I agree we need a strong enough community to be able to fix the security issues in house.
For the security patch release, it's hard for the forked project to keep track of all the security reports. We may only know about the security issue when Lightbend does the release. If the Lightbend employee doesn't submit the security patch PR to the forked project first, we may have some trouble to 'port' those patches to the forked project. Willem Jiang Twitter: willemjiang Weibo: 姜宁willem On Tue, Sep 27, 2022 at 5:55 PM PJ Fanning <fannin...@gmail.com> wrote: > > Thanks Willem for taking the time to look into this. > > The license change means the fork project will not be able to cherry > pick future fixes from Lightbend - at least not readily. > > On a case by case basis, we could request that the PR submitter also > contribute them to the fork project. > > In some cases, the critical fix might be submitted to the fork first > and it may be easier for the Lightbend team to cherry pick those cases > than it is for the fork team to do the opposite. > > The real hope would be that the fork can attract a strong enough > community that any security issues can be fixed in house. > > The core of Akka is quite stable at this point so hopefully critical > bugs should be rare. It's possible that some of the less used non-core > code might be more susceptible to having issues. > > Links for recent security issues in Akka: > * https://doc.akka.io/docs/akka/current/security/index.html > * https://doc.akka.io/docs/akka-http/current/security.html > > > On Tue, 27 Sept 2022 at 02:30, Willem Jiang <willem.ji...@gmail.com> wrote: > > > > After going through the FAQ of the Akka license, it looks like we > > cannot backport the BSL codes to the Apache License branch. > > > > > If there is a newer version of the software under BSL, can I backport any > > > of the code to an older, Open Source, version of Akka? > > > > > No. In this circumstance, you would either violate Lightbend’s copyright > > > by re-releasing the code under Open Source, or you would violate the > > > earlier Akka version’s Apache license by introducing incompatible BSL > > > code (i.e., code subject to a use limitation not allowed by the Open > > > Source Apache 2.0 license). > > > > It will cause us a lot of effort to maintain the code, even if we just > > want to backport some critical bug fixes. > > > > [1]https://www.lightbend.com/akka/license-faq > > > > Willem Jiang > > > > Twitter: willemjiang > > Weibo: 姜宁willem > > > > On Tue, Sep 27, 2022 at 6:25 AM Ralph Goers <ralph.go...@dslextreme.com> > > wrote: > > > > > > Before going too far with this I would be interested to know: > > > 1. Who the initial committers/PMC members would be. > > > 2. How much familiarity the proposed people already have with the code > > > base. > > > 3. How diverse the community is from an employment point of view. > > > > > > In other words, I would be concerned if this is pushed by just 3 or 4 > > > people, > > > none of which have ever spent much time in the code, and who all work for > > > the same employer. > > > > > > Ralph > > > > > > > On Sep 26, 2022, at 11:11 AM, PJ Fanning <fannin...@gmail.com> wrote: > > > > > > > > Hi everyone, > > > > > > > > Apologies if this is not the right mailing list. If it is not, please > > > > let me know and I'll switch the thread to the right list. > > > > > > > > Lighbend [1], the company that maintains the popular open source > > > > framework, Akka [2], recently announced they are moving Akka to a > > > > non-OSS commercial license [3]. > > > > > > > > There is interest in the OSS community in forking Akka under a new > > > > name and maintaining it as an ASF project [4]. > > > > > > > > It is early days yet but there is some discussion online [5]. > > > > > > > > Reading the incubator cookbook, a new podling would need to have > > > > champions and mentors from within the Incubator PMC [6]. > > > > > > > > I would like to put my name forward for such a role, as an existing > > > > ASF member [7]. > > > > > > > > If anyone else in the Incubator PMC would like to get involved, that > > > > would be great. > > > > > > > > Regards, > > > > PJ > > > > > > > > [1] https://www.lightbend.com/ > > > > [2] https://akka.io/ > > > > [3] https://www.lightbend.com/akka/license-faq > > > > [4] https://github.com/mdedetrich/akka-apache-project > > > > [5] https://github.com/mdedetrich/akka-apache-project/discussions/9 > > > > [6] > > > > https://incubator.apache.org/cookbook/#does_our_project_fit_the_apache_incubator > > > > [7] https://whimsy.apache.org/roster/committer/fanningpj > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
