Topics

REPO MIGRATION COMPLETE


Will Hopkins
 

The repo migration is complete. Please take the time to read this email completely, as it explains how access to the repos works now, and what you'll need to know/do in order to contribute going forward.
  • The following repos are now hosted by the Java EE organization:
security-spec  (github.com/javaee/security-spec)
security-api  (github.com/javaee/security-spec)
security-soteria  (github.com/javaee/security-spec)
    • The security-api and security-soteria repos were transferred within github, so existing forks are still "connected", and existing clones should be redirected appropriately on push/pull. All commits, branches, tags, issues, etc., are intact. That said, it's probably a good idea to save any work in progress, delete existing forks/clones, and start fresh.
    • The security-spec repo was not transferred, instead it was cloned into an existing repo, with the same name, that already existed under the Java EE org. We lost the pull request history, but nothing else, AFAICT. All branches, commits, contributor information, etc., was carried over. You will need to recreate any existing forks or clones, or reconfigure them to point at the new repo. Access to the old security-spec repo has been disabled. I plan to delete it after the new repo has been "live" for a reasonable amount of time.
  • Access will work a little differently now:
    • For all three repos, members of the "Java EE Security Team" have write access to the repo. That means you can create branches, push to the repo, and create/update issues.
    • For the security-spec and security-api repos, the "master" branch is protected, so that only an organization or repo owner can push to it. I'm considering protecting the master branch of soteria such that pushing to master requires an approved review by someone with write access.
    • If you're not a member of the team, you can still submit a pull request or create an issue, but you won't be able to push changes or update issues. (And the pull request won't be accepted if you haven't signed the OCA, see below.)
    • Members of the team currently are myself, Arjan, Ivar, Alex Kosowski, and Ed Bratt. I have sent Guillermo an invitation to join the Java EE organization; assuming he accepts, he'll be added to the team as well.
  • If you intend to contribute, you MUST sign the OCA, and you SHOULD join the Java EE organization (for easier access):
    • All contributors must sign the Oracle Contributor Agreement (OCA), as explained here (http://www.oracle.com/technetwork/community/oca-486395.html). I was surprised to find that some EG members and "official" contributors (per the JCP site) aren't listed as having signed, including Werner, Rudy, and Ashley Richardson, apparently the OCA is distinct from what the JCP requires.
    • If you have signed the OCA and are a member of the Java EE organization, I'll add you to the "Java EE Security Team".
    • If you are not a member of the Java EE organization, and you'd like to be, and you've signed the OCA, let me know -- I'll send you an invite.
    • Note that that, when joining the Java EE organization, you are strongly encouraged, but not (yet) required, to:
      • Enable 2FA
      • Make your real name publicly visible
      • Update your avatar
Thanks for paying attention this long. If you have questions or have trouble getting access to the repos, let me know.

Regards,

Will

-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803


Rudy De Busscher
 

For correctness, these are the URLs

security-spec  (github.com/javaee/security-spec)
security-api  (github.com/javaee/security-api)
security-soteria  (github.com/javaee/security-soteria)
Best regards
Rudy

    On 21 July 2017 at 05:13, Will Hopkins <will.hopkins@...> wrote:
    The repo migration is complete. Please take the time to read this email completely, as it explains how access to the repos works now, and what you'll need to know/do in order to contribute going forward.
    • The following repos are now hosted by the Java EE organization:
    security-spec  (github.com/javaee/security-spec)
    security-api  (github.com/javaee/security-spec)
    security-soteria  (github.com/javaee/security-spec)
      • The security-api and security-soteria repos were transferred within github, so existing forks are still "connected", and existing clones should be redirected appropriately on push/pull. All commits, branches, tags, issues, etc., are intact. That said, it's probably a good idea to save any work in progress, delete existing forks/clones, and start fresh.
      • The security-spec repo was not transferred, instead it was cloned into an existing repo, with the same name, that already existed under the Java EE org. We lost the pull request history, but nothing else, AFAICT. All branches, commits, contributor information, etc., was carried over. You will need to recreate any existing forks or clones, or reconfigure them to point at the new repo. Access to the old security-spec repo has been disabled. I plan to delete it after the new repo has been "live" for a reasonable amount of time.
    • Access will work a little differently now:
      • For all three repos, members of the "Java EE Security Team" have write access to the repo. That means you can create branches, push to the repo, and create/update issues.
      • For the security-spec and security-api repos, the "master" branch is protected, so that only an organization or repo owner can push to it. I'm considering protecting the master branch of soteria such that pushing to master requires an approved review by someone with write access.
      • If you're not a member of the team, you can still submit a pull request or create an issue, but you won't be able to push changes or update issues. (And the pull request won't be accepted if you haven't signed the OCA, see below.)
      • Members of the team currently are myself, Arjan, Ivar, Alex Kosowski, and Ed Bratt. I have sent Guillermo an invitation to join the Java EE organization; assuming he accepts, he'll be added to the team as well.
    • If you intend to contribute, you MUST sign the OCA, and you SHOULD join the Java EE organization (for easier access):
      • All contributors must sign the Oracle Contributor Agreement (OCA), as explained here (http://www.oracle.com/technetwork/community/oca-486395.html). I was surprised to find that some EG members and "official" contributors (per the JCP site) aren't listed as having signed, including Werner, Rudy, and Ashley Richardson, apparently the OCA is distinct from what the JCP requires.
      • If you have signed the OCA and are a member of the Java EE organization, I'll add you to the "Java EE Security Team".
      • If you are not a member of the Java EE organization, and you'd like to be, and you've signed the OCA, let me know -- I'll send you an invite.
      • Note that that, when joining the Java EE organization, you are strongly encouraged, but not (yet) required, to:
        • Enable 2FA
        • Make your real name publicly visible
        • Update your avatar
    Thanks for paying attention this long. If you have questions or have trouble getting access to the repos, let me know.

    Regards,

    Will

    -- 
    Will Hopkins | WebLogic Security Architect | +1.781.442.0310
    Oracle Application Development
    35 Network Drive, Burlington, MA 01803
    



    Will Hopkins
     

    Right, thanks for catching that.


    On July 21, 2017 5:00:58 AM EDT, Rudy De Busscher <rdebusscher@...> wrote:
    For correctness, these are the URLs

    security-spec  (github.com/javaee/security-spec)
    security-api  (github.com/javaee/security-api)
    security-soteria  (github.com/javaee/security-soteria)
    Best regards
    Rudy

      On 21 July 2017 at 05:13, Will Hopkins <will.hopkins@...> wrote:
      The repo migration is complete. Please take the time to read this email completely, as it explains how access to the repos works now, and what you'll need to know/do in order to contribute going forward.
      • The following repos are now hosted by the Java EE organization:
      security-spec  (github.com/javaee/security-spec)
      security-api  (github.com/javaee/security-spec)
      security-soteria  (github.com/javaee/security-spec)
        • The security-api and security-soteria repos were transferred within github, so existing forks are still "connected", and existing clones should be redirected appropriately on push/pull. All commits, branches, tags, issues, etc., are intact. That said, it's probably a good idea to save any work in progress, delete existing forks/clones, and start fresh.
        • The security-spec repo was not transferred, instead it was cloned into an existing repo, with the same name, that already existed under the Java EE org. We lost the pull request history, but nothing else, AFAICT. All branches, commits, contributor information, etc., was carried over. You will need to recreate any existing forks or clones, or reconfigure them to point at the new repo. Access to the old security-spec repo has been disabled. I plan to delete it after the new repo has been "live" for a reasonable amount of time.
      • Access will work a little differently now:
        • For all three repos, members of the "Java EE Security Team" have write access to the repo. That means you can create branches, push to the repo, and create/update issues.
        • For the security-spec and security-api repos, the "master" branch is protected, so that only an organization or repo owner can push to it. I'm considering protecting the master branch of soteria such that pushing to master requires an approved review by someone with write access.
        • If you're not a member of the team, you can still submit a pull request or create an issue, but you won't be able to push changes or update issues. (And the pull request won't be accepted if you haven't signed the OCA, see below.)
        • Members of the team currently are myself, Arjan, Ivar, Alex Kosowski, and Ed Bratt. I have sent Guillermo an invitation to join the Java EE organization; assuming he accepts, he'll be added to the team as well.
      • If you intend to contribute, you MUST sign the OCA, and you SHOULD join the Java EE organization (for easier access):
        • All contributors must sign the Oracle Contributor Agreement (OCA), as explained here (http://www.oracle.com/technetwork/community/oca-486395.html). I was surprised to find that some EG members and "official" contributors (per the JCP site) aren't listed as having signed, including Werner, Rudy, and Ashley Richardson, apparently the OCA is distinct from what the JCP requires.
        • If you have signed the OCA and are a member of the Java EE organization, I'll add you to the "Java EE Security Team".
        • If you are not a member of the Java EE organization, and you'd like to be, and you've signed the OCA, let me know -- I'll send you an invite.
        • Note that that, when joining the Java EE organization, you are strongly encouraged, but not (yet) required, to:
          • Enable 2FA
          • Make your real name publicly visible
          • Update your avatar
      Thanks for paying attention this long. If you have questions or have trouble getting access to the repos, let me know.

      Regards,

      Will

      -- 
      Will Hopkins | WebLogic Security Architect | +1.781.442.0310
      Oracle Application Development
      35 Network Drive, Burlington, MA 01803
      



      --
      Will Hopkins | WebLogic Security Architect | +1.781.442.0310
      Oracle Application Development
      35 Network Drive, Burlington, MA 01803


      Arjan Tijms
       

      Hi,

      Thanks for taking the time to write this down and push the migration Will, great work!

      I'll check out everything fresh here. Thx!

      Kind regards,
      Arjan Tijms




      On Fri, Jul 21, 2017 at 5:13 AM, Will Hopkins <will.hopkins@...> wrote:
      The repo migration is complete. Please take the time to read this email completely, as it explains how access to the repos works now, and what you'll need to know/do in order to contribute going forward.
      • The following repos are now hosted by the Java EE organization:
      security-spec  (github.com/javaee/security-spec)
      security-api  (github.com/javaee/security-spec)
      security-soteria  (github.com/javaee/security-spec)
        • The security-api and security-soteria repos were transferred within github, so existing forks are still "connected", and existing clones should be redirected appropriately on push/pull. All commits, branches, tags, issues, etc., are intact. That said, it's probably a good idea to save any work in progress, delete existing forks/clones, and start fresh.
        • The security-spec repo was not transferred, instead it was cloned into an existing repo, with the same name, that already existed under the Java EE org. We lost the pull request history, but nothing else, AFAICT. All branches, commits, contributor information, etc., was carried over. You will need to recreate any existing forks or clones, or reconfigure them to point at the new repo. Access to the old security-spec repo has been disabled. I plan to delete it after the new repo has been "live" for a reasonable amount of time.
      • Access will work a little differently now:
        • For all three repos, members of the "Java EE Security Team" have write access to the repo. That means you can create branches, push to the repo, and create/update issues.
        • For the security-spec and security-api repos, the "master" branch is protected, so that only an organization or repo owner can push to it. I'm considering protecting the master branch of soteria such that pushing to master requires an approved review by someone with write access.
        • If you're not a member of the team, you can still submit a pull request or create an issue, but you won't be able to push changes or update issues. (And the pull request won't be accepted if you haven't signed the OCA, see below.)
        • Members of the team currently are myself, Arjan, Ivar, Alex Kosowski, and Ed Bratt. I have sent Guillermo an invitation to join the Java EE organization; assuming he accepts, he'll be added to the team as well.
      • If you intend to contribute, you MUST sign the OCA, and you SHOULD join the Java EE organization (for easier access):
        • All contributors must sign the Oracle Contributor Agreement (OCA), as explained here (http://www.oracle.com/technetwork/community/oca-486395.html). I was surprised to find that some EG members and "official" contributors (per the JCP site) aren't listed as having signed, including Werner, Rudy, and Ashley Richardson, apparently the OCA is distinct from what the JCP requires.
        • If you have signed the OCA and are a member of the Java EE organization, I'll add you to the "Java EE Security Team".
        • If you are not a member of the Java EE organization, and you'd like to be, and you've signed the OCA, let me know -- I'll send you an invite.
        • Note that that, when joining the Java EE organization, you are strongly encouraged, but not (yet) required, to:
          • Enable 2FA
          • Make your real name publicly visible
          • Update your avatar
      Thanks for paying attention this long. If you have questions or have trouble getting access to the repos, let me know.

      Regards,

      Will

      -- 
      Will Hopkins | WebLogic Security Architect | +1.781.442.0310
      Oracle Application Development
      35 Network Drive, Burlington, MA 01803