OpenJDK Governing Board Minutes: 2015/4/24
The OpenJDK Governing Board met via conference call on Thursday, 24 April 2015 at 16:00 UTC with the following agenda:
- Vulnerability Group (NDA/License)
- Any other business
Four Board members were present: Georges Saab, Andrew Haley, Doug Lea, and Mark Reinhold.
The intent of these minutes is to capture the conversational flow of the Board's discussion and also to record decisions. If you are interested only in the latter then search for the word "AGREED" throughout the text.
1. Vulnerability Group (NDA/License)
The meeting started with Georges and Andrew providing a summary of what they believed were John's two difficulties with the latest draft legal document:
Concerns around information confidentiality and public announcements
Concerns about pre-existing customer agreements which require disclosure of vulnerabilities
Georges acknowledged that the pre-existing customer agreement situation might be a problem.
Andrew thought it would be nice to address John's confidentiality/announcement issues. Georges said that it was his understanding that the problematic section was very specifically about information received through Group membership, not information the member brought to the Group or that was already known by the member. Doug added that if that was an accurate assessment, he did not think that there was any way to re-word the document to address John's concerns; however, he would be interested to hear possible solutions. He was also open to acknowledging that the section contained room for interpretation and simply move on. After Georges read the definition of confidential information, Andrew (not a lawyer) commented that the definition seemed pretty clear. Georges (not a lawyer) believed that the basic intent was to put restrictions only on information received by virtue of being in the Group.
The Board briefly considered what needed to occur next. Andrew saw no reason to continue speculation about John's concerns. Doug expressed unease about creating a Group which IBM could not join. Georges thought it unfriendly and unwise to call for an immediate vote. He said he would speak to John to understand the issues and to determine possible solutions. The Board asked Georges to emphasize that they wished to move forward to create the Group.
2. Any other business
Andrew raised a question about Vulnerability Group infrastructure. After brief conversation, it was determined that a mailing list with appropriate encryption would meet the Group's bootstrapping needs and would be straight-forward to implement.
Andrew also raised concerns about write access to the OpenJDK bug system. At the present time, the user must be a Project Author. He thought that people who aren't Authors should at least be allowed to create bugs. The other Board members acknowledged that they'd observed the concerns that have been expressed due to the scheduled OpenJFX bug migration.
Georges noted that everybody seemed to agree that there should be only one bug system; however, the different policies between the two systems was problematic. Within the current OpenJDK framework, he asserted that there was leeway to interpret the definition of a "contribution". Thus he thought it may be possible to offer the Author role to OpenJFX Contributors who have already met some unspecified requirement. However, he wondered what should be done for the next set of potential Authors in a similar situation. Georges did not recommend changing the Bylaw's definitions of roles or define new ones. Instead, he suggested focusing on how to optimize workflows through the existing system to accomplish the desired goals.
Andrew appreciated Georges' position but had difficulty reconciling it with his knowledge of other open source projects which do not have restrictions on bug creation. Georges explained that write access to the bug system was intentionally restricted because Oracle has very concrete knowledge of the volume and quality of bug submissions in unrestricted systems. bugreport.java.com allows submission from any user (including anonymous users) making it easy for people to report issues. The reports are filtered and acted upon quite quickly; however there was room for improvement, particularly with respect to tracking and transparency.
Doug dropped off the call saying that he had another commitment but hoped that progress was made.
Mark reminded the Board that anybody could create bug reports via the indirect method of bugreport.java.com. As the original author of the Bylaws, he thought that there was an argument for another kind of role or re-conception of the Author role. However, since changing the Bylaws is difficult, he recommended exploring an adjustment to the threshold of Authorship. The Author guidelines are not part of the Bylaws, so they could be revised to include some number of high quality bug reports as valid references. On Andrew's request, Mark volunteered to send a reply to the OpenJFX thread on behalf of the Board.
At this point the Board adjourned.