thu, 1 Sep 2016 16:37:00 -0700 | |
| Message-ID: | <008d01d204a9$bd37caa0$37a75fe0$@apache.org> | |
| Archive-link: | Article |
Here is what a careful retirement of Apache OpenOffice could look like.
A. PERSPECTIVE
B. WHAT RETIREMENT COULD LOOK LIKE
1. Code Base
2. Downloads
3. Development Support
4. Public-Project Community Interfaces
5. Social Media Presence
6. Project Management Committee
7. Branding
A. PERSPECTIVE
I have regularly observed that the Apache OpenOffice project has limited
capacity for sustaining the project in an energetic manner. It is also my
considered opinion that there is no ready supply of developers who have the
capacity, capability, and will to supplement the roughly half-dozen
volunteers holding the project together. It doesn't matter what the reasons
for that might be.
The Apache Project Maturity Model,
<http://community.apache.org/apache-way/apache-project-mat...>,
identifies the characteristics for which an Apache project is expected to
strive.
Recently, some elements have been brought into serious question:
QU20: The project puts a very high priority on producing secure software.
QU50: The project strives to respond to documented bug reports in a timely
manner.
There is also a litmus test which is kind of a red line. That is for the
project to have a PMC capable of producing releases. That means that there
are at least three available PMC members capable of building a functioning
binary from a release-candidate archive, and who do so in providing binding
votes to approve the release of that code.
In the case of Apache OpenOffice, needing to disclose security
vulnerabilities for which there is no mitigation in an update has become a
serious issue.
In responses to concerns raised in June, the PMC is currently tasked by the
ASF Board to account for this inability and to provide a remedy. An
indicator of the seriousness of the Board's concern is the PMC been requested
to report to the Board every month, starting in August, rather than
quarterly, the normal case. One option for remedy that must be considered is
retirement of the project. The request is for the PMC's consideration among
other possible options. The Board has not ordered a solution.
I cannot prediction how this will all work out. It is remiss of me not to
point out that retirement of the project is a serious possibility.
There are those who fear that discussing retirement can become a
self-fulfilling prophecy. My concern is that the project could end with a
bang or a whimper. My interest is in seeing any retirement happen
gracefully. That means we need to consider it as a contingency. For
contingency plans, no time is a good time, but earlier is always better than
later.
B. WHAT RETIREMENT COULD LOOK LIKE
Here is a provisional list of all elements that would have to be addressed,
over a period of time, as part of any retirement effort.
In order to understand what would have had to happen in a graceful process,
the assumption below is that the project has already retired.
Requests for additions and adjustments to this compilation are welcome.
1. CODE BASE
1.1 The Apache OpenOffice Subversion repository where code is maintained
has been moved to "The Attic." Apache Attic is an actual project,
<http://attic.apache.org/>. The source code would remain
available and could be checked-out from Subversion by anyone interested in
making use of it. There is no means of committing changes.
1.2 Apache Externals/Extras consists of external libraries that are
relied upon by the source code but are not part of the source code. These
were housed on SourceForge and elsewhere. (a) They might have been archived
in conjunction with the SVN (1.1). (b) They might be identified in a way
that someone attempting to build from source later on would be able to work
with later versions of the external dependencies. There are additional
external dependencies that might have become obsolete.
1.3 Build Dependencies/Tool Chains. The actual construction of the
released binaries depends on particular versions of specific tools that are
used for carrying out builds of binaries from the source. The dependencies
as they last were used are identified in a historical location. Some of the
tools and their use become obsolete over time.
1.4 GitHub Mirror. For the GitHub Mirror of the Apache OpenOffice SVN
(a) pull requests are not accepted. (b) Continuation of the presence of the
GitHub repository might be shut down at some point depending on GitHub policy
and ASF support.
2. DOWNLOADS
2.1 The source code releases, patches, and installable binaries are all
retained in the archive system that is already maintained. There are no
further additions.
2.2 The downloading of full releases is supported on the SourceForge
mirroring system. There are no new downloads. How long until SourceForge
retires its support for downloads is not predictable (and see 4.3).
2.3 The Apache OpenOffice Extensions and Templates system is an
independent arrangement hosted and curated on SourceForge. Whether and how
long the download service is preserved by SourceForge is not predictable.
2.4 The mechanism for announcing updates to installed versions of
OpenOffice binaries is adjusted to indicate that (a) particular versions are
no longer supported. (b) For the latest distribution(s), there may be advice
to users about investigating still-supported alternatives.
3. DEVELOPMENT SUPPORT
3.1 The Apache OpenOffice Bugzilla is mirrored in The Attic. The
Bugzilla is read-only and preserved for historical purposes.
3.2 The Pootle materials used for the development of localizations are
exported and archived.
3.3 The Confluence Wiki operated by the project is preserved in a
read-only state:<https://cwiki.apache.org/confluence/display/OOOUSERS/>.
3.4 The commits@ and issues@ mailing lists are shut down although
archived.
4. PUBLIC PROJECT-COMMUNITY INTERFACES
4.1 All public discussion mailing lists are shut down. They are all
archived and accessible from The Attic.
4.2 The dev@ list was the last to shut down, having been used during
orchestration of the retirement.
4.3 The http://openoffice.org site is static and uneditable. The CMS
functions for contribution to the site are disabled. Over the course of
retirement, key pages of the site were updated to reflect the retirement
activity and to eventually end some of the functions, such as information on
how to contribute, how to obtain the software, how to obtain help, branding
requirements, etc.
4.4 The Wikimedia subsite of openoffice.org is read-only and static. No
contributions or edits can be made. At some point, the Wikimedia server will
need to be shut down and (a) the server is shutdown/moved with openoffice.org
indicating that the wiki is unavailable. (b) Only a static form of the pages
is provided. (c) Alternative hosting and rebranding is achieved.
4.5 The OpenOffice Community Forums were semi-autonomous. (a) The server
is retired. (b) The site is rehosted and rebranded by agreement with the
Apache OpenOffice project and the ASF.
5. SOCIAL MEDIA PRESENCE
5.1 The Apache Planet OpenOffice Blog is terminated with the announcement
that Retirement is complete.
5.2 The Twitter account is terminated.
5.3 Any Facebook page under control of the project is closed.
5.4 The announce@ list is terminated and archived with the announcement
of Retirement completion.
6. PROJECT MANAGEMENT COMMITTEE
6.1 With completion of the retirement, the private@ and security@
openoffice.org lists were shutdown (although archived as are all such
lists).
6.2 The Project Management Committee is disbanded and the Chair is
relieved.
6.3 There is no longer any identified operation for continuation of the
project except as specified for The Attic.
7. BRANDING
7.1 With the cessation of releases, it is made widely known that official
releases other than the last ones provided by the project are not the work of
Apache OpenOffice and any claimed association, justification for charge of
fees and for carrying of advertising are not in support of the Apache
OpenOffice project. This notification will also be made to those
organizations that carry offerings to the contrary (e.g., eBay).
7.2 There is no point of contact, other than branding@ apache.org, for
request to make use of the brands.
7.3 There is no active attention to preservation of the trademarks
related to Apache OpenOffice. (a) Inappropriate use of Apache and its
symbols in names of offerings will be defended when brought to the attention
of branding@. (b) Uses of OpenOffice, Open Office, openoffice.org and other
similarities without attribution to Apache are not addressed.
*** end of the list as of 2016-09-01 ***(Log in to post comments)