Hi PJ & list, We have now reviewed the remaining dependency licenses to our satisfaction. Everything is in accordance with the Third Party Licensing Policy. I have updated the proposal accordingly.
I have also taken out incubator. of the repo and mailing list names. We are ready to go now, but happy to wait for other votes to settle. Best Jan — > On 24. Mar 2025, at 13:09, PJ Fanning <fannin...@apache.org> wrote: > > I'd forgotten about the licenses. I've never seen this not filled in > before the vote. Maybe someone else on the list can correct this but > it would be my preference to have them filled in before the vote. > > On Mon, 24 Mar 2025 at 12:27, Jan Lehnardt <j...@apache.org> wrote: >> >> Heya PJ, >> >> I was going to do the license legwork on the dependencies and then re-ping >> the thread. >> >> If that can be done after the Vote, I’m happy to call the vote now. If not, >> do not hesitate to start the others while we get the paperwork in order. >> >> Best >> Jan >> — >> >> >>> On 23. Mar 2025, at 14:53, PJ Fanning <fannin...@apache.org> wrote: >>> >>> Jan - do it think it is ok to proceed to a Vote Thread? We might take the >>> lack of email responses on this thread as lazy concurrence. >>> >>> There are a couple of other prospective podlings and it is easier not to >>> have multiple concurrent votes. If there is a reason to day starting a vote >>> then I might start vote threads for Hamilton and Burr (related podlings). >>> >>> >>> On 2025/03/12 12:04:53 PJ Fanning wrote: >>>> Looks like a Confluence issue regarding the New Podling Proposal >>>> template. I see the same issue where 'edit' opens the OpenServerless >>>> proposal. >>>> >>>> Could you remove 'incubator' from the mailing lists and git repo >>>> names? They are not required and it simplifies things not to have it. >>>> >>>> Regarding the licenses for the development time libs, there are not >>>> that many but for completeness, I would prefer to see the licenses >>>> filled in. It's unlikely but one of them could have a very unfriendly >>>> license that says that the lib can't be used in certain cases. >>>> >>>> It would be good if we give the IPMC members a few days to review the >>>> proposal page on Confluence page before we head to a vote. >>>> >>>> On Wed, 12 Mar 2025 at 12:52, Jan Lehnardt <j...@apache.org> wrote: >>>>> >>>>> Hey all, >>>>> >>>>>> On 5. Mar 2025, at 13:26, Jan Lehnardt <j...@apache.org> wrote: >>>>>> >>>>>>> On 5. Mar 2025, at 13:21, PJ Fanning <fannin...@apache.org> wrote: >>>>>>> >>>>>>> * Once you have IPMC membership, you will be able to add this to >>>>>>> https://cwiki.apache.org/confluence/display/INCUBATOR/Proposals >>>>>> >>>>>> Will do! >>>>> >>>>> Done: >>>>> https://cwiki.apache.org/confluence/display/INCUBATOR/PouchDB+Proposal >>>>> >>>>> Aside: the proposal template * has a typo “sort to associate” instead of >>>>> “sought to associate”. I wanted to fix this, but hitting the [Edit] button >>>>> on that page opens the OpenServerless proposal for editing, so I can’t >>>>> make the change. >>>>> >>>>> * >>>>> https://cwiki.apache.org/confluence/display/INCUBATOR/New+Podling+Proposal >>>>> >>>>> >>>>>>> * Could you or someone else fill in the license details for the 3rd >>>>>>> party libs where the tool was unable to work them out? >>>>>> >>>>>> These are dev-time dependencies that would never land in ASF source >>>>>> control >>>>>> or release artefacts or are required to run the release artefact. >>>>>> >>>>>> We are wondering if those do need working out for the sake of the >>>>>> proposal >>>>>> or if we can leave those for later. >>>>> >>>>> Any guidance on this? Unless there are any other blocking things, we’d >>>>> like >>>>> to commence with the vote as per the Incubator Cookbook**. >>>>> >>>>> ** >>>>> https://incubator.apache.org/cookbook/#voting_on_the_incubation_proposal >>>>> >>>>> Best >>>>> Jan >>>>> — >>>>> >>>>> >>>>>> >>>>>> Best >>>>>> Jan >>>>>> — >>>>>>> >>>>>>> On Wed, 5 Mar 2025 at 13:03, Jan Lehnardt <j...@apache.org> wrote: >>>>>>>> >>>>>>>> # ASF Podling Proposal for PouchDB >>>>>>>> >>>>>>>> ## Abstract >>>>>>>> >>>>>>>> PouchDB is an open-source JavaScript database inspired by [Apache >>>>>>>> CouchDB] >>>>>>>> (http://couchdb.apache.org/) that is designed to build offline-capable >>>>>>>> web >>>>>>>> applications. >>>>>>>> >>>>>>>> >>>>>>>> ## Proposal >>>>>>>> >>>>>>>> PouchDB is an open-source JavaScript database inspired by [Apache >>>>>>>> CouchDB] >>>>>>>> (http://couchdb.apache.org/) that is designed to run well within the >>>>>>>> browser. >>>>>>>> PouchDB was created to help web developers build applications that >>>>>>>> work as >>>>>>>> well offline as they do online. >>>>>>>> >>>>>>>> >>>>>>>> ### Background >>>>>>>> >>>>>>>> Established in 2010, PouchDB has been designed as both a first-class >>>>>>>> document >>>>>>>> database for use in a web browser as well as a first-class data >>>>>>>> replication >>>>>>>> peer to Apache CouchDB. PouchDB’s JavaScript API closely mirrors >>>>>>>> CouchDB’s REST >>>>>>>> API and CouchDB’s peer-to-peer data synchronisation protocol allows web >>>>>>>> developers to build database driven applications that work when the >>>>>>>> web browser >>>>>>>> is offline. The replication protocol handles seamless data >>>>>>>> reconciliation when >>>>>>>> one or more peers reconnect after being offline. Peers can be other web >>>>>>>> browser by replicating via WebRTC, or one or more CouchDB instances. >>>>>>>> >>>>>>>> ### Rationale >>>>>>>> >>>>>>>> PouchDB has always been a sister project to Apache CouchDB. Since its >>>>>>>> inception, >>>>>>>> it has changed lead maintainers three times, all of which were >>>>>>>> informally >>>>>>>> running the project on its GitHub repository. With ever increasing >>>>>>>> popularity >>>>>>>> and reliance by mission-critical projects, PouchDB is looking for an >>>>>>>> open source >>>>>>>> foundation to join and has selected the ASF to be close to CouchDB. >>>>>>>> >>>>>>>> >>>>>>>> ### Initial Goals >>>>>>>> >>>>>>>> PouchDB aims to benefit from the ASF’s mature and transparent project- >>>>>>>> and >>>>>>>> community-management policies. >>>>>>>> >>>>>>>> >>>>>>>> ### Current Status >>>>>>>> >>>>>>>> #### Meritocracy >>>>>>>> >>>>>>>> PouchDB has always, if informally, rewarded contributors that have a >>>>>>>> persistent >>>>>>>> contribution history with commit access to the project directly. Over >>>>>>>> its 15- >>>>>>>> year history, core and occasional contributors have come and gone, >>>>>>>> while an >>>>>>>> active set of PouchDB practitioners has always looked after the >>>>>>>> project itself. >>>>>>>> >>>>>>>> >>>>>>>> #### Community >>>>>>>> >>>>>>>> PouchDB comes with an existing and robust developer and user >>>>>>>> community. By >>>>>>>> establishing transparent community guidelines, we hope to grow this >>>>>>>> community >>>>>>>> even further. >>>>>>>> >>>>>>>> >>>>>>>> #### Core Developers >>>>>>>> >>>>>>>> PouchDB is currently maintained by a handful of experienced developers >>>>>>>> that >>>>>>>> have a long history in open source. The current interim project lead >>>>>>>> is an ASF >>>>>>>> member and PMC Chair for Apache CouchDB. All developers are at least >>>>>>>> also end- >>>>>>>> users of Apache CouchDB, while some of them have also been active >>>>>>>> contributors >>>>>>>> on CouchDB. >>>>>>>> >>>>>>>> >>>>>>>> #### Alignment >>>>>>>> >>>>>>>> PouchDB is an established project that looks for long-term stability >>>>>>>> and the ASF >>>>>>>> provides nothing but. PouchDB is used in various mission-critical >>>>>>>> projects and >>>>>>>> would like to benefit from ASF stewardship as a means of making it >>>>>>>> easier to be >>>>>>>> relied on long-term. PouchDB is also Apache 2 licensed already. >>>>>>>> >>>>>>>> >>>>>>>> ### Known Risks >>>>>>>> >>>>>>>> PouchDB’s main risk is stagnation through developer abandonment. In >>>>>>>> its history >>>>>>>> PouchDB had high- medium and low-velocity timespans, but it has always >>>>>>>> attracted >>>>>>>> enough developers (both volunteer and for-pay) to stay afloat. Most >>>>>>>> recently, >>>>>>>> PouchDB is at medium-velocity. Again, the PouchDB project hopes that by >>>>>>>> formalising project management structures, a long-term stability and >>>>>>>> dependability can be achieved. >>>>>>>> >>>>>>>> >>>>>>>> #### Project Name >>>>>>>> >>>>>>>> PouchDB is a tongue-in-cheek pun on its sister project CouchDB. The >>>>>>>> current >>>>>>>> holder of the project domain (pouchdb.com) and previous project lead >>>>>>>> Dale >>>>>>>> Harvey is on board with transferring any naming rights to the ASF. >>>>>>>> >>>>>>>> >>>>>>>> #### Orphaned Products >>>>>>>> >>>>>>>> The current PouchDB maintainers already consist of representatives >>>>>>>> from various >>>>>>>> distinct organisations with strong technical and financial incentives >>>>>>>> to keep >>>>>>>> PouchDB actively maintained. It is unlikely that a significant number >>>>>>>> would up >>>>>>>> and leave the project. >>>>>>>> >>>>>>>> >>>>>>>> #### Inexperience with Open Source >>>>>>>> >>>>>>>> PouchDB is an existing open source project and its maintainers consist >>>>>>>> mostly of >>>>>>>> very experienced developers, including some with over 15 years in >>>>>>>> active open >>>>>>>> source development and one ASF Member and committer since 2008. For >>>>>>>> other >>>>>>>> maintainers, PouchDB was their first open source projects and they >>>>>>>> have since >>>>>>>> contributed to various other projects as well based on their good >>>>>>>> experience >>>>>>>> with PouchDB. >>>>>>>> >>>>>>>> >>>>>>>> #### Length of Incubation >>>>>>>> >>>>>>>> The project aims to graduate within 6–12 months based on the >>>>>>>> experience of the >>>>>>>> Apache CouchDB incubation in 2008 and general maturity of the project >>>>>>>> itself. >>>>>>>> >>>>>>>> >>>>>>>> #### Homogenous Developers >>>>>>>> >>>>>>>> The current PouchDB maintainers consist of people from around the >>>>>>>> world, >>>>>>>> collaborating across all timezones. >>>>>>>> >>>>>>>> >>>>>>>> #### Reliance on Salaried Developers >>>>>>>> >>>>>>>> There is also a healthy mix of maintainers some of which are paid to >>>>>>>> work on >>>>>>>> PouchDB part time, but everyone also contributes in their spare time. >>>>>>>> >>>>>>>> >>>>>>>> #### Relationships with Other Apache Products >>>>>>>> >>>>>>>> PouchDB has been developed as a sister-project to Apache CouchDB. Both >>>>>>>> projects >>>>>>>> are inextricably linked in the sense that every PouchDB user is at >>>>>>>> least also a >>>>>>>> CouchDB user. The reverse is not necessarily true, but in a recent >>>>>>>> CouchDB >>>>>>>> developer survey, 80% of participants stated to use PouchDB with >>>>>>>> CouchDB. >>>>>>>> >>>>>>>> The question of whether PouchDB should join CouchDB as as sub-project >>>>>>>> has been >>>>>>>> raised and it has been decided to not pursue this option. Both >>>>>>>> projects have >>>>>>>> significant technical differences (CouchDB is written in Erlang and >>>>>>>> PouchDB is >>>>>>>> written in JavaScript) so that a joint stewardship would raise more >>>>>>>> problems >>>>>>>> than it solves. Both the PouchDB and CouchDB maintainers agree on this >>>>>>>> point. >>>>>>>> Where needed (APIs, sync protocol), the two teams have worked together >>>>>>>> tightly >>>>>>>> and productively in the past. We don’t see a need to formalise this >>>>>>>> relationship >>>>>>>> to achieve future success. >>>>>>>> >>>>>>>> >>>>>>>> #### A Excessive Fascination with the Apache Brand >>>>>>>> >>>>>>>> As mentioned before, PouchDB is looking for an open source foundation >>>>>>>> that helps >>>>>>>> with long-term project stability and dependability. Both the OpenJS >>>>>>>> Foundation >>>>>>>> and the ASF have been evaluated. In the end, the PouchDB developers >>>>>>>> prefer the >>>>>>>> close proximity to Apache CouchDB. The maintainers believe that people >>>>>>>> having >>>>>>>> to make decision about whether to bet on a PouchDB/CouchDB development >>>>>>>> stack or >>>>>>>> not will have an easier time integrating both projects from a single >>>>>>>> foundation. >>>>>>>> If the ASF won’t have PouchDB, we are happy to reconsider alternatives. >>>>>>>> >>>>>>>> ### Documentation >>>>>>>> >>>>>>>> Project website: https://pouchdb.com/ >>>>>>>> Including blog with release announcements: https://pouchdb.com/blog >>>>>>>> GitHub Project: https://github.com/pouchdb/pouchdb >>>>>>>> >>>>>>>> ### Initial Source >>>>>>>> >>>>>>>> The initial source tree lives at https://github.com/pouchdb/pouchdb >>>>>>>> >>>>>>>> >>>>>>>> ### Source and Intellectual Property Submission Plan >>>>>>>> >>>>>>>> The PouchDB maintainers have yet to decide if they want to migrate the >>>>>>>> existing >>>>>>>> repository to the ASF GitHub organisation or if they want to submit a >>>>>>>> pristine >>>>>>>> copy, but either way, submitting the source code is a few git commands >>>>>>>> away. >>>>>>>> >>>>>>>> The pouchdb.com domain currently held by Dale Harvey is being >>>>>>>> transferred >>>>>>>> to Neighbourhoodie Software which also holds the couchdb.com/net/org >>>>>>>> domains >>>>>>>> in escrow for the Apache CouchDB project. ASF Member and CouchDB PMC >>>>>>>> Chair Jan >>>>>>>> Lehnardt is a shareholder and chief executive at Neighbourhoodie and >>>>>>>> they are >>>>>>>> trusted to hold and manage those domains in escrow until such time a >>>>>>>> transition >>>>>>>> is needed. The website publishing toolchain can be easily adapted to >>>>>>>> the ASF- >>>>>>>> provided web publishing mechanisms. >>>>>>>> >>>>>>>> >>>>>>>> #### External Dependencies >>>>>>>> >>>>>>>> PouchDB depends directly on the following other projects. An automated >>>>>>>> licensing >>>>>>>> scan has revealed the following set of licenses in the dependency tree >>>>>>>> >>>>>>>> Runtime dependencies: three dependencies with to-be-sorted-out licenses >>>>>>>> - argsarray (WTFPL), trivially replaced with a compatible version. >>>>>>>> - fetch-cookie (Unlicense, public-domain), could be fine, but check >>>>>>>> with ASF. >>>>>>>> - readable-stream (incorrectly labelled BSD license), newer versions >>>>>>>> are MIT >>>>>>>> licensed, we should upgrade. >>>>>>>> >>>>>>>> Development dependencies: if applicable, we’ll need to go through >>>>>>>> those and see >>>>>>>> what can be done about them >>>>>>>> >>>>>>>> - argparse@2.0.1: Python-2.0 >>>>>>>> - chai-as-promised@5.3.0: WTFPL >>>>>>>> - configstore@0.3.2: Invalid SPDX expression "BSD" >>>>>>>> - cookie@0.1.2: Invalid license metadata >>>>>>>> - cssmin@0.4.3: Invalid license metadata >>>>>>>> - escape-html@1.0.1: Invalid license metadata >>>>>>>> - esprima-fb@15001.1.0-dev-harmony-fb: Invalid license metadata >>>>>>>> - estraverse@1.9.3: Invalid license metadata >>>>>>>> - event-stream@0.5.3: Invalid license metadata >>>>>>>> - fetch-cookie@2.2.0: Unlicense >>>>>>>> - jsonify@0.0.1: Invalid SPDX expression "Public Domain" >>>>>>>> - JSONStream@0.10.0: Invalid license metadata >>>>>>>> - log-driver@1.2.5: Invalid license metadata >>>>>>>> - mime@1.2.11: Invalid license metadata >>>>>>>> - ms@0.7.0: Invalid license metadata >>>>>>>> - ms@0.6.2: Invalid license metadata >>>>>>>> - pako@1.0.11: (MIT AND Zlib) >>>>>>>> - path-to-regexp@0.1.3: Invalid license metadata >>>>>>>> - ps-tree@0.0.3: Invalid license metadata >>>>>>>> - qs@2.3.3: Invalid license metadata >>>>>>>> - random-uuid-v4@0.0.8: Unlicense >>>>>>>> - semver@2.3.2: Invalid SPDX expression "BSD" >>>>>>>> - sntp@1.0.9: Invalid license metadata >>>>>>>> - source-map@0.2.0: Invalid license metadata >>>>>>>> - truncate-utf8-bytes@1.0.2: WTFPL >>>>>>>> - tslib@2.6.3: 0BSD >>>>>>>> - tweetnacl@0.14.5: Unlicense >>>>>>>> - update-notifier@0.1.10: Invalid license metadata >>>>>>>> >>>>>>>> These are produced with the `licensee` tool, invocations for runtime >>>>>>>> dependencies: >>>>>>>> >>>>>>>> ``` >>>>>>>> licensee --corrections --errors-only --production >>>>>>>> ``` >>>>>>>> >>>>>>>> and for development dependencies: >>>>>>>> >>>>>>>> ``` >>>>>>>> licensee --corrections --errors-only >>>>>>>> ``` >>>>>>>> >>>>>>>> With the following licenses being permitted >>>>>>>> >>>>>>>> - Apache-2.0 >>>>>>>> - MIT >>>>>>>> - BSD-2-Clause >>>>>>>> - BSD-3-Clause >>>>>>>> - ISC >>>>>>>> - BSD >>>>>>>> >>>>>>>> #### Cryptography >>>>>>>> >>>>>>>> PouchDB does not directly include cryptography code, but makes use of >>>>>>>> in-browser >>>>>>>> TLS. A PouchDB plugin crypto-pouch exists that does record-level >>>>>>>> encryption, but >>>>>>>> it is currently not part of the PouchDB code base. If md5 hashing is >>>>>>>> considered >>>>>>>> cryptography, PouchDB, like CouchDB, makes use of that, just note that >>>>>>>> md5 >>>>>>>> hashing is not used for security relevant operations. >>>>>>>> >>>>>>>> >>>>>>>> ### Required Resources >>>>>>>> >>>>>>>> #### Mailing lists >>>>>>>> >>>>>>>> * d...@pouchdb.incubator.apache.org >>>>>>>> * priv...@pouchdb.incubator.apache.org >>>>>>>> * comm...@pouchdb.incubator.apache.org >>>>>>>> >>>>>>>> >>>>>>>> #### Subversion Directory >>>>>>>> >>>>>>>> n/a >>>>>>>> >>>>>>>> >>>>>>>> #### Git Repositories >>>>>>>> >>>>>>>> * https://gitbox.apache.org/repos/asf/incubator-pouchdb.git >>>>>>>> * https://github.com/apache/incubator-pouchdb.git >>>>>>>> >>>>>>>> >>>>>>>> #### Issue Tracking >>>>>>>> >>>>>>>> GitHub Issues >>>>>>>> >>>>>>>> >>>>>>>> #### Other Resources >>>>>>>> >>>>>>>> PouchDB makes significant use of GitHub Actions for CI. For 2024, we >>>>>>>> have used >>>>>>>> 214,556 total minutes across 53,831 job runs. This can be migrated to >>>>>>>> another >>>>>>>> setup if need be but it’d be great if this carefully crafted setup >>>>>>>> could remain >>>>>>>> in place. >>>>>>>> >>>>>>>> >>>>>>>> ### Initial Committers >>>>>>>> >>>>>>>> Alba Herrerías Ramírez albaherreriasdev at gmail dot com >>>>>>>> Alex Anderson alexanderandersonofandover at gmail dot com >>>>>>>> Diana Belle garbados at apache dot org (CLA) >>>>>>>> Diana Barsan twisteddiana at gmail dot com >>>>>>>> Gareth Bowen gareth at bowenwebdesign dot co dot nz >>>>>>>> Jan Lehnardt jan at apache dot org (CLA) >>>>>>>> James Coglan james at neighbourhood dot ie >>>>>>>> Johannes Schmidt schmidt at tf-fabrik dot de >>>>>>>> Steven-John Lange sourcer85 at gmail dot com >>>>>>>> >>>>>>>> >>>>>>>> ### Sponsors >>>>>>>> >>>>>>>> Alba Herrerías Ramírez Neighbourhoodie Software >>>>>>>> Alex Anderson independent, formerly Medic >>>>>>>> Diana Belle independent >>>>>>>> Diana Barsan Medic >>>>>>>> Gareth Bowen independent, formerly Medic >>>>>>>> Jan Lehnardt Neighbourhoodie Software >>>>>>>> James Coglan Neighbourhoodie Software >>>>>>>> Johannes Schmidt Mozilla / independent >>>>>>>> Steven-John Lange HZData GmbH / independent >>>>>>>> >>>>>>>> >>>>>>>> #### Champion >>>>>>>> >>>>>>>> Jan Lehnardt, CouchDB PMC Chair. >>>>>>>> >>>>>>>> >>>>>>>> #### Nominated Mentors >>>>>>>> >>>>>>>> PJ Fanning (fanningpj at apache dot org) >>>>>>>> Jean-Baptiste Onofré (jb at nanthrax dot net) >>>>>>>> >>>>>>>> >>>>>>>> #### Sponsoring Entity >>>>>>>> >>>>>>>> The Incubator >>>>>>>> >>>>>>>> >>>>>>>> --------------------------------------------------------------------- >>>>>>>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>>>>>>> For additional commands, e-mail: general-h...@incubator.apache.org >>>>>>>> >>>>>> >>>>>> >>>>>> --------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>>>>> For additional commands, e-mail: general-h...@incubator.apache.org >>>>> >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>>> For additional commands, e-mail: general-h...@incubator.apache.org >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>> For additional commands, e-mail: general-h...@incubator.apache.org >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
