Dear community, I would like to propose that we join the Sovereign Tech Resilience Program [1] that CouchDB benefit of modernisations of some of its parts to ensure continued speedy development including responding to critical security vulnerabilities.
I would submit the following application (by lazy consensus) if no-one objects until Sunday, 25-09-07 23:59 (UTC+1). On behalf of the CouchDB PMC, Ronny CouchDB STA Bug Resilience Program Application Category: Join the Sovereign Tech Resilience Program Application Name: Apache CouchDB Project title: Apache CouchDB Link to project website: https://couchdb.apache.org Link to project repository: https://github.com/apache/couchdb Where is your open source technology project being used (describe all user bases)? (300 words): CouchDB is used in all areas a database can be useful. It covers setups from single-server databases for applications, to multi-node clusters for large-scale and fault-tolerant setups for larger systems. CouchDB is famed for its ease of use and operation and is used by non-profits and fortune 500 companies alike. The one feature that sets CouchDB apart from other databases is its unique data replication feature that allows for very flexible geo-distributed operations. Together with Apache PouchDB it provides the backbone for one of the most mature open source offline-first and local-first set of applications. On the large-scale end, CouchDB is used by national broadcasters, triple A game companies, global freight shipping operators, country-wide supermarket logistics, in big-data sience and research as well has many large-scale healthcare infrastructures. On the smaller end, in the non-profit sector, CouchDB powers the search and rescue software used by SeaWatch e.V. that has been adapted to help with humanitarian relief efforts in war zones. It also is the backbone of multiple medical solutions that operate worldwide to provide healthcare and vaccines to regions with little to no network infrastructure. It played a pivotal role in the 2013-2016 Ebola response in West Africa, provided the core infrastructure for all COVID vaccinations in Bavaria when the first vaccines became available. It is being used in agriculture and farming and it supports service technicians of all varieties in the field. Why do you consider your open source technology project to be relevant and critical? (300 words): Derived from the obvious usefulness of the use-cases listed above, it is obvious to us that CouchDB is a piece of load-bearing infrastructure for countless humanitarian projects. Its benefit to businesses with large-scale storage needs is also clearly demonstrated. Being able to choose an open source and open governance project is critical for either type of organisation and provides significant value. Every day, more people are choosing CouchDB for these use-cases and we consider it important to ensure its continued development. Should CouchDB cease to exist, it would cause considerable humanitarian and economic upheaval for the organisations that have already chosen it for critical infrastructure with no open-source and open-governance alternative available. It would also close the opportunity for future projects and products to benefit from its unique feature set. How does your open source technology benefit the public interest? (300 words): CouchDB’s ease-of-use allows people with little technology knowledge to build reliable and sovereign data management solutions. For example it is at the core of an architecture to allow the Iranian diaspora relay non-censored news to people in Iran. Equally, the nature of offline-first/local-first applications, especially in emergency first-responder and medical fields is an essential piece of infrastructure for scenarios where a reliable internet connectivity cannot be guaranteed. It has been used in building inspection software for avalanche protection routines in the Alps, where even the most modern mobile or satellite network technology struggles to function at all. For technology experts, it provides an long-term stable and open source development platform that allows to build globally spanning, highly available big-data solutions. Please describe the history and state of development of your open source technology (500 words): CouchDB has been an Apache Software Foundation project since 2008 and has had a steady release progress since. New feature versions come out roughly once or twice a year with security and bugfix versions dotted in between. Its current main release series is 3.x. with plans and development for 4.x in progress. It is developed by a dedicated team of about ten people, some of which get at least paid part time to work on CouchDB, with hundreds contributing along the way. CouchDB’s core dependencies are the programming language Erlang, the JavaScript engines Mozilla SpiderMonkey and QuickJS and the Unicode library IBM Components for Unicode (icu). Which Sovereign Tech Resilience services are you interested in?: [x] Direct Contributions Describe why your project needs those services? (optional) (300 words): CouchDB can benefit of modernisations of some of its parts to ensure continued speedy development including responding to critical security vulnerabilities. The existing team currently focusses on feature development and the STA funded work would make it easier for the team to do that work as well as make it easier for newcomers to join the project. One extra note: The CouchDB Project Management Committee Chair Jan Lehnardt is also a CEO at Neighbourhoodie Software, the implementation partner for the Bug Resilience Program. To avoid a conflict of interest, Jan Lehnardt is excusing himself from any official CouchDB project decisions with regards to this application. Should additional statements or affidavits be required, we are happy to provide them. [1] https://www.sovereign.tech/
