Re: Restore write access for all EG members?
I think this is getting blown out of proportion. With the exception of a small change to who can approve a PR, nothing has changed.
Anybody who wants to submit a PR against security-spec or security-api can still do so. All PRs will be reviewed in a timely fashion, and potentially committed. This is not materially different from what the situation was two weeks ago, except that the list of approvers is shorter than it was. It is not the case that we are no longer accepting commits, and there is no need to create new repos to do work.
Also, as others have noted, the soteria repo is still open to all, precisely because there is more work going on there, and because the RI is not as "public" as the API -- it's not documented as part of the spec -- and therefore has more capacity to absorb changes at this point in the process.
I did not expect this to be such a controversial change -- in my experience, it's a pretty typical practice used to keep code stable as a release approaches, and I did say, when I announced I was locking the repos, that I intended to keep the access limited after the PRD was published (although, in hindsight, I probably did not state it as clearly as I should have).
I'll give some thought to opening this back up, but I want to re-iterate the basic concerns here:
Meanwhile, please feel free to submit PRs against any of the repos for changes you think are needed. The soteria repo is still wide open, and PRs for the spec and API repos will be reviewed promptly.
P.S. Regarding the naming scheme for our repos under the javaee org, they will all be prefixed by "security-", so that they are easy to find. Two of the repos already have the "security-" prefix. The soteria repo will be renamed to "security-soteria".
On 06/01/2017 03:36 AM, Rudy De Busscher wrote:
-- Will Hopkins | WebLogic Security Architect | +1.781.442.0310 Oracle Application Development 35 Network Drive, Burlington, MA 01803