Move security-examples repo to Java EE org at GitHub?


Will Hopkins
 

All:

I'd like to make the security-examples repo an "official" repo for the JSR, and move it into the Java EE org. The GF doc/samples team is looking for JSR-375 samples, and it makes sense to me to keep this repo as the home for JSR-375 samples. Does that work for everyone?

Also, we'll eventually need to clean up/delete the javaee-security-spec org since the JSR's official home is now the Java EE org. There is a stale copy of the security-spec repo that can be deleted; other than that, and assuming security-examples is moved, the only remaining repo is the security-proposals where, if I understand the history, some of the initial proposals/POCs were kept.

Do we need the security-proposals repo? If so, which content specifically? Could it be kept somewhere else?

Will
-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Developer Experience
35 Network Drive, Burlington, MA 01803


Werner Keil
 

Adam had this "Java EE Best Practices" repo once, but it may have died with kenai.com.

Java EE Examples would sound more like the examples, but in theory https://github.com/javaee-samples could host the proposals, because it has a lot of fancy stuff like Docker or JBoss Forge samples.

Arjan, do you have admin rights there? Or somebody else?
Otherwise I could only think of a personal repo by someone.

Werner


Will Hopkins
 

Werner, I'm not sure what this is in reference to. Is it the security-proposals repo?

If so, I think the question is about the nature and value of the content, and whether, therefore, it should be preserved.

I just took a look at what's there, and I think we actually implemented almost all of it -- everything except the "authorization" module -- so maybe the thing to do is to zip up the authorization module, and attach it to a security-spec issue for a future 1.1 or MR release. That way it will be available as a starting point for any future work we undertake. (If we can't attach files, perhaps we can check it into gh-pages and link to it from the issue.)

Does that seem reasonable?

On 08/15/2017 12:02 PM, Werner Keil wrote:
Adam had this "Java EE Best Practices" repo once, but it may have died with kenai.com.

Java EE Examples would sound more like the examples, but in theory https://github.com/javaee-samples could host the proposals, because it has a lot of fancy stuff like Docker or JBoss Forge samples.

Arjan, do you have admin rights there? Or somebody else?
Otherwise I could only think of a personal repo by someone.

Werner

-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Developer Experience
35 Network Drive, Burlington, MA 01803


Werner Keil
 

I'd say take a look at everything that may not be done yet, and probably create a "candidate" GitHub ticket either in the Spec or API project?;-)


Guillermo González de Agüero
 



El mar., 15 de agosto de 2017 18:11, Will Hopkins <will.hopkins@...> escribió:
Werner, I'm not sure what this is in reference to. Is it the security-proposals repo?

If so, I think the question is about the nature and value of the content, and whether, therefore, it should be preserved.

I just took a look at what's there, and I think we actually implemented almost all of it -- everything except the "authorization" module -- so maybe the thing to do is to zip up the authorization module, and attach it to a security-spec issue for a future 1.1 or MR release. That way it will be available as a starting point for any future work we undertake. (If we can't attach files, perhaps we can check it into gh-pages and link to it from the issue.)
I was about to propose that. Moving it to the gh-pages branch (or another "proposals" branch, linked from the website) would be enough for me. That, in addition to the old java.net documents would constitute a solid historic reference.


Does that seem reasonable?


On 08/15/2017 12:02 PM, Werner Keil wrote:
Adam had this "Java EE Best Practices" repo once, but it may have died with kenai.com.

Java EE Examples would sound more like the examples, but in theory https://github.com/javaee-samples could host the proposals, because it has a lot of fancy stuff like Docker or JBoss Forge samples.

Arjan, do you have admin rights there? Or somebody else?
Otherwise I could only think of a personal repo by someone.

Werner

-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Developer Experience
35 Network Drive, Burlington, MA 01803


Werner Keil
 

It could be in the issue tracker, a Wiki (if the project uses that) or just parts of the project site, as long as the ideas are there to discuss and maybe act further.
A lot of the code was merely like a "Gist" so not as valuable as the "User Stories" behind it.

Werner


Will Hopkins
 

OK, I'll do that then.

To summarize:
  • I'll move the security-examples repo to the Java EE org, probably within the next several days.
  • At some point soon, I'll preserve the "authorization" proposals from security-proposals, as a security-spec issue, with the code content either attached to the issue or preserved in gh-pages there.
  • I will then delete the remaining, unneeded repos at github.com/javaee-security-spec (i.e., security-spec, which has been cloned to github.com/javaee, and security-proposals, which will no longer have any content that we need to preserve), and the github.com/javaee-security-spec organization itself.
I'm in no hurry to do anything except move the security-examples repo, but will proceed with the rest at some point over the next several weeks if I don't hear any objections.

Regards,

Will

On 08/15/2017 01:29 PM, Guillermo González de Agüero wrote:


El mar., 15 de agosto de 2017 18:11, Will Hopkins <will.hopkins@...> escribió:
Werner, I'm not sure what this is in reference to. Is it the security-proposals repo?

If so, I think the question is about the nature and value of the content, and whether, therefore, it should be preserved.

I just took a look at what's there, and I think we actually implemented almost all of it -- everything except the "authorization" module -- so maybe the thing to do is to zip up the authorization module, and attach it to a security-spec issue for a future 1.1 or MR release. That way it will be available as a starting point for any future work we undertake. (If we can't attach files, perhaps we can check it into gh-pages and link to it from the issue.)
I was about to propose that. Moving it to the gh-pages branch (or another "proposals" branch, linked from the website) would be enough for me. That, in addition to the old java.net documents would constitute a solid historic reference.


Does that seem reasonable?


On 08/15/2017 12:02 PM, Werner Keil wrote:
Adam had this "Java EE Best Practices" repo once, but it may have died with kenai.com.

Java EE Examples would sound more like the examples, but in theory https://github.com/javaee-samples could host the proposals, because it has a lot of fancy stuff like Docker or JBoss Forge samples.

Arjan, do you have admin rights there? Or somebody else?
Otherwise I could only think of a personal repo by someone.

Werner

-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Developer Experience
35 Network Drive, Burlington, MA 01803

-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Developer Experience
35 Network Drive, Burlington, MA 01803