Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th

[Owen Nichols]

That's a much better way to put it, Mark.  Thanks!

On 2/4/22, 2:50 PM, "Mark Bretl" <asf.mbr...@gmail.com> wrote:

    I agree with Dan here that bragging about 'one of the quickest' is not
    needed, but noting we are up-to-date with Log4J patches and have
    documentation for mitigation might be a better approach.

    My $.02

    --Mark

    On Fri, Feb 4, 2022 at 11:34 AM Dan Smith <dasm...@vmware.com> wrote:

    > Counting the kafka connector I'm not sure bragging about CVE patching
    > speed is justified, but otherwise looks good to me!
    >
    > -Dan
    > ________________________________
    > From: Nabarun Nag <n...@vmware.com>
    > Sent: Tuesday, February 1, 2022 2:25 PM
    > To: dev@geode.apache.org <dev@geode.apache.org>
    > Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th
    >
    > Thank you for the feedback, please find the new draft with the added
    > review comments.
    >
    > ## Project Activity:
    > We issued 9 releases this quarter which include an updated Log4j2 version
    > to handle the remote code execution CVE. The project had one of the
    > quickest turnaround times from the Log4j2 CVE disclosure to the patch
    > releases with the fix. Apache Geode Kafka Connector 1.1.0 was also 
released
    > this quarter.
    > We have also started the effort to remove the use of deprecated components
    > in the project.
    >
    > > Recent Releases of Apache Geode:
    > > - 1.14.3 was released on 2022-01-25
    > > - 1.13.7 was released on 2022-01-22
    > > - 1.12.8 was released on 2022-01-13
    > > - 1.12.7 was released on 2022-12-17
    > > - 1.13.6 was released on 2021-12-17
    > > - 1.14.2 was released on 2021-12-17
    > > - 1.12.6 was released on 2021-12-11
    > > - 1.13.5 was released on 2021-12-11
    > > - 1.14.1 was released on 2021-12-11
    >
    >
    > ________________________________
    > From: Owen Nichols <onich...@vmware.com>
    > Sent: Tuesday, February 1, 2022 12:39 PM
    > To: dev@geode.apache.org <dev@geode.apache.org>
    > Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th
    >
    > 1.12.8 seems to be missing from the list of releases. Also consider
    > bragging about Geode’s turnaround time from CvE disclosure to patch
    > release…only one other ASF project got theirs out faster than we did.
    >
    >
    > ---
    > Sent from Workspace ONE Boxer<
    > 
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwhatisworkspaceone.com%2Fboxer&amp;data=04%7C01%7Conichols%40vmware.com%7Ce34bc117828b4af0341408d9e830c5a3%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637796118444435049%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=EE2%2BlyfKqAkVYYjbvVWaDftYeloc87GeBEv2klcnXhM%3D&amp;reserved=0
    > >
    >
    > On January 31, 2022 at 1:57:18 PM PST, Dave Barnes <dbar...@apache.org>
    > wrote:
    > LGTM +1
    >
    > On Mon, Jan 31, 2022 at 12:50 PM Nabarun Nag <n...@vmware.com> wrote:
    >
    > > This is a draft of our report to the board. Please let me know if there
    > > are details you'd like me to add!
    > >
    > > --Naba
    > >
    > > ## Description:
    > > The mission of Apache Geode is the creation and maintenance of software
    > > related
    > > to a data management platform that provides real-time, consistent access
    > to
    > > data-intensive applications throughout widely distributed cloud
    > > architectures.
    > >
    > > ## Issues:
    > > There are no Board-level issues at this time.
    > >
    > > ## Membership Data:
    > > Apache Geode was founded 2016-11-15 (5 years ago)
    > > There are currently 115 committers and 54 PMC members in this project.
    > > The Committer-to-PMC ratio is roughly 2:1.
    > >
    > > Community changes, past quarter:
    > > - No new PMC members. Last addition was Donal Evans on 2021-03-22.
    > > - No new committers. Last addition was Alberto Bustamante on 2021-05-13.
    > >
    > > ## Project Activity:
    > > We issued 8 releases this quarter which include an updated Log4j2 
version
    > > to handle the remote code execution CVE. Apache Geode Kafka Connector
    > 1.1.0
    > > was also released this quarter.
    > > We have also started the effort to remove the use of deprecated
    > components
    > > in
    > > the project.
    > >
    > > Recent Releases of Apache Geode:
    > > - 1.14.3 was released on 2022-01-25
    > > - 1.13.7 was released on 2022-01-22
    > > - 1.12.7 was released on 2022-12-17
    > > - 1.13.6 was released on 2021-12-17
    > > - 1.14.2 was released on 2021-12-17
    > > - 1.12.6 was released on 2021-12-11
    > > - 1.13.5 was released on 2021-12-11
    > > - 1.14.1 was released on 2021-12-11
    > >
    > > Work on releasing 1.15.0 is progressing as planned.
    > >
    > > Apache Geode Kafka Connector 1.1.0 was released on 2022-01-18.
    > >
    > > ## Community Health:
    > > - Continuing our monthly video conferences.
    > > - Addition of Kafka Connector project to grow the community.
    > > - Mailing lists are seeing the usual amount of traffic involving
    > > discussions
    > > related to improving performance, operation protocols, etc.
    > >
    > >
    > >
    >