Dear Oozie users and devs, We are sorry to inform you that the Apache Software Foundation considers the Oozie project and software no longer fit for purpose - in part as known security issues are not getting resolved timely.
For this reason, the Apache Security Team, a board committee, will be starting the process of moving Oozie to the Attic. Going into the attic is an important step for our users, since that lets end users understand that some software is not actively being maintained - and potentially unsafe. The attic ensures all project data is maintained read-only. This is not something we do lightly: Our formal escalation process for Oozie involved sending reminders to the PMC about the outstanding issues, making a call for volunteers to the community, and finally making a roll call of the PMC members. These did not yield a sufficient response. It is the responsibility of the PMC to ensure security issues are investigated, triaged, communicated, and resolved according to the ASF standard process. An active project requires PMC oversight and the ability to triage and release updates to address security issues. This is not the case at Oozie. So for this reason - Oozie will be moved into the Attic. This process is not irreversible - it is possible for a (new, well-functioning) community to take it out of the attic, or to fork the code and continue outside the ASF. In light of the recent activity around the known security issues, we want to give Oozie a chance to retire on a positive note and publish a final release fixing the current issues. To allow for this, we have set the date for retirement to February 15, 2025. Kind regards, Arnout Engelen ASF Security
