OpenJDK Governing Board Minutes: 2015/5/7

The OpenJDK Governing Board met via conference call on Thursday, 7 May 2015 at 16:00 UTC with the following agenda:

  1. OpenJDK Scorecard, 2014 edition
  2. Vulnerability Group (NDA/License)
  3. Any other business

Five Board members were present: Georges Saab, John Duimovich, Andrew Haley, Doug Lea, and Mark Reinhold.

Donald Smith (Oracle) was a guest presenter.

The intent of these minutes is to capture the conversational flow of the Board's discussion and also to record decisions. If you are interested only in the latter then search for the word "AGREED" throughout the text.

1. OpenJDK Scorecard, 2014 edition

Georges introduced Donald Smith to present the Scorecard results.

Donald began by verifying that everybody had received and reviewed his previously submitted document. This is the third year of the survey. Unlike previous years, this year's survey was aligned with the calendar year. The survey's objective was to gather, collect, and analyze feedback from the OpenJDK community to spot trends, areas that are going well, and opportunities for improvement. Donald noted that there were a reasonable number of respondents, though there was a definite downward trend over the past three years. There were two parts of the survey: the community portion for evaluation of the entire community and the per-Project survey for feedback for a respondent-identified Project. Only JDK 9 and OpenJFX were identified by more than one respondent. Last year, the Scorecard provided data for JDK 7u and JDK 8. The change in Projects was expected.

Feedback was very similar to last year's. There was nothing especially notable. Several respondents indicated that they weren't aware of particular aspects of the Community. Given the decline in the number of respondents and the survey drop-out rate of about 50%, Donald recommended that the Board consider streamlining the survey. He saw value in the current survey if there were at least 50 respondents.

Doug agreed saying that he too did not see anything of concern for JDK 9. Based on the survey results, he thought the OpenJFX Project was not happy. He noted that their problems were already being discussed on openjfx-dev. Regarding the recommendation to streamline the survey, Georges suggested that the Board think about introducing a simplified version but give people the option of doing the original, longer survey. John expressed concern about the "0" for quarterly status reports. Georges reminded him that the GB had previously declined to enforce the quarterly report requirement at a previous meeting so the "0" was expected. Doug added that the score was "0" in previous years for the same reason. He also thought that the some improved scores indicated that people were satisfied with the available information. Doug reminded the Board that the next time the Bylaws were updated, the quarterly report requirements should be removed. Mark agreed. To close this agenda item, the Board agreed to the following:

AGREED: The Governing Board will adopt the OpenJDK Scorecard, 2014 edition as the 2014 annual report.

AGREED: The Governing Board will identify areas of focus for the coming year at a future meeting.

AGREED: The Governing Board will discuss the shape of the next survey in the Fall.

2. Vulnerability Group (NDA/License)

Georges reported that he spoke to John. John's concerns were more subtle than what was discussed at the previous Board meeting. John wanted to understand what actions would be deemed as disclosure. For example, can a vendor have a limited roll-out (perhaps to a customer cloud) of a solution or work-around to a vulnerability which was not publically known? John elaborated saying their customer releases include an announcement and documentation of changes. He suggested that "commercial availability" may not be equivalent to an announcement.

Georges stated that he'd already spoken to Oracle attorneys who had produced modified text. After Georges read the new text, John believed it addressed his needs, but legal review was required. Georges summarized saying that the intent of the document was not to prevent anybody from doing what was necessary to make things safe as long as the result of the action did not result in disclosure of confidential information. Doug said that he was beginning to appreciate the cleverness of the wording. Georges committed to sending the Board an updated draft of the document

At this point the Board adjourned.