GitHub Actions Generated Pelican Build
diff --git a/output/account-mgmt.html b/output/account-mgmt.html
index 040da78..d9560a3 100644
--- a/output/account-mgmt.html
+++ b/output/account-mgmt.html
@@ -86,19 +86,20 @@
your <code>@apache.org</code> address (which forwards to your non-apache email account) a short-lived password reset link. The link may be encrypted to <a href="https://home.apache.org/keys/committer/" target="_blank">your PGP key</a>.</li>
<li>decrypting the e-mail - one way to do this is to save the e-mail contents as a text file, e.g. <code>password.txt</code>. Open a shell command window, and run the following command:</li>
</ol>
-<pre><code>gpg -d password.txt</code>
-</code></pre>
+<div class="highlight"><pre><span></span><code>gpg -d password.txt</code>
+</code></pre></div>
+
<p>This should decrypt the file and display the output in the window.</p>
-<ol start="3">
+<ol>
<li>
<p>If you have lost access to your registered email address, file an additional ICLA with Secretary. Follow the directions for <a href="https://www.apache.org/licenses/#submitting" target="_blank">submitting an ICLA</a>. Include your current Apache ID and mention in your cover email that you are requesting a change to your email address.</p>
</li>
<li>
<p>If that didn't work, email <code>root@</code>. In your email, mention the following information:</p>
</li>
-</ol>
-<ul>
-<li>Your username.</li>
+<li>
+<p>Your username.</p>
+</li>
<li>The fact that you have tried a self-service password reset, and why it didn't work. (Was the mail received? Did you decrypt it successfully?)</li>
<li>Why you need to regain access to your Apache account -- e.g., if it is to work on a <a href="https://www.apache.org/foundation/" target="_blank">foundation project</a>, name that project; or if you are a <a href="https://www.apache.org/foundation/members" target="_blank">foundation member</a>, state that.</li>
<li>Whether you have SFTP access to <code>home.apache.org</code> or SSH access to a project VM via public-key authentication.</li>
@@ -108,17 +109,16 @@
<li>For (<a href="https://www.apache.org/foundation/members" target="_blank">ASF Members</a> only, whether the contact information in your <code>members.txt</code> entry is valid.</li>
<li>Whether you are able to send a new ICLA, with the same signature as your original one, which specifies new contact information.</li>
<li>Whether there is any other way in which we (Infra) might satisfy ourselves that you are the legitimate owner of that account.</li>
-</ul>
+</ol>
<p><strong>Note</strong>: please do not ask other ASF committers or Members to email root@ to vouch for you.</p>
<h3>Multi Factor Authentication</h3>
<p>Infra will soon provide multi-factor authentication (MFA) for account logins. Documentation related to setting up and using multi-factor authentication will be provided here when the service is ready.</p>
-<p>You are welcome to review the <a href="<a href="https://infra.apache.org/mfa.html%3Edraft">https://infra.apache.org/mfa.html>draft</a> MFA policy and the related draft policy on <a href="https://infra.apache.org/mfa-reset.html">https://infra.apache.org/mfa-reset.html</a>resetting MFA if access has been lost.</p>
+<p>You are welcome to review the <a href="https://infra.apache.org/mfa.html>draft MFA policy</a> and the related draft policy on <a href="https://infra.apache.org/mfa-reset.html">https://infra.apache.org/mfa-reset.html</a>resetting MFA if access has been lost</a>.</p>
<p><strong>Note</strong>: If you are using GitHub, you must also use GitHub's MFA, which is separate from the Apache MFA. If you are having trouble logging in to GitHub (or some other service) or to Apache, make sure you are using the correct entries for the MFA in question.</p>
<h2>Account removal</h2>
-<p>Occasionally we need to remove an account - either by request or because the committer is deceased or, in rare cases, because the ASF is forcibly removing the committer.</p>
+<p>Occasionally we need to remove an account - either by request or because the committer is deceased or, in rare cases, because the ASF is forcibly removing the committer. </p>
<p>In practice, we almost never actually remove an LDAP account; we just remove the committer from all LDAP groups and mailing lists they have belonged to.</p>
<p>An exception would be responding to a GDPR/PII request by a committer. If you wish to make such a request, open an Infra Jira ticket, state the circumstances, and provide your account information (not the password).</p>
-
</div>
</div>
</div>
diff --git a/output/apache-github.html b/output/apache-github.html
index a5483a8..4b8559a 100644
--- a/output/apache-github.html
+++ b/output/apache-github.html
@@ -76,9 +76,9 @@
<p>The ASF has a <a href="https://github.com/apache" target="_blank">presence on GitHub</a>.</p>
<p><strong>Can I write to repositories at GitHub</strong>?</p>
<p>If your project is currently hosted on Gitbox then you can push to GitHub.
-In order to get write access to repositories, you will need to visit our <a href="https://gitbox.apache.org/boxer/">Boxer</a>
-portal, which will guide you through the process of linking your ASF and GitHub accounts. The process only takes
-a minute or two, and will automatically grant you access to all the repositories owned by the projects
+In order to get write access to repositories, you will need to visit our <a href="https://gitbox.apache.org/boxer/">Boxer</a>
+portal, which will guide you through the process of linking your ASF and GitHub accounts. The process only takes
+a minute or two, and will automatically grant you access to all the repositories owned by the projects
you are active on.</p>
<p><strong>To move to GitHub as master follow the steps below:</strong></p>
<ol>
@@ -89,7 +89,6 @@
</ol>
<p><strong>Assign roles</strong></p>
<p>Projects can <a href="github-roles.html">assign roles</a> to people who want access to the project GitHub repositories. Each role gives a different level of access.</p>
-
</div>
</div>
</div>
diff --git a/output/app-upgrade-policy.html b/output/app-upgrade-policy.html
index a83a25a..cc64720 100644
--- a/output/app-upgrade-policy.html
+++ b/output/app-upgrade-policy.html
@@ -78,7 +78,7 @@
<h3>Jenkins</h3>
<p><strong>Main Jenkins instance</strong>
<em>Upgrades once a quarter</em></p>
-<p>Infra follows the <a href="https://jenkins.io/download/lts/" target="_blank">LTS line of releases</a>, which the Jenkins Project releases on a 12 week cycle. Once every three months, on the last Saturday or Sunday of the month following the Jenkins LTS release, ASF Infra upgrades the main instance.</p>
+<p>Infra follows the <a href="https://jenkins.io/download/lts/" target="_blank">LTS line of releases</a>, which the Jenkins Project releases on a 12 week cycle. Once every three months, on the last Saturday or Sunday of the month following the Jenkins LTS release, ASF Infra upgrades the main instance. </p>
<p><strong>Jenkins plugins</strong>
<em>Upgrades once a month</em></p>
<p>We upgrade all plugins (there are more than 200!) before and after the main instance upgrade, as appropriate, and at the end of each month when there is no main instance upgrade to perform.</p>
@@ -88,13 +88,13 @@
<p>Jira gets a new release every two to six weeks, far too often (and unpredictable) for us to upgrade every release they make. Infra upgrades our Jira instance to whatever the latest release is every six months.</p>
<p><strong>Jira plugins</strong>
<em>Upgrades every two months</em></p>
-<p>We upgrade Jira plugins before or after each main instance upgrade, as appropriate, and once every two months between main instance upgrades.</p>
+<p>We upgrade Jira plugins before or after each main instance upgrade, as appropriate, and once every two months between main instance upgrades. </p>
<h3>Confluence</h3>
<p><strong>Main Confluence instance</strong>
<em>Upgrades every six months</em></p>
<p>Our goal is to upgrade Confluence to the latest version twice a year.</p>
<p><strong>Confluence plugins</strong>
-<em>Upgrades every two months</em></p>
+<em>Upgrades every two months</em> </p>
<p>Every two months we perform upgrades to plugins that are compatible with the version of the main Confluence instance we are running.</p>
<h1>Documentation</h1>
<p>Infra documents what we upgraded and when, from what version to what version, on these pages:</p>
@@ -110,7 +110,6 @@
<p>Since Jenkins, Jira and Confluence are <strong>Core Services</strong>, Infra issues a notice of a planned upgrade at least 72 hours ahead of the event on the wiki or a web page and by emails to the <code>builds@apache.org</code> and <code>users@infra.apache.org</code> mailing lists. We add a Twitter notification by <code>ASF Infrabot</code> one hour before upgrades begin.</p>
<h1>In case of emergencies</h1>
<p>Occasionally things go wrong with a main or plugin upgrade, and security issues may arise. If we determine that there is an issue, we will work on it immediately until we resolve it. We will send an email to the relevant list and a notice on X (the former Twitter) about any unexpected downtime.</p>
-
</div>
</div>
</div>
diff --git a/output/apple-dev-program.html b/output/apple-dev-program.html
index de932c4..db84714 100644
--- a/output/apple-dev-program.html
+++ b/output/apple-dev-program.html
@@ -83,7 +83,6 @@
<li>confirm, once Infra has added their name to the participants' list, that they have read, understood and agree to abide by the terms of the Apple Developer Program Agreement</li>
</ul>
<p>The file that tracks participants' confirmations, with additional information for updating it, is <a href="https://svn.apache.org/repos/private/committers/apple-app-store-code-signing/committer-apple-agreement-tracking.txt" target="_blank">here</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/asf-pelican-branches.html b/output/asf-pelican-branches.html
index 9934999..1b2a7fc 100644
--- a/output/asf-pelican-branches.html
+++ b/output/asf-pelican-branches.html
@@ -83,14 +83,14 @@
<p>A successful build will be found at <code>https://www-feature.staged.apache.org/</code>.</p>
<h2>Merging the branch into the trunk</h2>
<p>Once your feature is complete, submit a pull request (PR) from <code>preview/feature</code> to <code>main</code>. Once the PR is merged the site updates to include the updated features.</p>
-<p>GitHub has further information on <a href="https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request#creating-the-pull-request" target="_blank">merging branches</a>.</p>
+<p>GitHub has further information on <a href="https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request#creating-the-pull-request" target="_blank">merging branches</a>. </p>
<h2>Example</h2>
<ol>
<li>
<p>Create <code>preview/bootstrap5</code></p>
</li>
<li>
-<p>Work on <code>preview/bootstrap5</code> branch to update bootstrap to version 5 with preview builds staged at <a href="https://www-bootstrap5.staged.apache.org/">https://www-bootstrap5.staged.apache.org/</a></p>
+<p>Work on <code>preview/bootstrap5</code> branch to update bootstrap to version 5 with preview builds staged at https://www-bootstrap5.staged.apache.org/</p>
</li>
<li>
<p>Submit PR to merge <code>preview/bootstrap</code> back to <code>main</code></p>
@@ -98,17 +98,16 @@
</ol>
<h2>.asf.yaml settings</h2>
<p>These settings in your project's .asf.yaml file do the automatic staging of preview branches.</p>
-<pre><code class="language-yaml">pelican:
- autobuild: preview/*
- target: asf-site
- theme: theme/apache
- whoami: main
+<div class="highlight"><pre><span></span><code><span class="nt">pelican</span><span class="p">:</span>
+<span class="w"> </span><span class="nt">autobuild</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">preview/*</span>
+<span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">asf-site</span>
+<span class="w"> </span><span class="nt">theme</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">theme/apache</span>
+<span class="w"> </span><span class="nt">whoami</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">main</span>
-staging:
- profile: ~
- autostage: preview/*
-</code></pre>
-
+<span class="nt">staging</span><span class="p">:</span>
+<span class="w"> </span><span class="nt">profile</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">~</span>
+<span class="w"> </span><span class="nt">autostage</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">preview/*</span>
+</code></pre></div>
</div>
</div>
</div>
diff --git a/output/asf-pelican-build.html b/output/asf-pelican-build.html
index 89fd0e2..55b8cfb 100644
--- a/output/asf-pelican-build.html
+++ b/output/asf-pelican-build.html
@@ -75,54 +75,57 @@
</h1>
<p>For websites using the ASf-Pelican template and the <a href="https://docs.getpelican.com/en/stable/" target="_blank">Pelican static site generator</a>, configure the build using the <code>pelicanconf.py</code> settings.</p>
<h2>Pelican theme</h2>
-<pre><code class="language-python"># Theme
-THEME = './theme/apache'
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># Theme</span>
+<span class="n">THEME</span> <span class="o">=</span> <span class="s1">'./theme/apache'</span>
+</code></pre></div>
+
<p>See [ASF-Pelican theme][asf-pelican-theme.html] for details about the ASF Theme.</p>
<h2>Plugins</h2>
<p>ASF-Pelican enhances the Pelican environment with plugins. Our environment has its own copy of the <code>asf</code> plugins, and the <code>pelican-build.py</code> script provides <code>pelican-gfm</code>.</p>
-<pre><code class="language-python"># Pelican Plugins
-# pelican-gfm is installed in the buildbot as part of build_pelican.py. It is an ASF Infra custom plugin.
-# other plugins are discoverable and can be installed via pip by mentioning them in requirements.txt
-# You can find plugins here: https://github.com/pelican-plugins
-# Plugins that are custom for this site are found in PLUGIN_PATHS.
-PLUGIN_PATHS = ['./theme/plugins']
-PLUGINS = ['asfgenid', 'asfdata', 'pelican-gfm', 'asfreader']
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># Pelican Plugins</span>
+<span class="c1"># pelican-gfm is installed in the buildbot as part of build_pelican.py. It is an ASF Infra custom plugin.</span>
+<span class="c1"># other plugins are discoverable and can be installed via pip by mentioning them in requirements.txt</span>
+<span class="c1"># You can find plugins here: https://github.com/pelican-plugins</span>
+<span class="c1"># Plugins that are custom for this site are found in PLUGIN_PATHS.</span>
+<span class="n">PLUGIN_PATHS</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'./theme/plugins'</span><span class="p">]</span>
+<span class="n">PLUGINS</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'asfgenid'</span><span class="p">,</span> <span class="s1">'asfdata'</span><span class="p">,</span> <span class="s1">'pelican-gfm'</span><span class="p">,</span> <span class="s1">'asfreader'</span><span class="p">]</span>
+</code></pre></div>
+
<ol>
<li><a href="#data-model">Data Model</a>. The <code>asfdata.py</code> plugin builds a metadata model that is shared with every page.</li>
<li><a href="#pelican-gfm">GFM Content</a>. The <code>pelican-gfm</code> plugin reads <strong>.md</strong>, <strong>.markdown</strong>, <strong>.mkd</strong>, and <strong>.mdown</strong> files and converts the GFM Markdown into HTML.</li>
<li><a href="#ezmd-reader">EZMD Content</a>. The <code>asfreader.py</code> plugin reads <strong>.ezmd</strong> files, injects data, translates ezt, and converts the GFM Markdown into HTML.</li>
<li><a href="#generate-id">Generate ID</a>. The <code>asfgenid.py</code> plugin performs a number of enhancements to the HTML.</li>
</ol>
-<p>See [ASF-Pelican build process][asf-pelican-build.html] for the steps signaled. See [plugins][asf-pelican-plugins.html] for the Python code.</p>
+<p>See [ASF-Pelican build process][asf-pelican-build.html] for the steps signaled. See <a href="../theme/plugins/.">plugins</a>[asf-pelican-plugins.html] for the Python code.</p>
<h2>Tree structure</h2>
<p>Pages and static content are stored in the same tree. Generated content is output with the same relative path, except with an html extension.
These are the necessary settings:</p>
-<pre><code class="language-python">PATH = 'content'
-# Save pages using full directory preservation
-PAGE_PATHS = ['.']
-# Path with no extension
-PATH_METADATA = '(?P<path_no_ext>.*)\..*'
-# We are not slugifying any pages
-ARTICLE_URL = ARTICLE_SAVE_AS = PAGE_URL = PAGE_SAVE_AS = '{path_no_ext}.html'
-# We want to serve our static files mixed with content
-STATIC_PATHS = ['.']
-# we want any html to be served as-is
-READERS = {'html': None}
-# ignore README.md files in the content tree and the interviews and include folders
-IGNORE_FILES = ['README.md','interviews','include']
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">PATH</span> <span class="o">=</span> <span class="s1">'content'</span>
+<span class="c1"># Save pages using full directory preservation</span>
+<span class="n">PAGE_PATHS</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'.'</span><span class="p">]</span>
+<span class="c1"># Path with no extension</span>
+<span class="n">PATH_METADATA</span> <span class="o">=</span> <span class="s1">'(?P<path_no_ext>.*)\..*'</span>
+<span class="c1"># We are not slugifying any pages</span>
+<span class="n">ARTICLE_URL</span> <span class="o">=</span> <span class="n">ARTICLE_SAVE_AS</span> <span class="o">=</span> <span class="n">PAGE_URL</span> <span class="o">=</span> <span class="n">PAGE_SAVE_AS</span> <span class="o">=</span> <span class="s1">'</span><span class="si">{path_no_ext}</span><span class="s1">.html'</span>
+<span class="c1"># We want to serve our static files mixed with content</span>
+<span class="n">STATIC_PATHS</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'.'</span><span class="p">]</span>
+<span class="c1"># we want any html to be served as-is</span>
+<span class="n">READERS</span> <span class="o">=</span> <span class="p">{</span><span class="s1">'html'</span><span class="p">:</span> <span class="kc">None</span><span class="p">}</span>
+<span class="c1"># ignore README.md files in the content tree and the interviews and include folders</span>
+<span class="n">IGNORE_FILES</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'README.md'</span><span class="p">,</span><span class="s1">'interviews'</span><span class="p">,</span><span class="s1">'include'</span><span class="p">]</span>
+</code></pre></div>
+
<h1>Process</h1>
-<p>Pelican uses <a href="https://docs.getpelican.com/en/latest/plugins.html#list-of-signals" target="_blank">signals</a> as it goes through the process of reading and generating content. It processes pages in no particular order.</p>
+<p>Pelican uses <a href="https://docs.getpelican.com/en/latest/plugins.html#list-of-signals" target="_blank">signals</a> as it goes through the process of reading and generating content. It processes pages in no particular order. </p>
<p>Our plugins provide the following activity:</p>
<table>
<thead>
<tr>
<th>Pelican Signal</th>
<th>Step</th>
-<th align="center"><a href="#pelican-gfm">GFM Content</a></th>
-<th align="center"><a href="#ezmd-reader">EZMD Content</a></th>
+<th style="text-align: center;"><a href="#pelican-gfm">GFM Content</a></th>
+<th style="text-align: center;"><a href="#ezmd-reader">EZMD Content</a></th>
<th>Description</th>
</tr>
</thead>
@@ -130,59 +133,61 @@
<tr>
<td>Initialization</td>
<td><a href="#data-model">Data Model</a></td>
-<td align="center"></td>
-<td align="center"></td>
+<td style="text-align: center;"></td>
+<td style="text-align: center;"></td>
<td>Read data sources</td>
</tr>
<tr>
<td>Reader</td>
<td>Class</td>
-<td align="center"><a href="#pelican-gfm">GFMReader</a></td>
-<td align="center"><a href="#ezmd-reader">ASFReader(GFMReader)</a></td>
+<td style="text-align: center;"><a href="#pelican-gfm">GFMReader</a></td>
+<td style="text-align: center;"><a href="#ezmd-reader">ASFReader(GFMReader)</a></td>
<td>Pelican Reader class</td>
</tr>
<tr>
<td></td>
<td><a href="#read-source">Read</a></td>
-<td align="center">read_source</td>
-<td align="center">super.read_source</td>
+<td style="text-align: center;">read_source</td>
+<td style="text-align: center;">super.read_source</td>
<td>Read page source and metadata</td>
</tr>
<tr>
<td></td>
<td><a href="#model-metadata">Model Metadata</a></td>
-<td align="center"></td>
-<td align="center">add_data</td>
+<td style="text-align: center;"></td>
+<td style="text-align: center;">add_data</td>
<td>Add asf data to the model and expand any <code>[{ reference }]</code></td>
</tr>
<tr>
<td></td>
<td><a href="#ezt-translation">Translate</a></td>
-<td align="center"></td>
-<td align="center">ezt</td>
+<td style="text-align: center;"></td>
+<td style="text-align: center;">ezt</td>
<td>ezt template translation</td>
</tr>
<tr>
<td></td>
<td><a href="#render-gfm">Render GFM</a></td>
-<td align="center">render</td>
-<td align="center">super.render</td>
+<td style="text-align: center;">render</td>
+<td style="text-align: center;">super.render</td>
<td>Render GFM/HTML into HTML</td>
</tr>
<tr>
<td>Content</td>
<td><a href="#generate-id">Generate ID</a></td>
-<td align="center">generate_id</td>
-<td align="center">generate_id</td>
+<td style="text-align: center;">generate_id</td>
+<td style="text-align: center;">generate_id</td>
<td>Perform ASF specific HTML enhancements</td>
</tr>
<tr>
<td>Generator</td>
<td><a href="../theme/apache/templates/.">Template</a></td>
-<td align="center">translate</td>
-<td align="center">translate</td>
+<td style="text-align: center;">translate</td>
+<td style="text-align: center;">translate</td>
<td>Create output HTML by pushing the generated content and metadata through the theme's templates</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<p>See [local builds][asf-pelican-local.html] for how to install ASF-Pelican on your system.</p>
<h2>Data model</h2>
<p><strong>ezmd</strong> templates use a shared data model to generate content. There are three types of data:</p>
@@ -205,135 +210,147 @@
<tr>
<td>EZMD Reader</td>
<td>Dictionaries - key-value maps where the value may be another dictionary</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<p>The constants are also available to the <code>asfgenid.py</code> plugin and the [theme's templates][asf-pelican-theme.html].</p>
<p>There are examples of how to <a href="#model-metadata">inject shared metadata</a> below. See the [metadata model][asf-pelican-data.html] for how <code>asfdata.py</code> works to populate the shared metadata.</p>
<h2>Read source</h2>
<p>The systems uses the <code>read_source</code> method to open a file and convert it into a metadata dictionary and text.</p>
<p>Example:</p>
-<pre><code class="language-md">Title: ASF Export Classifications and Source Links
+<div class="highlight"><pre><span></span><code>Title: ASF Export Classifications and Source Links
license: https://www.apache.org/licenses/LICENSE-2.0
asf_headings: False
-#### ASF Project
+<span class="gu">#### ASF Project</span>
...
-</code></pre>
+</code></pre></div>
+
<p>The first three lines specify three <code>metadata</code> key-value pairs.
There is a blank line and the rest is the <code>text</code>.</p>
<p>Code from <code>pelican-gfm</code> with some parts elided.</p>
-<pre><code class="language-python"> def read_source(self, source_path):
- "Read metadata and content from the source."
- ...
- # Fetch the source content, with a few appropriate tweaks
- with pelican.utils.pelican_open(source_path) as text:
+<div class="highlight"><pre><span></span><code> <span class="k">def</span> <span class="nf">read_source</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">source_path</span><span class="p">):</span>
+ <span class="s2">"Read metadata and content from the source."</span>
+ <span class="o">...</span>
+ <span class="c1"># Fetch the source content, with a few appropriate tweaks</span>
+ <span class="k">with</span> <span class="n">pelican</span><span class="o">.</span><span class="n">utils</span><span class="o">.</span><span class="n">pelican_open</span><span class="p">(</span><span class="n">source_path</span><span class="p">)</span> <span class="k">as</span> <span class="n">text</span><span class="p">:</span>
- # Extract the metadata from the header of the text
- lines = text.splitlines()
- for i in range(len(lines)):
- line = lines[i]
- match = GFMReader.RE_METADATA.match(line)
- if match:
- name = match.group(1).strip().lower()
- ...
- metadata[name] = value
- elif not line.strip():
- # blank line
- continue
- else:
- # reached actual content
- break
- ...
- # Reassemble content, minus the metadata
- text = '\n'.join(lines[i:])
+ <span class="c1"># Extract the metadata from the header of the text</span>
+ <span class="n">lines</span> <span class="o">=</span> <span class="n">text</span><span class="o">.</span><span class="n">splitlines</span><span class="p">()</span>
+ <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">lines</span><span class="p">)):</span>
+ <span class="n">line</span> <span class="o">=</span> <span class="n">lines</span><span class="p">[</span><span class="n">i</span><span class="p">]</span>
+ <span class="n">match</span> <span class="o">=</span> <span class="n">GFMReader</span><span class="o">.</span><span class="n">RE_METADATA</span><span class="o">.</span><span class="n">match</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">match</span><span class="p">:</span>
+ <span class="n">name</span> <span class="o">=</span> <span class="n">match</span><span class="o">.</span><span class="n">group</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span><span class="o">.</span><span class="n">strip</span><span class="p">()</span><span class="o">.</span><span class="n">lower</span><span class="p">()</span>
+ <span class="o">...</span>
+ <span class="n">metadata</span><span class="p">[</span><span class="n">name</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span>
+ <span class="k">elif</span> <span class="ow">not</span> <span class="n">line</span><span class="o">.</span><span class="n">strip</span><span class="p">():</span>
+ <span class="c1"># blank line</span>
+ <span class="k">continue</span>
+ <span class="k">else</span><span class="p">:</span>
+ <span class="c1"># reached actual content</span>
+ <span class="k">break</span>
+ <span class="o">...</span>
+ <span class="c1"># Reassemble content, minus the metadata</span>
+ <span class="n">text</span> <span class="o">=</span> <span class="s1">'</span><span class="se">\n</span><span class="s1">'</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">lines</span><span class="p">[</span><span class="n">i</span><span class="p">:])</span>
- return text, metadata
-</code></pre>
+ <span class="k">return</span> <span class="n">text</span><span class="p">,</span> <span class="n">metadata</span>
+</code></pre></div>
+
<h2>Model Metadata <a id="ezmd"></a></h2>
<p>In <code>asfreader.py</code> we extend EZT syntax to do metadata substitution prior to EZT translation. This allows for a more natural and direct representation than with EZT sequences.</p>
<h3>Examples</h3>
-<pre><code class="language-md">| | | |
+<div class="highlight"><pre><span></span><code>| | | |
|-----------|-----------|-------------|
| [{ board[0].name }] | [{ board[1].name }] | [{ board[2].name }] |
| [{ board[3].name }] | [{ board[4].name }] | [{ board[5].name }] |
| [{ board[6].name }] | [{ board[7].name }] | [{ board[8].name }] |
-</code></pre>
-<pre><code class="language-md">| Office | Individual |
+</code></pre></div>
+
+<div class="highlight"><pre><span></span><code>| Office | Individual |
|-----------|-------------|
-| Board Chair | [{ ci[boardchair][roster] }] |
-| Vice Chair | [{ ci[vicechair][roster] }] |
-| President | [{ ci[president][roster] }] |
-| Exec. V.P | [{ ci[execvp][roster] }] |
-| [[]Treasurer](https://treasurer.apache.org/) | [{ ci[treasurer][roster] }] |
-| Assistant Treasurer | [{ ci[assistanttreasurer][roster] }] |
-| Secretary | [{ ci[secretary][roster] }] |
-| Assistant Secretary | [{ ci[assistantsecretary][roster] }] |
-| V.P., [[]Legal Affairs](/legal/) | [{ ci[legal][chair] }] |
-| Assistant V.P., [[]Legal Affairs](/legal/) | [{ ci[assistantvplegalaffairs][roster] }] |
-</code></pre>
-<pre><code class="language-md">- All volunteer community
-- [{ code_lines }]+ lines of code in&nbsp;stewardship
-- [{ code_changed }]+ lines of code&nbsp;changed
-- [{ code_commits }]+ code commits
-- [{ asf_members }] individual ASF&nbsp;Members
-- [{ asf_committers }]+ Apache Committers
-- [{ asf_contributors }]+ code contributors
-- [{ asf_people }]+ people involved in our&nbsp;communities
-</code></pre>
+| Board Chair | [<span class="nt">{ ci[boardchair</span>][<span class="nl">roster</span>] }] |
+| Vice Chair | [<span class="nt">{ ci[vicechair</span>][<span class="nl">roster</span>] }] |
+| President | [<span class="nt">{ ci[president</span>][<span class="nl">roster</span>] }] |
+| Exec. V.P | [<span class="nt">{ ci[execvp</span>][<span class="nl">roster</span>] }] |
+| [[]Treasurer](https://treasurer.apache.org/) | [<span class="nt">{ ci[treasurer</span>][<span class="nl">roster</span>] }] |
+| Assistant Treasurer | [<span class="nt">{ ci[assistanttreasurer</span>][<span class="nl">roster</span>] }] |
+| Secretary | [<span class="nt">{ ci[secretary</span>][<span class="nl">roster</span>] }] |
+| Assistant Secretary | [<span class="nt">{ ci[assistantsecretary</span>][<span class="nl">roster</span>] }] |
+| V.P., [[]Legal Affairs](/legal/) | [<span class="nt">{ ci[legal</span>][<span class="nl">chair</span>] }] |
+| Assistant V.P., [[]Legal Affairs](/legal/) | [<span class="nt">{ ci[assistantvplegalaffairs</span>][<span class="nl">roster</span>] }] |
+</code></pre></div>
+
+<div class="highlight"><pre><span></span><code><span class="k">-</span><span class="w"> </span>All volunteer community
+<span class="k">-</span><span class="w"> </span>[{ code_lines }]+ lines of code in&nbsp;stewardship
+<span class="k">-</span><span class="w"> </span>[{ code_changed }]+ lines of code&nbsp;changed
+<span class="k">-</span><span class="w"> </span>[{ code_commits }]+ code commits
+<span class="k">-</span><span class="w"> </span>[{ asf_members }] individual ASF&nbsp;Members
+<span class="k">-</span><span class="w"> </span>[{ asf_committers }]+ Apache Committers
+<span class="k">-</span><span class="w"> </span>[{ asf_contributors }]+ code contributors
+<span class="k">-</span><span class="w"> </span>[{ asf_people }]+ people involved in our&nbsp;communities
+</code></pre></div>
+
<h3>EZMD Reader</h3>
<p>The <code>asfreader.py</code> plugin is responsible for <a href="#read-source">reading the source</a>, adding metadata, <a href="#ezt-translation">ezt translation</a>, and <a href="#render-gfm">rendering GFM</a></p>
-<pre><code class="language-python"> def add_data(self, text, metadata):
- "Mix in ASF data as metadata"
+<div class="highlight"><pre><span></span><code> <span class="k">def</span> <span class="nf">add_data</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">text</span><span class="p">,</span> <span class="n">metadata</span><span class="p">):</span>
+ <span class="s2">"Mix in ASF data as metadata"</span>
- asf_metadata = self.settings.get('ASF_DATA', { }).get('metadata')
- if asf_metadata:
- metadata.update(asf_metadata)
- # insert any direct references
- m = 1
- while m:
- m = METADATA_RE.search(text)
- if m:
- this_data = m.group(1).strip()
- format_string = '{{{0}}}'.format(this_data)
- try:
- new_string = format_string.format(**metadata)
- print(f'{{{{{m.group(1)}}}}} -> {new_string}')
- except Exception:
- # the data expression was not found
- new_string = format_string
- print(f'{{{{{m.group(1)}}}}} is not found')
- text = re.sub(METADATA_RE, new_string, text, count=1)
- return text, metadata
-</code></pre>
+ <span class="n">asf_metadata</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">settings</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'ASF_DATA'</span><span class="p">,</span> <span class="p">{</span> <span class="p">})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'metadata'</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">asf_metadata</span><span class="p">:</span>
+ <span class="n">metadata</span><span class="o">.</span><span class="n">update</span><span class="p">(</span><span class="n">asf_metadata</span><span class="p">)</span>
+ <span class="c1"># insert any direct references</span>
+ <span class="n">m</span> <span class="o">=</span> <span class="mi">1</span>
+ <span class="k">while</span> <span class="n">m</span><span class="p">:</span>
+ <span class="n">m</span> <span class="o">=</span> <span class="n">METADATA_RE</span><span class="o">.</span><span class="n">search</span><span class="p">(</span><span class="n">text</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">m</span><span class="p">:</span>
+ <span class="n">this_data</span> <span class="o">=</span> <span class="n">m</span><span class="o">.</span><span class="n">group</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span><span class="o">.</span><span class="n">strip</span><span class="p">()</span>
+ <span class="n">format_string</span> <span class="o">=</span> <span class="s1">'{{</span><span class="si">{0}</span><span class="s1">}}'</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">this_data</span><span class="p">)</span>
+ <span class="k">try</span><span class="p">:</span>
+ <span class="n">new_string</span> <span class="o">=</span> <span class="n">format_string</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="o">**</span><span class="n">metadata</span><span class="p">)</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'</span><span class="se">{{{{</span><span class="si">{</span><span class="n">m</span><span class="o">.</span><span class="n">group</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span><span class="si">}</span><span class="se">}}}}</span><span class="s1"> -> </span><span class="si">{</span><span class="n">new_string</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="k">except</span> <span class="ne">Exception</span><span class="p">:</span>
+ <span class="c1"># the data expression was not found</span>
+ <span class="n">new_string</span> <span class="o">=</span> <span class="n">format_string</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'</span><span class="se">{{{{</span><span class="si">{</span><span class="n">m</span><span class="o">.</span><span class="n">group</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span><span class="si">}</span><span class="se">}}}}</span><span class="s1"> is not found'</span><span class="p">)</span>
+ <span class="n">text</span> <span class="o">=</span> <span class="n">re</span><span class="o">.</span><span class="n">sub</span><span class="p">(</span><span class="n">METADATA_RE</span><span class="p">,</span> <span class="n">new_string</span><span class="p">,</span> <span class="n">text</span><span class="p">,</span> <span class="n">count</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span>
+ <span class="k">return</span> <span class="n">text</span><span class="p">,</span> <span class="n">metadata</span>
+</code></pre></div>
+
<h2>EZT Translation</h2>
<p><strong>ezmd</strong> page files are <a href="https://github.com/gstein/ezt">ezt</a> templates that create Markdown and HTML output. See <a href="https://github.com/gstein/ezt/blob/wiki/Syntax.md">EZT Syntax</a> for the directives.</p>
<h3>EZT Examples</h3>
<p>Project list:</p>
-<pre><code class="language-md">| Office | Individual |
+<div class="highlight"><pre><span></span><code>| Office | Individual |
|-----------|-------------|[for projects]
-| V.P., [if-any projects.site][[][end]Apache [projects.display_name][if-any projects.site]]([projects.site])[end] | [projects.chair] |[end]
-</code></pre>
-<p>Featured projects:</p>
-<pre><code class="language-html">[for featured_projs]<li [if-index featured_projs first]class="active"[end]>
- <a href="#[featured_projs.key_id]" data-toggle="tab">[featured_projs.display_name]</a>
-</li>[end]
-</code></pre>
-<p>Insert a file as-is into the output:</p>
-<pre><code class="language-md">Title: Apache Download Mirrors
+| V.P., [<span class="nt">if-any projects.site</span>][<span class="nl">[</span>][end]Apache [<span class="nt">projects.display_name</span>][<span class="nl">if-any projects.site</span>]]([projects.site])[end] | [projects.chair] |[end]
+</code></pre></div>
-[insertfile "include/closer.ezt"]
-</code></pre>
+<p>Featured projects:</p>
+<div class="highlight"><pre><span></span><code>[for featured_projs]<span class="p"><</span><span class="nt">li</span> <span class="err">[</span><span class="na">if-index</span> <span class="na">featured_projs</span> <span class="na">first</span><span class="err">]</span><span class="na">class</span><span class="o">=</span><span class="s">"active"</span><span class="err">[</span><span class="na">end</span><span class="err">]</span><span class="p">></span>
+ <span class="p"><</span><span class="nt">a</span> <span class="na">href</span><span class="o">=</span><span class="s">"#[featured_projs.key_id]"</span> <span class="na">data-toggle</span><span class="o">=</span><span class="s">"tab"</span><span class="p">></span>[featured_projs.display_name]<span class="p"></</span><span class="nt">a</span><span class="p">></span>
+<span class="p"></</span><span class="nt">li</span><span class="p">></span>[end]
+</code></pre></div>
+
+<p>Insert a file as-is into the output:</p>
+<div class="highlight"><pre><span></span><code>Title: Apache Download Mirrors
+
+[insertfile "include/closer.ezt"]
+</code></pre></div>
+
<h3>EZT Code</h3>
<p>Code from <code>asfreader.py</code></p>
-<pre><code class="language-python"> # prepare text as an ezt template
- # compress_whitespace=0 is required as blank lines and indentation have meaning in markdown
- template = ezt.Template(compress_whitespace=0)
- reader = ASFTemplateReader(source_path, text)
- template.parse(reader, base_format=ezt.FORMAT_HTML)
- assert template
- # generate content from ezt template with metadata
- fp = io.StringIO()
- template.generate(fp, metadata)
-</code></pre>
+<div class="highlight"><pre><span></span><code> <span class="c1"># prepare text as an ezt template</span>
+ <span class="c1"># compress_whitespace=0 is required as blank lines and indentation have meaning in markdown</span>
+ <span class="n">template</span> <span class="o">=</span> <span class="n">ezt</span><span class="o">.</span><span class="n">Template</span><span class="p">(</span><span class="n">compress_whitespace</span><span class="o">=</span><span class="mi">0</span><span class="p">)</span>
+ <span class="n">reader</span> <span class="o">=</span> <span class="n">ASFTemplateReader</span><span class="p">(</span><span class="n">source_path</span><span class="p">,</span> <span class="n">text</span><span class="p">)</span>
+ <span class="n">template</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="n">reader</span><span class="p">,</span> <span class="n">base_format</span><span class="o">=</span><span class="n">ezt</span><span class="o">.</span><span class="n">FORMAT_HTML</span><span class="p">)</span>
+ <span class="k">assert</span> <span class="n">template</span>
+ <span class="c1"># generate content from ezt template with metadata</span>
+ <span class="n">fp</span> <span class="o">=</span> <span class="n">io</span><span class="o">.</span><span class="n">StringIO</span><span class="p">()</span>
+ <span class="n">template</span><span class="o">.</span><span class="n">generate</span><span class="p">(</span><span class="n">fp</span><span class="p">,</span> <span class="n">metadata</span><span class="p">)</span>
+</code></pre></div>
+
<h2>Render GFM</h2>
<p>Content is in <a href="gfm.html">GitHub Flavored Markdown</a> (GFM).</p>
<p>ASF-Pelican uses a version of <a href="https://github.com/github/cmark-gfm" target="_blank">cmark-gfm</a> by <a href="https://github.blog/2017-03-14-a-formal-spec-for-github-markdown/" target="_blank">GitHub</a> through the <code>pelican-gfm</code> plugin created by Apache Infra.</p>
@@ -346,16 +363,13 @@
</li>
<li>
<p>Many projects used the Apache CMS for their websites. Here are some differences from its <code>markdown.pl</code>.</p>
-<ul>
+</li>
<li>
<p><a href="https://github.github.com/gfm/#html-block">HTML Blocks</a></p>
<ul>
<li>Make sure the first line of your html block starts in column one.</li>
-<li>A blank line terminates an html block
-<ul>
+<li>A blank line terminates an html block</li>
<li><a href="https://github.github.com/gfm/#example-139">Exception</a> to this rule for <code>style</code>, <code>pre</code>, and <code>script</code>.</li>
-</ul>
-</li>
<li><a href="https://github.github.com/gfm/#example-122">Markdown content within an HTML block</a></li>
</ul>
</li>
@@ -370,8 +384,6 @@
<li>
<p><a href="https://github.github.com/gfm/#disallowed-raw-html-extension-">Disallowed html</a> the tagfilter extension disables certain html. The asfgenid plugin reenables <code>script</code>, <code>style</code>, and <code>iframe</code> html.</p>
</li>
-</ul>
-</li>
<li>
<p><a href="https://sindresorhus.com/github-markdown-css/">Examples</a></p>
</li>
@@ -379,33 +391,35 @@
<h3>Pelican GFM</h3>
<p>The <code>pelican-gfm</code> plugin <a href="#read-source">reads</a> the content file and renders it to HTML.</p>
<p>From <code>asfreader.py</code>:</p>
-<pre><code class="language-python"> # Render the markdown into HTML
- content = super().render(fp.getvalue().encode('utf-8')).decode('utf-8')
- assert content
-</code></pre>
+<div class="highlight"><pre><span></span><code> <span class="c1"># Render the markdown into HTML</span>
+ <span class="n">content</span> <span class="o">=</span> <span class="nb">super</span><span class="p">()</span><span class="o">.</span><span class="n">render</span><span class="p">(</span><span class="n">fp</span><span class="o">.</span><span class="n">getvalue</span><span class="p">()</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s1">'utf-8'</span><span class="p">))</span><span class="o">.</span><span class="n">decode</span><span class="p">(</span><span class="s1">'utf-8'</span><span class="p">)</span>
+ <span class="k">assert</span> <span class="n">content</span>
+</code></pre></div>
+
<p>From <code>pelican-gfm</code>:</p>
-<pre><code class="language-python"> def render(self, text):
- "Use cmark-gfm to render the Markdown into an HTML fragment."
+<div class="highlight"><pre><span></span><code> <span class="k">def</span> <span class="nf">render</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">text</span><span class="p">):</span>
+ <span class="s2">"Use cmark-gfm to render the Markdown into an HTML fragment."</span>
- parser = F_cmark_parser_new(OPTS)
- assert parser
- for name in EXTENSIONS:
- ext = F_cmark_find_syntax_extension(name.encode('utf-8'))
- assert ext
- rv = F_cmark_parser_attach_syntax_extension(parser, ext)
- assert rv
- exts = F_cmark_parser_get_syntax_extensions(parser)
- F_cmark_parser_feed(parser, text, len(text))
- doc = F_cmark_parser_finish(parser)
- assert doc
+ <span class="n">parser</span> <span class="o">=</span> <span class="n">F_cmark_parser_new</span><span class="p">(</span><span class="n">OPTS</span><span class="p">)</span>
+ <span class="k">assert</span> <span class="n">parser</span>
+ <span class="k">for</span> <span class="n">name</span> <span class="ow">in</span> <span class="n">EXTENSIONS</span><span class="p">:</span>
+ <span class="n">ext</span> <span class="o">=</span> <span class="n">F_cmark_find_syntax_extension</span><span class="p">(</span><span class="n">name</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s1">'utf-8'</span><span class="p">))</span>
+ <span class="k">assert</span> <span class="n">ext</span>
+ <span class="n">rv</span> <span class="o">=</span> <span class="n">F_cmark_parser_attach_syntax_extension</span><span class="p">(</span><span class="n">parser</span><span class="p">,</span> <span class="n">ext</span><span class="p">)</span>
+ <span class="k">assert</span> <span class="n">rv</span>
+ <span class="n">exts</span> <span class="o">=</span> <span class="n">F_cmark_parser_get_syntax_extensions</span><span class="p">(</span><span class="n">parser</span><span class="p">)</span>
+ <span class="n">F_cmark_parser_feed</span><span class="p">(</span><span class="n">parser</span><span class="p">,</span> <span class="n">text</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">text</span><span class="p">))</span>
+ <span class="n">doc</span> <span class="o">=</span> <span class="n">F_cmark_parser_finish</span><span class="p">(</span><span class="n">parser</span><span class="p">)</span>
+ <span class="k">assert</span> <span class="n">doc</span>
- output = F_cmark_render_html(doc, OPTS, exts)
+ <span class="n">output</span> <span class="o">=</span> <span class="n">F_cmark_render_html</span><span class="p">(</span><span class="n">doc</span><span class="p">,</span> <span class="n">OPTS</span><span class="p">,</span> <span class="n">exts</span><span class="p">)</span>
- F_cmark_parser_free(parser)
- F_cmark_node_free(doc)
+ <span class="n">F_cmark_parser_free</span><span class="p">(</span><span class="n">parser</span><span class="p">)</span>
+ <span class="n">F_cmark_node_free</span><span class="p">(</span><span class="n">doc</span><span class="p">)</span>
- return output
-</code></pre>
+ <span class="k">return</span> <span class="n">output</span>
+</code></pre></div>
+
<h2>Generate ID</h2>
<p>We use the <code>asfgenid</code> plugin to perform modifications on the generated content that mimics the markdown extensions in the Apache CMS.
Many of these ASF-specific enhancements are controlled in <a href="../pelicanconf.py">pelican settings</a> in the <code>ASF_GENID</code> dictionary.</p>
@@ -413,7 +427,7 @@
<thead>
<tr>
<th>ASF_GENID key</th>
-<th align="center">default</th>
+<th style="text-align: center;">default</th>
<th>process</th>
<th>page override</th>
</tr>
@@ -421,153 +435,158 @@
<tbody>
<tr>
<td>unsafe_tags</td>
-<td align="center">True</td>
+<td style="text-align: center;">True</td>
<td>fix up script, style, and iframe HTML tags that the GFM autofilter extension marks as unsafe</td>
<td></td>
</tr>
<tr>
<td>-</td>
-<td align="center">-</td>
+<td style="text-align: center;">-</td>
<td>convert HTML into beautiful soup</td>
<td></td>
</tr>
<tr>
<td>metadata</td>
-<td align="center">True</td>
+<td style="text-align: center;">True</td>
<td><code>{{ metadata }}</code> include data in the HTML</td>
<td></td>
</tr>
<tr>
<td>-</td>
-<td align="center">True</td>
+<td style="text-align: center;">True</td>
<td>inventory of all ID attributes; duplicates are invalid</td>
<td></td>
</tr>
<tr>
<td>elements</td>
-<td align="center">True</td>
+<td style="text-align: center;">True</td>
<td>find all <code>{#id}</code> and <code>{.class}</code> texts and assign attributes</td>
<td></td>
</tr>
<tr>
<td>headings</td>
-<td align="center">True</td>
+<td style="text-align: center;">True</td>
<td>assign IDs to all headings w/o IDs already present or assigned with <code>{#id}</code> text</td>
<td>asf_headings</td>
</tr>
<tr>
<td>headings_re</td>
-<td align="center"><code>r'^h[1-6]'</code></td>
+<td style="text-align: center;"><code>r'^h[1-6]'</code></td>
<td>regex for finding headings that require IDs</td>
<td></td>
</tr>
<tr>
<td>tables</td>
-<td align="center">True</td>
+<td style="text-align: center;">True</td>
<td>tables with a class attribute are assigned <code>class=table</code></td>
<td></td>
</tr>
<tr>
<td>toc</td>
-<td align="center">True</td>
+<td style="text-align: center;">True</td>
<td>generate a table of contents if [TOC] is found. If this is set to False then the <code>toc.py</code> plugin may be used.</td>
<td></td>
</tr>
<tr>
<td>toc_headers</td>
-<td align="center"><code>r'h[1-6]'</code></td>
+<td style="text-align: center;"><code>r'h[1-6]'</code></td>
<td>headings to include in the [TOC]</td>
<td></td>
</tr>
<tr>
<td>-</td>
-<td align="center">-</td>
+<td style="text-align: center;">-</td>
<td>convert beautiful soup back into HTML.</td>
<td></td>
-</tr></tbody></table>
-<pre><code class="language-python"># Configure the asfgenid plugin
-ASF_GENID = {
- 'metadata': True,
- 'elements': True,
- 'headings': True,
- 'headings_re': r'^h[1-4]',
- 'permalinks': True,
- 'toc': True,
- 'toc_headers': r"h[1-4]",
- 'tables': True,
- 'debug': False
-}
-</code></pre>
+</tr>
+</tbody>
+</table>
+<div class="highlight"><pre><span></span><code><span class="c1"># Configure the asfgenid plugin</span>
+<span class="n">ASF_GENID</span> <span class="o">=</span> <span class="p">{</span>
+ <span class="s1">'metadata'</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
+ <span class="s1">'elements'</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
+ <span class="s1">'headings'</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
+ <span class="s1">'headings_re'</span><span class="p">:</span> <span class="sa">r</span><span class="s1">'^h[1-4]'</span><span class="p">,</span>
+ <span class="s1">'permalinks'</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
+ <span class="s1">'toc'</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
+ <span class="s1">'toc_headers'</span><span class="p">:</span> <span class="sa">r</span><span class="s2">"h[1-4]"</span><span class="p">,</span>
+ <span class="s1">'tables'</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
+ <span class="s1">'debug'</span><span class="p">:</span> <span class="kc">False</span>
+<span class="p">}</span>
+</code></pre></div>
+
<h3>Element examples</h3>
<p>Set the heading ID and permalink to <code>#what</code></p>
-<pre><code class="language-md">## What is the Apache Software Foundation? {#what}
+<div class="highlight"><pre><span></span><code><span class="gu">## What is the Apache Software Foundation? {#what}</span>
The Apache Software Foundation (ASF) is a non-profit 501(c)(3) corporation,
incorporated in Delaware, USA, in June of 1999. The ASF is a natural
outgrowth of The Apache Group, which
formed in 1995 to develop the Apache HTTP Server.
-</code></pre>
+</code></pre></div>
+
<p>Set the class to display an image to <code>float-right</code></p>
-<pre><code class="language-md"> {.float-right}
-</code></pre>
+<div class="highlight"><pre><span></span><code>![<span class="nt">Logo</span>](<span class="na">images/logo.svg</span>) {.float-right}
+</code></pre></div>
+
<p>An HTML fragment is also feasible for a similar purpose</p>
-<pre><code class="language-html"><div class=".pull-right" style="float:right; border-style:dotted; width:200px; padding:5px; margin:5px">
+<div class="highlight"><pre><span></span><code><span class="p"><</span><span class="nt">div</span> <span class="na">class</span><span class="o">=</span><span class="s">".pull-right"</span> <span class="na">style</span><span class="o">=</span><span class="s">"float:right; border-style:dotted; width:200px; padding:5px; margin:5px"</span><span class="p">></span>
SEE INSTEAD: [Trademark Resources Site Map][resources].
-</div>
-</code></pre>
+<span class="p"></</span><span class="nt">div</span><span class="p">></span>
+</code></pre></div>
+
<h3>Heading code</h3>
<p>Code from <code>asfgenid.py</code> uses <a href="https://www.crummy.com/software/BeautifulSoup/bs4/doc/index.html?highlight=javascript#">BeautifulSoup 4</a> to manipulate the rendered HTML. Here is an example:</p>
-<pre><code class="language-python"># from Apache CMS markdown/extensions/headerid.py - slugify in the same way as the Apache CMS
-def slugify(value, separator):
- """ Slugify a string, to make it URL friendly. """
- value = unicodedata.normalize('NFKD', value).encode('ascii', 'ignore')
- value = re.sub('[^\\w\\s-]', '', value.decode('ascii')).strip().lower()
- return re.sub('[%s\\s]+' % separator, separator, value)
+<div class="highlight"><pre><span></span><code><span class="c1"># from Apache CMS markdown/extensions/headerid.py - slugify in the same way as the Apache CMS</span>
+<span class="k">def</span> <span class="nf">slugify</span><span class="p">(</span><span class="n">value</span><span class="p">,</span> <span class="n">separator</span><span class="p">):</span>
+<span class="w"> </span><span class="sd">""" Slugify a string, to make it URL friendly. """</span>
+ <span class="n">value</span> <span class="o">=</span> <span class="n">unicodedata</span><span class="o">.</span><span class="n">normalize</span><span class="p">(</span><span class="s1">'NFKD'</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s1">'ascii'</span><span class="p">,</span> <span class="s1">'ignore'</span><span class="p">)</span>
+ <span class="n">value</span> <span class="o">=</span> <span class="n">re</span><span class="o">.</span><span class="n">sub</span><span class="p">(</span><span class="s1">'[^</span><span class="se">\\</span><span class="s1">w</span><span class="se">\\</span><span class="s1">s-]'</span><span class="p">,</span> <span class="s1">''</span><span class="p">,</span> <span class="n">value</span><span class="o">.</span><span class="n">decode</span><span class="p">(</span><span class="s1">'ascii'</span><span class="p">))</span><span class="o">.</span><span class="n">strip</span><span class="p">()</span><span class="o">.</span><span class="n">lower</span><span class="p">()</span>
+ <span class="k">return</span> <span class="n">re</span><span class="o">.</span><span class="n">sub</span><span class="p">(</span><span class="s1">'[</span><span class="si">%s</span><span class="se">\\</span><span class="s1">s]+'</span> <span class="o">%</span> <span class="n">separator</span><span class="p">,</span> <span class="n">separator</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span>
-...
+<span class="o">...</span>
-# append a permalink
-def permalink(soup, mod_element):
- new_tag = soup.new_tag('a', href='#' + mod_element['id'])
- new_tag['class'] = 'headerlink'
- new_tag['title'] = 'Permalink'
- new_tag.string = LINK_CHAR
- mod_element.append(new_tag)
+<span class="c1"># append a permalink</span>
+<span class="k">def</span> <span class="nf">permalink</span><span class="p">(</span><span class="n">soup</span><span class="p">,</span> <span class="n">mod_element</span><span class="p">):</span>
+ <span class="n">new_tag</span> <span class="o">=</span> <span class="n">soup</span><span class="o">.</span><span class="n">new_tag</span><span class="p">(</span><span class="s1">'a'</span><span class="p">,</span> <span class="n">href</span><span class="o">=</span><span class="s1">'#'</span> <span class="o">+</span> <span class="n">mod_element</span><span class="p">[</span><span class="s1">'id'</span><span class="p">])</span>
+ <span class="n">new_tag</span><span class="p">[</span><span class="s1">'class'</span><span class="p">]</span> <span class="o">=</span> <span class="s1">'headerlink'</span>
+ <span class="n">new_tag</span><span class="p">[</span><span class="s1">'title'</span><span class="p">]</span> <span class="o">=</span> <span class="s1">'Permalink'</span>
+ <span class="n">new_tag</span><span class="o">.</span><span class="n">string</span> <span class="o">=</span> <span class="n">LINK_CHAR</span>
+ <span class="n">mod_element</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">new_tag</span><span class="p">)</span>
-...
+<span class="o">...</span>
-# generate ID for a heading
-def headingid_transform(ids, soup, tag, permalinks, perma_set):
- new_string = tag.string
- if not new_string:
- # roll up strings if no immediate string
- new_string = tag.find_all(
- text=lambda t: not isinstance(t, Comment),
- recursive=True)
- new_string = ''.join(new_string)
+<span class="c1"># generate ID for a heading</span>
+<span class="k">def</span> <span class="nf">headingid_transform</span><span class="p">(</span><span class="n">ids</span><span class="p">,</span> <span class="n">soup</span><span class="p">,</span> <span class="n">tag</span><span class="p">,</span> <span class="n">permalinks</span><span class="p">,</span> <span class="n">perma_set</span><span class="p">):</span>
+ <span class="n">new_string</span> <span class="o">=</span> <span class="n">tag</span><span class="o">.</span><span class="n">string</span>
+ <span class="k">if</span> <span class="ow">not</span> <span class="n">new_string</span><span class="p">:</span>
+ <span class="c1"># roll up strings if no immediate string</span>
+ <span class="n">new_string</span> <span class="o">=</span> <span class="n">tag</span><span class="o">.</span><span class="n">find_all</span><span class="p">(</span>
+ <span class="n">text</span><span class="o">=</span><span class="k">lambda</span> <span class="n">t</span><span class="p">:</span> <span class="ow">not</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">Comment</span><span class="p">),</span>
+ <span class="n">recursive</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span>
+ <span class="n">new_string</span> <span class="o">=</span> <span class="s1">''</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">new_string</span><span class="p">)</span>
- # don't have an id create it from text
- new_id = slugify(new_string, '-')
- tag['id'] = unique(new_id, ids)
- if permalinks:
- permalink(soup, tag)
- # inform if there is a duplicate permalink
- unique(tag['id'], perma_set)
+ <span class="c1"># don't have an id create it from text</span>
+ <span class="n">new_id</span> <span class="o">=</span> <span class="n">slugify</span><span class="p">(</span><span class="n">new_string</span><span class="p">,</span> <span class="s1">'-'</span><span class="p">)</span>
+ <span class="n">tag</span><span class="p">[</span><span class="s1">'id'</span><span class="p">]</span> <span class="o">=</span> <span class="n">unique</span><span class="p">(</span><span class="n">new_id</span><span class="p">,</span> <span class="n">ids</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">permalinks</span><span class="p">:</span>
+ <span class="n">permalink</span><span class="p">(</span><span class="n">soup</span><span class="p">,</span> <span class="n">tag</span><span class="p">)</span>
+ <span class="c1"># inform if there is a duplicate permalink</span>
+ <span class="n">unique</span><span class="p">(</span><span class="n">tag</span><span class="p">[</span><span class="s1">'id'</span><span class="p">],</span> <span class="n">perma_set</span><span class="p">)</span>
-...
+<span class="o">...</span>
- # step 6 - find all headings w/o ids already present or assigned with {#id} text
- if asf_headings == 'True':
- if asf_genid['debug']:
- print(f'headings: {content.relative_source_path}')
- # Find heading tags
- HEADING_RE = re.compile(asf_genid['headings_re'])
- for tag in soup.findAll(HEADING_RE, id=False):
- headingid_transform(ids, soup, tag, asf_genid['permalinks'], permalinks)
-</code></pre>
-
+ <span class="c1"># step 6 - find all headings w/o ids already present or assigned with {#id} text</span>
+ <span class="k">if</span> <span class="n">asf_headings</span> <span class="o">==</span> <span class="s1">'True'</span><span class="p">:</span>
+ <span class="k">if</span> <span class="n">asf_genid</span><span class="p">[</span><span class="s1">'debug'</span><span class="p">]:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'headings: </span><span class="si">{</span><span class="n">content</span><span class="o">.</span><span class="n">relative_source_path</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="c1"># Find heading tags</span>
+ <span class="n">HEADING_RE</span> <span class="o">=</span> <span class="n">re</span><span class="o">.</span><span class="n">compile</span><span class="p">(</span><span class="n">asf_genid</span><span class="p">[</span><span class="s1">'headings_re'</span><span class="p">])</span>
+ <span class="k">for</span> <span class="n">tag</span> <span class="ow">in</span> <span class="n">soup</span><span class="o">.</span><span class="n">findAll</span><span class="p">(</span><span class="n">HEADING_RE</span><span class="p">,</span> <span class="nb">id</span><span class="o">=</span><span class="kc">False</span><span class="p">):</span>
+ <span class="n">headingid_transform</span><span class="p">(</span><span class="n">ids</span><span class="p">,</span> <span class="n">soup</span><span class="p">,</span> <span class="n">tag</span><span class="p">,</span> <span class="n">asf_genid</span><span class="p">[</span><span class="s1">'permalinks'</span><span class="p">],</span> <span class="n">permalinks</span><span class="p">)</span>
+</code></pre></div>
</div>
</div>
</div>
diff --git a/output/asf-pelican-config.html b/output/asf-pelican-config.html
index 67461ba..18b990b 100644
--- a/output/asf-pelican-config.html
+++ b/output/asf-pelican-config.html
@@ -74,60 +74,62 @@
Configuring ASF Pelican
</h1>
<p>Review <a href="https://github.com/apache/template-site" target="_blank">github.com/apache/template-site</a> to inspect a full <code>pelicanconf.yaml</code> file.</p>
-<p>These are the sections to configure in <code>pelicanconf.yaml</code> for your website:</p>
+<p>These are the sections to configure in <code>pelicanconf.yaml</code> for your website: </p>
<h2>Required</h2>
-<pre><code>site:
- name: Apache Template
- description: Provides a template for projects wishing to use the Pelican ASF static content system
- domain: template.apache.org
- logo: images/logo.png
- repository: https://github.com/apache/template-site/blob/main/content/
- trademarks: Apache, the Apache feather logo, and "Project" are trademarks or registered trademarks
+<div class="highlight"><pre><span></span><code><span class="n">site</span><span class="o">:</span>
+<span class="w"> </span><span class="n">name</span><span class="o">:</span><span class="w"> </span><span class="n">Apache</span><span class="w"> </span><span class="n">Template</span>
+<span class="w"> </span><span class="n">description</span><span class="o">:</span><span class="w"> </span><span class="n">Provides</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">template</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">projects</span><span class="w"> </span><span class="n">wishing</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">use</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">Pelican</span><span class="w"> </span><span class="n">ASF</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="n">content</span><span class="w"> </span><span class="n">system</span>
+<span class="w"> </span><span class="n">domain</span><span class="o">:</span><span class="w"> </span><span class="n">template</span><span class="o">.</span><span class="na">apache</span><span class="o">.</span><span class="na">org</span>
+<span class="w"> </span><span class="n">logo</span><span class="o">:</span><span class="w"> </span><span class="n">images</span><span class="o">/</span><span class="n">logo</span><span class="o">.</span><span class="na">png</span>
+<span class="w"> </span><span class="n">repository</span><span class="o">:</span><span class="w"> </span><span class="n">https</span><span class="o">://</span><span class="n">github</span><span class="o">.</span><span class="na">com</span><span class="sr">/apache/template-site/blob/main/content/</span>
+<span class="w"> </span><span class="n">trademarks</span><span class="o">:</span><span class="w"> </span><span class="n">Apache</span><span class="o">,</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">Apache</span><span class="w"> </span><span class="n">feather</span><span class="w"> </span><span class="n">logo</span><span class="o">,</span><span class="w"> </span><span class="n">and</span><span class="w"> </span><span class="s2">"Project"</span><span class="w"> </span><span class="n">are</span><span class="w"> </span><span class="n">trademarks</span><span class="w"> </span><span class="n">or</span><span class="w"> </span><span class="n">registered</span><span class="w"> </span><span class="n">trademarks</span>
-theme: theme/apache
-</code></pre>
+<span class="n">theme</span><span class="o">:</span><span class="w"> </span><span class="n">theme</span><span class="o">/</span><span class="n">apache</span>
+</code></pre></div>
+
<h2>Options</h2>
<h3>Plugins</h3>
<p>If you are using the standard plugins included in ASF Pelican, you can leave this section out.
If you include it, your build will automatically include the <code>gfm</code> plugin.</p>
-<pre><code>plugins:
- paths:
- - theme/plugins
- use:
- - gfm
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">plugins</span><span class="o">:</span>
+<span class="w"> </span><span class="n">paths</span><span class="o">:</span>
+<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">theme</span><span class="o">/</span><span class="n">plugins</span>
+<span class="w"> </span><span class="n">use</span><span class="o">:</span>
+<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">gfm</span>
+</code></pre></div>
+
<h3>Special setup</h3>
<p>To configure four special features:</p>
-<pre><code>setup:
- data: asfdata.yaml
- run:
- - /bin/bash shell.sh
- ignore:
- - README.md
- - include
- - docs
- copy:
- - docs
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">setup</span><span class="o">:</span>
+<span class="w"> </span><span class="n">data</span><span class="o">:</span><span class="w"> </span><span class="n">asfdata</span><span class="o">.</span><span class="na">yaml</span>
+<span class="w"> </span><span class="n">run</span><span class="o">:</span>
+<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="sr">/bin/</span><span class="n">bash</span><span class="w"> </span><span class="n">shell</span><span class="o">.</span><span class="na">sh</span>
+<span class="w"> </span><span class="n">ignore</span><span class="o">:</span>
+<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">README</span><span class="o">.</span><span class="na">md</span>
+<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="k">include</span>
+<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">docs</span>
+<span class="w"> </span><span class="n">copy</span><span class="o">:</span>
+<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">docs</span>
+</code></pre></div>
+
<ol>
<li>data - uses <code>asfdata</code> plugin to build a data model to use in <code>ezmd</code> files. www-site is the best example.</li>
<li>run - uses <code>asfrun</code> plugin to run scripts. httpd-site's security vulnerability processing is the best example.</li>
<li>ignore - sets Pelican's IGNORE_FILES setting.</li>
<li>copy - uses <code>asfcopy</code> plugin to copy static files outside of the Pelican process. Include these in <code>ignore</code> as well.
-This is useful if you have large files or many static files.</li>
+ This is useful if you have large files or many static files.</li>
</ol>
<h2>Generate ID</h2>
<p>The <code>asfgenid</code> plugin performs a number of fixups and enhancements.</p>
-<pre><code>genid:
- unsafe: yes
- metadata: yes
- elements: yes
- headings_depth: 4
- permalinks: yes
- toc_depth: 4
- tables: yes
-</code></pre>
-
+<div class="highlight"><pre><span></span><code><span class="n">genid</span><span class="o">:</span>
+<span class="w"> </span><span class="n">unsafe</span><span class="o">:</span><span class="w"> </span><span class="n">yes</span>
+<span class="w"> </span><span class="n">metadata</span><span class="o">:</span><span class="w"> </span><span class="n">yes</span>
+<span class="w"> </span><span class="n">elements</span><span class="o">:</span><span class="w"> </span><span class="n">yes</span>
+<span class="w"> </span><span class="n">headings_depth</span><span class="o">:</span><span class="w"> </span><span class="mi">4</span>
+<span class="w"> </span><span class="n">permalinks</span><span class="o">:</span><span class="w"> </span><span class="n">yes</span>
+<span class="w"> </span><span class="n">toc_depth</span><span class="o">:</span><span class="w"> </span><span class="mi">4</span>
+<span class="w"> </span><span class="n">tables</span><span class="o">:</span><span class="w"> </span><span class="n">yes</span>
+</code></pre></div>
</div>
</div>
</div>
diff --git a/output/asf-pelican-data.html b/output/asf-pelican-data.html
index 43a352f..ed10c1d 100644
--- a/output/asf-pelican-data.html
+++ b/output/asf-pelican-data.html
@@ -76,207 +76,210 @@
<h2>ASF Data</h2>
<p>If your site includes the <code>asfdata.py</code> plugin, the Pelican site generator reads instructions from it during initialization and creates shared metadata that is available for all pages. It is particularly critical for <strong>ezmd</strong> pages that contain directives.</p>
<p>The <code>pelicanconf.yaml</code> file contains the following:</p>
-<pre><code>setup:
- data: asfdata.yaml
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">setup</span><span class="o">:</span>
+<span class="w"> </span><span class="n">data</span><span class="o">:</span><span class="w"> </span><span class="n">asfdata</span><span class="o">.</span><span class="na">yaml</span>
+</code></pre></div>
+
<ul>
<li><code>data</code> is a .yaml file of metadata instructions.</li>
</ul>
<p>Within the plugin there are three kinds of data transformations:</p>
<ol>
<li>Constant key-value pairs.</li>
-<li>Specific sequences that are custom code specific to the datasource:
-<ul>
+<li>Specific sequences that are custom code specific to the datasource:</li>
<li>Twitter feed uses the Twitter Recent Tweet API</li>
<li>Blogs reads a Roller Atom feed in XML</li>
<li>ECCN reads export notifications from a .yaml file</li>
-</ul>
-</li>
-<li>Multiple data models derived from a single .yaml or json file:
-<ul>
+<li>Multiple data models derived from a single .yaml or json file:</li>
<li>Committee info, which has Board, Officer, Committee, and Project information</li>
<li>Podling info, which has Incubator podling information</li>
-</ul>
-</li>
</ol>
<h2>Key value metadata</h2>
<p>These are provided in the <code>ASF_DATA['data']</code> file:</p>
-<pre><code class="language-yaml"># key-value pairs
-code_lines: 227M
-code_changed: 4.2B
-code_commits: 4.1M
-asf_members: 820
-# For use as nnn+ or 'more than nnn'
-asf_members_rounded: 800
-asf_committers: 8,100
-asf_contributors: 40,000
-asf_people: 488,000
-com_initiatives: 350
-com_projects: 300
-com_podlings: 37
-com_downloads: ~2 Petabytes
-com_emails: 24M
-com_mailinglists: 1,400
-com_pageviews: 35M
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># key-value pairs</span>
+<span class="nt">code_lines</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">227M</span>
+<span class="nt">code_changed</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">4.2B</span>
+<span class="nt">code_commits</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">4.1M</span>
+<span class="nt">asf_members</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">820</span>
+<span class="c1"># For use as nnn+ or 'more than nnn'</span>
+<span class="nt">asf_members_rounded</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">800</span>
+<span class="nt">asf_committers</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">8,100</span>
+<span class="nt">asf_contributors</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">40,000</span>
+<span class="nt">asf_people</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">488,000</span>
+<span class="nt">com_initiatives</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">350</span>
+<span class="nt">com_projects</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">300</span>
+<span class="nt">com_podlings</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">37</span>
+<span class="nt">com_downloads</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">~2 Petabytes</span>
+<span class="nt">com_emails</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">24M</span>
+<span class="nt">com_mailinglists</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1,400</span>
+<span class="nt">com_pageviews</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">35M</span>
+</code></pre></div>
+
<h2>Recent tweets</h2>
<p>This sequence uses specific code:</p>
-<pre><code class="language-yaml"># used on index.ezmd
-twitter:
- # load, transform, and create a sequence of tweets
- handle: 'TheASF'
- count: 1
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># used on index.ezmd</span>
+<span class="nt">twitter</span><span class="p">:</span>
+<span class="w"> </span><span class="c1"># load, transform, and create a sequence of tweets</span>
+<span class="w"> </span><span class="nt">handle</span><span class="p">:</span><span class="w"> </span><span class="s">'TheASF'</span>
+<span class="w"> </span><span class="nt">count</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1</span>
+</code></pre></div>
+
<p>The key method for reading recent tweets from the API.</p>
-<pre><code class="language-python"># retrieve the last count recent tweets from the handle.
-def process_twitter(handle, count):
- print(f'-----\ntwitter feed: {handle}')
- bearer_token = twitter_auth()
- query = f'from:{handle}'
- tweet_fields = 'tweet.fields=author_id'
- url = f'https://api.twitter.com/2/tweets/search/recent?query={query}&{tweet_fields}'
- headers = {'Authorization': f'Bearer {bearer_token}'}
- load = connect_to_endpoint(url, headers)
- reference = sequence_list('twitter', load['data'])
- if load['meta']['result_count'] < count:
- v = reference
- else:
- v = reference[:count]
- return v
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># retrieve the last count recent tweets from the handle.</span>
+<span class="k">def</span> <span class="nf">process_twitter</span><span class="p">(</span><span class="n">handle</span><span class="p">,</span> <span class="n">count</span><span class="p">):</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'-----</span><span class="se">\n</span><span class="s1">twitter feed: </span><span class="si">{</span><span class="n">handle</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">bearer_token</span> <span class="o">=</span> <span class="n">twitter_auth</span><span class="p">()</span>
+ <span class="n">query</span> <span class="o">=</span> <span class="sa">f</span><span class="s1">'from:</span><span class="si">{</span><span class="n">handle</span><span class="si">}</span><span class="s1">'</span>
+ <span class="n">tweet_fields</span> <span class="o">=</span> <span class="s1">'tweet.fields=author_id'</span>
+ <span class="n">url</span> <span class="o">=</span> <span class="sa">f</span><span class="s1">'https://api.twitter.com/2/tweets/search/recent?query=</span><span class="si">{</span><span class="n">query</span><span class="si">}</span><span class="s1">&</span><span class="si">{</span><span class="n">tweet_fields</span><span class="si">}</span><span class="s1">'</span>
+ <span class="n">headers</span> <span class="o">=</span> <span class="p">{</span><span class="s1">'Authorization'</span><span class="p">:</span> <span class="sa">f</span><span class="s1">'Bearer </span><span class="si">{</span><span class="n">bearer_token</span><span class="si">}</span><span class="s1">'</span><span class="p">}</span>
+ <span class="n">load</span> <span class="o">=</span> <span class="n">connect_to_endpoint</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="n">headers</span><span class="p">)</span>
+ <span class="n">reference</span> <span class="o">=</span> <span class="n">sequence_list</span><span class="p">(</span><span class="s1">'twitter'</span><span class="p">,</span> <span class="n">load</span><span class="p">[</span><span class="s1">'data'</span><span class="p">])</span>
+ <span class="k">if</span> <span class="n">load</span><span class="p">[</span><span class="s1">'meta'</span><span class="p">][</span><span class="s1">'result_count'</span><span class="p">]</span> <span class="o"><</span> <span class="n">count</span><span class="p">:</span>
+ <span class="n">v</span> <span class="o">=</span> <span class="n">reference</span>
+ <span class="k">else</span><span class="p">:</span>
+ <span class="n">v</span> <span class="o">=</span> <span class="n">reference</span><span class="p">[:</span><span class="n">count</span><span class="p">]</span>
+ <span class="k">return</span> <span class="n">v</span>
+</code></pre></div>
+
<h2>Recent blog posts</h2>
<p>The main Apache site uses three different blog feeds. Here is how the site calls one, as an example:</p>
-<pre><code class="language-yaml"># used on index.ezmd
-foundation:
- # load, transform, and create a sequence of foundation blogs
- blog: https://blogs.apache.org/foundation/feed/entries/atom
- count: 1
-</code></pre>
-<p>The site is only interested in the most recent post's title and id/url.</p>
-<pre><code class="language-python"># retrieve blog posts from an Atom feed.
-def process_blog(feed, count, debug):
- print(f'blog feed: {feed}')
- content = requests.get(feed).text
- dom = xml.dom.minidom.parseString(content)
- # dive into the dom to get 'entry' elements
- entries = dom.getElementsByTagName('entry')
- # we only want count many from the beginning
- entries = entries[:count]
- v = [ ]
- for entry in entries:
- if debug:
- print(entry.tagName)
- # we only want the title and href
- v.append(
- {
- 'id': get_element_text(entry, 'id'),
- 'title': get_element_text(entry, 'title'),
- }
- )
- if debug:
- for s in v:
- print(s)
+<div class="highlight"><pre><span></span><code><span class="c1"># used on index.ezmd</span>
+<span class="nt">foundation</span><span class="p">:</span>
+<span class="w"> </span><span class="c1"># load, transform, and create a sequence of foundation blogs</span>
+<span class="w"> </span><span class="nt">blog</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://blogs.apache.org/foundation/feed/entries/atom</span>
+<span class="w"> </span><span class="nt">count</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1</span>
+</code></pre></div>
- return [ Blog(href=s['id'],
- title=s['title'])
- for s in v ]
-</code></pre>
+<p>The site is only interested in the most recent post's title and id/url.</p>
+<div class="highlight"><pre><span></span><code><span class="c1"># retrieve blog posts from an Atom feed.</span>
+<span class="k">def</span> <span class="nf">process_blog</span><span class="p">(</span><span class="n">feed</span><span class="p">,</span> <span class="n">count</span><span class="p">,</span> <span class="n">debug</span><span class="p">):</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'blog feed: </span><span class="si">{</span><span class="n">feed</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">content</span> <span class="o">=</span> <span class="n">requests</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">feed</span><span class="p">)</span><span class="o">.</span><span class="n">text</span>
+ <span class="n">dom</span> <span class="o">=</span> <span class="n">xml</span><span class="o">.</span><span class="n">dom</span><span class="o">.</span><span class="n">minidom</span><span class="o">.</span><span class="n">parseString</span><span class="p">(</span><span class="n">content</span><span class="p">)</span>
+ <span class="c1"># dive into the dom to get 'entry' elements</span>
+ <span class="n">entries</span> <span class="o">=</span> <span class="n">dom</span><span class="o">.</span><span class="n">getElementsByTagName</span><span class="p">(</span><span class="s1">'entry'</span><span class="p">)</span>
+ <span class="c1"># we only want count many from the beginning</span>
+ <span class="n">entries</span> <span class="o">=</span> <span class="n">entries</span><span class="p">[:</span><span class="n">count</span><span class="p">]</span>
+ <span class="n">v</span> <span class="o">=</span> <span class="p">[</span> <span class="p">]</span>
+ <span class="k">for</span> <span class="n">entry</span> <span class="ow">in</span> <span class="n">entries</span><span class="p">:</span>
+ <span class="k">if</span> <span class="n">debug</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="n">entry</span><span class="o">.</span><span class="n">tagName</span><span class="p">)</span>
+ <span class="c1"># we only want the title and href</span>
+ <span class="n">v</span><span class="o">.</span><span class="n">append</span><span class="p">(</span>
+ <span class="p">{</span>
+ <span class="s1">'id'</span><span class="p">:</span> <span class="n">get_element_text</span><span class="p">(</span><span class="n">entry</span><span class="p">,</span> <span class="s1">'id'</span><span class="p">),</span>
+ <span class="s1">'title'</span><span class="p">:</span> <span class="n">get_element_text</span><span class="p">(</span><span class="n">entry</span><span class="p">,</span> <span class="s1">'title'</span><span class="p">),</span>
+ <span class="p">}</span>
+ <span class="p">)</span>
+ <span class="k">if</span> <span class="n">debug</span><span class="p">:</span>
+ <span class="k">for</span> <span class="n">s</span> <span class="ow">in</span> <span class="n">v</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="n">s</span><span class="p">)</span>
+
+ <span class="k">return</span> <span class="p">[</span> <span class="n">Blog</span><span class="p">(</span><span class="n">href</span><span class="o">=</span><span class="n">s</span><span class="p">[</span><span class="s1">'id'</span><span class="p">],</span>
+ <span class="n">title</span><span class="o">=</span><span class="n">s</span><span class="p">[</span><span class="s1">'title'</span><span class="p">])</span>
+ <span class="k">for</span> <span class="n">s</span> <span class="ow">in</span> <span class="n">v</span> <span class="p">]</span>
+</code></pre></div>
+
<p>Note the use of the <code>Blog</code> class. Its definition is in the code for the next example.</p>
<h2>ECCN Data Sequences</h2>
<p>The ECCN data matrix is records a project's bisnotice emails regarding encryption code.
It has four layers: projects, products, versions, and controlled sources. This information is primarily of interest to the main Apache site, but may be useful to those working on project websites in showing how the system secures and processes data.</p>
<p>Here are the ASF_DATA directives</p>
-<pre><code class="language-yaml"># used on licenses/exports/index.ezmd
-eccn:
- # load, transform, and create a four tiered structure of sequence objects
- # projects, products, versions, and sources
- file: data/eccn/eccnmatrix.yaml
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># used on licenses/exports/index.ezmd</span>
+<span class="nt">eccn</span><span class="p">:</span>
+<span class="w"> </span><span class="c1"># load, transform, and create a four tiered structure of sequence objects</span>
+<span class="w"> </span><span class="c1"># projects, products, versions, and sources</span>
+<span class="w"> </span><span class="nt">file</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">data/eccn/eccnmatrix.yaml</span>
+</code></pre></div>
+
<p>Here is a sample of the data for the first project.</p>
-<pre><code class="language-yaml">eccnmatrix:
- - href: 'http://accumulo.apache.org/'
- name: Apache Accumulo Project
- contact: John Vines
- product:
- - name: Apache Accumulo Project
- versions:
- - version: development
- eccn: 5D002
- source:
- - href: 'https://git-wip-us.apache.org/repos/asf/accumulo.git'
- manufacturer: ASF
- why: Designed for use with built in Java encryption libraries
- - href: 'http://www.bouncycastle.org/download/bcmail-jdk15-137.tar.gz'
- manufacturer: Bouncy Castle
- why: General-purpose encryption library for Java 1.5
- - version: 1.6.0 and on
- eccn: 5D002
- source:
- - href: 'https://git-wip-us.apache.org/repos/asf/accumulo.git'
- manufacturer: ASF
- why: Designed for use with built in Java encryption libraries
- - href: 'http://www.bouncycastle.org/download/bcmail-jdk15-137.tar.gz'
- manufacturer: Bouncy Castle
- why: General-purpose encryption library for Java 1.5
- - version: 1.5.x
- eccn: 5D002
- source:
- - href: 'https://git-wip-us.apache.org/repos/asf/accumulo.git'
- manufacturer: ASF
- why: Designed for use with built in Java encryption libraries
- ...
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="nt">eccnmatrix</span><span class="p">:</span>
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">href</span><span class="p">:</span><span class="w"> </span><span class="s">'http://accumulo.apache.org/'</span>
+<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Apache Accumulo Project</span>
+<span class="w"> </span><span class="nt">contact</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">John Vines</span>
+<span class="w"> </span><span class="nt">product</span><span class="p">:</span>
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Apache Accumulo Project</span>
+<span class="w"> </span><span class="nt">versions</span><span class="p">:</span>
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">development</span>
+<span class="w"> </span><span class="nt">eccn</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5D002</span>
+<span class="w"> </span><span class="nt">source</span><span class="p">:</span>
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">href</span><span class="p">:</span><span class="w"> </span><span class="s">'https://git-wip-us.apache.org/repos/asf/accumulo.git'</span>
+<span class="w"> </span><span class="nt">manufacturer</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ASF</span>
+<span class="w"> </span><span class="nt">why</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Designed for use with built in Java encryption libraries</span>
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">href</span><span class="p">:</span><span class="w"> </span><span class="s">'http://www.bouncycastle.org/download/bcmail-jdk15-137.tar.gz'</span>
+<span class="w"> </span><span class="nt">manufacturer</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Bouncy Castle</span>
+<span class="w"> </span><span class="nt">why</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">General-purpose encryption library for Java 1.5</span>
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1.6.0 and on</span>
+<span class="w"> </span><span class="nt">eccn</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5D002</span>
+<span class="w"> </span><span class="nt">source</span><span class="p">:</span>
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">href</span><span class="p">:</span><span class="w"> </span><span class="s">'https://git-wip-us.apache.org/repos/asf/accumulo.git'</span>
+<span class="w"> </span><span class="nt">manufacturer</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ASF</span>
+<span class="w"> </span><span class="nt">why</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Designed for use with built in Java encryption libraries</span>
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">href</span><span class="p">:</span><span class="w"> </span><span class="s">'http://www.bouncycastle.org/download/bcmail-jdk15-137.tar.gz'</span>
+<span class="w"> </span><span class="nt">manufacturer</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Bouncy Castle</span>
+<span class="w"> </span><span class="nt">why</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">General-purpose encryption library for Java 1.5</span>
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">1.5.x</span>
+<span class="w"> </span><span class="nt">eccn</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5D002</span>
+<span class="w"> </span><span class="nt">source</span><span class="p">:</span>
+<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">href</span><span class="p">:</span><span class="w"> </span><span class="s">'https://git-wip-us.apache.org/repos/asf/accumulo.git'</span>
+<span class="w"> </span><span class="nt">manufacturer</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ASF</span>
+<span class="w"> </span><span class="nt">why</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Designed for use with built in Java encryption libraries</span>
+<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">...</span>
+</code></pre></div>
+
<p>Here is the custom processing for the ECCN data matrix. Note the wrappers.</p>
-<pre><code class="language-python"># create sequence of sequences of ASF ECCN data.
-def process_eccn(fname):
- print('-----\nECCN:', fname)
- j = yaml.safe_load(open(fname))
+<div class="highlight"><pre><span></span><code><span class="c1"># create sequence of sequences of ASF ECCN data.</span>
+<span class="k">def</span> <span class="nf">process_eccn</span><span class="p">(</span><span class="n">fname</span><span class="p">):</span>
+ <span class="nb">print</span><span class="p">(</span><span class="s1">'-----</span><span class="se">\n</span><span class="s1">ECCN:'</span><span class="p">,</span> <span class="n">fname</span><span class="p">)</span>
+ <span class="n">j</span> <span class="o">=</span> <span class="n">yaml</span><span class="o">.</span><span class="n">safe_load</span><span class="p">(</span><span class="nb">open</span><span class="p">(</span><span class="n">fname</span><span class="p">))</span>
- # versions have zero or more controlled sources
- def make_sources(sources):
- return [ Source(href=s['href'],
- manufacturer=s['manufacturer'],
- why=s['why'])
- for s in sources ]
+ <span class="c1"># versions have zero or more controlled sources</span>
+ <span class="k">def</span> <span class="nf">make_sources</span><span class="p">(</span><span class="n">sources</span><span class="p">):</span>
+ <span class="k">return</span> <span class="p">[</span> <span class="n">Source</span><span class="p">(</span><span class="n">href</span><span class="o">=</span><span class="n">s</span><span class="p">[</span><span class="s1">'href'</span><span class="p">],</span>
+ <span class="n">manufacturer</span><span class="o">=</span><span class="n">s</span><span class="p">[</span><span class="s1">'manufacturer'</span><span class="p">],</span>
+ <span class="n">why</span><span class="o">=</span><span class="n">s</span><span class="p">[</span><span class="s1">'why'</span><span class="p">])</span>
+ <span class="k">for</span> <span class="n">s</span> <span class="ow">in</span> <span class="n">sources</span> <span class="p">]</span>
- # products have one or more versions
- def make_versions(vsns):
- return [ Version(version=v['version'],
- eccn=v['eccn'],
- source=make_sources(v.get('source', [ ])),
- )
- for v in sorted(vsns,
- key=operator.itemgetter('version')) ]
+ <span class="c1"># products have one or more versions</span>
+ <span class="k">def</span> <span class="nf">make_versions</span><span class="p">(</span><span class="n">vsns</span><span class="p">):</span>
+ <span class="k">return</span> <span class="p">[</span> <span class="n">Version</span><span class="p">(</span><span class="n">version</span><span class="o">=</span><span class="n">v</span><span class="p">[</span><span class="s1">'version'</span><span class="p">],</span>
+ <span class="n">eccn</span><span class="o">=</span><span class="n">v</span><span class="p">[</span><span class="s1">'eccn'</span><span class="p">],</span>
+ <span class="n">source</span><span class="o">=</span><span class="n">make_sources</span><span class="p">(</span><span class="n">v</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'source'</span><span class="p">,</span> <span class="p">[</span> <span class="p">])),</span>
+ <span class="p">)</span>
+ <span class="k">for</span> <span class="n">v</span> <span class="ow">in</span> <span class="nb">sorted</span><span class="p">(</span><span class="n">vsns</span><span class="p">,</span>
+ <span class="n">key</span><span class="o">=</span><span class="n">operator</span><span class="o">.</span><span class="n">itemgetter</span><span class="p">(</span><span class="s1">'version'</span><span class="p">))</span> <span class="p">]</span>
- # projects have one or more products
- def make_products(prods):
- return [ Product(name=p['name'],
- versions=make_versions(p['versions']),
- )
- for p in sorted(prods,
- key=operator.itemgetter('name')) ]
+ <span class="c1"># projects have one or more products</span>
+ <span class="k">def</span> <span class="nf">make_products</span><span class="p">(</span><span class="n">prods</span><span class="p">):</span>
+ <span class="k">return</span> <span class="p">[</span> <span class="n">Product</span><span class="p">(</span><span class="n">name</span><span class="o">=</span><span class="n">p</span><span class="p">[</span><span class="s1">'name'</span><span class="p">],</span>
+ <span class="n">versions</span><span class="o">=</span><span class="n">make_versions</span><span class="p">(</span><span class="n">p</span><span class="p">[</span><span class="s1">'versions'</span><span class="p">]),</span>
+ <span class="p">)</span>
+ <span class="k">for</span> <span class="n">p</span> <span class="ow">in</span> <span class="nb">sorted</span><span class="p">(</span><span class="n">prods</span><span class="p">,</span>
+ <span class="n">key</span><span class="o">=</span><span class="n">operator</span><span class="o">.</span><span class="n">itemgetter</span><span class="p">(</span><span class="s1">'name'</span><span class="p">))</span> <span class="p">]</span>
- # eccn matrix has one or more projects
- return [ Project(name=proj['name'],
- href=proj['href'],
- contact=proj['contact'],
- product=make_products(proj['product']))
- for proj in sorted(j['eccnmatrix'],
- key=operator.itemgetter('name')) ]
+ <span class="c1"># eccn matrix has one or more projects</span>
+ <span class="k">return</span> <span class="p">[</span> <span class="n">Project</span><span class="p">(</span><span class="n">name</span><span class="o">=</span><span class="n">proj</span><span class="p">[</span><span class="s1">'name'</span><span class="p">],</span>
+ <span class="n">href</span><span class="o">=</span><span class="n">proj</span><span class="p">[</span><span class="s1">'href'</span><span class="p">],</span>
+ <span class="n">contact</span><span class="o">=</span><span class="n">proj</span><span class="p">[</span><span class="s1">'contact'</span><span class="p">],</span>
+ <span class="n">product</span><span class="o">=</span><span class="n">make_products</span><span class="p">(</span><span class="n">proj</span><span class="p">[</span><span class="s1">'product'</span><span class="p">]))</span>
+ <span class="k">for</span> <span class="n">proj</span> <span class="ow">in</span> <span class="nb">sorted</span><span class="p">(</span><span class="n">j</span><span class="p">[</span><span class="s1">'eccnmatrix'</span><span class="p">],</span>
+ <span class="n">key</span><span class="o">=</span><span class="n">operator</span><span class="o">.</span><span class="n">itemgetter</span><span class="p">(</span><span class="s1">'name'</span><span class="p">))</span> <span class="p">]</span>
-# object wrappers
-class wrapper:
- def __init__(self, **kw):
- vars(self).update(kw)
+<span class="c1"># object wrappers</span>
+<span class="k">class</span> <span class="nc">wrapper</span><span class="p">:</span>
+ <span class="k">def</span> <span class="fm">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">**</span><span class="n">kw</span><span class="p">):</span>
+ <span class="nb">vars</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span><span class="o">.</span><span class="n">update</span><span class="p">(</span><span class="n">kw</span><span class="p">)</span>
-# Improve the names when failures occur.
-class Source(wrapper): pass
-class Version(wrapper): pass
-class Product(wrapper): pass
-class Project(wrapper): pass
-class Blog(wrapper): pass
-</code></pre>
+<span class="c1"># Improve the names when failures occur.</span>
+<span class="k">class</span> <span class="nc">Source</span><span class="p">(</span><span class="n">wrapper</span><span class="p">):</span> <span class="k">pass</span>
+<span class="k">class</span> <span class="nc">Version</span><span class="p">(</span><span class="n">wrapper</span><span class="p">):</span> <span class="k">pass</span>
+<span class="k">class</span> <span class="nc">Product</span><span class="p">(</span><span class="n">wrapper</span><span class="p">):</span> <span class="k">pass</span>
+<span class="k">class</span> <span class="nc">Project</span><span class="p">(</span><span class="n">wrapper</span><span class="p">):</span> <span class="k">pass</span>
+<span class="k">class</span> <span class="nc">Blog</span><span class="p">(</span><span class="n">wrapper</span><span class="p">):</span> <span class="k">pass</span>
+</code></pre></div>
+
<h2>Committee Info</h2>
<p>The committee info data contains three data structures: - officers, committees, and the board of directors. Again, this is primarily of interest to the main Apache site.</p>
<p>From these we derive:</p>
@@ -291,327 +294,345 @@
</ul>
<h3>Board of Directors</h3>
<p>The Board of Directors sequence is derived first.</p>
-<pre><code class="language-json"> ...
- "board": {
- "roster": {
- "bdelacretaz": {
- "name": "Bertrand Delacretaz"
- },
- "fielding": {
- "name": "Roy T. Fielding"
- },
- "sharan": {
- "name": "Sharan Foga"
- },
- "jmclean": {
- "name": "Justin Mclean"
- },
- "rubys": {
- "name": "Sam Ruby"
- },
- "clr": {
- "name": "Craig L Russell"
- },
- "rvs": {
- "name": "Roman Shaposhnik"
- },
- "striker": {
- "name": "Sander Striker"
- },
- "wusheng": {
- "name": "Sheng Wu"
- }
- }
- }
- ...
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="err">...</span>
+<span class="w"> </span><span class="nt">"board"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"roster"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"bdelacretaz"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Bertrand Delacretaz"</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="nt">"fielding"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Roy T. Fielding"</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="nt">"sharan"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Sharan Foga"</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="nt">"jmclean"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Justin Mclean"</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="nt">"rubys"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Sam Ruby"</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="nt">"clr"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Craig L Russell"</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="nt">"rvs"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Roman Shaposhnik"</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="nt">"striker"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Sander Striker"</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="nt">"wusheng"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Sheng Wu"</span>
+<span class="w"> </span><span class="p">}</span>
+<span class="w"> </span><span class="p">}</span>
+<span class="w"> </span><span class="p">}</span>
+<span class="w"> </span><span class="err">...</span>
+</code></pre></div>
+
<p>Here are the directives</p>
-<pre><code class="language-yaml">ci:
- # load, transform, and create data sequences from committee info
- url: https://whimsy.apache.org/public/committee-info.json
- board:
- # used on /foundation/ and /foundation/board/
- description: 'Board of Directors sequence'
- # select ci['board']['roster'] for the sequence
- path: board.roster
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="nt">ci</span><span class="p">:</span>
+<span class="w"> </span><span class="c1"># load, transform, and create data sequences from committee info </span>
+<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://whimsy.apache.org/public/committee-info.json</span>
+<span class="w"> </span><span class="nt">board</span><span class="p">:</span>
+<span class="w"> </span><span class="c1"># used on /foundation/ and /foundation/board/</span>
+<span class="w"> </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="s">'Board</span><span class="nv"> </span><span class="s">of</span><span class="nv"> </span><span class="s">Directors</span><span class="nv"> </span><span class="s">sequence'</span>
+<span class="w"> </span><span class="c1"># select ci['board']['roster'] for the sequence</span>
+<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">board.roster</span>
+</code></pre></div>
+
<p>Here is the Python code used to select the board roster from committee info.</p>
-<pre><code class="language-python"> # select sub dictionary
- if 'path' in sequence:
- print(f'path: {sequence["path"]}')
- parts = sequence['path'].split('.')
- for part in parts:
- reference = reference[part]
-</code></pre>
+<div class="highlight"><pre><span></span><code> <span class="c1"># select sub dictionary</span>
+ <span class="k">if</span> <span class="s1">'path'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'path: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"path"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">parts</span> <span class="o">=</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'path'</span><span class="p">]</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">'.'</span><span class="p">)</span>
+ <span class="k">for</span> <span class="n">part</span> <span class="ow">in</span> <span class="n">parts</span><span class="p">:</span>
+ <span class="n">reference</span> <span class="o">=</span> <span class="n">reference</span><span class="p">[</span><span class="n">part</span><span class="p">]</span>
+</code></pre></div>
+
<p>The following procedure converts a dictionary into a sequence of objects with attributes.</p>
-<pre><code class="language-python"># convert a dictionary into a sequence (list)
-def sequence_dict(seq, reference):
- sequence = [ ]
- for refs in reference:
- # converting dicts into objects with attributes. Ignore non-dict content.
- if isinstance(reference[refs], dict):
- # put the key of the dict into the dictionary
- reference[refs]['key_id'] = refs
- for item in reference[refs]:
- if isinstance(reference[refs][item], bool):
- # fix up any Boolean values to be ezt.boolean - essentially True -> "yes"
- reference[refs][item] = ezt.boolean(reference[refs][item])
- # convert the dict into an object with attributes and append to the sequence
- sequence.append(type(seq, (), reference[refs]))
- return sequence
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># convert a dictionary into a sequence (list)</span>
+<span class="k">def</span> <span class="nf">sequence_dict</span><span class="p">(</span><span class="n">seq</span><span class="p">,</span> <span class="n">reference</span><span class="p">):</span>
+ <span class="n">sequence</span> <span class="o">=</span> <span class="p">[</span> <span class="p">]</span>
+ <span class="k">for</span> <span class="n">refs</span> <span class="ow">in</span> <span class="n">reference</span><span class="p">:</span>
+ <span class="c1"># converting dicts into objects with attributes. Ignore non-dict content.</span>
+ <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">],</span> <span class="nb">dict</span><span class="p">):</span>
+ <span class="c1"># put the key of the dict into the dictionary</span>
+ <span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">][</span><span class="s1">'key_id'</span><span class="p">]</span> <span class="o">=</span> <span class="n">refs</span>
+ <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">]:</span>
+ <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">][</span><span class="n">item</span><span class="p">],</span> <span class="nb">bool</span><span class="p">):</span>
+ <span class="c1"># fix up any Boolean values to be ezt.boolean - essentially True -> "yes"</span>
+ <span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">][</span><span class="n">item</span><span class="p">]</span> <span class="o">=</span> <span class="n">ezt</span><span class="o">.</span><span class="n">boolean</span><span class="p">(</span><span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">][</span><span class="n">item</span><span class="p">])</span>
+ <span class="c1"># convert the dict into an object with attributes and append to the sequence</span>
+ <span class="n">sequence</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="nb">type</span><span class="p">(</span><span class="n">seq</span><span class="p">,</span> <span class="p">(),</span> <span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">]))</span>
+ <span class="k">return</span> <span class="n">sequence</span>
+</code></pre></div>
+
<h3>Officers</h3>
<p>How the system assembles the list of Foundation officers.</p>
-<pre><code class="language-json"> "boardchair": {
- "display_name": "Board Chair",
- "paragraph": "Executive Officers",
- "roster": {
- "striker": {
- "name": "Sander Striker"
- }
- }
- },
-</code></pre>
-<p>Committees / PMC Chairs. Roster and Reporting is omitted.</p>
-<pre><code class="language-json"> ...
- "zookeeper": {
- "display_name": "ZooKeeper",
- "site": "http://zookeeper.apache.org/",
- "description": "Centralized service for maintaining configuration information",
- "mail_list": "zookeeper",
- "established": "11/2010",
- "chair": {
- "fpj": {
- "name": "Flavio Junqueira"
- }
- },
- "pmc": true
- },
- "legal": {
- "display_name": "Legal Affairs",
- "site": null,
- "description": null,
- "mail_list": "legal",
- "established": "03/2007",
- "chair": {
- "rvs": {
- "name": "Roman Shaposhnik"
- }
- },
- "pmc": false,
- "paragraph": "Board Committees"
- },
- ...
-</code></pre>
-<p>Here are the directives that create metadata models from the above data.</p>
-<pre><code class="language-yaml"> officers:
- description: 'Foundation Officers sequence'
- # select ci['officers'] for the sequence
- path: officers
- # convert ci['officers']['roster']
- asfid: roster
- committees:
- description: 'Foundation Committees sequence'
- # ci['committees']
- path: committees
- # remove all report and roster dictionaries from committees
- trim: report,roster
- # convert ci['committees']['chair']
- asfid: chair
- ci:
- # used on /foundation/
- description: 'Dictionary of officers and committees'
- # save a merged dictionary version of these sequences.
- dictionary: officers,committees
-</code></pre>
-<p>We've already seen the code for <code>path</code> above. Here is the code that invokes <code>trim</code> and <code>asfid</code>:</p>
-<pre><code class="language-python"> # remove irrelevant keys
- if 'trim' in sequence:
- print(f'trim: {sequence["trim"]}')
- parts = sequence['trim'].split(',')
- for part in parts:
- remove_part(reference, part)
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="nt">"boardchair"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"display_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Board Chair"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"paragraph"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Executive Officers"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"roster"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"striker"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Sander Striker"</span>
+<span class="w"> </span><span class="p">}</span>
+<span class="w"> </span><span class="p">}</span>
+<span class="w"> </span><span class="p">},</span>
+</code></pre></div>
- # transform roster and chair patterns
- if 'asfid' in sequence:
- print(f'asfid: {sequence["asfid"]}')
- asfid_part(reference, sequence['asfid'])
-</code></pre>
+<p>Committees / PMC Chairs. Roster and Reporting is omitted.</p>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="err">...</span>
+<span class="w"> </span><span class="nt">"zookeeper"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"display_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ZooKeeper"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"site"</span><span class="p">:</span><span class="w"> </span><span class="s2">"http://zookeeper.apache.org/"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Centralized service for maintaining configuration information"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"mail_list"</span><span class="p">:</span><span class="w"> </span><span class="s2">"zookeeper"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"established"</span><span class="p">:</span><span class="w"> </span><span class="s2">"11/2010"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"chair"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"fpj"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Flavio Junqueira"</span>
+<span class="w"> </span><span class="p">}</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="nt">"pmc"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="nt">"legal"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"display_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Legal Affairs"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"site"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"description"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"mail_list"</span><span class="p">:</span><span class="w"> </span><span class="s2">"legal"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"established"</span><span class="p">:</span><span class="w"> </span><span class="s2">"03/2007"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"chair"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"rvs"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Roman Shaposhnik"</span>
+<span class="w"> </span><span class="p">}</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="nt">"pmc"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"paragraph"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Board Committees"</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="err">...</span>
+</code></pre></div>
+
+<p>Here are the directives that create metadata models from the above data.</p>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="nt">officers</span><span class="p">:</span>
+<span class="w"> </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="s">'Foundation</span><span class="nv"> </span><span class="s">Officers</span><span class="nv"> </span><span class="s">sequence'</span>
+<span class="w"> </span><span class="c1"># select ci['officers'] for the sequence</span>
+<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">officers</span>
+<span class="w"> </span><span class="c1"># convert ci['officers']['roster']</span>
+<span class="w"> </span><span class="nt">asfid</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">roster</span>
+<span class="w"> </span><span class="nt">committees</span><span class="p">:</span>
+<span class="w"> </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="s">'Foundation</span><span class="nv"> </span><span class="s">Committees</span><span class="nv"> </span><span class="s">sequence'</span>
+<span class="w"> </span><span class="c1"># ci['committees']</span>
+<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">committees</span>
+<span class="w"> </span><span class="c1"># remove all report and roster dictionaries from committees</span>
+<span class="w"> </span><span class="nt">trim</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">report,roster</span>
+<span class="w"> </span><span class="c1"># convert ci['committees']['chair']</span>
+<span class="w"> </span><span class="nt">asfid</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">chair</span>
+<span class="w"> </span><span class="nt">ci</span><span class="p">:</span>
+<span class="w"> </span><span class="c1"># used on /foundation/</span>
+<span class="w"> </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="s">'Dictionary</span><span class="nv"> </span><span class="s">of</span><span class="nv"> </span><span class="s">officers</span><span class="nv"> </span><span class="s">and</span><span class="nv"> </span><span class="s">committees'</span>
+<span class="w"> </span><span class="c1"># save a merged dictionary version of these sequences.</span>
+<span class="w"> </span><span class="nt">dictionary</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">officers,committees</span>
+</code></pre></div>
+
+<p>We've already seen the code for <code>path</code> above. Here is the code that invokes <code>trim</code> and <code>asfid</code>:</p>
+<div class="highlight"><pre><span></span><code> <span class="c1"># remove irrelevant keys</span>
+ <span class="k">if</span> <span class="s1">'trim'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'trim: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"trim"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">parts</span> <span class="o">=</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'trim'</span><span class="p">]</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">','</span><span class="p">)</span>
+ <span class="k">for</span> <span class="n">part</span> <span class="ow">in</span> <span class="n">parts</span><span class="p">:</span>
+ <span class="n">remove_part</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">part</span><span class="p">)</span>
+
+ <span class="c1"># transform roster and chair patterns</span>
+ <span class="k">if</span> <span class="s1">'asfid'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'asfid: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"asfid"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">asfid_part</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'asfid'</span><span class="p">])</span>
+</code></pre></div>
+
<p>Here is the code that trims a key from a dictionary:</p>
-<pre><code class="language-python"># remove parts of a data source we don't want ro access
-def remove_part(reference, part):
- for refs in reference:
- if refs == part:
- del reference[part]
- return
- elif isinstance(reference[refs], dict):
- remove_part(reference[refs], part)
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># remove parts of a data source we don't want ro access</span>
+<span class="k">def</span> <span class="nf">remove_part</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">part</span><span class="p">):</span>
+ <span class="k">for</span> <span class="n">refs</span> <span class="ow">in</span> <span class="n">reference</span><span class="p">:</span>
+ <span class="k">if</span> <span class="n">refs</span> <span class="o">==</span> <span class="n">part</span><span class="p">:</span>
+ <span class="k">del</span> <span class="n">reference</span><span class="p">[</span><span class="n">part</span><span class="p">]</span>
+ <span class="k">return</span>
+ <span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">],</span> <span class="nb">dict</span><span class="p">):</span>
+ <span class="n">remove_part</span><span class="p">(</span><span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">],</span> <span class="n">part</span><span class="p">)</span>
+</code></pre></div>
+
<p>Here is the code that rearranges the chair or officer (roster) so that the dictionary is flattened before sequencing.</p>
-<pre><code class="language-python"># rotate a roster list singleton into an name and availid
-def asfid_part(reference, part):
- for refs in reference:
- fix = reference[refs][part]
- for k in fix:
- availid = k
- name = fix[k]['name']
- reference[refs][part] = name
- reference[refs]['availid'] = availid
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># rotate a roster list singleton into an name and availid </span>
+<span class="k">def</span> <span class="nf">asfid_part</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">part</span><span class="p">):</span>
+ <span class="k">for</span> <span class="n">refs</span> <span class="ow">in</span> <span class="n">reference</span><span class="p">:</span>
+ <span class="n">fix</span> <span class="o">=</span> <span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">][</span><span class="n">part</span><span class="p">]</span>
+ <span class="k">for</span> <span class="n">k</span> <span class="ow">in</span> <span class="n">fix</span><span class="p">:</span>
+ <span class="n">availid</span> <span class="o">=</span> <span class="n">k</span>
+ <span class="n">name</span> <span class="o">=</span> <span class="n">fix</span><span class="p">[</span><span class="n">k</span><span class="p">][</span><span class="s1">'name'</span><span class="p">]</span>
+ <span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">][</span><span class="n">part</span><span class="p">]</span> <span class="o">=</span> <span class="n">name</span>
+ <span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">][</span><span class="s1">'availid'</span><span class="p">]</span> <span class="o">=</span> <span class="n">availid</span>
+</code></pre></div>
+
<p>The <code>ci</code> data model is a dictionary we need to improve the display of officers on the ASF main site.</p>
-<pre><code class="language-python"> # this dictionary is derived from sub-dictionaries
- if 'dictionary' in sequence:
- print(f'dictionary: {sequence["dictionary"]}')
- reference = { }
- paths = sequence['dictionary'].split(',')
- # create a dictionary from the keys in one or more sub-dictionaries
- for path in paths:
- for key in load[path]:
- reference[key] = load[path][key]
- # dictionary result, do not sequence
- is_dictionary = True
-</code></pre>
+<div class="highlight"><pre><span></span><code> <span class="c1"># this dictionary is derived from sub-dictionaries</span>
+ <span class="k">if</span> <span class="s1">'dictionary'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'dictionary: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"dictionary"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">reference</span> <span class="o">=</span> <span class="p">{</span> <span class="p">}</span>
+ <span class="n">paths</span> <span class="o">=</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'dictionary'</span><span class="p">]</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">','</span><span class="p">)</span>
+ <span class="c1"># create a dictionary from the keys in one or more sub-dictionaries</span>
+ <span class="k">for</span> <span class="n">path</span> <span class="ow">in</span> <span class="n">paths</span><span class="p">:</span>
+ <span class="k">for</span> <span class="n">key</span> <span class="ow">in</span> <span class="n">load</span><span class="p">[</span><span class="n">path</span><span class="p">]:</span>
+ <span class="n">reference</span><span class="p">[</span><span class="n">key</span><span class="p">]</span> <span class="o">=</span> <span class="n">load</span><span class="p">[</span><span class="n">path</span><span class="p">][</span><span class="n">key</span><span class="p">]</span>
+ <span class="c1"># dictionary result, do not sequence</span>
+ <span class="n">is_dictionary</span> <span class="o">=</span> <span class="kc">True</span>
+</code></pre></div>
+
<h3>Projects / PMCs</h3>
-<p>For sequences about projects we first derive a project list from the committee list. We supplement it with each project's initial letter to provide an alphabetical project index.</p>
-<pre><code class="language-yaml"> projects:
- description: 'Current Projects'
- # ci['committees']
- path: committees
- # select only where 'pmc' is true.
- where: pmc
- # sort by project name
- alpha: display_name
-</code></pre>
+<p>For sequences about projects we first derive a project list from the committee list. We supplement it with each project's initial letter to provide an alphabetical project index. </p>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="nt">projects</span><span class="p">:</span>
+<span class="w"> </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="s">'Current</span><span class="nv"> </span><span class="s">Projects'</span>
+<span class="w"> </span><span class="c1"># ci['committees']</span>
+<span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">committees</span>
+<span class="w"> </span><span class="c1"># select only where 'pmc' is true.</span>
+<span class="w"> </span><span class="nt">where</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pmc</span>
+<span class="w"> </span><span class="c1"># sort by project name</span>
+<span class="w"> </span><span class="nt">alpha</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">display_name</span>
+</code></pre></div>
+
<p>Here's the code that trims non-pmcs from the committee list.</p>
-<pre><code class="language-python"># trim out parts of a data source that don't match part = True
-def where_parts(reference, part):
- # currently only works on True parts
- # if we trim as we go we invalidate the iterator. Instead create a deletion list.
- filtered = [ ]
- # first find the list that needs to be trimmed.
- for refs in reference:
- if not reference[refs][part]:
- filtered.append(refs)
- # remove the parts to be trimmed.
- for refs in filtered:
- del reference[refs]
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># trim out parts of a data source that don't match part = True</span>
+<span class="k">def</span> <span class="nf">where_parts</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">part</span><span class="p">):</span>
+ <span class="c1"># currently only works on True parts</span>
+ <span class="c1"># if we trim as we go we invalidate the iterator. Instead create a deletion list.</span>
+ <span class="n">filtered</span> <span class="o">=</span> <span class="p">[</span> <span class="p">]</span>
+ <span class="c1"># first find the list that needs to be trimmed.</span>
+ <span class="k">for</span> <span class="n">refs</span> <span class="ow">in</span> <span class="n">reference</span><span class="p">:</span>
+ <span class="k">if</span> <span class="ow">not</span> <span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">][</span><span class="n">part</span><span class="p">]:</span>
+ <span class="n">filtered</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">refs</span><span class="p">)</span>
+ <span class="c1"># remove the parts to be trimmed.</span>
+ <span class="k">for</span> <span class="n">refs</span> <span class="ow">in</span> <span class="n">filtered</span><span class="p">:</span>
+ <span class="k">del</span> <span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">]</span>
+</code></pre></div>
+
<p>This code provides an alphabetical index for the product index derived below.</p>
-<pre><code class="language-python"># perform alphabetation. HTTP Server is special and is put before 'A'
-def alpha_part(reference, part):
- for refs in reference:
- name = reference[refs][part]
- if name == 'HTTP Server':
- # when sorting by letter HTTPD Server is wanted first
- letter = ' '
- else:
- letter = name[0].upper()
- reference[refs]['letter'] = letter
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># perform alphabetation. HTTP Server is special and is put before 'A'</span>
+<span class="k">def</span> <span class="nf">alpha_part</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">part</span><span class="p">):</span>
+ <span class="k">for</span> <span class="n">refs</span> <span class="ow">in</span> <span class="n">reference</span><span class="p">:</span>
+ <span class="n">name</span> <span class="o">=</span> <span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">][</span><span class="n">part</span><span class="p">]</span>
+ <span class="k">if</span> <span class="n">name</span> <span class="o">==</span> <span class="s1">'HTTP Server'</span><span class="p">:</span>
+ <span class="c1"># when sorting by letter HTTPD Server is wanted first</span>
+ <span class="n">letter</span> <span class="o">=</span> <span class="s1">' '</span>
+ <span class="k">else</span><span class="p">:</span>
+ <span class="n">letter</span> <span class="o">=</span> <span class="n">name</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span><span class="o">.</span><span class="n">upper</span><span class="p">()</span>
+ <span class="n">reference</span><span class="p">[</span><span class="n">refs</span><span class="p">][</span><span class="s1">'letter'</span><span class="p">]</span> <span class="o">=</span> <span class="n">letter</span>
+</code></pre></div>
+
<h3>Featured projects</h3>
<p>On the front page on the main ASF site we feature a random sample of projects. We also want to display a project's logo.</p>
-<pre><code class="language-yaml"> featured_projs:
- # used on /
- description: 'Featured Projects'
- # base on projects sequence
- sequence: projects
- # take a random sample of 3
- random: 3
- # logo path - use apache powered by if missing
- logo: /logos/res/{}/default.png,/foundation/press/kit/poweredBy/Apache_PoweredBy.svg
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="nt">featured_projs</span><span class="p">:</span>
+<span class="w"> </span><span class="c1"># used on /</span>
+<span class="w"> </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="s">'Featured</span><span class="nv"> </span><span class="s">Projects'</span>
+<span class="w"> </span><span class="c1"># base on projects sequence</span>
+<span class="w"> </span><span class="nt">sequence</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">projects</span>
+<span class="w"> </span><span class="c1"># take a random sample of 3</span>
+<span class="w"> </span><span class="nt">random</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">3</span>
+<span class="w"> </span><span class="c1"># logo path - use apache powered by if missing</span>
+<span class="w"> </span><span class="nt">logo</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/logos/res/{}/default.png,/foundation/press/kit/poweredBy/Apache_PoweredBy.svg</span>
+</code></pre></div>
+
<p>Here is the code to copy a sequence, take a random sample, add the logo (or the ASF feather if there is no product logo), and, for featured podlings, adjust the name:</p>
-<pre><code class="language-python"> # this sequence is derived from another sequence
- if 'sequence' in sequence:
- print(f'sequence: {sequence["sequence"]}')
- reference = metadata[sequence['sequence']]
- # sequences derived from prior sequences do not need to be converted to a sequence
- is_sequence = True
+<div class="highlight"><pre><span></span><code> <span class="c1"># this sequence is derived from another sequence</span>
+ <span class="k">if</span> <span class="s1">'sequence'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'sequence: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"sequence"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">reference</span> <span class="o">=</span> <span class="n">metadata</span><span class="p">[</span><span class="n">sequence</span><span class="p">[</span><span class="s1">'sequence'</span><span class="p">]]</span>
+ <span class="c1"># sequences derived from prior sequences do not need to be converted to a sequence</span>
+ <span class="n">is_sequence</span> <span class="o">=</span> <span class="kc">True</span>
- # this sequence is a random sample of another sequence
- if 'random' in sequence:
- print(f'random: {sequence["random"]}')
- if is_sequence:
- reference = random.sample(reference, sequence['random'])
- else:
- print(f'{seq} - random requires an existing sequence to sample')
+ <span class="c1"># this sequence is a random sample of another sequence</span>
+ <span class="k">if</span> <span class="s1">'random'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'random: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"random"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">is_sequence</span><span class="p">:</span>
+ <span class="n">reference</span> <span class="o">=</span> <span class="n">random</span><span class="o">.</span><span class="n">sample</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'random'</span><span class="p">])</span>
+ <span class="k">else</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'</span><span class="si">{</span><span class="n">seq</span><span class="si">}</span><span class="s1"> - random requires an existing sequence to sample'</span><span class="p">)</span>
- # for a project or podling see if the logo exists w/HEAD and set the relative path.
- if 'logo' in sequence:
- print(f'logo: {sequence["logo"]}')
- if is_sequence:
- # determine the project or podling logo
- reference = add_logo(reference, sequence['logo'])
- if seq == 'featured_pods':
- # for podlings strip "Apache" from the beginning and "(incubating)" from the end.
- # this is Sally's request
- for item in reference:
- setattr(item, 'name', ' '.join(item.name.split(' ')[1:-1]))
- else:
- print(f'{seq} - logo requires an existing sequence')
+ <span class="c1"># for a project or podling see if the logo exists w/HEAD and set the relative path.</span>
+ <span class="k">if</span> <span class="s1">'logo'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'logo: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"logo"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">is_sequence</span><span class="p">:</span>
+ <span class="c1"># determine the project or podling logo</span>
+ <span class="n">reference</span> <span class="o">=</span> <span class="n">add_logo</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'logo'</span><span class="p">])</span>
+ <span class="k">if</span> <span class="n">seq</span> <span class="o">==</span> <span class="s1">'featured_pods'</span><span class="p">:</span>
+ <span class="c1"># for podlings strip "Apache" from the beginning and "(incubating)" from the end.</span>
+ <span class="c1"># this is Sally's request</span>
+ <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">reference</span><span class="p">:</span>
+ <span class="nb">setattr</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="s1">'name'</span><span class="p">,</span> <span class="s1">' '</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">item</span><span class="o">.</span><span class="n">name</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">' '</span><span class="p">)[</span><span class="mi">1</span><span class="p">:</span><span class="o">-</span><span class="mi">1</span><span class="p">]))</span>
+ <span class="k">else</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'</span><span class="si">{</span><span class="n">seq</span><span class="si">}</span><span class="s1"> - logo requires an existing sequence'</span><span class="p">)</span>
+</code></pre></div>
-</code></pre>
<p>Here is the detailed check to see if a project or podling logo is available.</p>
-<pre><code class="language-python"># add logo attribute with HEAD check for existence. If nonexistent use default.
-def add_logo(reference, part):
- # split between logo pattern and default.
- parts = part.split(',')
- for item in reference:
- # the logo pattern includes a place to insert the project/podling key
- logo = (parts[0].format(item.key_id))
- # HEAD request
- response = requests.head('https://www.apache.org/' + logo)
- if response.status_code != 200:
- # logo not found - use the default logo
- logo = parts[1]
- # save the logo path as an attribute
- setattr(item, 'logo', logo)
- return reference
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># add logo attribute with HEAD check for existence. If nonexistent use default.</span>
+<span class="k">def</span> <span class="nf">add_logo</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">part</span><span class="p">):</span>
+ <span class="c1"># split between logo pattern and default.</span>
+ <span class="n">parts</span> <span class="o">=</span> <span class="n">part</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">','</span><span class="p">)</span>
+ <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">reference</span><span class="p">:</span>
+ <span class="c1"># the logo pattern includes a place to insert the project/podling key</span>
+ <span class="n">logo</span> <span class="o">=</span> <span class="p">(</span><span class="n">parts</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">item</span><span class="o">.</span><span class="n">key_id</span><span class="p">))</span>
+ <span class="c1"># HEAD request</span>
+ <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="o">.</span><span class="n">head</span><span class="p">(</span><span class="s1">'https://www.apache.org/'</span> <span class="o">+</span> <span class="n">logo</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">status_code</span> <span class="o">!=</span> <span class="mi">200</span><span class="p">:</span>
+ <span class="c1"># logo not found - use the default logo</span>
+ <span class="n">logo</span> <span class="o">=</span> <span class="n">parts</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span>
+ <span class="c1"># save the logo path as an attribute</span>
+ <span class="nb">setattr</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="s1">'logo'</span><span class="p">,</span> <span class="n">logo</span><span class="p">)</span>
+ <span class="k">return</span> <span class="n">reference</span>
+</code></pre></div>
+
<h3>Project index</h3>
<p>At the bottom of the main page of the ASF site we display a project index that includes headings for each letter of the alphabet:</p>
-<pre><code class="language-yaml"> pl:
- # used on /
- description: 'Project List Columns'
- # base on projects sequence
- sequence: projects
- # split into 6 column sequence adding letters of the alphabet and putting httpd first
- split: 6
-</code></pre>
-<p>This code derives the sequences for the six columns in the display. The output metadata is <code>pl_0</code>, <code>pl_1</code>, <code>pl_2</code>, <code>pl_3</code>, <code>pl_4</code>, and <code>pl_5</code>:</p>
-<pre><code class="language-python"># split a list into equal sized columns. Adds letter breaks in the alphabetical sequence.
-def split_list(metadata, seq, reference, split):
- # copy sequence
- sequence = list(reference)
- # sort the copy
- sequence.sort(key=lambda x: (x.letter, x.display_name))
- # size of list
- size = len(sequence)
- # size of columns
- percol = int((size+26+split-1)/split)
- # positions
- start = nseq = nrow = 0
- letter = ' '
- # create each column
- for column in range(split):
- subsequence = [ ]
- end = min(size+26, start+percol)
- while nrow < end:
- if letter < sequence[nseq].letter:
- # new letter - add a letter break into the column. If a letter has no content it is skipped
- letter = sequence[nseq].letter
- subsequence.append(type(seq, (), { 'letter': letter, 'display_name': letter }))
- else:
- # add the project into the sequence
- subsequence.append(sequence[nseq])
- nseq = nseq+1
- nrow = nrow+1
- # save the column sequence in the metadata
- metadata[f'{seq}_{column}'] = subsequence
- start = end
- if nseq < size:
- print(f'WARNING: {seq} not all of sequence consumed: short {size-nseq} projects')
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="nt">pl</span><span class="p">:</span>
+<span class="w"> </span><span class="c1"># used on /</span>
+<span class="w"> </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="s">'Project</span><span class="nv"> </span><span class="s">List</span><span class="nv"> </span><span class="s">Columns'</span>
+<span class="w"> </span><span class="c1"># base on projects sequence</span>
+<span class="w"> </span><span class="nt">sequence</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">projects</span>
+<span class="w"> </span><span class="c1"># split into 6 column sequence adding letters of the alphabet and putting httpd first</span>
+<span class="w"> </span><span class="nt">split</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">6</span>
+</code></pre></div>
+
+<p>This code derives the sequences for the six columns in the display. The output metadata is <code>pl_0</code>, <code>pl_1</code>, <code>pl_2</code>, <code>pl_3</code>, <code>pl_4</code>, and <code>pl_5</code>: </p>
+<div class="highlight"><pre><span></span><code><span class="c1"># split a list into equal sized columns. Adds letter breaks in the alphabetical sequence.</span>
+<span class="k">def</span> <span class="nf">split_list</span><span class="p">(</span><span class="n">metadata</span><span class="p">,</span> <span class="n">seq</span><span class="p">,</span> <span class="n">reference</span><span class="p">,</span> <span class="n">split</span><span class="p">):</span>
+ <span class="c1"># copy sequence</span>
+ <span class="n">sequence</span> <span class="o">=</span> <span class="nb">list</span><span class="p">(</span><span class="n">reference</span><span class="p">)</span>
+ <span class="c1"># sort the copy</span>
+ <span class="n">sequence</span><span class="o">.</span><span class="n">sort</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="k">lambda</span> <span class="n">x</span><span class="p">:</span> <span class="p">(</span><span class="n">x</span><span class="o">.</span><span class="n">letter</span><span class="p">,</span> <span class="n">x</span><span class="o">.</span><span class="n">display_name</span><span class="p">))</span>
+ <span class="c1"># size of list</span>
+ <span class="n">size</span> <span class="o">=</span> <span class="nb">len</span><span class="p">(</span><span class="n">sequence</span><span class="p">)</span>
+ <span class="c1"># size of columns</span>
+ <span class="n">percol</span> <span class="o">=</span> <span class="nb">int</span><span class="p">((</span><span class="n">size</span><span class="o">+</span><span class="mi">26</span><span class="o">+</span><span class="n">split</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span><span class="o">/</span><span class="n">split</span><span class="p">)</span>
+ <span class="c1"># positions</span>
+ <span class="n">start</span> <span class="o">=</span> <span class="n">nseq</span> <span class="o">=</span> <span class="n">nrow</span> <span class="o">=</span> <span class="mi">0</span>
+ <span class="n">letter</span> <span class="o">=</span> <span class="s1">' '</span>
+ <span class="c1"># create each column</span>
+ <span class="k">for</span> <span class="n">column</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="n">split</span><span class="p">):</span>
+ <span class="n">subsequence</span> <span class="o">=</span> <span class="p">[</span> <span class="p">]</span>
+ <span class="n">end</span> <span class="o">=</span> <span class="nb">min</span><span class="p">(</span><span class="n">size</span><span class="o">+</span><span class="mi">26</span><span class="p">,</span> <span class="n">start</span><span class="o">+</span><span class="n">percol</span><span class="p">)</span>
+ <span class="k">while</span> <span class="n">nrow</span> <span class="o"><</span> <span class="n">end</span><span class="p">:</span>
+ <span class="k">if</span> <span class="n">letter</span> <span class="o"><</span> <span class="n">sequence</span><span class="p">[</span><span class="n">nseq</span><span class="p">]</span><span class="o">.</span><span class="n">letter</span><span class="p">:</span>
+ <span class="c1"># new letter - add a letter break into the column. If a letter has no content it is skipped</span>
+ <span class="n">letter</span> <span class="o">=</span> <span class="n">sequence</span><span class="p">[</span><span class="n">nseq</span><span class="p">]</span><span class="o">.</span><span class="n">letter</span>
+ <span class="n">subsequence</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="nb">type</span><span class="p">(</span><span class="n">seq</span><span class="p">,</span> <span class="p">(),</span> <span class="p">{</span> <span class="s1">'letter'</span><span class="p">:</span> <span class="n">letter</span><span class="p">,</span> <span class="s1">'display_name'</span><span class="p">:</span> <span class="n">letter</span> <span class="p">}))</span>
+ <span class="k">else</span><span class="p">:</span>
+ <span class="c1"># add the project into the sequence</span>
+ <span class="n">subsequence</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">sequence</span><span class="p">[</span><span class="n">nseq</span><span class="p">])</span>
+ <span class="n">nseq</span> <span class="o">=</span> <span class="n">nseq</span><span class="o">+</span><span class="mi">1</span>
+ <span class="n">nrow</span> <span class="o">=</span> <span class="n">nrow</span><span class="o">+</span><span class="mi">1</span>
+ <span class="c1"># save the column sequence in the metadata</span>
+ <span class="n">metadata</span><span class="p">[</span><span class="sa">f</span><span class="s1">'</span><span class="si">{</span><span class="n">seq</span><span class="si">}</span><span class="s1">_</span><span class="si">{</span><span class="n">column</span><span class="si">}</span><span class="s1">'</span><span class="p">]</span> <span class="o">=</span> <span class="n">subsequence</span>
+ <span class="n">start</span> <span class="o">=</span> <span class="n">end</span>
+ <span class="k">if</span> <span class="n">nseq</span> <span class="o"><</span> <span class="n">size</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'WARNING: </span><span class="si">{</span><span class="n">seq</span><span class="si">}</span><span class="s1"> not all of sequence consumed: short </span><span class="si">{</span><span class="n">size</span><span class="o">-</span><span class="n">nseq</span><span class="si">}</span><span class="s1"> projects'</span><span class="p">)</span>
+</code></pre></div>
+
<h2>Adding a data source</h2>
<p>Before you code to add a data source, evaluate which of the above patterns it fits.</p>
<ul>
@@ -620,148 +641,148 @@
<li>If it is a sequence of directives, does it need a new one?</li>
</ul>
<h3>Adding a custom data source</h3>
-<pre><code class="language-python"> # Lift data from ASF_DATA['data'] into METADATA
- if 'data' in asf_data:
- print(f'Processing {asf_data["data"]}')
- config_data = read_config(asf_data['data'])
- for key in config_data:
- # first check for data that is a singleton with special handling
- if key == 'eccn':
- # process eccn data
- fname = config_data[key]['file']
- metadata[key] = v = process_eccn(fname)
- if debug:
- print('ECCN V:', v)
- continue
+<div class="highlight"><pre><span></span><code> <span class="c1"># Lift data from ASF_DATA['data'] into METADATA</span>
+ <span class="k">if</span> <span class="s1">'data'</span> <span class="ow">in</span> <span class="n">asf_data</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'Processing </span><span class="si">{</span><span class="n">asf_data</span><span class="p">[</span><span class="s2">"data"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">config_data</span> <span class="o">=</span> <span class="n">read_config</span><span class="p">(</span><span class="n">asf_data</span><span class="p">[</span><span class="s1">'data'</span><span class="p">])</span>
+ <span class="k">for</span> <span class="n">key</span> <span class="ow">in</span> <span class="n">config_data</span><span class="p">:</span>
+ <span class="c1"># first check for data that is a singleton with special handling</span>
+ <span class="k">if</span> <span class="n">key</span> <span class="o">==</span> <span class="s1">'eccn'</span><span class="p">:</span>
+ <span class="c1"># process eccn data</span>
+ <span class="n">fname</span> <span class="o">=</span> <span class="n">config_data</span><span class="p">[</span><span class="n">key</span><span class="p">][</span><span class="s1">'file'</span><span class="p">]</span>
+ <span class="n">metadata</span><span class="p">[</span><span class="n">key</span><span class="p">]</span> <span class="o">=</span> <span class="n">v</span> <span class="o">=</span> <span class="n">process_eccn</span><span class="p">(</span><span class="n">fname</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">debug</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="s1">'ECCN V:'</span><span class="p">,</span> <span class="n">v</span><span class="p">)</span>
+ <span class="k">continue</span>
- if key == 'twitter':
- # process twitter data
- # if we decide to have multiple twitter feeds available then move next to blog below
- handle = config_data[key]['handle']
- count = config_data[key]['count']
- metadata[key] = v = process_twitter(handle, count)
- if debug:
- print('TWITTER V:', v)
- continue
-</code></pre>
+ <span class="k">if</span> <span class="n">key</span> <span class="o">==</span> <span class="s1">'twitter'</span><span class="p">:</span>
+ <span class="c1"># process twitter data</span>
+ <span class="c1"># if we decide to have multiple twitter feeds available then move next to blog below</span>
+ <span class="n">handle</span> <span class="o">=</span> <span class="n">config_data</span><span class="p">[</span><span class="n">key</span><span class="p">][</span><span class="s1">'handle'</span><span class="p">]</span>
+ <span class="n">count</span> <span class="o">=</span> <span class="n">config_data</span><span class="p">[</span><span class="n">key</span><span class="p">][</span><span class="s1">'count'</span><span class="p">]</span>
+ <span class="n">metadata</span><span class="p">[</span><span class="n">key</span><span class="p">]</span> <span class="o">=</span> <span class="n">v</span> <span class="o">=</span> <span class="n">process_twitter</span><span class="p">(</span><span class="n">handle</span><span class="p">,</span> <span class="n">count</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">debug</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="s1">'TWITTER V:'</span><span class="p">,</span> <span class="n">v</span><span class="p">)</span>
+ <span class="k">continue</span>
+</code></pre></div>
+
<p>For a custom singletons add your call to your new process_X code here, following the pattern for ECCN or Twitter.</p>
-<pre><code class="language-python"> value = config_data[key]
- if isinstance(value, dict):
- # dictionaries may have multiple data structures that are processed with a sequence of actions
- # into multiple sequences and dictionaries.
- print(f'-----\n{key} creates one or more sequences')
- if debug:
- print(value)
- # special cases that are multiple are processed first
- if 'blog' in value:
- # process blog feed
- feed = config_data[key]['blog']
- count = config_data[key]['count']
- metadata[key] = v = process_blog(feed, count, debug)
- if debug:
- print('BLOG V:', v)
- continue
-</code></pre>
+<div class="highlight"><pre><span></span><code> <span class="n">value</span> <span class="o">=</span> <span class="n">config_data</span><span class="p">[</span><span class="n">key</span><span class="p">]</span>
+ <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">value</span><span class="p">,</span> <span class="nb">dict</span><span class="p">):</span>
+ <span class="c1"># dictionaries may have multiple data structures that are processed with a sequence of actions</span>
+ <span class="c1"># into multiple sequences and dictionaries.</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'-----</span><span class="se">\n</span><span class="si">{</span><span class="n">key</span><span class="si">}</span><span class="s1"> creates one or more sequences'</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">debug</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="n">value</span><span class="p">)</span>
+ <span class="c1"># special cases that are multiple are processed first</span>
+ <span class="k">if</span> <span class="s1">'blog'</span> <span class="ow">in</span> <span class="n">value</span><span class="p">:</span>
+ <span class="c1"># process blog feed</span>
+ <span class="n">feed</span> <span class="o">=</span> <span class="n">config_data</span><span class="p">[</span><span class="n">key</span><span class="p">][</span><span class="s1">'blog'</span><span class="p">]</span>
+ <span class="n">count</span> <span class="o">=</span> <span class="n">config_data</span><span class="p">[</span><span class="n">key</span><span class="p">][</span><span class="s1">'count'</span><span class="p">]</span>
+ <span class="n">metadata</span><span class="p">[</span><span class="n">key</span><span class="p">]</span> <span class="o">=</span> <span class="n">v</span> <span class="o">=</span> <span class="n">process_blog</span><span class="p">(</span><span class="n">feed</span><span class="p">,</span> <span class="n">count</span><span class="p">,</span> <span class="n">debug</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">debug</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="s1">'BLOG V:'</span><span class="p">,</span> <span class="n">v</span><span class="p">)</span>
+ <span class="k">continue</span>
+</code></pre></div>
+
<p>For custom non-singletons add your call to your new process_X code here, following the pattern for a blog feed.</p>
<h3>Adding a directive to the sequence process</h3>
<p>If you are adding a directive, add it to <code>process_sequence</code> in the place you need it (process order can matter):</p>
-<pre><code class="language-python"># process sequencing transformations to the data source
-def process_sequence(metadata, seq, sequence, load, debug):
- reference = load
- # has been converted to a sequence
- is_sequence = False
- # has been converted to a dictionary - won't be made into a sequence
- is_dictionary = False
- # save metadata at the end
- save_metadata = True
+<div class="highlight"><pre><span></span><code><span class="c1"># process sequencing transformations to the data source</span>
+<span class="k">def</span> <span class="nf">process_sequence</span><span class="p">(</span><span class="n">metadata</span><span class="p">,</span> <span class="n">seq</span><span class="p">,</span> <span class="n">sequence</span><span class="p">,</span> <span class="n">load</span><span class="p">,</span> <span class="n">debug</span><span class="p">):</span>
+ <span class="n">reference</span> <span class="o">=</span> <span class="n">load</span>
+ <span class="c1"># has been converted to a sequence</span>
+ <span class="n">is_sequence</span> <span class="o">=</span> <span class="kc">False</span>
+ <span class="c1"># has been converted to a dictionary - won't be made into a sequence</span>
+ <span class="n">is_dictionary</span> <span class="o">=</span> <span class="kc">False</span>
+ <span class="c1"># save metadata at the end</span>
+ <span class="n">save_metadata</span> <span class="o">=</span> <span class="kc">True</span>
- # description
- if 'description' in sequence:
- print(f'{seq}: {sequence["description"]}')
+ <span class="c1"># description</span>
+ <span class="k">if</span> <span class="s1">'description'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'</span><span class="si">{</span><span class="n">seq</span><span class="si">}</span><span class="s1">: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"description"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
- # select sub dictionary
- if 'path' in sequence:
- print(f'path: {sequence["path"]}')
- parts = sequence['path'].split('.')
- for part in parts:
- reference = reference[part]
+ <span class="c1"># select sub dictionary</span>
+ <span class="k">if</span> <span class="s1">'path'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'path: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"path"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">parts</span> <span class="o">=</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'path'</span><span class="p">]</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">'.'</span><span class="p">)</span>
+ <span class="k">for</span> <span class="n">part</span> <span class="ow">in</span> <span class="n">parts</span><span class="p">:</span>
+ <span class="n">reference</span> <span class="o">=</span> <span class="n">reference</span><span class="p">[</span><span class="n">part</span><span class="p">]</span>
- # filter dictionary by attribute value. if filter is false discard
- if 'where' in sequence:
- print(f'where: {sequence["where"]}')
- where_parts(reference, sequence['where'])
+ <span class="c1"># filter dictionary by attribute value. if filter is false discard</span>
+ <span class="k">if</span> <span class="s1">'where'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'where: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"where"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">where_parts</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'where'</span><span class="p">])</span>
- # remove irrelevant keys
- if 'trim' in sequence:
- print(f'trim: {sequence["trim"]}')
- parts = sequence['trim'].split(',')
- for part in parts:
- remove_part(reference, part)
+ <span class="c1"># remove irrelevant keys</span>
+ <span class="k">if</span> <span class="s1">'trim'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'trim: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"trim"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">parts</span> <span class="o">=</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'trim'</span><span class="p">]</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">','</span><span class="p">)</span>
+ <span class="k">for</span> <span class="n">part</span> <span class="ow">in</span> <span class="n">parts</span><span class="p">:</span>
+ <span class="n">remove_part</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">part</span><span class="p">)</span>
- # transform roster and chair patterns
- if 'asfid' in sequence:
- print(f'asfid: {sequence["asfid"]}')
- asfid_part(reference, sequence['asfid'])
+ <span class="c1"># transform roster and chair patterns</span>
+ <span class="k">if</span> <span class="s1">'asfid'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'asfid: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"asfid"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">asfid_part</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'asfid'</span><span class="p">])</span>
- # add first letter of alphabetic categories
- if 'alpha' in sequence:
- print(f'alpha: {sequence["alpha"]}')
- alpha_part(reference, sequence['alpha'])
+ <span class="c1"># add first letter of alphabetic categories</span>
+ <span class="k">if</span> <span class="s1">'alpha'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'alpha: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"alpha"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">alpha_part</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'alpha'</span><span class="p">])</span>
- # this dictionary is derived from sub-dictionaries
- if 'dictionary' in sequence:
- print(f'dictionary: {sequence["dictionary"]}')
- reference = { }
- paths = sequence['dictionary'].split(',')
- # create a dictionary from the keys in one or more sub-dictionaries
- for path in paths:
- for key in load[path]:
- reference[key] = load[path][key]
- # dictionary result, do not sequence
- is_dictionary = True
+ <span class="c1"># this dictionary is derived from sub-dictionaries</span>
+ <span class="k">if</span> <span class="s1">'dictionary'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'dictionary: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"dictionary"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">reference</span> <span class="o">=</span> <span class="p">{</span> <span class="p">}</span>
+ <span class="n">paths</span> <span class="o">=</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'dictionary'</span><span class="p">]</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">','</span><span class="p">)</span>
+ <span class="c1"># create a dictionary from the keys in one or more sub-dictionaries</span>
+ <span class="k">for</span> <span class="n">path</span> <span class="ow">in</span> <span class="n">paths</span><span class="p">:</span>
+ <span class="k">for</span> <span class="n">key</span> <span class="ow">in</span> <span class="n">load</span><span class="p">[</span><span class="n">path</span><span class="p">]:</span>
+ <span class="n">reference</span><span class="p">[</span><span class="n">key</span><span class="p">]</span> <span class="o">=</span> <span class="n">load</span><span class="p">[</span><span class="n">path</span><span class="p">][</span><span class="n">key</span><span class="p">]</span>
+ <span class="c1"># dictionary result, do not sequence</span>
+ <span class="n">is_dictionary</span> <span class="o">=</span> <span class="kc">True</span>
- # this sequence is derived from another sequence
- if 'sequence' in sequence:
- print(f'sequence: {sequence["sequence"]}')
- reference = metadata[sequence['sequence']]
- # sequences derived from prior sequences do not need to be converted to a sequence
- is_sequence = True
+ <span class="c1"># this sequence is derived from another sequence</span>
+ <span class="k">if</span> <span class="s1">'sequence'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'sequence: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"sequence"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="n">reference</span> <span class="o">=</span> <span class="n">metadata</span><span class="p">[</span><span class="n">sequence</span><span class="p">[</span><span class="s1">'sequence'</span><span class="p">]]</span>
+ <span class="c1"># sequences derived from prior sequences do not need to be converted to a sequence</span>
+ <span class="n">is_sequence</span> <span class="o">=</span> <span class="kc">True</span>
- # this sequence is a random sample of another sequence
- if 'random' in sequence:
- print(f'random: {sequence["random"]}')
- if is_sequence:
- reference = random.sample(reference, sequence['random'])
- else:
- print(f'{seq} - random requires an existing sequence to sample')
+ <span class="c1"># this sequence is a random sample of another sequence</span>
+ <span class="k">if</span> <span class="s1">'random'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'random: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"random"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">is_sequence</span><span class="p">:</span>
+ <span class="n">reference</span> <span class="o">=</span> <span class="n">random</span><span class="o">.</span><span class="n">sample</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'random'</span><span class="p">])</span>
+ <span class="k">else</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'</span><span class="si">{</span><span class="n">seq</span><span class="si">}</span><span class="s1"> - random requires an existing sequence to sample'</span><span class="p">)</span>
- # for a project or podling see if the logo exists w/HEAD and set the relative path.
- if 'logo' in sequence:
- print(f'logo: {sequence["logo"]}')
- if is_sequence:
- # determine the project or podling logo
- reference = add_logo(reference, sequence['logo'])
- if seq == 'featured_pods':
- # for podlings strip "Apache" from the beginning and "(incubating)" from the end.
- # this is Sally's request
- for item in reference:
- setattr(item, 'name', ' '.join(item.name.split(' ')[1:-1]))
- else:
- print(f'{seq} - logo requires an existing sequence')
+ <span class="c1"># for a project or podling see if the logo exists w/HEAD and set the relative path.</span>
+ <span class="k">if</span> <span class="s1">'logo'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'logo: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"logo"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">is_sequence</span><span class="p">:</span>
+ <span class="c1"># determine the project or podling logo</span>
+ <span class="n">reference</span> <span class="o">=</span> <span class="n">add_logo</span><span class="p">(</span><span class="n">reference</span><span class="p">,</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'logo'</span><span class="p">])</span>
+ <span class="k">if</span> <span class="n">seq</span> <span class="o">==</span> <span class="s1">'featured_pods'</span><span class="p">:</span>
+ <span class="c1"># for podlings strip "Apache" from the beginning and "(incubating)" from the end.</span>
+ <span class="c1"># this is Sally's request</span>
+ <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">reference</span><span class="p">:</span>
+ <span class="nb">setattr</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="s1">'name'</span><span class="p">,</span> <span class="s1">' '</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">item</span><span class="o">.</span><span class="n">name</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">' '</span><span class="p">)[</span><span class="mi">1</span><span class="p">:</span><span class="o">-</span><span class="mi">1</span><span class="p">]))</span>
+ <span class="k">else</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'</span><span class="si">{</span><span class="n">seq</span><span class="si">}</span><span class="s1"> - logo requires an existing sequence'</span><span class="p">)</span>
- # this sequence is a sorted list divided into multiple columns
- if 'split' in sequence:
- print(f'split: {sequence["split"]}')
- if is_sequence:
- # create a sequence for each column
- split_list(metadata, seq, reference, sequence['split'])
- # created column sequences are already saved to metadata so do not do so later
- save_metadata = False
- else:
- print(f'{seq} - split requires an existing sequence to split')
-
-</code></pre>
-
+ <span class="c1"># this sequence is a sorted list divided into multiple columns</span>
+ <span class="k">if</span> <span class="s1">'split'</span> <span class="ow">in</span> <span class="n">sequence</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'split: </span><span class="si">{</span><span class="n">sequence</span><span class="p">[</span><span class="s2">"split"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
+ <span class="k">if</span> <span class="n">is_sequence</span><span class="p">:</span>
+ <span class="c1"># create a sequence for each column</span>
+ <span class="n">split_list</span><span class="p">(</span><span class="n">metadata</span><span class="p">,</span> <span class="n">seq</span><span class="p">,</span> <span class="n">reference</span><span class="p">,</span> <span class="n">sequence</span><span class="p">[</span><span class="s1">'split'</span><span class="p">])</span>
+ <span class="c1"># created column sequences are already saved to metadata so do not do so later</span>
+ <span class="n">save_metadata</span> <span class="o">=</span> <span class="kc">False</span>
+ <span class="k">else</span><span class="p">:</span>
+ <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'</span><span class="si">{</span><span class="n">seq</span><span class="si">}</span><span class="s1"> - split requires an existing sequence to split'</span><span class="p">)</span>
+</code></pre></div>
</div>
</div>
</div>
diff --git a/output/asf-pelican-gettingstarted.html b/output/asf-pelican-gettingstarted.html
index 5afecf2..7761a2f 100644
--- a/output/asf-pelican-gettingstarted.html
+++ b/output/asf-pelican-gettingstarted.html
@@ -79,30 +79,30 @@
<p>First, review the <a href="https://github.com/apache/template-site" target="_blank">code repository for ASF-Pelican</a> to confirm that it provides the features your project site needs. The template builds a copy of the full Apaches Software Foundation website, which has features your site does not need, and lacks features, such as a download page for product releases, that you will need to add.</p>
<p>If you wish to try out the template:</p>
<ol>
-<li>Using <a href="https://selfserve.apache.org/" target="_blank">self-serve</a>, create a new repo for the code and resources for your project’s website.</li>
+<li>Using <a href="https://selfserve.apache.org/" target="_blank">self-serve</a>, create a new repo for the code and resources for your project’s website.</li>
<li>Clone the empty repo to a location on your computer.</li>
<li>Download the <a href="https://github.com/apache/infrastructure-website/archive/refs/heads/master.zip">template zipfile</a>.</li>
<li>Unzip <code>master.zip</code> and copy <code>infrastructure-website-master/*</code> to the root of your new repository.</li>
<li>Configure <a href="asf-yaml.html">.asf.yaml</a>.</li>
</ol>
-<pre><code>pelican:
- notify: EMAIL of a person on your team to receive error messages related to Pelican
- autobuild: preview/*
- target: YOUR SITE'S GENERATED CONTENT BRANCH
- theme: theme/apache
- whoami: main
+<div class="highlight"><pre><span></span><code><span class="n">pelican</span><span class="o">:</span>
+<span class="w"> </span><span class="n">notify</span><span class="o">:</span><span class="w"> </span><span class="n">EMAIL</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">person</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="n">team</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">receive</span><span class="w"> </span><span class="n">error</span><span class="w"> </span><span class="n">messages</span><span class="w"> </span><span class="n">related</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">Pelican</span>
+<span class="w"> </span><span class="n">autobuild</span><span class="o">:</span><span class="w"> </span><span class="n">preview</span><span class="o">/*</span>
+<span class="w"> </span><span class="n">target</span><span class="o">:</span><span class="w"> </span><span class="n">YOUR</span><span class="w"> </span><span class="n">SITE</span><span class="s1">'S GENERATED CONTENT BRANCH</span>
+<span class="s1"> theme: theme/apache</span>
+<span class="s1"> whoami: main</span>
-staging:
- profile: ~
- whoami: YOUR SITE'S GENERATED CONTENT BRANCH
- autostage: preview/*
-</code></pre>
-<ol start="6">
+<span class="s1">staging:</span>
+<span class="s1"> profile: ~</span>
+<span class="s1"> whoami: YOUR SITE'</span><span class="n">S</span><span class="w"> </span><span class="n">GENERATED</span><span class="w"> </span><span class="n">CONTENT</span><span class="w"> </span><span class="n">BRANCH</span>
+<span class="w"> </span><span class="n">autostage</span><span class="o">:</span><span class="w"> </span><span class="n">preview</span><span class="o">/*</span>
+</code></pre></div>
+
+<ol>
<li>Configure <a href="https://infra.apache.org/asf-pelican-config.html" target="_blank">pelicanconf.yaml</a>.</li>
<li>Commit and push your new website repository. This should trigger the automatic build to staging (<code>REPONAME.staged.apache.org</code>).</li>
<li>Review the site to confirm that the template materials display and function correctly.</li>
-<li>Add your own content, updating, replacing, and removing template content elements as appropriate. With each commit / push of content, visit the staging site to confirm that the site displays as you expect it to.
-<ul>
+<li>Add your own content, updating, replacing, and removing template content elements as appropriate. With each commit / push of content, visit the staging site to confirm that the site displays as you expect it to.<ul>
<li><code>.md</code> files support GitHub Flavored Markdown (<a href="gfm.html"><strong>gfm</strong></a>) and html.</li>
<li><code>.ezmd</code> files are for templates using <code>ASF_DATA</code>. .ezmd is a markdown extension of <a href="https://github.com/gstein/ezt/blob/wiki/Syntax.md" target="_blank">EZT</a>. It lets you embed ezt inside markdown with modifications to simplify the process of fetching generated/external data.</li>
</ul>
@@ -112,39 +112,37 @@
<li>When you are ready to publish the site, create a pull request to merge the content in staging into the trunk of the repo. That will trigger a build of the live site.</li>
<li>Visit <code>YourProject.apache.org</code> after every update to make sure it displays and functions correctly.</li>
</ol>
-<p><strong>Note</strong>: we strongly suggest that you do your site development in a <a href="apache-pelican-branches.html">branch</a> rather than the trunk of the repository, and then merge the branch into the trunk when you are sure that everything is working as you would like it. Each commit to the trunk triggers an automatic build to update your live site; this is great for trivial changes like correcting typos, but more of a challenge if you are making major changes and it turns out that there is an error in your code that disables your live site.</p>
+<p><strong>Note</strong>: we strongly suggest that you do your site development in a <a href="apache-pelican-branches.html">branch</a> rather than the trunk of the repository, and then merge the branch into the trunk when you are sure that everything is working as you would like it. Each commit to the trunk triggers an automatic build to update your live site; this is great for trivial changes like correcting typos, but more of a challenge if you are making major changes and it turns out that there is an error in your code that disables your live site. </p>
<h3>Frameworks</h3>
<p>The example has the following frameworks.</p>
-<pre><code> - JavaScript:
+<div class="highlight"><pre><span></span><code> - JavaScript:
- [JQuery 3.6.0 Slim](https://code.jquery.com/jquery-3.6.0.slim.js)
- [Popper 1.14.7](https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.js)
- [Bootstrap 4.3.1](https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.js)
- CSS:
- [Bootstrap 4.3.1](https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.css)
- [GitHub Markdown 3.0.1](https://cdnjs.cloudflare.com/ajax/libs/github-markdown-css/3.0.1/github-markdown.css)
-</code></pre>
+</code></pre></div>
+
<p>For fenced code highlighting, consider <a href="https://highlightjs.org" target="_blank">highlightjs</a>.</p>
<h3>Data model</h3>
<p>Determine whether your site requires a <a href="asf-pelican-data.html">data model</a>.</p>
<p>The <code>.ezmd</code> files in the template's <code>content</code> directory show examples, and <a href="https://github.com/apache/template-site/blob/main/asfdata.yaml" target="_blank">asfdata.yaml</a> has many examples.</p>
-<p>Remove the following if you do not need a data model:</p>
-<ul>
-<li><code>asfdata.yaml</code></li>
-<li><code>data/eccn</code> directory</li>
-</ul>
+<p>Remove the following if you do not need a data model:
+ - <code>asfdata.yaml</code>
+ - <code>data/eccn</code> directory</p>
<h2>Issues and template questions</h2>
<p>Please let us know if you run into <a href="https://github.com/apache/template-site/issues">issues</a> with the template.</p>
<h2>Earlier versions</h2>
<p>Earlier versions of this template made use of a <code>pelicanconf.py</code> configuration file. The current version uses <code>.asf.yaml</code> and <code>pelicanconf.yaml</code>, as noted above. We retain the earlier instruction for the projects using the earlier version of the template; however, any project starting with the template now should use the files and instructions noted above.</p>
-<pre><code> Edit the `pelicanconf.py` configuration file:
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="n">Edit</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n n-Quoted">`pelicanconf.py`</span><span class="w"> </span><span class="n">configuration</span><span class="w"> </span><span class="k">file</span><span class="o">:</span>
- - Website specific
- - `PLUGINS`
- - `ASF_DATA` - `asfdata.py` plugin settings
- - `ASF_GENID` - `asfgenid.py` plugin settings
- `asfgenid.py` performs a series of html fixups including permalinks, heading ids, and table of contents
-</code></pre>
-
+<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">Website</span><span class="w"> </span><span class="k">specific</span>
+<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n n-Quoted">`PLUGINS`</span>
+<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n n-Quoted">`ASF_DATA`</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n n-Quoted">`asfdata.py`</span><span class="w"> </span><span class="k">plugin</span><span class="w"> </span><span class="k">set</span><span class="n">tings</span>
+<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n n-Quoted">`ASF_GENID`</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n n-Quoted">`asfgenid.py`</span><span class="w"> </span><span class="k">plugin</span><span class="w"> </span><span class="k">set</span><span class="n">tings</span>
+<span class="w"> </span><span class="n n-Quoted">`asfgenid.py`</span><span class="w"> </span><span class="n">performs</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">series</span><span class="w"> </span><span class="k">of</span><span class="w"> </span><span class="n">html</span><span class="w"> </span><span class="n">fixups</span><span class="w"> </span><span class="n">including</span><span class="w"> </span><span class="n">permalinks</span><span class="p">,</span><span class="w"> </span><span class="n">heading</span><span class="w"> </span><span class="n">ids</span><span class="p">,</span><span class="w"> </span><span class="k">and</span><span class="w"> </span><span class="k">table</span><span class="w"> </span><span class="k">of</span><span class="w"> </span><span class="n">contents</span>
+</code></pre></div>
</div>
</div>
</div>
diff --git a/output/asf-pelican-local.html b/output/asf-pelican-local.html
index 80f7bc9..af399a9 100644
--- a/output/asf-pelican-local.html
+++ b/output/asf-pelican-local.html
@@ -76,20 +76,17 @@
<p>Once your infrastructure-pelican site is deployed to GitHub, you can easily edit it locally in a clone of the GitHub repo, and test your changes locally (on OSX or Linux) before uploading them to GitHub. Once you upload the changes, the CI/CD system will automatically use them to update the project website (depending on your configuration, the update will go either to a staging area or to the live site).</p>
<p><strong>Note</strong>: the tool mentioned below <em>may</em> work on <a href="https://docs.microsoft.com/en-us/windows/wsl/about" target="_blank">WSL</a> or <a href="https://www.cygwin.com/" target="_blank">cygwin</a>, but will <strong>not</strong> work under native Windows.</p>
<h2>Preparation</h2>
-<p>Make sure you have installed:</p>
-<ul>
-<li>cmake</li>
-<li>python3 or greater</li>
-<li>pip3</li>
-</ul>
-<p>Download the <a href="https://raw.githubusercontent.com/apache/infrastructure-pelican/master/bin/local-pelican-site.sh">automatic build tool</a>, and run it, providing the name of your GitHub website repo.</p>
+<p>Make sure you have installed:
+ - cmake
+ - python3 or greater
+ - pip3</p>
+<p>Download the <a href="https://raw.githubusercontent.com/apache/infrastructure-pelican/master/bin/local-pelican-site.sh">automatic build tool</a>, and run it, providing the name of your GitHub website repo. </p>
<p>Example:</p>
<p><code>./local-pelican-website.sh infrastructure-website</code></p>
-<p>Once the process has completed, you should be able to see the rendered site by opening a web browser to <a href="http://localhost:8000/">http://localhost:8000/</a>.</p>
+<p>Once the process has completed, you should be able to see the rendered site by opening a web browser to http://localhost:8000/.</p>
<h2>Use</h2>
<p>After you have done local edits on the source files for the website, you can test them locally by running the script again as above.</p>
<p>When you are satisfied that your edits are correct, merge them into the online repository with a pull request. That will trigger an update to the staging or live locations, depending on how you have configured the .asf.yaml file.</p>
-
</div>
</div>
</div>
diff --git a/output/asf-pelican-plugins.html b/output/asf-pelican-plugins.html
index 30d8cf4..d978b6e 100644
--- a/output/asf-pelican-plugins.html
+++ b/output/asf-pelican-plugins.html
@@ -81,74 +81,75 @@
<p>Here is a high-level review of the sequence of events:</p>
<h2>Pelican settings</h2>
<p>Settings for a Pelican build are in your Pelican configuration file, <code>pelicanconf.py</code>. Here is where you list the plugins you are using.</p>
-<pre><code class="language-python">PLUGIN_PATHS = ['./theme/plugins']
-PLUGINS = ['asfgenid', 'asfdata', 'pelican-gfm', 'asfreader']
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">PLUGIN_PATHS</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'./theme/plugins'</span><span class="p">]</span>
+<span class="n">PLUGINS</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'asfgenid'</span><span class="p">,</span> <span class="s1">'asfdata'</span><span class="p">,</span> <span class="s1">'pelican-gfm'</span><span class="p">,</span> <span class="s1">'asfreader'</span><span class="p">]</span>
+</code></pre></div>
+
<h2>Initialization</h2>
<p>At initialization, Pelican reads any ASF_DATA into a metadata dictionary that is available in every page in the site.</p>
<ul>
<li>The plugin <code>.asfdata.py</code> reads an <code>.asfdata.yaml</code> file and creates the metadata dictionary.</li>
</ul>
-<pre><code class="language-python">ASF_DATA_YAML = ".asfdata.yaml"
-ASF_DATA = {
- 'data': ASF_DATA_YAML,
- 'metadata': { },
- 'debug': True
-}
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">ASF_DATA_YAML</span> <span class="o">=</span> <span class="s2">".asfdata.yaml"</span>
+<span class="n">ASF_DATA</span> <span class="o">=</span> <span class="p">{</span>
+ <span class="s1">'data'</span><span class="p">:</span> <span class="n">ASF_DATA_YAML</span><span class="p">,</span>
+ <span class="s1">'metadata'</span><span class="p">:</span> <span class="p">{</span> <span class="p">},</span>
+ <span class="s1">'debug'</span><span class="p">:</span> <span class="kc">True</span>
+<span class="p">}</span>
+</code></pre></div>
+
<ul>
<li>The asfgenid plugin <code>./asfgenid.py</code> configures the site's features.</li>
</ul>
-<pre><code class="language-python"># Configure the asfgenid plugin
-ASF_GENID = {
- 'metadata': True,
- 'elements': True,
- 'headings': True,
- 'headings_re': r'^h[1-4]',
- 'permalinks': True,
- 'toc': True,
- 'toc_headers': r"h[1-4]",
- 'tables': True,
- 'debug': False
-}
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c1"># Configure the asfgenid plugin</span>
+<span class="n">ASF_GENID</span> <span class="o">=</span> <span class="p">{</span>
+ <span class="s1">'metadata'</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
+ <span class="s1">'elements'</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
+ <span class="s1">'headings'</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
+ <span class="s1">'headings_re'</span><span class="p">:</span> <span class="sa">r</span><span class="s1">'^h[1-4]'</span><span class="p">,</span>
+ <span class="s1">'permalinks'</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
+ <span class="s1">'toc'</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
+ <span class="s1">'toc_headers'</span><span class="p">:</span> <span class="sa">r</span><span class="s2">"h[1-4]"</span><span class="p">,</span>
+ <span class="s1">'tables'</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
+ <span class="s1">'debug'</span><span class="p">:</span> <span class="kc">False</span>
+<span class="p">}</span>
+</code></pre></div>
+
<h2>Readers (readers_init)</h2>
<p>The system sets two important readers at this point. Readers are responsible for transforming page files to html and
providing a metadata dictionary.</p>
<ul>
-<li>GFMReader by the pelican-gfm plugin. This code is in a private repository - ask Infra. Transforms GitHub Flavored Markdown(GFM) to HTML.</li>
-</ul>
-<ul>
-<li>.md</li>
+<li>
+<p>GFMReader by the pelican-gfm plugin. This code is in a private repository - ask Infra. Transforms GitHub Flavored Markdown(GFM) to HTML.</p>
+</li>
+<li>
+<p>.md</p>
+</li>
<li>.markdown</li>
<li>.mkd</li>
-<li>.mdown</li>
-</ul>
-<ul>
+<li>
+<p>.mdown</p>
+</li>
<li>
<p><code>ASFReader,</code>.asfreader.py) transforms an <a href="https://github.com/gstein/ezt" target="_blank">ezt template</a> into GFM and then to HTML.</p>
-<ul>
-<li>.ezmd</li>
-</ul>
+</li>
+<li>
+<p>.ezmd</p>
</li>
</ul>
<h2>Content init (content_object_init)</h2>
<p>This is signaled after a reader has processed the site's content. At this point plugins can review, record, and transform the html content.</p>
<ul>
-<li>The asfgenid plugin, <code>./asfgenid.py</code>, performs a number of steps. Some of the steps are optional.
-<ul>
+<li>The asfgenid plugin, <code>./asfgenid.py</code>, performs a number of steps. Some of the steps are optional.</li>
<li>Metadata transformation by looking up {{ key_expression }} in the page metadata.</li>
<li>Inventory of existing ID attributes.</li>
<li>Set ID and class attributes specified by {#id} and {.class} syntax.</li>
<li>Assign an ID to any headings without IDs.</li>
<li>Insert a table of contents if a [TOC] tag is present.</li>
</ul>
-</li>
-</ul>
<h2>Apache CMS</h2>
-<p>Many projects had their websites served by the Apache CMS from 2010. It was deprecated in 2021. The CMS was written in Perl. We have a new approach that fits Pelican.</p>
+<p>Many projects had their websites served by the Apache CMS from 2010. It was deprecated in 2021. The CMS was written in Perl. We have a new approach that fits Pelican. </p>
<p>If you want to look into the old CMS process, its <a href="http://svn.apache.org/viewvc/infrastructure/site/trunk/lib/views" target="_blank">Subversion repository and history</a> remain available.</p>
-
</div>
</div>
</div>
diff --git a/output/asf-pelican-theme.html b/output/asf-pelican-theme.html
index 69e8370..5b1cda4 100644
--- a/output/asf-pelican-theme.html
+++ b/output/asf-pelican-theme.html
@@ -91,7 +91,7 @@
There are site- or template-specific overrides to the stylesheet frameworks, but these are not done as Pelican specifies.</p>
<ul>
<li><code>styles.css</code> - consists of custom site CSS overrides. Edit as needed. Here we include the CSS for the ASF permalink style.
-This file is in the same directory as the html and is included inline with <code>{% include "styles.css" %}</code>.</li>
+ This file is in the same directory as the html and is included inline with <code>{% include "styles.css" %}</code>.</li>
</ul>
<h2>Page metadata</h2>
<p>This theme uses the following metadata:</p>
@@ -101,45 +101,46 @@
</li>
<li>
<p>Notice. This is notice text, which is typically a link to the license.</p>
-<p><code>{% if page.notice %}<!-- {{ page.notice }} -->{% endif %}</code></p>
</li>
+</ul>
+<p><code>{% if page.notice %}<!-- {{ page.notice }} -->{% endif %}</code></p>
+<ul>
<li>
<p>License. This is an alternative to Notice.</p>
</li>
<li>
<p>bodytag. This adds attributes to the <code><body></code> element.
-This is allows the main <code>index.ezmd</code> to have the same template, but with a different layout.</p>
-<p><code><body{% if page.bodytag %} {{ page.bodytag }}{% endif %} ></code></p>
+ This is allows the main <code>index.ezmd</code> to have the same template, but with a different layout.</p>
</li>
</ul>
+<p><code><body{% if page.bodytag %} {{ page.bodytag }}{% endif %} ></code> </p>
<h2>Pelican settings</h2>
<p>Manage Pelican settings in the <a href="https://github.com/apache/template-site/blob/main/pelicanconf.yaml" target="_blank">pelicanconf.yaml</a> file at the top level of the template.</p>
<p>Some important settings:</p>
-<pre><code>
-site:
- name: NAME OF YOUR SITE
- description: DESCRIPTION OF YOUR SITE
- domain: YOURSITE.apache.org
- logo: images/logo.png
- repository: https://github.com/apache/YOUR_REPO/blob/main/content/
- trademarks: Apache, the Apache feather logo, and "Project" are trademarks or registered trademarks
-
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">site</span><span class="o">:</span>
+<span class="w"> </span><span class="n">name</span><span class="o">:</span><span class="w"> </span><span class="n">NAME</span><span class="w"> </span><span class="n">OF</span><span class="w"> </span><span class="n">YOUR</span><span class="w"> </span><span class="n">SITE</span>
+<span class="w"> </span><span class="n">description</span><span class="o">:</span><span class="w"> </span><span class="n">DESCRIPTION</span><span class="w"> </span><span class="n">OF</span><span class="w"> </span><span class="n">YOUR</span><span class="w"> </span><span class="n">SITE</span>
+<span class="w"> </span><span class="n">domain</span><span class="o">:</span><span class="w"> </span><span class="n">YOURSITE</span><span class="o">.</span><span class="na">apache</span><span class="o">.</span><span class="na">org</span>
+<span class="w"> </span><span class="n">logo</span><span class="o">:</span><span class="w"> </span><span class="n">images</span><span class="o">/</span><span class="n">logo</span><span class="o">.</span><span class="na">png</span>
+<span class="w"> </span><span class="n">repository</span><span class="o">:</span><span class="w"> </span><span class="n">https</span><span class="o">://</span><span class="n">github</span><span class="o">.</span><span class="na">com</span><span class="sr">/apache/YOUR_REPO/blob/main/content/</span>
+<span class="w"> </span><span class="n">trademarks</span><span class="o">:</span><span class="w"> </span><span class="n">Apache</span><span class="o">,</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">Apache</span><span class="w"> </span><span class="n">feather</span><span class="w"> </span><span class="n">logo</span><span class="o">,</span><span class="w"> </span><span class="n">and</span><span class="w"> </span><span class="s2">"Project"</span><span class="w"> </span><span class="n">are</span><span class="w"> </span><span class="n">trademarks</span><span class="w"> </span><span class="n">or</span><span class="w"> </span><span class="n">registered</span><span class="w"> </span><span class="n">trademarks</span>
+</code></pre></div>
+
<h2>Pelican theme</h2>
<p>This is a <a href="https://docs.getpelican.com/en/latest/themes.html">custom theme</a>. Pelican templates use <a href="https://jinja.palletsprojects.com/en/3.0.x/">Jinja</a>.</p>
-<hr/>
+<hr />
+
<h3>Pelican variables set in pelicanconf.py</h3>
<p><strong>Note</strong>: early users of this template worked with <code>pelicanconf.py</code>, which is not part of the latest release. This information is for their convenience.</p>
-<pre><code class="language-python">SITENAME = u'Apache <pmc>'
-SITEDOMAIN = '<pmc>.apache.org'
-SITEURL = 'https://<pmc>.apache.org'
-SITELOGO = 'https://<pmc>.apache.org/images/logo.png'
-SITEDESC = u'<pmc desc>'
-SITEREPOSITORY = 'https://github.com/apache/<pmc-site>/blob/<branch>/content/'
-TRADEMARKS = u'Apache, the Apache feather logo, and <pmc> are trademarks or registered trademarks'
-CURRENTYEAR = date.today().year
-</code></pre>
-
+<div class="highlight"><pre><span></span><code><span class="n">SITENAME</span> <span class="o">=</span> <span class="sa">u</span><span class="s1">'Apache <pmc>'</span>
+<span class="n">SITEDOMAIN</span> <span class="o">=</span> <span class="s1">'<pmc>.apache.org'</span>
+<span class="n">SITEURL</span> <span class="o">=</span> <span class="s1">'https://<pmc>.apache.org'</span>
+<span class="n">SITELOGO</span> <span class="o">=</span> <span class="s1">'https://<pmc>.apache.org/images/logo.png'</span>
+<span class="n">SITEDESC</span> <span class="o">=</span> <span class="sa">u</span><span class="s1">'<pmc desc>'</span>
+<span class="n">SITEREPOSITORY</span> <span class="o">=</span> <span class="s1">'https://github.com/apache/<pmc-site>/blob/<branch>/content/'</span>
+<span class="n">TRADEMARKS</span> <span class="o">=</span> <span class="sa">u</span><span class="s1">'Apache, the Apache feather logo, and <pmc> are trademarks or registered trademarks'</span>
+<span class="n">CURRENTYEAR</span> <span class="o">=</span> <span class="n">date</span><span class="o">.</span><span class="n">today</span><span class="p">()</span><span class="o">.</span><span class="n">year</span>
+</code></pre></div>
</div>
</div>
</div>
diff --git a/output/asf-pelican.html b/output/asf-pelican.html
index b9c6488..7808575 100644
--- a/output/asf-pelican.html
+++ b/output/asf-pelican.html
@@ -93,7 +93,6 @@
<li>The template uses <a href="gfm.html">GitHub Flavored Markdown</a> (GFM) to structure content. It also supports most HTML elements.</li>
<li>How to develop your site using <a href="asf-pelican-local.html">local builds</a> on a local Linux or macOS system.</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/asf-yaml.html b/output/asf-yaml.html
index fd0bc7c..b7db5a3 100644
--- a/output/asf-yaml.html
+++ b/output/asf-yaml.html
@@ -82,7 +82,6 @@
</ul>
<p>It operates on a per-branch basis, meaning you can have different settings for different branches, and only those with an active <code>.asf.yaml</code> file will kick off a feature. Metadata settings (repo settings, features, labels) are not branch-dependent and should exist in the main (default) branch.</p>
<p>Full documentation and examples for using <code>.asf.yaml</code> are currently in the <a href="https://github.com/apache/infrastructure-asfyaml/blob/main/README.md" target="_blank">README file</a> of the GitHub repository for <code>.asf.yaml</code>.</p>
-
</div>
</div>
</div>
diff --git a/output/asfbot.html b/output/asfbot.html
index e5b2529..8d8ef45 100644
--- a/output/asfbot.html
+++ b/output/asfbot.html
@@ -74,6 +74,7 @@
ASFBot: IRC services and archives
</h1>
<p id="intro"></p>
+
<p>ASFBot offers many services for Apache projects on Internet Relay Chat (IRC). IRC is an application layer protocol that facilitates text communication. The chat process works on a client/server networking model. To enable these services, contact Infra, either with a <a href="https://issues.apache.org/jira/browse/INFRA" target="_blank">Jira ticket</a> or through <code>#asfinfra</code> on the official <a href="https://the-asf.slack.com/" target="_blank">Apache Slack instance</a>.</p>
<p><strong>Note</strong>: Infra supports ASFBot primarily for use during ASF members' meetings. If projects want to add extensions so that ASFBot can do other things, they need to support those extensions rather than relying on Infra to do so.</p>
<h2>Contents</h2>
@@ -86,20 +87,25 @@
<li><a href="#sourcecode">Technical information</a></li>
</ul>
<h2 id="commits">Reporting on repository commits and new Jira tickets<a class="headerlink" href="#commits" title="Permanent link">¶</a></h2>
+
<p>ASFBot can report on new commits to your Subversion or Git repository and or report when someone creates, updates, or closes a Jira ticket. You can tailor the ASFBot reports to your individual needs, with multiline logs, compacted paragraphs, coloring, different report styles, etc.</p>
-<p>You can subscribe to any repository you like, and get reports on any specific changes you prefer, as long as these changes are publicly available. Subscriptions are <em>tag-based</em>, meaning that any one tag will apply to both Subversion and git commits.</p>
+<p>You can subscribe to any repository you like, and get reports on any specific changes you prefer, as long as these changes are publicly available. Subscriptions are <em>tag-based</em>, meaning that any one tag will apply to both Subversion and git commits.</p></p>
<h2 id="jiras">Reporting on changes to Jira tickets<a class="headerlink" href="#jiras" title="Permanent link">¶</a></h2>
-<p>If your channel is set up for Jira reporting, ASFBot keeps track of the latest changes to a Jira ticket. To view, for instance, the most recent comment pertaining to <code>INFRA-1234</code>, type:</p>
-<p><code>ASFBot: comment INFRA-1234</code></p>
+
+<p>If your channel is set up for Jira reporting, ASFBot keeps track of the latest changes to a Jira ticket. To view, for instance, the most recent comment pertaining to <code>INFRA-1234</code>, type: </p>
+<p><code>ASFBot: comment INFRA-1234</code> </p>
<h2 id="issues">Fetching issue information<a class="headerlink" href="#issues" title="Permanent link">¶</a></h2>
+
<p>ASFBot can help you find the correct information or link related to specific Jira or Bugzilla issues. To use this feature for <code>issue #52230</code>, type:</p>
<p><code>COUCHDB-1234</code></p>
<p>ASFBot returns a link to that Jira ticket or Bugzilla issue and, if available, a short issue summary.</p>
<h2 id="secretary">Secretary feature<a class="headerlink" href="#secretary" title="Permanent link">¶</a></h2>
-<p>ASFBot provides a simple secretary feature. To leave a message for an absent person, write:</p>
+
+<p>ASFBot provides a simple secretary feature. To leave a message for an absent person, write: </p>
<p><code>ASFBot: tell [recipient] [message]</code></p>
<p>ASFBot passes that message to the intended recipient the next time that person logs onto the channel.</p>
<h2 id="meetings">Record-keeping for meetings<a class="headerlink" href="#meetings" title="Permanent link">¶</a></h2>
+
<p>ASFBot can keep a record of meetings you hold on IRC and publish these in HTML format with an agenda, actions to be taken and a list of participants. Record keeping is available in channels where logging is enabled. To enable logging, contact Infra.</p>
<p>Record keeping works as follows:</p>
<ul>
@@ -111,12 +117,12 @@
<li>To end a meeting and save a summary of it, type <code>ASFBot: meeting end</code>. This will end the record keeping and produce an HTML document containing the summary of the meeting and a log of everything participants wrote.</li>
<li>To send an IRC meeting summary as an email to a recipient, type <code>ASFBot: meeting send your@domain.tld</code>. You will need to have been granted karma by Infra to perform this task.</li>
</ul>
-<p>ASFBot understands most <a href="https://meetbot.debian.net/Manual.html" target="_blank">meetbot</a> commands, so
+<p>ASFBot understands most <a href="https://meetbot.debian.net/Manual.html" target="_blank">meetbot</a> commands, so
<code>#meetingstart</code> and <code>#meetingend</code> will also start and end a recording of a meeting.</p>
<p>For an example of what a meeting summary may look like, check out this record of a <a href="https://comments.apache.org/meetings/couchdb-meeting-16_01_2013-2439.html" target="_blank">CouchDB meeting</a>.</p>
<h2 id="sourcecode">Technical Information About ASFBot<a class="headerlink" href="#sourcecode" title="Permanent link">¶</a></h2>
-<p>The ASFBot <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/projects/asfbot/" target="_blank">source code</a></p>
+<p>The ASFBot <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/projects/asfbot/" target="_blank">source code</a></p>
</div>
</div>
</div>
diff --git a/output/asfyaml-mkdocs.html b/output/asfyaml-mkdocs.html
index bb4c7ae..31d0902 100644
--- a/output/asfyaml-mkdocs.html
+++ b/output/asfyaml-mkdocs.html
@@ -76,13 +76,12 @@
<p><a href="https://www.mkdocs.org/" target="_blank">MKDocs</a> is a static site generator designed for creating project documentation. However, at least one ASF project uses it to build their entire project website.</p>
<p>As of August 2021, you need to use a special MKDocs build command sequence so it can handle the project site's <code>.asf.yaml</code> file, which must be in the root of the site.</p>
<p>The command <code>mkdocs gh-deploy</code> removes the site, rebuilds it, and then deploys the updated contents to the given remote branch. This removes, but does not replace, the <code>.asf.yaml</code> file.</p>
-<p>To prevent the new build from removing the <code>.asf.yaml</code> file, use this build command sequence:</p>
-<pre><code>rm -r site
+<p>To prevent the new build from removing the <code>.asf.yaml</code> file, use this build command sequence: </p>
+<div class="highlight"><pre><span></span><code>rm -r site
mkdir site
cp ../.asf.yaml site/
mkdocs gh-deploy --dirty
-</code></pre>
-
+</code></pre></div>
</div>
</div>
</div>
diff --git a/output/backup-policy.html b/output/backup-policy.html
index 2e8e05b..285e4c3 100644
--- a/output/backup-policy.html
+++ b/output/backup-policy.html
@@ -98,7 +98,6 @@
<li>Raw archives (mbox-vm) (rsync/backuppc)</li>
<li>qmail source (hermes) (rsync backup + rsync replica)</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/blog/2023-infra-survey-results.html b/output/blog/2023-infra-survey-results.html
new file mode 100644
index 0000000..689e09c
--- /dev/null
+++ b/output/blog/2023-infra-survey-results.html
@@ -0,0 +1,209 @@
+<!doctype html>
+<html class="no-js" lang="en" dir="ltr">
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="x-ua-compatible" content="ie=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <title>2023 Infra Survey Results - Apache Infrastructure Website</title>
+<link href="/css/bootstrap.min.css" rel="stylesheet">
+<link href="/css/fontawesome.all.min.css" rel="stylesheet">
+<link href="/css/headerlink.css" rel="stylesheet">
+<script src="/highlight/highlight.min.js"></script> </head>
+ <body class="d-flex flex-column h-100">
+ <main class="flex-shrink-0">
+<!-- nav bar -->
+<nav class="navbar navbar-expand-lg navbar-dark bg-dark" aria-label="Fifth navbar example">
+ <div class="container-fluid">
+ <a class="navbar-brand" href="/"><img src="/images/feather.png" style="height: 32px;"/> Apache Infrastructure</a>
+ <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarADP" aria-controls="navbarADP" aria-expanded="false" aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+
+ <div class="collapse navbar-collapse" id="navbarADP">
+ <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">About</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/team.html">About the team</a></li>
+ <li><a class="dropdown-item" href="/roundtable.html">The Infrastructure Roundtable</a></li>
+ <li><a class="dropdown-item" href="/blog/">The Infrastructure Blog</a></li>
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/policies.html">Policies</a>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Services and Tools</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/services.html">Services and Tools</a></li>
+ <li><a class="dropdown-item" href="/machines.html">Machines and Fingerprints</a></li>
+ <li><a class="dropdown-item" href="https://blocky.apache.org/">Blocky</a></li>
+ <li><a class="dropdown-item" href="https://app.datadoghq.com/account/login?next=%2Finfrastructure">DataDog</a></li>
+ <li><a class="dropdown-item" href="https://whimsy.apache.org/roster/committer/" target="_blank">Committer Search</a></li>
+ </ul>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Documentation</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/doc.html">Contribute</a></li>
+ <li><a class="dropdown-item" href="/infra-volunteer.html">Volunteer with Infra</a></li>
+ <li><a class="dropdown-item" href="/how-to-mirror.html">Become an ASF download mirror</a></li>
+ <li><a class="dropdown-item" href="/hosting-external-agent.html">Host a Jenkins or Buildbot agent</a></li>
+
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/stats.html">Status</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/contact.html">Contact Us</a>
+ </li>
+ </ul>
+ </div>
+ </div>
+</nav><!-- breadcrumbs -->
+<div class="card" style="height: 34px;">
+ <nav aria-label="breadcrumb" style="padding-left: 12px; padding-top: 4px;">
+ <ol class="breadcrumb">
+ <li class="breadcrumb-item"><a href="/">Home</a></li>
+
+ <li class="breadcrumb-item active"><a href="/blog/2023-infra-survey-results.html">
+2023 Infra Survey Results </a></li>
+
+ <li class="breadcrumb-item active">(<a href="https://github.com/apache/infrastructure-website/tree/master/content/blog/2023-infra-survey-results.md">edit</a>)</li>
+
+ </ol>
+ </nav>
+</div>
+
+
+<!-- page contents -->
+<div id="contents">
+ <div class="bg-white p-5 rounded">
+ <div class="col-sm-8 mx-auto">
+ <h1>
+ 2023 Infra Survey Results
+ </h1>
+ <p>Posted on: 2024-02-13 00:00:00+00:00</p>
+ <p>More than 50 people posted responses to our 2023 'year in review' survey. Here is a summary of the responses to questions and the comments added in each section.</p>
+<p>We're grateful to those who took the time to fill out the survey. Without feedback like this, the Infra team can feel a bit like it is flailing around in the dark.</p>
+<h2>Summary of responses</h2>
+<h3>Infra Roundtables</h3>
+<p>82% of survey respondents have attended an Infra Roundtable</p>
+<p>Some reasons for not having attended include:</p>
+<ul>
+<li>Time constraints (most frequent response)</li>
+<li>Was not aware it existed</li>
+<li>Do not need it / no pressing issues</li>
+<li>Timezone issues (the roundtables frequently happen at a time which is more convenient to people in Europe and North American than in Asia)</li>
+</ul>
+<p>88.9% say the roundtables ‘provide value’.</p>
+<p>Topics respondents would like roundtables to address:</p>
+<ul>
+<li>Things Infra is working on that might be useful to PMCs</li>
+<li>Vulnerability scanning</li>
+<li>Automation of<ul>
+<li>voting</li>
+<li>policy compliance verification</li>
+<li>releases</li>
+</ul>
+</li>
+<li>Ways to make it easier for contributors to projects to contribute to Infra coding tasks</li>
+<li>Periodic hackathons Infra hackathons open to all contributors</li>
+<li>Series of FAQs / tutorials on common tasks at the ASF</li>
+</ul>
+<h3>Communication</h3>
+<p>81% agreed that Infra is getting better at open communication.</p>
+<p>Further communications improvement suggestions included:</p>
+<ul>
+<li>Periodic newsletter (implemented!)</li>
+<li>Email announcements of important matters to all members</li>
+<li>Better connection of each Infra service with its documentation</li>
+<li>News box on the landing page at <code>infra.a.o</code> needs to be updated more frequently</li>
+<li>Questions to <code>users@infra.a.o</code> seem to go unanswered</li>
+<li>Be more consistent in showing latest and earlier versions of info on the wiki pages</li>
+<li>Public archive containing summaries of all main points in all roundtables</li>
+<li>Periodic publication of the basic stuff, such as 'Where is self-serve?'</li>
+</ul>
+<h3>Technical services</h3>
+<p>95% feel Infra offers adequate technical services for their project.</p>
+<p>Service improvement suggestions:</p>
+<ul>
+<li>Proactively improve the security posture of all ASF projects</li>
+<li>Automating releases (this is coming!) and dependency upgrades for CVE mitigation</li>
+<li>Free BSD runners and CI builder on GitHub</li>
+<li>More docs and examples for VM setup via puppet</li>
+<li>Password management solution</li>
+<li>More powerful GitHub Action runners for all platforms</li>
+<li>Video call service</li>
+</ul>
+<p>We asked which existing services need improvement. These areas got the most votes:</p>
+<ul>
+<li>CI/CD (Jenkins, BuildBot, GitHub Actions – 62%</li>
+<li>Issue Tracking (Jira, GitHubIssues, Bugzilla) – 31%</li>
+<li>Documentation / Wiki pages – 31%</li>
+<li>Source control (GitHub/GitBox, SVN) – 19%</li>
+<li>Messaging (Slack, mailing lists) – 19% </li>
+</ul>
+<p>Comments:</p>
+<ul>
+<li>Archived blog content is greatly bit rotted with no way to fix; no good modern blogging options</li>
+<li>ASF project websites vary widely in visual appeal and functionality. How to make it easier to quickly set up ‘modern looking’ websites?</li>
+<li>Issue tracking – automated scripts to migrate existing issues from Jira to GitHub Issues.</li>
+<li>Fix tool sprawl – self-serve, whimsy, reporter, cveprocess...</li>
+<li>Jenkins seems outdated. Would prefer something like Concourse.</li>
+<li>Research an official Stack Overflow integration as an alternative to users’ lists?</li>
+<li>In CI/CD, we don’t really have any CD. Where can we deploy test apps?</li>
+<li>Docker Images.</li>
+<li>More control over Docker Hub repos.</li>
+<li>Builds are sometimes flaky because of disk-full error, broken hardware, missing build tools...</li>
+<li>Builds are very slow for projects with a large number of modules and different workflows for different test suites. Such projects need more dedicated resources.</li>
+<li>It’s easy for projects to configure build pipelines that don’t work well.</li>
+<li>I shouldn’t have to create a filter to understand the context of an email from the ASF.</li>
+<li>Struggling to find good documentation on Buildbot hosts, in particular for setting up a Windows build.</li>
+<li>In a multilanguage project, Kotlin is not counted.</li>
+<li>Mailing list noise from GitHub/GitBox. Drop messages from some bots.</li>
+<li>Need a simple build caching solution for Jenkins so we can cache Maven repositories between builds</li>
+<li>Need a good template for the static part of project websites. (Working on it!)</li>
+<li>There is no documentation on cleanup after a build and main + subpath deployment of a website, nor an example to start with.</li>
+<li>Long build queues on ASF Jenkins; problems with GHA builds</li>
+<li>Jenkins builds should be containerized and isolated from one another, so one build does not bring down a node for everybody else. Need guaranteed minimum performance for performance-sensitive build tests.</li>
+<li>Improve the messaging of Jira to the mailing lists.</li>
+</ul>
+<h3>New Year’s resolutions for projects:</h3>
+<ul>
+<li>Hope to make more frequent releases (multiple mentions).</li>
+<li>Get it fully, reproducibly built with OID integration to release it via Trusted Publishing to PyPI.</li>
+<li>Reduce ‘onboarding barriers’ and bridging projects for more synergy.</li>
+<li>Add documentation tutorials.</li>
+<li>Attracting more people to work on the documentation.</li>
+</ul>
+<h3>New Year’s hopes to get from Infra, the ASF, from your project</h3>
+<ul>
+<li>Easy to use and secure package and releasing platform (Working on it!)</li>
+<li>More reliability</li>
+<li>An arrangement with medium or substack</li>
+<li>FreeBSD/BSD</li>
+<li>More stability for Ubuntu Jenkins nodes</li>
+<li>automated voting tool (Working on it!)</li>
+<li>CI stabiity</li>
+<li>More powerful GitHub Runners for all platforms</li>
+</ul>
+<h3>Feedback for the Infra team:</h3>
+<p>Most of the comments were positive, with thanks for our efforts and good wishes for the new year.</p>
+<p>And there was one “Well, there is that one guy...” (working on it!)</p>
+ </div>
+ </div>
+ </div>
+ <!-- footer -->
+ <div class="row">
+ <div class="large-12 medium-12 columns">
+ <p style="font-style: italic; font-size: 0.8rem; text-align: center;">
+ Copyright 2024, <a href="https://www.apache.org/">The Apache Software Foundation</a>, Licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.<br/>
+ Apache® and the Apache feather logo are trademarks of The Apache Software Foundation...
+ </p>
+ </div>
+ </div>
+ <script type="application/ecmascript" src="/js/bootstrap.bundle.min.js" integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3"></script> </main>
+ </body>
+</html>
diff --git a/output/blog/add-your-wisdom-to-infra.html b/output/blog/add-your-wisdom-to-infra.html
new file mode 100644
index 0000000..47b6da9
--- /dev/null
+++ b/output/blog/add-your-wisdom-to-infra.html
@@ -0,0 +1,128 @@
+<!doctype html>
+<html class="no-js" lang="en" dir="ltr">
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="x-ua-compatible" content="ie=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <title>Add your wisdom to Infra - Apache Infrastructure Website</title>
+<link href="/css/bootstrap.min.css" rel="stylesheet">
+<link href="/css/fontawesome.all.min.css" rel="stylesheet">
+<link href="/css/headerlink.css" rel="stylesheet">
+<script src="/highlight/highlight.min.js"></script> </head>
+ <body class="d-flex flex-column h-100">
+ <main class="flex-shrink-0">
+<!-- nav bar -->
+<nav class="navbar navbar-expand-lg navbar-dark bg-dark" aria-label="Fifth navbar example">
+ <div class="container-fluid">
+ <a class="navbar-brand" href="/"><img src="/images/feather.png" style="height: 32px;"/> Apache Infrastructure</a>
+ <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarADP" aria-controls="navbarADP" aria-expanded="false" aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+
+ <div class="collapse navbar-collapse" id="navbarADP">
+ <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">About</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/team.html">About the team</a></li>
+ <li><a class="dropdown-item" href="/roundtable.html">The Infrastructure Roundtable</a></li>
+ <li><a class="dropdown-item" href="/blog/">The Infrastructure Blog</a></li>
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/policies.html">Policies</a>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Services and Tools</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/services.html">Services and Tools</a></li>
+ <li><a class="dropdown-item" href="/machines.html">Machines and Fingerprints</a></li>
+ <li><a class="dropdown-item" href="https://blocky.apache.org/">Blocky</a></li>
+ <li><a class="dropdown-item" href="https://app.datadoghq.com/account/login?next=%2Finfrastructure">DataDog</a></li>
+ <li><a class="dropdown-item" href="https://whimsy.apache.org/roster/committer/" target="_blank">Committer Search</a></li>
+ </ul>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Documentation</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/doc.html">Contribute</a></li>
+ <li><a class="dropdown-item" href="/infra-volunteer.html">Volunteer with Infra</a></li>
+ <li><a class="dropdown-item" href="/how-to-mirror.html">Become an ASF download mirror</a></li>
+ <li><a class="dropdown-item" href="/hosting-external-agent.html">Host a Jenkins or Buildbot agent</a></li>
+
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/stats.html">Status</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/contact.html">Contact Us</a>
+ </li>
+ </ul>
+ </div>
+ </div>
+</nav><!-- breadcrumbs -->
+<div class="card" style="height: 34px;">
+ <nav aria-label="breadcrumb" style="padding-left: 12px; padding-top: 4px;">
+ <ol class="breadcrumb">
+ <li class="breadcrumb-item"><a href="/">Home</a></li>
+
+ <li class="breadcrumb-item active"><a href="/blog/add-your-wisdom-to-infra.html">
+Add your wisdom to Infra </a></li>
+
+ <li class="breadcrumb-item active">(<a href="https://github.com/apache/infrastructure-website/tree/master/content/blog/add-your-wisdom-to-infra.md">edit</a>)</li>
+
+ </ol>
+ </nav>
+</div>
+
+
+<!-- page contents -->
+<div id="contents">
+ <div class="bg-white p-5 rounded">
+ <div class="col-sm-8 mx-auto">
+ <h1>
+ Add your wisdom to Infra
+ </h1>
+ <p>Posted on: 2023-11-17 01:55:55+00:00</p>
+ <p>Committers, contributors, and ASF Members have a wealth of information about every aspect of software and community development. When we share our knowledge, its reach multiplies and our effectiveness increases.</p>
+<p>For the infrastructure that supports all our efforts at the ASF, here are some ways to share what you know with the folks with the greatest need to hear it:</p>
+<p><strong>Share your smarts</strong></p>
+<p>If you join the <code>users@infra.apache.org</code> email list, you can help answer the many questions we receive related to our infrastructure: Where can I find X? How do I achieve Y? I am trying to do Z but getting this mystery error message.</p>
+<p>The issues range in complexity. Any committer or ASF Member is well-positioned to answer all but the most gnarly ones.</p>
+<p><strong>Join the Roundtables</strong></p>
+<p>Infra holds regular roundtable discussions on important topics in the World of Infrastructure. These are not lectures, where an Infra member holds forth and everybody is supposed to sit in respectful silence. Rather, the Infra team is hoping to gain insights and guidance from members of the ASF community that will improve how the team works or a tool it is developing.</p>
+<p>The roundtables usually take place on the <strong>first Wednesday of each month</strong>, on the <code>#roundtable</code> channel in the <code>the-ASF</code> workspace on Slack. They are available to anyone who can access the ASF workspace on Slack: basically, committers and Members.
+ - Here are <a href="https://infra.apache.org/roundtable.html" target="_blank">details about the Roundtables</a>, including information on joining the <code>#roundtable</code> channel.
+ - We don't record the sessions, but we do take <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable" target="_blank">copious notes</a>.</p>
+<p><strong>Build better builds</strong></p>
+<p>A group meets regularly (usually the second Thursday of the month) in the <code>#builds</code> channel in the <code>the-ASF</code> workspace on Slack to explore issues related to builds of ASF projects' products. You are welcome whether you have a puzzle you need help solving, or some insights that may help others.</p>
+<p><strong>Re-vision distribution</strong></p>
+<p>Infra is starting to develop the <strong>Artifacts Distribution Platform</strong> (ADP). The idea is to consolidate <code>dist.apache.org</code>, <code>downloads.apache.org</code>, <code>rsync.apache.org</code> and <code>archive.apache.org</code> into one service that will free up resources and:</p>
+<ul>
+<li>simplify backups of release artifacts</li>
+<li>remove the need to "police" projects about their release pages by no longer requiring them to manually archive older releases</li>
+<li>ensure that all new releases follow our release policies by only allowing policy-compliant artifacts to be released</li>
+<li>make it easier for product users to verify that what they are about to download is a certified ASF artifact</li>
+</ul>
+<p>We are assembling lists of necessary features, 'good to have' features, and ambitious pipe dreams, and value input from all across the The ASF's communities.</p>
+<ul>
+<li>Join the <code>artifacts@infra.apache.org</code> mailing list.</li>
+<li>Ask to be invited to the <code>artifact-platform-dev</code> channel in the <code>the-ASF</code> workspace on Slack.</li>
+<li>Review the <a href="https://cwiki.apache.org/confluence/display/INFRA/Artifacts+Distribution+Platform" target="_blank">current collection of ideas and issues</a> related to the ADP. Add your thoughts/concerns/insights in the editable pages linked to from that main page. (Note: we have already blue-skied a very complex application. If you suggest another component, we may invite you to help develop it.)</li>
+</ul>
+ </div>
+ </div>
+ </div>
+ <!-- footer -->
+ <div class="row">
+ <div class="large-12 medium-12 columns">
+ <p style="font-style: italic; font-size: 0.8rem; text-align: center;">
+ Copyright 2024, <a href="https://www.apache.org/">The Apache Software Foundation</a>, Licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.<br/>
+ Apache® and the Apache feather logo are trademarks of The Apache Software Foundation...
+ </p>
+ </div>
+ </div>
+ <script type="application/ecmascript" src="/js/bootstrap.bundle.min.js" integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3"></script> </main>
+ </body>
+</html>
diff --git a/output/blog/index.html b/output/blog/index.html
index f8c0073..798cd6b 100644
--- a/output/blog/index.html
+++ b/output/blog/index.html
@@ -91,14 +91,14 @@
<article class="post">
<header>
<div class="title">
- <h2><a href="/blog/newsletter_04_24.html">Inside Infra April 2024</a></h2>
+ <h2><a href="/blog/inside-infra-april-2024.html">Inside Infra April 2024</a></h2>
<p>Posted on: 2024-04-25 00:00:00+00:00</p>
<p><p>Welcome to <em>Inside Infra</em> for April, 2024.</p>
<h2>Infra Reporting Dashboard</h2>
<p>The dashboard, at <a href="https://infra-reports.apache.org/" target="_blank">infra-reports.apache.org</a>, provides a collection of reports on the overall health and activity of the infrastructure at the ASF. These reports can be helpful in understanding the status of all the ASF 'under the hood' resources …</p></p>
<footer>
<ul class="actions">
- <div style="text-align: right"><a href="/blog/newsletter_04_24.html" class="button medium">Continue Reading</a></div>
+ <div style="text-align: right"><a href="/blog/inside-infra-april-2024.html" class="button medium">Continue Reading</a></div>
</ul>
<ul class="stats">
</ul>
@@ -112,14 +112,14 @@
<article class="post">
<header>
<div class="title">
- <h2><a href="/blog/newsletter_03_24.html">Inside Infra March 2024</a></h2>
+ <h2><a href="/blog/inside-infra-march-2024.html">Inside Infra March 2024</a></h2>
<p>Posted on: 2024-03-23 00:00:00+00:00</p>
<p><p>Welcome to <strong>Inside Infra</strong> for March, 2024.</p>
<h3>Policy change on use of GitHub Actions</h3>
<p>Due to misconfigurations in their builds, some projects have been using unsupportable numbers of GitHub Actions. As part of fixing this situation, Infra has added a 'resource use' section to the policy on GitHub Actions. This …</p></p>
<footer>
<ul class="actions">
- <div style="text-align: right"><a href="/blog/newsletter_03_24.html" class="button medium">Continue Reading</a></div>
+ <div style="text-align: right"><a href="/blog/inside-infra-march-2024.html" class="button medium">Continue Reading</a></div>
</ul>
<ul class="stats">
</ul>
@@ -133,15 +133,15 @@
<article class="post">
<header>
<div class="title">
- <h2><a href="/blog/newsletter_02_24.html">Inside Infra February 2024</a></h2>
+ <h2><a href="/blog/inside-infra-february-2024.html">Inside Infra February 2024</a></h2>
<p>Posted on: 2024-02-20 00:00:00+00:00</p>
<p><p><em>Hello, all!</em></p>
<h2>Newsletter name</h2>
-<p>Our very unscientific poll showed that "Inside Infra" has the most support as a name for this newsletter, so that is what we shall be.</p>
+<p>Our very unscientific poll showed that "Inside Infra" has the most support as a name for this newsletter, so that is what we shall be. </p>
<p><strong>Note</strong>: in 2020 the main ASF blog published a series of interviews with Infra team members also called "Inside Infra". Links …</p></p>
<footer>
<ul class="actions">
- <div style="text-align: right"><a href="/blog/newsletter_02_24.html" class="button medium">Continue Reading</a></div>
+ <div style="text-align: right"><a href="/blog/inside-infra-february-2024.html" class="button medium">Continue Reading</a></div>
</ul>
<ul class="stats">
</ul>
@@ -155,13 +155,13 @@
<article class="post">
<header>
<div class="title">
- <h2><a href="/blog/2023 Infra Survey Results.html">2023 Infra Survey Results</a></h2>
+ <h2><a href="/blog/2023-infra-survey-results.html">2023 Infra Survey Results</a></h2>
<p>Posted on: 2024-02-13 00:00:00+00:00</p>
<p><p>More than 50 people posted responses to our 2023 'year in review' survey. Here is a summary of the responses to questions and the comments added in each section.</p>
<p>We're grateful to those who took the time to fill out the survey. Without feedback like this, the Infra team can …</p></p>
<footer>
<ul class="actions">
- <div style="text-align: right"><a href="/blog/2023 Infra Survey Results.html" class="button medium">Continue Reading</a></div>
+ <div style="text-align: right"><a href="/blog/2023-infra-survey-results.html" class="button medium">Continue Reading</a></div>
</ul>
<ul class="stats">
</ul>
@@ -175,13 +175,13 @@
<article class="post">
<header>
<div class="title">
- <h2><a href="/blog/newsletter_01_24.html">The Infra Newsletter January 2024</a></h2>
+ <h2><a href="/blog/the-infra-newsletter-january-2024.html">The Infra Newsletter January 2024</a></h2>
<p>Posted on: 2024-01-20 00:00:00+00:00</p>
<p><p>Hi, all!</p>
<p>Someone who responded to our annual survey (see below) suggested that we start a newsletter to share developments and other news. The suggester thought we should send it to the <code>dev@</code> list of every PMC and PPMC, but we are going to start with a more limited distribution …</p></p>
<footer>
<ul class="actions">
- <div style="text-align: right"><a href="/blog/newsletter_01_24.html" class="button medium">Continue Reading</a></div>
+ <div style="text-align: right"><a href="/blog/the-infra-newsletter-january-2024.html" class="button medium">Continue Reading</a></div>
</ul>
<ul class="stats">
</ul>
@@ -195,13 +195,13 @@
<article class="post">
<header>
<div class="title">
- <h2><a href="/blog/add_wisdom.html">Add your wisdom to Infra</a></h2>
+ <h2><a href="/blog/add-your-wisdom-to-infra.html">Add your wisdom to Infra</a></h2>
<p>Posted on: 2023-11-17 01:55:55+00:00</p>
<p><p>Committers, contributors, and ASF Members have a wealth of information about every aspect of software and community development. When we share our knowledge, its reach multiplies and our effectiveness increases.</p>
<p>For the infrastructure that supports all our efforts at the ASF, here are some ways to share what you know …</p></p>
<footer>
<ul class="actions">
- <div style="text-align: right"><a href="/blog/add_wisdom.html" class="button medium">Continue Reading</a></div>
+ <div style="text-align: right"><a href="/blog/add-your-wisdom-to-infra.html" class="button medium">Continue Reading</a></div>
</ul>
<ul class="stats">
</ul>
@@ -215,283 +215,12 @@
<article class="post">
<header>
<div class="title">
- <h2><a href="/blog/brand-new-selfserve-page.html">Brand New Self-serve Page</a></h2>
- <p>Posted on: 2023-03-01 00:00:00+00:00</p>
- <p><p>Greetings all!</p>
-<p>We're announcing a new look for selfserve.apache.org today! It's a completely updated site, featuring a new layout which we hope will suit everyone better. The new update also cleans up a some tech debt we've had with the old site, so adding new features or integrations …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/brand-new-selfserve-page.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/2022_Infra_Survey_Results.html">2022 Infra Survey Results</a></h2>
- <p>Posted on: 2023-01-11 00:00:00+00:00</p>
- <p><h3>Intro</h3>
-<p>I'd like to thank everyone who took time to take the survey. This is the first time that I know of that we've tried something like this, and feedback is very important. I'd also like to take a second to clarify my tone for this article. I'm presenting as …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/2022_Infra_Survey_Results.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/the_joy_of_feedback.html">The Joy of Feedback (2022 Infra Survey)</a></h2>
- <p>Posted on: 2022-12-01 00:00:00+00:00</p>
- <p><p>In discussions at ApacheCon in New Orleans, we learned that the three standard methods of communicating with Infra: </p>
-<ul>
-<li>opening a Jira ticket </li>
-<li>sending an email </li>
-<li>posting a message on the <code>#asfinfra</code> Slack channel</li>
-</ul>
-<p>are not ideal for many conversations folks would like to have about The ASF's infrastructure.</p>
-<h2>Roundtable Discussions …</h2></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/the_joy_of_feedback.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/new-jenkins-nodes-running-windows.html">New Jenkins Nodes running Windows</a></h2>
- <p>Posted on: 2022-11-21 00:00:00+00:00</p>
- <p><p>This afternoon, we rolled out two new Shared Jenkins Nodes, jenkins-win-azr-7 and 8. They are both in rotation, using the labels Windows and Windows-Docker. The second label was put in place as the older nodes can't run Docker Desktop. I've also tried setting these up by cloning disks instead of …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/new-jenkins-nodes-running-windows.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/jira-public-signup-disabled.html">Jira Public Signup Disabled</a></h2>
- <p>Posted on: 2022-11-11 16:48:00+00:00</p>
- <p><p>Today, the Infrastructure Team took the step to disable public signups to ASF Jira</p>
-<p>This was not done lightly. The main reason for this is the amount of spam and spam accounts that are created every day, it has
-made managing Jira a big effort. In addition, Infra are planning …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/jira-public-signup-disabled.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/Blogs has a new home.html">Infra blogs has a new home</a></h2>
+ <h2><a href="/blog/infra-blogs-has-a-new-home.html">Infra blogs has a new home</a></h2>
<p>Posted on: 2022-10-24 12:54:00+00:00</p>
- <p><p>Just moved posts over from blogs.apache.org/infra. New posts all go through the infrastructure-website repo and it should be as easy as posting some markdown.</p>
-</p>
+ <p><p>Just moved posts over from blogs.apache.org/infra. New posts all go through the infrastructure-website repo and it should be as easy as posting some markdown.</p></p>
<footer>
<ul class="actions">
- <div style="text-align: right"><a href="/blog/Blogs has a new home.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/email-service-interruption-and-restoration.html">Email service interruption and restoration July 12, 2022</a></h2>
- <p>Posted on: 2022-07-13 16:41:38+00:00</p>
- <p><p><b>July 13, 2022</b></p><p><span style='color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>At around 09:11 UTC on Tuesday, July 12th 2022, the primary mailing list server (colloquially known as <b>Hermes</b>) at The Apache Software Foundation suffered a fatal breakdown and became unresponsive.</span><br/></p><p style='margin-bottom: 0px; padding: 0px; color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>The Infrastructure team (Infra) was immediately notified and, in cooperation with our data center provider, attempted …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/email-service-interruption-and-restoration.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/strengthening-the-infra-team.html">Strengthening the Infra team</a></h2>
- <p>Posted on: 2022-06-27 12:51:54+00:00</p>
- <p><p>Since before the start of COVID-19, the Infrastructure team had one open staff position. We have been able to fill it this year with a strong addition to the team, <b>Chris Wells</b>.</p><p><i>Where do you live?</i></p><p>Birch Run, Michigan, USA. I was born in Flint, Michigan, but I have moved …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/strengthening-the-infra-team.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/new-and-enhanced-gitbox-platform.html">New and enhanced GitBox platform sees the light of day</a></h2>
- <p>Posted on: 2022-04-04 07:48:50+00:00</p>
- <p><p><span style="font-size: 14px;">As we head into April and the middle of the spring of 2022, we are pleased to announce that we have migrated our writable git repository service, gitbox.apache.org, to a new location, a new cluster of hardware bits, and a new platform. The migration took around 35 minutes …</span></p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/new-and-enhanced-gitbox-platform.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/even-more-github-features-added.html">Even more GitHub features added to .asf.yaml</a></h2>
- <p>Posted on: 2020-10-21 13:35:19+00:00</p>
- <p><p>Available as of yesterday, more self serve features were added to the .asf.yaml toolset, based around GitHub Branch Protection.</p>
-<p>You can now add the following features :-</p><ul><li>GitHub Branch Protection Enable/Disable</li><li>Require Status Checks to pass before merging</li><li>Require Branches to be up to date before merging</li><li>Context Status …</li></ul></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/even-more-github-features-added.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/promoting-podlings.html">Promoting Podlings</a></h2>
- <p>Posted on: 2020-07-15 13:29:54+00:00</p>
- <p><p style="margin-bottom: 0in; line-height: 100%">The Infrastructure
-team is constantly looking for ways to do its work more quickly while
-maintaining the ASF standards of reliability, security, and
-almost-continuous availability. The more the team can speed up and
-improve standard processes that almost every project goes through,
-the better it is for the whole community …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/promoting-podlings.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/new-notification-scheme-features-for.html">New notification scheme features for git repositories</a></h2>
- <p>Posted on: 2020-04-19 22:50:14+00:00</p>
- <p><p>Today, ASF Infra launched new features for projects wishing to update their notification schemes for git/github activity on their own.</p>
-<p>Via the <a href="https://infra.apache.org/asf-yaml.html" target="_blank">.asf.yaml</a> file, projects can now define notification schemes for their repositories, including targets for commit emails, GitHub events, and Jira notification options.</p>
-<p>Along with this notification …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/new-notification-scheme-features-for.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/more-secure-and-robust-downloads.html">More secure and robust downloads</a></h2>
- <p>Posted on: 2020-03-04 15:43:06+00:00</p>
- <p><p><i>Infra member Daniel Gruno writes</i>:</p><p>To better provide our millions of users with downloads, the Apache Infrastructure Team has been restructuring the way downloads work for our main distribution channels over the past few weeks. For users, this will largely go unnoticed, and for projects likely the same; but we …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/more-secure-and-robust-downloads.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/welcome-to-roller-6-0.html">Welcome to Roller 6.0!</a></h2>
- <p>Posted on: 2020-02-25 22:16:59+00:00</p>
- <p><hr/>
-**Note**: Until June, 2023, the ASF supported using Apache Roller for project blogs. That support has ended. Please visit <a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a> for more information about blogs for projects.
-<hr/>
-<p>After some bumpy DNS issues, Roller 6.0 is live!<br/></p>
-</p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/welcome-to-roller-6-0.html" class="button medium">Continue Reading</a></div>
+ <div style="text-align: right"><a href="/blog/infra-blogs-has-a-new-home.html" class="button medium">Continue Reading</a></div>
</ul>
<ul class="stats">
</ul>
@@ -507,8 +236,7 @@
<div class="title">
<h2><a href="/blog/index.html">index</a></h2>
<p>Posted on: 2020-02-02 00:00:00+00:00</p>
- <p><p>Date: '2020-02-02'</p>
-</p>
+ <p></p>
<footer>
<ul class="actions">
<div style="text-align: right"><a href="/blog/index.html" class="button medium">Continue Reading</a></div>
@@ -519,1799 +247,6 @@
</article>
</div>
</div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/another-oar-in-the-water.html">Another oar in the water</a></h2>
- <p>Posted on: 2020-01-05 18:54:30+00:00</p>
- <p><p>
-The Infrastructure team (Infra) works behind the scenes to make it possible for Apache's galaxy of committers to do the cool stuff they do, and for the open-source world to get, use, and rely on applications Apache projects produce. Infra supports additions to code repositories, a constant stream of conversation …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/another-oar-in-the-water.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/subversion-to-git-service-git.html">Subversion-to-Git service (git.apache.org) post mortem, and the path forward</a></h2>
- <p>Posted on: 2019-09-10 21:36:35+00:00</p>
- <p><h2>What happened<br/></h2>
-<p>On August 31st 2019, the machine hosting our subversion-to-git mirrors and synchronization process for GitHub suffered a catastrophic drive error due to a power failure at our data center in Virginia. The power failure was, unfortunately, of such a nature, that recovering the disk data was not possible …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/subversion-to-git-service-git.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/apache-and-github-a-friendly.html">Apache and GitHub - a friendly PSA about awesomeness</a></h2>
- <p>Posted on: 2019-04-30 01:08:58+00:00</p>
- <p><p> <em>With the <a href="https://blogs.apache.org/foundation/entry/the-apache-software-foundation-expands">news of the Apache Software Foundation teaming up more closely with GitHub</a>, we feel it natural to elaborate a bit on what has been going on and what this means for you as a committer and/or user of Apache software.</em><br/><br/> </p>
-<h2>A little bit of history</h2>The Apache …</p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/apache-and-github-a-friendly.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/rate-limiting-on-apache-services.html">Rate-limiting on Apache services</a></h2>
- <p>Posted on: 2019-01-27 18:20:54+00:00</p>
- <p><p>Over the past few days we have implemented rate limiting on selected services across the ASF.</p>
-<p>As our foundation grows, so do the number of users and robots utilizing our services. In order to accommodate as many as possible with what resources we have, we have opted to implement rate-limiting …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/rate-limiting-on-apache-services.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/roller-updated-to-5-2.html">Roller updated to 5.2.2</a></h2>
- <p>Posted on: 2019-01-10 05:08:48+00:00</p>
- <p><hr/>
-**Note**: Until June, 2023, the ASF supported using Apache Roller for project blogs. That support has ended. Please visit <a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a> for more information about blogs for projects.
-<hr/>
-<p>We've updated blogs.a.o to the latest version of Roller, 5.2.2!!</p>
-<p> </p>
-<p> </p>
-<p><br/></p>
-</p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/roller-updated-to-5-2.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/relocation-of-apache-git-repositories.html">Relocation of Apache git repositories on git-wip-us.apache.org to gitbox.apache.org</a></h2>
- <p>Posted on: 2018-12-07 17:33:33+00:00</p>
- <p><p>[IF YOUR PROJECT DOES NOT HAVE GIT REPOSITORIES ON GIT-WIP-US PLEASE DISREGARD THIS POST]<br/><br/>Hello Apache projects,<br/><br/>I am writing to you because you may have git repositories on the git-wip-us server, which is slated to be decommissioned in the coming months. All repositories will be moved to the new …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/relocation-of-apache-git-repositories.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/position-available-infrastructure-systems-administrator.html">Position Available: Infrastructure Systems Administrator</a></h2>
- <p>Posted on: 2018-09-17 07:55:22+00:00</p>
- <p><h4><strong>UPDATE</strong>: We have received enough applicants at this time. Thank you all for your interest. <br/></h4>
-<p>The Apache Software Foundation (ASF) seeks to fill an Infrastructure Systems Administrator position. You will be responsible for working with the existing technical infrastructure team. The ASF manages a world-wide network of open source software …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/position-available-infrastructure-systems-administrator.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/bringing-gitpubsub-to-the-apache.html">Bringing GitPubSub to the Apache Jenkins build server</a></h2>
- <p>Posted on: 2017-03-26 01:07:08+00:00</p>
- <p><p>
-When it comes to <a href="#Jenkins">[Jenkins</a>], it has long been known that [polling must die].
-</p>
-<p>While we could go and create post commit hooks in all the ASF hosted Git repositories, that is something that realistically is just creating an added maintenance burden.
-<p>In any case, we have [GitPubSub]. </p></p>
-<p>The question …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/bringing-gitpubsub-to-the-apache.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/blogs-a-o-moved-upgraded.html">blogs.a.o moved, upgraded and improved</a></h2>
- <p>Posted on: 2017-01-01 08:06:46+00:00</p>
- <p><p>Hi All,</p>
-<p> <a href="https://blogs.apache.org" title="blogs.apache.org main site">blogs.apache.org</a> - the site you are reading now! has had a bit of an update.<br/></p>
-<p> </p>
-<p>1. We moved it from an aged VM Host to the Cloud (thanks LeaseWeb!)</p>
-<p>2. We puppetised the entire service, from install to deploy (see our <a href="https://github.com/apache/infrastructure-puppet/tree/deployment/modules/blogs_asf" title="GitHub Mirror of infrastructure-puppet">GitHub</a> Mirror )</p>
-<p>3. We upgraded the …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/blogs-a-o-moved-upgraded.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/position_available_infrastructure_systems_administrator.html">Position Available: Infrastructure Systems Administrator Architect</a></h2>
- <p>Posted on: 2016-07-25 20:07:36+00:00</p>
- <p><p><font size="5"><b>UPDATE</b>: We have received enough applicants at this time. Thank you all for your interest. </font></p>
-<div>
-<p>The Apache Software Foundation (ASF) seeks to fill an Infrastructure Systems Administrator/Architect position. You will be responsible for working with the existing technical infrastructure team, and VP of Infrastructure at the Apache Software Foundation …</p></div></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/position_available_infrastructure_systems_administrator.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/continued_outages_for_the_asf.html">ASF JIRA Outages and Troubleshooting</a></h2>
- <p>Posted on: 2016-06-30 16:25:30+00:00</p>
- <p><p>As people have noticed, our JIRA instance (arguably the largest public instance in the world) has been suffering from a yet unknown issue as of late. We are reasonably sure that this is related to specific queries being made against the instance (possibly automated queries from scrapers), but have yet …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/continued_outages_for_the_asf.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/appveyor_ci_now_available_for.html">AppVeyor CI now available for GitHub Mirrors</a></h2>
- <p>Posted on: 2016-02-12 19:45:06+00:00</p>
- <p><p><span style="font-stretch: normal;">The ASF Infrastructure team is happy to announce that projects can how have AppVeyor CI setup on their GitHub mirrors.</span></p>
-<p> The only thing you need to do is create an INFRA ticket at <a href="https://issues.apache.org/jira/browse/INFRA/">issues.apache.org</a> with the following information:</p>
-<ul>
-<li>Repo Name</li>
-<li>Mailing list to send build notifications to (optional …</li></ul></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/appveyor_ci_now_available_for.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/dear_apache.html">Dear Apache</a></h2>
- <p>Posted on: 2015-10-19 18:30:41+00:00</p>
- <p><p>My name is Daniel Takamori and I'm so happy to be joining the Infra team here at Apache. I'm from Oregon in the United States and really enjoy the rain. While at Oregon State University I studied mathematics and physics with a lean towards error correcting codes and mathematical modelling …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/dear_apache.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/planned_downtime_for_reviewboard.html">Planned downtime for ReviewBoard</a></h2>
- <p>Posted on: 2015-08-19 19:19:38+00:00</p>
- <p><div>
-<div>
-<div>The ReviewBoard vm ran out of space and despite our best
-efforts to fix the space issue without restarting the service, that is
-the only option left.<br/><br/></div>The plan is to restart the vm on
-Thursday August 20th at 21:00 UTC (14:00 PDT), but if it fills up …</div></div></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/planned_downtime_for_reviewboard.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/planned_downtime_for_jira1.html">Planned downtime for Jira1</a></h2>
- <p>Posted on: 2015-08-03 23:07:37+00:00</p>
- <p><p>There will be a planned reboot of Jira on Friday 7th August at 00:00 UTC.<br/><br/>This is 72 hours notice as recommended in our Core Services planned downtime SLA.<br/><br/>Currently, Jira requires a reboot when adding new projects to it. There is an outstanding <br/>ticket with Atlassian about this …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/planned_downtime_for_jira1.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/mirroring_to_github_issues.html">Mirroring to GitHub issues</a></h2>
- <p>Posted on: 2015-07-14 16:05:02+00:00</p>
- <p><p>As some of you are aware, there have been some issues syncing changes from repositories on <a href="https://git-wip-us.apache.org">https://git-wip-us.apache.org</a> to the mirrors on GitHub.</p>
-<p> </p>
-<p>The issues we are seeing:</p>
-<ul>
-<li>Pull requests not being closed when they should be</li>
-<li>Changes not being synced to the GitHub mirrors</li>
-<li>Bots other than …</li></ul></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/mirroring_to_github_issues.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/buildbot_master_currently_off_line.html">Buildbot master currently off-line</a></h2>
- <p>Posted on: 2015-06-29 21:17:45+00:00</p>
- <p><p><b>Update (2015-06-30 ~12.00 UTC):</b></p>
-<p>The replacement buildbot master is now live. The CMS service and the <a href="http://ci.apache.org">ci.apache.org</a> website have been restored. The project CI builds are mostly working but builds that upload docs, snapshots etc. to the buildmaster for publishing are likely to fail at the upload …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/buildbot_master_currently_off_line.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/confluence_wiki_service_to_be.html">Confluence Wiki service to be restarted</a></h2>
- <p>Posted on: 2015-06-10 08:32:13+00:00</p>
- <p><p>Hi All,<br/><br/>There will be a planned reboot of Confluence on Friday 12th June at 18:00 UTC+1<br/><br/>This is a blog post notice as recommended in our Core Services planned downtime SLA.<br/><br/>The Confluence wiki service configuration is stored in our Puppet configuration.<br/><br/>We have made some modifications …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/confluence_wiki_service_to_be.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/planned_downtime_for_jira.html">Planned downtime for Jira</a></h2>
- <p>Posted on: 2015-05-18 15:28:11+00:00</p>
- <p><p>Hi All,<br/><br/>There will be a planned reboot of Jira on Thursday 21st May at 16:00 UTC+1<br/><br/>This is 72 hours notice as recommended in our Core Services planned downtime SLA.<br/><br/>Currently, Jira requires a reboot when adding new projects to it. There is an outstanding <br/>ticket with …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/planned_downtime_for_jira.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/mail_service_architecture_changes.html">Mail Service Architecture Changes</a></h2>
- <p>Posted on: 2015-05-08 21:12:11+00:00</p>
- <p><p>For the past few months the Infrastructure team have been working extremely hard to re-design, implement and manage changes to the email service architecture. Today we are proud to announce that phase 1 of this has been completed, and has been running for several days now.</p>
-<p>Phase 1 covers all …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/mail_service_architecture_changes.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/apache_services_and_sha_1.html">Apache Services and SHA-1 SSL Cert deprecation</a></h2>
- <p>Posted on: 2015-04-29 23:02:29+00:00</p>
- <p><p>
-As some of you may have already encountered, certain services within Apache appear to have broken SSL support. While the cert is still valid, there is a part of the cert that both Microsoft and Google have stopped accepting as valid. We are working on fixing this and will use …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/apache_services_and_sha_1.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/git_based_websites_available.html">Git based websites available</a></h2>
- <p>Posted on: 2015-04-29 21:29:31+00:00</p>
- <p><p>If you have worked on a web site for an Apache project, you've probably come across the fact that everything has to be in Subversion for web sites. The reason for this has been the desire to have a unified standard for publishing web site contents across all projects. The …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/git_based_websites_available.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/apache_gains_additional_travis_ci.html">Apache gains additional Travis-CI capacity</a></h2>
- <p>Posted on: 2015-04-15 20:32:10+00:00</p>
- <p><p><span style="color: #222222; font-family: arial, sans-serif;"><a href="https://travis-ci.org" target="_blank">Travis-CI</a> is a distributed continuous integration platform that </span><span style="color: #222222; font-family: arial, sans-serif;">integrates well with projects on GitHub. As many of our projects are </span><span style="color: #222222; font-family: arial, sans-serif;">taking advantage of our <a href="https://blogs.apache.org/infra/entry/improved_integration_between_apache_and" target="_blank">GitHub integration</a>, they're also making use of </span><span style="color: #222222; font-family: arial, sans-serif;">Travis-CI for testing of inbound patches.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">Travis CI offers a free account for open source projects, with a built …</span></p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/apache_gains_additional_travis_ci.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/introducing_jira_service_desk.html">Introducing JIRA Service Desk</a></h2>
- <p>Posted on: 2015-04-13 20:21:14+00:00</p>
- <p><hr/>
-Infra no longer offers the Jira Service Desk. You can manage most standard service requests yourself through the <a href="https://selfserve.apache.org/" target="_blank">Self-Serve service</a>.
-<hr/>
-<p>As part of our ongoing efforts to streamline our service offerings, and to make it easier to interact with the Infrastructure team we are launching an instance of JIRA Service …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/introducing_jira_service_desk.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/downtime_notice_for_the_r.html">Downtime notice for the RW git repositories</a></h2>
- <p>Posted on: 2015-01-12 15:02:12+00:00</p>
- <p><p><span style="color: #222222; font-family: arial, sans-serif;">Folks,</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">Please note than on Thursday 15th at 20:00 UTC the Infrastructure team</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">will be taking the read/write git repositories offline. We expect</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">that this migration to last about 4 hours.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">During the outage the service will be migrated from an old host to a</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">new one. We …</span></p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/downtime_notice_for_the_r.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/svn_service_outage_postmortem.html">SVN Service Outage - PostMortem</a></h2>
- <p>Posted on: 2014-12-09 09:58:37+00:00</p>
- <p><p> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Summary</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;">On Wednesday December 3rd the main US host for the ASF subversion service fails resulting in loss of service. This loss of subversion service prevent committers from submitting any changes, and whilst we have an EU mirror it is read-only and does not allow for any changes to be …</span></p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/svn_service_outage_postmortem.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/subversion_master_undergoing_emergency_maintenance.html">Subversion master undergoing emergency maintenance</a></h2>
- <p>Posted on: 2014-12-03 17:52:32+00:00</p>
- <p><p>
-The primary master machine that hosts the Apache Software Foundation's subversion repositories is currently undergoing some emergency maintenance due to disk errors.<br/>
-We do not currently have an ETA on when this will be fixed.<br/> <br/>
-In the meantime, there will be no access to commit to SVN.<br/>
-The read-only mirror …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/subversion_master_undergoing_emergency_maintenance.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/moinmoin_service_user_account_tidy.html">MoinMoin Service - User Account Tidy Up</a></h2>
- <p>Posted on: 2014-11-21 12:17:17+00:00</p>
- <p><hr/>
-**Note**: We no longer use the MoinMoin service. Projects can create a wiki in the <a href="https://infra.apache.org/cwiki.html" target="_blank">ASF Confluence Wiki</a>.
-<hr/>
-<p>In recent months we have become increasingly aware of a slowing down of our MoinMoin wiki service. We have attributed this, at least in part, due to the way MoinMoin stores some …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/moinmoin_service_user_account_tidy.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/code_signing_service_now_available.html">Code signing service now available</a></h2>
- <p>Posted on: 2014-10-06 16:36:09+00:00</p>
- <p><p>The ASF Infrastructure team is pleased to announce the availability of a new code signing service for Java, Windows and Android applications. This service is available to any Apache project to use to sign their releases. Traditionally, Apache projects have shipped source code. The code tarballs are signed with a …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/code_signing_service_now_available.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/github_pull_request_builds_now.html">GitHub pull request builds now available on builds.apache.org</a></h2>
- <p>Posted on: 2014-10-02 13:00:00+00:00</p>
- <p><p><font face="arial, helvetica, sans-serif"><span style="font-stretch: normal;">The ASF Infrastructure team is happy to announce that you can now set up jobs on <a href="https://builds.apache.org">builds.apache.org</a> to listen for pull requests to <a href="https://github.com/apache">github.com/apache</a> repositories, build that pull request’s changes, and then comment on the pull request with the build’s results. This is done …</span></font></p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/github_pull_request_builds_now.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/committer_shell_access_to_people.html">Committer shell access to people.apache.org</a></h2>
- <p>Posted on: 2014-09-25 23:38:41+00:00</p>
- <p><p>Apache committers are granted shell access to a host known as either people.apache.org or minotaur. As you may know, there has been a two year grace period in which we have advertised the upcoming change away from password logins to SSH key only.</p>
-<p>Due to a significant recent …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/committer_shell_access_to_people.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/committers_mail_relay_service.html">Committers mail relay service</a></h2>
- <p>Posted on: 2014-09-25 22:57:44+00:00</p>
- <p><p>For a very long time now we have allowed committers to send email from their @apache.org email address from any host. 10 years ago this was less of an issue than it is today. In the current world of mass spam and junk flying around, mail server providers are …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/committers_mail_relay_service.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/nexus_reduced_performance_issues_resolved.html">Nexus reduced performance issues resolved</a></h2>
- <p>Posted on: 2014-09-11 09:19:46+00:00</p>
- <p><p> HI All,<br/><br/>So Tuesday morning we got a report in IRC that a committer was trying to get a release out <br/>and could not deploy. Shortly after a Nexus issue was reported in Jira INFRA-8321. A few <br/>hours later another issue INFRA-8322 related to Nexus was opened. So far, nothing …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/nexus_reduced_performance_issues_resolved.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/on_demand_workers_from_rackspace.html">On-demand workers from Rackspace added to builds.apache.org</a></h2>
- <p>Posted on: 2014-09-04 13:00:00+00:00</p>
- <p><div>A couple of weeks ago, Apache's Infrastructure team added a new feature to our Jenkins server, <a href="http://builds.apache.org">builds.apache.org</a> to help deal with the at times overwhelming queues of builds waiting for an executor. While this has been improved dramatically by the increase in workers generously provided by Yahoo! on …</div></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/on_demand_workers_from_rackspace.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/infrastructure_team_adopting_an_on.html">Infrastructure Team Adopting an On-Call Rotation</a></h2>
- <p>Posted on: 2014-08-18 13:00:00+00:00</p>
- <p><p>As the Apache Software Foundation (ASF) has grown, the infrastructure required to support its diverse set of projects has grown as well. To care for the infrastructure that the ASF depends on, the foundation has hired several contractors to supplement the dedicated cadre of volunteers who help maintain the ASFs …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/infrastructure_team_adopting_an_on.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/new_status_page_for_the.html">New status page for the ASF</a></h2>
- <p>Posted on: 2014-08-14 13:45:53+00:00</p>
- <p><p>We are pleased to announce that we have a new status page for our infrastructure and the ASF as a whole.</p>
-<p>Where we have previously been focused on reporting the up/down status of our services, we have now begun to look a bit more at the broader picture of …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/new_status_page_for_the.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/email_from_apache_org_committer.html">Email from apache.org committer accounts bypasses moderation!</a></h2>
- <p>Posted on: 2014-06-15 02:29:06+00:00</p>
- <p><p>Good news! We've finally laid the necessary groundwork to extend the bypassing of committer emails sent from their apache.org addresses, from commit lists to now all Apache mailing lists. This feature was activated earlier today and represents a significant benefit for cross-collaboration between Apache mailing lists for committers, relieving …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/email_from_apache_org_committer.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/dmarc_filtering_on_lists_that.html">DMARC filtering on lists that munge messages</a></h2>
- <p>Posted on: 2014-06-03 21:57:08+00:00</p>
- <p><hr/>
-**Note**: The solution described below has been incorporated into ezmlm. However, it creates a new problem, generating double 'Reply-To:' headers in the case of lists with a `reply-to` set to something other than the list name. A complete rewrite of this function is under consideration. You can follow the discussion …</p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/dmarc_filtering_on_lists_that.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/mail_outage_post_mortem.html">Mail outage post-mortem</a></h2>
- <p>Posted on: 2014-05-28 05:16:39+00:00</p>
- <p><p><span style="color: #222222; font-family: arial; font-size: small;"><b>Overview:</b></span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">During the afternoon of May 6th we began experiencing delays in mail delivery of 1-2 hours. Initial efforts at remediation seemed to clear this up but on the morning of May 7th the problem worsened and we proactively disabled mail service to deal with the failure. This outage affected …</span></p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/mail_outage_post_mortem.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/new_monitoring_system_nagios_is.html">New monitoring system: nagios is dead long live circonus</a></h2>
- <p>Posted on: 2014-05-23 22:29:12+00:00</p>
- <p><p>23 may 2014 the old monitoring system "nagios" was put to sleep, and "circonus" was given production status.</p>
-<p>The new monitoring system is sponsored by circonus and most of the monitoring as well as the central database runs on <a href="www.circonus.com" target="_blank">www.circonus.com</a>. The infrastructure team have built and deployed logic …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/new_monitoring_system_nagios_is.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/mail_outage.html">Mail outage</a></h2>
- <p>Posted on: 2014-05-07 14:48:16+00:00</p>
- <p><p>During the afternoon of May 6th we began experiencing delays in mail delivery of 1-2 hours. Initial efforts at remediation seemed to clear this up but on the morning of May 7th the problem worsened and we proactively disabled mail service to deal with the failure. The underlying hardware suffered …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/mail_outage.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/heartbleed_fallout_for_apache.html">heartbleed fallout for apache</a></h2>
- <p>Posted on: 2014-04-11 20:25:44+00:00</p>
- <p><p>Remain calm.</p>
-<p>What we've learned about the heartbleed incident is that it is hard, in the sense of perhaps only viable to a well-funded blackhat operation, to steal a private certificate and key from a vulnerable service. Nevertheless, the central role Apache projects play in the modern software development world …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/heartbleed_fallout_for_apache.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/scaling_down_the_cms_to.html">Scaling down the CMS to modest but intricate websites</a></h2>
- <p>Posted on: 2014-03-25 18:23:50+00:00</p>
- <p><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>The original focus of the CMS …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/scaling_down_the_cms_to.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/improved_integration_between_apache_and.html">Improved integration between Apache and GitHub</a></h2>
- <p>Posted on: 2014-02-12 01:16:30+00:00</p>
- <p><p>After a few weeks of hard work and mind-boggling debugging, we are pleased to announce tighter and smarter integration between GitHub and the Apache Software Foundation's infrastructure.</p>
-<p>These new features mean a much higher level of replication and retention of what goes on on GitHub, which in turns both help …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/improved_integration_between_apache_and.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/paste_apache_org_sees_the.html">paste.apache.org sees the light of day</a></h2>
- <p>Posted on: 2013-03-06 18:37:42+00:00</p>
- <p><p><em>Note</em>: As of May, 2024, Apache Paste is no longer available.</p>
-<hr/>
-<p>Today, the Apache Infrastructure team launched <a href="http://paste.apache.org">http://paste.apache.org</a>, a new ASF-driven site for posting snippets, scripts, logging output, configurations and much more and sharing them with the world.
-</p>
-<p><br/><b><i> Why yet another paste bin, you ask?</i></b></p>
-<p>Well, for …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/paste_apache_org_sees_the.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/new_infra_team_members.html">New Infra Team Members</a></h2>
- <p>Posted on: 2012-07-26 02:35:47+00:00</p>
- <p><p>
-<p>Since out last update over a year ago, the Infra Team has expanded by another NINE (9) members!</p></p>
-<p>Congrats and our warmest thanks go to:</p>
-<p><br/>Niklas Gustavsson - (ngn)<br/>Jeremy Thomerson - (jrthomerson)<br/>Mark Struberg - (struberg)<br/>Eric Evans - (eevans)<br/>Brandon Williams - (brandonwilliams)<br/>Mohammad Nour El-Din - (mnour)<br/>David Nalley - (ke4qqq)<br/>Yang Shih-Ching - (imacat …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/new_infra_team_members.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/asf_comments_system_live.html">ASF Comments System Live!</a></h2>
- <p>Posted on: 2012-07-09 16:49:30+00:00</p>
- <p><hr/>
-**Note**: This service is no longer available from Infra.
-<hr/>
-<p>Daniel Gruno has recently developed a <a href="https://comments.apache.org/">comments system</a> for Apache projects to use. The purpose of the system is to enable public commentary on project webpages and is already in production use in the <a href="http://httpd.apache.org/docs/trunk/">httpd</a> and <a href="http://trafficserver.apache.org/docs/">trafficserver</a> projects. This new system …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/asf_comments_system_live.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/apache_cms_new_features_for.html">Apache CMS: New features for anonymous users</a></h2>
- <p>Posted on: 2012-06-24 13:37:50+00:00</p>
- <p><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Two new features have recently been …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/apache_cms_new_features_for.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/the_value_of_taint_checks.html">The value of taint checks in CGI scripts</a></h2>
- <p>Posted on: 2012-06-09 21:45:27+00:00</p>
- <p><p>Consider the following snippet taken from a live CGI script running on the host that serves www.apache.org:</p>
-<pre>#!/usr/bin/perl
-<p>use strict;
-use warnings;</p>
-<p>print "Content-Type: text/html\n\n";
-my $artifact = "/apache-tomee/1.0.1-SNAPSHOT/";
-$artifact = $ENV{PATH_INFO} if $ENV{PATH_INFO};</p>
-<p>$artifact = "/$artifact/";
-$artifact =~ s,/+,/,g;
-$artifact …</p></pre></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/the_value_of_taint_checks.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/apache_org_incident_report_for.html">apache.org incident report for 05292012</a></h2>
- <p>Posted on: 2012-05-29 16:59:09+00:00</p>
- <p><p>Last week, internal audit activity discovered that the access logs of some committer-only Apache services contained passwords but had been available to every Apache committer.<br/></p>
-<h3> </h3>
-<h3>The problem</h3>
-<p>The httpd logs of several ASF services are aggregated and archived on minotaur.apache.org. Minotaur is also people.apache.org, the shell …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/apache_org_incident_report_for.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/apache_cms_and_external_build.html">Apache CMS and external build support</a></h2>
- <p>Posted on: 2012-03-10 17:28:05+00:00</p>
- <p><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Recently we've been working with the …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/apache_cms_and_external_build.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/apache_cms_latest_new_feature.html">Apache CMS: latest new feature is SPEED!</a></h2>
- <p>Posted on: 2012-02-26 02:23:56+00:00</p>
- <p><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Over the past few months the …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/apache_cms_latest_new_feature.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/translate_service_now_open.html">translate service now open!</a></h2>
- <p>Posted on: 2011-12-11 20:30:33+00:00</p>
- <p><p>
-<p>A few projects have requested it, now it is here! Check out <a href="https://translate.apache.org"><a href="https://translate.apache.org">https://translate.apache.org</a></a> and get your project added.</p></p>
-<p>See also <a href="https://cwiki.apache.org/confluence/display/INFRA/translate+pootle+service+auth+levels">https://cwiki.apache.org/confluence/display/INFRA/translate+pootle+service+auth+levels</a> for more information - you will see that general public non-logged in users can submit translate …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/translate_service_now_open.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/pear_package_hosting_available1.html">PEAR package hosting available</a></h2>
- <p>Posted on: 2011-04-15 05:32:23+00:00</p>
- <p><hr/>
-**Note**: Hosting releases of PEAR packages is no longer available.
-<hr/>
-<p>
-<p>Any projects in the position of being able to release via PEAR packages can now do so hosted officially on ASF servers.</p></p>
-<p><a href="http://pear.apache.org">http://pear.apache.org</a> is now up and running and ready to serve!</p>
-</p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/pear_package_hosting_available1.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/welcome_new_members_of_the.html">Welcome new members of the infra team</a></h2>
- <p>Posted on: 2011-03-22 10:09:45+00:00</p>
- <p><p>
-Well, some are not exactly new faces, but since our last blog update of new infra members in 2009 , we have conned with promises of fame, fortune and beer the following new additions to the infra team:
-</p>
-<ul>
-<li>Chris Rhodes: (arreyder)
-</li>
-<li>Brian Fox: (brianf)
-</li>
-<li>Matt Benson: (mbenson)
-</li>
-<li>David Blevins: (dblevins)
-</li>
-<li>Rudiger …</li></ul></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/welcome_new_members_of_the.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/changes_to_email_service_for.html">Changes to email service for all committers</a></h2>
- <p>Posted on: 2011-02-24 21:13:18+00:00</p>
- <p><p>In the near future the Infrastructure team will be implementing a change to the way we handle emails for all committers. </p>
-<p>
-Historically we have allowed users to choose how to handle their apache.org email. However we will be making the following changes:
-<ol>
-<li>Making LDAP authoritative for all mail forwarding …</li></ol></p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/changes_to_email_service_for.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/controlling_your_spamassassin_threshold1.html">Controlling your SpamAssassin threshold</a></h2>
- <p>Posted on: 2011-01-27 15:37:21+00:00</p>
- <p><p>Committers,</p>
-<p>
-The Infrastructure Team has just enabled a new feature to control your SpamAssassin Threshold for your apache.org account. The default score for user delivery has always remained at 10, but with this new feature you can lower that score to anything you want. Many people with older accounts …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/controlling_your_spamassassin_threshold1.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/https_id_apache_org_new.html">id.apache.org -- New Password Service</a></h2>
- <p>Posted on: 2011-01-14 16:36:42+00:00</p>
- <p><p>Folks, <br/> <br/></p>
-<p>The infrastructure team are pleased to announce the availability of <a href="https://id.apache.org">id.apache.org</a> the new password management tool for all ASF committers and members. This new service will allow users to:</p>
-<ol>
-<li>Reset forgotten LDAP passwords themselves, no need to contact the Infra team anymore.</li>
-<li>The ability to change their …</li></ol></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/https_id_apache_org_new.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/ldap_and_password_policy.html">LDAP and password policy</a></h2>
- <p>Posted on: 2010-12-17 06:38:50+00:00</p>
- <p><p>As of approximately 03:00 (UTC) today the infrastructure team have enabled a password policy for all LDAP accounts.<br/>
-This policy has been implemented at the LDAP infrastructure level and will affect all users. It has been deployed using OpenLDAP's password policy schema, and overlay.</p>
-<p>At the time of launch …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/ldap_and_password_policy.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/the_asf_cms.html">The ASF CMS</a></h2>
- <p>Posted on: 2010-12-02 04:25:43+00:00</p>
- <p><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the <a href="https://infra.apache.org/doc.html" target="_blank">general Infrastructure documentation page</a>.</p>
-<hr/>
-<p>
-Over the past 3 months, the …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/the_asf_cms.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/reviewboard_instance_running_at_the.html">ReviewBoard instance running at the ASF</a></h2>
- <p>Posted on: 2010-10-26 03:25:49+00:00</p>
- <p><p>We know we have projects that use reviewboard externally to the ASF, we also have some projects using codereview.appspot.com and we also have some projects using Fisheye/Clover externally.</p>
-<p>Well, due to popular request, we now have an internal ReviewBoard running on <a href="https://reviews.apache.org">https://reviews.apache.org</a> !!</p>
-<p>So, sign …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/reviewboard_instance_running_at_the.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/1_million_commits_and_still.html">1 million commits and still going strong</a></h2>
- <p>Posted on: 2010-09-23 11:55:55+00:00</p>
- <p><p>Yesterday, the main ASF SVN code repository passed the 1 million commit mark. Shortly thereafter one of the ASF members enquired as to how he could best grab the SVN log entries for all of these commits. As always, there were a bunch of useful replies, but they were all …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/1_million_commits_and_still.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/new_hardware_for_apache_org.html">new hardware for apache.org</a></h2>
- <p>Posted on: 2010-07-19 04:01:07+00:00</p>
- <p><p>This weekend we rolled out a new server, a Dell Power Edge R410, named Eos, to host the Apache.org websites and MoinMoin wiki:</p>
-<ul>
-<li>OS: FreeBSD 8.1-RC2</li>
-<li>CPU: 2x Intel(R) Xeon(R) CPU X5550 @ 2.67GHz (2 package(s) x 4 core(s) x 2 SMT threads = 16 …</li></ul></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/new_hardware_for_apache_org.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/s_apache_org_uri_shortening.html">s.apache.org - uri shortening service</a></h2>
- <p>Posted on: 2010-06-11 17:17:46+00:00</p>
- <p><p>
-Today we've brought <a href="http://s.apache.org/">s.apache.org</a> online. It's a url shortening service that's limited to Apache committers- the people who write all that Apache software! One of the main reasons we're providing this service is to allow committers to use shortened links whose provenance is known to be a trusted …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/s_apache_org_uri_shortening.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/apache_org_04_09_2010.html">apache.org incident report for 04092010</a></h2>
- <p>Posted on: 2010-04-13 05:04:50+00:00</p>
- <p><p>Apache.org services recently suffered a direct, targeted attack against our infrastructure, specifically the server hosting our issue-tracking software.</p>
-<p>The Apache Software Foundation uses a donated instance of <a href="http://www.atlassian.com/software/jira/">Atlassian JIRA</a> as an issue tracker for our projects. Among other projects, the ASF Infrastructure Team uses it to track issues and …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/apache_org_04_09_2010.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/asf_buildbot_svn_setup.html">ASF Buildbot svn setup</a></h2>
- <p>Posted on: 2010-03-29 10:25:59+00:00</p>
- <p><p>Here at the ASF we have a subversion setup with all our projects code in one repository, with each of those projects having their own style of trunk/branches/tags/site etc.. This works well for us, but did present us with some initial problems when setting up our Buildbot …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/asf_buildbot_svn_setup.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/new_servers_for_asf_builbot.html">New secondary servers for ASF Buildbot</a></h2>
- <p>Posted on: 2010-03-04 22:03:23+00:00</p>
- <p><p>The ASF Buildbot CI instance has just launched two more secondary servers, expanding the range of platforms it can build and test on.</p>
-<p>Added are servers on the FreeBSD 8 platform (a VM on the Nyx VMware host) and a Solaris Zone.</p>
-<p>Projects are welcome to create an Infra issue …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/new_servers_for_asf_builbot.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/the_asf_ldap_system.html">The ASF LDAP system</a></h2>
- <p>Posted on: 2010-02-22 22:17:39+00:00</p>
- <p><p>When we decided some time ago to start using LDAP for auth{n,z} we had to come up with a sane structure. This is what we have thus far: </p><p> dc=apache,dc=org<br/> | ou=people,dc=apache,dc=org <br/> | ou=groups,dc=apache,dc=org<br/> | ou=people,ou=groups …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/the_asf_ldap_system.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/ldap_svn_coupled_together.html">LDAP, groups and SVN - Coupled together</a></h2>
- <p>Posted on: 2010-02-22 22:03:20+00:00</p>
- <p><p>The infrastructure team have now completed the next stage of the planned LDAP migration.<br/>We have migrated our old SVN authorisation file, and POSIX groups into LDAP data. SVN access control is now managed using these groups.</p><p>This means to change access the Subversion repositories is now as simple as …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/ldap_svn_coupled_together.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/svn_performance_enhancements.html">SVN performance enhancements</a></h2>
- <p>Posted on: 2010-02-17 00:41:04+00:00</p>
- <p><p>Tonight we enabled a pair of Intel X25-M's to serve as <a href="http://blogs.sun.com/brendan/entry/test">l2arc cache</a> for the zfs array which contains all of our svn repositories. Over the next few hours as these SSD's start serving files from cache, the responsiveness and overall performance of svn on eris (our master US-based server …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/svn_performance_enhancements.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/what_can_the_asf_buildbot.html">What can the ASF Buildbot do for your project?</a></h2>
- <p>Posted on: 2009-11-09 13:01:12+00:00</p>
- <p><p>The below information has just been published to the main ASF Buildbot URI <a href="http://ci.apache.org/buildbot.html" title="ASF Buildbot">ci.apache.org/buildbot.html</a>.</p><p>A summary of just some of the things the ASF Buildbot can do for your project:
- </p><ul><li>Perform per commit build & test runs for your project</li><li>Not just svn! - Buildbot can pull in …</li></ul></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/what_can_the_asf_buildbot.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/ddos_mystery_involving_linux_and.html">DDOS mystery involving Linux and mod_ssl</a></h2>
- <p>Posted on: 2009-10-12 01:53:03+00:00</p>
- <p><p>In the first week of October we started getting reports of performance issues, mainly connection timeouts, on all of our services hosted at <a href="https://issues.apache.org" title="https://issues.apache.org/">https://issues.apache.org/</a>. On further inspection we noticed a huge amount of "Browser disconnect" errors in the error log right at the beginning of the ssl …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/ddos_mystery_involving_linux_and.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/apache_org_downtime_report.html">apache.org incident report for 8282009</a></h2>
- <p>Posted on: 2009-09-02 08:56:09+00:00</p>
- <p><p>Last week we <a href="https://blogs.apache.org/infra/entry/apache_org_downtime_initial_report">posted about the security breach</a> that caused us to temporarily suspend some services. All services
-have now been restored. We have analyzed the events that led to the breach, and continued to work on improving the security of our systems.<br/></p>
-<p><strong>NOTE</strong>: At
-no time were any Apache …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/apache_org_downtime_report.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/apache_org_downtime_initial_report.html">apache.org downtime - initial report</a></h2>
- <p>Posted on: 2009-08-28 12:33:19+00:00</p>
- <p><p>This is a short overview of what happened on Friday August 28 2009
-to the apache.org services. A more detailed post will come at a later
-time after we complete the audit of all machines involved.</p><p> On August 27th, starting at
-about 18:00 UTC an account used for …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/apache_org_downtime_initial_report.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/relaying_mail_from_apache_org.html">Relaying mail from apache.org.</a></h2>
- <p>Posted on: 2009-08-01 12:24:57+00:00</p>
- <p><p>One of the more common issues committers face at Apache is in trying to send mail from their apache.org account. We've just made that process a whole lot easier by setting up an SSL-enabled, smtp-auth based mail submission service on people.apache.org port 465; which is compatible with …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/relaying_mail_from_apache_org.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/public_preview_of_drafts_feature.html">Public Preview of Drafts feature added to ASF Roller instance</a></h2>
- <p>Posted on: 2009-07-15 06:59:48+00:00</p>
- <p><hr/>
-**Note**: Until June, 2023, the ASF supported using Apache Roller for project blogs. That support has ended. Please visit <a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a> for more information about blogs for projects.
-<hr/>
-<p>Previously, to be able to preview a draft post by any Roller Blog, one had to be a member user of that …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/public_preview_of_drafts_feature.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/confluence_2_10_migration_for.html">Confluence 2.10 migration for cwiki.a.o 11 July1</a></h2>
- <p>Posted on: 2009-07-07 07:04:25+00:00</p>
- <p><p>
-The ASF Infrastructure Team will be upgrading the Confluence instance powering <a href="http://cwiki.apache.org">http://cwiki.apache.org</a> from Confluence 2.2.9 to <a href="http://confluence.atlassian.com/display/DOC/Confluence%202.10%20Release%20Notes">Confluence 2.10.3</a> on July 11 at 0400 UTC, or July 10 at 2100 PST. The migration is expected to take several hours. <br/><br/>If you haven't already, this …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/confluence_2_10_migration_for.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/it_s_official_we_now.html">It's official, we now have LDAP running!</a></h2>
- <p>Posted on: 2009-05-21 16:01:19+00:00</p>
- <p><p>Earlier this week the Infrastructure team rolled out phase one of the planned LDAP services. </p><p>We are using LDAP for authentication of shell accounts. For now this is the extent of the implementation, however the next phase should follow this quite quickly. </p><p>The next phase will involve moving to LDAP …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/it_s_official_we_now.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/git_at_apache.html">Git support at Apache</a></h2>
- <p>Posted on: 2009-05-03 22:22:57+00:00</p>
- <p><p><a href="http://git-scm.com/">Git</a> is a new version control system that has been getting increasingly popular during the past few years. Many Apache contributors have also expressed interested in using Git for working with Apache codebases. While the canonical location of all Apache source code is our Subversion repository, we also want to …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/git_at_apache.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/new_mailing_list_for_ci.html">New mailing list for CI Build Services</a></h2>
- <p>Posted on: 2009-04-06 09:14:11+00:00</p>
- <p><p>Established today, we now have a dedicated mailing list to talk about and work out all things to do with our build services. Currently infrastructure provides projects with use of Hudson, Continuum, Gump and now we have another option in Buildbot. Buildbot is a new service here at Apache Infrastructure …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/new_mailing_list_for_ci.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/improving_our_subversion_services.html">Improving our Subversion Services</a></h2>
- <p>Posted on: 2009-04-02 20:47:41+00:00</p>
- <p><p>This week the ASF Infrastructure Team deployed one of the first major changes to how <a href="http://svn.apache.org/">svn.apache.org</a> works since it was launched, <a href="http://svn.apache.org/viewvc?view=rev&revision=1">6 years ago</a>.<br/></p><p><a href="http://geo.bitnames.com/"></a>We now distribute Subversion traffic to our servers based on the geographic region of a client.</p><p>We are using <a href="http://geo.bitnames.com/">pgeodns</a>, the same software that …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/improving_our_subversion_services.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/subversion_on_the_fly_replication.html">Subversion on-the-fly Replication Talk</a></h2>
- <p>Posted on: 2009-04-02 17:47:53+00:00</p>
- <p><p>Last week (at ApacheCon 2009 EU) I gave a session talk about "Subversion on-the-fly Replication" and how we (ASF) deployed such an setup last year with in the Apache Software Foundation. So check out the slides if you are interested in how it works, why you should do it, what …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/subversion_on_the_fly_replication.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/ldap_it_s_getting_closer.html">LDAP - It's getting closer</a></h2>
- <p>Posted on: 2009-03-26 16:56:58+00:00</p>
- <p><p>As of this afternoon whilst at <a href="http://www.eu.apachecon.com/c/aceu2009/"><font class="Apple-style-span" face="'times new roman', times, serif">ApacheCon Europe 2009</font></a>, we have gotten our initial LDAP platform in place ready for testing. This will allow us to move to a centralized AAA system. </p>
-</p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/ldap_it_s_getting_closer.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/slow_svn_service_this_week.html">Slow SVN Service This Week</a></h2>
- <p>Posted on: 2009-03-25 18:39:01+00:00</p>
- <p><p>In preparation for upgrading Subversion to the latest version (1.6.0), we are running an svn dump on svn.apache.org. This will chew up enough disk IO to be noticeable to svn users. We expect the dump to finish sometime during this weekend.<br/> </p>
-</p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/slow_svn_service_this_week.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/new_faces_in_infrastructure.html">New faces in Infrastructure</a></h2>
- <p>Posted on: 2009-03-25 02:28:20+00:00</p>
- <p><p>Over the past year the Infrastructure Team has grown to meet new challenges. Here is a list of the new folks on the team:</p><ul><li>Gavin McDonald (gmcdonald)</li><li>Norman Maurer (norman)</li><li>Tony Stevenson (pctony)</li><li>Wendy Smoak (wsmoak)</li><li>Mark Thomas (markt)</li><li>Chris J. Davis (chrisjdavis)</li><li>Jukka Zitting (jukka)</li></ul><p>Congratulate these people on …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/new_faces_in_infrastructure.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
- <!-- Post -->
- <div class="row">
- <div class="callout">
- <article class="post">
- <header>
- <div class="title">
- <h2><a href="/blog/roller_installed_for_use_by.html">Roller installed for use by Apache Projects</a></h2>
- <p>Posted on: 2009-03-23 00:29:41+00:00</p>
- <p><hr/>
-**Note**: Until June, 2023, the ASF supported using Apache Roller for project blogs. That support has ended. Please visit <a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a> for more information about blogs for projects.
-<hr/>
-<p>Roller was installed today for the use of ASF Projects. Those committers with personal blogs should instead add their feed to planet …</p></p>
- <footer>
- <ul class="actions">
- <div style="text-align: right"><a href="/blog/roller_installed_for_use_by.html" class="button medium">Continue Reading</a></div>
- </ul>
- <ul class="stats">
- </ul>
- </footer>
- </article>
- </div>
- </div>
</div>
</div>
diff --git a/output/blog/infra-blogs-has-a-new-home.html b/output/blog/infra-blogs-has-a-new-home.html
new file mode 100644
index 0000000..5669fdd
--- /dev/null
+++ b/output/blog/infra-blogs-has-a-new-home.html
@@ -0,0 +1,103 @@
+<!doctype html>
+<html class="no-js" lang="en" dir="ltr">
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="x-ua-compatible" content="ie=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <title>Infra blogs has a new home - Apache Infrastructure Website</title>
+<link href="/css/bootstrap.min.css" rel="stylesheet">
+<link href="/css/fontawesome.all.min.css" rel="stylesheet">
+<link href="/css/headerlink.css" rel="stylesheet">
+<script src="/highlight/highlight.min.js"></script> </head>
+ <body class="d-flex flex-column h-100">
+ <main class="flex-shrink-0">
+<!-- nav bar -->
+<nav class="navbar navbar-expand-lg navbar-dark bg-dark" aria-label="Fifth navbar example">
+ <div class="container-fluid">
+ <a class="navbar-brand" href="/"><img src="/images/feather.png" style="height: 32px;"/> Apache Infrastructure</a>
+ <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarADP" aria-controls="navbarADP" aria-expanded="false" aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+
+ <div class="collapse navbar-collapse" id="navbarADP">
+ <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">About</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/team.html">About the team</a></li>
+ <li><a class="dropdown-item" href="/roundtable.html">The Infrastructure Roundtable</a></li>
+ <li><a class="dropdown-item" href="/blog/">The Infrastructure Blog</a></li>
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/policies.html">Policies</a>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Services and Tools</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/services.html">Services and Tools</a></li>
+ <li><a class="dropdown-item" href="/machines.html">Machines and Fingerprints</a></li>
+ <li><a class="dropdown-item" href="https://blocky.apache.org/">Blocky</a></li>
+ <li><a class="dropdown-item" href="https://app.datadoghq.com/account/login?next=%2Finfrastructure">DataDog</a></li>
+ <li><a class="dropdown-item" href="https://whimsy.apache.org/roster/committer/" target="_blank">Committer Search</a></li>
+ </ul>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Documentation</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/doc.html">Contribute</a></li>
+ <li><a class="dropdown-item" href="/infra-volunteer.html">Volunteer with Infra</a></li>
+ <li><a class="dropdown-item" href="/how-to-mirror.html">Become an ASF download mirror</a></li>
+ <li><a class="dropdown-item" href="/hosting-external-agent.html">Host a Jenkins or Buildbot agent</a></li>
+
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/stats.html">Status</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/contact.html">Contact Us</a>
+ </li>
+ </ul>
+ </div>
+ </div>
+</nav><!-- breadcrumbs -->
+<div class="card" style="height: 34px;">
+ <nav aria-label="breadcrumb" style="padding-left: 12px; padding-top: 4px;">
+ <ol class="breadcrumb">
+ <li class="breadcrumb-item"><a href="/">Home</a></li>
+
+ <li class="breadcrumb-item active"><a href="/blog/infra-blogs-has-a-new-home.html">
+Infra blogs has a new home </a></li>
+
+ <li class="breadcrumb-item active">(<a href="https://github.com/apache/infrastructure-website/tree/master/content/blog/infra-blogs-has-a-new-home.md">edit</a>)</li>
+
+ </ol>
+ </nav>
+</div>
+
+
+<!-- page contents -->
+<div id="contents">
+ <div class="bg-white p-5 rounded">
+ <div class="col-sm-8 mx-auto">
+ <h1>
+ Infra blogs has a new home
+ </h1>
+ <p>Posted on: 2022-10-24 12:54:00+00:00</p>
+ <p>Just moved posts over from blogs.apache.org/infra. New posts all go through the infrastructure-website repo and it should be as easy as posting some markdown.</p>
+ </div>
+ </div>
+ </div>
+ <!-- footer -->
+ <div class="row">
+ <div class="large-12 medium-12 columns">
+ <p style="font-style: italic; font-size: 0.8rem; text-align: center;">
+ Copyright 2024, <a href="https://www.apache.org/">The Apache Software Foundation</a>, Licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.<br/>
+ Apache® and the Apache feather logo are trademarks of The Apache Software Foundation...
+ </p>
+ </div>
+ </div>
+ <script type="application/ecmascript" src="/js/bootstrap.bundle.min.js" integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3"></script> </main>
+ </body>
+</html>
diff --git a/output/blog/inside-infra-april-2024.html b/output/blog/inside-infra-april-2024.html
new file mode 100644
index 0000000..91db5fc
--- /dev/null
+++ b/output/blog/inside-infra-april-2024.html
@@ -0,0 +1,119 @@
+<!doctype html>
+<html class="no-js" lang="en" dir="ltr">
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="x-ua-compatible" content="ie=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <title>Inside Infra April 2024 - Apache Infrastructure Website</title>
+<link href="/css/bootstrap.min.css" rel="stylesheet">
+<link href="/css/fontawesome.all.min.css" rel="stylesheet">
+<link href="/css/headerlink.css" rel="stylesheet">
+<script src="/highlight/highlight.min.js"></script> </head>
+ <body class="d-flex flex-column h-100">
+ <main class="flex-shrink-0">
+<!-- nav bar -->
+<nav class="navbar navbar-expand-lg navbar-dark bg-dark" aria-label="Fifth navbar example">
+ <div class="container-fluid">
+ <a class="navbar-brand" href="/"><img src="/images/feather.png" style="height: 32px;"/> Apache Infrastructure</a>
+ <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarADP" aria-controls="navbarADP" aria-expanded="false" aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+
+ <div class="collapse navbar-collapse" id="navbarADP">
+ <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">About</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/team.html">About the team</a></li>
+ <li><a class="dropdown-item" href="/roundtable.html">The Infrastructure Roundtable</a></li>
+ <li><a class="dropdown-item" href="/blog/">The Infrastructure Blog</a></li>
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/policies.html">Policies</a>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Services and Tools</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/services.html">Services and Tools</a></li>
+ <li><a class="dropdown-item" href="/machines.html">Machines and Fingerprints</a></li>
+ <li><a class="dropdown-item" href="https://blocky.apache.org/">Blocky</a></li>
+ <li><a class="dropdown-item" href="https://app.datadoghq.com/account/login?next=%2Finfrastructure">DataDog</a></li>
+ <li><a class="dropdown-item" href="https://whimsy.apache.org/roster/committer/" target="_blank">Committer Search</a></li>
+ </ul>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Documentation</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/doc.html">Contribute</a></li>
+ <li><a class="dropdown-item" href="/infra-volunteer.html">Volunteer with Infra</a></li>
+ <li><a class="dropdown-item" href="/how-to-mirror.html">Become an ASF download mirror</a></li>
+ <li><a class="dropdown-item" href="/hosting-external-agent.html">Host a Jenkins or Buildbot agent</a></li>
+
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/stats.html">Status</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/contact.html">Contact Us</a>
+ </li>
+ </ul>
+ </div>
+ </div>
+</nav><!-- breadcrumbs -->
+<div class="card" style="height: 34px;">
+ <nav aria-label="breadcrumb" style="padding-left: 12px; padding-top: 4px;">
+ <ol class="breadcrumb">
+ <li class="breadcrumb-item"><a href="/">Home</a></li>
+
+ <li class="breadcrumb-item active"><a href="/blog/inside-infra-april-2024.html">
+Inside Infra April 2024 </a></li>
+
+ <li class="breadcrumb-item active">(<a href="https://github.com/apache/infrastructure-website/tree/master/content/blog/inside-infra-april-2024.md">edit</a>)</li>
+
+ </ol>
+ </nav>
+</div>
+
+
+<!-- page contents -->
+<div id="contents">
+ <div class="bg-white p-5 rounded">
+ <div class="col-sm-8 mx-auto">
+ <h1>
+ Inside Infra April 2024
+ </h1>
+ <p>Posted on: 2024-04-25 00:00:00+00:00</p>
+ <p>Welcome to <em>Inside Infra</em> for April, 2024.</p>
+<h2>Infra Reporting Dashboard</h2>
+<p>The dashboard, at <a href="https://infra-reports.apache.org/" target="_blank">infra-reports.apache.org</a>, provides a collection of reports on the overall health and activity of the infrastructure at the ASF. These reports can be helpful in understanding the status of all the ASF 'under the hood' resources, and in assessing the resource cost of some activities, like build processes.</p>
+<p>Some of the reports are open to the public, while others are restricted to those who genuinely need them; see the documentation at <a href="https://infra.apache.org/infra-reports.html" target="_blank">infra.apache.org/infra-reports.html</a>.</p>
+<h2>MFA at the ASF</h2>
+<p>Infra is working on policies to cover use of multi-factor authorization (MFA) at The ASF, and tooling to support and enable those policies. The goal is to provide the best-possible security for user accounts at the lowest reasonable level of disruption to work processes.</p>
+<p>The draft of the main MFA policy, with a link to the policy on restoring MFA when someone has lost a key element of it, is available at <a href="https://infra.apache.org/mfa.html" target="_blank">infra.apache.org/mfa.html</a>. </p>
+<p>As we refine the policy and bring the tools to support it online, we will update the policy page. We will make a general announcement when we are close to bringing MFA live for The ASF and its projects.</p>
+<h2>Roundtable</h2>
+<p>There was no April roundtable.</p>
+<p>The May Roundtable will be on Wednesday, May 8, 2024, 1700 UTC. The topic of the day will be "How PMCs can use the STeVe voting tool", with a live demonstration. There will probably also be time for unstructured discussion about other issues and concerns related to infrastructure. </p>
+<p>Info about the roundtables is at <a href="https://infra.apache.org/roundtable.html" target="_blank">infra.apache.org/roundtable.html</a>.</p>
+<h2>Access to the Confluence Wiki</h2>
+<p>To deal with the creation of spammy accounts and risks to ASF and project information on the wiki, we have limited account-creation: committers and ASF members can automatically log in to the ASF Confluence Wiki without creating an account. At the moment people who do not have an ASF LDAP account <strong>cannot</strong> create an account in the wiki.</p>
+<hr/>
+
+<p>The next issue of <em>Inside Infra</em> will appear near the end of May, 2024.</p>
+ </div>
+ </div>
+ </div>
+ <!-- footer -->
+ <div class="row">
+ <div class="large-12 medium-12 columns">
+ <p style="font-style: italic; font-size: 0.8rem; text-align: center;">
+ Copyright 2024, <a href="https://www.apache.org/">The Apache Software Foundation</a>, Licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.<br/>
+ Apache® and the Apache feather logo are trademarks of The Apache Software Foundation...
+ </p>
+ </div>
+ </div>
+ <script type="application/ecmascript" src="/js/bootstrap.bundle.min.js" integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3"></script> </main>
+ </body>
+</html>
diff --git a/output/blog/inside-infra-february-2024.html b/output/blog/inside-infra-february-2024.html
new file mode 100644
index 0000000..55ee9e2
--- /dev/null
+++ b/output/blog/inside-infra-february-2024.html
@@ -0,0 +1,140 @@
+<!doctype html>
+<html class="no-js" lang="en" dir="ltr">
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="x-ua-compatible" content="ie=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <title>Inside Infra February 2024 - Apache Infrastructure Website</title>
+<link href="/css/bootstrap.min.css" rel="stylesheet">
+<link href="/css/fontawesome.all.min.css" rel="stylesheet">
+<link href="/css/headerlink.css" rel="stylesheet">
+<script src="/highlight/highlight.min.js"></script> </head>
+ <body class="d-flex flex-column h-100">
+ <main class="flex-shrink-0">
+<!-- nav bar -->
+<nav class="navbar navbar-expand-lg navbar-dark bg-dark" aria-label="Fifth navbar example">
+ <div class="container-fluid">
+ <a class="navbar-brand" href="/"><img src="/images/feather.png" style="height: 32px;"/> Apache Infrastructure</a>
+ <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarADP" aria-controls="navbarADP" aria-expanded="false" aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+
+ <div class="collapse navbar-collapse" id="navbarADP">
+ <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">About</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/team.html">About the team</a></li>
+ <li><a class="dropdown-item" href="/roundtable.html">The Infrastructure Roundtable</a></li>
+ <li><a class="dropdown-item" href="/blog/">The Infrastructure Blog</a></li>
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/policies.html">Policies</a>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Services and Tools</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/services.html">Services and Tools</a></li>
+ <li><a class="dropdown-item" href="/machines.html">Machines and Fingerprints</a></li>
+ <li><a class="dropdown-item" href="https://blocky.apache.org/">Blocky</a></li>
+ <li><a class="dropdown-item" href="https://app.datadoghq.com/account/login?next=%2Finfrastructure">DataDog</a></li>
+ <li><a class="dropdown-item" href="https://whimsy.apache.org/roster/committer/" target="_blank">Committer Search</a></li>
+ </ul>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Documentation</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/doc.html">Contribute</a></li>
+ <li><a class="dropdown-item" href="/infra-volunteer.html">Volunteer with Infra</a></li>
+ <li><a class="dropdown-item" href="/how-to-mirror.html">Become an ASF download mirror</a></li>
+ <li><a class="dropdown-item" href="/hosting-external-agent.html">Host a Jenkins or Buildbot agent</a></li>
+
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/stats.html">Status</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/contact.html">Contact Us</a>
+ </li>
+ </ul>
+ </div>
+ </div>
+</nav><!-- breadcrumbs -->
+<div class="card" style="height: 34px;">
+ <nav aria-label="breadcrumb" style="padding-left: 12px; padding-top: 4px;">
+ <ol class="breadcrumb">
+ <li class="breadcrumb-item"><a href="/">Home</a></li>
+
+ <li class="breadcrumb-item active"><a href="/blog/inside-infra-february-2024.html">
+Inside Infra February 2024 </a></li>
+
+ <li class="breadcrumb-item active">(<a href="https://github.com/apache/infrastructure-website/tree/master/content/blog/inside-infra-february-2024.md">edit</a>)</li>
+
+ </ol>
+ </nav>
+</div>
+
+
+<!-- page contents -->
+<div id="contents">
+ <div class="bg-white p-5 rounded">
+ <div class="col-sm-8 mx-auto">
+ <h1>
+ Inside Infra February 2024
+ </h1>
+ <p>Posted on: 2024-02-20 00:00:00+00:00</p>
+ <p><em>Hello, all!</em></p>
+<h2>Newsletter name</h2>
+<p>Our very unscientific poll showed that "Inside Infra" has the most support as a name for this newsletter, so that is what we shall be. </p>
+<p><strong>Note</strong>: in 2020 the main ASF blog published a series of interviews with Infra team members also called "Inside Infra". Links to the interviews are available at <a href="https://cwiki.apache.org/confluence/display/INFRA/The+Infrastructure+team" target="_blank">The Infrastructure team</a>.</p>
+<h2>2023 year-end survey</h2>
+<p>We held our second annual year-end survey and got a lot of participation. Overall satisfaction with Infra's work seems high, but there were also a series of very useful suggestions and ideas. This newsletter, in fact, is a response to one of the suggestions.</p>
+<p>The survey summary is on our <a href="https://infra.apache.org/blog/2023%20Infra%20Survey%20Results.html" target="_blank">blog</a>.</p>
+<h2>Roundtable summary</h2>
+<p>The February Roundtable focused on Keycloak and related security issues but, as is often the case, conversation also moved usefully into several other areas and concerns, including:</p>
+<ul>
+<li>There is concern that it is difficult to find a link to Infra's website, or even know that it exists, from the main ASF website.</li>
+<li>A suggestion to develop project-level security groups for GitHub Issues, based on roles.</li>
+<li>There should be a CalDev service that would support an events calendar for each project that wants one.</li>
+<li>There was discussion of trying to find a forum solution that could in time replace the requirement for email-based conversation threads for project decisions.</li>
+<li>The summary of the conversation is on the Infra Confluence wiki.</li>
+</ul>
+<p>The next Infra Roundtable will be <strong>March 6, 2024 1700 UTC</strong>. The main topic, before the suggestions start to fly, will be <strong>improving automated testing</strong>.</p>
+<p>Of note: Develocity is hoping to roll out predictive test / flaky test analysis, to help projects improve their test suites so they generate more reliable results.</p>
+<p>Information on how the roundtables work, and how to join in, is at <a href="https://infra.apache.org/roundtable.html" target="_blank">infra.apache.org/roundtable.html</a>.</p>
+<h2>.asf.yaml info available</h2>
+<p>.asf.yaml is an important tool in managing project websites and other services. It is a branch-specific configuration file that a project may create and put in the root of a Git repository to control features such as</p>
+<ul>
+<li>notification schemes</li>
+<li>website staging</li>
+<li>GitHub settings</li>
+<li>Pelican builds</li>
+</ul>
+<p>The documentation for .asf.yaml was on the Infra Cwiki, but is now is in its repository's README file: <a href="https://github.com/apache/infrastructure-asfyaml/blob/main/README.md" target="_blank">github.com/apache/infrastructure-asfyaml/blob/main/README.md</a>.</p>
+<h2>Self-serve and wiki accounts</h2>
+<p>An addition to the Apache self-serve tool will let a user request a Cwiki account. The request goes for approval to the project the user specifies. The project can also grant the user write access, should that be desired.</p>
+<p>This feature is not yet available, but is coming soon.</p>
+<h2>Delivery issues with Gmail</h2>
+<p>If you are subscribed to an ASF mailing list with a Gmail account, you may experience missing list mail. This is due to changes Google made that cause rejection of ASF mailing list mail to Gmail addresses. Infra is currently investigating this issue.</p>
+<p>If you or your project experience this, Infra has a workaround which we can apply to your mailing list, but some messages may
+still be rejected.</p>
+<h2>Excellent questions</h2>
+<p>Some of the best stuff Infra does has evolved from project members' questions and suggestions. If you have an infrastructure-related question, feel free to ask it on the <code>users@infra.apache.org</code> email list. We may share your question, and our answer to it, in a coming newslette</p>
+<p><em>That's it until next month!</em></p>
+ </div>
+ </div>
+ </div>
+ <!-- footer -->
+ <div class="row">
+ <div class="large-12 medium-12 columns">
+ <p style="font-style: italic; font-size: 0.8rem; text-align: center;">
+ Copyright 2024, <a href="https://www.apache.org/">The Apache Software Foundation</a>, Licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.<br/>
+ Apache® and the Apache feather logo are trademarks of The Apache Software Foundation...
+ </p>
+ </div>
+ </div>
+ <script type="application/ecmascript" src="/js/bootstrap.bundle.min.js" integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3"></script> </main>
+ </body>
+</html>
diff --git a/output/blog/inside-infra-march-2024.html b/output/blog/inside-infra-march-2024.html
new file mode 100644
index 0000000..0f59ddd
--- /dev/null
+++ b/output/blog/inside-infra-march-2024.html
@@ -0,0 +1,126 @@
+<!doctype html>
+<html class="no-js" lang="en" dir="ltr">
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="x-ua-compatible" content="ie=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <title>Inside Infra March 2024 - Apache Infrastructure Website</title>
+<link href="/css/bootstrap.min.css" rel="stylesheet">
+<link href="/css/fontawesome.all.min.css" rel="stylesheet">
+<link href="/css/headerlink.css" rel="stylesheet">
+<script src="/highlight/highlight.min.js"></script> </head>
+ <body class="d-flex flex-column h-100">
+ <main class="flex-shrink-0">
+<!-- nav bar -->
+<nav class="navbar navbar-expand-lg navbar-dark bg-dark" aria-label="Fifth navbar example">
+ <div class="container-fluid">
+ <a class="navbar-brand" href="/"><img src="/images/feather.png" style="height: 32px;"/> Apache Infrastructure</a>
+ <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarADP" aria-controls="navbarADP" aria-expanded="false" aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+
+ <div class="collapse navbar-collapse" id="navbarADP">
+ <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">About</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/team.html">About the team</a></li>
+ <li><a class="dropdown-item" href="/roundtable.html">The Infrastructure Roundtable</a></li>
+ <li><a class="dropdown-item" href="/blog/">The Infrastructure Blog</a></li>
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/policies.html">Policies</a>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Services and Tools</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/services.html">Services and Tools</a></li>
+ <li><a class="dropdown-item" href="/machines.html">Machines and Fingerprints</a></li>
+ <li><a class="dropdown-item" href="https://blocky.apache.org/">Blocky</a></li>
+ <li><a class="dropdown-item" href="https://app.datadoghq.com/account/login?next=%2Finfrastructure">DataDog</a></li>
+ <li><a class="dropdown-item" href="https://whimsy.apache.org/roster/committer/" target="_blank">Committer Search</a></li>
+ </ul>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Documentation</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/doc.html">Contribute</a></li>
+ <li><a class="dropdown-item" href="/infra-volunteer.html">Volunteer with Infra</a></li>
+ <li><a class="dropdown-item" href="/how-to-mirror.html">Become an ASF download mirror</a></li>
+ <li><a class="dropdown-item" href="/hosting-external-agent.html">Host a Jenkins or Buildbot agent</a></li>
+
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/stats.html">Status</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/contact.html">Contact Us</a>
+ </li>
+ </ul>
+ </div>
+ </div>
+</nav><!-- breadcrumbs -->
+<div class="card" style="height: 34px;">
+ <nav aria-label="breadcrumb" style="padding-left: 12px; padding-top: 4px;">
+ <ol class="breadcrumb">
+ <li class="breadcrumb-item"><a href="/">Home</a></li>
+
+ <li class="breadcrumb-item active"><a href="/blog/inside-infra-march-2024.html">
+Inside Infra March 2024 </a></li>
+
+ <li class="breadcrumb-item active">(<a href="https://github.com/apache/infrastructure-website/tree/master/content/blog/inside-infra-march-2024.md">edit</a>)</li>
+
+ </ol>
+ </nav>
+</div>
+
+
+<!-- page contents -->
+<div id="contents">
+ <div class="bg-white p-5 rounded">
+ <div class="col-sm-8 mx-auto">
+ <h1>
+ Inside Infra March 2024
+ </h1>
+ <p>Posted on: 2024-03-23 00:00:00+00:00</p>
+ <p>Welcome to <strong>Inside Infra</strong> for March, 2024.</p>
+<h3>Policy change on use of GitHub Actions</h3>
+<p>Due to misconfigurations in their builds, some projects have been using unsupportable numbers of GitHub Actions. As part of fixing this situation, Infra has added a 'resource use' section to the policy on GitHub Actions. This section of the policy will come into effect on <strong>April 20, 2024</strong>:</p>
+<ul>
+<li>All workflows MUST have a job concurrency level less than or equal to 20. This means a workflow cannot have more than 20 jobs running at the same time across all matrices.</li>
+<li>All workflows SHOULD have a job concurrency level less than or equal to 15. Just because 20 is the max, doesn't mean you should strive for 20.</li>
+<li>The average number of minutes a project uses per calendar week MUST NOT exceed the equivalent of 25 full-time runners (250,000 minutes, or 4,200 hours).</li>
+<li>The average number of minutes a project uses in any consecutive five-day period MUST NOT exceed the equivalent of 30 full-time runners (216,000 minutes, or 3,600 hours).</li>
+<li>Projects whose builds consistently cross the maximum use limits will lose their access to GitHub Actions until they fix their build configurations.</li>
+</ul>
+<p>The full policy is at <a href="https://infra.apache.org/github-actions-policy.html" target="_blank">https://infra.apache.org/github-actions-policy.html</a>.</p>
+<h3>Roundtable summary</h3>
+<p>In the Roundtable of March 3, 2024, Clay Johnson of Gradle outlined the testing features that come with Develocity, focussing on their use with Gradle and Maven. For instance:</p>
+<ul>
+<li>The build scan gives insights into what goes on in a build, and can help a project quickly focus on tests that are failing or flaky, and address related code issues.</li>
+<li>Predictive test selection can speed up certain types of builds by skipping the tests that are not relevant to the build.</li>
+</ul>
+<p>A fuller summary of this discussion, and conversation about GitHub Runners and other topics, is at <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable+2024-03-06%2C+17%3A00+UTC" target="_blank">https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable+2024-03-06%2C+17%3A00+UTC</a>, and is available to ASF Members and Committers.</p>
+<p><strong>Note</strong>: There will be <strong>no April 2024 Roundtable</strong>. The series will resume in May.</p>
+<h3>The end of Apache Paste Bucket?</h3>
+<p>In 2013 Infra rolled out Apache Paste Bucket (<code>http://paste.apache.org/</code>). In a blog entry at the time, we described it as an "ASF-driven site for posting snippets, scripts, logging output, configurations and much more and sharing them with the world."</p>
+<p>The tool has seen some use over the past decade, but has had very little traffic in the last couple of years. To keep Apache Paste Bucket available, the code would require a significant upgrade. Unless we hear that the tool is important to some part of the ASF community, we plan to shut down Apache Paste in the near future.</p>
+<hr/>
+<p>The next newsletter will appear toward the end of April, 2024.</p>
+ </div>
+ </div>
+ </div>
+ <!-- footer -->
+ <div class="row">
+ <div class="large-12 medium-12 columns">
+ <p style="font-style: italic; font-size: 0.8rem; text-align: center;">
+ Copyright 2024, <a href="https://www.apache.org/">The Apache Software Foundation</a>, Licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.<br/>
+ Apache® and the Apache feather logo are trademarks of The Apache Software Foundation...
+ </p>
+ </div>
+ </div>
+ <script type="application/ecmascript" src="/js/bootstrap.bundle.min.js" integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3"></script> </main>
+ </body>
+</html>
diff --git a/output/blog/the-infra-newsletter-january-2024.html b/output/blog/the-infra-newsletter-january-2024.html
new file mode 100644
index 0000000..2467f9b
--- /dev/null
+++ b/output/blog/the-infra-newsletter-january-2024.html
@@ -0,0 +1,120 @@
+<!doctype html>
+<html class="no-js" lang="en" dir="ltr">
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="x-ua-compatible" content="ie=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <title>The Infra Newsletter January 2024 - Apache Infrastructure Website</title>
+<link href="/css/bootstrap.min.css" rel="stylesheet">
+<link href="/css/fontawesome.all.min.css" rel="stylesheet">
+<link href="/css/headerlink.css" rel="stylesheet">
+<script src="/highlight/highlight.min.js"></script> </head>
+ <body class="d-flex flex-column h-100">
+ <main class="flex-shrink-0">
+<!-- nav bar -->
+<nav class="navbar navbar-expand-lg navbar-dark bg-dark" aria-label="Fifth navbar example">
+ <div class="container-fluid">
+ <a class="navbar-brand" href="/"><img src="/images/feather.png" style="height: 32px;"/> Apache Infrastructure</a>
+ <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarADP" aria-controls="navbarADP" aria-expanded="false" aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+
+ <div class="collapse navbar-collapse" id="navbarADP">
+ <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">About</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/team.html">About the team</a></li>
+ <li><a class="dropdown-item" href="/roundtable.html">The Infrastructure Roundtable</a></li>
+ <li><a class="dropdown-item" href="/blog/">The Infrastructure Blog</a></li>
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/policies.html">Policies</a>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Services and Tools</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/services.html">Services and Tools</a></li>
+ <li><a class="dropdown-item" href="/machines.html">Machines and Fingerprints</a></li>
+ <li><a class="dropdown-item" href="https://blocky.apache.org/">Blocky</a></li>
+ <li><a class="dropdown-item" href="https://app.datadoghq.com/account/login?next=%2Finfrastructure">DataDog</a></li>
+ <li><a class="dropdown-item" href="https://whimsy.apache.org/roster/committer/" target="_blank">Committer Search</a></li>
+ </ul>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" data-bs-toggle="dropdown" aria-expanded="false">Documentation</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item" href="/doc.html">Contribute</a></li>
+ <li><a class="dropdown-item" href="/infra-volunteer.html">Volunteer with Infra</a></li>
+ <li><a class="dropdown-item" href="/how-to-mirror.html">Become an ASF download mirror</a></li>
+ <li><a class="dropdown-item" href="/hosting-external-agent.html">Host a Jenkins or Buildbot agent</a></li>
+
+ </ul>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/stats.html">Status</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link" href="/contact.html">Contact Us</a>
+ </li>
+ </ul>
+ </div>
+ </div>
+</nav><!-- breadcrumbs -->
+<div class="card" style="height: 34px;">
+ <nav aria-label="breadcrumb" style="padding-left: 12px; padding-top: 4px;">
+ <ol class="breadcrumb">
+ <li class="breadcrumb-item"><a href="/">Home</a></li>
+
+ <li class="breadcrumb-item active"><a href="/blog/the-infra-newsletter-january-2024.html">
+The Infra Newsletter January 2024 </a></li>
+
+ <li class="breadcrumb-item active">(<a href="https://github.com/apache/infrastructure-website/tree/master/content/blog/the-infra-newsletter-january-2024.md">edit</a>)</li>
+
+ </ol>
+ </nav>
+</div>
+
+
+<!-- page contents -->
+<div id="contents">
+ <div class="bg-white p-5 rounded">
+ <div class="col-sm-8 mx-auto">
+ <h1>
+ The Infra Newsletter January 2024
+ </h1>
+ <p>Posted on: 2024-01-20 00:00:00+00:00</p>
+ <p>Hi, all!</p>
+<p>Someone who responded to our annual survey (see below) suggested that we start a newsletter to share developments and other news. The suggester thought we should send it to the <code>dev@</code> list of every PMC and PPMC, but we are going to start with a more limited distribution and see if the benefit to readers outweighs the additional email traffic. If you would like to get each issue in your email inbox, make sure you are subscribed to <code>users@infra.apache.org</code>.</p>
+<p>The complete text of each month's newsletter appears here on the Infra blog.</p>
+<p>Expect to see a new installment of the newsletter toward the end of each month. If you have suggestions, please share them in an email to <code>users@infra.apache.org</code>.</p>
+<h2>The Infra year-end survey</h2>
+<p>As we start 2024, we're using a survey to review infrastructure developments and plans for the ASF. We will compile responses into an anonymized report to share with the whole ASF community and to provide the Infrastructure team with insights that may help us improve our work in the new year. </p>
+<p>If you have not had a chance to fill out the survey yet, <a href="https://forms.gle/rQwYykCuP3Z1ij5Z9" target="_blank">it is here</a>. It will be active until <strong>February 2, 2024</strong>.</p>
+<h2>The Infra Roundtable</h2>
+<p>Last year the Infrastructure team started holding monthly <strong>Roundtable</strong> meetings, in response to requests for a way to discuss infrastructure issues and initiatives. In 2023, we held ten such meetings, usually on the first Wednesday of each month. One meeting was face-to-face, as a part of Community Over Code North America.</p>
+<p>Although an Infra member generally makes a brief presentation on some topic, this is not the sort of gathering where we talk and talk and you meekly listen. We enjoy hearing insights from all across the ASF universe, and some very good ideas have emerged from Roundtable meetings and become part of Infra's work plan.</p>
+<p>The roundtables last an hour and take place in a huddle in the Infra channel in the Apache space on Slack. Instructions on how to join the roundtables are at <a href="https://infra.apache.org/roundtable.html" target="_blank">infra.apache.org/roundtable.html</a>.</p>
+<p>Links to summaries of all meetings are at <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable" target="_blank">cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable</a>.</p>
+<p>The next Roundtable will be <strong>Wednesday, February 7, 2024 1700 UTC</strong>, and we will focus on <a href="https://www.keycloak.org" target="_blank">Keycloak</a> and two factor authentication.</p>
+<h2>Infra and conferences in 2024</h2>
+<p>While Infra will be taking part in both <strong>Community over Code</strong> (CoC) <strong>Europe</strong> and <strong>CoC North America</strong> in 2024, we will not be able to send team members to <strong>CoC Asia</strong>. It would be great if anyone attending could pass on to us, by email or through our Slack channel, insights or issues discussed at the conference that are relevant to Infra.</p>
+<h2>What's in a name?</h2>
+<p>What should we call this thing? "The Infra Newsletter" is straightforward, but maybe not all that catchy. "Infractions", while being a cute mashup of "Infra" and "actions", may not be clear to readers for whom English is not their best language.</p>
+<p>Use <a href="https://forms.gle/TCEDGdE9VHM45CGJA" target="_blank">this link</a> to vote for a name you prefer for the Infra newsletter: The poll is on Google Drive, but you do not have to log in to use it. The poll will stay open until <strong>February 5, 2024</strong>.</p>
+ </div>
+ </div>
+ </div>
+ <!-- footer -->
+ <div class="row">
+ <div class="large-12 medium-12 columns">
+ <p style="font-style: italic; font-size: 0.8rem; text-align: center;">
+ Copyright 2024, <a href="https://www.apache.org/">The Apache Software Foundation</a>, Licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.<br/>
+ Apache® and the Apache feather logo are trademarks of The Apache Software Foundation...
+ </p>
+ </div>
+ </div>
+ <script type="application/ecmascript" src="/js/bootstrap.bundle.min.js" integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3"></script> </main>
+ </body>
+</html>
diff --git a/output/bug-writing-guide.html b/output/bug-writing-guide.html
index 6feb72e..1c5b120 100644
--- a/output/bug-writing-guide.html
+++ b/output/bug-writing-guide.html
@@ -82,9 +82,11 @@
<li><a href="#followup">Following up</a></li>
</ul>
<h2 id="overview">Bug reporting<a class="headerlink" href="#overview" title="Permanent link">¶</a></h2>
+
<p>When you run into an issue with ASF instrastructure, with the software one of the ASF projects produces, or with an ASF-related website, you may be the first person to have noticed the issue. If so, you should report it. The people responsible for the thing that has a bug or other issue will be happy to know about the problem so they can fix it before more people run into it.</p>
<p>For the purposes of this discussion, we'll call any issue, from a calculation error in a function to a punctuation error on a web page, a "bug". Something that you would like to see added to an application or a website to make it better would be an "enhancement request". Both are useful; we are looking at bugs here.</p>
<h2 id="systems">Bug-tracking systems<a class="headerlink" href="#systems" title="Permanent link">¶</a></h2>
+
<p>ASF has two bug-tracking systems:</p>
<ul>
<li><a href="https://issues.apache.org/jira/" target="_blank">Jira</a></li>
@@ -93,10 +95,12 @@
<p>Infra itself uses Jira. To submit a ticket for Infra, search for the INFRA project.</p>
<p>Projects can use either system, or some other method of tracking bugs. If the bug you found is in a project's application or website, you need to find out where that project wants to hear about it. If you cannot find the project in either Jira or Bugzilla, ask for advice on the project's <code>dev@</code> or <code>users@</code> mailing list.</p>
<h2 id="newbug">Is this a new bug?<a class="headerlink" href="#newbug" title="Permanent link">¶</a></h2>
+
<p>Before spending the time filing a bug report, it's useful to check whether a report about the bug you found already exists. If so, you can add comments or additional information to the existing report.</p>
<p>Infra maintains several real-time <a href="stats.html">status pages</a>. If the infrastructure issue you ran into is reported on one of these pages, Infra already knows about it.</p>
<p>If what you found seems to be a new bug, you get to report it!</p>
<h2 id="useful">A useful bug report<a class="headerlink" href="#useful" title="Permanent link">¶</a></h2>
+
<p>Useful bug reports get bugs fixed. A useful bug report is usually:</p>
<ul>
<li>Reproducible. If a developer or sysadmin can't see it or conclusively prove that it exists, they may stamp it "WORKSFORME" or "INVALID", and move on to the next bug. Every detail you can provide helps.</li>
@@ -124,11 +128,12 @@
<h3>What not to include</h3>
<p>Adding editorial comments ("what sort of idiot would release a product with such a bug?") is worse than useless. It sets you up as a critic rather than a partner to the people whose help you need.</p>
<h2 id="blocked">If your report or comment gets blocked<a class="headerlink" href="#blocked" title="Permanent link">¶</a></h2>
+
<p>Infra uses various tools and techniques to prevent spammers from posting material on Jira. If your new bug report, or comment on an existing report, gets blocked, <a href="contact.html">contact Infra</a> so we can resolve the issue and fine-tune our spam filters.</p>
<h2 id="followup">Following up<a class="headerlink" href="#followup" title="Permanent link">¶</a></h2>
+
<p>In either bug tracking system you can arrange to get updates whenever the status of the bug report changes. If you are reporting by email and want to get updates sent to one or more email addresses, specify them.</p>
<p><em>Based on contributions from Eli Goldberg, Claudius Gayle, Peter Mock, Chris Pratt, Tom Schutter, and Chris Yeh.</em></p>
-
</div>
</div>
</div>
diff --git a/output/build-supported-services.html b/output/build-supported-services.html
index c0fe3e5..eb466ce 100644
--- a/output/build-supported-services.html
+++ b/output/build-supported-services.html
@@ -90,6 +90,7 @@
<li><a href="#sonarcloud">Sonarcloud</a></li>
</ul>
<h2 id="jenkins">Jenkins<a class="headerlink" href="#jenkins" title="Permanent link">¶</a></h2>
+
<p>Infra operates a Cloudbees Core cluster comprising a single <a href="https://jenkins-ccos.apache.org/" target="_blank">Operations Center</a> and several Controllers. These comprise a shared Controller <a href="https://ci-builds.apache.org/" target="_blank">ci-builds instance</a> which many projects share, and some individual project Controllers (listed on the main Operations Center <a href="https://jenkins-ccos.apache.org/job/controllers" target="_blank">Controllers</a> page).</p>
<h4>Access control</h4>
<p>Jenkins is LDAP enabled and so all ASF Committers have login access. Project level access is then applied at a Controller level for the project Controllers and at a
@@ -100,12 +101,13 @@
<h4>More information</h4>
<p>The Infra Confluence wiki space has <a href="https://cwiki.apache.org/confluence/display/INFRA/Jenkins" target="_blank">more information about Jenkins</a>.</p>
<h2 id="buildbot">Buildbot<a class="headerlink" href="#buildbot" title="Permanent link">¶</a></h2>
+
<p>ASF Infra runs an instance of the open source Buildbot software. Buildbot runs on a single controller and hosts many Ubuntu and Windows nodes, or 'workers' in current Buildbot terminology.</p>
<h4>Adding/configuring Buildbot jobs</h4>
<p>Projects can add/edit/remove their configuration files via Subversion or Git.</p>
<ul>
-<li><a href="https://svn.apache.org/repos/infra/infrastructure/buildbot2/projects" target="_blank">Subversion</a></li>
-<li><a href="https://github.com/apache/infrastructure-bb2" target="_blank">Git/GitHub</a></li>
+<li><a href="https://svn.apache.org/repos/infra/infrastructure/buildbot2/projects" target="_blank">Subversion</a> </li>
+<li><a href="https://github.com/apache/infrastructure-bb2" target="_blank">Git/GitHub</a> </li>
</ul>
<p>Use the standard naming <code>$projectname.py</code> for your config file. You may place multiple build jobs in this file.</p>
<p>Once committed, changes should be picked up automatically.
@@ -118,6 +120,7 @@
<h4>More Information</h4>
<p>The Infra Confluence wiki has <a href="https://cwiki.apache.org/confluence/display/INFRA/Buildbot" target="_blank">more about Buildbot</a>.</p>
<h2 id="gump">Apache Gump<a class="headerlink" href="#gump" title="Permanent link">¶</a></h2>
+
<p>The <a href="https://gump.apache.org/" target="_blank">Apache Gump project</a> runs <a href="http://vmgump.apache.org/" target="_blank">this instance</a>. Projects are welcome to ask them directly for access.</p>
<p>Gump is a cross-project continuous integration server. It is different from the "usual" CI servers in that it expects the individual project builds to succeed;
its purpose is to check the integration of a project with the latest code rather than with a fixed version of the project's dependencies. If you want a more
@@ -125,8 +128,9 @@
<p>Use Gump if you want to know when a change in your dependencies breaks your project or when your changes have broken other projects.</p>
<p>Gump is written in Python and supports several build tools (including shell scripts, GNU make, Ant, Maven and NAnt) and version control systems
(svn, CVS, git, bzr, hg, darcs and Perforce). The Apache installation of Gump builds many ASF projects and their dependencies.</p>
-<p>Gump started in the Java part of the Foundation but also builds projects like APR, HTTPd and log4net.</p>
+<p>Gump started in the Java part of the Foundation but also builds projects like APR, HTTPd and log4net. </p>
<h2 id="gha">GitHub Actions<a class="headerlink" href="#gha" title="Permanent link">¶</a></h2>
+
<p>The ASF supports and recommends the use of GitHub Actions (GHA).</p>
<h4>Integrations</h4>
<p>Infra makes use of an 'allow' list to allow Marketplace actions for your workflows. File an Infra Jira ticket if you need to have one added
@@ -137,6 +141,7 @@
<h4>More information</h4>
<p>In addition to the official GitHub documentation, Infra has placed some <a href="https://infra.apache.org/github-actions-secrets.html" target="_blank">notes</a> on a Confluence wiki page.</p>
<h2 id="artifactory">Artifactory<a class="headerlink" href="#artifactory" title="Permanent link">¶</a></h2>
+
<p>The folks at Jfrog provide us an <a href="https://apache.jfrog.io/" target="_blank">instance of Artifactory</a> for all ASF projects to use. Projects are free to publish debs, rpms, Helm Charts and more. Use a Jira ticket to ask Infra to set up the project's initial repository type.</p>
<h4>Access Control</h4>
<p>Access is via LDAP credentials. Infra needs to set up the project's initial repository/group access.</p>
@@ -145,6 +150,7 @@
<h4>More information</h4>
<p>A <a href="https://cwiki.apache.org/confluence/display/INFRA/Artifactory" target="_blank">Confluence wiki page</a> will soon contain some more Artifactory information.</p>
<h2 id="nexus">Nexus<a class="headerlink" href="#nexus" title="Permanent link">¶</a></h2>
+
<p>The ASF has a Nexus instance at <a href="https://repository.apache.org/" target="_blank">repository.apache.org</a> , maintained by the Maven community in conjunction with people from Sonatype.</p>
<h4>Access control</h4>
<p>The instance has committer-only access to push to staging and to snapshots via their LDAP credentials, and promotion from staging to release. Once released, the artifacts get synced over to <a href="https://repo.maven.apache.org/maven2/" target="_blank">Maven Central</a>.</p>
@@ -155,8 +161,9 @@
<h4>More information</h4>
<p>See <a href="https://infra.apache.org/publishing-maven-artifacts.html">Publishing Maven artifacts</a>.</p>
<h2 id="nightlies">Nightlies<a class="headerlink" href="#nightlies" title="Permanent link">¶</a></h2>
-Infra runs a server at <a href="https://nightlies.apache.org/" target="_blank">nightlies.apache.org</a> where projects can store various build output such as snapshot builds, versioned website documentation, artifacts (jars, etc.), and apidocs. Jenkins, Buildbot and GitHub Actions all integrate with nightlies. Committers also have PUT access via their LDAP credentials.
+<p>Infra runs a server at <a href="https://nightlies.apache.org/" target="_blank">nightlies.apache.org</a> where projects can store various build output such as snapshot builds, versioned website documentation, artifacts (jars, etc.), and apidocs. Jenkins, Buildbot and GitHub Actions all integrate with nightlies. Committers also have PUT access via their LDAP credentials.</p>
<h2 id="dockerhub">DockerHub<a class="headerlink" href="#dockerhub" title="Permanent link">¶</a></h2>
+
<p>The ASF has an 'apache' account at <a href="https://hub.docker.com/orgs/apache" target="_blank">DockerHub</a> for all projects to use.</p>
<h4>Access control</h4>
<p>Committers need to sign up for a personal account, then create a Jira ticket asking Infra to set up their access. The ticket should state</p>
@@ -175,9 +182,10 @@
<li><a href="https://cwiki.apache.org/confluence/display/INFRA/Jenkins+and+Dockerhub" target="_blank">Jenkins and Dockerhub</a></li>
</ul>
<h2 id="gradle">Gradle Enterprise<a class="headerlink" href="#gradle" title="Permanent link">¶</a></h2>
-Gradle is a suite of acceleration and analytics technologies for CI/CD systems to help projects identify and analyze trends while optimizing build resources. The result is faster builds, with fewer failures, The ASF instance of Gradle enterprise is at <a href="https://ge.apache.org/" target="_blank">ge.apache.org</a>.
+<p>Gradle is a suite of acceleration and analytics technologies for CI/CD systems to help projects identify and analyze trends while optimizing build resources. The result is faster builds, with fewer failures, The ASF instance of Gradle enterprise is at <a href="https://ge.apache.org/" target="_blank">ge.apache.org</a>.</p>
<p>More information is available at the <a href="gradle.html">Gradle page</a>.</p>
<h2 id="sonarcloud">Sonarcloud<a class="headerlink" href="#sonarcloud" title="Permanent link">¶</a></h2>
+
<p>The ASF has an 'apache' account at <a href="https://sonarcloud.io/organizations/apache" target="_blank">sonarcloud.io</a> where projects can have their code analyzed.</p>
<h4>Access control</h4>
<p>Committers must log in to Sonarcloud with their GitHub ID. In addition you must have your ASF account and your GitHub accounts linked so that you then
@@ -186,7 +194,6 @@
<p>The ASF has auth tokens available under a role account for use via GHA and Jenkins.</p>
<h4>More information</h4>
<p><a href="https://cwiki.apache.org/confluence/display/INFRA/SonarCloud+for+ASF+projects" target="_blank">SonarCloud for ASF projects</a></p>
-
</div>
</div>
</div>
diff --git a/output/committer-email.html b/output/committer-email.html
index 8206139..9cbc309 100644
--- a/output/committer-email.html
+++ b/output/committer-email.html
@@ -76,7 +76,7 @@
<p>Every Apache project committer account has an associated apache.org email address. Some official Apache emails go to these addresses, so you need to check your apache.org email regularly for announcements. You can also use this address for correspondence related to ASF projects you work on.</p>
<p>You cannot work <strong>directly</strong> with your Apache email address. You must set up <strong>forwarding</strong> for this address. Then, when people write to your ASF address, the system forwards the email to your forwarding address. When you reply, the message goes back through the ASF system so the person you are writing with sees it come from your ASF address. See below for how to write a new email from your ASF address.</p>
<h2>Configuring your Apache email address</h2>
-<p>When Infra creates your committer account, it sets the forwarding email address, or alias, to the address you provided in the account request and, typically, in the <a href="https://www.apache.org/licenses/icla.pdf" target="_blank">Independent Contributor Licensing Agreement (ICLA)</a> you provided. Keep your forwarding address (or addresses) up to date.</p>
+<p>When Infra creates your committer account, it sets the forwarding email address, or alias, to the address you provided in the account request and, typically, in the <a href="https://www.apache.org/licenses/icla.pdf" target="_blank">Independent Contributor Licensing Agreement (ICLA)</a> you provided. Keep your forwarding address (or addresses) up to date. </p>
<p>To review and update your forwarding addresses:</p>
<ul>
<li>Use the <a href="https://id.apache.org/" target="_blank">Selfserve app</a>.</li>
@@ -105,13 +105,14 @@
<li>Use the <a href="https://id.apache.org/" target="_blank">Selfserve app</a>.</li>
<li>Use <a href="https://whimsy.apache.org/roster/committer/__self__" target="_blank">Whimsy</a>. Double-click the green "Email addresses (alt)" label.</li>
</ul>
-<p>You can register multiple email aliases with your committer account. Apache inspects registered e-mail aliases when you subscribe to a restricted mailing list with an email other than your apache.org e-mail address. If you are allowed to subscribe to a restricted Apache mailing list and use an address other than your Apache email address, the Apache system approves the request if you have registered the email as one of your aliases.</p>
+<p>You can register multiple email aliases with your committer account. Apache inspects registered e-mail aliases when you subscribe to a restricted mailing list with an email other than your apache.org e-mail address. If you are allowed to subscribe to a restricted Apache mailing list and use an address other than your Apache email address, the Apache system approves the request if you have registered the email as one of your aliases. </p>
<h3>Sending email from your Apache address</h3>
<p>Since you can't use your Apache mailbox directly, send email using your apache.org email address from the committer mail-relay service. Configure this in your email environment:</p>
-<p><code>Server: mail-relay.apache.org Port: 587 (STARTTLS), 465 (SSL) User/Pass: {Your LDAP credentials}</code></p>
+<p><code>Server: mail-relay.apache.org
+Port: 587 (STARTTLS), 465 (SSL)
+User/Pass: {Your LDAP credentials}</code></p>
<p>Your email provider may have a simple form for this in its "Settings" area.</p>
<p>Note: If you are using Gmail with your apache.org email address, there is a way to configure it to take advantage of this service. See Gmail's feature to allow outbound mail from your apache.org address to be directed to the mail-relay service, instead of to a Gmail server, for delivery.</p>
-
</div>
</div>
</div>
diff --git a/output/committer-outreach.html b/output/committer-outreach.html
index 68243c5..e70970e 100644
--- a/output/committer-outreach.html
+++ b/output/committer-outreach.html
@@ -87,7 +87,6 @@
<li>On occasion it makes more sense to send emails directly to the affected Committers.</li>
<li>Several Slack channels, such as <code>asfinfra</code> and <code>announcements</code>, are useful for delivering a version of the email message you are sending. The Slack message may reach some people more quickly.</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/committers.html b/output/committers.html
index cca5da9..cec1ccf 100644
--- a/output/committers.html
+++ b/output/committers.html
@@ -75,7 +75,7 @@
</h1>
<p>A committer is an individual who has write access to the codebase of an Apache project.</p>
<p>The main information resource for you in this role, apart from the wisdom of your project colleagues, is the <a href="new-committers-guide.html">New Committers Guide</a>.</p>
-<p>If you are not an Apache committer, but wish to become one, the instructions on <a href="contributors.html">how to contribute</a> to Apache projects will be more useful to you.</p>
+<p>If you are not an Apache committer, but wish to become one, the instructions on <a href="contributors.html">how to contribute</a> to Apache projects will be more useful to you.</p></p>
<h3 id="frequently-asked-questions">Frequently asked questions<a class="headerlink" href="#frequently-asked-questions" title="Permanent link">¶</a></h3>
<ul>
<li><a href="#general">General</a></li>
@@ -85,14 +85,20 @@
<li><a href="#mailmod">Mailing list moderation</a></li>
<li><a href="#legal">Legal and organizational</a></li>
</ul>
+
<h3 id="general">General<a class="headerlink" href="#general" title="Permanent link">¶</a></h3>
+
<h4 id="apachecon">What is ApacheCon?<a class="headerlink" href="#apachecon" title="Permanent link">¶</a></h4>
+
<p>The Apache Software Foundation periodically organizes <a href="https://www.apachecon.com">conferences</a> focusing on software developed at Apache and on the way that Apache develops its software. Learn about what's happening at Apache, hack code and meet the faces associated with the names!</p>
<h4 id="hackathon">What is a Hackathon?<a class="headerlink" href="#hackathon" title="Permanent link">¶</a></h4>
+
<p>A face-to-face or shared online gathering for hacking code together. Hackathons are generally held at ApacheCons, as well as at other times.</p>
<h4 id="infrathon">What is an Infrathon?<a class="headerlink" href="#infrathon" title="Permanent link">¶</a></h4>
+
<p>A face-to-face gathering for work on Apache infrastructure by our amazing infra contractors and volunteers.</p>
<h4 id="volunteer">How do I manage my volunteer energy?<a class="headerlink" href="#volunteer" title="Permanent link">¶</a></h4>
+
<p>Heed the warnings in these two email threads about what it means to be a committed person at the ASF and how to deal with the pressures that arise from such dedication:</p>
<ul>
<li><a href="https://mail-archives.apache.org/mod_mbox/www-community/200311.mbox/%3c3FC1C5BD.3060406@apache.org%3e" target="_blank">What is a member?</a></li>
@@ -100,9 +106,11 @@
</ul>
<p>We each need to re-read these important messages from time to time and remind ourselves and our communities of the need for self-care and care of others.</p>
<h4 id="new-project">How do I start a new ASF project or migrate an existing project?<a class="headerlink" href="#new-project" title="Permanent link">¶</a></h4>
-<p>Contact the <a href="https://incubator.apache.org/" target="_blank">Incubator Project</a>. They will assist you in starting a project or moving an existing one into the ASF.</p>
+
+<p>Contact the <a href="https://incubator.apache.org/" target="_blank">Incubator Project</a>. They will assist you in starting a project or moving an existing one into the ASF.</p></p>
<p><a href="https://labs.apache.org/" target="_blank">Apache Labs</a> could also be for you if you want to start something new.</p>
<h4 id="committer-responsibilities">What are the responsibilities of a Committer?<a class="headerlink" href="#committer-responsibilities" title="Permanent link">¶</a></h4>
+
<p><strong>Note</strong>: this is an incomplete collection and not authoritative.</p>
<p>As an Apache volunteer, you have the right to set your own priorities and do the work that scratches your own itch. As a Committer, you have a responsibility to the community to help create a product that will outlive the interest of any particular volunteer, including yourself. For example, the code that you commit should be clear enough that others not involved in its current development will be able to maintain and extend it. It also means that you are responsible for helping to grow and maintain the health of the Apache community.</p>
<p>More specific responsibilities of Committers include:</p>
@@ -110,67 +118,89 @@
<li><strong>Deciding on release plans and releases</strong>: A prime committer responsibility is to help decide when a version of product code is ready for release. A release is not to be taken lightly; each release must uphold the Apache tradition of quality. Each Project Management Committee PMC) formally authorizes the distribution of releases to the public.</li>
<li><strong>Applying patches</strong>: To grow and maintain healthy communities, committers need to discuss, review and apply patches submitted by contributors and other committers. Committers are also responsible for the quality and IP clearance of the code that goes into ASF repositories.</li>
<li><strong>Helping users</strong>: Committers should monitor both the <code>dev@</code> and <code>user@</code> or <code>users@</code> email lists for the projects they work on and together provide prompt and useful
-responses to questions from users and their developer colleagues.</li>
+ responses to questions from users and their developer colleagues.</li>
<li><strong>Monitoring commits and issues</strong>: Committers should review commit email messages for their projects and point out anything that looks funny or that may point to IP issues. Committers also monitor the project's issue-tracking system (Bugzilla or Jira or something else) for bug reports or enhancement requests.</li>
<li><strong>Helping out with the website</strong>: The main Apache website and the project websites are in constant need of maintenance. Committers on a project are expected to
-collectively maintain the project's web site. Apache committers as a group share the responsibility to maintain the main Apache site.</li>
+ collectively maintain the project's web site. Apache committers as a group share the responsibility to maintain the main Apache site.</li>
</ul>
<h4 id="committer-set-term">Is there a set term for acting as a Committer? Will I have to be elected again?<a class="headerlink" href="#committer-set-term" title="Permanent link">¶</a></h4>
+
<p>Committer status and merit never expire. If you become inactive for a time (usually six months or more), your account may be deactivated for security reasons. Most
projects allow reactivation of committer status by application to the PMC.</p>
<p>Some projects use the concept of <em>emeritus committer</em> for those who have contributed to the project but can no longer can give much time to it.</p>
<h4 id="code-import">How do I bring code developed outside Apache into an existing project?<a class="headerlink" href="#code-import" title="Permanent link">¶</a></h4>
+
<p>For any substantial codebase that has been developed outside the ASF, there is a process to complete before the code can be committed. The <a href="https://incubator.apache.org" target="_blank">Incubator</a> team manages this. The first step is to contact your <a href="https://www.apache.org/dev/pmc.html#import" target="_blank">PMC</a>.</p>
<h4 id="private-or-public">Where should I discuss ASF project business?<a class="headerlink" href="#private-or-public" title="Permanent link">¶</a></h4>
+
<p>Apache project business should almost always be on your public <code>dev@</code> mailing list, unless there is a specific reason to use <code>private@</code>. See the <a href="https://www.apache.org/dev/pmc.html#private-or-public" target="_blank">discussion about private vs. public lists</a>.</p>
<h4 id="first-commit">I just made my first commit. Why don't I see a commit message?<a class="headerlink" href="#first-commit" title="Permanent link">¶</a></h4>
+
<p>The most likely explanation is that the commit message is awaiting moderation. Messages will be delivered promptly without moderation once the moderator approves posts from your <code>apache.org</code> address.</p>
<h3 id="technical">Technical<a class="headerlink" href="#technical" title="Permanent link">¶</a></h3>
+
<h4 id="infrastructure-change-request">How do I make infrastructure requests?<a class="headerlink" href="#infrastructure-change-request" title="Permanent link">¶</a></h4>
+
<p>You might notice something that needs changing, for example the configuration for a mailing list. The request to the <code>users@infra</code> list or the <code>apmail@</code> alias needs to come from your Project Management Committee. That ensures that the requests are official, and not just an individual's desire.</p>
<p>There are many things that the PMC or PMC chair can do directly, thereby easing the load on the infrastructure team (Infra).</p>
<h4 id="infrastructure-public-communications">How does Infra communicate with the public?<a class="headerlink" href="#infrastructure-public-communications" title="Permanent link">¶</a></h4>
+
<p>Infra uses the <code>users@infra.apache.org</code> mailing list to discuss new infrastructure developments at the ASF. For service downtime announcements and current information on operations, we use <a href="https://twitter.com/infrabot" target="_blank">Infrabot</a>. For general announcements regarding services and the like, Infra has a <a href="https://blogs.apache.org/infra" target="_blank">blog</a>.</p>
<h4 id="machines">What hosts/machines at Apache can I access?<a class="headerlink" href="#machines" title="Permanent link">¶</a></h4>
+
<p>Committers may access <code>home.apache.org</code>. See the related information in the <a href="new-committers-guide.html">New committers' guide</a>.
Note that you do <strong>only</strong> have SFTP access. There is no shell access. RSA SSH keys are required for SFTP access, which you can update via <a href="https://whimsy.apache.org" target="_blank">Whimsy</a> or <a href="https://id.apache.org" target="_blank">id.apache.org</a>.</p>
<p>Here is a <a href="/machines.html" target="_blank">list of other Apache services/hosts and their public keys</a>.</p>
<h4 id="can-cant">What can and can't I do on those machines?<a class="headerlink" href="#can-cant" title="Permanent link">¶</a></h4>
+
<p>You can publish a small personal website in <code>public_html</code>, as described in the <a href="new-committers-guide.html">New committers' guide</a>. <strong>Never</strong> store secret/private keys (the private half of an SSH keypair, or a PGP private key) on any ASF machines.</p>
<h4 id="statistics">Is there a way to see a graph of loads (CPU, I/O, network)?<a class="headerlink" href="#statistics" title="Permanent link">¶</a></h4>
+
<ul>
<li>Infra publishes top-level statistics on the <a href="https://status.apache.org/" target="_blank">status page</a>.</li>
<li>Vadim Gritsenko provides <a href="http://home.apache.org/~vgritsenko/stats/" target="_blank">statistics and cool charts</a>.</li>
</ul>
<h4 id="host-key-change">What should I do if Host Key has changed when logging into an Apache server?<a class="headerlink" href="#host-key-change" title="Permanent link">¶</a></h4>
+
<p>Take any message about a change to the host key or any "Error validating server certificate" very seriously: it may indicate a <a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack" target="_blank">man-in-the-middle attack</a> is in progress. <strong>Do not ignore this message</strong>.</p>
<p>Before contacting the Apache infrastructure team, check that you are logging in to the correct machine, and verify the currently published SSH fingerprints for Apache hosts, as described under "Identity theft" in the <a href="new-committers-guide.html">New committers' guide</a>.</p>
<h4 id="help-i-forgot-my-password">Help, I forgot my password!<a class="headerlink" href="#help-i-forgot-my-password" title="Permanent link">¶</a></h4>
-<p>See if you get an authorization failure (see below) when accessing SVN, or try the 'forgot password' link on the <a href="https://id.apache.org/" target="_blank">Apache Account site <a href="https://id.apache.org/">https://id.apache.org/</a></a>.</p>
+
+<p>See if you get an authorization failure (see below) when accessing SVN, or try the 'forgot password' link on the <a href="https://id.apache.org/" target="_blank">Apache Account site https://id.apache.org/</a>.</p>
<h4 id="nexus-repositoryapacheorg-locked-me-out-when-i-tried-to-stage-a-rc">Nexus (`repository.apache.org`) locked me out when I tried to stage a RC<a class="headerlink" href="#nexus-repositoryapacheorg-locked-me-out-when-i-tried-to-stage-a-rc" title="Permanent link">¶</a></h4>
+
<p>Nexus uses LDAP-based authorization. If you have changed your LDAP password recently it is possible you have a cached version of your old password stored, perhaps in a <code>settings.xml</code> file locally. Maven makes repeated attempts to try this authorization and within 10 seconds you might find your LDAP account locked as a result. Try accessing another LDAP-based service to test the theory.</p>
-<p>The cure is to go to <a href="https://id.apache.org/reset/enter" target="_blank"><a href="https://id.apache.org/reset/enter">https://id.apache.org/reset/enter</a></a> and reset your LDAP password to clear the locked account. Change any cached credentials locally and try staging to Nexus again.</p>
+<p>The cure is to go to <a href="https://id.apache.org/reset/enter" target="_blank">https://id.apache.org/reset/enter</a> and reset your LDAP password to clear the locked account. Change any cached credentials locally and try staging to Nexus again.</p>
<h3 id="svn">Version control<a class="headerlink" href="#svn" title="Permanent link">¶</a></h3>
+
<h4 id="svn-authorization-failure">Why do I get an authorization failure when I try to access Subversion?<a class="headerlink" href="#svn-authorization-failure" title="Permanent link">¶</a></h4>
+
<p>The most common reason is that you've forgotten your password! The password you use for Subversion is the same as the password you use for access to LDAP <code>id.apache.org</code>. You will not be prompted to enter it frequently. This makes it easy to forget.</p>
<p>Apache employs a number of different HTTP authentication realms. You will need to enter your password whenever you access a new realm. (Subversion prints information about the realm when you are prompted for the password.)</p>
<p>Of course, it is also possible that you're accessing a URL which is restricted. That's probably for a good reason, so unless you know that you should have access, don't bother the infrastructure team about being locked out.</p>
<p>If you do forget your password please visit <code>https://id.apache.org/</code> to reset it.</p>
<h4 id="committers-module">Where is the committers/ module?<a class="headerlink" href="#committers-module" title="Permanent link">¶</a></h4>
+
<p>In Subversion, URL: <code>https://svn.apache.org/repos/private/committers</code> .</p>
<h4 id="lock">When do I need to use `svn lock`?<a class="headerlink" href="#lock" title="Permanent link">¶</a></h4>
+
<p>Very rarely if ever. See the <a href="version-control.html">version control FAQ</a> for more details.</p>
<h2 id="mail">Email<a class="headerlink" href="#mail" title="Permanent link">¶</a></h2>
+
<h4 id="email-setup">How do I set up my Apache email account?<a class="headerlink" href="#email-setup" title="Permanent link">¶</a></h4>
+
<p>See these <a href="committer-email.html">instructions</a>.</p>
<h4 id="subscribe">How do I subscribe to a mailing list?<a class="headerlink" href="#subscribe" title="Permanent link">¶</a></h4>
+
<p>If it is a public list, email the <code>-subscribe</code> address (such as <code>dev-subscribe@httpd.apache.org</code>) from the address you want subscribed, and reply to the confirmation mail. For more information see the <a href="https://www.apache.org/dev/#mail" target="_blank">mailing list guide</a>.</p>
<p>Private lists use the same procedure, but it's recommended to use <a href="https://whimsy.apache.org/committers/subscribe" target="_blank">the
self-subscribe app</a>. That avoids needing to wait for a human moderator to check and green-light your subscription request.</p>
<p>At the time of writing the self-subscribe app lets <a href="https://www.apache.org/foundation/members" target="_blank">ASF Members</a> subscribe to any ASF list and other committers to subscribe to a few foundation-wide lists. Committers who wish to subscribe to other lists (such as a <code>private@</code> list of their project) should still email the <code>-subscribe</code> address.</p>
<h4 id="subscriptions">How do I find out my subscriptions?<a class="headerlink" href="#subscriptions" title="Permanent link">¶</a></h4>
+
<p>Committers can use <a href="https://whimsy.apache.org/roster/committer/__self__" target="_blank">Whimsy</a> to check their details, including subscription information.</p>
<h4 id="list-subscribers">How do I find out who is subscribed to a mailing list?<a class="headerlink" href="#list-subscribers" title="Permanent link">¶</a></h4>
+
<p>Information on list subscriptions is private, so is not available to all committers.</p>
<p><strong>Note</strong>: to use the examples below, replace <code>listname</code> with the name of the mailing list, and <code>tlp</code> with the name of the ASF project the list belongs to.</p>
<p>Moderators can send an email to: <code>listname-list@tlp.apache.org</code></p>
@@ -180,11 +210,15 @@
<p><code>~apmail/lists/tlp/listname/digest</code></p>
<p>Note that moderators can get a log of changes to the subscriber list by emailing <code>listname-log@tlp.apache.org</code>.</p>
<h4 id="mail-forward">Mail forwarding<a class="headerlink" href="#mail-forward" title="Permanent link">¶</a></h4>
+
<p>Your forwarding address(es) are stored in LDAP and maintained through the <a href="https://id.apache.org/" target="_blank">Self Serve</a> app. Forwarding is done directly from LDAP.</p>
<h3 id="mailmod">Mailing list moderation<a class="headerlink" href="#mailmod" title="Permanent link">¶</a></h3>
+
<p>This information has moved <a href="mailing-list-moderation.html">here</a>.</p>
<h3 id="legal">Legal and organizational<a class="headerlink" href="#legal" title="Permanent link">¶</a></h3>
+
<h4 id="apache-way">What are the core beliefs of The Apache Way?<a class="headerlink" href="#apache-way" title="Permanent link">¶</a></h4>
+
<p><strong>Note:</strong> While there is not an official list, the following principles have been cited as the core beliefs of The Apache Way:</p>
<ul>
<li>collaborative software development</li>
@@ -194,14 +228,18 @@
<li>faithful implementation of standards</li>
<li>security as a mandatory feature</li>
</ul>
-<p>A non-official <a href="http://theapacheway.com/" target="_blank">The Apache Way</a> website is available.</p>
+<p>A non-official <a href="http://theapacheway.com/" target="_blank">The Apache Way</a> website is available.</p></p>
<h4 id="projectindependence">Are Apache projects really independent?<a class="headerlink" href="#projectindependence" title="Permanent link">¶</a></h4>
+
<p>Yes, Apache projects must always be managed <a href="https://community.apache.org/projectIndependence.html" target="_blank">independently</a> of undue commercial influence.</p>
<h4 id="free">Are Apache project products really always free to download and use?<a class="headerlink" href="#free" title="Permanent link">¶</a></h4>
+
<p>Yes, the software products Apache produce are always available to download and use <a href="https://www.apache.org/free/" target="_blank">at no cost</a>.</p>
<h4 id="applying-patches">How should I apply patches from a contributor?<a class="headerlink" href="#applying-patches" title="Permanent link">¶</a></h4>
+
<p>Consult with the PMC of the product involved, and see <a href="patch.html">how to submit a patch for project code</a>.</p>
<h4 id="cla-registration">How long does it take to register a CLA?<a class="headerlink" href="#cla-registration" title="Permanent link">¶</a></h4>
+
<p>It depends on variables including staff workload. You shouldn't be worried until a week or two has passed since the date you expected the document to arrive.</p>
<p>When a <a href="https://www.apache.org/licenses/#contributor-license-agreements" target="_blank">CLA</a> is submitted, there are several stages to the approval process.</p>
<ol>
@@ -210,8 +248,8 @@
<li>Wait until you know that the ASF has registered the document. ASF members can watch the commit records or check the file. PMC members can watch their <code>private@</code> list for a notice from <code>secretary@</code> (this only happens if the ICLA mentioned which TLP to notify). Others will need to check the <a href="https://whimsy.apache.org/officers/unlistedclas.cgi" target="_blank">list of ICLAs</a>. This is automatically generated, about once an hour, from the file maintained by the Secretary.</li>
</ol>
<h4 id="trademarks">How can I report issues with Apache brand or trademark use?<a class="headerlink" href="#trademarks" title="Permanent link">¶</a></h4>
-<p>PMCs are responsible for managing their own Apache project brands, and committers are encouraged to assist. If you spot any potential misuse or infringement of Apache brands or trademarks by third parties, please follow our <a href="https://www.apache.org/foundation/marks/reporting.html" target="_blank">Apache Trademark Use Reporting Guidelines</a>.</p>
+<p>PMCs are responsible for managing their own Apache project brands, and committers are encouraged to assist. If you spot any potential misuse or infringement of Apache brands or trademarks by third parties, please follow our <a href="https://www.apache.org/foundation/marks/reporting.html" target="_blank">Apache Trademark Use Reporting Guidelines</a>.</p>
</div>
</div>
</div>
diff --git a/output/contact.html b/output/contact.html
index 06b9b24..ab7ecaa 100644
--- a/output/contact.html
+++ b/output/contact.html
@@ -76,7 +76,7 @@
<h3>Chat</h3>
<p>Join us on <a href="https://the-asf.slack.com/">Slack</a> in the #asfinfra channel for direct messaging!</p>
<h3>Request resources/tasks/projects</h3>
-<p>Please create a <a href="https://issues.apache.org/jira/">Jira</a> ticket for your request.</p>
+<p>Please create a <a href="https://issues.apache.org/jira/">Jira</a> ticket for your request. </p>
<p>Review the <a href="jira-guidelines">guidelines for creating a Jira ticket</a>.</p>
<h3>For general inquiries</h3>
<p>General inquiries and questions should go to: <code>users@infra.apache.org</code>.</p>
@@ -84,13 +84,10 @@
<h3>What we need to know</h3>
<p>Here's a <a href="infra-contact.html">guide to what to tell us</a> so we can respond to your request quickly and appropriately.</p>
<h3>In case of emergency</h3>
-<p>If there is an absolutely urgent problem that must be handled <strong>at once</strong>, such as a malicious hacker having an active root through shell on <code>archive.apache.org</code>, follow this escalation path:</p>
-<ol>
-<li>Send an email to <code>root@</code> and <code>private@infra</code> describing the issue. If you get no response within fifteen minutes...</li>
-<li>Create a message on the <code>#asfinfra</code> channel in the Slack Apache space (link is at the top of the page). If you get no response within ten minutes...</li>
-<li>Open a Jira ticket (link is higher in the page) for INFRA, with a priority of <strong>blocker</strong>.</li>
-</ol>
-
+<p>If there is an absolutely urgent problem that must be handled <strong>at once</strong>, such as a malicious hacker having an active root through shell on <code>archive.apache.org</code>, follow this escalation path:
+ 1. Send an email to <code>root@</code> and <code>private@infra</code> describing the issue. If you get no response within fifteen minutes...
+ 2. Create a message on the <code>#asfinfra</code> channel in the Slack Apache space (link is at the top of the page). If you get no response within ten minutes...
+ 3. Open a Jira ticket (link is higher in the page) for INFRA, with a priority of <strong>blocker</strong>.</p>
</div>
</div>
</div>
diff --git a/output/content-moderation.html b/output/content-moderation.html
index 287cd7a..2a8c6d7 100644
--- a/output/content-moderation.html
+++ b/output/content-moderation.html
@@ -73,7 +73,7 @@
<h1>
Content Moderation Policies
</h1>
- <p>This page lists the most common questions and answers surrounding content moderation
+ <p>This page lists the most common questions and answers surrounding content moderation
policies at ASF Infrastructure, including, but not limited to:</p>
<ul>
<li>Data Privacy (GDPR, CCPA, CPPA/PIPEDA, etc.)</li>
@@ -83,21 +83,21 @@
<p>The content the Infrastructure team can moderate includes text on ASF web pages, in Jira tickets, in emails to and from ASF addresses, in code comments, and in comments on commits to Git or Subversion code repositories.</p>
<p>See also the guidelines for <a href="https://infra.apache.org/mailing-list-moderation" target="_blank">mailing list moderation</a>.</p>
<h2>Personal Data Privacy Requests</h2>
-<p>Requests regarding exposure of PII (Personal Identifiable Information) <strong>MUST</strong> be sent to our
-Data Privacy Officer at <code>privacy@apache.org</code>. For more information on personal data privacy,
-see <a href="https://privacy.apache.org/">https://privacy.apache.org/</a>.</p>
+<p>Requests regarding exposure of PII (Personal Identifiable Information) <strong>MUST</strong> be sent to our
+Data Privacy Officer at <code>privacy@apache.org</code>. For more information on personal data privacy,
+see https://privacy.apache.org/.</p>
<h2>Accidental exposure of credentials or company-sensitive data</h2>
-<p><strong>TL;DR:</strong> If you or your company experience accidental exposure of sensitive data or credentials in one of the types of content listed above,
+<p><strong>TL;DR:</strong> If you or your company experience accidental exposure of sensitive data or credentials in one of the types of content listed above,
you should always assume that the data is now public, and immediately invalidate those credentials.</p>
-<p>Depending on the context and circumstances of your request, we <em>may</em> be able to remove the
+<p>Depending on the context and circumstances of your request, we <em>may</em> be able to remove the
following items:</p>
<ul>
<li>Specific emails from our mailing list archives*</li>
<li>Public comments on PRs/issues*</li>
<li>Web pages or packages with compromised data</li>
</ul>
-<p><code>*</code>Removing emails from public archives is not likely to be approved, as propagation of email to multiple hosts and locations makes it
-virtually impossible to enact.</p>
+<p><code>*</code>Removing emails from public archives is not likely to be approved, as propagation of email to multiple hosts and locations makes it
+ virtually impossible to enact.</p>
<p>We are <strong>not</strong> able to, and will not spend time with the following:</p>
<ul>
<li>Deleting pull requests from GitHub (cannot be done)</li>
@@ -107,12 +107,11 @@
<p>If you are a <strong>mailing list moderator</strong>, see this <a href="https://infra.apache.org/mailing-list-moderation#spam">guidance on spam management</a>.</p>
<p>If you have an ASF email account and are receiving what you believe to be spam on it:</p>
<ul>
-<li>Review <a href="https://infra.apache.org/spam-reporting.html" target="_blank">this guidance on possible spam</a>.</li>
+<li>Review <a href="https://infra.apache.org/spam-reporting.html" target="_blank">this guidance on possible spam</a>. </li>
<li>If you still have an issue, report it to <code>users@infra.apache.org</code>.</li>
</ul>
<p>If you seem to be receiving spam from an ASF email account, report the issue to <code>abuse@infra.apache.org</code>.</p>
<p>We make a good-faith effort to remove obvious spam from our email archives; however, given that our mailing lists are archived in many places, 100% certainty of spam removal is impossible.</p>
-
</div>
</div>
</div>
diff --git a/output/contrib-email-tips.html b/output/contrib-email-tips.html
index f08b4ca..3941751 100644
--- a/output/contrib-email-tips.html
+++ b/output/contrib-email-tips.html
@@ -82,9 +82,11 @@
<li>Do not cross-post messages. In other words, pick a mailing list and send your messages to that mailing list only, not to multiple mailing lists. People may be subscribed to one list and not to the other. Therefore, some people will only see part of the conversation, and some responses will appear on one list and others on another list.</li>
</ul>
<h3 id="nohtml">Do not send HTML<a class="headerlink" href="#nohtml" title="Permanent link">¶</a></h3>
+
<p>Do not send HTML-only messages; send plain text (Content-type: text/plain) instead. Sending HTML decreases the number of people who will read your email and is the single most common cause of mail being rejected by the <code>apache.org</code> inbound spam filtering. If your mail bounced and the error message said the spam hits include <code>HTML_MESSAGE</code>, re-send the message as plain text.</p>
<p>Note that many modern systems, like GMail, are good about sending plain-text versions of your email to systems that prefer it.</p>
<h3 id="respect">Be respectful of other list participants<a class="headerlink" href="#respect" title="Permanent link">¶</a></h3>
+
<ul>
<li>All participants in Apache lists are expected to abide by our published <a href="https://www.apache.org/foundation/policies/conduct.html" target="_blank">Code of Conduct</a>. Respectful and considerate communities are one of the pillars of the Apache way. Please aim to provide constructive comments and do not
denigrate others.</li>
@@ -94,6 +96,7 @@
<li>Avoid the use of gender-specific terms like "he" or "she". To avoid "he or she", it is fine to use "they" to refer to a single person.</li>
</ul>
<h3 id="usefulq">How to write useful questions<a class="headerlink" href="#usefulq" title="Permanent link">¶</a></h3>
+
<ul>
<li><a name="research-topic"></a>Research your topic before beginning to discuss a new issue. Search and browse through the email archives - your issue may have been discussed before. Do not just perceive a problem and then rush out with a question - instead, become informed so you can either a) avoid asking a question altogether or b) provide a useful comment or question.</li>
<li><a name="clearly-explain"></a>Take the time to clearly explain your issue and write a concise email message. Less confusion in the writing facilitates a faster and better response. Everyone will benefit from the extra time on your part. The less unnecessary discussion, the better.</li>
@@ -102,13 +105,15 @@
<li><a name="topic-focused"></a>Keep each topic focused. If some new topic arises then start a new discussion. This leaves the original topic to continue un-cluttered.</li>
</ul>
<h3 id="patience">Practice patience<a class="headerlink" href="#patience" title="Permanent link">¶</a></h3>
+
<ul>
-<li><a name="volunteer-basis"></a>Most people participate in Apache projects on a volunteer basis and in their "spare time". These enthusiasts will attempt to respond
+<li><a name="volunteer-basis" ></a>Most people participate in Apache projects on a volunteer basis and in their "spare time". These enthusiasts will attempt to respond
to issues, but it may take a little while to get your answers.</li>
-<li><a name="participants-busy"></a>Most list participants are very busy. Their replies might appear to be curt when they direct you to a document, or give a short answer without niceties. If they spent too long preparing each reply, then they would become exhausted.</li>
-<li><a name="no-private-emails"></a>Do not send development or use questions in private emails. Keep the discussion on the mailing list, where we can all learn and assist each other.</li>
+<li><a name="participants-busy" ></a>Most list participants are very busy. Their replies might appear to be curt when they direct you to a document, or give a short answer without niceties. If they spent too long preparing each reply, then they would become exhausted.</li>
+<li><a name="no-private-emails" ></a>Do not send development or use questions in private emails. Keep the discussion on the mailing list, where we can all learn and assist each other.</li>
</ul>
<h3 id="other">Sitemap for Apache email information<a class="headerlink" href="#other" title="Permanent link">¶</a></h3>
+
<ul>
<li>Listing of <a href="https://www.apache.org/foundation/mailinglists.html" target="_blank">ASF Mailing Lists</a></li>
<li><a href="https://www.apache.org/foundation/policies/conduct.html" target="_blank">Code of Conduct</a></li>
@@ -117,7 +122,6 @@
<li><a href="http://www.catb.org/~esr/faqs/smart-questions.html" target="_blank">How to ask Questions the Smart Way</a></li>
<li><a href="http://www.ietf.org/rfc/rfc1855.txt" target="_blank">RFC 1855: Netiquette Guidelines</a> (text document)</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/contributors.html b/output/contributors.html
index 1a214ff..8bdd3da 100644
--- a/output/contributors.html
+++ b/output/contributors.html
@@ -77,18 +77,22 @@
<p><strong>Note</strong>: if you are interested in contributing <em>financially</em> to support the ASF and the open-source movement, please see <a href="https://www.apache.org/foundation/contributing.html" target="_blank">Sponsorship and Donations</a>.</p>
<p>More information is available in the <a href="new-committers-guide.html">guide</a> and <a href="committers.html">FAQs</a> for project committers.</p>
<h3 id="links">Contents<a class="headerlink" href="#links" title="Permanent link">¶</a></h3>
+
<ul>
<li><a href="#comdev">Community Development is here to help!</a></li>
<li><a href="#mail">Everything happens on mailing lists</a></li>
<li><a href="#howitworks">How open-source works at Apache</a></li>
<li><a href="#svnbasics">Source code repositories</a></li>
-<li><a href="#providingfeedback">Providing feedback to Apache projects</a></li>
+<li><a href="#providingfeedback">Providing feedback to Apache projects</a></i></p></li>
</ul>
<h3 id="comdev">Community Development is here to help!<a class="headerlink" href="#comdev" title="Permanent link">¶</a></h3>
+
<p>Apache values "Community over code", and is full of volunteers who want to help you. Guideposts and helpful information and mentors for newcomers to Apache can be found at <a href="http://community.apache.org/" target="_blank">Community Development</a>.</p>
<h3 id="mail">Everything happens on mailing lists<a class="headerlink" href="#mail" title="Permanent link">¶</a></h3>
+
<p>Virtually everything at Apache happens on one of our publicly archived mailing lists. Find the <a href="https://www.apache.org/dev/#mail" target="_blank">right Apache mailing list</a> and read some <a href="/contrib-email-tips" target="_blank">tips</a> on asking questions and making comments.</p>
<h3 id="howitworks">How open-source works at Apache<a class="headerlink" href="#howitworks" title="Permanent link">¶</a></h3>
+
<p>There are many books, presentations, and academic papers about the way open-source software development works and how you can become a valuable member of the open source/free software community. For an overview of how it works at Apache, see</p>
<ul>
<li>the <a href="https://www.apache.org/" target="_blank">ASF home page</a></li>
@@ -99,21 +103,25 @@
<li><a href="http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/" target="_blank">The Cathedral and the Bazaar</a></li>
</ul>
<h3 id="svnbasics">Source code repositories<a class="headerlink" href="#svnbasics" title="Permanent link">¶</a></h3>
+
<p>Apache projects use either of these repository systems:</p>
<ul>
<li><a href="svn-basics.html">Subversion</a></li>
<li><a href="git-primer.html">Git</a>.</li>
</ul>
<h3 id="bleeding-edge">Nightly code / Development code<a class="headerlink" href="#bleeding-edge" title="Permanent link">¶</a></h3>
+
<p>Getting the source directly from the source repository usually gives you the latest, or "bleeding edge" version of that particular project.</p>
<h3 id="providingfeedback">Providing feedback to Apache projects<a class="headerlink" href="#providingfeedback" title="Permanent link">¶</a></h3>
+
<p>A valuable way to contribute to ASF projects is to use the project's software and then provide feedback about it to its developers. Different Apache software
projects have different preferences about how you should submit feedback. Check out the project website for more information. In the absence of project-specific information on how to provide feedback, follow these guidelines.</p>
<p>A vital part of the ASF projects are the project mailing lists. Most projects have a users' list named <code>users@${project}.apache.org</code> or <code>user@${project}.apache.org</code>. Subscribe to it by sending an e-mail to <code>users-subscribe@${project}.apache.org</code>, then follow the instructions. We have many <a href="/contrib-email-tips" target="_blank">tips on asking questions</a> in a way that gets answers.</p>
-<p>Tell the developer and user community about your use of the software product, your experiences in setting it up, issues you encountered, and any general feedback you may have. Don't forget to include any positive observations that will show you appreciate the effort the team is making. Your story will likely be very welcome if you write it clearly, in a friendly tone, and Read The Manual before asking for answers that you could find there. You'll probably receive enthusiastic responses from some of the developers and other users (although responses may not appear right away: everybody is busy).</p>
+<p>Tell the developer and user community about your use of the software product, your experiences in setting it up, issues you encountered, and any general feedback you may have. Don't forget to include any positive observations that will show you appreciate the effort the team is making. Your story will likely be very welcome if you write it clearly, in a friendly tone, and Read The Manual before asking for answers that you could find there. You'll probably receive enthusiastic responses from some of the developers and other users (although responses may not appear right away: everybody is busy). </p>
<p>If you found specific issues or have an idea about how things should work, the project may ask you to submit a detailed bug report or patch to improve things.</p>
<p>Many projects also have a developer-focused mailing list named <code>dev@${project}.apache.org</code> for discussion of technical project details.</p>
<h4 id="bugreports">How to send in a bug report<a class="headerlink" href="#bugreports" title="Permanent link">¶</a></h4>
+
<p>Projects take bug reports very seriously. To help a team fix the bug quickly, include as much information with your report as possible, such as your
platform, version numbers of the application you were using, error logs, configuration, etc. If you are not
sure whether a piece of information is relevant, include it.</p>
@@ -124,8 +132,8 @@
<h4 id="websites">How to suggest changes to project websites<a class="headerlink" href="#websites" title="Permanent link">¶</a></h4>
<p>One of the simplest ways to contribute to Apache projects is by suggesting improvements to the project's website or product documentation. If something doesn't make
sense to you, or if you have a better way to explain something, send the project a patch!
-<p>Projects use many different content management systems for their websites. Some systems have a web-based editor that makes it relatively simple to provide improvements, once you have access rights. Ask the PMC for such rights, explaining how you would like to help, or simply provide your suggestions in an email.</p>
-</p>
+
+Projects use many different content management systems for their websites. Some systems have a web-based editor that makes it relatively simple to provide improvements, once you have access rights. Ask the PMC for such rights, explaining how you would like to help, or simply provide your suggestions in an email.
</div>
</div>
</div>
diff --git a/output/crypto.html b/output/crypto.html
index db21124..7dbbdb6 100644
--- a/output/crypto.html
+++ b/output/crypto.html
@@ -75,16 +75,19 @@
</h1>
<p>This page provides PMC members with the information they need to ensure U.S. export control laws are satisfied for ASF product distributions that contain, or are designed or modified to use, cryptography for data confidentiality.</p>
<p><strong>This page is not intended for users of Apache products</strong>. Users should consult the <a href="https://www.apache.org/licenses/exports/" target="_blank">export control status of our products</a>.</p>
-<p><strong>Note</strong>: The regulations covering US export control laws for encryption are continuously changing, and the latest modification of this page, to describe the current state of regulations, was May 24, 2019.</p>
+<p><strong>Note</strong>: The regulations covering US export control laws for encryption are continuously changing, and the latest modification of this page, to describe the current state of regulations, was May 24, 2019. </p>
<p>This page describes the process which should be continued until the Apache VP Legal Affairs approves an updated version.</p>
<h4 id="updates">Notification of Updates to this Page<a class="headerlink" href="#updates" title="Permanent link">¶</a></h4>
+
<p>Notices of updates to this page appear on the <a href="https://www.apache.org/foundation/mailinglists.html#foundation-legal" target="_blank">legal-discuss</a> mailing list.</p>
<h2 id="contents">Contents<a class="headerlink" href="#contents" title="Permanent link">¶</a></h2>
+
<ul>
<li><a href="#overview">Overview</a></li>
<li><a href="#faq">Frequently Asked Questions</a></li>
</ul>
<h2 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link">¶</a></h2>
+
<p>The U.S. Government places <a href="https://www.bis.doc.gov/index.php/regulations/commerce-control-list-ccl" target="_blank">restrictions on the export</a> of some types of software, including software employing cryptographic functions. Fortunately, EAR Section 742.15(b) applies to most of the cryptography of concern to the ASF.</p>
<p>PMCs considering including cryptographic functionality within their products, or designing their products to use other software with cryptographic functionality, should take the following steps <strong>before</strong> placing such code on any ASF server, including commits to subversion or git.</p>
<ul>
@@ -94,12 +97,12 @@
<li><a href="#inform">Inform users</a>.</li>
</ul>
<h3 id="classify">Check the Export Control Classification Number (ECCN)<a class="headerlink" href="#classify" title="Permanent link">¶</a></h3>
+
<p>Section 742.15(b) of the <a href="https://www.trade.gov/us-export-regulations" target="_blank">Export Administration Regulations (EAR)</a> authorizes exports and reexports, without review, of encryption source and object code provided the following conditions are met:</p>
<ul>
<li>the encryption source code is controlled by ECCN 5D002.</li>
<li>the encryption source code will be publicly available (published and made available to the public without restrictions upon its further dissemination).</li>
-<li>a notification is sent to the U.S. Government's Bureau of Industry and Security (BIS) and the ENC Encryption Request Coordinator at or before making the code publicly available. Current ASF processes satisfy the "publicly available" requirement. The notification requirement is described <a href="#notify">below</a>. However, it is important to ensure the included cryptographic functionality meets the definition of <a href="https://cr.yp.to/export/ear2001/ccl5-pt2.pdf" target="_blank">ECCN D002</a>, which can be summarized as:
-<ul>
+<li>a notification is sent to the U.S. Government's Bureau of Industry and Security (BIS) and the ENC Encryption Request Coordinator at or before making the code publicly available. Current ASF processes satisfy the "publicly available" requirement. The notification requirement is described <a href="#notify">below</a>. However, it is important to ensure the included cryptographic functionality meets the definition of <a href="https://cr.yp.to/export/ear2001/ccl5-pt2.pdf" target="_blank">ECCN D002</a>, which can be summarized as:<ul>
<li>Software specially designed or modified for the development, production or use of any of the other software of this list, or software designed to certify other software on this list; or</li>
<li>Software using a "symmetric algorithm" employing a key length in excess of 56-bits; or</li>
<li>Software using an "asymmetric algorithm" where the security of the algorithm is based on: factorization of integers in excess of 512 bits (e.g., RSA), computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).</li>
@@ -109,112 +112,137 @@
</li>
</ul>
<h3 id="sources">Update the Exports Page with Source Links<a class="headerlink" href="#sources" title="Permanent link">¶</a></h3>
-<p>To satisfy the BIS requirements to make source code available for inspection, while minimizing the number of <a href="#notify">notification emails</a> needed to be sent, the ASF maintains a single web page at <a href="https://www.apache.org/licenses/exports/" target="_blank"><a href="https://www.apache.org/licenses/exports/">https://www.apache.org/licenses/exports/</a></a> with links to the applicable source code for each version of each ASF product classified as ECCN 5D002.</p>
+
+<p>To satisfy the BIS requirements to make source code available for inspection, while minimizing the number of <a href="#notify">notification emails</a> needed to be sent, the ASF maintains a single web page at <a href="https://www.apache.org/licenses/exports/" target="_blank">https://www.apache.org/licenses/exports/</a> with links to the applicable source code for each version of each ASF product classified as ECCN 5D002.</p>
<p>To make updates to this ASF-wide Exports page as simple and consistent as possible, the <a href="https://github.com/apache/www-site/blob/main/data/eccn/eccnmatrix.yaml" target="_blank">source matrix</a> is a .yaml file that anyone with site-dev karma (which includes all PMC chairs) can update. The exports web page is generated from this .yaml file.</p>
<p>Test any edits to the exports page using both the site build process (view <code>index.html</code> before committing any changes) and by running the <code>bisnotice.xsl</code> transform on the product added/changed (see below). You can probably figure out how to format the information for your project's product by following the example of other projects and reading the page. If you have any further questions about the content, or if you are not sure that a BIS notice is required, please check the <a href="#faq">FAQs</a> first and then bring any remaining questions to the <code>legal-discuss</code> mailing list. Note that the product data should only be version-specific if the classification changes (e.g., Apache HTTP Server version 1.3 vs 2.0) or if the link to the controlled source code needs to change, such as if the encryption library included in the product for different releases came from different manufacturers. In addition, it is possible to include both controlled and non-controlled (ECCN "n/a") products in the list, but a BIS notice is only necessary for the products that have at least one version classified as ECCN 5D002.</p>
<h3 id="notify">Notify the U.S. Government of the release<a class="headerlink" href="#notify" title="Permanent link">¶</a></h3>
+
<p>After ensuring the distribution's cryptography qualifies for an exemption under Section 742.15(b) and after ensuring the applicable source code is linked from the
ASF-wide export page, but <strong>before publicly posting the distribution or committing the controlled code</strong>, send an email using the template below.</p>
<p>An XSLT transformer called <a href="https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/bisnotice.xsl" target="_blank">bisnotice.xsl</a>
can generate the BIS notice for a product based on the XML data. For example, running it as:</p>
-<pre><code>$ cd {SVNROOT}/infrastructure/site/trunk/</li>
-$ svn up</li>
-$ cd content/licenses/exports/</li>
-$ java -Xbootclasspath/p:../../../lib/xalan.jar org.apache.xalan.xslt.Process \
- -in index.page/eccnmatrix.xml -xsl bisnotice.xsl \
- -param product 'Apache HTTP Server'
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>cd<span class="w"> </span>{SVNROOT}/infrastructure/site/trunk/<span class="nt"></li></span>
+$<span class="w"> </span>svn<span class="w"> </span>up<span class="nt"></li></span>
+$<span class="w"> </span>cd<span class="w"> </span>content/licenses/exports/<span class="nt"></li></span>
+$<span class="w"> </span>java<span class="w"> </span>-Xbootclasspath/p:../../../lib/xalan.jar<span class="w"> </span>org.apache.xalan.xslt.Process<span class="w"> </span>\
+<span class="w"> </span>-in<span class="w"> </span>index.page/eccnmatrix.xml<span class="w"> </span>-xsl<span class="w"> </span>bisnotice.xsl<span class="w"> </span>\
+<span class="w"> </span>-param<span class="w"> </span>product<span class="w"> </span>'Apache<span class="w"> </span>HTTP<span class="w"> </span>Server'
+</code></pre></div>
+
<p>will result in text output that looks like an email template for the PMC chair to send to the appropriate addresses. A generic example is below. Note that the product parameter selects which product(s) to print based on matching a substring of the product name. The template output is only correct when a single product is matched.</p>
<p>There are also some sample script files in the top-level directory (site/trunk): <code>bisnotice.cmd</code> (Windows) and <code>bisnotice.sh</code> (Un*x).</p>
-<pre><code>TO: crypt AT bis.doc.gov,
- enc AT nsa.gov,
- web_site AT bis.doc.gov
-CC: {applicable project list}
-SUBJ: Section 742.15 NOTIFICATION - Encryption</p>
+<div class="highlight"><pre><span></span><code><span class="n">TO</span><span class="o">:</span><span class="w"> </span><span class="n">crypt</span><span class="w"> </span><span class="n">AT</span><span class="w"> </span><span class="n">bis</span><span class="o">.</span><span class="na">doc</span><span class="o">.</span><span class="na">gov</span><span class="o">,</span><span class="w"> </span>
+<span class="w"> </span><span class="n">enc</span><span class="w"> </span><span class="n">AT</span><span class="w"> </span><span class="n">nsa</span><span class="o">.</span><span class="na">gov</span><span class="o">,</span><span class="w"> </span>
+<span class="w"> </span><span class="n">web_site</span><span class="w"> </span><span class="n">AT</span><span class="w"> </span><span class="n">bis</span><span class="o">.</span><span class="na">doc</span><span class="o">.</span><span class="na">gov</span>
+<span class="n">CC</span><span class="o">:</span><span class="w"> </span><span class="o">{</span><span class="n">applicable</span><span class="w"> </span><span class="n">project</span><span class="w"> </span><span class="n">list</span><span class="o">}</span>
+<span class="n">SUBJ</span><span class="o">:</span><span class="w"> </span><span class="n">Section</span><span class="w"> </span><span class="mf">742.15</span><span class="w"> </span><span class="n">NOTIFICATION</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">Encryption</span><span class="o"></</span><span class="n">p</span><span class="o">></span>
-SUBMISSION TYPE: Section 742.15
-SUBMITTED BY: {PMC member sending email}
-SUBMITTED FOR: Apache Software Foundation
-POINT OF CONTACT: Secretary, Apache Software Foundation
-MANUFACTURER(S) {list of origin of all crypto code, e.g.
- "OpenSSL Project" or "Apache Software Foundation."
- If product includes multiple crypto items from
- different origins, list all origins.}
-PRODUCT NAME/MODEL #: {Apache product name(s) that include the source
- code found at the URL below, or any binaries
- that were created by compiling that source code
- -- do not specify version numbers if the
- future versions will use source code found at
- the same URL (even if the source is updated at
- that URL) }
-ECCN: 5D002
-NOTIFICATION: http://www.apache.org/licenses/exports/
-</code></pre>
+<span class="n">SUBMISSION</span><span class="w"> </span><span class="n">TYPE</span><span class="o">:</span><span class="w"> </span><span class="n">Section</span><span class="w"> </span><span class="mf">742.15</span>
+<span class="n">SUBMITTED</span><span class="w"> </span><span class="n">BY</span><span class="o">:</span><span class="w"> </span><span class="o">{</span><span class="n">PMC</span><span class="w"> </span><span class="n">member</span><span class="w"> </span><span class="n">sending</span><span class="w"> </span><span class="n">email</span><span class="o">}</span>
+<span class="n">SUBMITTED</span><span class="w"> </span><span class="n">FOR</span><span class="o">:</span><span class="w"> </span><span class="n">Apache</span><span class="w"> </span><span class="n">Software</span><span class="w"> </span><span class="n">Foundation</span>
+<span class="n">POINT</span><span class="w"> </span><span class="n">OF</span><span class="w"> </span><span class="n">CONTACT</span><span class="o">:</span><span class="w"> </span><span class="n">Secretary</span><span class="o">,</span><span class="w"> </span><span class="n">Apache</span><span class="w"> </span><span class="n">Software</span><span class="w"> </span><span class="n">Foundation</span>
+<span class="n">MANUFACTURER</span><span class="o">(</span><span class="n">S</span><span class="o">)</span><span class="w"> </span><span class="o">{</span><span class="n">list</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">origin</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">all</span><span class="w"> </span><span class="n">crypto</span><span class="w"> </span><span class="n">code</span><span class="o">,</span><span class="w"> </span><span class="n">e</span><span class="o">.</span><span class="na">g</span><span class="o">.</span>
+<span class="w"> </span><span class="s2">"OpenSSL Project"</span><span class="w"> </span><span class="n">or</span><span class="w"> </span><span class="s2">"Apache Software Foundation."</span>
+<span class="w"> </span><span class="n">If</span><span class="w"> </span><span class="n">product</span><span class="w"> </span><span class="n">includes</span><span class="w"> </span><span class="n">multiple</span><span class="w"> </span><span class="n">crypto</span><span class="w"> </span><span class="n">items</span><span class="w"> </span><span class="n">from</span><span class="w"> </span>
+<span class="w"> </span><span class="n">different</span><span class="w"> </span><span class="n">origins</span><span class="o">,</span><span class="w"> </span><span class="n">list</span><span class="w"> </span><span class="n">all</span><span class="w"> </span><span class="n">origins</span><span class="o">.}</span>
+<span class="n">PRODUCT</span><span class="w"> </span><span class="n">NAME</span><span class="o">/</span><span class="n">MODEL</span><span class="w"> </span><span class="err">#</span><span class="o">:</span><span class="w"> </span><span class="o">{</span><span class="n">Apache</span><span class="w"> </span><span class="n">product</span><span class="w"> </span><span class="n">name</span><span class="o">(</span><span class="n">s</span><span class="o">)</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="k">include</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">source</span>
+<span class="w"> </span><span class="n">code</span><span class="w"> </span><span class="n">found</span><span class="w"> </span><span class="n">at</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">URL</span><span class="w"> </span><span class="n">below</span><span class="o">,</span><span class="w"> </span><span class="n">or</span><span class="w"> </span><span class="n">any</span><span class="w"> </span><span class="n">binaries</span>
+<span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">were</span><span class="w"> </span><span class="n">created</span><span class="w"> </span><span class="n">by</span><span class="w"> </span><span class="n">compiling</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">code</span>
+<span class="w"> </span><span class="o">--</span><span class="w"> </span><span class="k">do</span><span class="w"> </span><span class="n">not</span><span class="w"> </span><span class="n">specify</span><span class="w"> </span><span class="n">version</span><span class="w"> </span><span class="n">numbers</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="n">the</span><span class="w"> </span>
+<span class="w"> </span><span class="n">future</span><span class="w"> </span><span class="n">versions</span><span class="w"> </span><span class="n">will</span><span class="w"> </span><span class="n">use</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">code</span><span class="w"> </span><span class="n">found</span><span class="w"> </span><span class="n">at</span><span class="w"> </span>
+<span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">same</span><span class="w"> </span><span class="n">URL</span><span class="w"> </span><span class="o">(</span><span class="n">even</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">updated</span><span class="w"> </span><span class="n">at</span>
+<span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">URL</span><span class="o">)</span><span class="w"> </span><span class="o">}</span>
+<span class="n">ECCN</span><span class="o">:</span><span class="w"> </span><span class="mi">5</span><span class="n">D002</span>
+<span class="n">NOTIFICATION</span><span class="o">:</span><span class="w"> </span><span class="n">http</span><span class="o">://</span><span class="n">www</span><span class="o">.</span><span class="na">apache</span><span class="o">.</span><span class="na">org</span><span class="sr">/licenses/exports/</span>
+</code></pre></div>
+
<h3 id="inform">Inform users by including a crypto notice in the distribution's README file<a class="headerlink" href="#inform" title="Permanent link">¶</a></h3>
+
<p>Should the software qualify for the Section 742.15(b) exemption, place the following notice into each distribution's README file:</p>
-<pre><code> This distribution includes cryptographic software. The country in
- which you currently reside may have restrictions on the import,
- possession, use, and/or re-export to another country, of
- encryption software. BEFORE using any encryption software, please
- check your country's laws, regulations and policies concerning the
- import, possession, or use, and re-export of encryption software, to
- see if this is permitted. See http://www.wassenaar.org for
- more information.
-The Apache Software Foundation has classified this software as Export Commodity
- Control Number (ECCN) 5D002, which includes information security
- software using or performing cryptographic functions with asymmetric
- algorithms. The form and manner of this Apache Software Foundation
- distribution makes it eligible for export under the "publicly available"
- Section 742.15(b) exemption (see the BIS Export Administration Regulations,
- Section 742.15(b)) for both object code and source code.
-The following provides more details on the included cryptographic
- software:
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="n">distribution</span><span class="w"> </span><span class="n">includes</span><span class="w"> </span><span class="n">cryptographic</span><span class="w"> </span><span class="n">software</span><span class="o">.</span><span class="w"> </span><span class="n">The</span><span class="w"> </span><span class="n">country</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span>
+<span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">currently</span><span class="w"> </span><span class="n">reside</span><span class="w"> </span><span class="n">may</span><span class="w"> </span><span class="n">have</span><span class="w"> </span><span class="n">restrictions</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">import</span><span class="p">,</span><span class="w"> </span>
+<span class="w"> </span><span class="n">possession</span><span class="p">,</span><span class="w"> </span><span class="n">use</span><span class="p">,</span><span class="w"> </span><span class="ow">and</span><span class="o">/</span><span class="ow">or</span><span class="w"> </span><span class="n">re</span><span class="o">-</span><span class="k">export</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">another</span><span class="w"> </span><span class="n">country</span><span class="p">,</span><span class="w"> </span><span class="n">of</span><span class="w"> </span>
+<span class="w"> </span><span class="n">encryption</span><span class="w"> </span><span class="n">software</span><span class="o">.</span><span class="w"> </span><span class="n">BEFORE</span><span class="w"> </span><span class="n">using</span><span class="w"> </span><span class="n">any</span><span class="w"> </span><span class="n">encryption</span><span class="w"> </span><span class="n">software</span><span class="p">,</span><span class="w"> </span><span class="n">please</span><span class="w"> </span>
+<span class="w"> </span><span class="n">check</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="n">country</span><span class="s1">'s laws, regulations and policies concerning the</span>
+<span class="w"> </span><span class="n">import</span><span class="p">,</span><span class="w"> </span><span class="n">possession</span><span class="p">,</span><span class="w"> </span><span class="ow">or</span><span class="w"> </span><span class="n">use</span><span class="p">,</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">re</span><span class="o">-</span><span class="k">export</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">encryption</span><span class="w"> </span><span class="n">software</span><span class="p">,</span><span class="w"> </span><span class="n">to</span><span class="w"> </span>
+<span class="w"> </span><span class="n">see</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">permitted</span><span class="o">.</span><span class="w"> </span><span class="n">See</span><span class="w"> </span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="o">.</span><span class="n">wassenaar</span><span class="o">.</span><span class="n">org</span><span class="w"> </span><span class="k">for</span>
+<span class="w"> </span><span class="n">more</span><span class="w"> </span><span class="n">information</span><span class="o">.</span>
+<span class="n">The</span><span class="w"> </span><span class="n">Apache</span><span class="w"> </span><span class="n">Software</span><span class="w"> </span><span class="n">Foundation</span><span class="w"> </span><span class="n">has</span><span class="w"> </span><span class="n">classified</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">software</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="n">Export</span><span class="w"> </span><span class="n">Commodity</span><span class="w"> </span>
+<span class="w"> </span><span class="n">Control</span><span class="w"> </span><span class="n">Number</span><span class="w"> </span><span class="p">(</span><span class="n">ECCN</span><span class="p">)</span><span class="w"> </span><span class="mi">5</span><span class="n">D002</span><span class="p">,</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">includes</span><span class="w"> </span><span class="n">information</span><span class="w"> </span><span class="n">security</span>
+<span class="w"> </span><span class="n">software</span><span class="w"> </span><span class="n">using</span><span class="w"> </span><span class="ow">or</span><span class="w"> </span><span class="n">performing</span><span class="w"> </span><span class="n">cryptographic</span><span class="w"> </span><span class="n">functions</span><span class="w"> </span><span class="n">with</span><span class="w"> </span><span class="n">asymmetric</span>
+<span class="w"> </span><span class="n">algorithms</span><span class="o">.</span><span class="w"> </span><span class="n">The</span><span class="w"> </span><span class="n">form</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">manner</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">Apache</span><span class="w"> </span><span class="n">Software</span><span class="w"> </span><span class="n">Foundation</span>
+<span class="w"> </span><span class="n">distribution</span><span class="w"> </span><span class="n">makes</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="n">eligible</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="k">export</span><span class="w"> </span><span class="n">under</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="s2">"publicly available"</span>
+<span class="w"> </span><span class="n">Section</span><span class="w"> </span><span class="mf">742.15</span><span class="p">(</span><span class="n">b</span><span class="p">)</span><span class="w"> </span><span class="n">exemption</span><span class="w"> </span><span class="p">(</span><span class="n">see</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">BIS</span><span class="w"> </span><span class="n">Export</span><span class="w"> </span><span class="n">Administration</span><span class="w"> </span><span class="n">Regulations</span><span class="p">,</span><span class="w"> </span>
+<span class="w"> </span><span class="n">Section</span><span class="w"> </span><span class="mf">742.15</span><span class="p">(</span><span class="n">b</span><span class="p">))</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">both</span><span class="w"> </span><span class="n">object</span><span class="w"> </span><span class="n">code</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">code</span><span class="o">.</span>
+<span class="n">The</span><span class="w"> </span><span class="n">following</span><span class="w"> </span><span class="n">provides</span><span class="w"> </span><span class="n">more</span><span class="w"> </span><span class="n">details</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">included</span><span class="w"> </span><span class="n">cryptographic</span>
+<span class="w"> </span><span class="n">software</span><span class="p">:</span>
+</code></pre></div>
+
<p>Be sure to add some information at the bottom of the notice about the components of the release including cryptography.</p>
<h2 id="faq">Frequently Asked Questions<a class="headerlink" href="#faq" title="Permanent link">¶</a></h2>
+
<h4 id="faq-productname">What is the "PRODUCT NAME/MODEL #" for my product?<a class="headerlink" href="#faq-productname" title="Permanent link">¶</a></h4>
+
<p>The product name is the name of the ASF product (e.g. "Apache Foo"), even if the notification is being made about another manufacturer's cryptography included in the ASF product. Do not list the ASF product's version number.</p>
-<h4 id="faq-manufacturer">What is the MANUFACTURER?<a class="headerlink" href="#faq-manufacturer" title="Permanent link">¶</a></h4>The manufacture is the name of the individual/organization that built the crypto item included in the ASF product, whether that is the ASF itself or some other open source project or organization.
+<h4 id="faq-manufacturer">What is the MANUFACTURER?<a class="headerlink" href="#faq-manufacturer" title="Permanent link">¶</a></h4>
+<p>The manufacture is the name of the individual/organization that built the crypto item included in the ASF product, whether that is the ASF itself or some other open source project or organization.</p>
<h4 id="faq-notification">What is the NOTIFICATION?<a class="headerlink" href="#faq-notification" title="Permanent link">¶</a></h4>
+
<p>the notification is a URL that directly or indirectly points to the source code for the crypto item built by the listed <a href="#faq-manufacturer">manufacturer</a> that is
distributed within the ASF <a href="#faq-productname">product</a>. At the ASF, we indirectly point to the source code by having all products list <code>www.apache.org/licenses/exports/</code> as the NOTIFICATION url, and ensuring that this page is refreshed with the set of links to the crypto source code for the notifying product. If the product contains more than one crypto item, the exports page simply points to the source for each crypto item included in the product.</p>
<h4 id="faq-firstnotification">When is the first time a notification email must be sent?<a class="headerlink" href="#faq-firstnotification" title="Permanent link">¶</a></h4>
+
<p>You must send the notification email prior to exporting/posting online. <strong>Note</strong>: this even includes distribution of code through publicly accessible servers/repositories before there has been any official release.</p>
<h4 id="faq-public">What are examples of when a crypto item is publicly accessible through ASF servers?<a class="headerlink" href="#faq-public" title="Permanent link">¶</a></h4>
+
<p>The <strong>obvious example</strong> is including something like an OpenSSL binary within a product distribution from a /dist URL. The <strong>less-obvious example</strong> is the point at which a software repository starts to include code that is specially designed to work with any other 5D002 item, whether that item is ever to be included within a product distribution or not. In other words, a project should send out a notification email just after making the decision to include code that is specially designed to work with crypto APIs but
before actually committing such code. No need to worry about surprise Jira attachments with such code -- only the event of committing the code to the ASF product repository.</p>
<h4 id="faq-publicemails">Are public contributions of crypto items to the mailing list, Jira or Bugzilla databases considered exports?<a class="headerlink" href="#faq-publicemails" title="Permanent link">¶</a></h4>
+
<p>No. We do not need to worry about surprise Jira attachments with such code -- only code committed to the ASF product repository. The actual poster of these attachments would be the one 'exporting' the crypto, since it would not be an act of the ASF project as it addressed <a href="#faq-public">above</a>.</p>
<h4 id="faq-previouslyexported">If we distribute previously exported crypto items, must we still qualify the same item for export?<a class="headerlink" href="#faq-previouslyexported" title="Permanent link">¶</a></h4>
+
<p>Yes. The ASF is responsible for complying with the EAR, regardless of whether the item we are exporting has been previously exported under the Section 742.15(b) publicly available exemption or any license exception by another manufacturer/company/open source project.</p>
<h4 id="faq-manyproducts">If the ASF distributes a particular crypto item within one product under the Section 742.15(b) publicly available exemption, must the same item requalify when distributed in a different ASF product?<a class="headerlink" href="#faq-manyproducts" title="Permanent link">¶</a></h4>
+
<p>Yes. Each product must qualify separately, which includes sending notifications for each.</p>
<h4 id="faq-versions">If the ASF distributes/exports a crypto item after qualifying it under the Section 742.15(b) publicly available exemption, must the same product requalify for release of future versions?<a class="headerlink" href="#faq-versions" title="Permanent link">¶</a></h4>
+
<p>No. As long as the email's notification URL for the source location still (directly or indirectly) points to the applicable source for each version's crypto item, no additional process is required.</p>
<h4 id="faq-notificationurl">Where must the email's notification URL point to?<a class="headerlink" href="#faq-notificationurl" title="Permanent link">¶</a></h4>
+
<p>The notification URL for all products should point to <code>https://www.apache.org/licenses/exports/</code>, which should be refreshed to include the project's cryptography data
before the email is sent.</p>
<h4 id="faq-additionalemails">If the notification URL never changes, when are additional notification emails required?<a class="headerlink" href="#faq-additionalemails" title="Permanent link">¶</a></h4>
+
<p>Each product needs to send only one notification email until information previously submitted is no longer accurate, e.g. a change in the manufacturer.</p>
<h4 id="faq-infousers">Is there any BIS requirement to tell users and/or redistributors of our products about the crypto within our products?<a class="headerlink" href="#faq-infousers" title="Permanent link">¶</a></h4>
+
<p>No, but it's a good idea to do so. See our self-imposed requirement to <a href="#inform">inform users</a>.</p>
<h4 id="faq-twocryptos">When exporting a product that is not only designed to use some third-party crypto item, but also includes the third-party crypto item, does this require two notifications or one notification with two manufacturers?<a class="headerlink" href="#faq-twocryptos" title="Permanent link">¶</a></h4>
+
<p>When multiple crypto items exist within a single product, one email should be sent listing all manufacturers of encryption items in the product and the <a href="/licenses/exports/">standard notification URL</a> to the ASF-wide exports page with detailed information, including the location of the corresponding source code.</p>
<h4 id="faq-nonasfsource">Can the ultimate link to the crypto item's source code point to a non-ASF web page?<a class="headerlink" href="#faq-nonasfsource" title="Permanent link">¶</a></h4>
+
<p>Yes, as long as the PMC is reasonably confident that the non-ASF location is likely to remain available for BIS inspection for the foreseeable future. If this is not the case at some point, the ASF should update the link to a location that will remain available.</p>
<h4 id="faq-compilerswitch">What if the object/binary code being distributed was built with a particular compiler switch?<a class="headerlink" href="#faq-compilerswitch" title="Permanent link">¶</a></h4>
+
<p>It is fine to use whatever compiler switches you like. There is no need to provide compiler switch information, as long as the pointed source code is a superset of all the controlled source that ends up being distributed within the object/binary file.</p>
<h4 id="faq-binaryurl">Do we need to notify the BIS of the location of object/binary files?<a class="headerlink" href="#faq-binaryurl" title="Permanent link">¶</a></h4>
+
<p>No, but whether we are distributing source or object/binary files, we must always make sure a notification has been made pointing (directly or indirectly) to the associated source.</p>
<h4 id="faq-includedlibssl">If my project ships a binary that includes libssl/libcrypto, what notifications must be made?<a class="headerlink" href="#faq-includedlibssl" title="Permanent link">¶</a></h4>
+
<p>Within the single notification email (<strong>sent prior to either hosting libssl/libcrypto or committing code that binds to it</strong>), the ASF and the OpenSSL project should be listed as manufacturers, since both organizations produce encryption items included in the product. See the more generic <a href="#faq-twocryptos">Q&A on this topic.</a></p>
<h4 id="faq-linkedtolibssl">If my project ships a binary that provides bindings to OpenSSL, but does not include its source or binaries, what notifications must be made?<a class="headerlink" href="#faq-linkedtolibssl" title="Permanent link">¶</a></h4>
+
<p>The only required notification for an Apache project that is specially designed to use, but doesn't include, such crypto, is the notification for the ASF product code.</p>
<h4 id="faq-nonamerican">Why should I, who am not a U.S. citizen nor resident, be constrained by some U.S. law?<a class="headerlink" href="#faq-nonamerican" title="Permanent link">¶</a></h4>
+
<p>The ASF is a U.S.-based corporation and must comply with U.S. export controls. Incidentally, the U.S. is not the only country with controls on cryptography. Many other nations have similar restrictions, primarily driven by the <a href="https://www.wassenaar.org" target="_blank"> Wassenaar Arrangement</a>.</p>
<h4 id="faq-digest">Do digest algorithms such as MD5 and SHA1 require notification?<a class="headerlink" href="#faq-digest" title="Permanent link">¶</a></h4>
-No. One-way algorithms such as MD5 or SHA1, or more sophisticated implementations, do not require notification. Only encryption algorithms do.
-
+<p>No. One-way algorithms such as MD5 or SHA1, or more sophisticated implementations, do not require notification. Only encryption algorithms do.</p>
</div>
</div>
</div>
diff --git a/output/cwiki.html b/output/cwiki.html
index 50c0a8f..2177fae 100644
--- a/output/cwiki.html
+++ b/output/cwiki.html
@@ -81,11 +81,11 @@
<li><a href="#faqs">FAQs</a></li>
</ul>
<h2 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link">¶</a></h2>
-Every Apache Software Foundation project can establish, manage, and populate a space on the <a href="https://cwiki.apache.org/confluence/" target="_blank">Confluence Wiki</a> (cwiki) that Infra maintains for the ASF. Projects can use this space to share and store important information, code snippets, and project procedures. Some projects also use their wiki space to provide product documentation for end users.
+<p>Every Apache Software Foundation project can establish, manage, and populate a space on the <a href="https://cwiki.apache.org/confluence/" target="_blank">Confluence Wiki</a> (cwiki) that Infra maintains for the ASF. Projects can use this space to share and store important information, code snippets, and project procedures. Some projects also use their wiki space to provide product documentation for end users.</p>
<p>Many thanks to <a href="http://www.atlassian.com/" target="_blank">Atlassian Software Systems</a> for providing to the ASF a free license for this service.</p>
<p><strong>Note</strong> To deal with the creation of spammy accounts and risks to ASF and project information on the wiki, we have limited account-creation: committers and ASF members can automatically log in to the ASF Confluence Wiki without creating an account. At the moment people who do not have an ASF LDAP account <strong>cannot</strong> create an account in the wiki.</p>
<h2 id="getting">Getting your project cwiki space<a class="headerlink" href="#getting" title="Permanent link">¶</a></h2>
-Your ASF Project PMC can request creation of a new space.
+<p>Your ASF Project PMC can request creation of a new space.</p>
<ul>
<li>On the <a href="https://selfserve.apache.org/" target="_blank">Self-Service portal</a> select <em>Create a new Confluence space</em>.</li>
<li>Include the cwiki account name of a PMC member (preferably the PMC chair) who will help administer the space.</li>
@@ -93,6 +93,7 @@
</ul>
<p>When Infra creates the space, it sets up a $project-committer group (or equivalent) with full rights to the project's space.</p>
<h2 id="managing">Managing your cwiki space<a class="headerlink" href="#managing" title="Permanent link">¶</a></h2>
+
<ul>
<li>Each project community manages its own cwiki space and can decide how best to arrange and populate its pages.</li>
<li>Your cwiki space has a permissions feature that lets you set access levels for various areas of the space or its individual pages. If your project is using part of the space for end-user documentation, it can leave that section without access restrictions, while restricting access to other areas to project committers.</li>
@@ -100,28 +101,28 @@
<li>You can create user groups in addition to the standard groups:</li>
</ul>
<h2 id="watching">Watching a cwiki page<a class="headerlink" href="#watching" title="Permanent link">¶</a></h2>
-Cwiki users, including those not involved in a project, can 'watch' pages in a project's space to receive update notices when information on that page changes.
-<p>To watch a page:</p>
+<p>Cwiki users, including those not involved in a project, can 'watch' pages in a project's space to receive update notices when information on that page changes. </p>
+<p>To watch a page: </p>
<ul>
<li>Log in in to the ASF cwiki.</li>
<li>Locate the page you want to watch.</li>
-<li>Click <strong>Watch</strong> on the top menu bar.</li>
+<li>Click <strong>Watch</strong> on the top menu bar. </li>
</ul>
<p>To stop watching a page:</p>
<ul>
<li>Log in in to the ASF cwiki.</li>
<li>Click your profile icon at the top right of the wiki page.</li>
-<li>From the dropdown menu that appears, select <strong>Watches</strong>.</li>
+<li>From the dropdown menu that appears, select <strong>Watches</strong>. </li>
<li>The list of pages you are watching appears, and you can remove those you no longer want to watch.</li>
</ul>
<p>Infra can help you set up a role account that can watch for any changes in your space and send notices about them to an email list. This can lead to a large amount of traffic, so you can choose a digest option that provides a daily summary of changes.</p>
<h2 id="faqs">FAQs<a class="headerlink" href="#faqs" title="Permanent link">¶</a></h2>
+
<p><strong>Can anyone add to a page?</strong> As noted above, editing a page is restricted to people who have submitted a signed CLA to the ASF. This is to make clear that the individual intends to contribute the copyright on the documentation to the ASF.</p>
<p>However, your cwiki space supports comments, and any logged-in page visitor can add suggestions or ask questions.</p>
<p><strong>What if the site is down?</strong> If the cwiki is down, first check the <a href="http://monitoring.apache.org/status/" target="_blank">ASF Public Network Status page</a>. If the service seems to be down, but Monitoring reports it as OK, then please email <code>infra@</code> or post a Jira ticket.</p>
<p>If the Monitoring status shows that the service is offline, then the appropriate people have already been contacted. If the service stays offline for 24 hours, then please file a Jira ticket.</p>
<p><strong>Is the cwiki backed up?</strong> Yes, we store backups of the cwiki so we can restore all content if something bad happens.</p>
-
</div>
</div>
</div>
diff --git a/output/digicert-access.html b/output/digicert-access.html
index 40b821f..2805f39 100644
--- a/output/digicert-access.html
+++ b/output/digicert-access.html
@@ -83,7 +83,6 @@
</ul>
<p>The infra team will then request the account creation and (after a few e-mails and configuring a OTP token) you will have an account that lets you access the <a href="https://one.digicert.com/signingmanager/dashboard" target="_blank">web GUI</a>. Each PMC member must have their own account to access the web GUI.</p>
<p>The code signing is performed locally (no need to upload large files, just the hashes are passed to the central signing service). You can download a client for your preferred tool and platform from the resources section of the web GUI.</p>
-
</div>
</div>
</div>
diff --git a/output/digicert-use.html b/output/digicert-use.html
index d9a2785..ec0bbf4 100644
--- a/output/digicert-use.html
+++ b/output/digicert-use.html
@@ -87,7 +87,7 @@
<p><strong>Note</strong>: The ASF has to pay for each signature using a signing certificate. Using Jenkins to build and sign <strong>releases</strong> using DigiCert ONE is fine. Signing every single <strong>CI build</strong> is not necessary and can become expensive for the Foundation. Please make sure your build process only involves signing certificates for release candidates.</p>
<h3>Step 1: Obtaining a DigiCert ONE account</h3>
<p>Adding a new PMC or a new user to an existing PMC needs to be performed by the infrastructure team. Please open an <a href="https://issues.apache.org/jira/browse/INFRA">INFRA Jira ticket</a> and select code signing as the component.</p>
-<p>When the infrastructure team creates your account you will receive a password reset email. The link in that email is only valid for 12 hours. If you are unable to complete the creation of your account in that time you can request a new password reset email by going to <a href="https://one.digicert.com/" target="_blank">DigiCert ONE</a> and clicking the password reset link. Your username is your ASF email address. You should then receive a new password reset email you can use to set your password.</p>
+<p>When the infrastructure team creates your account you will receive a password reset email. The link in that email is only valid for 12 hours. If you are unable to complete the creation of your account in that time you can request a new password reset email by going to <a href="https://one.digicert.com/" target="_blank">DigiCert ONE</a> and clicking the password reset link. Your username is your ASF email address. You should then receive a new password reset email you can use to set your password. </p>
<p>You also need to configure your OTP token. Officially, only Google authenticator is supported but any similar tool should also work.</p>
<h3>Step 2: Obtaining credentials for code signing</h3>
<p>Whatever you need to sign and however you choose to sign it, you need to create credentials to use the signing API. You create these via the DigiCert ONE web interface.</p>
@@ -132,35 +132,26 @@
<p>To sign a file with SHA-256 rather than SHA-512 use <code>... /fd sha256...</code> rather than <code>... /fd sha512 ...</code>.</p>
<h4>Signing on Windows binaries on Windows or Linux with JSign 4.0+ Ant task</h4>
<ol>
-<li>
-<p>Make the JSign JAR from <a href="https://search.maven.org/artifact/net.jsign/jsign">Maven Central</a> available to Ant.</p>
-</li>
-<li>
-<p>The DigiCert ONE specific properties for the JSign task in Antshould be as follows:</p>
-<pre><code> storetype="DIGICERTONE"
- storepass="<api-key>|<path-to-client-certificate>|<client-certificate-passphrase>"
- alias="<name-of-signing-certificate>"
- tsaurl="http://timestamp.digicert.com"
-</code></pre>
+<li>Make the JSign JAR from <a href="https://search.maven.org/artifact/net.jsign/jsign">Maven Central</a> available to Ant.</li>
+<li>The DigiCert ONE specific properties for the JSign task in Antshould be as follows:<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="nx">storetype</span><span class="p">=</span><span class="s">"DIGICERTONE"</span>
+<span class="w"> </span><span class="nx">storepass</span><span class="p">=</span><span class="s">"<api-key>|<path-to-client-certificate>|<client-certificate-passphrase>"</span>
+<span class="w"> </span><span class="kd">alias</span><span class="p">=</span><span class="s">"<name-of-signing-certificate>"</span>
+<span class="w"> </span><span class="nx">tsaurl</span><span class="p">=</span><span class="s">"http://timestamp.digicert.com"</span>
+</code></pre></div>
+
</li>
</ol>
<h4>Signing Windows binaries on Linux with JSign 4.0+</h4>
<ol>
-<li>
-<p>Download jsign <code>wget https://github.com/ebourg/jsign/releases/download/4.0/jsign_4.0_all.deb</code>.</p>
-</li>
-<li>
-<p>Install jsign <code>sudo dpkg --install jsign_4.0_all.deb</code>.</p>
-</li>
-<li>
-<p>You should then be able to sign with:</p>
-<pre><code> jsign --storetype DIGICERTONE --alias <name-of-signing-certificate> --storepass "<api-key>|<path-to-client-certificate>|<client-certificate-passphrase>" --tsaurl="http://timestamp.digicert.com" application.exe
-</code></pre>
+<li>Download jsign <code>wget https://github.com/ebourg/jsign/releases/download/4.0/jsign_4.0_all.deb</code>.</li>
+<li>Install jsign <code>sudo dpkg --install jsign_4.0_all.deb</code>.</li>
+<li>You should then be able to sign with:<div class="highlight"><pre><span></span><code><span class="nx">jsign</span><span class="w"> </span><span class="o">--</span><span class="nx">storetype</span><span class="w"> </span><span class="nx">DIGICERTONE</span><span class="w"> </span><span class="o">--</span><span class="kd">alias</span><span class="w"> </span><span class="p"><</span><span class="nx">name</span><span class="o">-</span><span class="nx">of</span><span class="o">-</span><span class="nx">signing</span><span class="o">-</span><span class="nx">certificate</span><span class="p">></span><span class="w"> </span><span class="o">--</span><span class="nx">storepass</span><span class="w"> </span><span class="s">"<api-key>|<path-to-client-certificate>|<client-certificate-passphrase>"</span><span class="w"> </span><span class="o">--</span><span class="nx">tsaurl</span><span class="p">=</span><span class="s">"http://timestamp.digicert.com"</span><span class="w"> </span><span class="nx">application</span><span class="p">.</span><span class="nx">exe</span>
+</code></pre></div>
+
</li>
</ol>
<h4>Other signing formats, tools and operating systems</h4>
<p>See the client user guide.</p>
-
</div>
</div>
</div>
diff --git a/output/doc.html b/output/doc.html
index be6f9b5..9d86f0a 100644
--- a/output/doc.html
+++ b/output/doc.html
@@ -93,16 +93,13 @@
<li><a href="version-control.html">Project source code repositories</a></li>
<li><a href="repository-faq.html">Repositories for Maven releases and snapshots</a></li>
<li><a href="https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features" target="_blank">.asf.yaml features for Git repositories</a></li>
-<li><a href="github-actions-secrets.html">GitHub Actions and Secrets</a>
-<ul>
+<li><a href="github-actions-secrets.html">GitHub Actions and Secrets</a></li>
<li><a href="github-actions-policy.html">GitHub Actions policy</a></li>
</ul>
-</li>
-</ul>
<h4>Build and release</h4>
<ul>
<li><a href="release-publishing.html">Release creation process</a></li>
-<li>Creating optional <a href="publishing-maven-artifacts.html">Maven releases</a></li>
+<li>Creating optional <a href="publishing-maven-artifacts.html">Maven releases</a> </li>
<li><a href="release-signing.html">Signing releases</a></li>
<li><a href="openpgp.html">Cryptography with OpenPGP</a></li>
<li><a href="release-distribution.html">Release distribution policy</a></li>
@@ -131,7 +128,7 @@
<ul>
<li><a href="new-committers-guide.html">New committer's guide</a></li>
<li><a href="committer-email.html">Managing your Apache email address</a></li>
-<li><a href="https://people.apache.org" target="_blank">Apache People</a> provides a simple phone book-like
+<li><a href="https://people.apache.org" target="_blank">Apache People</a> provides a simple phone book-like
lookup for Apache Committers.</li>
<li><a href="https://whimsy.apache.org/" target="_blank">The Whimsy Project</a> provides a number of committer-specific tools for finding information about Apache people.</li>
<li><a href="key-transition.html">Transitioning to a new PGP key</a></li>
@@ -145,8 +142,7 @@
<p><a href="contributors.html">New contributor's guide</a></p>
<h3>Infra Wiki</h3>
<p>The <a href="https://cwiki.apache.org/confluence/display/INFRA/" target="_blank">Infra Wiki</a> provides scripts, how-to articles, and code samples. Most pages support the functions of the Infra team, but a great deal of material has guidance for project committers and PMCs.</p>
-<p>You can also browse the complete <a href="https://cwiki.apache.org/" target="_blank">ASF Wiki</a>.</p>
-
+<p>You can also browse the complete <a href="https://cwiki.apache.org/" target="_blank" >ASF Wiki</a>.</p>
</div>
</div>
</div>
diff --git a/output/docker-hub-policy.html b/output/docker-hub-policy.html
index ef49fea..5368c84 100644
--- a/output/docker-hub-policy.html
+++ b/output/docker-hub-policy.html
@@ -73,11 +73,11 @@
<h1>
Docker Hub use policy
</h1>
- <p><strong>Docker</strong> is an open source containerization platform. Developers can package applications in <strong>containers</strong>, components combining application source code with the operating system (OS) libraries and dependencies required to run that code in any environment.</p>
+ <p>license: https://www.apache.org/licenses/LICENSE-2.0</p>
+<p><strong>Docker</strong> is an open source containerization platform. Developers can package applications in <strong>containers</strong>, components combining application source code with the operating system (OS) libraries and dependencies required to run that code in any environment. </p>
<p><a href="https://hub.docker.com/" target="_blank">Docker Hub</a> is the world's largest public registry for hosting Docker images. It is the default download source when you are working with Docker.</p>
<p>A <strong>Docker image</strong> is a file with a set of instructions for building a Docker container. It is like a snapshot in virtual machine (VM) environments. When a user runs an image, it can become one or many instances of a container.</p>
<p>PMCs can host product releases on Docker Hub for users to download, build, and deploy. The ASF has a limited number of Docker Hub seats, so there is a limit of <strong>two seats per PMC</strong>. Request a seat or seats for your PMC in a Jira ticket for Infra, with a link to the PMC email conversation that justifies the request. If you feel your PMC needs additional seats, explain the special circumstances in the ticket.</p>
-
</div>
</div>
</div>
diff --git a/output/feeds/all-en.atom.xml b/output/feeds/all-en.atom.xml
index c6d8540..431da54 100644
--- a/output/feeds/all-en.atom.xml
+++ b/output/feeds/all-en.atom.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom"><title>Apache Infrastructure Website</title><link href="https://infra.apache.org/" rel="alternate"></link><link href="https://infra.apache.org/feeds/all-en.atom.xml" rel="self"></link><id>https://infra.apache.org/</id><updated>2024-04-25T00:00:00+00:00</updated><entry><title>Inside Infra April 2024</title><link href="https://infra.apache.org/blog/newsletter_04_24.html" rel="alternate"></link><published>2024-04-25T00:00:00+00:00</published><updated>2024-04-25T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-04-25:/blog/newsletter_04_24.html</id><summary type="html"><p>Welcome to <em>Inside Infra</em> for April, 2024.</p>
+<feed xmlns="http://www.w3.org/2005/Atom"><title>Apache Infrastructure Website</title><link href="https://infra.apache.org/" rel="alternate"></link><link href="https://infra.apache.org/feeds/all-en.atom.xml" rel="self"></link><id>https://infra.apache.org/</id><updated>2024-04-25T00:00:00+00:00</updated><entry><title>Inside Infra April 2024</title><link href="https://infra.apache.org/blog/inside-infra-april-2024.html" rel="alternate"></link><published>2024-04-25T00:00:00+00:00</published><updated>2024-04-25T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-04-25:/blog/inside-infra-april-2024.html</id><summary type="html"><p>Welcome to <em>Inside Infra</em> for April, 2024.</p>
<h2>Infra Reporting Dashboard</h2>
<p>The dashboard, at <a href="https://infra-reports.apache.org/" target="_blank">infra-reports.apache.org</a>, provides a collection of reports on the overall health and activity of the infrastructure at the ASF. These reports can be helpful in understanding the status of all the ASF 'under the hood' resources …</p></summary><content type="html"><p>Welcome to <em>Inside Infra</em> for April, 2024.</p>
<h2>Infra Reporting Dashboard</h2>
@@ -7,17 +7,17 @@
<p>Some of the reports are open to the public, while others are restricted to those who genuinely need them; see the documentation at <a href="https://infra.apache.org/infra-reports.html" target="_blank">infra.apache.org/infra-reports.html</a>.</p>
<h2>MFA at the ASF</h2>
<p>Infra is working on policies to cover use of multi-factor authorization (MFA) at The ASF, and tooling to support and enable those policies. The goal is to provide the best-possible security for user accounts at the lowest reasonable level of disruption to work processes.</p>
-<p>The draft of the main MFA policy, with a link to the policy on restoring MFA when someone has lost a key element of it, is available at <a href="https://infra.apache.org/mfa.html" target="_blank">infra.apache.org/mfa.html</a>.</p>
+<p>The draft of the main MFA policy, with a link to the policy on restoring MFA when someone has lost a key element of it, is available at <a href="https://infra.apache.org/mfa.html" target="_blank">infra.apache.org/mfa.html</a>. </p>
<p>As we refine the policy and bring the tools to support it online, we will update the policy page. We will make a general announcement when we are close to bringing MFA live for The ASF and its projects.</p>
<h2>Roundtable</h2>
<p>There was no April roundtable.</p>
-<p>The May Roundtable will be on Wednesday, May 8, 2024, 1700 UTC. The topic of the day will be "How PMCs can use the STeVe voting tool", with a live demonstration. There will probably also be time for unstructured discussion about other issues and concerns related to infrastructure.</p>
+<p>The May Roundtable will be on Wednesday, May 8, 2024, 1700 UTC. The topic of the day will be "How PMCs can use the STeVe voting tool", with a live demonstration. There will probably also be time for unstructured discussion about other issues and concerns related to infrastructure. </p>
<p>Info about the roundtables is at <a href="https://infra.apache.org/roundtable.html" target="_blank">infra.apache.org/roundtable.html</a>.</p>
<h2>Access to the Confluence Wiki</h2>
<p>To deal with the creation of spammy accounts and risks to ASF and project information on the wiki, we have limited account-creation: committers and ASF members can automatically log in to the ASF Confluence Wiki without creating an account. At the moment people who do not have an ASF LDAP account <strong>cannot</strong> create an account in the wiki.</p>
<hr/>
-<p>The next issue of <em>Inside Infra</em> will appear near the end of May, 2024.</p>
-</content><category term="blog"></category></entry><entry><title>Inside Infra March 2024</title><link href="https://infra.apache.org/blog/newsletter_03_24.html" rel="alternate"></link><published>2024-03-23T00:00:00+00:00</published><updated>2024-03-23T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-03-23:/blog/newsletter_03_24.html</id><summary type="html"><p>Welcome to <strong>Inside Infra</strong> for March, 2024.</p>
+
+<p>The next issue of <em>Inside Infra</em> will appear near the end of May, 2024.</p></content><category term="blog"></category></entry><entry><title>Inside Infra March 2024</title><link href="https://infra.apache.org/blog/inside-infra-march-2024.html" rel="alternate"></link><published>2024-03-23T00:00:00+00:00</published><updated>2024-03-23T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-03-23:/blog/inside-infra-march-2024.html</id><summary type="html"><p>Welcome to <strong>Inside Infra</strong> for March, 2024.</p>
<h3>Policy change on use of GitHub Actions</h3>
<p>Due to misconfigurations in their builds, some projects have been using unsupportable numbers of GitHub Actions. As part of fixing this situation, Infra has added a 'resource use' section to the policy on GitHub Actions. This …</p></summary><content type="html"><p>Welcome to <strong>Inside Infra</strong> for March, 2024.</p>
<h3>Policy change on use of GitHub Actions</h3>
@@ -29,26 +29,25 @@
<li>The average number of minutes a project uses in any consecutive five-day period MUST NOT exceed the equivalent of 30 full-time runners (216,000 minutes, or 3,600 hours).</li>
<li>Projects whose builds consistently cross the maximum use limits will lose their access to GitHub Actions until they fix their build configurations.</li>
</ul>
-<p>The full policy is at <a href="https://infra.apache.org/github-actions-policy.html" target="_blank"><a href="https://infra.apache.org/github-actions-policy.html">https://infra.apache.org/github-actions-policy.html</a></a>.</p>
+<p>The full policy is at <a href="https://infra.apache.org/github-actions-policy.html" target="_blank">https://infra.apache.org/github-actions-policy.html</a>.</p>
<h3>Roundtable summary</h3>
<p>In the Roundtable of March 3, 2024, Clay Johnson of Gradle outlined the testing features that come with Develocity, focussing on their use with Gradle and Maven. For instance:</p>
<ul>
<li>The build scan gives insights into what goes on in a build, and can help a project quickly focus on tests that are failing or flaky, and address related code issues.</li>
<li>Predictive test selection can speed up certain types of builds by skipping the tests that are not relevant to the build.</li>
</ul>
-<p>A fuller summary of this discussion, and conversation about GitHub Runners and other topics, is at <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable+2024-03-06%2C+17%3A00+UTC" target="_blank"><a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable+2024-03-06%2C+17%3A00+UTC">https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable+2024-03-06%2C+17%3A00+UTC</a></a>, and is available to ASF Members and Committers.</p>
+<p>A fuller summary of this discussion, and conversation about GitHub Runners and other topics, is at <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable+2024-03-06%2C+17%3A00+UTC" target="_blank">https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable+2024-03-06%2C+17%3A00+UTC</a>, and is available to ASF Members and Committers.</p>
<p><strong>Note</strong>: There will be <strong>no April 2024 Roundtable</strong>. The series will resume in May.</p>
<h3>The end of Apache Paste Bucket?</h3>
<p>In 2013 Infra rolled out Apache Paste Bucket (<code>http://paste.apache.org/</code>). In a blog entry at the time, we described it as an "ASF-driven site for posting snippets, scripts, logging output, configurations and much more and sharing them with the world."</p>
<p>The tool has seen some use over the past decade, but has had very little traffic in the last couple of years. To keep Apache Paste Bucket available, the code would require a significant upgrade. Unless we hear that the tool is important to some part of the ASF community, we plan to shut down Apache Paste in the near future.</p>
<hr/>
-The next newsletter will appear toward the end of April, 2024.
-</content><category term="blog"></category></entry><entry><title>Inside Infra February 2024</title><link href="https://infra.apache.org/blog/newsletter_02_24.html" rel="alternate"></link><published>2024-02-20T00:00:00+00:00</published><updated>2024-02-20T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-02-20:/blog/newsletter_02_24.html</id><summary type="html"><p><em>Hello, all!</em></p>
+<p>The next newsletter will appear toward the end of April, 2024.</p></content><category term="blog"></category></entry><entry><title>Inside Infra February 2024</title><link href="https://infra.apache.org/blog/inside-infra-february-2024.html" rel="alternate"></link><published>2024-02-20T00:00:00+00:00</published><updated>2024-02-20T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-02-20:/blog/inside-infra-february-2024.html</id><summary type="html"><p><em>Hello, all!</em></p>
<h2>Newsletter name</h2>
-<p>Our very unscientific poll showed that "Inside Infra" has the most support as a name for this newsletter, so that is what we shall be.</p>
+<p>Our very unscientific poll showed that "Inside Infra" has the most support as a name for this newsletter, so that is what we shall be. </p>
<p><strong>Note</strong>: in 2020 the main ASF blog published a series of interviews with Infra team members also called "Inside Infra". Links …</p></summary><content type="html"><p><em>Hello, all!</em></p>
<h2>Newsletter name</h2>
-<p>Our very unscientific poll showed that "Inside Infra" has the most support as a name for this newsletter, so that is what we shall be.</p>
+<p>Our very unscientific poll showed that "Inside Infra" has the most support as a name for this newsletter, so that is what we shall be. </p>
<p><strong>Note</strong>: in 2020 the main ASF blog published a series of interviews with Infra team members also called "Inside Infra". Links to the interviews are available at <a href="https://cwiki.apache.org/confluence/display/INFRA/The+Infrastructure+team" target="_blank">The Infrastructure team</a>.</p>
<h2>2023 year-end survey</h2>
<p>We held our second annual year-end survey and got a lot of participation. Overall satisfaction with Infra's work seems high, but there were also a series of very useful suggestions and ideas. This newsletter, in fact, is a response to one of the suggestions.</p>
@@ -83,8 +82,7 @@
still be rejected.</p>
<h2>Excellent questions</h2>
<p>Some of the best stuff Infra does has evolved from project members' questions and suggestions. If you have an infrastructure-related question, feel free to ask it on the <code>users@infra.apache.org</code> email list. We may share your question, and our answer to it, in a coming newslette</p>
-<p><em>That's it until next month!</em></p>
-</content><category term="blog"></category></entry><entry><title>2023 Infra Survey Results</title><link href="https://infra.apache.org/blog/2023%20Infra%20Survey%20Results.html" rel="alternate"></link><published>2024-02-13T00:00:00+00:00</published><updated>2024-02-13T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-02-13:/blog/2023 Infra Survey Results.html</id><summary type="html"><p>More than 50 people posted responses to our 2023 'year in review' survey. Here is a summary of the responses to questions and the comments added in each section.</p>
+<p><em>That's it until next month!</em></p></content><category term="blog"></category></entry><entry><title>2023 Infra Survey Results</title><link href="https://infra.apache.org/blog/2023-infra-survey-results.html" rel="alternate"></link><published>2024-02-13T00:00:00+00:00</published><updated>2024-02-13T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-02-13:/blog/2023-infra-survey-results.html</id><summary type="html"><p>More than 50 people posted responses to our 2023 'year in review' survey. Here is a summary of the responses to questions and the comments added in each section.</p>
<p>We're grateful to those who took the time to fill out the survey. Without feedback like this, the Infra team can …</p></summary><content type="html"><p>More than 50 people posted responses to our 2023 'year in review' survey. Here is a summary of the responses to questions and the comments added in each section.</p>
<p>We're grateful to those who took the time to fill out the survey. Without feedback like this, the Infra team can feel a bit like it is flailing around in the dark.</p>
<h2>Summary of responses</h2>
@@ -97,13 +95,12 @@
<li>Do not need it / no pressing issues</li>
<li>Timezone issues (the roundtables frequently happen at a time which is more convenient to people in Europe and North American than in Asia)</li>
</ul>
-<p>88.9% say the roundtables &lsquo;provide value&rsquo;.</p>
+<p>88.9% say the roundtables ‘provide value’.</p>
<p>Topics respondents would like roundtables to address:</p>
<ul>
<li>Things Infra is working on that might be useful to PMCs</li>
<li>Vulnerability scanning</li>
-<li>Automation of
-<ul>
+<li>Automation of<ul>
<li>voting</li>
<li>policy compliance verification</li>
<li>releases</li>
@@ -140,27 +137,27 @@
</ul>
<p>We asked which existing services need improvement. These areas got the most votes:</p>
<ul>
-<li>CI/CD (Jenkins, BuildBot, GitHub Actions &ndash; 62%</li>
-<li>Issue Tracking (Jira, GitHubIssues, Bugzilla) &ndash; 31%</li>
-<li>Documentation / Wiki pages &ndash; 31%</li>
-<li>Source control (GitHub/GitBox, SVN) &ndash; 19%</li>
-<li>Messaging (Slack, mailing lists) &ndash; 19%</li>
+<li>CI/CD (Jenkins, BuildBot, GitHub Actions – 62%</li>
+<li>Issue Tracking (Jira, GitHubIssues, Bugzilla) – 31%</li>
+<li>Documentation / Wiki pages – 31%</li>
+<li>Source control (GitHub/GitBox, SVN) – 19%</li>
+<li>Messaging (Slack, mailing lists) – 19% </li>
</ul>
<p>Comments:</p>
<ul>
<li>Archived blog content is greatly bit rotted with no way to fix; no good modern blogging options</li>
-<li>ASF project websites vary widely in visual appeal and functionality. How to make it easier to quickly set up &lsquo;modern looking&rsquo; websites?</li>
-<li>Issue tracking &ndash; automated scripts to migrate existing issues from Jira to GitHub Issues.</li>
-<li>Fix tool sprawl &ndash; self-serve, whimsy, reporter, cveprocess...</li>
+<li>ASF project websites vary widely in visual appeal and functionality. How to make it easier to quickly set up ‘modern looking’ websites?</li>
+<li>Issue tracking – automated scripts to migrate existing issues from Jira to GitHub Issues.</li>
+<li>Fix tool sprawl – self-serve, whimsy, reporter, cveprocess...</li>
<li>Jenkins seems outdated. Would prefer something like Concourse.</li>
-<li>Research an official Stack Overflow integration as an alternative to users&rsquo; lists?</li>
-<li>In CI/CD, we don&rsquo;t really have any CD. Where can we deploy test apps?</li>
+<li>Research an official Stack Overflow integration as an alternative to users’ lists?</li>
+<li>In CI/CD, we don’t really have any CD. Where can we deploy test apps?</li>
<li>Docker Images.</li>
<li>More control over Docker Hub repos.</li>
<li>Builds are sometimes flaky because of disk-full error, broken hardware, missing build tools...</li>
<li>Builds are very slow for projects with a large number of modules and different workflows for different test suites. Such projects need more dedicated resources.</li>
-<li>It&rsquo;s easy for projects to configure build pipelines that don&rsquo;t work well.</li>
-<li>I shouldn&rsquo;t have to create a filter to understand the context of an email from the ASF.</li>
+<li>It’s easy for projects to configure build pipelines that don’t work well.</li>
+<li>I shouldn’t have to create a filter to understand the context of an email from the ASF.</li>
<li>Struggling to find good documentation on Buildbot hosts, in particular for setting up a Windows build.</li>
<li>In a multilanguage project, Kotlin is not counted.</li>
<li>Mailing list noise from GitHub/GitBox. Drop messages from some bots.</li>
@@ -171,15 +168,15 @@
<li>Jenkins builds should be containerized and isolated from one another, so one build does not bring down a node for everybody else. Need guaranteed minimum performance for performance-sensitive build tests.</li>
<li>Improve the messaging of Jira to the mailing lists.</li>
</ul>
-<h3>New Year&rsquo;s resolutions for projects:</h3>
+<h3>New Year’s resolutions for projects:</h3>
<ul>
<li>Hope to make more frequent releases (multiple mentions).</li>
<li>Get it fully, reproducibly built with OID integration to release it via Trusted Publishing to PyPI.</li>
-<li>Reduce &lsquo;onboarding barriers&rsquo; and bridging projects for more synergy.</li>
+<li>Reduce ‘onboarding barriers’ and bridging projects for more synergy.</li>
<li>Add documentation tutorials.</li>
<li>Attracting more people to work on the documentation.</li>
</ul>
-<h3>New Year&rsquo;s hopes to get from Infra, the ASF, from your project</h3>
+<h3>New Year’s hopes to get from Infra, the ASF, from your project</h3>
<ul>
<li>Easy to use and secure package and releasing platform (Working on it!)</li>
<li>More reliability</li>
@@ -192,14 +189,13 @@
</ul>
<h3>Feedback for the Infra team:</h3>
<p>Most of the comments were positive, with thanks for our efforts and good wishes for the new year.</p>
-<p>And there was one &ldquo;Well, there is that one guy...&rdquo; (working on it!)</p>
-</content><category term="blog"></category></entry><entry><title>The Infra Newsletter January 2024</title><link href="https://infra.apache.org/blog/newsletter_01_24.html" rel="alternate"></link><published>2024-01-20T00:00:00+00:00</published><updated>2024-01-20T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-01-20:/blog/newsletter_01_24.html</id><summary type="html"><p>Hi, all!</p>
+<p>And there was one “Well, there is that one guy...” (working on it!)</p></content><category term="blog"></category></entry><entry><title>The Infra Newsletter January 2024</title><link href="https://infra.apache.org/blog/the-infra-newsletter-january-2024.html" rel="alternate"></link><published>2024-01-20T00:00:00+00:00</published><updated>2024-01-20T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-01-20:/blog/the-infra-newsletter-january-2024.html</id><summary type="html"><p>Hi, all!</p>
<p>Someone who responded to our annual survey (see below) suggested that we start a newsletter to share developments and other news. The suggester thought we should send it to the <code>dev@</code> list of every PMC and PPMC, but we are going to start with a more limited distribution …</p></summary><content type="html"><p>Hi, all!</p>
<p>Someone who responded to our annual survey (see below) suggested that we start a newsletter to share developments and other news. The suggester thought we should send it to the <code>dev@</code> list of every PMC and PPMC, but we are going to start with a more limited distribution and see if the benefit to readers outweighs the additional email traffic. If you would like to get each issue in your email inbox, make sure you are subscribed to <code>users@infra.apache.org</code>.</p>
<p>The complete text of each month's newsletter appears here on the Infra blog.</p>
<p>Expect to see a new installment of the newsletter toward the end of each month. If you have suggestions, please share them in an email to <code>users@infra.apache.org</code>.</p>
<h2>The Infra year-end survey</h2>
-<p>As we start 2024, we're using a survey to review infrastructure developments and plans for the ASF. We will compile responses into an anonymized report to share with the whole ASF community and to provide the Infrastructure team with insights that may help us improve our work in the new year.</p>
+<p>As we start 2024, we're using a survey to review infrastructure developments and plans for the ASF. We will compile responses into an anonymized report to share with the whole ASF community and to provide the Infrastructure team with insights that may help us improve our work in the new year. </p>
<p>If you have not had a chance to fill out the survey yet, <a href="https://forms.gle/rQwYykCuP3Z1ij5Z9" target="_blank">it is here</a>. It will be active until <strong>February 2, 2024</strong>.</p>
<h2>The Infra Roundtable</h2>
<p>Last year the Infrastructure team started holding monthly <strong>Roundtable</strong> meetings, in response to requests for a way to discuss infrastructure issues and initiatives. In 2023, we held ten such meetings, usually on the first Wednesday of each month. One meeting was face-to-face, as a part of Community Over Code North America.</p>
@@ -211,8 +207,7 @@
<p>While Infra will be taking part in both <strong>Community over Code</strong> (CoC) <strong>Europe</strong> and <strong>CoC North America</strong> in 2024, we will not be able to send team members to <strong>CoC Asia</strong>. It would be great if anyone attending could pass on to us, by email or through our Slack channel, insights or issues discussed at the conference that are relevant to Infra.</p>
<h2>What's in a name?</h2>
<p>What should we call this thing? "The Infra Newsletter" is straightforward, but maybe not all that catchy. "Infractions", while being a cute mashup of "Infra" and "actions", may not be clear to readers for whom English is not their best language.</p>
-<p>Use <a href="https://forms.gle/TCEDGdE9VHM45CGJA" target="_blank">this link</a> to vote for a name you prefer for the Infra newsletter: The poll is on Google Drive, but you do not have to log in to use it. The poll will stay open until <strong>February 5, 2024</strong>.</p>
-</content><category term="blog"></category></entry><entry><title>Add your wisdom to Infra</title><link href="https://infra.apache.org/blog/add_wisdom.html" rel="alternate"></link><published>2023-11-17T01:55:55+00:00</published><updated>2023-11-17T01:55:55+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2023-11-17:/blog/add_wisdom.html</id><summary type="html"><p>Committers, contributors, and ASF Members have a wealth of information about every aspect of software and community development. When we share our knowledge, its reach multiplies and our effectiveness increases.</p>
+<p>Use <a href="https://forms.gle/TCEDGdE9VHM45CGJA" target="_blank">this link</a> to vote for a name you prefer for the Infra newsletter: The poll is on Google Drive, but you do not have to log in to use it. The poll will stay open until <strong>February 5, 2024</strong>.</p></content><category term="blog"></category></entry><entry><title>Add your wisdom to Infra</title><link href="https://infra.apache.org/blog/add-your-wisdom-to-infra.html" rel="alternate"></link><published>2023-11-17T01:55:55+00:00</published><updated>2023-11-17T01:55:55+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2023-11-17:/blog/add-your-wisdom-to-infra.html</id><summary type="html"><p>Committers, contributors, and ASF Members have a wealth of information about every aspect of software and community development. When we share our knowledge, its reach multiplies and our effectiveness increases.</p>
<p>For the infrastructure that supports all our efforts at the ASF, here are some ways to share what you know …</p></summary><content type="html"><p>Committers, contributors, and ASF Members have a wealth of information about every aspect of software and community development. When we share our knowledge, its reach multiplies and our effectiveness increases.</p>
<p>For the infrastructure that supports all our efforts at the ASF, here are some ways to share what you know with the folks with the greatest need to hear it:</p>
<p><strong>Share your smarts</strong></p>
@@ -220,11 +215,9 @@
<p>The issues range in complexity. Any committer or ASF Member is well-positioned to answer all but the most gnarly ones.</p>
<p><strong>Join the Roundtables</strong></p>
<p>Infra holds regular roundtable discussions on important topics in the World of Infrastructure. These are not lectures, where an Infra member holds forth and everybody is supposed to sit in respectful silence. Rather, the Infra team is hoping to gain insights and guidance from members of the ASF community that will improve how the team works or a tool it is developing.</p>
-<p>The roundtables usually take place on the <strong>first Wednesday of each month</strong>, on the <code>#roundtable</code> channel in the <code>the-ASF</code> workspace on Slack. They are available to anyone who can access the ASF workspace on Slack: basically, committers and Members.</p>
-<ul>
-<li>Here are <a href="https://infra.apache.org/roundtable.html" target="_blank">details about the Roundtables</a>, including information on joining the <code>#roundtable</code> channel.</li>
-<li>We don't record the sessions, but we do take <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable" target="_blank">copious notes</a>.</li>
-</ul>
+<p>The roundtables usually take place on the <strong>first Wednesday of each month</strong>, on the <code>#roundtable</code> channel in the <code>the-ASF</code> workspace on Slack. They are available to anyone who can access the ASF workspace on Slack: basically, committers and Members.
+ - Here are <a href="https://infra.apache.org/roundtable.html" target="_blank">details about the Roundtables</a>, including information on joining the <code>#roundtable</code> channel.
+ - We don't record the sessions, but we do take <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable" target="_blank">copious notes</a>.</p>
<p><strong>Build better builds</strong></p>
<p>A group meets regularly (usually the second Thursday of the month) in the <code>#builds</code> channel in the <code>the-ASF</code> workspace on Slack to explore issues related to builds of ASF projects' products. You are welcome whether you have a puzzle you need help solving, or some insights that may help others.</p>
<p><strong>Re-vision distribution</strong></p>
@@ -240,1343 +233,4 @@
<li>Join the <code>artifacts@infra.apache.org</code> mailing list.</li>
<li>Ask to be invited to the <code>artifact-platform-dev</code> channel in the <code>the-ASF</code> workspace on Slack.</li>
<li>Review the <a href="https://cwiki.apache.org/confluence/display/INFRA/Artifacts+Distribution+Platform" target="_blank">current collection of ideas and issues</a> related to the ADP. Add your thoughts/concerns/insights in the editable pages linked to from that main page. (Note: we have already blue-skied a very complex application. If you suggest another component, we may invite you to help develop it.)</li>
-</ul>
-</content><category term="blog"></category></entry><entry><title>Brand New Self-serve Page</title><link href="https://infra.apache.org/blog/brand-new-selfserve-page.html" rel="alternate"></link><published>2023-03-01T00:00:00+00:00</published><updated>2023-03-01T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2023-03-01:/blog/brand-new-selfserve-page.html</id><summary type="html"><p>Greetings all!</p>
-<p>We're announcing a new look for selfserve.apache.org today! It's a completely updated site, featuring a new layout which we hope will suit everyone better. The new update also cleans up a some tech debt we've had with the old site, so adding new features or integrations …</p></summary><content type="html"><p>Greetings all!</p>
-<p>We're announcing a new look for selfserve.apache.org today! It's a completely updated site, featuring a new layout which we hope will suit everyone better. The new update also cleans up a some tech debt we've had with the old site, so adding new features or integrations should be easier for us to roll out.</p>
-<h4>New Features</h4>
-<p>One of the new features we've also rolled out on selfserve.apache.org is the ability for someone to request a <a href="https://selfserve.apache.org/jira-account.html">public Jira account</a> through the page! We've been trying to develop a way to fight spammers and bad actors for a while on Jira and we know based on feedback that turning off the public signup link has caused some new issues. This is a brand new process whereby someone (existing committer or not) can fill out the form, add some detail as to why they are asking for access, and then a mail is sent to the PMC to approve or deny the request. The requester gets updated when their account is approved or denied, with the PMC having the ability to reply with a reason for denial.</p>
-<p><a href="https://selfserve.apache.org">Feel free to check it out</a>, tell your friends, break it and email <a href="mailto:users@infra.apache.org">users@infra.apache.org</a> with any details! Fun for the entire family!</p>
-</content><category term="blog"></category></entry><entry><title>2022 Infra Survey Results</title><link href="https://infra.apache.org/blog/2022_Infra_Survey_Results.html" rel="alternate"></link><published>2023-01-11T00:00:00+00:00</published><updated>2023-01-11T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2023-01-11:/blog/2022_Infra_Survey_Results.html</id><summary type="html"><h3>Intro</h3>
-<p>I'd like to thank everyone who took time to take the survey. This is the first time that I know of that we've tried something like this, and feedback is very important. I'd also like to take a second to clarify my tone for this article. I'm presenting as …</p></summary><content type="html"><h3>Intro</h3>
-<p>I'd like to thank everyone who took time to take the survey. This is the first time that I know of that we've tried something like this, and feedback is very important. I'd also like to take a second to clarify my tone for this article. I'm presenting as Chris T. the Infra person, not as an ASF Member or committer. So when I say "we" or "us", I'm referring to the other Infra folks, not specifically the Foundation as a whole or any Members. I am not posting the full results, but a summary of the data, as we had some responses that used enough information to identify the person being discussed. Those responses are 100% valid and I don't want to post an incomplete dataset with them removed.</p>
-<h3>Summary of Results</h3>
-<p>We sent the survey to 4109 people (and anyone who went to the blog post would also have been able to complete the survey) and received 80 responses. While that isn't a huge number of results, it's a very manageable dataset to parse through. I also presume that some people submitting responses were conveying information gathered from other participants in their project. There weren't many surprises in responses, as we all know a lot of the pain points. However, it's vital for the Infra team to have data to back up our work and the resources we offer.</p>
-<p>Here are the top subjects that were referred to:</p>
-<ol>
-<li>Public Jira access is a problem</li>
-<li>Communication is a problem
-<ul>
-<li>Open/Public Slack</li>
-<li>General Infra communications</li>
-</ul>
-</li>
-<li>CI/CD is a problem
-<ul>
-<li>Capacity/Speed</li>
-<li>Platforms (Jenkins, Buildbot, GHA, etc.)</li>
-</ul>
-</li>
-<li>Release process is a problem</li>
-</ol>
-<p>The charts reflect the data above:</p>
-<img src="../images/image1.png" width="450"/>
-<img src="../images/image2.png" width="450"/>
-<img src="../images/image3.png" width="450"/>
-<img src="../images/image4.png" width="450"/>
-<h3>Next Steps</h3>
-<p>The easy thing would be to say, &ldquo;Let&rsquo;s fix all the things!&rdquo; To be honest, there is on-going work with all the above issues, but most of them are not subject to a quick fix or a short answer. Now that we have data and a baseline, we&rsquo;ll evaluate and discuss how we&rsquo;re going to address your concerns. Since that I&rsquo;ve never done one of these surveys before, I do not have the next steps laid out, so we&rsquo;ll have to take them together.</p>
-</content><category term="blog"></category></entry><entry><title>The Joy of Feedback (2022 Infra Survey)</title><link href="https://infra.apache.org/blog/the_joy_of_feedback.html" rel="alternate"></link><published>2022-12-01T00:00:00+00:00</published><updated>2022-12-01T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-12-01:/blog/the_joy_of_feedback.html</id><summary type="html"><p>In discussions at ApacheCon in New Orleans, we learned that the three standard methods of communicating with Infra:&nbsp;</p>
-<ul>
-<li>opening a Jira ticket&nbsp;</li>
-<li>sending an email&nbsp;</li>
-<li>posting a message on the <code>#asfinfra</code> Slack channel</li>
-</ul>
-<p>are not ideal for many conversations folks would like to have about The ASF's infrastructure.</p>
-<h2>Roundtable Discussions …</h2></summary><content type="html"><p>In discussions at ApacheCon in New Orleans, we learned that the three standard methods of communicating with Infra:&nbsp;</p>
-<ul>
-<li>opening a Jira ticket&nbsp;</li>
-<li>sending an email&nbsp;</li>
-<li>posting a message on the <code>#asfinfra</code> Slack channel</li>
-</ul>
-<p>are not ideal for many conversations folks would like to have about The ASF's infrastructure.</p>
-<h2>Roundtable Discussions</h2>
-<p>Infra is proposing to hold a monthly roundtable of free-flowing discussion.</p>
-<p>Our idea right now is that each roundtable event will take place in a Slack huddle and will last an hour.&nbsp;
-&nbsp;
-The first (shorter) part will be Infra talking about a topic of interest, something we are planning, or a problem we are facing.
-Then we'll open the floor for everyone to talk about that topic... and about anything else infrastructure-related.</p>
-<p>We'll create a bullet-point summary of what we talked about, and will make the summaries available in our CWiki space.</p>
-<h2>Surveys</h2>
-<p>We'd also like to start using regular surveys to get to understand the heart of the problems that our projects and podlings face.</p>
-<p>Our plan with surveys is two-fold.</p>
-<p>First, to get a finger on the pulse of projects and a "2022 year in review" baseline. Since this is the first time we're trying this. it's likely that future surveys will contain different questions.</p>
-<p>Second, we'll be sending out surveys on a regular basis, something like every six months or so, just to keep a feedback loop going.</p>
-<p>Surveys will be anonymous and results will be posted on the Infra blog. Depending on timing, they will also be discussed in the roundtables if the data is pertinent.</p>
-<p><a href="https://infra.apache.org/surveys/survey-1.html">You can find the survey here</a></p>
-<p>Cheers,</p>
-<ul>
-<li>ASF Infra</li>
-</ul>
-</content><category term="blog"></category></entry><entry><title>New Jenkins Nodes running Windows</title><link href="https://infra.apache.org/blog/new-jenkins-nodes-running-windows.html" rel="alternate"></link><published>2022-11-21T00:00:00+00:00</published><updated>2022-11-21T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-11-21:/blog/new-jenkins-nodes-running-windows.html</id><summary type="html"><p>This afternoon, we rolled out two new Shared Jenkins Nodes, jenkins-win-azr-7 and 8. They are both in rotation, using the labels Windows and Windows-Docker. The second label was put in place as the older nodes can't run Docker Desktop. I've also tried setting these up by cloning disks instead of …</p></summary><content type="html"><p>This afternoon, we rolled out two new Shared Jenkins Nodes, jenkins-win-azr-7 and 8. They are both in rotation, using the labels Windows and Windows-Docker. The second label was put in place as the older nodes can't run Docker Desktop. I've also tried setting these up by cloning disks instead of from the ground up.
-Feel free to test them out, all the usual tools are in place (as well as Docker).</p>
-</content><category term="blog"></category></entry><entry><title>Jira Public Signup Disabled</title><link href="https://infra.apache.org/blog/jira-public-signup-disabled.html" rel="alternate"></link><published>2022-11-11T16:48:00+00:00</published><updated>2022-11-11T16:48:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-11-11:/blog/jira-public-signup-disabled.html</id><summary type="html"><p>Today, the Infrastructure Team took the step to disable public signups to ASF Jira</p>
-<p>This was not done lightly. The main reason for this is the amount of spam and spam accounts that are created every day, it has
-made managing Jira a big effort. In addition, Infra are planning …</p></summary><content type="html"><p>Today, the Infrastructure Team took the step to disable public signups to ASF Jira</p>
-<p>This was not done lightly. The main reason for this is the amount of spam and spam accounts that are created every day, it has
-made managing Jira a big effort. In addition, Infra are planning with Atlassian to move to their Cloud service, where account
-limitations apply; and our current self hosted instance is around 150000 users above the limit required for migration.</p>
-<p>Daily spam account creations undermine our efforts to reduce the user counts and so we must stop the creation of the spam
-accounts themselves, not just the spam issues/comments created from them.</p>
-<p>Projects have for a long time wanted a resolution to the spam problems that plague their Jira Projects, often these spam issues
-and comments go unnoticed, and the added attraction to spammers is that all issues get copied to mailing list archives.</p>
-<p>From now on, until such a time as we migrate to Atlassian Cloud, we ask that Projects themselves take on the task of creating
-the Jira account requests that come in. Projects are encouraged but not required to create a dedicated private mailing list where
-users can email to ask for an account.</p>
-<p>Once an account has been created, that user is then automatically whitelisted to create issues anywhere within our Jira instance.</p>
-<p>We appreciate that this is not as convenient as having public signups on, but we must do this in order to move forward and to
-stop the spam in its entirety.</p>
-<p>Any questions or concerns please feel free to email <a href="mailto:users@infra.apache.org">users@infra.apache.org</a></p>
-<p>Kind Regards</p>
-<p>The ASF Infrastructure Team</p>
-</content><category term="blog"></category></entry><entry><title>Infra blogs has a new home</title><link href="https://infra.apache.org/blog/Blogs%20has%20a%20new%20home.html" rel="alternate"></link><published>2022-10-24T12:54:00+00:00</published><updated>2022-10-24T12:54:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-10-24:/blog/Blogs has a new home.html</id><content type="html"><p>Just moved posts over from blogs.apache.org/infra. New posts all go through the infrastructure-website repo and it should be as easy as posting some markdown.</p>
-</content><category term="blog"></category></entry><entry><title>Email service interruption and restoration July 12, 2022</title><link href="https://infra.apache.org/blog/email-service-interruption-and-restoration.html" rel="alternate"></link><published>2022-07-13T16:41:38+00:00</published><updated>2022-07-13T16:41:38+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-07-13:/blog/email-service-interruption-and-restoration.html</id><summary type="html"><p><b>July 13, 2022</b></p><p><span style='color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>At around 09:11 UTC on Tuesday, July 12th 2022, the primary mailing list server (colloquially known as <b>Hermes</b>) at The Apache Software Foundation suffered a fatal breakdown and became unresponsive.</span><br/></p><p style='margin-bottom: 0px; padding: 0px; color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>The Infrastructure team (Infra) was immediately notified and, in cooperation with our data center provider, attempted …</p></summary><content type="html"><p><b>July 13, 2022</b></p><p><span style='color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>At around 09:11 UTC on Tuesday, July 12th 2022, the primary mailing list server (colloquially known as <b>Hermes</b>) at The Apache Software Foundation suffered a fatal breakdown and became unresponsive.</span><br/></p><p style='margin-bottom: 0px; padding: 0px; color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>The Infrastructure team (Infra) was immediately notified and, in cooperation with our data center provider, attempted to restore services and notify the Foundation of the outage.</p><p style='margin-bottom: 0px; padding: 0px; color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>As restoring the machine to a useful state proved more difficult than we had hoped, and due to the importance of this service to the Foundation, Infra decided to "fail forward" at approximately 14:40 UTC, and migrate all affected mailing lists and accounts to the new replacement mailing list server for the Foundation (<b>mailgw</b>). We had announced the start of this migration on June 15, 2022.</p><p class="auto-cursor-target" style='margin-bottom: 0px; padding: 0px; color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>At approximately 17:33 UTC the bulk of our migration operations had completed, and mail was flowing again. The team continued to address and monitor issues arising as a result of the migration, and the mailing list services were deemed fully operational at approximately 20:00 UTC.</p>
-</content><category term="blog"></category></entry><entry><title>Strengthening the Infra team</title><link href="https://infra.apache.org/blog/strengthening-the-infra-team.html" rel="alternate"></link><published>2022-06-27T12:51:54+00:00</published><updated>2022-06-27T12:51:54+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-06-27:/blog/strengthening-the-infra-team.html</id><summary type="html"><p>Since before the start of COVID-19, the Infrastructure team had one open staff position. We have been able to fill it this year with a strong addition to the team, <b>Chris Wells</b>.</p><p><i>Where do you live?</i></p><p>Birch Run, Michigan, USA. I was born in Flint, Michigan, but I have moved …</p></summary><content type="html"><p>Since before the start of COVID-19, the Infrastructure team had one open staff position. We have been able to fill it this year with a strong addition to the team, <b>Chris Wells</b>.</p><p><i>Where do you live?</i></p><p>Birch Run, Michigan, USA. I was born in Flint, Michigan, but I have moved around a bit between then and now. I lived in Southern California and Per&uacute; for a little while and attended school at Northern Michigan University in Michigan&rsquo;s Upper Peninsula. After all that, I realized that I&rsquo;ve always felt most comfortable in Mid-Michigan, so, here I am.</p><p><i>Family members?</i></p><p>A wife, four children, three cats, three budgies, and a dog.</p><p><i>What was your start date?</i><br/></p><p>January 1st, 2022</p><p><i>Where were you working before here?</i><br/></p><p>The Genesee District Library. I served as the IT Manager for the library, which is the third largest in Michigan by total population served. I used to tell people that &ldquo;if it blinked or beeped, and it stopped doing either, we would fix it.&rdquo; Across the 19 buildings of the library system our three-person team took care of public/staff workstations, phones, surveillance cameras, printers, and all the servers and networking equipment required to connect them. We also did staff training programs and liaised with outside vendors.</p><p><i>Is this your first time working as part of a remote team?</i></p><p>This is the first time I&rsquo;ve worked asynchronously with a remote team, but not the first time I&rsquo;ve worked remotely. Before working at the library I worked with a small hosting company doing sysadmin type work. While at the library I advocated for a rotating hybrid schedule (2 days onsite, 3 remote) for my team in an effort to reduce the chance of our whole department being quarantined/sick simultaneously.&nbsp;<br/></p><p><i>What was the attraction of the ASF for you?</i><br/></p><p>The ASF is the nexus point to so many projects that get used in so many places. Knowing I could help move that work along was very exciting.</p><p><i>Have you been involved in the open-source world before now?</i><br/></p><p>I have been using open-source software since the mid-90s, when I discovered Linux. I have only begun contributing to open-source projects within the last 10 years, and even those contributions were pretty minor. It feels really good to change that.</p><p><i>What do you bring to the work?&nbsp;</i></p><p>I have a strong distaste for miscommunication, so I try to be an effective communicator. Additionally, I love solving problems and helping people get the resources they need.</p><p><i>Any big surprises so far?</i><br/></p><p>I think the biggest surprise so far has been how nice it is to work in an environment where I don&rsquo;t have to know everything and the work is spread out. In my last job I managed a very small team and we were stretched pretty thin most days.</p><p><i>Will you be at ApacheCon North America 2022, and can people meet you there?</i></p><p>I am planning to attend ACNA 2022 and look forward to meeting a bunch of people.&nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>New and enhanced GitBox platform sees the light of day</title><link href="https://infra.apache.org/blog/new-and-enhanced-gitbox-platform.html" rel="alternate"></link><published>2022-04-04T07:48:50+00:00</published><updated>2022-04-04T07:48:50+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-04-04:/blog/new-and-enhanced-gitbox-platform.html</id><summary type="html"><p><span style="font-size: 14px;">As we head into April and the middle of the spring of 2022, we are pleased to announce that we have migrated our writable git repository service, gitbox.apache.org, to a new location, a new cluster of hardware bits, and a new platform. The migration took around 35 minutes …</span></p></summary><content type="html"><p><span style="font-size: 14px;">As we head into April and the middle of the spring of 2022, we are pleased to announce that we have migrated our writable git repository service, gitbox.apache.org, to a new location, a new cluster of hardware bits, and a new platform. The migration took around 35 minutes to complete, and while completely seamless and hidden to most users, it does add some new features that we have not had before, as well as redesigning some existing ones.</span></p><p><br/></p><p><span style="font-size: 18px;">New, faster hardware behind the scenes</span></p><p><span style="font-size: 18px;"><span style="font-size: 14px;">The first big change is the change in the hardware powering our services. We have more than tripled our computing performance, increased our disk read/write throughput by more than 17x, and increased our network throughput ten-fold. In basic terms, this means we can process pushes of new commit much faster, whether they originate from GitHub or are pushed directly to gitbox by a committer, both in terms of storing them, but also in terms of communicating the changes to our end-users, the developers. It also makes our service much more resilient towards high demands at peak office hours.</span></span></p><p><span style="font-size: 18px;"><br/></span></p><p><span style="font-size: 18px;">New, modern, and modular micro-services</span></p><p><span style="font-size: 14px;">While this sounds like a game of "buzzword bingo</span><span style="font-size: 14px;">", it really represents many months of careful planning and upgrading of the complex designs behind GitBox, pushing them into the very forefront of back-end synchronization setups. All of our main components (code synchronization, event notification, provenance and quality assurance communications, as well as repository and account management) have been split into distinct "pipservices", which is a term we use internally at the Apache Infrastructure Team for denoting single packages of services, or "apps", that are installed and run independently of each other. These all tie into our configuration management system, and can be enabled, tweaked/upgraded or disabled quickly and as demand dictates. This change simplifies our day-to-day workflows and allows to much easier assessment of resource consumption and aids debugging by separating both processes and security environments.</span></p><p><span style="font-size: 18px;"></span></p><p><span style="font-size: 18px;">New unified portal for all repository and account management needs</span></p><p><span style="font-size: 14px;">With GitBox version 2 we have also launched a new portal for managing repositories and accounts, called Boxer. With Boxer, our developers can link their GitHub accounts with their Apache credentials, providing them with write access to GitHub. We have removed the old, cumbersome process of linking, and replaced with a flow-based approach that instantly allows a new developer to join a team. Where the old process typically required hours of waiting for our central team management system to catch up, linking and getting slotted into the right teams can now be done in a matter of minutes, if not seconds, and requires no other action than visiting our Boxer portal on gitbox.</span></p><p><span style="font-size: 14px;"></span></p><p><span style="font-size: 18px;">Private git repositories</span></p><p><span style="font-size: 14px;">A final </span><span style="font-size: 14px;">thing we'd like to mention is the new ability for projects to use a private git repository</span><span style="font-size: 14px;"><span style="font-size: 14px;"> for issues or a more sensitive nature. Each project can now have their own private repository space, available to the entire PMC for whatever need they may find themselves in. At present, this will require asking the infrastructure team, as we'd like to work with projects to ensure the best handling of sensitive information.</span><br/></span></p><p><span style="font-size: 14px;"><br/></span></p><p><span style="font-size: 14px;">We continuously strive to better ourselves and provide state-of-the-art services and thinking, and it is our sincere hope that these upgrades will prove useful for the developers at the foundation.</span></p><p><span style="font-size: 14px;">If there are any questions on these changes, we ask that you reach out to us at users@infra.apache.org with your feedback/questions.</span></p><p><span style="font-size: 14px;"><br/></span></p><p><span style="font-size: 14px;">With warm regards and excitement,</span></p><p><span style="font-size: 14px;"><span style="font-size: 14px;">Daniel, on behalf of the Infrastructure Team at the Apache Software Foundation.</span><br/></span><br/></p>
-</content><category term="blog"></category></entry><entry><title>Even more GitHub features added to .asf.yaml</title><link href="https://infra.apache.org/blog/even-more-github-features-added.html" rel="alternate"></link><published>2020-10-21T13:35:19+00:00</published><updated>2020-10-21T13:35:19+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-10-21:/blog/even-more-github-features-added.html</id><summary type="html"><p>Available as of yesterday, more self serve features were added to the .asf.yaml toolset, based around GitHub Branch Protection.</p>
-<p>You can now add the following features :-</p><ul><li>GitHub Branch Protection Enable/Disable</li><li>Require Status Checks to pass before merging</li><li>Require Branches to be up to date before merging</li><li>Context Status …</li></ul></summary><content type="html"><p>Available as of yesterday, more self serve features were added to the .asf.yaml toolset, based around GitHub Branch Protection.</p>
-<p>You can now add the following features :-</p><ul><li>GitHub Branch Protection Enable/Disable</li><li>Require Status Checks to pass before merging</li><li>Require Branches to be up to date before merging</li><li>Context Status Checks (i.e. this build/check must pass before merging)</li><li>Require Pull Request Reviews</li><li>Dismiss Stale Pull requests</li><li>Require Code Owner Reviews</li><li>Minimum number of approvals of reviews</li><li>Require Signed Signatures on commits</li></ul><p>Some of these features, like enable/disable protection of branches and required signatures will send an email to the projects private list with details.</p><p>See this <a href="https://github.com/apache/infrastructure-puppet/pull/1678" target="_blank">PR</a> for more details on code and implementation.</p><p>Infra especially thanks Bryan Ellis (erisu) for opening the PR, providing the code and persisting all the way through a long standing PR until it was finally implemented, with tweaks by Humbedooh to see it over the finish line.<br/></p><p>See the <a href="https://infra.apache.org/asf-yaml.html" target="_blank">.asf.yaml documentation</a>.</p>
-<p>If you haven't yet discovered the joys of what .asf.yaml can do for your project, read the entire page above to be enlightened.</p><p>Enjoy self-serving these via your .asf.yaml file!</p>
-</content><category term="blog"></category></entry><entry><title>Promoting Podlings</title><link href="https://infra.apache.org/blog/promoting-podlings.html" rel="alternate"></link><published>2020-07-15T13:29:54+00:00</published><updated>2020-07-15T13:29:54+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-07-15:/blog/promoting-podlings.html</id><summary type="html"><p style="margin-bottom: 0in; line-height: 100%">The Infrastructure
-team is constantly looking for ways to do its work more quickly while
-maintaining the ASF standards of reliability, security, and
-almost-continuous availability. The more the team can speed up and
-improve standard processes that almost every project goes through,
-the better it is for the whole community …</p></summary><content type="html"><p style="margin-bottom: 0in; line-height: 100%">The Infrastructure
-team is constantly looking for ways to do its work more quickly while
-maintaining the ASF standards of reliability, security, and
-almost-continuous availability. The more the team can speed up and
-improve standard processes that almost every project goes through,
-the better it is for the whole community.<br/></p><p style="margin-bottom: 0in; line-height: 100%">&nbsp; &nbsp;As an example,
-when a project starts out with the ASF, it normally begins as a
-&ldquo;podling&rdquo; in the ASF incubator. Here it can start to create its
-code, standard practices, and work methods in a development sandbox.
-</p><p style="margin-bottom: 0in; line-height: 100%">&nbsp; &nbsp;Once the project
-develops a large-enough community of committers and contributors, and
-seems to be viable, it can request promotion to top-level-project
-(TLP) status. This is a great moment for the project and for the ASF,
-but it also used to involve a considerable amount of work for Infra.<br/></p><p style="margin-bottom: 0in; line-height: 100%">&nbsp; &nbsp;Infra Administrator
-Greg Stein recalls that, at the beginning, the promotion &ldquo;process&rdquo;
-was no more than a checklist of about thirty &ldquo;fiddly steps&rdquo;, each
-of which required someone to do one or several manual tasks during
-which any number of things could go wrong. It was considered great
-progress when the checklist reduced to twenty manual steps.<br/></p><p style="margin-bottom: 0in; line-height: 100%">&nbsp; &nbsp;Significant
-improvements included simplifications of tasks related to mailing
-lists in 2010 and LDAP simplifications in 2016, but even as recently
-as 2017 the promotion process involved an Infra team member&rsquo;s
-engagement in many steps over the course of two or three hours. This
-is what each component required for the promotion of Apache Ranger
-that year:<br/></p><p style="margin-bottom: 0in; line-height: 100%"><br/>
-</p><p style="margin-bottom: 0in; line-height: 100%">
-<a href="https://blogs.apache.org/infra/mediaresource/2fbf5326-1e4b-4dfa-a565-f81fb3028357"><img alt="promote2017.png" src="https://blogs.apache.org/infra/mediaresource/2fbf5326-1e4b-4dfa-a565-f81fb3028357?t=true" style="width: 25%;"/></a><br/>
-</p><p style="margin-bottom: 0in; line-height: 100%"><br/>
-</p><p style="margin-bottom: 0in; line-height: 100%">Between then and now
-the team has improved automation of the various steps, especially
-with the introduction of <a href="https://cwiki.apache.org/confluence/display/INFRA/git+-+.asf.yaml+features" target="_blank">asf.yaml</a>&nbsp;configuration files to simplify publishing project websites. In
-2020 the same promotion process, for Apache ShardingSphere, took a
-grand total of <b>four minutes</b>:</p><p style="margin-bottom: 0in; line-height: 100%"><br/></p><p style="margin-bottom: 0in; line-height: 100%"><a href="https://blogs.apache.org/infra/mediaresource/53eb7318-305c-4ace-831e-c0bfd6a679b4"><img alt="promote2020.png" src="https://blogs.apache.org/infra/mediaresource/53eb7318-305c-4ace-831e-c0bfd6a679b4?t=true" style="width: 25%;"/></a><br/>
-</p><p style="margin-bottom: 0in; line-height: 100%">
-<br/>
-</p><p style="margin-bottom: 0in; line-height: 100%">Infra member Daniel
-Gruno says, &ldquo;The majority of the work is just a click of a button
-by the ASF secretary nowadays, and then the few remaining bits can
-take between five and sixty minutes to complete.&rdquo; That range
-reflects the fact that no two projects have the same profile, system
-requirements, and performance expectations.</p><p style="margin-bottom: 0in; line-height: 100%">&nbsp; &nbsp;These improvements
-in the podling promotion process are a good reminder of how important
-it can be to take the time to &ldquo;sharpen the saw.&rdquo;</p>
-</content><category term="blog"></category></entry><entry><title>New notification scheme features for git repositories</title><link href="https://infra.apache.org/blog/new-notification-scheme-features-for.html" rel="alternate"></link><published>2020-04-19T22:50:14+00:00</published><updated>2020-04-19T22:50:14+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-04-19:/blog/new-notification-scheme-features-for.html</id><summary type="html"><p>Today, ASF Infra launched new features for projects wishing to update their notification schemes for git/github activity on their own.</p>
-<p>Via the <a href="https://infra.apache.org/asf-yaml.html" target="_blank">.asf.yaml</a> file, projects can now define notification schemes for their repositories, including targets for commit emails, GitHub events, and Jira notification options.</p>
-<p>Along with this notification …</p></summary><content type="html"><p>Today, ASF Infra launched new features for projects wishing to update their notification schemes for git/github activity on their own.</p>
-<p>Via the <a href="https://infra.apache.org/asf-yaml.html" target="_blank">.asf.yaml</a> file, projects can now define notification schemes for their repositories, including targets for commit emails, GitHub events, and Jira notification options.</p>
-<p>Along with this notification scheme feature, we have also launched some corrective measures for repositories where github activity did not result in proper relaying to our mailing lists, so some projects may start seeing event messages that did not appear before. Furthermore, we are now combining review comments into single emails, to lessen the load in your inbox.</p><p><br/></p><p>With regards,</p><p>The ASF Infrastructure Team.<br/></p>
-</content><category term="blog"></category></entry><entry><title>More secure and robust downloads</title><link href="https://infra.apache.org/blog/more-secure-and-robust-downloads.html" rel="alternate"></link><published>2020-03-04T15:43:06+00:00</published><updated>2020-03-04T15:43:06+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-03-04:/blog/more-secure-and-robust-downloads.html</id><summary type="html"><p><i>Infra member Daniel Gruno writes</i>:</p><p>To better provide our millions of users with downloads, the Apache Infrastructure Team has been restructuring the way downloads work for our main distribution channels over the past few weeks. For users, this will largely go unnoticed, and for projects likely the same; but we …</p></summary><content type="html"><p><i>Infra member Daniel Gruno writes</i>:</p><p>To better provide our millions of users with downloads, the Apache Infrastructure Team has been restructuring the way downloads work for our main distribution channels over the past few weeks. For users, this will largely go unnoticed, and for projects likely the same; but we did want to mention the changes we've made:</p><p>As of March, 2020, we are deprecating www.apache.org/dist/ in favor of https://downloads.apache.org/ for backup downloads as well as signature and checksum verification. The primary driver has been splitting up web site visits and downloads to gain better control and offer a better service for both downloads and web site visits.</p><p>This does not impact end-users, and should have a minimal impact on projects, as our download selectors as well as visits to www.apache.org/dist/ have been adjusted to make use of downloads.apache.org instead. We are asking that projects, in their own time-frame, change references on their own web sites from www.apache.org/dist/ to downloads.apache.org wherever such references may exist, to complete the switch in full. We will <b>not </b>be turning off www.apache.org/dist/ in the near future, but would greatly appreciate if projects could help us transition away from the old URLs in their documentation and on their download pages.<br/></p><p>The <a href="https://www.apache.org/legal/release-policy.html#upload-ci" target="_blank">standard way of uploading releases</a>&nbsp;will still apply, however there may be a short delay (&lt;= 15 minutes) for technical reasons between the release and when releases show up on downloads.apache.org.<br/></p><p>If you have any questions about this change, please do not hesitate to reach out to us at users@infra.apache.org.<br/></p><p style="text-align: right; ">With regards,<br/></p><p style="text-align: right; ">Daniel on behalf of ASF Infrastructure</p>
-</content><category term="blog"></category></entry><entry><title>Welcome to Roller 6.0!</title><link href="https://infra.apache.org/blog/welcome-to-roller-6-0.html" rel="alternate"></link><published>2020-02-25T22:16:59+00:00</published><updated>2020-02-25T22:16:59+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-02-25:/blog/welcome-to-roller-6-0.html</id><content type="html"><hr/>
-**Note**: Until June, 2023, the ASF supported using Apache Roller for project blogs. That support has ended. Please visit <a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a> for more information about blogs for projects.
-<hr/>
-<p>After some bumpy DNS issues, Roller 6.0 is live!<br/></p>
-</content><category term="blog"></category></entry><entry><title>index</title><link href="https://infra.apache.org/blog/index.html" rel="alternate"></link><published>2020-02-02T00:00:00+00:00</published><updated>2020-02-02T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-02-02:/blog/index.html</id><content type="html"><p>Date: '2020-02-02'</p>
-</content><category term="blog"></category></entry><entry><title>Another oar in the water</title><link href="https://infra.apache.org/blog/another-oar-in-the-water.html" rel="alternate"></link><published>2020-01-05T18:54:30+00:00</published><updated>2020-01-05T18:54:30+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-01-05:/blog/another-oar-in-the-water.html</id><summary type="html"><p>
-The Infrastructure team (Infra) works behind the scenes to make it possible for Apache's galaxy of committers to do the cool stuff they do, and for the open-source world to get, use, and rely on applications Apache projects produce. Infra supports additions to code repositories, a constant stream of conversation …</p></summary><content type="html"><p>
-The Infrastructure team (Infra) works behind the scenes to make it possible for Apache's galaxy of committers to do the cool stuff they do, and for the open-source world to get, use, and rely on applications Apache projects produce. Infra supports additions to code repositories, a constant stream of conversation among project committers and contributors, and about 100 terabytes a month of software downloads.</p>
-<p>Infra provides not just services, but knowledge. Infra's team and project committers rely on clear and accurate documentation about everything from how to update personal information to how to keep the Apache servers online, secure, and speedy.</p>
-<p>Over 20 years of work, however, Infra has built up a substantial quantity of documentation that may be hard for its intended audience to find, out of date, or no longer relevant. So, in December, 2019, the ASF hired Andrew Wetmore as a part-time <strong>Technical Writer-Editor.</strong>&nbsp;His job is to curate the existing documentation and, in coordination with the rest of the Infra team and the wider ASF community, extend and improve it.</p>
-<p>Andrew is a member of the PMC of <a href="https://royale.apache.org/" target="_blank" title="Apache Royale">Apache Royale</a>, and spent fifteen years leading QA and documentation teams for software projects ranging from kitchen-table startups to major corporations. He lives in rural Nova Scotia, on the east coast of Canada, where he is the editor of a small publishing house.</p>
-</content><category term="blog"></category></entry><entry><title>Subversion-to-Git service (git.apache.org) post mortem, and the path forward</title><link href="https://infra.apache.org/blog/subversion-to-git-service-git.html" rel="alternate"></link><published>2019-09-10T21:36:35+00:00</published><updated>2019-09-10T21:36:35+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2019-09-10:/blog/subversion-to-git-service-git.html</id><summary type="html"><h2>What happened<br/></h2>
-<p>On August 31st 2019, the machine hosting our subversion-to-git mirrors and synchronization process for GitHub suffered a catastrophic drive error due to a power failure at our data center in Virginia. The power failure was, unfortunately, of such a nature, that recovering the disk data was not possible …</p></summary><content type="html"><h2>What happened<br/></h2>
-<p>On August 31st 2019, the machine hosting our subversion-to-git mirrors and synchronization process for GitHub suffered a catastrophic drive error due to a power failure at our data center in Virginia. The power failure was, unfortunately, of such a nature, that recovering the disk data was not possible. Four days into the failure, on September 4th 2019, we received confirmation from the data center that the data redundancy had also failed, meaning we had no measure of restoring to a new disk.</p>
-<h2>What this means right now</h2>
-<p> Currently, all GitHub mirrors that originate in subversion, and thus relied on this service, are not being synchronized with their subversion source. As git relies on on-disk subversion meta-data, as opposed to in-repo, we are not able to obtain the meta-data and continue synchronizing unless a full recreation of the mirrors is performed. This means starting from the first revision in any given subversion repository and working towards the most current one, a process that may well take a few days or weeks, depending on the size of the repository (by number of commits) and the number of running jobs at that time.<br/></p>
-<h2>What we intend to do, going forward </h2>
-<p>Our most immediate action has been to revisit off-site backup strategies to ensure that our services are as resilient as possible, as well as re-assess and re-categorize various machines with regards to backup strategies.</p>
-<p>With backups revisited, and on the more long-term side of things, discussions have been centered around what we want to offer, and how that will shape our design of the system. We want to balance the need for features against robustness and speed at the core of the service, as well as perform some fall cleaning of the service, and as such, the Infrastructure team has decided to restart the service with a blank slate, incorporating features as the needs arise and are discussed. We will also be reaching out to the projects with subversion-to-git mirrors currently on GitHub, and ask for a positive confirmation that they wish to continue with this service, so as to clean up the number of repositories that are no longer in use. We are also redesigning the core service, coupling it tighter with our subversion offerings. <br/></p>
-<p>We estimate the git mirror service to be revamped and rebooted in a matter of weeks, as cycles allow (this is occurring in tandem with other service upgrades, which puts the timeline somewhat into the future), and will add mirror repositories on an ad-hoc basis as requests come in.</p>
-<h2>Notable changes to service offering</h2>
-<p>As we are starting with a blank slate, please be advised of the following changes to the service as it starts back up:</p>
-<ul>
-<li>There will no longer be a <a href="http://git.apache.org">git.apache.org</a>&nbsp; URL for git mirrors, to lessen the confusion with <a href="http://gitbox.apache.org">gitbox.apache.org.</a>&nbsp; Projects wishing to point to a git copy of their subversion repository should use their respective GitHub URLs.</li>
-<li>Repositories are re-created from scratch. As such, it may take days from a recreation is started till the sync process begins to kick in.</li>
-</ul>
-</content><category term="blog"></category></entry><entry><title>Apache and GitHub - a friendly PSA about awesomeness</title><link href="https://infra.apache.org/blog/apache-and-github-a-friendly.html" rel="alternate"></link><published>2019-04-30T01:08:58+00:00</published><updated>2019-04-30T01:08:58+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2019-04-30:/blog/apache-and-github-a-friendly.html</id><summary type="html"><p> <em>With the <a href="https://blogs.apache.org/foundation/entry/the-apache-software-foundation-expands">news of the Apache Software Foundation teaming up more closely with GitHub</a>, we feel it natural to elaborate a bit on what has been going on and what this means for you as a committer and/or user of Apache software.</em><br/><br/> </p>
-<h2>A little bit of history</h2>The Apache …</summary><content type="html"><p> <em>With the <a href="https://blogs.apache.org/foundation/entry/the-apache-software-foundation-expands">news of the Apache Software Foundation teaming up more closely with GitHub</a>, we feel it natural to elaborate a bit on what has been going on and what this means for you as a committer and/or user of Apache software.</em><br/><br/> </p>
-<h2>A little bit of history</h2>The Apache Software Foundation started experimenting with git as a source code repository system in 2008, and ventured into GitHub in 2010, where we were graciously offered whatever resources we needed.<br/><br/>At first, this was merely a mirror of our existing git and subversion repositories, but as time went on, and projects expressed an interest in utilizing the many user-friendly features of GitHub, we started work on enabling projects to make proper use of GitHub some three years ago in the middle of 2016. This project, aptly named `gitbox`, ensured that committers could make full use of the GitHub features, while we kept a place within our own infrastructure for people inclined to continue using our infrastructure for their work. As git is decentralized by its very nature, we were able to use GitHub to augment rather than replace our git workflow, bringing our software development to the millions of users on GitHub in addition to the existing Apache community and committers, on a case-by-case basis.<br/><br/>In 2018, we made the decision to combine the two different git service offerings we had into one service, allowing all Apache projects to use GitHub if they so desired. Before then, we had two distinct git services: gitbox and git-wip-us, the initial git service that had been available since 2010. We coordinated the move from git-wip to gitbox with the various Apache projects, and in early 2019 we had migrated all projects to the new service, enabling GitHub features for all git-based Apache projects.<br/><br/>With Microsoft's acquisition of GitHub in 2018, and their commitment to help strengthen open source development, we have received additional resources to help lower the bar for contributions, and we'd like to thank GitHub for their support of the Apache Software Foundation through all nine years of using their platform.<br/><br/>
-<h2>What this means for you as a committer</h2><br/>As stated above, our GitHub integration is an augmentation of our existing service. It is available to all committers on git-based projects to make use of, should they so wish. All new git repositories will automatically be available on both GitHub and Gitbox.<br/><br/>For those wishing to take full advantage of GitHub's features, one can link their GitHub and Apache accounts through <a href="https://gitbox.apache.org/setup/">https://gitbox.apache.org/setup/</a> which will grant their GitHub account write access to the repositories you'd traditionally have access to at Apache.<br/><br/>People that wish to continue using their Apache committer accounts to commit code may continue doing so on gitbox.apache.org with their Apache credentials. Nothing has changed in that respect.<br/><br/>As Apache is a very email-centered organization, all GitHub activity is naturally linked to our mailing lists to ensure the same level of openness in the development of our software.<br/><br/>
-<h2>What this means for you as a user of Apache software</h2>
-<p><br/>For many projects, the move to GitHub means a lower bar to both contributing as well as troubleshooting and submitting issues to the projects, through the GitHub issue and pull request features.<br/><br/>Our commitment to provenance, quality and open governance remains the same, and with our tight integration with GitHub through our linked account service, we are able to bring what made Apache a mark of quality to the many users and contributors on GitHub.</p>
-<p><br/></p>
-<p> </p>
-<p>As always, if you have any questions, comments, remarks or feedback about this, we welcome you to reach out to the Apache Infrastructure Team at: <a href="mailto:users@infra.apache.org">users@infra.apache.org</a> <br/></p>
-</content><category term="blog"></category></entry><entry><title>Rate-limiting on Apache services</title><link href="https://infra.apache.org/blog/rate-limiting-on-apache-services.html" rel="alternate"></link><published>2019-01-27T18:20:54+00:00</published><updated>2019-01-27T18:20:54+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2019-01-27:/blog/rate-limiting-on-apache-services.html</id><summary type="html"><p>Over the past few days we have implemented rate limiting on selected services across the ASF.</p>
-<p>As our foundation grows, so do the number of users and robots utilizing our services. In order to accommodate as many as possible with what resources we have, we have opted to implement rate-limiting …</p></summary><content type="html"><p>Over the past few days we have implemented rate limiting on selected services across the ASF.</p>
-<p>As our foundation grows, so do the number of users and robots utilizing our services. In order to accommodate as many as possible with what resources we have, we have opted to implement rate-limiting to ensure that everyone can get their fair share of use of our services across the globe. The first services to have rate-limiting implemented are:</p>
-<ul>
-<li>JIRA (issues.apache.org)</li>
-<li>MoinMoin Wiki (wiki.apache.org)</li>
-<li>BugZilla (bz.apache.org)</li>
-</ul>
-<div><br/></div>
-<h3>If you are a normal user of our services:</h3>This very likely will never affect you, and you can go about your business just like normal :) If you DO experience errors or 429 (rate limited) response codes, please do let us know.<br/><br/>
-<h3>If you are a robot or otherwise automated tool:</h3>
-<p>There are now limits in place for how much CPU time you can use, varying from service to service. If you get limited, you will receive a HTTP 429 response instead of the normal 200, and a short text blob will explain that you have crossed our resource limits and have been rate-limited. It will also explain why, and when you can expect to be unblocked again (generally within two minutes time). Scrapers, bots etc using our services should check for a 429 response code and act accordingly (or just slow down the discovery pace in general, as that benefits all of us).</p>
-<p> </p>
-<h3>A general note about the rate limiting system, now and in the future:<br/></h3>
-<p>Rate limits are applied across IP blocks to discourage distributed abuse, thus if you have 1.2.3.4 abusing a service, 1.2.3.5 would potentially also be affected by the rate limits till they expire.</p>
-<p>Later this year, we will be rolling out rate limits on more services, and we encourage people automating tasks to honor the 429 responses across all ASF services.</p>
-<p>We would also like to point out that there are, as before, additional global limits in place regarding the use of our services, which can be found at: <a href="http://www.apache.org/dev/infra-ban.html">https://www.apache.org/dev/infra-ban.html</a> <br/></p>
-</content><category term="blog"></category></entry><entry><title>Roller updated to 5.2.2</title><link href="https://infra.apache.org/blog/roller-updated-to-5-2.html" rel="alternate"></link><published>2019-01-10T05:08:48+00:00</published><updated>2019-01-10T05:08:48+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2019-01-10:/blog/roller-updated-to-5-2.html</id><content type="html"><hr/>
-**Note**: Until June, 2023, the ASF supported using Apache Roller for project blogs. That support has ended. Please visit <a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a> for more information about blogs for projects.
-<hr/>
-<p>We've updated blogs.a.o to the latest version of Roller, 5.2.2!!</p>
-<p> </p>
-<p> </p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>Relocation of Apache git repositories on git-wip-us.apache.org to gitbox.apache.org</title><link href="https://infra.apache.org/blog/relocation-of-apache-git-repositories.html" rel="alternate"></link><published>2018-12-07T17:33:33+00:00</published><updated>2018-12-07T17:33:33+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2018-12-07:/blog/relocation-of-apache-git-repositories.html</id><summary type="html"><p>[IF YOUR PROJECT DOES NOT HAVE GIT REPOSITORIES ON GIT-WIP-US PLEASE DISREGARD THIS POST]<br/><br/>Hello Apache projects,<br/><br/>I am writing to you because you may have git repositories on the git-wip-us server, which is slated to be decommissioned in the coming months. All repositories will be moved to the new …</p></summary><content type="html"><p>[IF YOUR PROJECT DOES NOT HAVE GIT REPOSITORIES ON GIT-WIP-US PLEASE DISREGARD THIS POST]<br/><br/>Hello Apache projects,<br/><br/>I am writing to you because you may have git repositories on the git-wip-us server, which is slated to be decommissioned in the coming months. All repositories will be moved to the new gitbox service which includes direct write access on github as well as the standard ASF commit access via gitbox.apache.org.</p>
-<p><strong>Why this move?</strong><br/>The move comes as a result of retiring the git-wip service, as the hardware it runs on is longing for retirement. In lieu of this, we have decided to consolidate the two services (git-wip and gitbox), to ease the management of our repository systems and future-proof the underlying hardware. The move is fully automated, and ideally, nothing will change in your workflow other than added features and access to GitHub.<br/></p>
-<p><strong>Timeframe for relocation</strong><br/>Initially, we are asking that projects voluntarily request to move their repositories to gitbox. The voluntary time frame is between now and January 9th 2019, during which projects are free to either move over to gitbox or stay put on git-wip. After this phase, we will be requiring the remaining projects to move within one month, after which we will move the remaining projects over.<br/><br/>To have your project moved in this initial phase, you will need:<br/></p>
-<ul>
-<li>Consensus in the project (documented via the mailing list)</li>
-<li>File a JIRA ticket with INFRA to voluntarily move your project repos over to gitbox (as stated, this is highly automated and will take between a minute and an hour, depending on the size and number of your repositories)<br/></li>
-</ul>
-<p>To sum up the preliminary timeline;<span style="background-color: #02ff00;"></span></p>
-<ul>
-<li><span style="background-color: #02ff00;">December 9th 2018 -&gt; January 9th 2019: Voluntary (coordinated) relocation</span></li>
-<li><span style="background-color: #ffff00;">January 9th -&gt; February 6th: Mandated (coordinated) relocation</span></li>
-<li><span style="background-color: #ff0000;">February 7th: All remaining repositories are mass migrated</span></li>
-</ul>
-<p><br/>This timeline may change to accommodate various scenarios.<br/></p>
-<p><strong>Using GitHub with ASF repositories</strong><br/>When your project has moved, you are free to use either the ASF repository system (gitbox.apache.org) OR GitHub for your development and code pushes. To be able to use GitHub, please follow the primer at: <a href="https://reference.apache.org/committer/github">https://reference.apache.org/committer/github</a> We appreciate your understanding of this issue, and hope that your project can coordinate voluntarily moving your repositories in a timely manner.<br/><br/>All settings, such as commit mail targets, issue linking, PR notification schemes etc will automatically be migrated to gitbox as well.<br/></p>
-</content><category term="blog"></category></entry><entry><title>Position Available: Infrastructure Systems Administrator</title><link href="https://infra.apache.org/blog/position-available-infrastructure-systems-administrator.html" rel="alternate"></link><published>2018-09-17T07:55:22+00:00</published><updated>2018-09-17T07:55:22+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2018-09-17:/blog/position-available-infrastructure-systems-administrator.html</id><summary type="html"><h4><strong>UPDATE</strong>: &nbsp;We have received enough applicants at this time. Thank you all for your interest.&nbsp; <br/></h4>
-<p>The Apache Software Foundation (ASF) seeks to fill an Infrastructure Systems Administrator position. You will be responsible for working with the existing technical infrastructure team.&nbsp; The ASF manages a world-wide network of open source software …</p></summary><content type="html"><h4><strong>UPDATE</strong>: &nbsp;We have received enough applicants at this time. Thank you all for your interest.&nbsp; <br/></h4>
-<p>The Apache Software Foundation (ASF) seeks to fill an Infrastructure Systems Administrator position. You will be responsible for working with the existing technical infrastructure team.&nbsp; The ASF manages a world-wide network of open source software which includes more than 1600 software code repositories, a worldwide distribution and mirroring system for software, change management, issue tracking, and software management for 300+ open source initiatives and over 10,000 contributors around the world.<br/><br/>Applicants should have a strong background in Computer and Information Science, and should be familiar with modern DevOps environments. Applicants must demonstrate the ability to work in a remote team environment alongside others working in diverse locations around the world and in different timezones. The successful applicant will work with the existing Infrastructure team to manage the ASF's critical infrastructure and resources. Infrastructure team members are expected to work a weekly on-call rotation with the rest of the team.<br/><br/>Our infrastructure team also supports our broader community by enabling the creation of self-service tooling. The successful candidate will be able to balance the needs of our critical infrastructure and the needs of our community to self-serve. These two demands can often be in conflict and thus an ability to navigate such complex environments is a distinct advantage.<br/><br/>Familiarity with Puppet (or a similar configuration management tool) Linux (Ubuntu-based), Virtual Machines, Subversion/Git, Python, and full development environment stacks are a requirement. Further, the candidate should possess great documentation skills and should be well versed in not only developing and assisting in technical solutions, but in documenting them.<br/><br/>Daily tasks will include handling of alarms, outages, and security concerns on a timely basis; working with our many communities on their needs and issues; managing tickets on a timely basis; rolling out and upgrading services; reducing our large technical debt; and maintaining a professional and collegial atmosphere. The team coordinates primarily through daily chat usage, weekly meetings, and email. Social skills and ability to integrate closely with the team are expected.<br/><br/>Preferred qualifications include a Bachelor's Degree in Computer Science or similar background from an accredited university, though demonstrable and appropriate on-the-job experience is an acceptable substitute for formal qualifications. Familiarity with how open source communities work is a definite positive.<br/><br/>English as a spoken and written language is required in order to facilitate team collaboration.<br/><br/>This is a remote work position, the ASF does not require nor provide office locations. Travel once per year is required, for a team meetup and will typically be coincident with an Apache conference.<br/><br/> </p>
-</content><category term="blog"></category></entry><entry><title>Bringing GitPubSub to the Apache Jenkins build server</title><link href="https://infra.apache.org/blog/bringing-gitpubsub-to-the-apache.html" rel="alternate"></link><published>2017-03-26T01:07:08+00:00</published><updated>2017-03-26T01:07:08+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2017-03-26:/blog/bringing-gitpubsub-to-the-apache.html</id><summary type="html"><p>
-When it comes to <a href="#Jenkins">[Jenkins</a>], it has long been known that [polling must die].
-</p>
-<p>While we could go and create post commit hooks in all the ASF hosted Git repositories, that is something that realistically is just creating an added maintenance burden.
-<p>In any case, we have [GitPubSub]. </p></p>
-<p>The question …</p></summary><content type="html"><p>
-When it comes to <a href="#Jenkins">[Jenkins</a>], it has long been known that [polling must die].
-</p>
-<p>While we could go and create post commit hooks in all the ASF hosted Git repositories, that is something that realistically is just creating an added maintenance burden.
-<p>In any case, we have [GitPubSub]. </p></p>
-<p>The question then becomes, how do we integrate [GitPubSub] with [Jenkins]?
-<p>Thankfully, ASF committer stephenc is also an active committer to the [Jenkins] project and created a [plugin] that connects to [GitPubSub] parses the events and passes them through to the Jenkins [SCM API].</p>
-</p>
-<p>
-What does this mean?
-</p>
-<p>* You can turn your Git polling down - way way down - to something like once per day.
-This should significantly reduce the load on both the ASF git servers and builds.apache.org<br/>* Your builds will be triggered in seconds rather than having to wait for the next polling run.<br/>* You can try out using Multi-branch projects much like the [Maven] project has been doing for [Maven core] and [Maven Surefire]
-</p>
-<p>
-If the reaction to this change proves positive, the next step will be to integrate SvnPubSub with Jenkins and bring the benefits to the Subversion based projects too
- </p>
-<p> </p>
-<p>See also this blog post by Stephen Connolly:</p>
-<p> <a href="https://www.cloudbees.com/blog/using-multi-branch-pipelines-apache-maven-project">https://www.cloudbees.com/blog/using-multi-branch-pipelines-apache-maven-project</a><br/></p>
-<p>[polling must die]: http://kohsuke.org/2011/12/01/polling-must-die-triggering-jenkins-builds-from-a-git-hook/<br/>[GitPubSub]: https://www.apache.org/dev/gitpubsub.html
-<br/> <a name="Jenkins">[Jenkins]</a>: https://jenkins.io/
- <br/>[plugin]: https://github.com/stephenc/asf-gitpubsub-jenkins-plugin
- <br/>[SCM API]: https://plugins.jenkins.io/scm-api
- <br/>[Maven]: https://maven.apache.org
- <br/>[Maven core]: https://builds.apache.org/job/maven-3.x-jenkinsfile/
-<br/> [Maven Surefire]: https://builds.apache.org/job/maven-surefire-pipeline/
-</p>
-<p>Posted on behalf of Committer Stephen Connolly (stephenc)
-</p>
-</content><category term="blog"></category></entry><entry><title>blogs.a.o moved, upgraded and improved</title><link href="https://infra.apache.org/blog/blogs-a-o-moved-upgraded.html" rel="alternate"></link><published>2017-01-01T08:06:46+00:00</published><updated>2017-01-01T08:06:46+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2017-01-01:/blog/blogs-a-o-moved-upgraded.html</id><summary type="html"><p>Hi All,</p>
-<p> <a href="https://blogs.apache.org" title="blogs.apache.org main site">blogs.apache.org</a> &nbsp; - the site you are reading now! has had a bit of an update.<br/></p>
-<p> </p>
-<p>1. We moved it from an aged VM Host to the Cloud (thanks LeaseWeb!)</p>
-<p>2. We puppetised the entire service, from install to deploy (see our <a href="https://github.com/apache/infrastructure-puppet/tree/deployment/modules/blogs_asf" title="GitHub Mirror of infrastructure-puppet">GitHub</a> Mirror )</p>
-<p>3. We upgraded the …</p></summary><content type="html"><p>Hi All,</p>
-<p> <a href="https://blogs.apache.org" title="blogs.apache.org main site">blogs.apache.org</a> &nbsp; - the site you are reading now! has had a bit of an update.<br/></p>
-<p> </p>
-<p>1. We moved it from an aged VM Host to the Cloud (thanks LeaseWeb!)</p>
-<p>2. We puppetised the entire service, from install to deploy (see our <a href="https://github.com/apache/infrastructure-puppet/tree/deployment/modules/blogs_asf" title="GitHub Mirror of infrastructure-puppet">GitHub</a> Mirror )</p>
-<p>3. We upgraded the Apache Roller software from 5.0.3 to the latest 5.1.2</p>
-<p>4. We enabled LDAP for logins. That's right! Every single ASF Committer can now just login! No more creating an INFRA Jira ticket just to get a Roller account on <a href="http://blogs.apache.org">blogs.apache.org</a></p>
-<p> Other stuff remains the same - meaning if you are a Blog Administrator you still need to invite committers into your blog, you still need to choose to make them an Author or Admin etc - Roller doesn't support anything more than login auth for LDAP currently - but I bet the <a href="https://roller.apache.org" title="roller project website">project</a> would love to see the LDAP integration extended and improved if you feel the need!.</p>
-<p>Anyhow, our first new year present to our ASF Committers, a shiny updated blog instance,</p>
-<p>&nbsp;Enjoy, and have a great 2017!!<br/></p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>Position Available: Infrastructure Systems Administrator Architect</title><link href="https://infra.apache.org/blog/position_available_infrastructure_systems_administrator.html" rel="alternate"></link><published>2016-07-25T20:07:36+00:00</published><updated>2016-07-25T20:07:36+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2016-07-25:/blog/position_available_infrastructure_systems_administrator.html</id><summary type="html"><p><font size="5"><b>UPDATE</b>: &nbsp;We have received enough applicants at this time. Thank you all for your interest.&nbsp;</font></p>
-<div>
-<p>The Apache Software Foundation (ASF) seeks to fill an Infrastructure Systems Administrator/Architect position. You will be responsible for working with the existing technical infrastructure team, and VP of Infrastructure at the Apache Software Foundation …</p></div></summary><content type="html"><p><font size="5"><b>UPDATE</b>: &nbsp;We have received enough applicants at this time. Thank you all for your interest.&nbsp;</font></p>
-<div>
-<p>The Apache Software Foundation (ASF) seeks to fill an Infrastructure Systems Administrator/Architect position. You will be responsible for working with the existing technical infrastructure team, and VP of Infrastructure at the Apache Software Foundation. The ASF manages a world-wide network of open source software which includes more than 750 software code repositories, a worldwide distribution and mirroring system for software; change management, issue tracking, and software management for 300+ Open Source initiatives and more than 11,000 contributors around the world.</p>
-</div>
-<div><br/></div>
-<div>Applicants should have a strong background in Computer and Information Science, and should be familiar with modern Dev/Ops environments. Applicants must demonstrate the ability to work in a remote team environment alongside others working in diverse locations around the world and in different timezones. The successful applicant will work with the existing Infrastructure team and VP, Infrastructure to manage the ASF's critical infrastructure and resources. Infrastructure team members are expected to work an on-call rotation with the rest of the team.</div>
-<div><br/></div>
-<div>Our infrastructure team also supports our broader community by enabling the creation of self-service tooling. The successful candidate will be able to balance the needs of our critical infrastructure and the needs of our community to self-serve. These two demands can often be in conflict and thus an ability to navigate such complex environments is a distinct advantage.</div>
-<div><br/></div>
-<div>Familiarity with Puppet (or a similar configuration management tool) Linux (Debian-based), Virtual Machines, Subversion/Git and full development environment stacks are a requirement. Further, the candidate should possess great documentation skills and should be well versed in not only developing and assisting in technical solutions, but in documenting them.</div>
-<div><br/></div>
-<div>Preferred qualifications include a Bachelor's Degree in Computer Science or similar background from an accredited university, though demonstrable and appropriate on-the-job experience is an acceptable substitute for formal qualifications. Familiarity with how open source communities work is a plus.</div>
-<div><br/></div>
-<div>English as a spoken and written language is required in order to facilitate team collaboration.</div>
-<div><br/></div>
-<div>This is a remote work position, the ASF does not require nor provide office locations. Travel required for conferences and general team meetups.</div>
-<p>Contact <a href="mailto:vp-infra@apache.org">vp-infra@apache.org</a> with your CV.</p>
-</content><category term="blog"></category></entry><entry><title>ASF JIRA Outages and Troubleshooting</title><link href="https://infra.apache.org/blog/continued_outages_for_the_asf.html" rel="alternate"></link><published>2016-06-30T16:25:30+00:00</published><updated>2016-06-30T16:25:30+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2016-06-30:/blog/continued_outages_for_the_asf.html</id><summary type="html"><p>As people have noticed, our JIRA instance (arguably the largest public instance in the world) has been suffering from a yet unknown issue as of late.&nbsp;We are reasonably sure that this is related to specific queries being made against the instance (possibly automated queries from scrapers), but have yet …</p></summary><content type="html"><p>As people have noticed, our JIRA instance (arguably the largest public instance in the world) has been suffering from a yet unknown issue as of late.&nbsp;We are reasonably sure that this is related to specific queries being made against the instance (possibly automated queries from scrapers), but have yet to identify the exact cause of the problem.</p>
-<p>The failure condition arises when the database connection pool is exhausted, despite being configured and sized appropriately. These connections all appear idle, but when the pool is full, no new connections can be established, and the instance falls over, requiring a restart.&nbsp;</p>
-<p>We are working closely with Atlassian, the creator of JIRA, to remedy the situation. Unfortunately, this requires running diagnostics on the production JIRA instance, which in and of itself causes performance degradation and downtime. Over the past several days, we've identified and implemented some changes to the pool parameters which we hope will help stabilize the instance while we continue our diagnostic work.</p>
-<p>We expect that there may still be some moments of downtime and occasional restarts. Any longer duration outages will be announced via Twitter/infrabot and status.apache.org.</p>
-</content><category term="blog"></category></entry><entry><title>AppVeyor CI now available for GitHub Mirrors</title><link href="https://infra.apache.org/blog/appveyor_ci_now_available_for.html" rel="alternate"></link><published>2016-02-12T19:45:06+00:00</published><updated>2016-02-12T19:45:06+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2016-02-12:/blog/appveyor_ci_now_available_for.html</id><summary type="html"><p><span style="font-stretch: normal;">The ASF Infrastructure team is happy to announce that projects can how have AppVeyor CI setup on their GitHub mirrors.</span></p>
-<p>&nbsp;The only thing you need to do is create an INFRA ticket at <a href="https://issues.apache.org/jira/browse/INFRA/">issues.apache.org</a> with the following information:</p>
-<ul>
-<li>Repo Name</li>
-<li>Mailing list to send build notifications to (optional …</li></ul></summary><content type="html"><p><span style="font-stretch: normal;">The ASF Infrastructure team is happy to announce that projects can how have AppVeyor CI setup on their GitHub mirrors.</span></p>
-<p>&nbsp;The only thing you need to do is create an INFRA ticket at <a href="https://issues.apache.org/jira/browse/INFRA/">issues.apache.org</a> with the following information:</p>
-<ul>
-<li>Repo Name</li>
-<li>Mailing list to send build notifications to (optional)</li>
-</ul>
-<p>There are already a few projects using AppVeyor on their GitHub mirror, and we now have an Organization role account for central management (and I have gone through an updated previous tickets with new links to badges).</p>
-<p> </p>
-<p>If you have any questions, you can ask us in <a href="http://infra.chat/">Hipchat</a> or you can email infrastructure@apache.org<br/></p>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>Dear Apache</title><link href="https://infra.apache.org/blog/dear_apache.html" rel="alternate"></link><published>2015-10-19T18:30:41+00:00</published><updated>2015-10-19T18:30:41+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-10-19:/blog/dear_apache.html</id><summary type="html"><p>My name is Daniel Takamori and I'm so happy to be joining the Infra team here at Apache.&nbsp; I'm from Oregon in the United States and really enjoy the rain.&nbsp; While at Oregon State University I studied mathematics and physics with a lean towards error correcting codes and mathematical modelling …</p></summary><content type="html"><p>My name is Daniel Takamori and I'm so happy to be joining the Infra team here at Apache.&nbsp; I'm from Oregon in the United States and really enjoy the rain.&nbsp; While at Oregon State University I studied mathematics and physics with a lean towards error correcting codes and mathematical modelling.&nbsp; Some of my hobbies are playing Go in which I'm ranked 6.9 kyu by the AGA, cooking with eggs and green things, and old school platforming video games.&nbsp; In a former life I worked on underwater remotely operated vehicles and automated gardening systems.&nbsp; Traveling is something I liked to do once; living in Hungary was awesome and I hope to visit again. Oregon is a great place to live, with all the trees, rain and burritos but maybe things will change in the future.&nbsp; My handle Pono is my Hawaiian name, and I'm really proud to use it.<br/><br/>Previously I was at the Oregon State University Open Source Lab and really enjoyed my time there; getting to know the Open Source communities and even work with Apache!&nbsp; It was a real eye opening experience to the world of what software and DevOps (lol who knows what that even means).&nbsp; I'm very excited to continue working with the community and even more excited to start this next chapter with such an amazing group.<br/><br/>See you around internets!<br/></p>
-</content><category term="blog"></category></entry><entry><title>Planned downtime for ReviewBoard</title><link href="https://infra.apache.org/blog/planned_downtime_for_reviewboard.html" rel="alternate"></link><published>2015-08-19T19:19:38+00:00</published><updated>2015-08-19T19:19:38+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-08-19:/blog/planned_downtime_for_reviewboard.html</id><summary type="html"><div>
-<div>
-<div>The ReviewBoard vm ran out of space and despite our best
-efforts to fix the space issue without restarting the service, that is
-the only option left.<br/><br/></div>The plan is to restart the vm on
-Thursday August 20th at 21:00 UTC (14:00 PDT), but if it fills up …</div></div></summary><content type="html"><div>
-<div>
-<div>The ReviewBoard vm ran out of space and despite our best
-efforts to fix the space issue without restarting the service, that is
-the only option left.<br/><br/></div>The plan is to restart the vm on
-Thursday August 20th at 21:00 UTC (14:00 PDT), but if it fills up again
-before then, the resize will take place earlier.<br/><br/>
-</div>A tweet via @infrabot will be tweeted 1 hour before the scheduled downtime and a planned maintenance notice will be posted to <a href="http://status.apache.org" target="_blank">status.apache.org</a>.<br/><br/>
-</div>The actual downtime should take no more than 30 minutes.<br/><br/>The next email about this will be after the service has resumed from the <span>planned</span> downtime.<br/><br/>Thanks!<br/><br/>Geoff Corey
-</content><category term="blog"></category></entry><entry><title>Planned downtime for Jira1</title><link href="https://infra.apache.org/blog/planned_downtime_for_jira1.html" rel="alternate"></link><published>2015-08-03T23:07:37+00:00</published><updated>2015-08-03T23:07:37+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-08-03:/blog/planned_downtime_for_jira1.html</id><summary type="html"><p>There will be a planned reboot of Jira on Friday 7th August at 00:00 UTC.<br/><br/>This is 72 hours notice as recommended in our Core Services planned downtime SLA.<br/><br/>Currently, Jira requires a reboot when adding new projects to it. There is an outstanding <br/>ticket with Atlassian about this …</p></summary><content type="html"><p>There will be a planned reboot of Jira on Friday 7th August at 00:00 UTC.<br/><br/>This is 72 hours notice as recommended in our Core Services planned downtime SLA.<br/><br/>Currently, Jira requires a reboot when adding new projects to it. There is an outstanding <br/>ticket with Atlassian about this. They require logs and so these will be gathered at the <br/>time of the planned reboot. <br/><br/>Projects being added to Jira at this time will include:-<br/><br/>INFRA-9713 - Whimsy<br/><br/>and any more that get requested between now and downtime.<br/><br/>Any projects requiring issues to be imported from other issue trackers will NOT be done at <br/>this time.<br/><br/>A tweet via @infrabot will be tweeted 24 hrs and 1 hr before.<br/>A planned maintenance notice will be posted on status.apache.org.<br/><br/>Actual downtime should be no more than 10 minutes all being well.<br/><br/>The next email about this will be after the service has resumed from the planned downtime.<br/><br/>Thanks!</p>
-<p>Geoff Corey<br/></p>
-</content><category term="blog"></category></entry><entry><title>Mirroring to GitHub issues</title><link href="https://infra.apache.org/blog/mirroring_to_github_issues.html" rel="alternate"></link><published>2015-07-14T16:05:02+00:00</published><updated>2015-07-14T16:05:02+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-07-14:/blog/mirroring_to_github_issues.html</id><summary type="html"><p>As some of you are aware, there have been some issues syncing changes from repositories on <a href="https://git-wip-us.apache.org">https://git-wip-us.apache.org</a> to the mirrors on GitHub.</p>
-<p> </p>
-<p>The issues we are seeing:</p>
-<ul>
-<li>Pull requests not being closed when they should be</li>
-<li>Changes not being synced to the GitHub mirrors</li>
-<li>Bots other than …</li></ul></summary><content type="html"><p>As some of you are aware, there have been some issues syncing changes from repositories on <a href="https://git-wip-us.apache.org">https://git-wip-us.apache.org</a> to the mirrors on GitHub.</p>
-<p> </p>
-<p>The issues we are seeing:</p>
-<ul>
-<li>Pull requests not being closed when they should be</li>
-<li>Changes not being synced to the GitHub mirrors</li>
-<li>Bots other than asfgit closing PRs on Apache GitHub mirrors.</li>
-</ul>
-<p>We are looking into why changes are not being synced, as well as why PRs are not getting closed and why some PRs are being closed by other bots such as hubot.</p>
-<p> </p>
-<p>We will update this blog post as we get more information about the sync issues.<br/></p>
-</content><category term="blog"></category></entry><entry><title>Buildbot master currently off-line</title><link href="https://infra.apache.org/blog/buildbot_master_currently_off_line.html" rel="alternate"></link><published>2015-06-29T21:17:45+00:00</published><updated>2015-06-29T21:17:45+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-06-29:/blog/buildbot_master_currently_off_line.html</id><summary type="html"><p><b>Update (2015-06-30 ~12.00 UTC):</b></p>
-<p>The replacement buildbot master is now live. The CMS service and the <a href="http://ci.apache.org">ci.apache.org</a>&nbsp; website have been restored. The project CI builds are mostly working but builds that upload docs, snapshots etc. to the buildmaster for publishing are likely to fail at the upload …</p></summary><content type="html"><p><b>Update (2015-06-30 ~12.00 UTC):</b></p>
-<p>The replacement buildbot master is now live. The CMS service and the <a href="http://ci.apache.org">ci.apache.org</a>&nbsp; website have been restored. The project CI builds are mostly working but builds that upload docs, snapshots etc. to the buildmaster for publishing are likely to fail at the upload stage while we ensure all the necessary directory structures are in place to receive the uploads. Work to resolve these final few issues is ongoing.<br/></p>
-<p>We continue to try and contact the owner of the account where the IRC proxy was running. In case their account has been compromised, it remains locked. In addition, all their commits have been reviewed by other project committers and that review has confirmed that no malicious commits have been made by the account in question.</p>
-<p>The review of <a href="http://aegis.apache.org">aegis.apache.org</a>&nbsp; is ongoing. No evidence of compromise beyond the possible compromise of the single, non-privileged user account has been found.<br/></p>
-<p><b>Original post (2015-06-29 ~21.00 UTC):</b></p>
-<p>As per the e-mails to committers@ earlier today, <a href="http://aegis.apache.org">aegis.apache.org</a> is currently offline after a report was received that suspicious network traffic had been observed from that host. This blog post will be updated as more information becomes known.</p>
-<p><b>What we know:</b></p>
-<ul>
-<li>At ~16.00 UTC 28 June 2015 a report of suspicious network activity from a buildbot host was reported to the Apache security team.</li>
-<li>Further information was requested and at ~18.00 UTC 28 June 2015 the Apache Infrastructure team received a copy of network logs that showed a number of suspicious IRC connections originating from aegis.apache.org</li>
-<li>These IRC connections were traced to a non-privileged user account on <a href="http://aegis.apache.org">aegis.apache.org</a>&nbsp; running an open IRC proxy</li>
-<li>At ~20.00 UTC 28 June 2015 the user account concerned was locked for all ASF services and the proxy process terminated.</li>
-<li>At ~10.00 UTC 29 June 2015, after further discussion within the infrastructure team, aegis.apache.org was taken off-line as a precaution.</li>
-</ul>
-<p>It remains unclear whether the open IRC proxy was installed by the user that owned the account or whether their account was compromised and the IRC proxy was installed by an unauthorized user. <br/></p>
-<p>It is worth stressing that no further information came to light between 20.00 UTC 28 June 2015 and 10.00 UTC 29 June 2015 that triggered the decision to take the host off-line. The host was taken off-line purely as a precaution while we reviewed the available information. That process is ongoing. So far we have found no evidence to even suggest anything more than a user account being used to run an IRC proxy and plenty of evidence that suggests that this was the only activity this account was used for.<br/></p>
-<p><b>Risks:</b></p>
-<p>There is no risk to released source or binaries for any ASF project. There are multiple reasons for this:</p>
-<ul>
-<li>buildbot is a CI system used to build snapshots, not releases</li>
-<li>no builds are performed on <a href="http://aegis.apache.org">aegis.apache.org</a></li>
-</ul>
-<p>Buildbot is used to build some project web sites and / or project documentation. The risk of compromise here is viewed as very low for the following reasons:</p>
-<ul>
-<li>the builds do not take place on aegis.apache.org</li>
-<li>diffs of every change are sent to the relevant project team's mailing list for review and an unexpected / malicious change would be spotted</li>
-</ul>
-<p><b>Project impact:</b></p>
-<p> The following services are currently off-line and will remain so until the buildbot master is restored</p>
-<ul>
-<li>All buildbot builds</li>
-<li>Projects that use the CMS will be unable to update their web sites (the CMS uses buildbot to build web site updates)<br/></li>
-<li>the <a href="http://ci.apache.org">ci.apache.org</a>&nbsp; website<br/></li>
-</ul>
-<p><b>Work in progress:</b></p>
-<p>Analyzing <a href="http://aegis.apache.org">aegis.apache.org</a>&nbsp; is going to take time and, while we view the chances of a wider compromise of this host as very, very small, we are not willing to bring the host back on line at this point. This host was due for replacement so the decision has been taken to pull this work forward and rebuild the buildbot master on a new host now. We have taken this decision not because we believe <a href="http://aegis.apache.org">aegis.apache.org</a>&nbsp; to be compromised, but because it is possible to complete this work far more quickly than it is possible to confirm our view that <a href="http://aegis.apache.org">aegis.apache.org is not compromised.</a>&nbsp; We currently estimate that the rebuild of the new buildbot master host will be completed by 1 July 2015.<br/></p>
-<p>We continue to analyze the information we have obtained from <a href="http://aegis.apache.org">aegis.apache.org</a>&nbsp; and from other sources and will update this blog post as more information becomes available.</p>
-<p><b>Questions:</b></p>
-<p>Questions, concerns, comments etc. should be directed to infrastructure@apache.org <br/></p>
-</content><category term="blog"></category></entry><entry><title>Confluence Wiki service to be restarted</title><link href="https://infra.apache.org/blog/confluence_wiki_service_to_be.html" rel="alternate"></link><published>2015-06-10T08:32:13+00:00</published><updated>2015-06-10T08:32:13+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-06-10:/blog/confluence_wiki_service_to_be.html</id><summary type="html"><p>Hi All,<br/><br/>There will be a planned reboot of Confluence on Friday 12th June at 18:00 UTC+1<br/><br/>This is a blog post notice as recommended in our Core Services planned downtime SLA.<br/><br/>The Confluence wiki service configuration is stored in our Puppet configuration.<br/><br/>We have made some modifications …</p></summary><content type="html"><p>Hi All,<br/><br/>There will be a planned reboot of Confluence on Friday 12th June at 18:00 UTC+1<br/><br/>This is a blog post notice as recommended in our Core Services planned downtime SLA.<br/><br/>The Confluence wiki service configuration is stored in our Puppet configuration.<br/><br/>We have made some modifications to the Puppet Manifest affecting the Module that<br/>Confluence uses (cwiki_asf). Some code is being moved out from the module and <br/>into a host specific YAML file. This will make it easier for future hosts to reuse the <br/>module (such as an upgrade host currently awaiting these changes.)<br/>A twitter notification will be posted 1 hour before.<br/>A planned maintenance notice will be posted on status.apache.org.<br/><br/>If necessary we will make use this outage window to apply any OS updates and reboot <br/>the host VM.<br/><br/>Actual downtime should be no more than 1 hour all being well.<br/><br/>An email about this will be sent to infrastructure@ after the service has resumed from the planned downtime.</p>
-</content><category term="blog"></category></entry><entry><title>Planned downtime for Jira</title><link href="https://infra.apache.org/blog/planned_downtime_for_jira.html" rel="alternate"></link><published>2015-05-18T15:28:11+00:00</published><updated>2015-05-18T15:28:11+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-05-18:/blog/planned_downtime_for_jira.html</id><summary type="html"><p>Hi All,<br/><br/>There will be a planned reboot of Jira on Thursday 21st May at 16:00 UTC+1<br/><br/>This is 72 hours notice as recommended in our Core Services planned downtime SLA.<br/><br/>Currently, Jira requires a reboot when adding new projects to it. There is an outstanding <br/>ticket with …</p></summary><content type="html"><p>Hi All,<br/><br/>There will be a planned reboot of Jira on Thursday 21st May at 16:00 UTC+1<br/><br/>This is 72 hours notice as recommended in our Core Services planned downtime SLA.<br/><br/>Currently, Jira requires a reboot when adding new projects to it. There is an outstanding <br/>ticket with Atlassian about this. They require logs and so these will be gathered at the <br/>time of the planned reboot. <br/><br/>Projects being added to Jira at this time will include:-<br/><br/>INFRA-9516 - Myriad <br/>INFRA-9609 - Atlas <br/>INFRA-9635 - CMDA <br/><br/>and any more that get requested between now and downtime.<br/><br/>Any projects requiring issues to be imported from other issue trackers will NOT be done at <br/>this time.<br/><br/>A tweet via @infrabot will be tweeted 24 hrs and 1 hr before.<br/>A planned maintenance notice will be posted on status.apache.org.<br/><br/>Actual downtime should be no more than 10 minutes all being well.<br/><br/>The next email about this will be after the service has resumed from the planned downtime.<br/><br/>Thanks!<br/><br/>Gav&hellip;<br/></p>
-</content><category term="blog"></category></entry><entry><title>Mail Service Architecture Changes</title><link href="https://infra.apache.org/blog/mail_service_architecture_changes.html" rel="alternate"></link><published>2015-05-08T21:12:11+00:00</published><updated>2015-05-08T21:12:11+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-05-08:/blog/mail_service_architecture_changes.html</id><summary type="html"><p>For the past few months the Infrastructure team have been working extremely hard to re-design, implement and manage changes to the email service architecture. &nbsp;Today we are proud to announce that phase 1 of this has been completed, and has been running for several days now.</p>
-<p>Phase 1 covers all …</p></summary><content type="html"><p>For the past few months the Infrastructure team have been working extremely hard to re-design, implement and manage changes to the email service architecture. &nbsp;Today we are proud to announce that phase 1 of this has been completed, and has been running for several days now.</p>
-<p>Phase 1 covers all components of the service except the listserv service, and mail archives. &nbsp;These will be included in phase 2, which we will come onto later. When we started out on this project to review, update and manage our email infrastructure we had a several guiding principals that either the old system must be made to conform too; or any new service would need to meet before being accepted. &nbsp;When we talk about these principals really we are talking about criteria, these are:&nbsp;</p>
-<p> </p>
-<ul>
-<li>The service must be entirely managed (operationally) from our puppet service.&nbsp;</li>
-<li>The software (packages) must all be packaged - i.e. .deb's, either upstream or packaged locally and in our own repo. Deploying from source is no longer acceptable.</li>
-<li>All the work carried out by puppet et al must be idempotent</li>
-<li>We will not allow the service design to restrict our ability to either adapt it, or grow it at will and on demand.&nbsp;</li>
-</ul>
-<p>Very early on in the design and testing work it became clear that we needed clear separation of each of the roles in the email service infrastructure. This would allow us, in the future too add more capability of any given type if for some reason it were needed. Lets say for example we needed for SpamAssassin capability this can we scaled sideways and allow us to swallow the load without needing to also make it an MX host or listserv host etc.&nbsp;</p>
-<p> </p>
-<p>The design we have settled upon, with phase 1 complete can be seen in this diagram. <a href="http://www.apache.org/dev/mailflow.jpg" target="_blank">http://www.apache.org/dev/mailflow.jpg</a>&nbsp;- This diagram shows that we have deployed several MX hosts (each of which are more than capable of handling our entire inbound mail load comfortably); in differing AWS regions globally. This decision means that while we dont need 3 to cope with capacity we wanted 3 to cope with networking resilience should any of these instances suffer network degradation or outage. &nbsp;</p>
-<p>These MX hosts are simple Postfix instances that run <a href="http://www.postfix.org/POSTSCREEN_README.html" target="_blank">Postfix Postscreen</a>, RBL checks, and <a href="http://www.ijs.si/software/amavisd/" target="_blank">Amavisd-new</a>. &nbsp;This simple protection of only performing RBL checks at the edge frees up the internal scanning hosts from having to scan emails needlessly. Amavis is simply used to pass the emails internally for scanning.&nbsp;</p>
-<p>Once the mails have been passed on by the MX (and there is an interesting detail about how exactly the mails are handled by Amavis that might be a blog post in the near future) they are handled by our scanning cluster. This group of hosts utilise SpamAssassin, ClamAV and again Postfix. While these may not be new technologies, again having a dedicated host or hosts in our case allows us to tune the services specifically for the resources dedicated to scanning and not worry about choking other local services. Of course it also means that should we see a marked increase in mail volume we can easily deploy a new node in a matter of minutes and have it join the rotation and start scanning email.</p>
-<p>All of the scanning nodes are being fronted by a HAProxy instance, this allows us to load balance our nodes and not have to reconfigure the MX hosts should we change the number of scanning hosts. &nbsp;It also means we can take a node out of rotation for maintenance and none of the MX hosts need to be reconfigured or modified in anyway. </p>
-<p>As we said earlier this is only phase 1. &nbsp;You will see in the diagram that we are still running our old ezmlm/qmail stack. This will now become the focus of phase 2, to determine what changes, if any best suit our projects and the foundation as a whole. One of the failings of the current system is that if the listserv host goes down, mail basically stops flowing, as this is the authoritative host for all apache addresses. We will also be looking very hard as to how we can run multiple listserv hosts to remove that single point of failure concern.&nbsp;</p>
-<p>The foundation relies on email as it's official internal communication mechanism, this is evident no more than when we say "If it didn't happen on the list, it didn't happen". Moving this service forward will be a significant challenge, one which we hope to deliver as soon as we can.&nbsp;</p>
-<p>As always, if you have any questions please email <a href="mailto:infrastructure@apache.org">infrastructure@apache.org</a>&nbsp; and we will do what we can to help. <br/><br/></p>
-<p>On behalf of the Infrastructure Team<br/>--pctony &nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>Apache Services and SHA-1 SSL Cert deprecation</title><link href="https://infra.apache.org/blog/apache_services_and_sha_1.html" rel="alternate"></link><published>2015-04-29T23:02:29+00:00</published><updated>2015-04-29T23:02:29+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-04-29:/blog/apache_services_and_sha_1.html</id><summary type="html"><p>
-As some of you may have already encountered, certain services within Apache appear to have broken SSL support. While the cert is still valid, there is a part of the cert that both Microsoft and Google have stopped accepting as valid. We are working on fixing this and will use …</p></summary><content type="html"><p>
-As some of you may have already encountered, certain services within Apache appear to have broken SSL support. While the cert is still valid, there is a part of the cert that both Microsoft and Google have stopped accepting as valid. We are working on fixing this and will use this blogpost to track what services will be updated and when (as well as emails).</p>
-<p> </p>
-<p> </p>
-<p><u>Services:</u></p>
-<ul>
-<li><u></u>git-wip-us</li>
-<li>TLP sites</li>
-<li>SSL terminator (erebus-ssl)</li>
-<li>svn-master</li>
-<li>mail-relay</li>
-</ul>
-<p><u>Schedule:</u></p>
-<ul>
-<li>git-wip-us: <b>Friday May 1, 16:00 UTC</b><br/></li>
-<li>TLP sites: <b>Friday May 1, 16:00 UTC</b></li>
-<li>SSL terminator (erebus-ssl): <b>Friday May 1, 16:00 UTC</b></li>
-<li>svn-master: <b>Friday May 1, 16:00 UTC</b></li>
-<li>mail-relay: <b>Friday May 1, 16:00 UTC</b></li>
-</ul>
-</content><category term="blog"></category></entry><entry><title>Git based websites available</title><link href="https://infra.apache.org/blog/git_based_websites_available.html" rel="alternate"></link><published>2015-04-29T21:29:31+00:00</published><updated>2015-04-29T21:29:31+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-04-29:/blog/git_based_websites_available.html</id><summary type="html"><p>If you have worked on a web site for an Apache project, you've probably come across the fact that everything has to be in Subversion for web sites. The reason for this has been the desire to have a unified standard for publishing web site contents across all projects. The …</p></summary><content type="html"><p>If you have worked on a web site for an Apache project, you've probably come across the fact that everything has to be in Subversion for web sites. The reason for this has been the desire to have a unified standard for publishing web site contents across all projects. The current workflow is handled by two components, svnpubsub - a pubsub service for subversion - and svnwcsub, the client for svnpubsub. In&nbsp;2013 we added a similar method for Git, called gitpubsub. Nowadays, gitpubsub is used for a ton of different service messages in the ASF; Git commits, JIRA notifications, GitHub communication and so on, and as of today, we have added gitwcsub, a gitpubsub client similar to svnwcsub, <b>enabling projects to use git as their repository for web site content.</b></p>
-<p>&nbsp;In order to use git as your web site repository, you must have your web site in a git repo. This can either be an existing repository or a new one created just for your web site. gitwcsub will, by default, pull content from the <i>asf-site</i> branch of any repo set up for it, so all that needs to be done is to have this branch in a repo on <a href="http://git-wip-us.apache.org">git-wip-us.apache.org</a> and you can have your projects site published via git.</p>
-<p>To have your site transferred to a git based workflow, please file a JIRA ticket with infrastructure.</p>
-<p>Lastly, we want to thank the CouchDB project for being guinea pigs in this process!<br/></p>
-</content><category term="blog"></category></entry><entry><title>Apache gains additional Travis-CI capacity</title><link href="https://infra.apache.org/blog/apache_gains_additional_travis_ci.html" rel="alternate"></link><published>2015-04-15T20:32:10+00:00</published><updated>2015-04-15T20:32:10+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-04-15:/blog/apache_gains_additional_travis_ci.html</id><summary type="html"><p><span style="color: #222222; font-family: arial, sans-serif;"><a href="https://travis-ci.org" target="_blank">Travis-CI</a> is a distributed continuous integration platform that&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">integrates well with projects on GitHub. As many of our projects are&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">taking advantage of our <a href="https://blogs.apache.org/infra/entry/improved_integration_between_apache_and" target="_blank">GitHub integration</a>, they're also making use of&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">Travis-CI for testing of inbound patches.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">Travis CI offers a free account for open source projects, with a built …</span></p></summary><content type="html"><p><span style="color: #222222; font-family: arial, sans-serif;"><a href="https://travis-ci.org" target="_blank">Travis-CI</a> is a distributed continuous integration platform that&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">integrates well with projects on GitHub. As many of our projects are&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">taking advantage of our <a href="https://blogs.apache.org/infra/entry/improved_integration_between_apache_and" target="_blank">GitHub integration</a>, they're also making use of&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">Travis-CI for testing of inbound patches.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">Travis CI offers a free account for open source projects, with a built&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">in assumption that projects are generally a single project per GitHub&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">organization. The level of resources and jobs able to run is 'fair&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">use', which is fair indeed considering that is gratis.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">Of course, most GitHub organizations aren't as large as the Apache organization&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">on GitHub, and we recently discovered that the Foundation was one of the&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">largest gratis open source user of Travis CI.</span><span style="color: #222222; font-family: arial, sans-serif;">&nbsp;On average, our build queue length was in excess of 300 jobs.&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">While we appreciate the generosity of the Travis-CI folks, our demand&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">for their services was clearly outstripping the available supply. This&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">also meant that a lot of Apache projects were frustrated, or even&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">abandoning their efforts to use Travis-CI because the length of time&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">for a build to start was high enough to not really quality as&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">'continuous'.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">To that end, we've now purchased a subscription to Travis services,&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">and have moved from 'fair use' to having 30 concurrent builds. This&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">should be a dramatic increase in throughput for Apache projects who make use of Travis.</span></p>
-</content><category term="blog"></category></entry><entry><title>Introducing JIRA Service Desk</title><link href="https://infra.apache.org/blog/introducing_jira_service_desk.html" rel="alternate"></link><published>2015-04-13T20:21:14+00:00</published><updated>2015-04-13T20:21:14+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-04-13:/blog/introducing_jira_service_desk.html</id><summary type="html"><hr/>
-Infra no longer offers the Jira Service Desk. You can manage most standard service requests yourself through the <a href="https://selfserve.apache.org/" target="_blank">Self-Serve service</a>.
-<hr/>
-<p>As part of our ongoing efforts to streamline our service offerings, and to make it easier to interact with the Infrastructure team we are launching an instance of JIRA Service …</p></summary><content type="html"><hr/>
-Infra no longer offers the Jira Service Desk. You can manage most standard service requests yourself through the <a href="https://selfserve.apache.org/" target="_blank">Self-Serve service</a>.
-<hr/>
-<p>As part of our ongoing efforts to streamline our service offerings, and to make it easier to interact with the Infrastructure team we are launching an instance of JIRA Service Desk.&nbsp;</p>
-<p>This should make it much simpler to submit common JIRA issues, such as SVN-&gt;GIT migration, New wiki, New JIRA project, etc. The forms ask for the minimum amount of data we would need to complete the request.&nbsp;</p>
-<p>One common theme we found that delayed resolution was needing additional information to action tickets. Service Desk allows us to request the exact information needed for a specific task.&nbsp;</p>
-<p>We would like to ask everyone to start using this to submit new issues. You can access this new service here: &nbsp;<a href="https://helpinfrahelpyou.apache.org">https://helpinfrahelpyou.apache.org</a>&nbsp; &nbsp;or &nbsp;<a href="https://infrahelp.apache.org">https://infrahelp.apache.org</a></p>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>Downtime notice for the RW git repositories</title><link href="https://infra.apache.org/blog/downtime_notice_for_the_r.html" rel="alternate"></link><published>2015-01-12T15:02:12+00:00</published><updated>2015-01-12T15:02:12+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-01-12:/blog/downtime_notice_for_the_r.html</id><summary type="html"><p><span style="color: #222222; font-family: arial, sans-serif;">Folks,</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">Please note than on Thursday 15th at 20:00 UTC the Infrastructure team</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">will be taking the read/write git repositories offline.&nbsp; We expect</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">that this migration to last about 4 hours.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">During the outage the service will be migrated from an old host to a</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">new one.&nbsp; &nbsp;We …</span></p></summary><content type="html"><p><span style="color: #222222; font-family: arial, sans-serif;">Folks,</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">Please note than on Thursday 15th at 20:00 UTC the Infrastructure team</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">will be taking the read/write git repositories offline.&nbsp; We expect</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">that this migration to last about 4 hours.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">During the outage the service will be migrated from an old host to a</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">new one.&nbsp; &nbsp;We intend to keep the URL the same for access to the repos</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">after the migration, but an alternate name is already in place in case</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">DNS updates take too long.&nbsp; &nbsp;Please be aware it might take some hours</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">after the completion of the downtime for github to update and reflect</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">any changes.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">The Infrastructure team have been trialling the new host for about a</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">week now, and [touch wood] have not had any problems with it.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">The service is current;y available by accessing repos via:</span><br style="color: #222222; font-family: arial, sans-serif;"/><a href="https://git-wip-us.apache.org/" style="color: #1155cc; font-family: arial, sans-serif;" target="_blank"><a href="https://git-wip-us.apache.org">https://git-wip-us.apache.org</a></a><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">If you have any questions please address them to </span><a href="mailto:infrastructure@apache.org" rel="noreferrer" style="color: #1155cc; font-family: arial, sans-serif;" title="[GMCP] Compose a new mail to infrastructure@apache.org"><a href="mailto:infrastructure@apache.org">infrastructure@apache.org</a></a><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/></p>
-</content><category term="blog"></category></entry><entry><title>SVN Service Outage - PostMortem</title><link href="https://infra.apache.org/blog/svn_service_outage_postmortem.html" rel="alternate"></link><published>2014-12-09T09:58:37+00:00</published><updated>2014-12-09T09:58:37+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-12-09:/blog/svn_service_outage_postmortem.html</id><summary type="html"><p> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Summary</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;">On Wednesday December 3rd the main US host for the ASF subversion service fails resulting in loss of service. &nbsp;This loss of subversion service prevent committers from submitting any changes, and whilst we have an EU mirror it is read-only and does not allow for any changes to be …</span></p></summary><content type="html"><p> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Summary</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;">On Wednesday December 3rd the main US host for the ASF subversion service fails resulting in loss of service. &nbsp;This loss of subversion service prevent committers from submitting any changes, and whilst we have an EU mirror it is read-only and does not allow for any changes to be submitted whilst the master is offline.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;">The cause of the outage was a failed disk. This failed disk was part of a mirrored OS pair. &nbsp;Some time prior to this the alternate disk had also been replaced due to a failed state.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Timeline</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>0401 UTC 2014-10-26 -</strong> eris daily run output notes the degraded state of root disk gmirror</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1212 UTC 2014-10-30 -</strong> INFRA-8551 created to deal with gmirror degradation.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>2243 UTC 2014-12-02 -</strong> OSUOSL replaced disk in eris</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>0208 UTC 2013-12-03 -</strong> Subversion begins to crawl to a halt</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>0756 UTC 2013-12-03 -</strong> First contractor discovers something awry with subversion service</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>0834 UTC 2013-12-03 -</strong> Infrastructure sends out a notice about the svn issue</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>0916 UTC 2013-12-03 -</strong> Response to issue begins</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1010 UTC 2013-12-03 -</strong> First complaints about mail being slow/down</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1025 UTC 2013-12-03 -</strong> Discovery that email queue alerts had been silenced.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1225 UTC 2013-12-03 -</strong> Discovery that Eris outage affecting LDAP-based services including Jenkins and mail</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1613 UTC 2013-12-03 -</strong> First attempt at power cycling eris</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1717 UTC 2013-12-03 -</strong> Concern emerges that the 'good' disk in the mirror isn't.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1744 UTC 2013-12-03 -</strong> OSUOSL staff shows up in the office</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1752 UTC 2013-12-03 -</strong> Blog post went up.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1906 UTC 2014-12-03 -</strong> New hermes/baldr (hades) being set up for replacement of eris</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1911 UTC 2014-12-03 -</strong> #svnoutage clean room in hipchat began</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>2040 UTC 2014-12-03 -</strong> machine finally comes up and is usable.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>2050 UTC 2014-12-03 -</strong> confusion arises between which switch is in which rack. Impedance mismatch between what OSUOSL calls racks, and what we called racks.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] Tony Stevenson: which rack is this<br/></span><span style="font-family: Arial; -webkit-text-stroke-color: #000000;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] Tony Stevenson: 1, 2 or 3 <br/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] Justin Dugger (pwnguin): 19&nbsp; <br/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] David Nalley: what switch? <br/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] Justin Dugger (pwnguin): HW type: HP&nbsp; &nbsp; &nbsp; ProCurve 2530-48G&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OEM S/N 1: CN2BFPG1F5 <br/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] David Nalley: ^^^^^^^^^ points to this impedance mismatch for the postmortem <br/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] David Nalley: no label on the switch?<br/></span><strong style="font-family: Arial; -webkit-text-stroke-color: #000000;">2054 UTC 2014-12-03 -</strong><span style="font-family: Arial; -webkit-text-stroke-color: #000000;"> Data copy begins<br/></span><strong style="font-family: Arial; -webkit-text-stroke-color: #000000;">0441 UTC 2014-12-04 -</strong><span style="font-family: Arial; -webkit-text-stroke-color: #000000;"> data migration finished<br/></span><strong style="font-family: Arial; -webkit-text-stroke-color: #000000;">1457 UTC 2014-12-04 -</strong><span style="font-family: Arial; -webkit-text-stroke-color: #000000;"> SVN starts working again - testing begins<br/></span><strong style="font-family: Arial; -webkit-text-stroke-color: #000000;">0647 UTC 2014-12-05 -</strong><span style="font-family: Arial; -webkit-text-stroke-color: #000000;"> svn-master is operational again with viewvc</span></p>
-<p><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Problems</strong></span><br/> </p>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">It took us far too long to spin up replacement machine. This in fact took a few hours due to having to manually build the host from source media and encountering several BIOS/RaidController issues. &nbsp;Our endeavour to have automated provisioning of tin (bare metal) would certainly have improved this time considerably had it been available at the time of the event. &nbsp;</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Many machines pointing to eris.a.o for LDAP - not to a service name (such as ldap1-us-west for example) which meant we couldn&rsquo;t easily restore LDAP services for some US hosts without making them also think SVN services had also moved.&nbsp;</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Assigning of issues in JIRA - It has perhaps been a long held understanding that if an issue is assigned to someone in JIRA then they are actively managing that issue. This event clearly shows how fragile that belief is.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">DNS (geo) updates were problematic - Daniel will be posting a proposal on Thursday, which will outline our concerns around DNS and a viable way forward that meets our needs and is not reliant on us storing all the data in SVN to be able to effect changes to zones. (This proposal was not created as a tiger of this event, it has been worked on for a number of weeks now).</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">architectural problems for availability</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">We couldn't promote svn-eu to master - data differences/corruption&nbsp;<span style="font-kerning: none; color: #042eee; -webkit-text-stroke-color: #042eee;"><u><a href="https://issues.apache.org/jira/browse/INFRA-6236">https://issues.apache.org/jira/browse/INFRA-6236</a><br/><br/></u></span></span></li>
-<li>Current monitoring setup was not sufficient in catching disk errors and correctly alerting infra.&nbsp;</li>
-<p> </p>
-</ul> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-size: 14px; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>To Do</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Daniel to investigate and evaluate multimaster service availability.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Implement an extended SSL check that not only ensures the service is up, but also checks cert validity (expire, revocation status etc), and the certificate chain is valid.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">De-couple DNS from SVN</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">De-couple the SVN authz file from SVN directly. Also breser@ has suggested we use the authz validation tool available from the svn install we have on hades, &nbsp;as part of the template-&gt;active file generation process.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Move the ASF status page (http://status.apache.org) outside of our main colos so folks can continue to see it in the event of an outage.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Vendor provided hardware monitoring tools mandatory on all new hardware deployments.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Broader audience for incidents and status reports</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">More aggressive host replacement before these issues arise&nbsp;</span></li>
-</ul> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-size: 14px; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Things being considered</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Mandatory use of SNMP for enhanced data gathering.&nbsp;</span></li>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Issue &lsquo;nagging&rsquo; - develop some thoughts and ideas around the concept of auto-transitioning un-modified JIRA issues after N hours of in activity and actively nag the group until an update is made. This for example is how Atlassian (and so many others) handle their issues. &nbsp;For example if an end-user doesn&rsquo;t update the issue within 5 days, it is automatically closed, if we don&rsquo;t update an open issue within 6 hours for a critical issue then we get nagged about it.&nbsp;</span></li>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Automatically create new JIRA issues (utilising above mentioned auto-transition) to notify of hardware issues (not just relying on hundreds of cron emails a day).</span></li>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Again as part of a wider thinking of how we use issue tracking consider the concept that you only assign an issue to yourself if you are explicitly working on it at that moment, i.e it should not sit in the queue assigned to someone for &gt; N hours and not receive any updates.&nbsp;</span></li>
-</ul> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-size: 14px; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Things that went well</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">The people working on the issue worked extremely well as a team. &nbsp;Communicating with one another via hipchat and helping each other along where required. &nbsp;There was a real sense of camaraderie for the first time in a very long time and this see of team helped greatly.&nbsp;</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">The team put in a bloody hard shift.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">There is now a very solid understanding of the SVN service across at least 4 members of the team, as opposed to 2 x0.5 understandings before.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">A much broader insight into the current design of our infrastructure was gained by the newer members of the team.&nbsp;</span></li>
-</ul>
-</content><category term="blog"></category></entry><entry><title>Subversion master undergoing emergency maintenance</title><link href="https://infra.apache.org/blog/subversion_master_undergoing_emergency_maintenance.html" rel="alternate"></link><published>2014-12-03T17:52:32+00:00</published><updated>2014-12-03T17:52:32+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-12-03:/blog/subversion_master_undergoing_emergency_maintenance.html</id><summary type="html"><p>
-The primary master machine that hosts the Apache Software Foundation's subversion repositories is currently undergoing some emergency maintenance due to disk errors.<br/>
-We do not currently have an ETA on when this will be fixed.<br/> <br/>
-In the meantime, there will be no access to commit to SVN.<br/>
-The read-only mirror …</p></summary><content type="html"><p>
-The primary master machine that hosts the Apache Software Foundation's subversion repositories is currently undergoing some emergency maintenance due to disk errors.<br/>
-We do not currently have an ETA on when this will be fixed.<br/> <br/>
-In the meantime, there will be no access to commit to SVN.<br/>
-The read-only mirror at <a href="http://svn.eu.apache.org" target="_blank">svn.eu.apache.org</a> is still working.</p>
-<p><u><b>UPDATE: 18:30 UTC, 3 December 2014</b></u></p>
-<p>The machine that hosts the SVN master suffered root filesystem corruption. This corruption led to a severe degradation of the SVN service, and to repair the issue the service was taken down. </p>
-<p>This filesystem is separate from the filesystem that hosts the SVN repositories. We expect no data loss from this issue. (And we have multiple copies of this data available to us.)&nbsp;</p>
-<p>We'll be keeping this blog post updated with more details as they become available. </p>
-<p><b><u>UPDATE: 21:30 UTC, 3 December 2014</u></b></p>
-<p>We've removed the master from DNS rotation, so read-only access remains accessible everywhere. </p>
-<p>Commits to SVN remain disabled while we work on restoring the service.&nbsp;</p>
-<p> </p>
-<p><b><u>UPDATE: 04:45 UTC, 4 December 2014</u></b></p>
-<p>&nbsp;The service remains offline while we work on moving the service to a new host. &nbsp;During the work to resolve the failed disks on eris (the previous host) it became apparent that it would not be the best use of our time to keep working on this (and we had frankly lost faith in the disks).&nbsp;</p>
-<p>We are now several hours into this move. &nbsp;The data has been synchronised to the new host, and now we are working on porting the configuration of the old host into puppet and making it fit the new setup on which it will be run. &nbsp;We don't currently have an exact time when we think it will be finished, but we are hopeful it will be during Thursday 4th December 2014.</p>
-<p>We'd like to apologise the downtime, but we are taking actions that we feel are in the best interests of a key piece of foundation infrastructure. &nbsp;As always you can come and find us in the Hipchat channel #asfinfra -&nbsp;<a href="https://www.hipchat.com/gdAiIcNyE" title="https://www.hipchat.com/gdAiIcNyE">https://www.hipchat.com/gdAiIcNyE</a>&nbsp;if you have any questions.&nbsp;</p>
-<p> --pctony</p>
-<p> </p>
-<p><b><u>UPDATE: 11:18 UTC, 4 December 2014</u></b></p>
-<p>&nbsp;We are performing sanity checks on the new puppetized configuration. For historical reasons, our svn system has relied on specially crafted versions of svn, which we are attempting to replace with canonical release versions instead, so as to easier set up a new host, should we experience another major outage. This entails a lot of rewriting of scripts, but we expect most of this to have been done now, pending a full system check.<br/></p>
-<p>Once all this is done, we will be performing authorization checks to make sure everything is as it should be, and when satisfied, we will reopen the svn repo for committers.<br/></p>
-<p>The ETA is still uncertain, but remains a hopeful "today" (Thursday, December 4th). </p>
-<p>--humbedooh <br/></p>
-<p><b><u>UPDATE: 16:15 UTC, 4 December 2014</u></b></p>
-<p>We are nearly there. We are currently putting the finishing touches to the config, and we will begin closed testing within the infrastructure group very soon. Assuming this goes well we will aim to open the service as soon as possible after this. &nbsp;</p>
-<p>The delay will come when we ensure that no data could be lost as a result of re-starting the service. &nbsp;Data security and provenance is our utmost concern.&nbsp;</p>
-<p>More news to follow in the next couple of hours hopefully. </p>
-<p>--pctony&nbsp;</p>
-<p> </p>
-<p><b><u>UPDATE: 03:01 UTC, 5 December 2014 &nbsp;[FINAL UPDATE]&nbsp;</u></b></p>
-<p>Well. As of 5 minutes ago the main subversion service was restored. Only one repository is currently not available, the dist repository used by projects to stage dev and release outputs. This will be fixed ASAP.&nbsp;</p>
-<p>If you spot any issues with the service, in the first instance please hop onto HipChat and chat to us - <a href="https://www.hipchat.com/gdAiIcNyE">https://www.hipchat.com/gdAiIcNyE</a>.&nbsp; Or you can use the usual email address <a href="mailto:infrastructure@apache.org">infrastructure@apache.org</a>&nbsp; if you prefer that.</p>
-<p>This outage has forced us to review the setup of the primary subversion host and as a result of this we have made many changes to bring it inline with our current practice and standards. This involved re-engineering quite a lot of things that had accumulated over the years, and like many a good onion the more layers we peeled back the more we sobbed.&nbsp;</p>
-<p>We are happy to report that this host is now completely managed with puppet, and is delivering metrics to our instance of Circonus very happily. </p>
-<p>Once again thank you for your patience and we hope that the service feels a lot more sprightly on it's new host.&nbsp;</p>
-<p>Cheers,<br/>On behalf of the Apache Infrastructure Team</p>
-<p>--pctony&nbsp;</p>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>MoinMoin Service - User Account Tidy Up</title><link href="https://infra.apache.org/blog/moinmoin_service_user_account_tidy.html" rel="alternate"></link><published>2014-11-21T12:17:17+00:00</published><updated>2014-11-21T12:17:17+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-11-21:/blog/moinmoin_service_user_account_tidy.html</id><summary type="html"><hr/>
-**Note**: We no longer use the MoinMoin service. Projects can create a wiki in the <a href="https://infra.apache.org/cwiki.html" target="_blank">ASF Confluence Wiki</a>.
-<hr/>
-<p>In recent months we have become increasingly aware of a slowing down of our MoinMoin wiki service. &nbsp;We have attributed this, at least in part, due to the way MoinMoin stores some …</p></summary><content type="html"><hr/>
-**Note**: We no longer use the MoinMoin service. Projects can create a wiki in the <a href="https://infra.apache.org/cwiki.html" target="_blank">ASF Confluence Wiki</a>.
-<hr/>
-<p>In recent months we have become increasingly aware of a slowing down of our MoinMoin wiki service. &nbsp;We have attributed this, at least in part, due to the way MoinMoin stores some data about user accounts. &nbsp;</p>
-<p>Across all of our wiki instances (in the farm) we had a little over 1.08 million distinct user accounts. &nbsp;Many of which have never been used (spam etc). &nbsp;So we have decided to archive all users who have not accessed any of the wiki sites they were registered for in more than 128 days. &nbsp;</p>
-<p>This has resulted in us being able to archive a little over 800k users. &nbsp;This leaves us with around 200k users across 77 wikis. This still feels very high, and in the coming weeks we will investigate further still in how we can better understand if those remaining accounts are making valid changes, or are they just link farm home pages.</p>
-<p>If you think your account was affected by this, and you would like to have your account restored, then please contact the Infra team using this page&nbsp;<a href="http://www.apache.org/dev/infra-contact">http://www.apache.org/dev/infra-contact</a> <br/><br/><br/>Thanks,<br/>ASF Infra Team<br/><br/></p>
-</content><category term="blog"></category></entry><entry><title>Code signing service now available</title><link href="https://infra.apache.org/blog/code_signing_service_now_available.html" rel="alternate"></link><published>2014-10-06T16:36:09+00:00</published><updated>2014-10-06T16:36:09+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-10-06:/blog/code_signing_service_now_available.html</id><summary type="html"><p>The ASF Infrastructure team is pleased to announce the availability of a new code signing service for Java, Windows and Android applications. This service is available to any Apache project to use to sign their releases. Traditionally, Apache projects have shipped source code. The code tarballs are signed with a …</p></summary><content type="html"><p>The ASF Infrastructure team is pleased to announce the availability of a new code signing service for Java, Windows and Android applications. This service is available to any Apache project to use to sign their releases. Traditionally, Apache projects have shipped source code. The code tarballs are signed with a GPG signature to allow users and providers to verify the code's authenticity, but users have either compiled their own applications or some projects have provided convenience binaries. With projects like Apache OpenOffice, users expect to receive binaries that are ready to run. Today's desktop and mobile operating systems expect that binaries will be signed by the vendor -- which had left a gap to be filled for Apache projects. &nbsp;</p>
-<p>After a great deal of research, we have chosen Symantec's <a href="http://www.symantec.com/code-signing/secure-app-service">Secure App Service</a> offering to provide code signing service. This allows us to granularly permit access; and each PMC will have their own certificate(s) for signing. The per-project nature of certificate issuance allows us to revoke a signature without disrupting other projects.&nbsp;</p>
-<p>This service will permit projects to sign artifacts either via a web GUI or a SOAP API. In addition a <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/projects/code-signing/java-client/">Java client</a> and an <a href="http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/buildutil/SignCode.java?view=log">ant task</a> for signing have been written and a maven plugin is <a href="http://mail-archives.apache.org/mod_mbox/www-infrastructure-dev/201409.mbox/%3C542181B4.4030104%40apache.org%3E">under development</a>.<br/></p>
-<p>This service results in a 'pay for what you use' scenario, so PMCs are asked to use the service responsibly. To that end, projects will have access to a test environment to ensure that they have their process working correctly before consuming actual credits.</p>
-<p>Thus far, we've had two projects who have helped testing this and working out process for which we are very grateful. Those projects, Commons and Tomcat, have successfully released signed artifacts recently. (Commons Daemon 1.0.15 and Tomcat 8.0.14)</p>
-<p>Projects that wish to use this service should <a href="https://reference.apache.org/pmc/newcodesigning">open an Infra JIRA ticket</a> under the Codesigning component. Further <a href="https://reference.apache.org/pmc/codesigning">information for projects using the service</a> is also maintained by the infra team<br/></p>
-</content><category term="blog"></category></entry><entry><title>GitHub pull request builds now available on builds.apache.org</title><link href="https://infra.apache.org/blog/github_pull_request_builds_now.html" rel="alternate"></link><published>2014-10-02T13:00:00+00:00</published><updated>2014-10-02T13:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-10-02:/blog/github_pull_request_builds_now.html</id><summary type="html"><p><font face="arial, helvetica, sans-serif"><span style="font-stretch: normal;">The ASF Infrastructure team is happy to announce that you can now set up jobs on <a href="https://builds.apache.org">builds.apache.org</a> to listen for pull requests to <a href="https://github.com/apache">github.com/apache</a> repositories, build that pull request&rsquo;s changes, and then comment on the pull request with the build&rsquo;s results. This is done …</span></font></p></summary><content type="html"><p><font face="arial, helvetica, sans-serif"><span style="font-stretch: normal;">The ASF Infrastructure team is happy to announce that you can now set up jobs on <a href="https://builds.apache.org">builds.apache.org</a> to listen for pull requests to <a href="https://github.com/apache">github.com/apache</a> repositories, build that pull request&rsquo;s changes, and then comment on the pull request with the build&rsquo;s results. This is done using the <a href="http://www.cloudbees.com/products/jenkins-enterprise">Jenkins Enterprise</a> <a href="https://wiki.cloudbees.com/bin/view/DEV/Github+Pull+Request+Validation">GitHub pull request builder plugin</a>, generously provided to the ASF by our friends at <a href="http://www.cloudbees.com/">CloudBees</a>. We've set up the necessary hooks on all github.com/apache repositories that are up as of Wednesday, Oct 1, 2014, and will be adding the hooks to all new repositories going forward.</span><br/> <span style="font-stretch: normal;"></span><br/> <span style="font-stretch: normal;">Here&rsquo;s what you need to do to set it up:</span><br/> </font></p>
-<ul>
-<li><font face="arial, helvetica, sans-serif">Create a new job, probably copied from an existing job.</font></li>
-<li><font face="arial, helvetica, sans-serif">Make sure you&rsquo;re not doing any &ldquo;mvn deploy&rdquo; or equivalent in the new job - this job shouldn&rsquo;t be deploying any artifacts to Nexus, etc.</font></li>
-<li><font face="arial, helvetica, sans-serif">Check the "Enable Git validated merge support&rdquo; box - you can leave the first few fields set to their default, since we&rsquo;re not actually pushing anything. This is just required to get the pull request builder to register correctly.</font></li>
-<li><font face="arial, helvetica, sans-serif"><span style="font-stretch: normal;">Set the &ldquo;GitHub project&rdquo; field to the HTTP URL for your repository - i.e.,"http://github.com/apache/incubator-brooklyn/"</span><span style="font-stretch: normal;">- make sure it ends with that trailing slash and doesn&rsquo;t include .git, etc.</span></font></li>
-<li><font face="arial, helvetica, sans-serif"><span style="font-stretch: normal;"></span>In the Git SCM section of the job configuration, set the repository URL to point to the GitHub git:// URL for your repository - i.e.,&nbsp;git://github.com/apache/incubator-brooklyn.git.</font></li>
-<li><font face="arial, helvetica, sans-serif">You should be able to leave the &ldquo;Branches to build&rdquo; field as is - this won&rsquo;t be relevant anyway.</font></li>
-<li><font face="arial, helvetica, sans-serif">Click the &ldquo;Add&rdquo; button in &ldquo;Additional Behaviors&rdquo; and choose "Strategy for choosing what to build&rdquo;. Make sure the choosing strategy is set to &ldquo;Build commits submitted for validated merge&rdquo;.</font></li>
-<li><font face="arial, helvetica, sans-serif">Uncheck any existing build triggers - this shouldn&rsquo;t be running on a schedule, polling, running when SNAPSHOT dependencies are built, etc.</font></li>
-<li><font face="arial, helvetica, sans-serif">Check the &ldquo;Build pull requests to the repository&rdquo; option in the build triggers.</font></li>
-<li><font face="arial, helvetica, sans-serif">Optionally change anything else in the job that you&rsquo;d like to be different for a pull request build than for a normal build - i.e., any downstream build triggers should probably be removed, &nbsp;you may want to change email recipients, etc.</font></li>
-<li><font face="arial, helvetica, sans-serif">Save, and you&rsquo;re done!</font></li>
-</ul>
-<p> <span style="font-stretch: normal;"><font face="arial, helvetica, sans-serif">Now when a pull request is opened or new changes are pushed to an existing pull request to your repository, this job will be triggered, and it will build the pull request. A link will be added to the pull request in the list of builds for the job, and when the build completes, Jenkins will comment on the pull request with the build result and a link to the build at <a href="https://builds.apache.org">builds.apache.org</a>.&nbsp;</font></span></p>
-<p><font face="arial, helvetica, sans-serif"><span style="font-stretch: normal;"></span>In addition, you can also use the "Build when a change is pushed to GitHub" option in the build triggers for non-pull request jobs, instead of polling - Jenkins receives notifications from GitHub whenever one of our repositories has been pushed to. Jenkins can then determine which jobs use that repository and the branch that was pushed to, and trigger the appropriate build.<br/> <span style="font-stretch: normal;"></span><br/> <span style="font-stretch: normal;">If you have any questions or problems, please email builds@apache.org or open a BUILDS JIRA at <a href="https://issues.apache.org/jira/browse/BUILDS/">issues.apache.org</a>.&nbsp;</span></font> </p>
-</content><category term="blog"></category></entry><entry><title>Committer shell access to people.apache.org</title><link href="https://infra.apache.org/blog/committer_shell_access_to_people.html" rel="alternate"></link><published>2014-09-25T23:38:41+00:00</published><updated>2014-09-25T23:38:41+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-09-25:/blog/committer_shell_access_to_people.html</id><summary type="html"><p>Apache committers are granted shell access to a host known as either people.apache.org or minotaur. As you may know, there has been a two year grace period in which we have advertised the upcoming change away from password logins to SSH key only.</p>
-<p>Due to a significant recent …</p></summary><content type="html"><p>Apache committers are granted shell access to a host known as either people.apache.org or minotaur. As you may know, there has been a two year grace period in which we have advertised the upcoming change away from password logins to SSH key only.</p>
-<p>Due to a significant recent increase in security issues, the Infrastructure team has taken steps to complete the implementation of key-only logins to protect ASF computing resources.&nbsp;</p>
-<p>If you can't access the host anymore then it is very likely you do not have your key stored in LDAP. &nbsp;Please check your LDAP data in https://id.apache.org - and add your key(s) if they are not present.&nbsp; If necessary, ensure your keys are loaded locally (for linux see <a href="http://linux.die.net/man/1/ssh-add">http://linux.die.net/man/1/ssh-add</a>&nbsp; and <a href="http://linux.die.net/man/1/ssh-agent">http://linux.die.net/man/1/ssh-agent</a>)<br/></p>
-<p>The host will pick up this change within 5 minutes of you making your change and you should be able to get in again. </p>
-<p>As always if you have any issues please open a JIRA issue in the INFRA project and we will help you as soon as we can. &nbsp;</p>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>Committers mail relay service</title><link href="https://infra.apache.org/blog/committers_mail_relay_service.html" rel="alternate"></link><published>2014-09-25T22:57:44+00:00</published><updated>2014-09-25T22:57:44+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-09-25:/blog/committers_mail_relay_service.html</id><summary type="html"><p>For a very long time now we have allowed committers to send email from their @apache.org email address from any host. &nbsp;10 years ago this was less of an issue than it is today. &nbsp;In the current world of mass spam and junk flying around, mail server providers are …</p></summary><content type="html"><p>For a very long time now we have allowed committers to send email from their @apache.org email address from any host. &nbsp;10 years ago this was less of an issue than it is today. &nbsp;In the current world of mass spam and junk flying around, mail server providers are trying to find better ways to implement a sense of safety from this for their users. &nbsp;One such method is SPF [1]. These methodologies check that incoming email actually originated via a valid mail server for the senders domain.&nbsp;</p>
-<p>For example if you send from myuserid@apache.org, but you just send that via your ISP at home, it could be construed as being junk as it never came via an apache.org mail server. &nbsp;Some time ago we setup a service on people.apache.org to cater for this, but it was never enforced and it seems that the SMTP daemon running the service is not 100% RFC compliant and thus some people have been unable to use this service.</p>
-<p>As of today, we have stood up a new service on host mail-relay.apache.org that will allow committers to send their apache.org emails via a daemon that is RFC compliant and uses your LDAP credentials. You can read here [2] what settings you will need to be able to use this service.&nbsp;</p>
-<p>On Friday October 10th, at 13:00 UTC the old service on people.apache.org will be terminated, and the updates to the DNS to enforce sending of all apache.org email to have originated via an ASF mail server will be enabled. This means that as of this time if you do not send your apache.org email via mail-relay it is very likely that the mail will not reach it's destination. &nbsp;</p>
-<p>When we say 'send your apache.org email' &nbsp;- we mean that when you send *<b>from</b>* your userid@apache.org email. &nbsp; Emails sent *<b>to</b>* any apache.org email address will not affected by this.&nbsp;</p>
-<p> </p>
-<p>[1] - <a href="http://en.wikipedia.org/wiki/Sender_Policy_Framework" title="http://en.wikipedia.org/wiki/Sender_Policy_Framework">http://en.wikipedia.org/wiki/Sender_Policy_Framework</a></p>
-<p>[2] - <a href="https://reference.apache.org/committer/email#sendingemailfromyourapacheorgemailaddress" title="https://reference.apache.org/committer/email#sendingemailfromyourapacheorgemailaddress">https://reference.apache.org/committer/email#sendingemailfromyourapacheorgemailaddress</a> </p>
-</content><category term="blog"></category></entry><entry><title>Nexus reduced performance issues resolved</title><link href="https://infra.apache.org/blog/nexus_reduced_performance_issues_resolved.html" rel="alternate"></link><published>2014-09-11T09:19:46+00:00</published><updated>2014-09-11T09:19:46+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-09-11:/blog/nexus_reduced_performance_issues_resolved.html</id><summary type="html"><p>&nbsp;&nbsp; &nbsp;HI All,<br/><br/>So Tuesday morning we got a report in IRC that a committer was trying to get a release out <br/>and could not deploy. Shortly after a Nexus issue was reported in Jira INFRA-8321. A few <br/>hours later another issue INFRA-8322 related to Nexus was opened. So far, nothing …</p></summary><content type="html"><p>&nbsp;&nbsp; &nbsp;HI All,<br/><br/>So Tuesday morning we got a report in IRC that a committer was trying to get a release out <br/>and could not deploy. Shortly after a Nexus issue was reported in Jira INFRA-8321. A few <br/>hours later another issue INFRA-8322 related to Nexus was opened. So far, nothing unusual <br/>about that.<br/><br/>Yesterday, more issues reported on IRC/HipChat, and more issues opened.<br/>(INFRA-8326,INFRA-8327,INFRA-8328, INFRA-8334). By then it was obvious this more than <br/>a coincidence and it was already being looked into.<br/><br/>Twitter notifications and emails were sent out declaring the degraded performance an outage <br/>and On Call was full time looking into the issue. Others joined the call to assist and eventually <br/>the outage was determined to be a change to LDAP configuration made 2 days ago by Infra.<br/><br/>(See infra:r921805 for the revert of that.)<br/><br/>The LDAP change was made to improve response times as it was being reported as being slow<br/>to return queries. Reverting the change cured the issues Nexus was having contacting the <br/>groups that committers belonged to.<br/><br/>There will be another avenue looked into for improving LDAP query response times whilst not <br/>affecting those services that connect via anon bind.<br/><br/>Infra thanks everyone for their patience whilst this was looked into and resolved.<br/><br/>Thanks go to those involved in working towards the solution:-<br/><br/>Gavin McDonald (gmcdonald) <br/>Tony Stevenson (pctony)<br/>Chris Lambertus (cml)<br/>Daniel Gruno (humbedooh)<br/>Brian Fox (brianf)<br/><br/>Cheers<br/><br/>Gav&hellip;<br/></p>
-</content><category term="blog"></category></entry><entry><title>On-demand workers from Rackspace added to builds.apache.org</title><link href="https://infra.apache.org/blog/on_demand_workers_from_rackspace.html" rel="alternate"></link><published>2014-09-04T13:00:00+00:00</published><updated>2014-09-04T13:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-09-04:/blog/on_demand_workers_from_rackspace.html</id><summary type="html"><div>A couple of weeks ago, Apache's Infrastructure team added a new feature to our Jenkins server, <a href="http://builds.apache.org">builds.apache.org</a> to help deal with the at times overwhelming queues of builds waiting for an executor. While this has been improved dramatically by the increase in workers generously provided by Yahoo! on …</div></summary><content type="html"><div>A couple of weeks ago, Apache's Infrastructure team added a new feature to our Jenkins server, <a href="http://builds.apache.org">builds.apache.org</a> to help deal with the at times overwhelming queues of builds waiting for an executor. While this has been improved dramatically by the increase in workers generously provided by Yahoo! on physical hosts, we're always trying to look forward and be prepared for increased usage in the future.&nbsp;</div>
-<div><br/></div>
-<div>To that end, we've set up worker images on Rackspace, generated using the fantastic tool <a href="http://packer.io" target="_blank">Packer</a>. Using the <a href="http://jclouds.apache.org">Apache jclouds</a> <a href="https://wiki.jenkins-ci.org/display/JENKINS/JClouds+Plugin">plugin for Jenkins</a>, Ubuntu workers will be spun up dynamically on Rackspace using those images when there's a queue of pending builds that are able to run on the &ldquo;ubuntu&rdquo; label. Up to five of these workers can be running at a time, and they're automatically removed from Jenkins and destroyed on Rackspace once they've been idle a set period of time. This burst capacity will help us prevent a long wait for builds to run on <a href="http://builds.apache.org">builds.apache.org</a>.</div>
-<div><br/></div>
-<div>We're able to do this thanks to Rackspace generously donating resources to the Apache Software Foundation. We're extremely grateful for this, and if any other public cloud providers are also interested in donating compute cycles to the Foundation, please contact the Infrastructure team.</div>
-<div><br/></div>
-<div>One thing to note - the worker image we're using is still new and may have bugs in it. If you see your build suddenly failing for mysterious reasons, please take a look at the worker it ran on - if it's a worker named something like &ldquo;jenkins-ubuntu-1404-4gb-abc&rdquo;, please open a BUILDS JIRA at <a href="https://issues.apache.org">issues.apache.org</a> with a link to the failing build and we'll investigate.</div>
-<div><br/></div>
-<div>We've got more improvements for <a href="http://builds.apache.org">builds.apache.org</a> planned for the future, and we're looking forward to sharing them with all of you - there'll be a talk at ApacheCon EU this November on the current status of Jenkins at the ASF, what we've done to stabilize and improve the developer experience on <a href="http://builds.apache.org">builds.apache.org</a>&nbsp;this year, and what's planned for the future - hope to see you there!</div>
-</content><category term="blog"></category></entry><entry><title>Infrastructure Team Adopting an On-Call Rotation</title><link href="https://infra.apache.org/blog/infrastructure_team_adopting_an_on.html" rel="alternate"></link><published>2014-08-18T13:00:00+00:00</published><updated>2014-08-18T13:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-08-18:/blog/infrastructure_team_adopting_an_on.html</id><summary type="html"><p>As the Apache Software Foundation (ASF) has grown, the infrastructure required to support its diverse set of projects has grown as well. To care for the infrastructure that the ASF depends on, the foundation has hired several contractors to supplement the dedicated cadre of volunteers who help maintain the ASFs …</p></summary><content type="html"><p>As the Apache Software Foundation (ASF) has grown, the infrastructure required to support its diverse set of projects has grown as well. To care for the infrastructure that the ASF depends on, the foundation has hired several contractors to supplement the dedicated cadre of volunteers who help maintain the ASFs hardware and services. To best utilize the time of our paid contractors and volunteers, the Infrastructure team will be adopting an on-call rotation to meet requests and resolve outages in a timely fashion.&nbsp;</p>
-<h3>Why We're Establishing an On-Call Rotation
-</h3>
-<p>
-In groups, especially groups that are charged with overlapping duties, there's occasionally a sense of <a href="http://en.wikipedia.org/wiki/Diffusion_of_responsibility" target="_blank">diffusion of responsibility</a>. There tends to be a good number of tasks or incidents that routinely occur that need a clear owner. We've also tried to set expectations around our service levels relative to the importance of a service. In example, a new mailing list can be set up as convenient, but a failing mail service needs to be addressed immediately.
-</p>
-<p>The technical side of this has been that we have historically alerted via email and/or SMS about any urgent issues that came up. Of course those alerts went to everyone on the team. If the alert occurs at an inconvenient time, either everyone responds, which is likely wasteful, or no one responds thinking someone else will.
-</p>
-<p>At the Infrastructure team's face to face meeting in July we decided we'd adopt an on-call rotation for the contractors so that everyone wasn't responsible for everything all of the time. We then went looking for something to let us sanely (and without building it ourselves) deal with that. </p>
-<p>
-<p>We ended up choosing <a href="https://pagerduty.com" target="_blank">PagerDuty</a>, which has a number of ways of receiving alerts. More importantly, it allows us to set a schedule, easily override it for holidays or illnesses, and do so programmatically. It also seamlessly integrates with <a href="https://hipchat.com">HipChat</a>, which Infrastructure is running a trial of and communicates with our mobile devices. </p></p>
-<p>
-<p>PagerDuty also supports a clear escalation path that begins alerting other people about issues if the person on-call fails to respond in a timely manner. Additionally, PagerDuty's mobile apps are built with <a href="https://cordova.apache.org">Apache Cordova</a>, which is an interesting circle. We've finished our trial and decided to adopt PagerDuty. PagerDuty&nbsp;was especially gracious and made our account gratis.</p>
-</p>
-<p>Adopting an on-call rotation will allow us to provide a better service and response time, while also clearly setting expectations around contractor availability so they can relax on their off weeks. </p>
-<p>
-<p>If you have questions or want to get involved, feel free to join us on the infrastructure mailing list <a href="mailto:infrastructure@apache.org">infrastructure@apache.org</a> or joining us in our <a href="http://www.hipchat.com/gw4Cfp7JY" target="_blank">Hipchat room</a>.</p>
-</p>
-</content><category term="blog"></category></entry><entry><title>New status page for the ASF</title><link href="https://infra.apache.org/blog/new_status_page_for_the.html" rel="alternate"></link><published>2014-08-14T13:45:53+00:00</published><updated>2014-08-14T13:45:53+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-08-14:/blog/new_status_page_for_the.html</id><summary type="html"><p>We are pleased to announce that we have a new status page for our infrastructure and the ASF as a whole.</p>
-<p>Where we have previously been focused on reporting the up/down status of our services, we have now begun to look a bit more at the broader picture of …</p></summary><content type="html"><p>We are pleased to announce that we have a new status page for our infrastructure and the ASF as a whole.</p>
-<p>Where we have previously been focused on reporting the up/down status of our services, we have now begun to look a bit more at the broader picture of the ASF; What's going on, who is committing how much, where are emails going, what's going on on GitHub mirrors and so on, as well as tracking uptime and availability for our public services that power the ASF's online presence. </p>
-<p>The result of this broader scope can be seen on: <a href="http://status.apache.org" target="_blank" title="http://status.apache.org">http://status.apache.org</a> </p>
-<p>It is our hope that you'll find this new status page informative and helpful, both in times of trouble and times where everything is in working condition. <br/></p>
-</content><category term="blog"></category></entry><entry><title>Email from apache.org committer accounts bypasses moderation!</title><link href="https://infra.apache.org/blog/email_from_apache_org_committer.html" rel="alternate"></link><published>2014-06-15T02:29:06+00:00</published><updated>2014-06-15T02:29:06+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-06-15:/blog/email_from_apache_org_committer.html</id><summary type="html"><p>Good news! &nbsp; We've finally laid the necessary groundwork to extend the bypassing of committer emails sent from their apache.org addresses, from commit lists to now all Apache mailing lists. &nbsp;This feature was activated earlier today and represents a significant benefit for cross-collaboration between Apache mailing lists for committers, relieving …</p></summary><content type="html"><p>Good news! &nbsp; We've finally laid the necessary groundwork to extend the bypassing of committer emails sent from their apache.org addresses, from commit lists to now all Apache mailing lists. &nbsp;This feature was activated earlier today and represents a significant benefit for cross-collaboration between Apache mailing lists for committers, relieving moderators of needless burden.</p>
-<p>Also we'd like to remind you of the SSL-enabled SMTP submission service we offer committers listening on people.apache.org port 465. &nbsp;Gmail users in particular can enjoy a convenient way of sending email, to any recipient even outside apache.org, using their apache.org committer address. &nbsp;For more on that please see our website's <a href="http://www.apache.org/dev/user-email.html#via-smtp-based-mail-submission-service-recommended">documentation</a>.</p>
-<p>To complement these features we'd also like to remind committers of the ability to request an "owner file" be added to their email forwarder by filing an appropriate INFRA jira ticket. &nbsp;Owner files alleviate most of the problems associated with outside organizations, who may be running strict SPF policies, attempting to reach you at your apache.org address. &nbsp;Without an owner file those messages will typically bounce back to those organizations instead of successfully reaching you at your target forwarding address. &nbsp;For those familiar with SRS, this is a poor-man's version of that specification's feature set. &nbsp;Please direct your detailed questions about owner files to the infrastructure-dev@apache.org mailing list.</p>
-<p>NOTE: we've extended this bypass feature to include any committer email addresses listed in their personal LDAP record with Apache.</p>
-</content><category term="blog"></category></entry><entry><title>DMARC filtering on lists that munge messages</title><link href="https://infra.apache.org/blog/dmarc_filtering_on_lists_that.html" rel="alternate"></link><published>2014-06-03T21:57:08+00:00</published><updated>2014-06-03T21:57:08+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-06-03:/blog/dmarc_filtering_on_lists_that.html</id><summary type="html"><hr/>
-**Note**: The solution described below has been incorporated into ezmlm. However, it creates a new problem, generating double 'Reply-To:' headers in the case of lists with a `reply-to` set to something other than the list name. A complete rewrite of this function is under consideration. You can follow the discussion …</summary><content type="html"><hr/>
-**Note**: The solution described below has been incorporated into ezmlm. However, it creates a new problem, generating double 'Reply-To:' headers in the case of lists with a `reply-to` set to something other than the list name. A complete rewrite of this function is under consideration. You can follow the discussion on Jira ticket <a href="https://issues.apache.org/jira/browse/INFRA-24849" target="_blank">INFRA-24849</a>.
-<hr/>
-<p>Since Yahoo! switched their DMARC policy in mid-April, we've seen an increase in undeliverable messages sent from our mail server for Yahoo! accounts subscribed to our lists. &nbsp; Roughly half of Apache's mailing lists do some form of message munging, whether it be Subject header prefixes, appended message trailers, or removed mime components. &nbsp;Such actions are incompatible with Y!'s policy for its users, which has meant more bounces and more frustration trying to maintain inclusive discussions with Y! users.</p>
-<p>Since Y!'s actions are likely just the beginning of a trend towards strong DMARC policies aimed at eliminating forged emails, we've taken the extraordinary step of munging Y! user's From headers to append a spec-compliant .INVALID marker on their address, and dropping the DKIM-Signature: header for such messages. &nbsp;We are an ezmlm shop and maintain a heavily customized .ezmlmrc file, so carrying this action out was relatively straightforward with a 30-line perl header filter prepended to certain lines in the "editor" block of our .ezmlmrc file. &nbsp;The filter does a dynamic lookup of DMARC "p=reject" policies to inform its actions, so we are prepared for future adopters beyond the early ones like Yahoo!, AOL, Facebook, LinkedIn, and Twitter. &nbsp; Interested parties in our solution may visit <a href="http://www.sunstarsys.com/essays/mailing-lists">this page</a> for details and the Apache-licensed code.</p>
-<p>Of course this filter only applies to half our lists- the remainder that do no munging are perfectly compatible with DMARC rejection policies without modification of our list software or configuration. &nbsp;Apache projects that prefer to avoid munging may file a Jira ticket with infrastructure to ask that their lists be set to "ezmlm-make -+ -TXF" options.</p>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>Mail outage post-mortem</title><link href="https://infra.apache.org/blog/mail_outage_post_mortem.html" rel="alternate"></link><published>2014-05-28T05:16:39+00:00</published><updated>2014-05-28T05:16:39+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-05-28:/blog/mail_outage_post_mortem.html</id><summary type="html"><p><span style="color: #222222; font-family: arial; font-size: small;"><b>Overview:</b></span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">During the afternoon of May 6th we began experiencing delays in mail delivery of 1-2 hours. Initial efforts at remediation seemed to clear this up but on the morning of May 7th the problem worsened and we proactively disabled mail service to deal with the failure. This outage affected …</span></p></summary><content type="html"><p><span style="color: #222222; font-family: arial; font-size: small;"><b>Overview:</b></span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">During the afternoon of May 6th we began experiencing delays in mail delivery of 1-2 hours. Initial efforts at remediation seemed to clear this up but on the morning of May 7th the problem worsened and we proactively disabled mail service to deal with the failure. This outage affected all ASF mailing lists and mail forwarding. The service remained unavailable until May 10th, and it took almost 5 additional days to fully flush the backlog of messages. </span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">You can find a timeline here that was kept during the incident: https://blogs.apache.org/infra/entry/mail_outage</span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">This was a catastrophic failure for the Apache Software Foundation as email is core to virtually every operation and is our primary communication medium. &nbsp;</span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;"><b>What happened:</b> </span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">The mail service at the ASF is composed of three physical servers. Two of these are external facing mail exchangers that receive mail. The final server handles mailing list expansion, alias forwarding and mail delivery in general. That latter server had two volumes that experienced a disk outage each. This degraded performance substantially and led to the mail delays seen on May 6th and 7th. The service was proactively disabled on May 7th in an attempt to let the arrays rebuild without the significant disk I/O overhead caused by processing the large mail backlog. Ultimately multiple attempts to rebuild the underlying arrays failed and eventually other drives in the array where the data volume was stored failed rendering recovery a hopeless task on May 8th. We began working to restore backups from our offsite backup location to our primary US datacenter. When this began to take longer than expected, additional concurrent efforts began to restore service in one of our secondary datacenters as well as in a public cloud instance. Ultimately we ended up completing the restoration to our primary US datacenter first and were able to bring the service online. When the service resumed, we had an estimated 10 million message backlog in addition to our normal 1.7-2 million ongoing daily message flow. The amount of backlogged mail taxed the existing infrastructure and architecture of the mail service and took almost 5 days to completely clear. </span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;"></span></p>
-<p><span style="color: #222222; font-family: arial; font-size: small;"><b>What worked:</b></span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Our backups were sufficient to allow us to restore the service in good working order. </span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Early precautions taken when we discovered the problem combined with our backups resulted in no data loss from the incident. </span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Our mail exchangers continued to work during the outage and held incoming mail until the service was restored. </span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;"><b>What didn't work:</b></span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Our monitoring was not sufficient to identify the problem or alert us to the symptoms. </span><br style="color: #222222; font-family: arial; font-size: small;"/><font color="#222222" face="arial" size="2">No spare hard drives for this class of machine were on-hand in our primary datacenter.&nbsp;</font><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">The restore time from our remote backups took an excessively long time. This was partially due to the large size of the restore data, and partially due to the transport method used for the data. </span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">After the service was restored we had approximately a 10M message backlog that took days to clear.</span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">The primary administrator of the service was on vacation, and the remaining infrastructure contractors were not intimately familiar with the service.&nbsp;</span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Our documentation was insufficient to easily restore the service in a rapid manner by folks without intimate knowledge.&nbsp;</span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;"><b>Remediation plan:</b></span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Our immediate action items:</span><br style="color: #222222; font-family: arial; font-size: small;"/> </p>
-<ul>
-<li><span style="color: #222222; font-family: arial; font-size: small;">Update the documentation to be current/diagram mail flow.</span></li>
-<li><span style="font-size: small; color: #222222; font-family: arial;">Improve the monitoring of the mail service itself as well as the hardware.</span><span style="font-size: small; color: #222222; font-family: arial;"> </span></li>
-<li><span style="font-size: small; color: #222222; font-family: arial;">Insure we have adequate spares on hand for the majority of our core services.</span><span style="font-size: small; color: #222222; font-family: arial;"> </span></li>
-<li><span style="font-size: small; color: #222222; font-family: arial;">Place our mail server under configuration management to reduce our MTTR</span><span style="font-size: small; color: #222222; font-family: arial;"> </span></li>
-</ul><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Medium-to-Long term initiatives.</span><br style="color: #222222; font-family: arial; font-size: small;"/>
-<ul>
-<li><span style="color: #222222; font-family: arial; font-size: small;">Crosstraining contractors in all critical services</span></li>
-<li><span style="color: #222222; font-family: arial; font-size: small;">Work on moving to a more fault-tolerant/redundant architecture</span></li>
-<li><span style="color: #222222; font-family: arial; font-size: small;">More fully deploy our config management and automated provisioning across our infrastructure so MTTR is reduced.</span></li>
-</ul>
-<p>&nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>New monitoring system: nagios is dead long live circonus</title><link href="https://infra.apache.org/blog/new_monitoring_system_nagios_is.html" rel="alternate"></link><published>2014-05-23T22:29:12+00:00</published><updated>2014-05-23T22:29:12+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-05-23:/blog/new_monitoring_system_nagios_is.html</id><summary type="html"><p>23 may 2014 the old monitoring system "nagios" was put to sleep, and "circonus" was given production status.</p>
-<p>The new monitoring system is sponsored by circonus and most of the monitoring as well as the central database runs on <a href="www.circonus.com" target="_blank">www.circonus.com</a>. The infrastructure team have built and deployed logic …</p></summary><content type="html"><p>23 may 2014 the old monitoring system "nagios" was put to sleep, and "circonus" was given production status.</p>
-<p>The new monitoring system is sponsored by circonus and most of the monitoring as well as the central database runs on <a href="www.circonus.com" target="_blank">www.circonus.com</a>. The infrastructure team have built and deployed logic around the standard circonus system:<br/>
-- A private broker, to monitor internal services&nbsp; without exposing them on internet<br/> - A dedicated broker (inhouse development) that monitor special ASF systems (like svn compare US - EU)<br/>
-- A configuration system, that are based on svn.<br/>
-- A new status page <a href="status.apache.org" target="_blank">status.apache.org</a> <br/>
-- A new team structure (all committers with sudo karma on a vm, get an email when something happens with the vm)<br/> </p>
-<p> </p>
-<p>The new system is a lot faster and we can therefore offer projects monitoring of project URLs, of course the project also need to have a team that handles the alerts.</p>
-<p>The current version has approx. the same facilities as Nagios, but we are planning (and actively programming) a version.2 that will allow us to better predict problems before they occur.</p>
-<p>Some of the upcoming features are:<br/>
-- disk monitoring<br/>
-- vital data statistic from core system (like size of mail queues)</p>
-<p>The change of monitoring system is a vital component in our transition to automate services and thereby enable infra to more effectively secure the stability of the infrastructure as well as make early detection of potential problems.</p>
-<p>The system was presented in Apachecon denver 2014, slides can be found&nbsp; <a href="http://people.apache.org/~jani/circonus.pdf">here</a>. We hope to present the live version at apachecon budapest 2014.</p>
-<p>On behalf of the infrastructure team</p>
-<p> jan I.<br/></p>
-<p> </p>
-<p><br/></p>
-<p> </p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>Mail outage</title><link href="https://infra.apache.org/blog/mail_outage.html" rel="alternate"></link><published>2014-05-07T14:48:16+00:00</published><updated>2014-05-07T14:48:16+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-05-07:/blog/mail_outage.html</id><summary type="html"><p>During the afternoon of May 6th we began experiencing delays in mail delivery of 1-2 hours. Initial efforts at remediation seemed to clear this up but on the morning of May 7th the problem worsened and we proactively disabled mail service to deal with the failure. The underlying hardware suffered …</p></summary><content type="html"><p>During the afternoon of May 6th we began experiencing delays in mail delivery of 1-2 hours. Initial efforts at remediation seemed to clear this up but on the morning of May 7th the problem worsened and we proactively disabled mail service to deal with the failure. The underlying hardware suffered failures on multiple disks. This outage effects all ASF mailing lists and mail forwarding. </p>
-<p>&nbsp;This service is housed at <a href="http://osuosl.org">OSUOSL</a>, and we are currently waiting on smart hands to help with replacing hardware. Our expectation at this point is that we still have multiple hours worth of outage.&nbsp;</p>
-<p>&nbsp;Incoming mail is currently being received and held in queue by our mail exchangers. We also have a copy of the existing queue that hasn't been processed; so we expect no mail or data loss. &nbsp;</p>
-<p>ASF Infra's twitter bot will provide updates as we have them for the duration of the outage. Feel free to follow <a href="https://twitter.com/infrabot">@infrabot</a>&nbsp;on Twitter. There will be an update on this post as well as the situation progresses.</p>
-<p><b><u>UPDATE 7 May 19:27 UTC </u></b>- Drives have been replaced, array is attempting to rebuild. As indicated earlier on twitter, there likely remains hours of outage. &nbsp;</p>
-<p> </p>
-<p><b><u>UPDATE 7 May 20:44 UTC</u></b> - The disk array is still in the process of repairing. Several hundred mails were processed during a reboot, but more work remains before service is restored. &nbsp;Mail service has been disabled again as the array repair process is CPU-bound. The plan going forward is to allow the disk arrays to finish repairs. Once that is complete, we'll reenable the mail service and flush what is currently in the queue. Finally, once the queue is empty we'll begin receiving mail again.</p>
-<p><b><u>UPDATE 8 May 05:00 UTC</u></b> - The disk array failed to repair itself. The disks have been replaced and a new installation has been completed. Progress continues to be made towards resolution, but nothing firm enough yet for us to predict an time for restoration.</p>
-<p><u><b>UPDATE 8 May 15:45 UTC</b></u> - No material change of status has occurred. Infra worked in shifts around the clock last night and continue to do so to restore service. More updates as they become available. &nbsp;</p>
-<p><u><b>UPDATE 9 May 11:20 UTC</b></u> - We are working on temporarily restoring the most essential email aliases. In the meantime, inquiries may be made to <a href="mailto:infrastructure@apache.pw">infrastructure@apache.pw</a> or on our IRC channel, #asfinfra on Freenode. The work on restoring the service in full is still ongoing.</p>
-<p><b><u>UPDATE 9 May 17:20 UTC</u></b> - We've successfully restored a host from backups and will be starting testing soon. Based on the progress made in those tests we'll try and provide expectations around restoration of service timeline.</p>
-<p><b><u>UPDATE 10 May 15:45 UTC</u></b> - We've started pushing live mails through the system - you'll begin to see them trickle in as we gradually open the floodgates to restore service. Expect intermittent spurts for a while.&nbsp;</p>
-<p><b>UPDATE 10 May 21:55 UTC</b> - &nbsp;The floodgates have been opened. &nbsp;As we have a significant amount of backlog to catch up on, please be patient as the service does this. &nbsp;As always feel free to contact us if you have any questions. In the immediate short term (next day or so, we suggest you continue to use&nbsp;<a href="mailto:infrastructure@apache.pw">infrastructure@apache.pw</a>&nbsp;and our IRC channel, #asfinfra on Freenode. &nbsp;We would like to thank you for your patience during this extremely busy time.&nbsp;</p>
-<p><b><u>UPDATE 12 May 16:04 UTC</u></b> - Clarification - we have opened the floodgates, but have a substantial amount of backlog; and with the sudden rush of mail are being throttled by various mail services. With the addition of mail that's coming through anyway; it may take us from 2-5 days to fully flush the backlog. This time is so wide because of a wide variety of factors that are largely outside of our control, such as new mail coming in and mail services individual throttling policies. &nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>heartbleed fallout for apache</title><link href="https://infra.apache.org/blog/heartbleed_fallout_for_apache.html" rel="alternate"></link><published>2014-04-11T20:25:44+00:00</published><updated>2014-04-11T20:25:44+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-04-11:/blog/heartbleed_fallout_for_apache.html</id><summary type="html"><p>Remain calm.</p>
-<p>What we've learned about the heartbleed incident is that it is hard, in the sense of perhaps only viable to a well-funded blackhat operation, to steal a private certificate and key from a vulnerable service. &nbsp;Nevertheless, the central role Apache projects play in the modern software development world …</p></summary><content type="html"><p>Remain calm.</p>
-<p>What we've learned about the heartbleed incident is that it is hard, in the sense of perhaps only viable to a well-funded blackhat operation, to steal a private certificate and key from a vulnerable service. &nbsp;Nevertheless, the central role Apache projects play in the modern software development world require us to mitigate against that circumstance. &nbsp;Given the length of time and exposure window for this bug's existence, we have to assume that some/many Apache passwords may have been compromised, and perhaps even our private wildcard cert and key, so we've taken a few steps as of today:</p>
-<p> </p>
-<ol>
-<li>We fixed the vulnerability in our openssl installations to prevent further damage,</li>
-<li>We've acquired a new wildcard cert for apache.org that we have rolled out prior to this blog entry,</li>
-<li>We will require that all committers rotate their LDAP passwords (committers visit <a href="https://id.apache.org/reset/enter">id.apache.org</a> to reset LDAP passwords once they've been forcibly reset),</li>
-<li>We are encouraging all service administrators to all non-LDAP service like jira to rotate those passwords as well.</li>
-</ol>
-<div>
-<p>Regarding the cert change for svn users- we'd also like to suggest that you remove your existing apache.org certs from your .subversion cache to prevent potential MITM attacks using the old cert. &nbsp;Fortunately it is relatively painless to do this:</p>
-<p>&nbsp;% grep -l apache.org ~/.subversion/auth/svn.ssl.server/* | xargs rm</p>
-<p> </p>
-<p>NOTE: our openoffice wildcard cert was never vulnerable to this issue as it was served from an openssl-1.0.0 host.&nbsp;</p>
-<p> </p>
-</div>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>Scaling down the CMS to modest but intricate websites</title><link href="https://infra.apache.org/blog/scaling_down_the_cms_to.html" rel="alternate"></link><published>2014-03-25T18:23:50+00:00</published><updated>2014-03-25T18:23:50+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-03-25:/blog/scaling_down_the_cms_to.html</id><summary type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>The original focus of the CMS …</p></summary><content type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>The original focus of the CMS was to provide the tools necessary for handling <a href="http://www.apache.org/">http://www.apache.org/</a>&nbsp;and similar Anakia-based sites. &nbsp;The scope quickly changed when <a href="http://www.openoffice.org/">Apache OpenOffice</a> was accepted into the incubator... handling over 9GB of content well was quite an undertaking and will be soon discussed at Apachecon in Denver during <a href="http://apacheconnorthamerica2014.sched.org/event/041f72d553e8414e68180854cc62dc68#.UzHCItzoaRs">Dave Fisher's talk</a>. &nbsp;From there the build system was extended to allow builds using multiple technologies and programming languages.</p>
-<p>Since that time in late 2012 the CMS codebase has sat still, but recently we've upped the ante and decided to offer features aimed at parity with other site building technologies like jekyll, nanoc and middleman. &nbsp;You can see some of the new additions to the Apache CMS in action at <a href="http://thrift.apache.org/">http://thrift.apache.org/</a>. The Apache Thrift website was originally written to use nanoc before being ported to the newly improved Apache CMS. They kept the YAML headers for their markdown pages and converted from a custom preprocessing script used for inserting code snippets to using a fully-supported snippet-fetching feature in the Apache CMS.&nbsp;</p>
-<p>"The new improvements to the Apache CMS allowed us to quickly standardize the build process and guarantee repeatable results as well as integrate direct code snippets into the website from our source repository."<br/>- Jake Farrell, Apache Thrift PMC Chair</p>
-<p>Check out the Apache Thrift website&nbsp;<a href="http://svn.apache.org/repos/asf/thrift/cms-site/trunk/">cms sources</a> for sample uses of the new features found in <a href="https://svn.apache.org/repos/infra/websites/cms/build/lib/ASF/View.pm">ASF::View</a> and <a href="https://svn.apache.org/repos/infra/websites/cms/build/lib/ASF/Value/Snippet.pm">ASF::Value::Snippet</a>.</p>
-</content><category term="blog"></category></entry><entry><title>Improved integration between Apache and GitHub</title><link href="https://infra.apache.org/blog/improved_integration_between_apache_and.html" rel="alternate"></link><published>2014-02-12T01:16:30+00:00</published><updated>2014-02-12T01:16:30+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-02-12:/blog/improved_integration_between_apache_and.html</id><summary type="html"><p>After a few weeks of hard work and mind-boggling debugging, we are pleased to announce tighter and smarter integration between GitHub and the Apache Software Foundation's infrastructure.</p>
-<p>These new features mean a much higher level of replication and retention of what goes on on GitHub, which in turns both help …</p></summary><content type="html"><p>After a few weeks of hard work and mind-boggling debugging, we are pleased to announce tighter and smarter integration between GitHub and the Apache Software Foundation's infrastructure.</p>
-<p>These new features mean a much higher level of replication and retention of what goes on on GitHub, which in turns both help projects maintain control over what goes on within their project, as well as keeping a record of everything that's happening in the development of a project, whether it be on ASF hardware or off-site on GitHub. </p>
-<p>To be more precise, these new features allows for the following:</p>
-<ul>
-<li>Any Pull Request that gets opened, closed, reopened or commented on now gets recorded on the project's mailing list</li>
-<li>If a project has a JIRA instance, any PRs or comments on PRs that include a JIRA ticket ID will trigger an update on that specific ticket</li>
-<li>Replying to a GitHub comment on the dev@ mailing list will trigger a comment being placed on GitHub (yes, it works both ways!)</li>
-<li>GitHub activity can now be relayed to IRC channels on the Freenode network.<br/></li>
-</ul>
-<p>As with most of our things, this is an opt-in feature. If you are in a project that would like to take advantage of these new features, please contact infrastructure, preferably by filing a <a href="https://issues.apache.org/jira/browse/INFRA" target="_blank" title="JIRA">JIRA ticket</a> with the component set to Git, and specifying which of the new features you would like to see enabled for your project.<br/></p>
-<p>On behalf of the Infrastructure Team, I hope you will find these new features useful and be mindful in your use of them.<br/></p>
-</content><category term="blog"></category></entry><entry><title>paste.apache.org sees the light of day</title><link href="https://infra.apache.org/blog/paste_apache_org_sees_the.html" rel="alternate"></link><published>2013-03-06T18:37:42+00:00</published><updated>2013-03-06T18:37:42+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2013-03-06:/blog/paste_apache_org_sees_the.html</id><summary type="html"><p><em>Note</em>: As of May, 2024, Apache Paste is no longer available.</p>
-<hr/>
-<p>Today, the Apache Infrastructure team launched <a href="http://paste.apache.org">http://paste.apache.org</a>, a new ASF-driven site for posting snippets, scripts, logging output, configurations and much more and sharing them with the world.
-</p>
-<p><br/><b><i>&nbsp;Why yet another paste bin, you ask?</i></b></p>
-<p>Well, for …</p></summary><content type="html"><p><em>Note</em>: As of May, 2024, Apache Paste is no longer available.</p>
-<hr/>
-<p>Today, the Apache Infrastructure team launched <a href="http://paste.apache.org">http://paste.apache.org</a>, a new ASF-driven site for posting snippets, scripts, logging output, configurations and much more and sharing them with the world.
-</p>
-<p><br/><b><i>&nbsp;Why yet another paste bin, you ask?</i></b></p>
-<p>Well, for starters, this site is different in that is it run by the ASF, for the ASF, in that we fully control what happens to your data when you post it, or perhaps more important, what does NOT happen to it. The site enforces a "from committers to everyone" policy, meaning only <u>committers</u> may post new data on the site, but everyone is invited to watch the result. While this is not a blanket guarantee that the data is accurate or true, it is nonetheless a guarantee that <i><b>what you see is data posted by an Apache committer</b></i>.</p>
-<p>Secondly, committers have the option to post something as being "committers only", meaning only committers within the ASF can see the paste. This is much like the "private" pastes offered by many other sites, but with the added benefit that it prevents anyone snooping around from watching whatever you paste, unless they are actually a committer.</p>
-<p> </p>
-<p><b><i>&nbsp;Great, so how does it work?</i></b></p>
-<p> It works like most other paste sites, in that you go to <a href="http://paste.apache.org">http://paste.apache.org,</a>&nbsp; paste your data, select which type of highlighting to use, and you get an URL with your paste. For text-only clients, raw data will be displayed, while regular browsers will enjoy a full web page with the ability to download or edit a paste. Currently we have support for httpd configurations, C/C++, Java, Lua, Erlang, XML/HTML, PHP, Shell scripts, Diff/Patch, Python and Perl syntax highlighting. If you want to have any other type of highlighting added, don't hesitate to ask!<br/></p>
-<p>Since this site enforces the "from committers to everyone" policy, you are required to use your LDAP credentials when making a paste. To allow for the use of the service within console applications (shells etc) that might not (or should not) provide authentication credentials (on public machines you'd want to avoid storing your committer credentials for instance!), we have equipped the site with a token generator, that both allows you to pipe any output you may have directly to the site as well as gives you some hints on how you may achieve this.</p>
-<p>Imagine you have a directory listing that you'd only want your fellow committers to see. Publishing this, using the token system, is as easy as doing:<br/><span style="background-color: #b5ffb4;">$&gt; ls -la | privpaste&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br/>http://paste.apache.org/p/1234</span><br/></p>
-<p>And there you have it, the command returns a URL ready for sharing with your fellow committers. Had you wanted for everyone to be able to see it, you could have used the <i>pubpaste</i> alias instead (click on "generate token" on the site to get more information about tokens and the useful aliases).</p>
-<p> </p>
-<p> We hope you'll enjoy this new service, and use it wisely as well as often. Should you have any questions or suggestions, we'd be most happy to receive them through any infra channel you want to use. <br/></p>
-<p><br/></p>
-<p> <br/></p>
-</content><category term="blog"></category></entry><entry><title>New Infra Team Members</title><link href="https://infra.apache.org/blog/new_infra_team_members.html" rel="alternate"></link><published>2012-07-26T02:35:47+00:00</published><updated>2012-07-26T02:35:47+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-07-26:/blog/new_infra_team_members.html</id><summary type="html"><p>
-<p>Since out last update over a year ago, the Infra Team has expanded by another NINE (9) members!</p></p>
-<p>Congrats and our warmest thanks go to:</p>
-<p><br/>Niklas Gustavsson - (ngn)<br/>Jeremy Thomerson - (jrthomerson)<br/>Mark Struberg - (struberg)<br/>Eric Evans - (eevans)<br/>Brandon Williams - (brandonwilliams)<br/>Mohammad Nour El-Din - (mnour)<br/>David Nalley - (ke4qqq)<br/>Yang Shih-Ching - (imacat …</p></summary><content type="html"><p>
-<p>Since out last update over a year ago, the Infra Team has expanded by another NINE (9) members!</p></p>
-<p>Congrats and our warmest thanks go to:</p>
-<p><br/>Niklas Gustavsson - (ngn)<br/>Jeremy Thomerson - (jrthomerson)<br/>Mark Struberg - (struberg)<br/>Eric Evans - (eevans)<br/>Brandon Williams - (brandonwilliams)<br/>Mohammad Nour El-Din - (mnour)<br/>David Nalley - (ke4qqq)<br/>Yang Shih-Ching - (imacat)<br/>Daniel Gruno - (humbedooh)<br/></p>
-<p>The rest of the Infra team look forward to continuing to work with you all.</p>
-<p> </p>
-<p>There are now a total of 80 infrastructure members with another 36 in the infrastructure-interest group.</p>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>ASF Comments System Live!</title><link href="https://infra.apache.org/blog/asf_comments_system_live.html" rel="alternate"></link><published>2012-07-09T16:49:30+00:00</published><updated>2012-07-09T16:49:30+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-07-09:/blog/asf_comments_system_live.html</id><summary type="html"><hr/>
-**Note**: This service is no longer available from Infra.
-<hr/>
-<p>Daniel Gruno has recently developed a <a href="https://comments.apache.org/">comments system</a> for Apache projects to use.&nbsp; The purpose of the system is to enable public commentary on project webpages and is already in production use in the <a href="http://httpd.apache.org/docs/trunk/">httpd</a> and <a href="http://trafficserver.apache.org/docs/">trafficserver</a> projects.&nbsp; This new system …</p></summary><content type="html"><hr/>
-**Note**: This service is no longer available from Infra.
-<hr/>
-<p>Daniel Gruno has recently developed a <a href="https://comments.apache.org/">comments system</a> for Apache projects to use.&nbsp; The purpose of the system is to enable public commentary on project webpages and is already in production use in the <a href="http://httpd.apache.org/docs/trunk/">httpd</a> and <a href="http://trafficserver.apache.org/docs/">trafficserver</a> projects.&nbsp; This new system nicely complements the ASF CMS system and trivially integrates with it- see <a href="http://comments.apache.org/help.html">http://comments.apache.org/help.html</a> for details.</p>
-<p>The comment system is now open- enjoy!&nbsp; Please file a jira ticket with INFRA to get started today.</p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>Apache CMS: New features for anonymous users</title><link href="https://infra.apache.org/blog/apache_cms_new_features_for.html" rel="alternate"></link><published>2012-06-24T13:37:50+00:00</published><updated>2012-06-24T13:37:50+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-06-24:/blog/apache_cms_new_features_for.html</id><summary type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Two new features have recently been …</p></summary><content type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Two new features have recently been added to the CMS, courtesy of David Blevins.&nbsp; These features are geared towards streamlining the user experience for <a href="http://www.apache.org/dev/cmsref#non-committer">anonymous users</a>.&nbsp; The first feature is "Quick Mail", which is the analog of "Quick Commit" but for anonymous users who cannot otherwise commit their changes directly.&nbsp; Quick Mail, which is enabled by default, will take the immediate submission of an anonymous Edit session and post it directly to the project's dev list, saving several steps that might be hard for a new user to walk through.</p>
-<p>The second feature is a natural result of that known as anonymous clones.&nbsp; In the subsequent mailout from "Quick Mail", there will be an url for committers to use to effectively clone the working copy of the anonymous user who generated the patch.&nbsp; This makes review and subsequent commit operations much more convenient than directly applying the emailed patch to a local working copy.&nbsp; In fact it is possible for users to clone a non-anonymous user's working copy, so anyone experiencing chronic problems with their working copy on the CMS can get help from other committers by simply using the "Mail Diff" feature to contact either the dev list or another apache committer with details of their problem.</p>
-<p>We have added these features in the hopes this will considerably lower the bar for anonymous users in particular to take advantage of the CMS.&nbsp; Please let your community know about them!</p>
-<p><br/></p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>The value of taint checks in CGI scripts</title><link href="https://infra.apache.org/blog/the_value_of_taint_checks.html" rel="alternate"></link><published>2012-06-09T21:45:27+00:00</published><updated>2012-06-09T21:45:27+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-06-09:/blog/the_value_of_taint_checks.html</id><summary type="html"><p>Consider the following snippet taken from a live CGI script running on the host that serves www.apache.org:</p>
-<pre>#!/usr/bin/perl
-<p>use strict;
-use warnings;</p>
-<p>print "Content-Type: text/html\n\n";
-my $artifact = "/apache-tomee/1.0.1-SNAPSHOT/";
-$artifact = $ENV{PATH_INFO} if $ENV{PATH_INFO};</p>
-<p>$artifact = "/$artifact/";
-$artifact =~ s,/+,/,g;
-$artifact …</p></pre></summary><content type="html"><p>Consider the following snippet taken from a live CGI script running on the host that serves www.apache.org:</p>
-<pre>#!/usr/bin/perl
-<p>use strict;
-use warnings;</p>
-<p>print "Content-Type: text/html\n\n";
-my $artifact = "/apache-tomee/1.0.1-SNAPSHOT/";
-$artifact = $ENV{PATH_INFO} if $ENV{PATH_INFO};</p>
-<p>$artifact = "/$artifact/";
-$artifact =~ s,/+,/,g;
-$artifact =~ s,[^a-zA-Z.[0-9]-],,g;
-$artifact =~ s,../,,g;</p>
-<p>my $content = <code>wget -q -O - http://repository.apache.org/snapshots/org/apache/openejb$artifact</code>;
-...
-</p></pre>
-<p> </p><hr size="2" width="100%"/>
-<p> </p>
-<p>Looks pretty good right?&nbsp; Any questionable characters are removed from $artifact before exposing it to the shell via backticks... hmm, well turns out that's not so easy to determine.</p>
-<p>The first warning sign that was given to the author of this script was that he hadn't enabled taint checks- if he had this is how things probably would have looked:</p>
-<pre>#!/usr/bin/perl -T
-<p>use strict;
-use warnings;</p>
-<p>print "Content-Type: text/html\n\n";
-my $artifact = "/apache-tomee/1.0.1-SNAPSHOT/";
-$artifact = $ENV{PATH_INFO} if $ENV{PATH_INFO};</p>
-<p>$artifact = "/$artifact/";
-$artifact =~ s,/+,/,g;
-$artifact =~ m,^([a-zA-Z.[0-9]-]*)$, or die "Detainting regexp failed!";
-$artifact = $1;
-$artifact =~ s,../,,g;</p>
-<p>my $content = <code>wget -q -O - http://repository.apache.org/snapshots/org/apache/openejb$artifact</code>;
-... </p></pre><hr size="2" width="100%"/>
-<p>Which doesn't look like much of a change, but the impact on the actual logic is massive: we've gone from a substitution that strips unwanted chars to a fully-anchored pattern that matches only a string full of wanted chars only, and dies on pattern match failure.&nbsp; Sadly the developer in question did not heed this early advice.<br/></p>
-<p>As it turns out, there is a bug (well several) in the core pattern that renders the original substitution ineffective.&nbsp; However the impact on the taint-checked version causes the detainting match to fail and renders the script harmless!&nbsp; The practical difference is that instead of a script with a working remote shell exploit, we have script that serves no useful purpose.&nbsp; To the Apache sysadmins this is a superior outcome, even though to the developer the original, essentially working script is preferable- worlds are colliding here, but guess who wins?<br/></p>
-<p>At the ASF the sysadmins almost invariably refuse to run perl or ruby CGI scripts without taint-checking enabled, and will always prefer CGI scripts be written in languages that support taint checks as they tend to enforce good practice in dealing with untrusted input.&nbsp; This example, which is in fact one of the first times we've even considered allowing Apache devs to deploy non-download CGI scripts on the <a href="http://www.apache.org">www.apache.org</a>&nbsp; server, serves as a useful reminder to Apache devs as to why using languages that support taint checks is an essential component of scripting on the web.</p>
-<p><br/></p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>apache.org incident report for 05292012</title><link href="https://infra.apache.org/blog/apache_org_incident_report_for.html" rel="alternate"></link><published>2012-05-29T16:59:09+00:00</published><updated>2012-05-29T16:59:09+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-05-29:/blog/apache_org_incident_report_for.html</id><summary type="html"><p>Last week, internal audit activity discovered that the access logs of some committer-only Apache services contained passwords but had been available to every Apache committer.<br/></p>
-<h3> </h3>
-<h3>The problem</h3>
-<p>The httpd logs of several ASF services are aggregated and archived on minotaur.apache.org.&nbsp; Minotaur is also people.apache.org, the shell …</p></summary><content type="html"><p>Last week, internal audit activity discovered that the access logs of some committer-only Apache services contained passwords but had been available to every Apache committer.<br/></p>
-<h3> </h3>
-<h3>The problem</h3>
-<p>The httpd logs of several ASF services are aggregated and archived on minotaur.apache.org.&nbsp; Minotaur is also people.apache.org, the shell host for committers, and committers were encouraged to analyse the logs and <a href="http://mail-archives.apache.org/mod_mbox/subversion-dev/201205.mbox/%3CCABD8fLV30-YaFaYt21GuCJX+_xqqPCB+S+XpW_G1aydyTrgkug@mail.gmail.com%3E">produce aggregated data</a>.<br/><br/>However, for two services, the archived logs included <a href="http://httpd.apache.org/docs/current/mod/mod_log_forensic.html">forensic logs</a>, which are extra-verbose logs that include all HTTP request headers.&nbsp; (The logs are never encrypted, even if the HTTP connection was wrapped by SSL encryption.)&nbsp; Both of these services <a href="http://s.apache.org/">http://s.apache.org</a> and <a href="http://svn.apache.org/">http://svn.apache.org</a> allow anyone to use them in a read-only manner anonymously, and allow further operations (such as creating shortlinks) to LDAP-authenticated committers.&nbsp; Authentication is usually done by embedding the username and password, encoded in base64, in the "Authorization:" HTTP header, under SSL encryption.<br/><br/>Base64 is a reversible transform.&nbsp; (It is an encoding, not a cipher.)<br/><br/>Consequently, any Apache committer could learn the passwords of any other committer by reading the log files and reversing the base64 encoding.<br/></p>
-<h3>Shutting the barn door</h3>
-<p>The logs archive directory was made readable by the root user only.&nbsp; Forensic logging was disabled, and past forensic logs deleted.&nbsp; ZFS snapshots containing those logs were destroyed, too.<br/></p>
-<h3>Finding the horse<br/></h3>
-<p>We know that several committers had on one occasion or another copied the logs in order to analyse them, so we operated on the assumption that copies of the sensitive forensic logs were circulating on hardware we do not control.&nbsp; We therefore opted to have all passwords changed, or reset.<br/><br/>Several Apache committers whose passwords grant very high access were advised privately to change their passwords.&nbsp; The root@ team ensured the follow-through and, before announcing the vulnerability any further, changed the passwords of those whom had not done so themselves.&nbsp; The root@ team also changed the passwords of all non-human (role) accounts on those services.<br/><br/>The vulnerability was then announced to all Apache committers with the same instructions: 'Your passwords may be compromised; change them "now"; we will explain the problem later.'.&nbsp; This notice was authenticated via a PGP signature and via acknowledging it in a root-owned file on people.apache.org.<br/><br/>Finally, passwords that have not been changed after forensic logs had been disabled and, therefore, were presumed to be contained in compromised forensic logs were changed by the root@ team to random strings.</p>
-<h3>Implications<br/></h3>
-<p>Were some committer to have compromised another Apache account using this vulnerability prior to these steps being taken, note that root access to all apache.org hosts is only available using one-time-passwords (otp) for certain privileged sudo users.&nbsp; Such account holders have been instructed not to use the same password for otp as for LDAP, so this would not have resulted in an attacker gaining root privileges without our knowledge.&nbsp; All of our commit activity is peer-reviewed and logged to various commit lists, and no reports of unusual commit activity have been received during the time frame in which this exposure was effective.&nbsp; In fact no unusual activity has ever been reported regarding any of our LDAP-based services, so there is no reason for us to suspect malicious activity has occurred as a result of this vulnerability.<br/></p>
-<h3>Preventing recurrence</h3>
-<p>No code changes were needed to the software that s.apache.org and
-svn.apache.org run; the software was behaving correctly according to
-its configuration, but the configuration itself and the in-house
-log archiving scripts were incorrect.<br/><br/>A member of the infrastructure team will be approaching the Apache HTTPD PMC with a documentation patch for mod_log_forensic.</p>
-<h3>Epilogue</h3>
-<p>There were no malicious parties involved here (to our knowledge); we just made a configuration error.&nbsp; The nature of the error meant we had to assume all passwords were compromised, and that was costly to fix.<br/><br/>We hope our disclosure has been as open as possible and true to the ASF spirit.&nbsp; Hopefully others can learn from our mistakes.&nbsp; See our <a href="http://www.apache.org/info/20010519-hack.html">prior</a> <a href="https://blogs.apache.org/infra/entry/apache_org_downtime_report">incident</a> <a href="https://blogs.apache.org/infra/entry/apache_org_04_09_2010">reports</a> from the Apache Infrastructure Team.<br/><br/>Committers please address questions to root@apache.org only.<br/><br/>Queries from the press should be sent to press@apache.org.<br/><br/>Happy hacking!<br/><br/> </p>
-</content><category term="blog"></category></entry><entry><title>Apache CMS and external build support</title><link href="https://infra.apache.org/blog/apache_cms_and_external_build.html" rel="alternate"></link><published>2012-03-10T17:28:05+00:00</published><updated>2012-03-10T17:28:05+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-03-10:/blog/apache_cms_and_external_build.html</id><summary type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Recently we've been working with the …</p></summary><content type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Recently we've been working with the maven team to facilitate migration of <a href="http://maven.apache.org">maven.apache.org</a> to the Apache CMS, using maven as the core build system instead of the standard perl build scripts.&nbsp; A mockup has been created at <a href="http://maventest.apache.org/">maventest.apache.org</a>&nbsp; to see how this will work.&nbsp;&nbsp; Once the site is completed, there will be roughly 5GB of data to service, spanning dozens of maven components.&nbsp; Each component will be self-contained and managed externally from the CMS site using a local maven svnpubsub plugin written mainly by Benson Margulies.&nbsp; The CMS will glue all the components together into a single common site using the <a href="http://www.apache.org/dev/cmsref#generated-docs">extpaths.txt</a> file to configure the paths.</p>
-<p>The doxia subproject requires special treatment as an independent CMS subproject which is also using maven as it's core build system.&nbsp; Special logic was introduced into the CMS to properly redirect subproject links based on maven source tree layouts, and the system has worked seamlessly so far.</p>
-<p>Other recent news includes the migration of the main <a href="http://incubator.apache.org/">incubator.apache.or</a><a href="http://incubator.apache.org/">g</a> site to the CMS.&nbsp; There the CMS relies on Ant/Anakia to produce site builds instead of the standard perl build scripts, providing an easy migration path for folks accustomed to the old way of building the site.</p>
-<p>Essentially we've made good on the promise that the CMS is simply CI for websites with an easy way of editing pages within your browser.&nbsp; Support for forrest builds is planned but hasn't been fleshed out with any live examples to date.&nbsp; That would round out the major java site-building technologies currently deployed by Apache projects- volunteers welcome!<br/></p>
-</content><category term="blog"></category></entry><entry><title>Apache CMS: latest new feature is SPEED!</title><link href="https://infra.apache.org/blog/apache_cms_latest_new_feature.html" rel="alternate"></link><published>2012-02-26T02:23:56+00:00</published><updated>2012-02-26T02:23:56+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-02-26:/blog/apache_cms_latest_new_feature.html</id><summary type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Over the past few months the …</p></summary><content type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Over the past few months the&nbsp;<a href="http://www.apache.org/dev/cms">Apache CMS</a> has seen lots of new improvements, all under the general theme of making the system more performant.&nbsp; Supporting very large sites like the <a href="http://www.openoffice.org/">Apache OpenOffice User Site</a> with almost 10 GB of content has presented new challenges, met largely with the introduction of zfs clones for generating per-user server-side working copies, changing what was an O(N) rsync job to an O(1) operation.&nbsp; We've also moved the update processing out-of-band to further cut down on the time it takes for the bookmarklet to produce a page, eliminating all O(N) algorithms from the process.</p>
-<p>&nbsp;More recent work focuses on the merge-based publication process, which for large changesets took a considerable amount of time to process.&nbsp; That too has been recoded based on svnmucc and is now another O(1) operation- essentially a perfect copy of staging with a few adjustments for "external" paths.</p>
-<p>Combine that with the activity around parallelizing the build system and you have a completely different performance profile compared to the way the system worked in 2011.&nbsp; In short, if you haven't tried the CMS lately, and were a bit offput by the page rendering times or build speeds, have another look! <br/></p>
-<p> </p>
-<p>Next up: describing the work done around external build support, focusing first on maven based sites.<br/></p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>translate service now open!</title><link href="https://infra.apache.org/blog/translate_service_now_open.html" rel="alternate"></link><published>2011-12-11T20:30:33+00:00</published><updated>2011-12-11T20:30:33+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2011-12-11:/blog/translate_service_now_open.html</id><summary type="html"><p>
-<p>A few projects have requested it, now it is here! Check out <a href="https://translate.apache.org"><a href="https://translate.apache.org">https://translate.apache.org</a></a> and get your project added.</p></p>
-<p>See also <a href="https://cwiki.apache.org/confluence/display/INFRA/translate+pootle+service+auth+levels">https://cwiki.apache.org/confluence/display/INFRA/translate+pootle+service+auth+levels</a> for more information - you will see that general public non-logged in users can submit translate …</p></summary><content type="html"><p>
-<p>A few projects have requested it, now it is here! Check out <a href="https://translate.apache.org"><a href="https://translate.apache.org">https://translate.apache.org</a></a> and get your project added.</p></p>
-<p>See also <a href="https://cwiki.apache.org/confluence/display/INFRA/translate+pootle+service+auth+levels">https://cwiki.apache.org/confluence/display/INFRA/translate+pootle+service+auth+levels</a> for more information - you will see that general public non-logged in users can submit translate requests whilst any logged in user (i.e. - committers) can process those submissions.</p>
-<p>Enjoy! - Any queries to the infra team please or file a INFRA Jira ticket.</p>
-</content><category term="blog"></category></entry><entry><title>PEAR package hosting available</title><link href="https://infra.apache.org/blog/pear_package_hosting_available1.html" rel="alternate"></link><published>2011-04-15T05:32:23+00:00</published><updated>2011-04-15T05:32:23+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2011-04-15:/blog/pear_package_hosting_available1.html</id><content type="html"><hr/>
-**Note**: Hosting releases of PEAR packages is no longer available.
-<hr/>
-<p>
-<p>Any projects in the position of being able to release via PEAR packages can now do so hosted officially on ASF servers.</p></p>
-<p><a href="http://pear.apache.org">http://pear.apache.org</a> is now up and running and ready to serve!</p>
-</content><category term="blog"></category></entry><entry><title>Welcome new members of the infra team</title><link href="https://infra.apache.org/blog/welcome_new_members_of_the.html" rel="alternate"></link><published>2011-03-22T10:09:45+00:00</published><updated>2011-03-22T10:09:45+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2011-03-22:/blog/welcome_new_members_of_the.html</id><summary type="html"><p>
-Well, some are not exactly new faces, but since our last blog update of new infra members in 2009 , we have conned with promises of fame, fortune and beer the following new additions to the infra team:
-</p>
-<ul>
-<li>Chris Rhodes: (arreyder)
-</li>
-<li>Brian Fox: (brianf)
-</li>
-<li>Matt Benson: (mbenson)
-</li>
-<li>David Blevins: (dblevins)
-</li>
-<li>Rudiger …</li></ul></summary><content type="html"><p>
-Well, some are not exactly new faces, but since our last blog update of new infra members in 2009 , we have conned with promises of fame, fortune and beer the following new additions to the infra team:
-</p>
-<ul>
-<li>Chris Rhodes: (arreyder)
-</li>
-<li>Brian Fox: (brianf)
-</li>
-<li>Matt Benson: (mbenson)
-</li>
-<li>David Blevins: (dblevins)
-</li>
-<li>Rudiger Pluem: (rpluem)
-</li>
-<li>Noirin Plunkett: (noirin)
-</li>
-<li>Ulrich St&auml;rk: (uli)
-</li>
-<li>Daniel Shahaf: (danielsh)
-</li>
-<li>Paul Davis: (davisp)
-</li>
-</ul>
-<p>Infra work is not your normal volunteer work, and it is greatly appreciated when any of these folks get to help.
-</p>
-</content><category term="blog"></category></entry><entry><title>Changes to email service for all committers</title><link href="https://infra.apache.org/blog/changes_to_email_service_for.html" rel="alternate"></link><published>2011-02-24T21:13:18+00:00</published><updated>2011-02-24T21:13:18+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2011-02-24:/blog/changes_to_email_service_for.html</id><summary type="html"><p>In the near future the Infrastructure team will be implementing a change to the way we handle emails for all committers. </p>
-<p>
-Historically we have allowed users to choose how to handle their apache.org email. However we will be making the following changes:
-<ol>
-<li>Making LDAP authoritative for all mail forwarding …</li></ol></p></summary><content type="html"><p>In the near future the Infrastructure team will be implementing a change to the way we handle emails for all committers. </p>
-<p>
-Historically we have allowed users to choose how to handle their apache.org email. However we will be making the following changes:
-<ol>
-<li>Making LDAP authoritative for all mail forwarding addresses.</li>
-<li>Users will no longer be allowed to store their apache.org email locally on people.apache.org (minotaur)</li>
-<li>The Infra team will take the mail address currently held in either your .qmail or .forward file (.qmail is authoritative if they both exist) and inject this into LDAP</li>
-<li>We will no longer allow users to configure mail filtering, but you can configure your SpamAssassin threshold as per <a href="https://blogs.apache.org/infra/entry/controlling_your_spamassassin_threshold1"> our recent blog post</a>.</li>
-<li>We will make committers ~/.forward and ~/.qmail files read-only, there will still be at least one of these files, but it will be owned by the mail daemon user. </li>
-</ol>
-</p>
-<p>This means that all committers will be required to forward their apache.org email to an email address outside of the foundation. </p>
-<p>We are doing this to simplify the email infrastructure, and to help reduce the current level of complexity of maintaining people.apache.org. Also, making LDAP authoritative means we can move some of the work straight out to the MXs, and thus avoid sending it through several mail servers. In the new architecture if someone emails you directly at your apache.org mail address it will only be handled by one apache.org MX. </p>
-<p>Of course, we won't delete any email you currently have on people.apache.org. Should you want to edit your LDAP record you should use <a href="https://id.apache.org">https://id.apache.org</a> to do this.</p>
-</content><category term="blog"></category></entry><entry><title>Controlling your SpamAssassin threshold</title><link href="https://infra.apache.org/blog/controlling_your_spamassassin_threshold1.html" rel="alternate"></link><published>2011-01-27T15:37:21+00:00</published><updated>2011-01-27T15:37:21+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2011-01-27:/blog/controlling_your_spamassassin_threshold1.html</id><summary type="html"><p>Committers,</p>
-<p>
-The Infrastructure Team has just enabled a new feature to control your SpamAssassin Threshold for your apache.org account. The default score for user delivery has always remained at 10, but with this new feature you can lower that score to anything you want. Many people with older accounts …</p></summary><content type="html"><p>Committers,</p>
-<p>
-The Infrastructure Team has just enabled a new feature to control your SpamAssassin Threshold for your apache.org account. The default score for user delivery has always remained at 10, but with this new feature you can lower that score to anything you want. Many people with older accounts will probably prefer a lower score, like 5, which is the default for all apache mailing lists.</p>
-<p>To lower your score login to <a href="https://id.apache.org/">id.apache.org</a> and change your 'SpamAssassin Threshold (asf-sascore)' attribute to your desired level. Don't forget to supply the form with your LDAP password.</p>
-<p>Enjoy.</p>
-</content><category term="blog"></category></entry><entry><title>id.apache.org -- New Password Service</title><link href="https://infra.apache.org/blog/https_id_apache_org_new.html" rel="alternate"></link><published>2011-01-14T16:36:42+00:00</published><updated>2011-01-14T16:36:42+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2011-01-14:/blog/https_id_apache_org_new.html</id><summary type="html"><p>Folks, <br/> <br/></p>
-<p>The infrastructure team are pleased to announce the availability of <a href="https://id.apache.org">id.apache.org</a> the new password management tool for all ASF committers and members. This new service will allow users to:</p>
-<ol>
-<li>Reset forgotten LDAP passwords themselves, no need to contact the Infra team anymore.</li>
-<li>The ability to change their …</li></ol></summary><content type="html"><p>Folks, <br/> <br/></p>
-<p>The infrastructure team are pleased to announce the availability of <a href="https://id.apache.org">id.apache.org</a> the new password management tool for all ASF committers and members. This new service will allow users to:</p>
-<ol>
-<li>Reset forgotten LDAP passwords themselves, no need to contact the Infra team anymore.</li>
-<li>The ability to change their LDAP password.</li>
-<li> The ability to update your LDAP record, i.e. change forename, surname or mail attributes. [1].</li>
-</ol>
-<p>Users should note that this service will only allow you to manage your LDAP password, thus controlling access to those resources currently protected by LDAP authnz. <br/> <br/>
-Once logged in you will note that some fields are not editable, this is by design and are there merely to show you your LDAP entry. You are currently only allowed to edit your Surname, Given name (Forename), and Mail attributes. This list may be extended as we make more features available, and they will be announced as and when.<br/> <br/></p>
-<p>Users of this service should note that we have a few small bugs to iron out, and this will be done as soon as possible. For example if you attempt to modify your details and do no re-enter your password you will currently see a generic HTTP 500 error. </p>
-<p>Thanks must go to Ian Boston (ieb), and Daniel Shahaf (danielsh) for making this work. Ian provided the initial code (his first ever attempt at Python too). Daniel then took it and implemented several changes and generally improved the backend.</p>
-<p>[1] - It should be noted that updating your mail record in LDAP will not currently have any affect on where your apache.org email is forwarded on too. This is planned to take place later this year. </p>
-</content><category term="blog"></category></entry><entry><title>LDAP and password policy</title><link href="https://infra.apache.org/blog/ldap_and_password_policy.html" rel="alternate"></link><published>2010-12-17T06:38:50+00:00</published><updated>2010-12-17T06:38:50+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-12-17:/blog/ldap_and_password_policy.html</id><summary type="html"><p>As of approximately 03:00 (UTC) today the infrastructure team have enabled a password policy for all LDAP accounts.<br/>
-This policy has been implemented at the LDAP infrastructure level and will affect all users. It has been deployed using OpenLDAP's password policy schema, and overlay.</p>
-<p>At the time of launch …</p></summary><content type="html"><p>As of approximately 03:00 (UTC) today the infrastructure team have enabled a password policy for all LDAP accounts.<br/>
-This policy has been implemented at the LDAP infrastructure level and will affect all users. It has been deployed using OpenLDAP's password policy schema, and overlay.</p>
-<p>At the time of launch we will be enforcing the following policy. </p>
-<ul>
-<li>At the time of a given users 10th successive login failure the account will be locked.</li>
-<li>The account will then be automatically unlocked 24 hours later, or until a member of root@ unlocks it for you.</li>
-<li>If the user successfully completes a login before the tally reaches 10, the counter for failed logins is reset back to 0.</li>
-</ul>
-<p>We are enabling this to try and prevent any brute force attempt at guessing passwords. It will also highlight potential issues with accounts. </p>
-<p>As with all account related queries, you should be contacting root@ - We will be able to unlock your account for you, allowing you to gain access.</p>
-</content><category term="blog"></category></entry><entry><title>The ASF CMS</title><link href="https://infra.apache.org/blog/the_asf_cms.html" rel="alternate"></link><published>2010-12-02T04:25:43+00:00</published><updated>2010-12-02T04:25:43+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-12-02:/blog/the_asf_cms.html</id><summary type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the <a href="https://infra.apache.org/doc.html" target="_blank">general Infrastructure documentation page</a>.</p>
-<hr/>
-<p>
-Over the past 3 months, the …</p></summary><content type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the <a href="https://infra.apache.org/doc.html" target="_blank">general Infrastructure documentation page</a>.</p>
-<hr/>
-<p>
-Over the past 3 months, the Infrastructure Team has developed and deployed a custom CMS for Apache projects to use to manage their websites. There is a <a href="http://www.apache.org/dev/cms.html">document</a> available which explains the rationale, role, and future plans for the CMS. We have opened up the ACLs for the <a href="http://www.apache.org/">www.apache.org</a> site for all committers to now be able to edit content on the site using the cms (while still restricting live publication to the Apache membership and the Infrastructure Team).
-</p>
-<p>
-The basic workflow for committers is easy to describe: first install the <a href="https://cms.apache.org/#bookmark">javascript bookmarklet</a> on your browser toolbar. Next visit a webpage on the <a href="http://www.apache.org/">www.apache.org</a> website. When you've located a page you'd like
-to edit, click on the installed bookmarklet: you'll be taken to a working copy of the markdown source for the page in question. To edit the content click
-on the [Edit] link. A markdown editor will show you a preview of your changes while you work. When you have finished, submit your changes and [Commit] them.
-</p>
-<p>
-Your commit will trigger <a href="http://ci.apache.org/#buildbot">buildbot</a> to build a staging version of your changes. You can follow the build while it is ongoing, and once it has completed you can click on the [Staged] link to see the results. Members and Infrastructure Team members can continue on and publish those changes once they are satisfied with them. Other committers may need to send a note to the site-dev@ mailing list to request publication of their changes.
-</p>
-<p>
-The publication links in the CMS are essentially merge + commit operations in subversion which are tied into the live site via svnpubsub. That means
-publishing in the CMS is virtually instantaneous.
-</p>
-<p>
-The CMS is now open to all top-level and incubating projects. Interested projects should contact the infrastructure@ mailing list or simply file an <a href="https://issues.apache.org/jira/browse/INFRA">INFRA</a> ticket against the CMS component. Early adopters are encouraged to collaborate on
-the <a href="http://wiki.apache.org/general/ApacheCms2010">wiki page</a> for working out usage and adoption issues.
-</p>
-</content><category term="blog"></category></entry><entry><title>ReviewBoard instance running at the ASF</title><link href="https://infra.apache.org/blog/reviewboard_instance_running_at_the.html" rel="alternate"></link><published>2010-10-26T03:25:49+00:00</published><updated>2010-10-26T03:25:49+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-10-26:/blog/reviewboard_instance_running_at_the.html</id><summary type="html"><p>We know we have projects that use reviewboard externally to the ASF, we also have some projects using codereview.appspot.com and we also have some projects using Fisheye/Clover externally.</p>
-<p>Well, due to popular request, we now have an internal ReviewBoard running on <a href="https://reviews.apache.org">https://reviews.apache.org</a> !!</p>
-<p>So, sign …</p></summary><content type="html"><p>We know we have projects that use reviewboard externally to the ASF, we also have some projects using codereview.appspot.com and we also have some projects using Fisheye/Clover externally.</p>
-<p>Well, due to popular request, we now have an internal ReviewBoard running on <a href="https://reviews.apache.org">https://reviews.apache.org</a> !!</p>
-<p>So, sign up for an account, request that your projects repository be added (file an INFRA issue) and get collaborating!</p>
-<p>Questions or comments please raise them on the infrastructure-dev list as reviews.apache.org is in early stages it may need tweaking.</p>
-</content><category term="blog"></category></entry><entry><title>1 million commits and still going strong</title><link href="https://infra.apache.org/blog/1_million_commits_and_still.html" rel="alternate"></link><published>2010-09-23T11:55:55+00:00</published><updated>2010-09-23T11:55:55+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-09-23:/blog/1_million_commits_and_still.html</id><summary type="html"><p>Yesterday, the main ASF SVN code repository passed the 1 million commit mark. Shortly thereafter one of the ASF members enquired as to how he could best grab the SVN log entries for all of these commits. As always, there were a bunch of useful replies, but they were all …</p></summary><content type="html"><p>Yesterday, the main ASF SVN code repository passed the 1 million commit mark. Shortly thereafter one of the ASF members enquired as to how he could best grab the SVN log entries for all of these commits. As always, there were a bunch of useful replies, but they were all set to take quite some time; mainly because if anyone just simply runs</p>
-<pre>svn log http://svn.apache.org/repos/asf -r1:1000000 </pre>
-<p>It will not only take several hours, it will also cause high levels of load on one of the two geo-balanced SVN servers. Also, requesting that many log entries will likely result in your IP address being banned.</p>
-<p>So I decided to create the log set locally on one of the SVN servers. This is now available for download [<a href="http://s.apache.org/1m-svnlog">http://s.apache.org/1m-svnlog</a>] [<a href="people.apache.org/~pctony/asf-svnlog-1-1000000.tgz.md5">md5</a>] <br/>
-This is a 50Mb tar/gz file. It will uncompress to about 240Mb. The log 'only' contains the log entries from 1 -&gt; 1,000,000 - if you want the rest you can run:</p>
-<pre><code>&lt;pre&gt;svn log http://svn.apache.org/repos/asf -r1000001:HEAD&lt;/pre&gt;
-</code></pre>
-<p>This will give you all the log entries from 1M+1 to current</p>
-</content><category term="blog"></category></entry><entry><title>new hardware for apache.org</title><link href="https://infra.apache.org/blog/new_hardware_for_apache_org.html" rel="alternate"></link><published>2010-07-19T04:01:07+00:00</published><updated>2010-07-19T04:01:07+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-07-19:/blog/new_hardware_for_apache_org.html</id><summary type="html"><p>This weekend we rolled out a new server, a Dell Power Edge R410, named Eos, to host the Apache.org websites and MoinMoin wiki:</p>
-<ul>
-<li>OS: FreeBSD 8.1-RC2</li>
-<li>CPU: 2x Intel(R) Xeon(R) CPU X5550 @ 2.67GHz (2 package(s) x 4 core(s) x 2 SMT threads = 16 …</li></ul></summary><content type="html"><p>This weekend we rolled out a new server, a Dell Power Edge R410, named Eos, to host the Apache.org websites and MoinMoin wiki:</p>
-<ul>
-<li>OS: FreeBSD 8.1-RC2</li>
-<li>CPU: 2x Intel(R) Xeon(R) CPU X5550 @ 2.67GHz (2 package(s) x 4 core(s) x 2 SMT threads = 16 CPUs)</li>
-<li>RAM: 48gb DDR3</li>
-<li>Storage: 12x 15k RPM 300gb SAS, 2x 80gb SSD, configured in a ZFS raidz2 with the SSDs used for the L2ARC</li>
-</ul>
-<p>This new hardware replaces an older Sun T2000, also called eos, as the primary webserver for apache.org. We hope everyone enjoys the increased performance, especially from the Wiki!</p>
-<p>On the less visible infrastructure side, we are also upgrading Athena, one of our frontend mail servers. The new Athena is a DPE r210 with a 4 core 2.67GHz processor, replacing a Sun X2200.</p>
-</content><category term="blog"></category></entry><entry><title>s.apache.org - uri shortening service</title><link href="https://infra.apache.org/blog/s_apache_org_uri_shortening.html" rel="alternate"></link><published>2010-06-11T17:17:46+00:00</published><updated>2010-06-11T17:17:46+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-06-11:/blog/s_apache_org_uri_shortening.html</id><summary type="html"><p>
-Today we've brought <a href="http://s.apache.org/">s.apache.org</a> online. It's a url shortening service that's limited to Apache committers- the people who write all that Apache software! One of the main reasons we're providing this service is to allow committers to use shortened links whose provenance is known to be a trusted …</p></summary><content type="html"><p>
-Today we've brought <a href="http://s.apache.org/">s.apache.org</a> online. It's a url shortening service that's limited to Apache committers- the people who write all that Apache software! One of the main reasons we're providing this service is to allow committers to use shortened links whose provenance is known to be a trusted source, which is a big improvement over the generic shorteners out there in the wild. It is also meant to provide permanent links suitable for inclusion in board reports, or more generally email sent to our mailing lists - which will be archived, either publicly or privately, for as long as Apache is around.
-</p>
-<p>
-The service is easy to use, and being from Apache the <a href="http://s.apache.org?action=source">source code</a> for the service is readily available. The primary author of the code is Ulrich St&auml;rk (uli). Some of the more interesting features you can pick up from the source is the ability to "display" a link before doing a redirect by tacking on "?action=display" to any shortened url. For the truly paranoid there is the "?action=display;cookie=1" query string to force <strong>all</strong> shortened urls to display by default before redirecting. That feature may be turned off again with the "?action=display;cookie=" query string. Again, look over the source code for other interesting features you may wish to take advantage of.
-</p>
-<p>Committers: here's some javascript you might consider placing in a bookmark, courtesy of Doug Cutting. To use create a new bookmark and set the link url to</p>
-<blockquote style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><code>javascript:void(location.href='https://s.apache.org/?action=create&amp;search=ON&amp;uri='+escape(location.href)) </code></blockquote>
-</content><category term="blog"></category></entry><entry><title>apache.org incident report for 04092010</title><link href="https://infra.apache.org/blog/apache_org_04_09_2010.html" rel="alternate"></link><published>2010-04-13T05:04:50+00:00</published><updated>2010-04-13T05:04:50+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-04-13:/blog/apache_org_04_09_2010.html</id><summary type="html"><p>Apache.org services recently suffered a direct, targeted attack against our infrastructure, specifically the server hosting our issue-tracking software.</p>
-<p>The Apache Software Foundation uses a donated instance of <a href="http://www.atlassian.com/software/jira/">Atlassian JIRA</a> as an issue tracker for our projects. Among other projects, the ASF Infrastructure Team uses it to track issues and …</p></summary><content type="html"><p>Apache.org services recently suffered a direct, targeted attack against our infrastructure, specifically the server hosting our issue-tracking software.</p>
-<p>The Apache Software Foundation uses a donated instance of <a href="http://www.atlassian.com/software/jira/">Atlassian JIRA</a> as an issue tracker for our projects. Among other projects, the ASF Infrastructure Team uses it to track issues and requests. Our JIRA instance was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS.</p>
-<h2>Password Security</h2>
-<p><strong><font color="red">If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, a hashed copy of your password has been compromised.</font></strong></p>
-<p>JIRA and Confluence both use a SHA-512 hash, but without a random salt. We believe the risk to simple passwords based on dictionary words is quite high, and most users should rotate their passwords.</p>
-<p>Bugzilla uses a SHA-256, including a random salt. The risk for most users is low to moderate, since pre-built password dictionaries are not effective, but we recommend users should still remove these passwords from use. </p>
-<p>In addition, if you logged into the Apache JIRA instance between April 6th and April 9th, you should consider the password as compromised, because the attackers changed the login form to log them.</p>
-<h2>What Happened?</h2>
-<p>On April 5th, the attackers via a compromised <a href="http://www.slicehost.com">Slicehost</a> server opened a new issue, INFRA-2591. This issue contained the following text:</p>
-<blockquote>
-ive got this error while browsing some projects in jira
-http://tinyurl.com/XXXXXXXXX [obscured]
-</blockquote>
-<p>Tinyurl is a URL redirection and shortening tool. This specific URL redirected back to the Apache instance of JIRA, at a special URL containing a <a href="http://en.wikipedia.org/wiki/Cross-site_scripting">cross site scripting (XSS) attack</a>. The attack was crafted to steal the session cookie from the user logged-in to JIRA. When this issue was opened against the Infrastructure team, several of our administrators clicked on the link. This compromised their sessions, including their JIRA administrator rights.</p>
-<p>At the same time as the XSS attack, the attackers started a brute force attack against the JIRA login.jsp, attempting hundreds of thousands of password combinations.</p>
-<p>On April 6th, one of these methods was successful. Having gained administrator privileges on a JIRA account, the attackers used this account to disable notifications for a project, and to change the path used to upload attachments. The path they chose was configured to run JSP files, and was writable by the JIRA user. They then created several new issues and uploaded attachments to them. One of these attachments was a JSP file that was used to browse and copy the filesystem. The attackers used this access to create copies of many users' home directories and various files. They also uploaded other JSP files that gave them backdoor access to the system using the account that JIRA runs under.</p>
-<p>By the morning of April 9th, the attackers had installed a JAR file that would collect all passwords on login and save them. They then sent password reset mails from JIRA to members of the Apache Infrastructure team. These team members, thinking that JIRA had encountered an innocent bug, logged in using the temporary password sent in the mail, then changed the passwords on their accounts back to their usual passwords.</p>
-<p>One of these passwords happened to be the same as the password to a local user account on brutus.apache.org, and this local user account had full sudo access. The attackers were thereby able to login to brutus.apache.org, and gain full root access to the machine. This machine hosted the Apache installs of JIRA, Confluence, and Bugzilla.</p>
-<p>Once they had root on brutus.apache.org, the attackers found that several users had cached Subversion authentication credentials, and used these passwords to log in to minotaur.apache.org (aka people.apache.org), our main shell server. On minotaur, they were unable to escalate privileges with the compromised accounts.</p>
-<p>About 6 hours after they started resetting passwords, we noticed the attackers and began shutting down services. We notified Atlassian of the previously unreported XSS attack in JIRA and contacted SliceHost. Atlassian was responsive. Unfortunately, SliceHost did nothing and 2 days later, the <strong>very</strong> same virtual host (slice) <a href="http://blogs.atlassian.com/news/2010/04/oh_man_what_a_day_an_update_on_our_security_breach.html">attacked Atlassian directly</a>.</p>
-<p>We started moving services to a different machine, thor.apache.org. The attackers had root access on brutus.apache.org for several hours, and we could no longer trust the operating system on the original machine.</p>
-<p>By April 10th, JIRA and Bugzilla were back online.</p>
-<p>On April 13th, Atlassian provided a patch for JIRA to prevent the XSS attack. See
-<a href="http://jira.atlassian.com/browse/JRA-20994">JRA-20994</a> and <a href="http://jira.atlassian.com/browse/JRA-20995">JRA-20995</a> for details.
-</p>
-<p>Our Confluence wiki remains offline at this time. We are working to restore it.</p>
-<h2>What worked?</h2>
-<ul>
-<li>Limited use passwords, especially <a href="http://en.wikipedia.org/wiki/One-time_password">one-time passwords</a>, were a real lifesaver. If JIRA passwords had been shared with other services/hosts, the attackers could have caused widespread damage to the ASF's infrastructure. Fortunately, in this case, the damage was limited to rooting a single host.</li>
-<li>Service isolation worked with mixed results. The attackers must be presumed to have copies of our Confluence and Bugzilla databases, as well as our JIRA database, at this point. These databases include hashes of all passwords used on those systems. However, other services and hosts, including LDAP, were largely unaffected.</li>
-</ul>
-<h2>What didn't work?</h2>
-<ul>
-<li>The primary problem with our JIRA install is that the JIRA daemon runs as the user who installed JIRA. In this case, it runs as a jira role-account. There are historical reasons for this decision, but with 20/20 hindsight, and in light of the security issues at stake, we expect to revisit the decision!</li>
-<li>The same password should not have been used for a JIRA account as was used for sudo access on the host machine.</li>
-<li>Inconsistent application of one time passwords; We required them on other machines, but not on brutus. PAM was configured to allow optional use of OPIE, but not all of our sudoers had switched to it.</li>
-<li>SSH passwords should not have been enabled for login over the Internet. Although the Infrastructure Team had attempted to configure the sshd daemon to disable password-based logins, having <code>UsePAM yes</code> set meant that password-based logins were still possible.</li>
-<li>We use <a href="http://www.fail2ban.org">Fail2Ban</a> for many services, but we did not have it configured to track JIRA login failures.</li>
-</ul>
-<h2>What are we changing?</h2>
-<ul>
-<li>We have remedied the JIRA installation issues with our reinstall. JIRA is now installed by root and runs as a separate daemon with limited privileges.</li>
-<li>For the time being we are running JIRA in a httpd-tomcat proxy config with the following rules:
-<pre><code> &lt;pre&gt;
-</code></pre>
-<code>
- ProxyPass /jira/secure/popups/colorpicker.jsp !
- ProxyPass /jira/secure/popups/grouppicker.jsp !
- ProxyPass /jira/secure/popups/userpicker.jsp !
- ProxyPass /jira http://127.0.0.1:18080/jira
-</code>
-
-Sysadmins may find this useful to secure their JIRA installation until an upgrade is feasible.
-<pre><code>&lt;/li&gt;
-&lt;li&gt;We will be making one-time-passwords mandatory for all super-users, on all of our Linux and FreeBSD hosts.&lt;/li&gt;
-&lt;li&gt;We have disabled caching of svn passwords, and removed all currently cached svn passwords across all hosts ast the ASF via the global config &lt;code&gt;/etc/subversion/config&lt;/code&gt; file:
-
-
- &lt;pre&gt;
-</code></pre>
-<code>
-[auth]
-store-passwords = no
-</code>
-
-</li>
-<li>Use Fail2Ban to protect web application login failures from brute force attacks</li>
-</ul>
-<p>We hope our disclosure has been as open as possible and true to the ASF spirit. Hopefully others can learn from our mistakes.</p>
-</content><category term="blog"></category></entry><entry><title>ASF Buildbot svn setup</title><link href="https://infra.apache.org/blog/asf_buildbot_svn_setup.html" rel="alternate"></link><published>2010-03-29T10:25:59+00:00</published><updated>2010-03-29T10:25:59+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-03-29:/blog/asf_buildbot_svn_setup.html</id><summary type="html"><p>Here at the ASF we have a subversion setup with all our projects code in one repository, with each of those projects having their own style of trunk/branches/tags/site etc.. This works well for us, but did present us with some initial problems when setting up our Buildbot …</p></summary><content type="html"><p>Here at the ASF we have a subversion setup with all our projects code in one repository, with each of those projects having their own style of trunk/branches/tags/site etc.. This works well for us, but did present us with some initial problems when setting up our Buildbot instance to work with it.</p>
-<p>Knowing that others have the same or similar arrangement with their svn instance, we thought we would share how we got Buildbot working well for us. Note that this is not a tutorial on Buildbot, more of a quick mini guide with more code than explanation, hoping you'll work out the rest for your needs.We will be working with four files:- svn_buildbot.py, post-commit, buildbot_project_paths and master.cfg.</p>
-<p>First off, we needed to alter a section of the svn_buildbot.py file that comes in the buildbot/contrib directory. We copied this file to our svn host machine and edited this section:</p>
-<pre>def split_file_branches(changed_file, project_paths):
-<pre><code>pieces = changed_file.split(os.sep)
-#Assume the layout is something like :
-# trunk =&amp;gt; foo/bar/baz/trunk/file
-# branches/test =&amp;gt; foo/bar/baz/branches/test/file
-# Slurp everything up to one of these 2 'markers' and call that the branch
-found = False
-
-f = open(project_paths, 'r')
-for line in f.readlines():
- line = line.strip()
- regexp = re.compile(line)
- m = regexp.match(changed_file)
- if m:
- branch = m.group(1)
- path = m.group(2)
- print &amp;gt;&amp;gt; sys.stderr, &amp;quot;branch=%s, path=%s&amp;quot; % (branch, path)
- return (branch, path)
-
-
-i = 0
-for piece in pieces:
- i = i + 1
- # Find trunk, we are done
- if piece == 'trunk':
- found = True
- break
- elif piece == 'branches':
- i = i + 1
- found = True
- break
-
-# We found a layout we know, so send it to buildbot
-if found:
- branch = os.path.join(*pieces[0:i])
- path = os.path.join(*pieces[i:])
-else:
- branch = pieces[0]
- path = os.path.join(*pieces[1:])
-
-print &amp;gt;&amp;gt; sys.stderr, &amp;quot;branch=%s, path=%s&amp;quot; % (branch, path)
-return (branch, path)
-
-#return (pieces[0], os.path.join(*pieces[1:]))
-
-raise RuntimeError(&amp;quot;cannot determine branch for '%s'&amp;quot; % changed_file)
-</code></pre>
-<p>split_file = split_file_branches
-</p></pre>
-<p>Next up , the relevant entry in our subversion/hooks/post-commit file looks like this (with&nbsp;constants defined earlier in the file): </p>
-<pre> $SVNLOOK dirs-changed -r "$REV" "$REPOS" | egrep -qf "$BUILDBOT_PROJECT_PATHS" &amp;&amp;
-( $BUILDBOT --repository "$REPOS" --revision "$REV" --bbserver "$BBSERVER" --bbport "$BBPORT"
---project-paths "$BUILDBOT_PROJECT_PATHS" &gt;&gt;/var/log/svn_buildbot.log 2&gt;&amp;1 &amp; )
-</pre>
-<p>And, last but not least for the svn host side of things, our buildbot_project_paths file which contains entries such as :</p>
-<pre>^(<strong>incubator/wookie/trunk</strong>)/(.*)
-^(stdcxx/trunk)/(.*)
-^(incubator/trafficserver/traffic/trunk)/(.*)
-^(incubator/trafficserver/traffic/branches/2.0.x)/(.*)
-^(subversion/trunk)/(.*)
-</pre>
-<p>So you create an entry from the svn base directory for each projects trunk or branch that you want Buildbot to take notice of, the rest being ignored.</p>
-<p>Now, we match those buildbot_project_paths entries in our master.cfg file with an AnyBranchScheduler like this:</p>
-<pre># schedulers
-from buildbot.scheduler import AnyBranchScheduler
-<p>c['schedulers'].append(AnyBranchScheduler(name="on-wookie-commit",
-branches=["<strong>incubator/wookie/trunk</strong>"],
-treeStableTimer=2,
-builderNames=["wookie-trunk"]))</p>
-<p>#builders</p>
-<p>f28 = factory.BuildFactory()
-f28.addStep(SVN(
-mode="clobber",
-baseURL="<a href="http://svn.apache.org/repos/asf/">http://svn.apache.org/repos/asf/</a>",
-defaultBranch="<strong>incubator/wookie/trunk</strong>",
-haltOnFailure=True,
-))</p>
-<p>etc...
-</p></pre>
-<h4>Summary</h4>
-<p>So, to tie it all together, what we have done is created a workflow like this:-</p>
-<ol>
-<li>A commit happens, the post-commit file checks the buildbot_project_paths file to see if it is relevant to any of our projects. If not, nothing else happens. </li>
-<li>If we have a match then svn_buildbot.py is called, and uses the entry in buildbot_project_paths as the branch with the root dir of svn as the base, then sends these two pieces of information over to the Buildbot master. </li>
-<li>The Buildbot master checks its config, finds a match in the 'branches' entry for our AnyBranchScheduler and triggers the appropriate build. </li>
-</ol>
-<p>I hope that helps someone out there , at least, until Buildbot project changes again, it is a fast moving project currently! - 0.80 for instance has introduced the 'project' property and the 'repository' property for schedulers which may negate the need for some of this, but I haven't investigated to date. (See&nbsp;<a href="http://github.com/djmitche/buildbot/blob/buildbot-0.8.0/NEWS">http://github.com/djmitche/buildbot/blob/buildbot-0.8.0/NEWS</a>&nbsp;for more info on that.)</p>
-</content><category term="blog"></category></entry><entry><title>New secondary servers for ASF Buildbot</title><link href="https://infra.apache.org/blog/new_servers_for_asf_builbot.html" rel="alternate"></link><published>2010-03-04T22:03:23+00:00</published><updated>2010-03-04T22:03:23+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-03-04:/blog/new_servers_for_asf_builbot.html</id><summary type="html"><p>The ASF Buildbot CI instance has just launched two more secondary servers, expanding the range of platforms it can build and test on.</p>
-<p>Added are servers on the FreeBSD 8 platform (a VM on the Nyx VMware host)&nbsp;and a Solaris Zone.</p>
-<p>Projects are welcome to create an Infra issue …</p></summary><content type="html"><p>The ASF Buildbot CI instance has just launched two more secondary servers, expanding the range of platforms it can build and test on.</p>
-<p>Added are servers on the FreeBSD 8 platform (a VM on the Nyx VMware host)&nbsp;and a Solaris Zone.</p>
-<p>Projects are welcome to create an Infra issue or email the <a href="mailto:builds@apache.org">builds@apache.org</a> list asking for your project to begin CI testing on those and/or the existing Ubuntu and Windows secondary servers.</p>
-<p>&nbsp;</p>
-<p>For more information see <a href="http://ci.apache.org/buildbot.html">http://ci.apache.org/buildbot.html</a></p>
-<p>Enjoy!</p>
-</content><category term="blog"></category></entry><entry><title>The ASF LDAP system</title><link href="https://infra.apache.org/blog/the_asf_ldap_system.html" rel="alternate"></link><published>2010-02-22T22:17:39+00:00</published><updated>2010-02-22T22:17:39+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-02-22:/blog/the_asf_ldap_system.html</id><summary type="html"><p>When we decided some time ago to start using LDAP for auth{n,z} we had to come up with a sane structure. This is what we have thus far:&nbsp;</p><p>&nbsp;dc=apache,dc=org<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=people,dc=apache,dc=org <br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=groups,dc=apache,dc=org<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=people,ou=groups …</p></summary><content type="html"><p>When we decided some time ago to start using LDAP for auth{n,z} we had to come up with a sane structure. This is what we have thus far:&nbsp;</p><p>&nbsp;dc=apache,dc=org<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=people,dc=apache,dc=org <br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=groups,dc=apache,dc=org<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=people,ou=groups,dc=apache,dc=org<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=committees,ou=groups,dc=apache,dc=org</p><p>&nbsp;As well as other OUs that contain infrastructure related objects.<br/><br/>So with "dc=apache,dc=org" being our basedn, we decided we needed to keep the structure as simple as possible and placed the following objects in the respective OUs:</p><ul><li>User accounts -&nbsp; "ou=groups,dc=apache,dc=org"</li><li>POSIX groups - "ou=groups,dc=apache,dc=org"</li><li>User Groups&nbsp; - "ou=people,ou=groups,dc=apache,dc=org"</li><li>PMC/Committee groups - "ou=committees,ou=groups,dc=apache,dc=org"</li></ul>Access to the LDAP infrastructure is connection limited to hosts within our co-location sites.&nbsp; This is essentially to help prevent unauthorised data leaving our network.&nbsp; <br/><br/>
-</content><category term="blog"></category></entry><entry><title>LDAP, groups and SVN - Coupled together</title><link href="https://infra.apache.org/blog/ldap_svn_coupled_together.html" rel="alternate"></link><published>2010-02-22T22:03:20+00:00</published><updated>2010-02-22T22:03:20+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-02-22:/blog/ldap_svn_coupled_together.html</id><summary type="html"><p>The infrastructure team have now completed the next stage of the planned LDAP migration.<br/>We have migrated our old SVN authorisation file, and POSIX groups into LDAP data.&nbsp; SVN access control is now managed using these groups.</p><p>This means to change access the Subversion repositories is now as simple as …</p></summary><content type="html"><p>The infrastructure team have now completed the next stage of the planned LDAP migration.<br/>We have migrated our old SVN authorisation file, and POSIX groups into LDAP data.&nbsp; SVN access control is now managed using these groups.</p><p>This means to change access the Subversion repositories is now as simple as changing group membership. We use some custom perl scripts that build the equivalent authorisation file meaning that we dont need to use the &lt;location&gt; blocks nasty hack to do this.&nbsp; It also means that all changes, including adding new groups and extending access control is made simple. <br/><br/>ASF PMC chairs, are now able to make changes to their POSIX, and SVN groups whilst logged into people.apache.org - using a selection of scripts:</p><ul><li>/usr/local/bin/list_unix_groups.pl</li><li>/usr/local/bin/list_committees.pl</li><li>/usr/local/bin/modify_unix_groups.pl</li><li>/usr/local/bin/modify_committees.pl</li></ul><p>All of these scripts have a '--help' option to show you how to use them. <br/><br/>What's next?&nbsp; We are now working on adding a custom ASF LDAP schema, that will allow us to record ASF specific data such as ICLA files and date of membership etc.<br/>We will also be looking at adding support for 3rd party applications such as Hudson, and building an identity management portal where people can manage their own account.<br/></p>
-</content><category term="blog"></category></entry><entry><title>SVN performance enhancements</title><link href="https://infra.apache.org/blog/svn_performance_enhancements.html" rel="alternate"></link><published>2010-02-17T00:41:04+00:00</published><updated>2010-02-17T00:41:04+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-02-17:/blog/svn_performance_enhancements.html</id><summary type="html"><p>Tonight we enabled a pair of Intel X25-M's to serve as <a href="http://blogs.sun.com/brendan/entry/test">l2arc cache</a> for the zfs array which contains all of our svn repositories.&nbsp; Over the next few hours as these SSD's start serving files from cache, the responsiveness and overall performance of svn on eris (our master US-based server …</p></summary><content type="html"><p>Tonight we enabled a pair of Intel X25-M's to serve as <a href="http://blogs.sun.com/brendan/entry/test">l2arc cache</a> for the zfs array which contains all of our svn repositories.&nbsp; Over the next few hours as these SSD's start serving files from cache, the responsiveness and overall performance of svn on eris (our master US-based server) should be noticeably better than it has been lately.</p><p>In addition we are planning to install 16GB of extra RAM into eris to improve zfs performance even further, but for now we are hopeful that committers will appreciate the performance we've added tonight.</p><p><br/>&nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>What can the ASF Buildbot do for your project?</title><link href="https://infra.apache.org/blog/what_can_the_asf_buildbot.html" rel="alternate"></link><published>2009-11-09T13:01:12+00:00</published><updated>2009-11-09T13:01:12+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-11-09:/blog/what_can_the_asf_buildbot.html</id><summary type="html"><p>The below information has just been published to the main&nbsp; ASF Buildbot URI <a href="http://ci.apache.org/buildbot.html" title="ASF Buildbot">ci.apache.org/buildbot.html</a>.</p><p>A summary of just some of the things the ASF Buildbot can do for your project:
- </p><ul><li>Perform per commit build &amp; test runs for your project</li><li>Not just svn! - Buildbot can pull in …</li></ul></summary><content type="html"><p>The below information has just been published to the main&nbsp; ASF Buildbot URI <a href="http://ci.apache.org/buildbot.html" title="ASF Buildbot">ci.apache.org/buildbot.html</a>.</p><p>A summary of just some of the things the ASF Buildbot can do for your project:
- </p><ul><li>Perform per commit build &amp; test runs for your project</li><li>Not just svn! - Buildbot can pull in from your Git/Mercurial branches too!</li><li>Build and Deploy your website to a staging area for review</li><li>Build and Deploy your website to mino (people) for syncing live</li><li>Automatically Build and Deploy Snapshots to Nexus staging area.</li><li>Create Nightly and historical zipped/tarred snapshot builds for download</li><li>Builds can be triggered manually from within your own freenode #IRC Channel</li><li>An IRCBot can report on success/failures of a build instantly</li><li>Build Success/Failures can go to your dev/notification mailing list</li><li>Perform multiple builds of an svn/git commit on multiple platforms asynchronously</li><li>ASF Buildbot uses the latest <a href="http://incubator.apache.org/rat" title="Incubating RAT project">RAT</a> build to check
- for license header issues for all your files.
- </li><li>RAT Reports are published live instantly to ci.apache.org/$project/rat-report.[txt|html]</li><li>As indicated above, plain text or html versions of RAT reports are published.</li><li>[Coming Soon] - RAT Reports sent to your dev list, only new failures will be listed.</li><li>[Coming Soon] - Email a patch with inserted ASL 2.0 Headers into your failed files!!</li><li>Currently Buildbot has Ubuntu 8.04, 9.04 and Windows Server 2008 Slaves</li><li>[Coming Soon] - ASF Buildbot will soon have Solaris, FreeBSD 8 and Windows 7 Slaves</li></ul>
-<pre><code>&lt;p&gt;Dont see a feature that you need? Join the &lt;a href="mailto:builds-subscribe@apache.org" title="Email Link to the builds subscribe list"&gt;builds.at.apache.org&lt;/a&gt;
-mailing list and request it now, or file a &lt;a href="http://issues.apache.org/jira/browse/INFRA/component/12312782"&gt;Jira Ticket.&lt;/a&gt;&lt;/p&gt;
-&lt;p&gt;Help is always on hand on the &lt;a href="mailto:builds@apache.org"&gt;builds.at.apache.org&lt;/a&gt; mailing list for any problems or
-build configuration issues/requests. Or try the #asftest channel on irc.freenode.net for live support.&lt;/p&gt;
-
-&lt;p&gt;So now you want your project to use Buildbot? No problem, best way is to file a &lt;a href="http://issues.apache.org/jira/browse/INFRA/component/12312782"&gt;Jira Ticket.&lt;/a&gt;
- and count to 10 (well maybe a bit longer but it won't be long before you are up and running).&lt;/p&gt;
-</code></pre>
-</content><category term="blog"></category></entry><entry><title>DDOS mystery involving Linux and mod_ssl</title><link href="https://infra.apache.org/blog/ddos_mystery_involving_linux_and.html" rel="alternate"></link><published>2009-10-12T01:53:03+00:00</published><updated>2009-10-12T01:53:03+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-10-12:/blog/ddos_mystery_involving_linux_and.html</id><summary type="html"><p>In the first week of October we started getting reports of performance issues, mainly connection timeouts, on all of our services hosted at <a href="https://issues.apache.org" title="https://issues.apache.org/">https://issues.apache.org/</a>.&nbsp; On further inspection we noticed a huge amount of "Browser disconnect" errors in the error log right at the beginning of the ssl …</p></summary><content type="html"><p>In the first week of October we started getting reports of performance issues, mainly connection timeouts, on all of our services hosted at <a href="https://issues.apache.org" title="https://issues.apache.org/">https://issues.apache.org/</a>.&nbsp; On further inspection we noticed a huge amount of "Browser disconnect" errors in the error log right at the beginning of the ssl transaction, on the order of 50 connections / second.&nbsp; This was grinding the machine to a standstill, so we wrote a quick and dirty <a href="http://people.apache.org/~joes/ddos_accept.pl">perl script</a> to investigate the matter.&nbsp; Initial reports indicated a ddos attack from nearly 100K machines targeting Apache + mod_ssl's accept loop, and the script was tweaked to filter out that traffic before proxying the connections to httpd.</p><p>As we started getting a picture of the IP space conducting the attack, the prognosis looked rather bleak: more and more IP's were getting involved and the ddos traffic continued to increase, getting to the point where Linux was shutting down the ethernet interface.&nbsp; So we then rerouted the traffic to an available FreeBSD machine, which did a stellar job of filtering out the traffic at the kernel level.&nbsp; We unfortunately didn't quite realize how good a job FreeBSD was doing, and for a time we were operating under the impression that the ddos was ending.&nbsp; So we eventually moved the traffic back to brutus, the original Linux host, and <a href="http://people.apache.org/~joes/avoid_dos_2.2.x-try2.diff">patched httpd</a> using code developed by Ruediger Pluem.<br/></p><p>And back came the ddos traffic.&nbsp; In a few days the rate of closed connections had nearly doubled, so we had little choice but to start dumping the most frequent IP addresses into iptables DROP rules.&nbsp; 5000 rules cut the traffic by 2/3 in an instant.&nbsp; But the problem was growing- our logs indicated there were now over 300K addresses participating in the attack.</p><p>We started looking closer at the IP's in an attempt to correlate them with regular http requests.&nbsp;&nbsp; The only pattern that seemed to emerge was that many of the IP's in question we're also generating spartan&nbsp; "GET / HTTP/1.1" requests with a single Host: <a href="http://140.211.11.140">140.211.11.140</a> header to port 443.&nbsp;&nbsp; Backtracking through a year of logs revealed that these spartan requests had been going on since August 6, 2008.&nbsp; The IP's originating these requests were as varied as, and more often that not matched up with, the rapid closed connection traffic we started seeing in October.<br/></p><p>So what exactly is going on here?&nbsp; The closed connection traffic continues to rise, and the origin of the associated spartan requests is currently unknown.</p>
-</content><category term="blog"></category></entry><entry><title>apache.org incident report for 8282009</title><link href="https://infra.apache.org/blog/apache_org_downtime_report.html" rel="alternate"></link><published>2009-09-02T08:56:09+00:00</published><updated>2009-09-02T08:56:09+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-09-02:/blog/apache_org_downtime_report.html</id><summary type="html"><p>Last week we <a href="https://blogs.apache.org/infra/entry/apache_org_downtime_initial_report">posted about the security breach</a> that caused us to temporarily suspend some services.&nbsp; All services
-have now been restored. We have analyzed the events that led to the breach, and continued to work on improving the security of our systems.<br/></p>
-<p><strong>NOTE</strong>: At
-no time were any Apache …</p></summary><content type="html"><p>Last week we <a href="https://blogs.apache.org/infra/entry/apache_org_downtime_initial_report">posted about the security breach</a> that caused us to temporarily suspend some services.&nbsp; All services
-have now been restored. We have analyzed the events that led to the breach, and continued to work on improving the security of our systems.<br/></p>
-<p><strong>NOTE</strong>: At
-no time were any Apache Software Foundation code repositories, downloads, or users put at risk by this intrusion. However, we believe that providing a detailed account
-of what happened will make the internet a better place, by allowing others to learn from our mistakes.</p>
-<h2>What Happened?</h2>
-<p>Our initial running theory was correct--the server that hosted
-the apachecon.com (dv35.apachecon.com) website had been compromised. The machine was running CentOS, and we
-suspect they may have used the recent local root exploits <a href="https://rhn.redhat.com/errata/RHSA-2009-1222.html">patched in RHSA-2009-1222</a> to escalate their privileges on this machine. The attackers fully compromised
-this machine, including gaining root privileges, and destroyed most of
-the logs, making it difficult for us to confirm the details of
-everything that happened on the machine.&nbsp;</p><p>This machine is owned by the ApacheCon conference production company,
-not by
-the Apache Software Foundation. However, members of the ASF
-infrastructure team had accounts on this machine, including one used to
-create backups.</p><p>The
-attackers attempted unsuccessfully to use passwords from the compromised ApacheCon
-host to log on to our production webservers.&nbsp; Later, using the SSH Key of the backup account, they were able to access
-people.apache.org (minotaur.apache.org). This account was an unprivileged user, used
-to create backups from the ApacheCon host.<br/></p><p>minotaur.apache.org runs FreeBSD 7-STABLE, and acts as the staging machine for our mirror
-network. It is
-our primary shell account server, and provides many other services for Apache developers. None of our Subversion (version control) data is kept on this machine, and there was never any risk to any Apache source code.<br/></p><p>Once
-the attackers had gained shell access, they added CGI scripts to the document root folders of
-several of our websites. A regular, scheduled rsync process copied these scripts to our
-production web server, eos.apache.org, where they became externally
-visible. The CGI scripts were used to obtain remote shells, with information sent using HTTP POST commands. </p><p>Our download pages are
-dynamically generated, to enable us to present users with a local mirror of our software. This means that all of our domains have <a href="http://httpd.apache.org/docs/2.2/mod/core.html#options">ExecCGI enabled</a>, making it harder for us to protect against an attack of this nature.<br/></p><p>After
-discovering the CGI scripts, the infrastructure team decided to shutdown
-any servers that could potentially have been affected. This included people.apache.org, and both the EU
-and US website servers. All website traffic was redirected to a known-good
-server, and a temporary security message was put in place to let people
-know we were aware of an issue.</p><p>One by one, we brought the potentially-affected servers up, in single user mode, using our out of band access. It quickly became clear that aurora.apache.org, the EU website server, had not been affected. Although the CGI scripts had been rsync'd to that machine, they had never been run. This machine was not included in the DNS rotation at the time of the attack.</p><p>aurora.apache.org runs Solaris 10, and we were
-able to restore the box to a known-good configuration by cloning
-and promoting a ZFS snapshot from a day before the CGI scripts were synced
-over. Doing so enabled us to bring the EU server back online, and to rapidly restore our main websites. Thereafter, we continued to analyze the cause of the breach, the method of access, and which, if any, other machines had been compromised.<br/></p><p>Shortly after bringing up
-aurora.apache.org we determined that the most likely route of the breach was
-the backup routine from dv35.apachecon.com. We grabbed all the
-available logs from dv35.apachecon.com, and promptly shut it down.<br/></p><p>Analysis continued on minotaur.apache.org and eos.apache.org (our US
-server), until we were confident that all remnants of the attackers had been removed. As each server was declared clean, it was brought back online.<br/></p><h2>What worked?</h2><ul><li>The use of ZFS snapshots enabled us to restore the EU production web server to a known-good state.</li><li>Redundant
-services in two locations allowed us to run services from an alternate
-location while continuing to work on the affected servers and services.</li><li>A non-uniform set of compromised machines
-(Linux/CentOS i386, FreeBSD-7 amd_64, and Solaris 10 on sparc) made it
-difficult for the attackers to escalate privileges on multiple machines.</li></ul><h2>What didn't work?</h2><ul><li>The
-use of SSH keys facilitated this attack. In hindsight, our implementation left a lot to be
-desired--we did not restrict SSH keys appropriately, and we were
-unaware of their misuse.<br/></li><li>The rsync setup, which uses people.apache.org to manage the deployment of our websites, enabled the attackers to get their files onto the US mirror, undetected.</li><li>The ability to run CGI scripts in any virtual host, when most of our websites do not need this functionality, made us unnecessarily vulnerable to an attack of this nature.<br/></li><li>The lack of logs from the ApacheCon host prevents us from conclusively determining the full
-course of action taken by the attacker. All but one log file were deleted by the attacker, and logs were not kept off the machine.</li></ul><br/><h2>What changes we are making now?</h2>As a result of
-this intrusion we are making several changes, to help further secure our
-infrastructure from such issues in the future. These changes include the following:<ul><li>Requiring all users with <a href="http://www.freebsd.org/doc/en/books/handbook/one-time-passwords.html">elevated privileges to use OPIE for sudo</a> on certain machines.&nbsp; We already require this in some places, but will expand its use as necessary.<br/></li><li>Recreating
-and using new SSH keys, one per host, for backups.&nbsp; Also enforcing use of the
-from="" and command="" strings in the authorized keys file on the
-destination backup server. In tandem with access restrictions which only allow connections
-from machines that are actually backing up data, this will prevent 3rd party
-machines from being able to establish an SSH connection.&nbsp; <br/></li><ul><li>The
-command="" string in the authorized_keys file is now explicit, and only allows one way rsync traffic, due to the paths and flags used.</li><li>New keys have been generated for all hosts, with a minimum key length of at least 4096 bits .</li></ul><li>The
-VM that hosted the old apachecon.com site remains powered down, awaiting
-further detailed analysis.&nbsp; The apachecon.com website has been re-deployed on a
-new VM, with a new provider and different operating system.<br/></li><li>We are looking at disabling CGI support on most of our website systems.&nbsp; This has led to the creation of <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/projects/mod_asf_mirrorcgi/mod_asf_mirrorcgi.c">a new httpd module</a> that will handle things like mirror locations for downloads.<br/></li><li>The
-method by which most of our public facing websites are deployed to our production servers will also change, becoming a much more automated process. We hope to have switched over to a <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/projects/svnpubsub/svnpubsub.py">SvnSubPub</a> / <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/projects/svnpubsub/svnwcsub.py">SvnWcSub</a> based system within the next few weeks. <br/></li><li>We will re-implement measures such as IP banning after several failed logins, on all machines.&nbsp;</li><li>A
-proposal has been made to introduce centralized logging. This would include all system logs, and possibly also services such as smtpd and httpd.<br/></li></ul><p><br/><br/></p>
-</content><category term="blog"></category></entry><entry><title>apache.org downtime - initial report</title><link href="https://infra.apache.org/blog/apache_org_downtime_initial_report.html" rel="alternate"></link><published>2009-08-28T12:33:19+00:00</published><updated>2009-08-28T12:33:19+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-08-28:/blog/apache_org_downtime_initial_report.html</id><summary type="html"><p>This is a short overview of what happened on Friday August 28 2009
-to the apache.org services.&nbsp; A more detailed post will come at a later
-time after we complete the audit of all machines involved.</p><p> On August 27th, starting at
-about 18:00 UTC an account used for …</p></summary><content type="html"><p>This is a short overview of what happened on Friday August 28 2009
-to the apache.org services.&nbsp; A more detailed post will come at a later
-time after we complete the audit of all machines involved.</p><p> On August 27th, starting at
-about 18:00 UTC an account used for automated backups for the ApacheCon
-website hosted on a 3rd party hosting provider was used to upload files
-to minotaur.apache.org.&nbsp; The account was accessed using SSH key
-authentication from this host.<br/></p><p><b>To the best of our knowledge at this time, no end users were affected by this incident,&nbsp; and the attackers were not able to escalate their
-privileges on any machines.</b></p><b>While we have no evidence that downloads were affected, users are always advised to check digital
-signatures where provided.</b><p>minotaur.apache.org runs
-FreeBSD 7-STABLE and is more widely known as people.apache.org.&nbsp;
-Minotaur serves as the seed host for most apache.org websites, in
-addition to providing shell accounts for all Apache committers.</p><p>The
-attackers created several files in the directory containing files for
-www.apache.org, including several CGI scripts.&nbsp; These files were then
-rsynced to our production webservers by automated processes.&nbsp; At about
-07:00 on August 28 2009 the attackers accessed these CGI scripts over
-HTTP, which spawned processes on our production web services. </p><p>At about 07:45 UTC we noticed these rogue processes on eos.apache.org, the Solaris 10 machine that normally serves our websites.</p><p>Within the next 10 minutes we decided to shutdown all machines involved as a precaution.</p><p>After
-an initial investigation we changed DNS for most apache.org services to
-eris.apache.org, a machine not affected and provided a basic downtime
-message.</p><p>After investigation, we determined that our European fallover and backup machine, aurora.apache.org, was not affected.&nbsp;&nbsp; While
-the some files had been copied to the machine by automated rsync
-processes, none of them were executed on the host, and we restored from
-a ZFS snapshot to a version of all our websites before any accounts
-were compromised.</p><p>At this time several machines remain offline, but most user facing websites and services are now available.</p><p>We will provide more information as we can.<br/></p><p>&nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>Relaying mail from apache.org.</title><link href="https://infra.apache.org/blog/relaying_mail_from_apache_org.html" rel="alternate"></link><published>2009-08-01T12:24:57+00:00</published><updated>2009-08-01T12:24:57+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-08-01:/blog/relaying_mail_from_apache_org.html</id><summary type="html"><p>One of the more common issues committers face at Apache is in trying to send mail from their apache.org account.&nbsp; We've just made that process a whole lot easier by setting up an SSL-enabled, smtp-auth based mail submission service on people.apache.org port 465; which is compatible with …</p></summary><content type="html"><p>One of the more common issues committers face at Apache is in trying to send mail from their apache.org account.&nbsp; We've just made that process a whole lot easier by setting up an SSL-enabled, smtp-auth based mail submission service on people.apache.org port 465; which is compatible with gmail's <a href="http://gmailblog.blogspot.com/2009/07/send-mail-from-another-address-without.html">recently announced feature</a> to allow outbound mail from your apache.org address to be directed to people.apache.org, instead of to a gmail server, for delivery.&nbsp; Say goodbye to all the ezmlm moderation battles: your SMTP envelope sender will now match your From header!<br/></p><p>In the future we may wish to tighten up the SPF records for apache.org, so please take advantage of this new service for all outbound delivery of your personal apache.org email.<br/>&nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>Public Preview of Drafts feature added to ASF Roller instance</title><link href="https://infra.apache.org/blog/public_preview_of_drafts_feature.html" rel="alternate"></link><published>2009-07-15T06:59:48+00:00</published><updated>2009-07-15T06:59:48+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-07-15:/blog/public_preview_of_drafts_feature.html</id><summary type="html"><hr/>
-**Note**: Until June, 2023, the ASF supported using Apache Roller for project blogs. That support has ended. Please visit <a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a> for more information about blogs for projects.
-<hr/>
-<p>Previously, to be able to preview a draft post by any Roller Blog, one had to be a member user of that …</p></summary><content type="html"><hr/>
-**Note**: Until June, 2023, the ASF supported using Apache Roller for project blogs. That support has ended. Please visit <a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a> for more information about blogs for projects.
-<hr/>
-<p>Previously, to be able to preview a draft post by any Roller Blog, one had to be a member user of that blog.</p><p>For those that would like an easy way to post previews of drafts for lazy consensus or voting, a script has been setup to allow the preview url that Roller generates to be shared publicly. &nbsp;For example:</p><p>&nbsp;&nbsp; (roller preview url)<br/>&nbsp;&nbsp; &nbsp;<span class="Apple-style-span" style="color: rgb(34, 34, 34); font-family: 'Helvetica Neue'; font-size: 13px; "><a href="https://blogs.apache.org/roller-ui/authoring/preview/test/?previewEntry=testing">https://blogs.apache.org/roller-ui/authoring/preview/test/?previewEntry=testing</a></span></p><p>&nbsp;&nbsp; (public preview url)<br/>&nbsp;&nbsp; &nbsp;<a href="https://blogs.apache.org/preview/test/?previewEntry=testing"><span class="Apple-style-span" style="font-size: small; ">https://blogs.apache.org/preview/test/?previewEntry=testing</span></a></p><p>A typical process is to create the blog post, set it up to publish in&nbsp;3-4 days via the "Advanced Settings", then post the modified preview URL to your dev@ list with the anticipated publish date for lazy consensus.</p><p>Projects must opt-in by adding the "preview" user with "Limited" access.</p><p>Details here:</p><p><a href="http://www.apache.org/dev/blogs.html">http://www.apache.org/dev/blogs.html&nbsp;</a></p>
-</content><category term="blog"></category></entry><entry><title>Confluence 2.10 migration for cwiki.a.o 11 July1</title><link href="https://infra.apache.org/blog/confluence_2_10_migration_for.html" rel="alternate"></link><published>2009-07-07T07:04:25+00:00</published><updated>2009-07-07T07:04:25+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-07-07:/blog/confluence_2_10_migration_for.html</id><summary type="html"><p>
-The ASF Infrastructure Team will be upgrading the Confluence instance powering <a href="http://cwiki.apache.org">http://cwiki.apache.org</a> from Confluence 2.2.9 to <a href="http://confluence.atlassian.com/display/DOC/Confluence%202.10%20Release%20Notes">Confluence 2.10.3</a> on July 11 at 0400 UTC, or July 10 at 2100 PST.&nbsp; The migration is expected to take several hours. &nbsp;<br/><br/>If you haven't already, this …</p></summary><content type="html"><p>
-The ASF Infrastructure Team will be upgrading the Confluence instance powering <a href="http://cwiki.apache.org">http://cwiki.apache.org</a> from Confluence 2.2.9 to <a href="http://confluence.atlassian.com/display/DOC/Confluence%202.10%20Release%20Notes">Confluence 2.10.3</a> on July 11 at 0400 UTC, or July 10 at 2100 PST.&nbsp; The migration is expected to take several hours. &nbsp;<br/><br/>If you haven't already, this would be a good time to check the test migration instance at:<br/><br/><a href="http://confluence-test.zones.apache.org:8080">http://confluence-test.zones.apache.org:8080</a><br/><br/>Exported pages can be found at http://confluence-test.zones.apache.org:8080/export/SPACE_KEY/PAGE_TITLE.html&nbsp;&nbsp; If in doubt, find your existing exported pages at <a href="http://cwiki.apache.org/">http://cwiki.apache.org/</a>, so:<br/><br/><a href="http://cwiki.apache.org/WW/home.html">http://cwiki.apache.org/WW/home.html</a><br/><br/>will become<br/><br/><a href="http://confluence-test.zones.apache.org:8080/export/WW/home.html">http://confluence-test.zones.apache.org:8080/export/WW/home.html</a><br/><br/>As much as possible, the space export templates will be preserved in the migration, although changes to the Confluence UI will mean the exports will look different.<br/><br/>Further updates with regards to the Confluence 2.10.3 migration will posted to this blog.</p><h4>Update 11-07-2009</h4><p>The Confluence 2.10.3 upgrade has been completed and all spaces have been exported.&nbsp; There are a few things to note:</p><ol><li>The Gliffy license is out of date.&nbsp; I'll try to track down a new one.</li><li>The visibility plugin doesn't support Confluence 2.10.3.&nbsp; Not sure if anyone uses it, however.</li><li>The exported html, as warned, generally looks a bit different.&nbsp; Let me know if you have any issues tweaking your template.</li></ol><h4>Update 11-07-2009 part 2</h4><p>If, for some reason, your templates didn't get copied over or the exported site is so messed up you need the old version, the old files are available:</p><ul><li><i>Autoexport templates</i> - <a href="http://cwiki.apache.org/autoexport-2.2.9-templates">http://cwiki.apache.org/autoexport-2.2.9-templates</a></li><li><i>Autoexport-generated html</i> - <a href="http://cwiki.apache.org/autoexport-2.2.9">http://cwiki.apache.org/autoexport-2.2.9</a></li></ul><h4>Update 14-07-2009</h4>The Gliffy folks were kind enough to give us a new license.&nbsp; Please re-export any applicable spaces.<br/>
-</content><category term="blog"></category></entry><entry><title>It's official, we now have LDAP running!</title><link href="https://infra.apache.org/blog/it_s_official_we_now.html" rel="alternate"></link><published>2009-05-21T16:01:19+00:00</published><updated>2009-05-21T16:01:19+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-05-21:/blog/it_s_official_we_now.html</id><summary type="html"><p>Earlier this week the Infrastructure team rolled out phase one of the planned LDAP services. &nbsp;</p><p>We are using LDAP for authentication of shell accounts. &nbsp;For now this is the extent of the implementation, however the next phase should follow this quite quickly. </p><p>The next phase will involve moving to LDAP …</p></summary><content type="html"><p>Earlier this week the Infrastructure team rolled out phase one of the planned LDAP services. &nbsp;</p><p>We are using LDAP for authentication of shell accounts. &nbsp;For now this is the extent of the implementation, however the next phase should follow this quite quickly. </p><p>The next phase will involve moving to LDAP to manage access to our subversion repositories. This is a slightly more complicated migration as we currently use an SVNAuthz file, that contains the appropriate groups and their memberships. &nbsp;We are currently working on a new template system where by changes to LDAP will trigger a build of the SVNAuthz file based on groups in LDAP. &nbsp;This means we must watch LDAP changes, work on a template system, and if a new version of the template is checked into Subversion we need to trigger a build again. &nbsp;This is a work in progress at the moment.&nbsp;</p><p>If you find yourself in the position of needing to change your shell account password you can do it by doing this on the command line "ldappasswd -W -S -A -D uid=availid,ou=people,dc=apache,dc=org" &nbsp;-- Where availid is your ASF username. &nbsp; For example &nbsp;"ldappasswd -W -S -A -D uid=pctony,ou=people,dc=apache,dc=org". &nbsp;This is far from an elegant solution, but for now it works. &nbsp;You will be required to enter and confirm your current password, and then enter and confirm your new password choice, followed by your LDAP password (this is your old password) .</p><p>We are working on a web portal that will allow users to edit attributes, such as forwarding address, password, etc. &nbsp;This will be made available as soon as it is ready. &nbsp;If you don't know your current password, then you will need to email &nbsp;root@ as per usual.&nbsp;</p><p>You can follow the trials and tribulations of the rollout on my personal <a href="http://blog.pc-tony.com">blog</a> &nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>Git support at Apache</title><link href="https://infra.apache.org/blog/git_at_apache.html" rel="alternate"></link><published>2009-05-03T22:22:57+00:00</published><updated>2009-05-03T22:22:57+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-05-03:/blog/git_at_apache.html</id><summary type="html"><p><a href="http://git-scm.com/">Git</a> is a new version control system that has been getting increasingly popular during the past few years. Many Apache contributors have also expressed interested in using Git for working with Apache codebases. While the canonical location of all Apache source code is our Subversion repository, we also want to …</p></summary><content type="html"><p><a href="http://git-scm.com/">Git</a> is a new version control system that has been getting increasingly popular during the past few years. Many Apache contributors have also expressed interested in using Git for working with Apache codebases. While the canonical location of all Apache source code is our Subversion repository, we also want to support developers who prefer to use Git as their version control tool.</p><p>Based on work by volunteers on the <a href="http://www.apache.org/dev/infra-mail.html">infrastructure-dev@ mailing list</a>, we have recently set up read-only Git mirrors of many Apache codebases at <a href="http://git.apache.org/">http://git.apache.org/</a>.&nbsp;These mirrors contain the full version histories (including all branches and tags) of the mirrored codebases and are updated in near real time based on the latest svn commits.</p><p>See the <a href="http://www.apache.org/dev/git.html">documentation</a> and <a href="http://wiki.apache.org/general/GitAtApache">wiki</a> pages for more details about this service and how to best use it. We are also open to good ideas on how to extend or improve this service. Please join the infrastructure-dev@ mailing list for the ongoing discussion!</p>
-</content><category term="blog"></category></entry></feed>
\ No newline at end of file
+</ul></content><category term="blog"></category></entry><entry><title>Infra blogs has a new home</title><link href="https://infra.apache.org/blog/infra-blogs-has-a-new-home.html" rel="alternate"></link><published>2022-10-24T12:54:00+00:00</published><updated>2022-10-24T12:54:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-10-24:/blog/infra-blogs-has-a-new-home.html</id><content type="html"><p>Just moved posts over from blogs.apache.org/infra. New posts all go through the infrastructure-website repo and it should be as easy as posting some markdown.</p></content><category term="blog"></category></entry><entry><title>index</title><link href="https://infra.apache.org/blog/index.html" rel="alternate"></link><published>2020-02-02T00:00:00+00:00</published><updated>2020-02-02T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-02-02:/blog/index.html</id><content type="html"></content><category term="blog"></category></entry></feed>
\ No newline at end of file
diff --git a/output/feeds/blog.atom.xml b/output/feeds/blog.atom.xml
index f742ac4..abe2685 100644
--- a/output/feeds/blog.atom.xml
+++ b/output/feeds/blog.atom.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom"><title>Apache Infrastructure Website - blog</title><link href="https://infra.apache.org/" rel="alternate"></link><link href="https://infra.apache.org/feeds/blog.atom.xml" rel="self"></link><id>https://infra.apache.org/</id><updated>2024-04-25T00:00:00+00:00</updated><entry><title>Inside Infra April 2024</title><link href="https://infra.apache.org/blog/newsletter_04_24.html" rel="alternate"></link><published>2024-04-25T00:00:00+00:00</published><updated>2024-04-25T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-04-25:/blog/newsletter_04_24.html</id><summary type="html"><p>Welcome to <em>Inside Infra</em> for April, 2024.</p>
+<feed xmlns="http://www.w3.org/2005/Atom"><title>Apache Infrastructure Website - blog</title><link href="https://infra.apache.org/" rel="alternate"></link><link href="https://infra.apache.org/feeds/blog.atom.xml" rel="self"></link><id>https://infra.apache.org/</id><updated>2024-04-25T00:00:00+00:00</updated><entry><title>Inside Infra April 2024</title><link href="https://infra.apache.org/blog/inside-infra-april-2024.html" rel="alternate"></link><published>2024-04-25T00:00:00+00:00</published><updated>2024-04-25T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-04-25:/blog/inside-infra-april-2024.html</id><summary type="html"><p>Welcome to <em>Inside Infra</em> for April, 2024.</p>
<h2>Infra Reporting Dashboard</h2>
<p>The dashboard, at <a href="https://infra-reports.apache.org/" target="_blank">infra-reports.apache.org</a>, provides a collection of reports on the overall health and activity of the infrastructure at the ASF. These reports can be helpful in understanding the status of all the ASF 'under the hood' resources …</p></summary><content type="html"><p>Welcome to <em>Inside Infra</em> for April, 2024.</p>
<h2>Infra Reporting Dashboard</h2>
@@ -7,17 +7,17 @@
<p>Some of the reports are open to the public, while others are restricted to those who genuinely need them; see the documentation at <a href="https://infra.apache.org/infra-reports.html" target="_blank">infra.apache.org/infra-reports.html</a>.</p>
<h2>MFA at the ASF</h2>
<p>Infra is working on policies to cover use of multi-factor authorization (MFA) at The ASF, and tooling to support and enable those policies. The goal is to provide the best-possible security for user accounts at the lowest reasonable level of disruption to work processes.</p>
-<p>The draft of the main MFA policy, with a link to the policy on restoring MFA when someone has lost a key element of it, is available at <a href="https://infra.apache.org/mfa.html" target="_blank">infra.apache.org/mfa.html</a>.</p>
+<p>The draft of the main MFA policy, with a link to the policy on restoring MFA when someone has lost a key element of it, is available at <a href="https://infra.apache.org/mfa.html" target="_blank">infra.apache.org/mfa.html</a>. </p>
<p>As we refine the policy and bring the tools to support it online, we will update the policy page. We will make a general announcement when we are close to bringing MFA live for The ASF and its projects.</p>
<h2>Roundtable</h2>
<p>There was no April roundtable.</p>
-<p>The May Roundtable will be on Wednesday, May 8, 2024, 1700 UTC. The topic of the day will be "How PMCs can use the STeVe voting tool", with a live demonstration. There will probably also be time for unstructured discussion about other issues and concerns related to infrastructure.</p>
+<p>The May Roundtable will be on Wednesday, May 8, 2024, 1700 UTC. The topic of the day will be "How PMCs can use the STeVe voting tool", with a live demonstration. There will probably also be time for unstructured discussion about other issues and concerns related to infrastructure. </p>
<p>Info about the roundtables is at <a href="https://infra.apache.org/roundtable.html" target="_blank">infra.apache.org/roundtable.html</a>.</p>
<h2>Access to the Confluence Wiki</h2>
<p>To deal with the creation of spammy accounts and risks to ASF and project information on the wiki, we have limited account-creation: committers and ASF members can automatically log in to the ASF Confluence Wiki without creating an account. At the moment people who do not have an ASF LDAP account <strong>cannot</strong> create an account in the wiki.</p>
<hr/>
-<p>The next issue of <em>Inside Infra</em> will appear near the end of May, 2024.</p>
-</content><category term="blog"></category></entry><entry><title>Inside Infra March 2024</title><link href="https://infra.apache.org/blog/newsletter_03_24.html" rel="alternate"></link><published>2024-03-23T00:00:00+00:00</published><updated>2024-03-23T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-03-23:/blog/newsletter_03_24.html</id><summary type="html"><p>Welcome to <strong>Inside Infra</strong> for March, 2024.</p>
+
+<p>The next issue of <em>Inside Infra</em> will appear near the end of May, 2024.</p></content><category term="blog"></category></entry><entry><title>Inside Infra March 2024</title><link href="https://infra.apache.org/blog/inside-infra-march-2024.html" rel="alternate"></link><published>2024-03-23T00:00:00+00:00</published><updated>2024-03-23T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-03-23:/blog/inside-infra-march-2024.html</id><summary type="html"><p>Welcome to <strong>Inside Infra</strong> for March, 2024.</p>
<h3>Policy change on use of GitHub Actions</h3>
<p>Due to misconfigurations in their builds, some projects have been using unsupportable numbers of GitHub Actions. As part of fixing this situation, Infra has added a 'resource use' section to the policy on GitHub Actions. This …</p></summary><content type="html"><p>Welcome to <strong>Inside Infra</strong> for March, 2024.</p>
<h3>Policy change on use of GitHub Actions</h3>
@@ -29,26 +29,25 @@
<li>The average number of minutes a project uses in any consecutive five-day period MUST NOT exceed the equivalent of 30 full-time runners (216,000 minutes, or 3,600 hours).</li>
<li>Projects whose builds consistently cross the maximum use limits will lose their access to GitHub Actions until they fix their build configurations.</li>
</ul>
-<p>The full policy is at <a href="https://infra.apache.org/github-actions-policy.html" target="_blank"><a href="https://infra.apache.org/github-actions-policy.html">https://infra.apache.org/github-actions-policy.html</a></a>.</p>
+<p>The full policy is at <a href="https://infra.apache.org/github-actions-policy.html" target="_blank">https://infra.apache.org/github-actions-policy.html</a>.</p>
<h3>Roundtable summary</h3>
<p>In the Roundtable of March 3, 2024, Clay Johnson of Gradle outlined the testing features that come with Develocity, focussing on their use with Gradle and Maven. For instance:</p>
<ul>
<li>The build scan gives insights into what goes on in a build, and can help a project quickly focus on tests that are failing or flaky, and address related code issues.</li>
<li>Predictive test selection can speed up certain types of builds by skipping the tests that are not relevant to the build.</li>
</ul>
-<p>A fuller summary of this discussion, and conversation about GitHub Runners and other topics, is at <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable+2024-03-06%2C+17%3A00+UTC" target="_blank"><a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable+2024-03-06%2C+17%3A00+UTC">https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable+2024-03-06%2C+17%3A00+UTC</a></a>, and is available to ASF Members and Committers.</p>
+<p>A fuller summary of this discussion, and conversation about GitHub Runners and other topics, is at <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable+2024-03-06%2C+17%3A00+UTC" target="_blank">https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable+2024-03-06%2C+17%3A00+UTC</a>, and is available to ASF Members and Committers.</p>
<p><strong>Note</strong>: There will be <strong>no April 2024 Roundtable</strong>. The series will resume in May.</p>
<h3>The end of Apache Paste Bucket?</h3>
<p>In 2013 Infra rolled out Apache Paste Bucket (<code>http://paste.apache.org/</code>). In a blog entry at the time, we described it as an "ASF-driven site for posting snippets, scripts, logging output, configurations and much more and sharing them with the world."</p>
<p>The tool has seen some use over the past decade, but has had very little traffic in the last couple of years. To keep Apache Paste Bucket available, the code would require a significant upgrade. Unless we hear that the tool is important to some part of the ASF community, we plan to shut down Apache Paste in the near future.</p>
<hr/>
-The next newsletter will appear toward the end of April, 2024.
-</content><category term="blog"></category></entry><entry><title>Inside Infra February 2024</title><link href="https://infra.apache.org/blog/newsletter_02_24.html" rel="alternate"></link><published>2024-02-20T00:00:00+00:00</published><updated>2024-02-20T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-02-20:/blog/newsletter_02_24.html</id><summary type="html"><p><em>Hello, all!</em></p>
+<p>The next newsletter will appear toward the end of April, 2024.</p></content><category term="blog"></category></entry><entry><title>Inside Infra February 2024</title><link href="https://infra.apache.org/blog/inside-infra-february-2024.html" rel="alternate"></link><published>2024-02-20T00:00:00+00:00</published><updated>2024-02-20T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-02-20:/blog/inside-infra-february-2024.html</id><summary type="html"><p><em>Hello, all!</em></p>
<h2>Newsletter name</h2>
-<p>Our very unscientific poll showed that "Inside Infra" has the most support as a name for this newsletter, so that is what we shall be.</p>
+<p>Our very unscientific poll showed that "Inside Infra" has the most support as a name for this newsletter, so that is what we shall be. </p>
<p><strong>Note</strong>: in 2020 the main ASF blog published a series of interviews with Infra team members also called "Inside Infra". Links …</p></summary><content type="html"><p><em>Hello, all!</em></p>
<h2>Newsletter name</h2>
-<p>Our very unscientific poll showed that "Inside Infra" has the most support as a name for this newsletter, so that is what we shall be.</p>
+<p>Our very unscientific poll showed that "Inside Infra" has the most support as a name for this newsletter, so that is what we shall be. </p>
<p><strong>Note</strong>: in 2020 the main ASF blog published a series of interviews with Infra team members also called "Inside Infra". Links to the interviews are available at <a href="https://cwiki.apache.org/confluence/display/INFRA/The+Infrastructure+team" target="_blank">The Infrastructure team</a>.</p>
<h2>2023 year-end survey</h2>
<p>We held our second annual year-end survey and got a lot of participation. Overall satisfaction with Infra's work seems high, but there were also a series of very useful suggestions and ideas. This newsletter, in fact, is a response to one of the suggestions.</p>
@@ -83,8 +82,7 @@
still be rejected.</p>
<h2>Excellent questions</h2>
<p>Some of the best stuff Infra does has evolved from project members' questions and suggestions. If you have an infrastructure-related question, feel free to ask it on the <code>users@infra.apache.org</code> email list. We may share your question, and our answer to it, in a coming newslette</p>
-<p><em>That's it until next month!</em></p>
-</content><category term="blog"></category></entry><entry><title>2023 Infra Survey Results</title><link href="https://infra.apache.org/blog/2023%20Infra%20Survey%20Results.html" rel="alternate"></link><published>2024-02-13T00:00:00+00:00</published><updated>2024-02-13T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-02-13:/blog/2023 Infra Survey Results.html</id><summary type="html"><p>More than 50 people posted responses to our 2023 'year in review' survey. Here is a summary of the responses to questions and the comments added in each section.</p>
+<p><em>That's it until next month!</em></p></content><category term="blog"></category></entry><entry><title>2023 Infra Survey Results</title><link href="https://infra.apache.org/blog/2023-infra-survey-results.html" rel="alternate"></link><published>2024-02-13T00:00:00+00:00</published><updated>2024-02-13T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-02-13:/blog/2023-infra-survey-results.html</id><summary type="html"><p>More than 50 people posted responses to our 2023 'year in review' survey. Here is a summary of the responses to questions and the comments added in each section.</p>
<p>We're grateful to those who took the time to fill out the survey. Without feedback like this, the Infra team can …</p></summary><content type="html"><p>More than 50 people posted responses to our 2023 'year in review' survey. Here is a summary of the responses to questions and the comments added in each section.</p>
<p>We're grateful to those who took the time to fill out the survey. Without feedback like this, the Infra team can feel a bit like it is flailing around in the dark.</p>
<h2>Summary of responses</h2>
@@ -97,13 +95,12 @@
<li>Do not need it / no pressing issues</li>
<li>Timezone issues (the roundtables frequently happen at a time which is more convenient to people in Europe and North American than in Asia)</li>
</ul>
-<p>88.9% say the roundtables &lsquo;provide value&rsquo;.</p>
+<p>88.9% say the roundtables ‘provide value’.</p>
<p>Topics respondents would like roundtables to address:</p>
<ul>
<li>Things Infra is working on that might be useful to PMCs</li>
<li>Vulnerability scanning</li>
-<li>Automation of
-<ul>
+<li>Automation of<ul>
<li>voting</li>
<li>policy compliance verification</li>
<li>releases</li>
@@ -140,27 +137,27 @@
</ul>
<p>We asked which existing services need improvement. These areas got the most votes:</p>
<ul>
-<li>CI/CD (Jenkins, BuildBot, GitHub Actions &ndash; 62%</li>
-<li>Issue Tracking (Jira, GitHubIssues, Bugzilla) &ndash; 31%</li>
-<li>Documentation / Wiki pages &ndash; 31%</li>
-<li>Source control (GitHub/GitBox, SVN) &ndash; 19%</li>
-<li>Messaging (Slack, mailing lists) &ndash; 19%</li>
+<li>CI/CD (Jenkins, BuildBot, GitHub Actions – 62%</li>
+<li>Issue Tracking (Jira, GitHubIssues, Bugzilla) – 31%</li>
+<li>Documentation / Wiki pages – 31%</li>
+<li>Source control (GitHub/GitBox, SVN) – 19%</li>
+<li>Messaging (Slack, mailing lists) – 19% </li>
</ul>
<p>Comments:</p>
<ul>
<li>Archived blog content is greatly bit rotted with no way to fix; no good modern blogging options</li>
-<li>ASF project websites vary widely in visual appeal and functionality. How to make it easier to quickly set up &lsquo;modern looking&rsquo; websites?</li>
-<li>Issue tracking &ndash; automated scripts to migrate existing issues from Jira to GitHub Issues.</li>
-<li>Fix tool sprawl &ndash; self-serve, whimsy, reporter, cveprocess...</li>
+<li>ASF project websites vary widely in visual appeal and functionality. How to make it easier to quickly set up ‘modern looking’ websites?</li>
+<li>Issue tracking – automated scripts to migrate existing issues from Jira to GitHub Issues.</li>
+<li>Fix tool sprawl – self-serve, whimsy, reporter, cveprocess...</li>
<li>Jenkins seems outdated. Would prefer something like Concourse.</li>
-<li>Research an official Stack Overflow integration as an alternative to users&rsquo; lists?</li>
-<li>In CI/CD, we don&rsquo;t really have any CD. Where can we deploy test apps?</li>
+<li>Research an official Stack Overflow integration as an alternative to users’ lists?</li>
+<li>In CI/CD, we don’t really have any CD. Where can we deploy test apps?</li>
<li>Docker Images.</li>
<li>More control over Docker Hub repos.</li>
<li>Builds are sometimes flaky because of disk-full error, broken hardware, missing build tools...</li>
<li>Builds are very slow for projects with a large number of modules and different workflows for different test suites. Such projects need more dedicated resources.</li>
-<li>It&rsquo;s easy for projects to configure build pipelines that don&rsquo;t work well.</li>
-<li>I shouldn&rsquo;t have to create a filter to understand the context of an email from the ASF.</li>
+<li>It’s easy for projects to configure build pipelines that don’t work well.</li>
+<li>I shouldn’t have to create a filter to understand the context of an email from the ASF.</li>
<li>Struggling to find good documentation on Buildbot hosts, in particular for setting up a Windows build.</li>
<li>In a multilanguage project, Kotlin is not counted.</li>
<li>Mailing list noise from GitHub/GitBox. Drop messages from some bots.</li>
@@ -171,15 +168,15 @@
<li>Jenkins builds should be containerized and isolated from one another, so one build does not bring down a node for everybody else. Need guaranteed minimum performance for performance-sensitive build tests.</li>
<li>Improve the messaging of Jira to the mailing lists.</li>
</ul>
-<h3>New Year&rsquo;s resolutions for projects:</h3>
+<h3>New Year’s resolutions for projects:</h3>
<ul>
<li>Hope to make more frequent releases (multiple mentions).</li>
<li>Get it fully, reproducibly built with OID integration to release it via Trusted Publishing to PyPI.</li>
-<li>Reduce &lsquo;onboarding barriers&rsquo; and bridging projects for more synergy.</li>
+<li>Reduce ‘onboarding barriers’ and bridging projects for more synergy.</li>
<li>Add documentation tutorials.</li>
<li>Attracting more people to work on the documentation.</li>
</ul>
-<h3>New Year&rsquo;s hopes to get from Infra, the ASF, from your project</h3>
+<h3>New Year’s hopes to get from Infra, the ASF, from your project</h3>
<ul>
<li>Easy to use and secure package and releasing platform (Working on it!)</li>
<li>More reliability</li>
@@ -192,14 +189,13 @@
</ul>
<h3>Feedback for the Infra team:</h3>
<p>Most of the comments were positive, with thanks for our efforts and good wishes for the new year.</p>
-<p>And there was one &ldquo;Well, there is that one guy...&rdquo; (working on it!)</p>
-</content><category term="blog"></category></entry><entry><title>The Infra Newsletter January 2024</title><link href="https://infra.apache.org/blog/newsletter_01_24.html" rel="alternate"></link><published>2024-01-20T00:00:00+00:00</published><updated>2024-01-20T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-01-20:/blog/newsletter_01_24.html</id><summary type="html"><p>Hi, all!</p>
+<p>And there was one “Well, there is that one guy...” (working on it!)</p></content><category term="blog"></category></entry><entry><title>The Infra Newsletter January 2024</title><link href="https://infra.apache.org/blog/the-infra-newsletter-january-2024.html" rel="alternate"></link><published>2024-01-20T00:00:00+00:00</published><updated>2024-01-20T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2024-01-20:/blog/the-infra-newsletter-january-2024.html</id><summary type="html"><p>Hi, all!</p>
<p>Someone who responded to our annual survey (see below) suggested that we start a newsletter to share developments and other news. The suggester thought we should send it to the <code>dev@</code> list of every PMC and PPMC, but we are going to start with a more limited distribution …</p></summary><content type="html"><p>Hi, all!</p>
<p>Someone who responded to our annual survey (see below) suggested that we start a newsletter to share developments and other news. The suggester thought we should send it to the <code>dev@</code> list of every PMC and PPMC, but we are going to start with a more limited distribution and see if the benefit to readers outweighs the additional email traffic. If you would like to get each issue in your email inbox, make sure you are subscribed to <code>users@infra.apache.org</code>.</p>
<p>The complete text of each month's newsletter appears here on the Infra blog.</p>
<p>Expect to see a new installment of the newsletter toward the end of each month. If you have suggestions, please share them in an email to <code>users@infra.apache.org</code>.</p>
<h2>The Infra year-end survey</h2>
-<p>As we start 2024, we're using a survey to review infrastructure developments and plans for the ASF. We will compile responses into an anonymized report to share with the whole ASF community and to provide the Infrastructure team with insights that may help us improve our work in the new year.</p>
+<p>As we start 2024, we're using a survey to review infrastructure developments and plans for the ASF. We will compile responses into an anonymized report to share with the whole ASF community and to provide the Infrastructure team with insights that may help us improve our work in the new year. </p>
<p>If you have not had a chance to fill out the survey yet, <a href="https://forms.gle/rQwYykCuP3Z1ij5Z9" target="_blank">it is here</a>. It will be active until <strong>February 2, 2024</strong>.</p>
<h2>The Infra Roundtable</h2>
<p>Last year the Infrastructure team started holding monthly <strong>Roundtable</strong> meetings, in response to requests for a way to discuss infrastructure issues and initiatives. In 2023, we held ten such meetings, usually on the first Wednesday of each month. One meeting was face-to-face, as a part of Community Over Code North America.</p>
@@ -211,8 +207,7 @@
<p>While Infra will be taking part in both <strong>Community over Code</strong> (CoC) <strong>Europe</strong> and <strong>CoC North America</strong> in 2024, we will not be able to send team members to <strong>CoC Asia</strong>. It would be great if anyone attending could pass on to us, by email or through our Slack channel, insights or issues discussed at the conference that are relevant to Infra.</p>
<h2>What's in a name?</h2>
<p>What should we call this thing? "The Infra Newsletter" is straightforward, but maybe not all that catchy. "Infractions", while being a cute mashup of "Infra" and "actions", may not be clear to readers for whom English is not their best language.</p>
-<p>Use <a href="https://forms.gle/TCEDGdE9VHM45CGJA" target="_blank">this link</a> to vote for a name you prefer for the Infra newsletter: The poll is on Google Drive, but you do not have to log in to use it. The poll will stay open until <strong>February 5, 2024</strong>.</p>
-</content><category term="blog"></category></entry><entry><title>Add your wisdom to Infra</title><link href="https://infra.apache.org/blog/add_wisdom.html" rel="alternate"></link><published>2023-11-17T01:55:55+00:00</published><updated>2023-11-17T01:55:55+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2023-11-17:/blog/add_wisdom.html</id><summary type="html"><p>Committers, contributors, and ASF Members have a wealth of information about every aspect of software and community development. When we share our knowledge, its reach multiplies and our effectiveness increases.</p>
+<p>Use <a href="https://forms.gle/TCEDGdE9VHM45CGJA" target="_blank">this link</a> to vote for a name you prefer for the Infra newsletter: The poll is on Google Drive, but you do not have to log in to use it. The poll will stay open until <strong>February 5, 2024</strong>.</p></content><category term="blog"></category></entry><entry><title>Add your wisdom to Infra</title><link href="https://infra.apache.org/blog/add-your-wisdom-to-infra.html" rel="alternate"></link><published>2023-11-17T01:55:55+00:00</published><updated>2023-11-17T01:55:55+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2023-11-17:/blog/add-your-wisdom-to-infra.html</id><summary type="html"><p>Committers, contributors, and ASF Members have a wealth of information about every aspect of software and community development. When we share our knowledge, its reach multiplies and our effectiveness increases.</p>
<p>For the infrastructure that supports all our efforts at the ASF, here are some ways to share what you know …</p></summary><content type="html"><p>Committers, contributors, and ASF Members have a wealth of information about every aspect of software and community development. When we share our knowledge, its reach multiplies and our effectiveness increases.</p>
<p>For the infrastructure that supports all our efforts at the ASF, here are some ways to share what you know with the folks with the greatest need to hear it:</p>
<p><strong>Share your smarts</strong></p>
@@ -220,11 +215,9 @@
<p>The issues range in complexity. Any committer or ASF Member is well-positioned to answer all but the most gnarly ones.</p>
<p><strong>Join the Roundtables</strong></p>
<p>Infra holds regular roundtable discussions on important topics in the World of Infrastructure. These are not lectures, where an Infra member holds forth and everybody is supposed to sit in respectful silence. Rather, the Infra team is hoping to gain insights and guidance from members of the ASF community that will improve how the team works or a tool it is developing.</p>
-<p>The roundtables usually take place on the <strong>first Wednesday of each month</strong>, on the <code>#roundtable</code> channel in the <code>the-ASF</code> workspace on Slack. They are available to anyone who can access the ASF workspace on Slack: basically, committers and Members.</p>
-<ul>
-<li>Here are <a href="https://infra.apache.org/roundtable.html" target="_blank">details about the Roundtables</a>, including information on joining the <code>#roundtable</code> channel.</li>
-<li>We don't record the sessions, but we do take <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable" target="_blank">copious notes</a>.</li>
-</ul>
+<p>The roundtables usually take place on the <strong>first Wednesday of each month</strong>, on the <code>#roundtable</code> channel in the <code>the-ASF</code> workspace on Slack. They are available to anyone who can access the ASF workspace on Slack: basically, committers and Members.
+ - Here are <a href="https://infra.apache.org/roundtable.html" target="_blank">details about the Roundtables</a>, including information on joining the <code>#roundtable</code> channel.
+ - We don't record the sessions, but we do take <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable" target="_blank">copious notes</a>.</p>
<p><strong>Build better builds</strong></p>
<p>A group meets regularly (usually the second Thursday of the month) in the <code>#builds</code> channel in the <code>the-ASF</code> workspace on Slack to explore issues related to builds of ASF projects' products. You are welcome whether you have a puzzle you need help solving, or some insights that may help others.</p>
<p><strong>Re-vision distribution</strong></p>
@@ -240,1343 +233,4 @@
<li>Join the <code>artifacts@infra.apache.org</code> mailing list.</li>
<li>Ask to be invited to the <code>artifact-platform-dev</code> channel in the <code>the-ASF</code> workspace on Slack.</li>
<li>Review the <a href="https://cwiki.apache.org/confluence/display/INFRA/Artifacts+Distribution+Platform" target="_blank">current collection of ideas and issues</a> related to the ADP. Add your thoughts/concerns/insights in the editable pages linked to from that main page. (Note: we have already blue-skied a very complex application. If you suggest another component, we may invite you to help develop it.)</li>
-</ul>
-</content><category term="blog"></category></entry><entry><title>Brand New Self-serve Page</title><link href="https://infra.apache.org/blog/brand-new-selfserve-page.html" rel="alternate"></link><published>2023-03-01T00:00:00+00:00</published><updated>2023-03-01T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2023-03-01:/blog/brand-new-selfserve-page.html</id><summary type="html"><p>Greetings all!</p>
-<p>We're announcing a new look for selfserve.apache.org today! It's a completely updated site, featuring a new layout which we hope will suit everyone better. The new update also cleans up a some tech debt we've had with the old site, so adding new features or integrations …</p></summary><content type="html"><p>Greetings all!</p>
-<p>We're announcing a new look for selfserve.apache.org today! It's a completely updated site, featuring a new layout which we hope will suit everyone better. The new update also cleans up a some tech debt we've had with the old site, so adding new features or integrations should be easier for us to roll out.</p>
-<h4>New Features</h4>
-<p>One of the new features we've also rolled out on selfserve.apache.org is the ability for someone to request a <a href="https://selfserve.apache.org/jira-account.html">public Jira account</a> through the page! We've been trying to develop a way to fight spammers and bad actors for a while on Jira and we know based on feedback that turning off the public signup link has caused some new issues. This is a brand new process whereby someone (existing committer or not) can fill out the form, add some detail as to why they are asking for access, and then a mail is sent to the PMC to approve or deny the request. The requester gets updated when their account is approved or denied, with the PMC having the ability to reply with a reason for denial.</p>
-<p><a href="https://selfserve.apache.org">Feel free to check it out</a>, tell your friends, break it and email <a href="mailto:users@infra.apache.org">users@infra.apache.org</a> with any details! Fun for the entire family!</p>
-</content><category term="blog"></category></entry><entry><title>2022 Infra Survey Results</title><link href="https://infra.apache.org/blog/2022_Infra_Survey_Results.html" rel="alternate"></link><published>2023-01-11T00:00:00+00:00</published><updated>2023-01-11T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2023-01-11:/blog/2022_Infra_Survey_Results.html</id><summary type="html"><h3>Intro</h3>
-<p>I'd like to thank everyone who took time to take the survey. This is the first time that I know of that we've tried something like this, and feedback is very important. I'd also like to take a second to clarify my tone for this article. I'm presenting as …</p></summary><content type="html"><h3>Intro</h3>
-<p>I'd like to thank everyone who took time to take the survey. This is the first time that I know of that we've tried something like this, and feedback is very important. I'd also like to take a second to clarify my tone for this article. I'm presenting as Chris T. the Infra person, not as an ASF Member or committer. So when I say "we" or "us", I'm referring to the other Infra folks, not specifically the Foundation as a whole or any Members. I am not posting the full results, but a summary of the data, as we had some responses that used enough information to identify the person being discussed. Those responses are 100% valid and I don't want to post an incomplete dataset with them removed.</p>
-<h3>Summary of Results</h3>
-<p>We sent the survey to 4109 people (and anyone who went to the blog post would also have been able to complete the survey) and received 80 responses. While that isn't a huge number of results, it's a very manageable dataset to parse through. I also presume that some people submitting responses were conveying information gathered from other participants in their project. There weren't many surprises in responses, as we all know a lot of the pain points. However, it's vital for the Infra team to have data to back up our work and the resources we offer.</p>
-<p>Here are the top subjects that were referred to:</p>
-<ol>
-<li>Public Jira access is a problem</li>
-<li>Communication is a problem
-<ul>
-<li>Open/Public Slack</li>
-<li>General Infra communications</li>
-</ul>
-</li>
-<li>CI/CD is a problem
-<ul>
-<li>Capacity/Speed</li>
-<li>Platforms (Jenkins, Buildbot, GHA, etc.)</li>
-</ul>
-</li>
-<li>Release process is a problem</li>
-</ol>
-<p>The charts reflect the data above:</p>
-<img src="../images/image1.png" width="450"/>
-<img src="../images/image2.png" width="450"/>
-<img src="../images/image3.png" width="450"/>
-<img src="../images/image4.png" width="450"/>
-<h3>Next Steps</h3>
-<p>The easy thing would be to say, &ldquo;Let&rsquo;s fix all the things!&rdquo; To be honest, there is on-going work with all the above issues, but most of them are not subject to a quick fix or a short answer. Now that we have data and a baseline, we&rsquo;ll evaluate and discuss how we&rsquo;re going to address your concerns. Since that I&rsquo;ve never done one of these surveys before, I do not have the next steps laid out, so we&rsquo;ll have to take them together.</p>
-</content><category term="blog"></category></entry><entry><title>The Joy of Feedback (2022 Infra Survey)</title><link href="https://infra.apache.org/blog/the_joy_of_feedback.html" rel="alternate"></link><published>2022-12-01T00:00:00+00:00</published><updated>2022-12-01T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-12-01:/blog/the_joy_of_feedback.html</id><summary type="html"><p>In discussions at ApacheCon in New Orleans, we learned that the three standard methods of communicating with Infra:&nbsp;</p>
-<ul>
-<li>opening a Jira ticket&nbsp;</li>
-<li>sending an email&nbsp;</li>
-<li>posting a message on the <code>#asfinfra</code> Slack channel</li>
-</ul>
-<p>are not ideal for many conversations folks would like to have about The ASF's infrastructure.</p>
-<h2>Roundtable Discussions …</h2></summary><content type="html"><p>In discussions at ApacheCon in New Orleans, we learned that the three standard methods of communicating with Infra:&nbsp;</p>
-<ul>
-<li>opening a Jira ticket&nbsp;</li>
-<li>sending an email&nbsp;</li>
-<li>posting a message on the <code>#asfinfra</code> Slack channel</li>
-</ul>
-<p>are not ideal for many conversations folks would like to have about The ASF's infrastructure.</p>
-<h2>Roundtable Discussions</h2>
-<p>Infra is proposing to hold a monthly roundtable of free-flowing discussion.</p>
-<p>Our idea right now is that each roundtable event will take place in a Slack huddle and will last an hour.&nbsp;
-&nbsp;
-The first (shorter) part will be Infra talking about a topic of interest, something we are planning, or a problem we are facing.
-Then we'll open the floor for everyone to talk about that topic... and about anything else infrastructure-related.</p>
-<p>We'll create a bullet-point summary of what we talked about, and will make the summaries available in our CWiki space.</p>
-<h2>Surveys</h2>
-<p>We'd also like to start using regular surveys to get to understand the heart of the problems that our projects and podlings face.</p>
-<p>Our plan with surveys is two-fold.</p>
-<p>First, to get a finger on the pulse of projects and a "2022 year in review" baseline. Since this is the first time we're trying this. it's likely that future surveys will contain different questions.</p>
-<p>Second, we'll be sending out surveys on a regular basis, something like every six months or so, just to keep a feedback loop going.</p>
-<p>Surveys will be anonymous and results will be posted on the Infra blog. Depending on timing, they will also be discussed in the roundtables if the data is pertinent.</p>
-<p><a href="https://infra.apache.org/surveys/survey-1.html">You can find the survey here</a></p>
-<p>Cheers,</p>
-<ul>
-<li>ASF Infra</li>
-</ul>
-</content><category term="blog"></category></entry><entry><title>New Jenkins Nodes running Windows</title><link href="https://infra.apache.org/blog/new-jenkins-nodes-running-windows.html" rel="alternate"></link><published>2022-11-21T00:00:00+00:00</published><updated>2022-11-21T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-11-21:/blog/new-jenkins-nodes-running-windows.html</id><summary type="html"><p>This afternoon, we rolled out two new Shared Jenkins Nodes, jenkins-win-azr-7 and 8. They are both in rotation, using the labels Windows and Windows-Docker. The second label was put in place as the older nodes can't run Docker Desktop. I've also tried setting these up by cloning disks instead of …</p></summary><content type="html"><p>This afternoon, we rolled out two new Shared Jenkins Nodes, jenkins-win-azr-7 and 8. They are both in rotation, using the labels Windows and Windows-Docker. The second label was put in place as the older nodes can't run Docker Desktop. I've also tried setting these up by cloning disks instead of from the ground up.
-Feel free to test them out, all the usual tools are in place (as well as Docker).</p>
-</content><category term="blog"></category></entry><entry><title>Jira Public Signup Disabled</title><link href="https://infra.apache.org/blog/jira-public-signup-disabled.html" rel="alternate"></link><published>2022-11-11T16:48:00+00:00</published><updated>2022-11-11T16:48:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-11-11:/blog/jira-public-signup-disabled.html</id><summary type="html"><p>Today, the Infrastructure Team took the step to disable public signups to ASF Jira</p>
-<p>This was not done lightly. The main reason for this is the amount of spam and spam accounts that are created every day, it has
-made managing Jira a big effort. In addition, Infra are planning …</p></summary><content type="html"><p>Today, the Infrastructure Team took the step to disable public signups to ASF Jira</p>
-<p>This was not done lightly. The main reason for this is the amount of spam and spam accounts that are created every day, it has
-made managing Jira a big effort. In addition, Infra are planning with Atlassian to move to their Cloud service, where account
-limitations apply; and our current self hosted instance is around 150000 users above the limit required for migration.</p>
-<p>Daily spam account creations undermine our efforts to reduce the user counts and so we must stop the creation of the spam
-accounts themselves, not just the spam issues/comments created from them.</p>
-<p>Projects have for a long time wanted a resolution to the spam problems that plague their Jira Projects, often these spam issues
-and comments go unnoticed, and the added attraction to spammers is that all issues get copied to mailing list archives.</p>
-<p>From now on, until such a time as we migrate to Atlassian Cloud, we ask that Projects themselves take on the task of creating
-the Jira account requests that come in. Projects are encouraged but not required to create a dedicated private mailing list where
-users can email to ask for an account.</p>
-<p>Once an account has been created, that user is then automatically whitelisted to create issues anywhere within our Jira instance.</p>
-<p>We appreciate that this is not as convenient as having public signups on, but we must do this in order to move forward and to
-stop the spam in its entirety.</p>
-<p>Any questions or concerns please feel free to email <a href="mailto:users@infra.apache.org">users@infra.apache.org</a></p>
-<p>Kind Regards</p>
-<p>The ASF Infrastructure Team</p>
-</content><category term="blog"></category></entry><entry><title>Infra blogs has a new home</title><link href="https://infra.apache.org/blog/Blogs%20has%20a%20new%20home.html" rel="alternate"></link><published>2022-10-24T12:54:00+00:00</published><updated>2022-10-24T12:54:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-10-24:/blog/Blogs has a new home.html</id><content type="html"><p>Just moved posts over from blogs.apache.org/infra. New posts all go through the infrastructure-website repo and it should be as easy as posting some markdown.</p>
-</content><category term="blog"></category></entry><entry><title>Email service interruption and restoration July 12, 2022</title><link href="https://infra.apache.org/blog/email-service-interruption-and-restoration.html" rel="alternate"></link><published>2022-07-13T16:41:38+00:00</published><updated>2022-07-13T16:41:38+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-07-13:/blog/email-service-interruption-and-restoration.html</id><summary type="html"><p><b>July 13, 2022</b></p><p><span style='color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>At around 09:11 UTC on Tuesday, July 12th 2022, the primary mailing list server (colloquially known as <b>Hermes</b>) at The Apache Software Foundation suffered a fatal breakdown and became unresponsive.</span><br/></p><p style='margin-bottom: 0px; padding: 0px; color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>The Infrastructure team (Infra) was immediately notified and, in cooperation with our data center provider, attempted …</p></summary><content type="html"><p><b>July 13, 2022</b></p><p><span style='color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>At around 09:11 UTC on Tuesday, July 12th 2022, the primary mailing list server (colloquially known as <b>Hermes</b>) at The Apache Software Foundation suffered a fatal breakdown and became unresponsive.</span><br/></p><p style='margin-bottom: 0px; padding: 0px; color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>The Infrastructure team (Infra) was immediately notified and, in cooperation with our data center provider, attempted to restore services and notify the Foundation of the outage.</p><p style='margin-bottom: 0px; padding: 0px; color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>As restoring the machine to a useful state proved more difficult than we had hoped, and due to the importance of this service to the Foundation, Infra decided to "fail forward" at approximately 14:40 UTC, and migrate all affected mailing lists and accounts to the new replacement mailing list server for the Foundation (<b>mailgw</b>). We had announced the start of this migration on June 15, 2022.</p><p class="auto-cursor-target" style='margin-bottom: 0px; padding: 0px; color: rgb(23, 43, 77); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;'>At approximately 17:33 UTC the bulk of our migration operations had completed, and mail was flowing again. The team continued to address and monitor issues arising as a result of the migration, and the mailing list services were deemed fully operational at approximately 20:00 UTC.</p>
-</content><category term="blog"></category></entry><entry><title>Strengthening the Infra team</title><link href="https://infra.apache.org/blog/strengthening-the-infra-team.html" rel="alternate"></link><published>2022-06-27T12:51:54+00:00</published><updated>2022-06-27T12:51:54+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-06-27:/blog/strengthening-the-infra-team.html</id><summary type="html"><p>Since before the start of COVID-19, the Infrastructure team had one open staff position. We have been able to fill it this year with a strong addition to the team, <b>Chris Wells</b>.</p><p><i>Where do you live?</i></p><p>Birch Run, Michigan, USA. I was born in Flint, Michigan, but I have moved …</p></summary><content type="html"><p>Since before the start of COVID-19, the Infrastructure team had one open staff position. We have been able to fill it this year with a strong addition to the team, <b>Chris Wells</b>.</p><p><i>Where do you live?</i></p><p>Birch Run, Michigan, USA. I was born in Flint, Michigan, but I have moved around a bit between then and now. I lived in Southern California and Per&uacute; for a little while and attended school at Northern Michigan University in Michigan&rsquo;s Upper Peninsula. After all that, I realized that I&rsquo;ve always felt most comfortable in Mid-Michigan, so, here I am.</p><p><i>Family members?</i></p><p>A wife, four children, three cats, three budgies, and a dog.</p><p><i>What was your start date?</i><br/></p><p>January 1st, 2022</p><p><i>Where were you working before here?</i><br/></p><p>The Genesee District Library. I served as the IT Manager for the library, which is the third largest in Michigan by total population served. I used to tell people that &ldquo;if it blinked or beeped, and it stopped doing either, we would fix it.&rdquo; Across the 19 buildings of the library system our three-person team took care of public/staff workstations, phones, surveillance cameras, printers, and all the servers and networking equipment required to connect them. We also did staff training programs and liaised with outside vendors.</p><p><i>Is this your first time working as part of a remote team?</i></p><p>This is the first time I&rsquo;ve worked asynchronously with a remote team, but not the first time I&rsquo;ve worked remotely. Before working at the library I worked with a small hosting company doing sysadmin type work. While at the library I advocated for a rotating hybrid schedule (2 days onsite, 3 remote) for my team in an effort to reduce the chance of our whole department being quarantined/sick simultaneously.&nbsp;<br/></p><p><i>What was the attraction of the ASF for you?</i><br/></p><p>The ASF is the nexus point to so many projects that get used in so many places. Knowing I could help move that work along was very exciting.</p><p><i>Have you been involved in the open-source world before now?</i><br/></p><p>I have been using open-source software since the mid-90s, when I discovered Linux. I have only begun contributing to open-source projects within the last 10 years, and even those contributions were pretty minor. It feels really good to change that.</p><p><i>What do you bring to the work?&nbsp;</i></p><p>I have a strong distaste for miscommunication, so I try to be an effective communicator. Additionally, I love solving problems and helping people get the resources they need.</p><p><i>Any big surprises so far?</i><br/></p><p>I think the biggest surprise so far has been how nice it is to work in an environment where I don&rsquo;t have to know everything and the work is spread out. In my last job I managed a very small team and we were stretched pretty thin most days.</p><p><i>Will you be at ApacheCon North America 2022, and can people meet you there?</i></p><p>I am planning to attend ACNA 2022 and look forward to meeting a bunch of people.&nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>New and enhanced GitBox platform sees the light of day</title><link href="https://infra.apache.org/blog/new-and-enhanced-gitbox-platform.html" rel="alternate"></link><published>2022-04-04T07:48:50+00:00</published><updated>2022-04-04T07:48:50+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-04-04:/blog/new-and-enhanced-gitbox-platform.html</id><summary type="html"><p><span style="font-size: 14px;">As we head into April and the middle of the spring of 2022, we are pleased to announce that we have migrated our writable git repository service, gitbox.apache.org, to a new location, a new cluster of hardware bits, and a new platform. The migration took around 35 minutes …</span></p></summary><content type="html"><p><span style="font-size: 14px;">As we head into April and the middle of the spring of 2022, we are pleased to announce that we have migrated our writable git repository service, gitbox.apache.org, to a new location, a new cluster of hardware bits, and a new platform. The migration took around 35 minutes to complete, and while completely seamless and hidden to most users, it does add some new features that we have not had before, as well as redesigning some existing ones.</span></p><p><br/></p><p><span style="font-size: 18px;">New, faster hardware behind the scenes</span></p><p><span style="font-size: 18px;"><span style="font-size: 14px;">The first big change is the change in the hardware powering our services. We have more than tripled our computing performance, increased our disk read/write throughput by more than 17x, and increased our network throughput ten-fold. In basic terms, this means we can process pushes of new commit much faster, whether they originate from GitHub or are pushed directly to gitbox by a committer, both in terms of storing them, but also in terms of communicating the changes to our end-users, the developers. It also makes our service much more resilient towards high demands at peak office hours.</span></span></p><p><span style="font-size: 18px;"><br/></span></p><p><span style="font-size: 18px;">New, modern, and modular micro-services</span></p><p><span style="font-size: 14px;">While this sounds like a game of "buzzword bingo</span><span style="font-size: 14px;">", it really represents many months of careful planning and upgrading of the complex designs behind GitBox, pushing them into the very forefront of back-end synchronization setups. All of our main components (code synchronization, event notification, provenance and quality assurance communications, as well as repository and account management) have been split into distinct "pipservices", which is a term we use internally at the Apache Infrastructure Team for denoting single packages of services, or "apps", that are installed and run independently of each other. These all tie into our configuration management system, and can be enabled, tweaked/upgraded or disabled quickly and as demand dictates. This change simplifies our day-to-day workflows and allows to much easier assessment of resource consumption and aids debugging by separating both processes and security environments.</span></p><p><span style="font-size: 18px;"></span></p><p><span style="font-size: 18px;">New unified portal for all repository and account management needs</span></p><p><span style="font-size: 14px;">With GitBox version 2 we have also launched a new portal for managing repositories and accounts, called Boxer. With Boxer, our developers can link their GitHub accounts with their Apache credentials, providing them with write access to GitHub. We have removed the old, cumbersome process of linking, and replaced with a flow-based approach that instantly allows a new developer to join a team. Where the old process typically required hours of waiting for our central team management system to catch up, linking and getting slotted into the right teams can now be done in a matter of minutes, if not seconds, and requires no other action than visiting our Boxer portal on gitbox.</span></p><p><span style="font-size: 14px;"></span></p><p><span style="font-size: 18px;">Private git repositories</span></p><p><span style="font-size: 14px;">A final </span><span style="font-size: 14px;">thing we'd like to mention is the new ability for projects to use a private git repository</span><span style="font-size: 14px;"><span style="font-size: 14px;"> for issues or a more sensitive nature. Each project can now have their own private repository space, available to the entire PMC for whatever need they may find themselves in. At present, this will require asking the infrastructure team, as we'd like to work with projects to ensure the best handling of sensitive information.</span><br/></span></p><p><span style="font-size: 14px;"><br/></span></p><p><span style="font-size: 14px;">We continuously strive to better ourselves and provide state-of-the-art services and thinking, and it is our sincere hope that these upgrades will prove useful for the developers at the foundation.</span></p><p><span style="font-size: 14px;">If there are any questions on these changes, we ask that you reach out to us at users@infra.apache.org with your feedback/questions.</span></p><p><span style="font-size: 14px;"><br/></span></p><p><span style="font-size: 14px;">With warm regards and excitement,</span></p><p><span style="font-size: 14px;"><span style="font-size: 14px;">Daniel, on behalf of the Infrastructure Team at the Apache Software Foundation.</span><br/></span><br/></p>
-</content><category term="blog"></category></entry><entry><title>Even more GitHub features added to .asf.yaml</title><link href="https://infra.apache.org/blog/even-more-github-features-added.html" rel="alternate"></link><published>2020-10-21T13:35:19+00:00</published><updated>2020-10-21T13:35:19+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-10-21:/blog/even-more-github-features-added.html</id><summary type="html"><p>Available as of yesterday, more self serve features were added to the .asf.yaml toolset, based around GitHub Branch Protection.</p>
-<p>You can now add the following features :-</p><ul><li>GitHub Branch Protection Enable/Disable</li><li>Require Status Checks to pass before merging</li><li>Require Branches to be up to date before merging</li><li>Context Status …</li></ul></summary><content type="html"><p>Available as of yesterday, more self serve features were added to the .asf.yaml toolset, based around GitHub Branch Protection.</p>
-<p>You can now add the following features :-</p><ul><li>GitHub Branch Protection Enable/Disable</li><li>Require Status Checks to pass before merging</li><li>Require Branches to be up to date before merging</li><li>Context Status Checks (i.e. this build/check must pass before merging)</li><li>Require Pull Request Reviews</li><li>Dismiss Stale Pull requests</li><li>Require Code Owner Reviews</li><li>Minimum number of approvals of reviews</li><li>Require Signed Signatures on commits</li></ul><p>Some of these features, like enable/disable protection of branches and required signatures will send an email to the projects private list with details.</p><p>See this <a href="https://github.com/apache/infrastructure-puppet/pull/1678" target="_blank">PR</a> for more details on code and implementation.</p><p>Infra especially thanks Bryan Ellis (erisu) for opening the PR, providing the code and persisting all the way through a long standing PR until it was finally implemented, with tweaks by Humbedooh to see it over the finish line.<br/></p><p>See the <a href="https://infra.apache.org/asf-yaml.html" target="_blank">.asf.yaml documentation</a>.</p>
-<p>If you haven't yet discovered the joys of what .asf.yaml can do for your project, read the entire page above to be enlightened.</p><p>Enjoy self-serving these via your .asf.yaml file!</p>
-</content><category term="blog"></category></entry><entry><title>Promoting Podlings</title><link href="https://infra.apache.org/blog/promoting-podlings.html" rel="alternate"></link><published>2020-07-15T13:29:54+00:00</published><updated>2020-07-15T13:29:54+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-07-15:/blog/promoting-podlings.html</id><summary type="html"><p style="margin-bottom: 0in; line-height: 100%">The Infrastructure
-team is constantly looking for ways to do its work more quickly while
-maintaining the ASF standards of reliability, security, and
-almost-continuous availability. The more the team can speed up and
-improve standard processes that almost every project goes through,
-the better it is for the whole community …</p></summary><content type="html"><p style="margin-bottom: 0in; line-height: 100%">The Infrastructure
-team is constantly looking for ways to do its work more quickly while
-maintaining the ASF standards of reliability, security, and
-almost-continuous availability. The more the team can speed up and
-improve standard processes that almost every project goes through,
-the better it is for the whole community.<br/></p><p style="margin-bottom: 0in; line-height: 100%">&nbsp; &nbsp;As an example,
-when a project starts out with the ASF, it normally begins as a
-&ldquo;podling&rdquo; in the ASF incubator. Here it can start to create its
-code, standard practices, and work methods in a development sandbox.
-</p><p style="margin-bottom: 0in; line-height: 100%">&nbsp; &nbsp;Once the project
-develops a large-enough community of committers and contributors, and
-seems to be viable, it can request promotion to top-level-project
-(TLP) status. This is a great moment for the project and for the ASF,
-but it also used to involve a considerable amount of work for Infra.<br/></p><p style="margin-bottom: 0in; line-height: 100%">&nbsp; &nbsp;Infra Administrator
-Greg Stein recalls that, at the beginning, the promotion &ldquo;process&rdquo;
-was no more than a checklist of about thirty &ldquo;fiddly steps&rdquo;, each
-of which required someone to do one or several manual tasks during
-which any number of things could go wrong. It was considered great
-progress when the checklist reduced to twenty manual steps.<br/></p><p style="margin-bottom: 0in; line-height: 100%">&nbsp; &nbsp;Significant
-improvements included simplifications of tasks related to mailing
-lists in 2010 and LDAP simplifications in 2016, but even as recently
-as 2017 the promotion process involved an Infra team member&rsquo;s
-engagement in many steps over the course of two or three hours. This
-is what each component required for the promotion of Apache Ranger
-that year:<br/></p><p style="margin-bottom: 0in; line-height: 100%"><br/>
-</p><p style="margin-bottom: 0in; line-height: 100%">
-<a href="https://blogs.apache.org/infra/mediaresource/2fbf5326-1e4b-4dfa-a565-f81fb3028357"><img alt="promote2017.png" src="https://blogs.apache.org/infra/mediaresource/2fbf5326-1e4b-4dfa-a565-f81fb3028357?t=true" style="width: 25%;"/></a><br/>
-</p><p style="margin-bottom: 0in; line-height: 100%"><br/>
-</p><p style="margin-bottom: 0in; line-height: 100%">Between then and now
-the team has improved automation of the various steps, especially
-with the introduction of <a href="https://cwiki.apache.org/confluence/display/INFRA/git+-+.asf.yaml+features" target="_blank">asf.yaml</a>&nbsp;configuration files to simplify publishing project websites. In
-2020 the same promotion process, for Apache ShardingSphere, took a
-grand total of <b>four minutes</b>:</p><p style="margin-bottom: 0in; line-height: 100%"><br/></p><p style="margin-bottom: 0in; line-height: 100%"><a href="https://blogs.apache.org/infra/mediaresource/53eb7318-305c-4ace-831e-c0bfd6a679b4"><img alt="promote2020.png" src="https://blogs.apache.org/infra/mediaresource/53eb7318-305c-4ace-831e-c0bfd6a679b4?t=true" style="width: 25%;"/></a><br/>
-</p><p style="margin-bottom: 0in; line-height: 100%">
-<br/>
-</p><p style="margin-bottom: 0in; line-height: 100%">Infra member Daniel
-Gruno says, &ldquo;The majority of the work is just a click of a button
-by the ASF secretary nowadays, and then the few remaining bits can
-take between five and sixty minutes to complete.&rdquo; That range
-reflects the fact that no two projects have the same profile, system
-requirements, and performance expectations.</p><p style="margin-bottom: 0in; line-height: 100%">&nbsp; &nbsp;These improvements
-in the podling promotion process are a good reminder of how important
-it can be to take the time to &ldquo;sharpen the saw.&rdquo;</p>
-</content><category term="blog"></category></entry><entry><title>New notification scheme features for git repositories</title><link href="https://infra.apache.org/blog/new-notification-scheme-features-for.html" rel="alternate"></link><published>2020-04-19T22:50:14+00:00</published><updated>2020-04-19T22:50:14+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-04-19:/blog/new-notification-scheme-features-for.html</id><summary type="html"><p>Today, ASF Infra launched new features for projects wishing to update their notification schemes for git/github activity on their own.</p>
-<p>Via the <a href="https://infra.apache.org/asf-yaml.html" target="_blank">.asf.yaml</a> file, projects can now define notification schemes for their repositories, including targets for commit emails, GitHub events, and Jira notification options.</p>
-<p>Along with this notification …</p></summary><content type="html"><p>Today, ASF Infra launched new features for projects wishing to update their notification schemes for git/github activity on their own.</p>
-<p>Via the <a href="https://infra.apache.org/asf-yaml.html" target="_blank">.asf.yaml</a> file, projects can now define notification schemes for their repositories, including targets for commit emails, GitHub events, and Jira notification options.</p>
-<p>Along with this notification scheme feature, we have also launched some corrective measures for repositories where github activity did not result in proper relaying to our mailing lists, so some projects may start seeing event messages that did not appear before. Furthermore, we are now combining review comments into single emails, to lessen the load in your inbox.</p><p><br/></p><p>With regards,</p><p>The ASF Infrastructure Team.<br/></p>
-</content><category term="blog"></category></entry><entry><title>More secure and robust downloads</title><link href="https://infra.apache.org/blog/more-secure-and-robust-downloads.html" rel="alternate"></link><published>2020-03-04T15:43:06+00:00</published><updated>2020-03-04T15:43:06+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-03-04:/blog/more-secure-and-robust-downloads.html</id><summary type="html"><p><i>Infra member Daniel Gruno writes</i>:</p><p>To better provide our millions of users with downloads, the Apache Infrastructure Team has been restructuring the way downloads work for our main distribution channels over the past few weeks. For users, this will largely go unnoticed, and for projects likely the same; but we …</p></summary><content type="html"><p><i>Infra member Daniel Gruno writes</i>:</p><p>To better provide our millions of users with downloads, the Apache Infrastructure Team has been restructuring the way downloads work for our main distribution channels over the past few weeks. For users, this will largely go unnoticed, and for projects likely the same; but we did want to mention the changes we've made:</p><p>As of March, 2020, we are deprecating www.apache.org/dist/ in favor of https://downloads.apache.org/ for backup downloads as well as signature and checksum verification. The primary driver has been splitting up web site visits and downloads to gain better control and offer a better service for both downloads and web site visits.</p><p>This does not impact end-users, and should have a minimal impact on projects, as our download selectors as well as visits to www.apache.org/dist/ have been adjusted to make use of downloads.apache.org instead. We are asking that projects, in their own time-frame, change references on their own web sites from www.apache.org/dist/ to downloads.apache.org wherever such references may exist, to complete the switch in full. We will <b>not </b>be turning off www.apache.org/dist/ in the near future, but would greatly appreciate if projects could help us transition away from the old URLs in their documentation and on their download pages.<br/></p><p>The <a href="https://www.apache.org/legal/release-policy.html#upload-ci" target="_blank">standard way of uploading releases</a>&nbsp;will still apply, however there may be a short delay (&lt;= 15 minutes) for technical reasons between the release and when releases show up on downloads.apache.org.<br/></p><p>If you have any questions about this change, please do not hesitate to reach out to us at users@infra.apache.org.<br/></p><p style="text-align: right; ">With regards,<br/></p><p style="text-align: right; ">Daniel on behalf of ASF Infrastructure</p>
-</content><category term="blog"></category></entry><entry><title>Welcome to Roller 6.0!</title><link href="https://infra.apache.org/blog/welcome-to-roller-6-0.html" rel="alternate"></link><published>2020-02-25T22:16:59+00:00</published><updated>2020-02-25T22:16:59+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-02-25:/blog/welcome-to-roller-6-0.html</id><content type="html"><hr/>
-**Note**: Until June, 2023, the ASF supported using Apache Roller for project blogs. That support has ended. Please visit <a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a> for more information about blogs for projects.
-<hr/>
-<p>After some bumpy DNS issues, Roller 6.0 is live!<br/></p>
-</content><category term="blog"></category></entry><entry><title>index</title><link href="https://infra.apache.org/blog/index.html" rel="alternate"></link><published>2020-02-02T00:00:00+00:00</published><updated>2020-02-02T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-02-02:/blog/index.html</id><content type="html"><p>Date: '2020-02-02'</p>
-</content><category term="blog"></category></entry><entry><title>Another oar in the water</title><link href="https://infra.apache.org/blog/another-oar-in-the-water.html" rel="alternate"></link><published>2020-01-05T18:54:30+00:00</published><updated>2020-01-05T18:54:30+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-01-05:/blog/another-oar-in-the-water.html</id><summary type="html"><p>
-The Infrastructure team (Infra) works behind the scenes to make it possible for Apache's galaxy of committers to do the cool stuff they do, and for the open-source world to get, use, and rely on applications Apache projects produce. Infra supports additions to code repositories, a constant stream of conversation …</p></summary><content type="html"><p>
-The Infrastructure team (Infra) works behind the scenes to make it possible for Apache's galaxy of committers to do the cool stuff they do, and for the open-source world to get, use, and rely on applications Apache projects produce. Infra supports additions to code repositories, a constant stream of conversation among project committers and contributors, and about 100 terabytes a month of software downloads.</p>
-<p>Infra provides not just services, but knowledge. Infra's team and project committers rely on clear and accurate documentation about everything from how to update personal information to how to keep the Apache servers online, secure, and speedy.</p>
-<p>Over 20 years of work, however, Infra has built up a substantial quantity of documentation that may be hard for its intended audience to find, out of date, or no longer relevant. So, in December, 2019, the ASF hired Andrew Wetmore as a part-time <strong>Technical Writer-Editor.</strong>&nbsp;His job is to curate the existing documentation and, in coordination with the rest of the Infra team and the wider ASF community, extend and improve it.</p>
-<p>Andrew is a member of the PMC of <a href="https://royale.apache.org/" target="_blank" title="Apache Royale">Apache Royale</a>, and spent fifteen years leading QA and documentation teams for software projects ranging from kitchen-table startups to major corporations. He lives in rural Nova Scotia, on the east coast of Canada, where he is the editor of a small publishing house.</p>
-</content><category term="blog"></category></entry><entry><title>Subversion-to-Git service (git.apache.org) post mortem, and the path forward</title><link href="https://infra.apache.org/blog/subversion-to-git-service-git.html" rel="alternate"></link><published>2019-09-10T21:36:35+00:00</published><updated>2019-09-10T21:36:35+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2019-09-10:/blog/subversion-to-git-service-git.html</id><summary type="html"><h2>What happened<br/></h2>
-<p>On August 31st 2019, the machine hosting our subversion-to-git mirrors and synchronization process for GitHub suffered a catastrophic drive error due to a power failure at our data center in Virginia. The power failure was, unfortunately, of such a nature, that recovering the disk data was not possible …</p></summary><content type="html"><h2>What happened<br/></h2>
-<p>On August 31st 2019, the machine hosting our subversion-to-git mirrors and synchronization process for GitHub suffered a catastrophic drive error due to a power failure at our data center in Virginia. The power failure was, unfortunately, of such a nature, that recovering the disk data was not possible. Four days into the failure, on September 4th 2019, we received confirmation from the data center that the data redundancy had also failed, meaning we had no measure of restoring to a new disk.</p>
-<h2>What this means right now</h2>
-<p> Currently, all GitHub mirrors that originate in subversion, and thus relied on this service, are not being synchronized with their subversion source. As git relies on on-disk subversion meta-data, as opposed to in-repo, we are not able to obtain the meta-data and continue synchronizing unless a full recreation of the mirrors is performed. This means starting from the first revision in any given subversion repository and working towards the most current one, a process that may well take a few days or weeks, depending on the size of the repository (by number of commits) and the number of running jobs at that time.<br/></p>
-<h2>What we intend to do, going forward </h2>
-<p>Our most immediate action has been to revisit off-site backup strategies to ensure that our services are as resilient as possible, as well as re-assess and re-categorize various machines with regards to backup strategies.</p>
-<p>With backups revisited, and on the more long-term side of things, discussions have been centered around what we want to offer, and how that will shape our design of the system. We want to balance the need for features against robustness and speed at the core of the service, as well as perform some fall cleaning of the service, and as such, the Infrastructure team has decided to restart the service with a blank slate, incorporating features as the needs arise and are discussed. We will also be reaching out to the projects with subversion-to-git mirrors currently on GitHub, and ask for a positive confirmation that they wish to continue with this service, so as to clean up the number of repositories that are no longer in use. We are also redesigning the core service, coupling it tighter with our subversion offerings. <br/></p>
-<p>We estimate the git mirror service to be revamped and rebooted in a matter of weeks, as cycles allow (this is occurring in tandem with other service upgrades, which puts the timeline somewhat into the future), and will add mirror repositories on an ad-hoc basis as requests come in.</p>
-<h2>Notable changes to service offering</h2>
-<p>As we are starting with a blank slate, please be advised of the following changes to the service as it starts back up:</p>
-<ul>
-<li>There will no longer be a <a href="http://git.apache.org">git.apache.org</a>&nbsp; URL for git mirrors, to lessen the confusion with <a href="http://gitbox.apache.org">gitbox.apache.org.</a>&nbsp; Projects wishing to point to a git copy of their subversion repository should use their respective GitHub URLs.</li>
-<li>Repositories are re-created from scratch. As such, it may take days from a recreation is started till the sync process begins to kick in.</li>
-</ul>
-</content><category term="blog"></category></entry><entry><title>Apache and GitHub - a friendly PSA about awesomeness</title><link href="https://infra.apache.org/blog/apache-and-github-a-friendly.html" rel="alternate"></link><published>2019-04-30T01:08:58+00:00</published><updated>2019-04-30T01:08:58+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2019-04-30:/blog/apache-and-github-a-friendly.html</id><summary type="html"><p> <em>With the <a href="https://blogs.apache.org/foundation/entry/the-apache-software-foundation-expands">news of the Apache Software Foundation teaming up more closely with GitHub</a>, we feel it natural to elaborate a bit on what has been going on and what this means for you as a committer and/or user of Apache software.</em><br/><br/> </p>
-<h2>A little bit of history</h2>The Apache …</summary><content type="html"><p> <em>With the <a href="https://blogs.apache.org/foundation/entry/the-apache-software-foundation-expands">news of the Apache Software Foundation teaming up more closely with GitHub</a>, we feel it natural to elaborate a bit on what has been going on and what this means for you as a committer and/or user of Apache software.</em><br/><br/> </p>
-<h2>A little bit of history</h2>The Apache Software Foundation started experimenting with git as a source code repository system in 2008, and ventured into GitHub in 2010, where we were graciously offered whatever resources we needed.<br/><br/>At first, this was merely a mirror of our existing git and subversion repositories, but as time went on, and projects expressed an interest in utilizing the many user-friendly features of GitHub, we started work on enabling projects to make proper use of GitHub some three years ago in the middle of 2016. This project, aptly named `gitbox`, ensured that committers could make full use of the GitHub features, while we kept a place within our own infrastructure for people inclined to continue using our infrastructure for their work. As git is decentralized by its very nature, we were able to use GitHub to augment rather than replace our git workflow, bringing our software development to the millions of users on GitHub in addition to the existing Apache community and committers, on a case-by-case basis.<br/><br/>In 2018, we made the decision to combine the two different git service offerings we had into one service, allowing all Apache projects to use GitHub if they so desired. Before then, we had two distinct git services: gitbox and git-wip-us, the initial git service that had been available since 2010. We coordinated the move from git-wip to gitbox with the various Apache projects, and in early 2019 we had migrated all projects to the new service, enabling GitHub features for all git-based Apache projects.<br/><br/>With Microsoft's acquisition of GitHub in 2018, and their commitment to help strengthen open source development, we have received additional resources to help lower the bar for contributions, and we'd like to thank GitHub for their support of the Apache Software Foundation through all nine years of using their platform.<br/><br/>
-<h2>What this means for you as a committer</h2><br/>As stated above, our GitHub integration is an augmentation of our existing service. It is available to all committers on git-based projects to make use of, should they so wish. All new git repositories will automatically be available on both GitHub and Gitbox.<br/><br/>For those wishing to take full advantage of GitHub's features, one can link their GitHub and Apache accounts through <a href="https://gitbox.apache.org/setup/">https://gitbox.apache.org/setup/</a> which will grant their GitHub account write access to the repositories you'd traditionally have access to at Apache.<br/><br/>People that wish to continue using their Apache committer accounts to commit code may continue doing so on gitbox.apache.org with their Apache credentials. Nothing has changed in that respect.<br/><br/>As Apache is a very email-centered organization, all GitHub activity is naturally linked to our mailing lists to ensure the same level of openness in the development of our software.<br/><br/>
-<h2>What this means for you as a user of Apache software</h2>
-<p><br/>For many projects, the move to GitHub means a lower bar to both contributing as well as troubleshooting and submitting issues to the projects, through the GitHub issue and pull request features.<br/><br/>Our commitment to provenance, quality and open governance remains the same, and with our tight integration with GitHub through our linked account service, we are able to bring what made Apache a mark of quality to the many users and contributors on GitHub.</p>
-<p><br/></p>
-<p> </p>
-<p>As always, if you have any questions, comments, remarks or feedback about this, we welcome you to reach out to the Apache Infrastructure Team at: <a href="mailto:users@infra.apache.org">users@infra.apache.org</a> <br/></p>
-</content><category term="blog"></category></entry><entry><title>Rate-limiting on Apache services</title><link href="https://infra.apache.org/blog/rate-limiting-on-apache-services.html" rel="alternate"></link><published>2019-01-27T18:20:54+00:00</published><updated>2019-01-27T18:20:54+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2019-01-27:/blog/rate-limiting-on-apache-services.html</id><summary type="html"><p>Over the past few days we have implemented rate limiting on selected services across the ASF.</p>
-<p>As our foundation grows, so do the number of users and robots utilizing our services. In order to accommodate as many as possible with what resources we have, we have opted to implement rate-limiting …</p></summary><content type="html"><p>Over the past few days we have implemented rate limiting on selected services across the ASF.</p>
-<p>As our foundation grows, so do the number of users and robots utilizing our services. In order to accommodate as many as possible with what resources we have, we have opted to implement rate-limiting to ensure that everyone can get their fair share of use of our services across the globe. The first services to have rate-limiting implemented are:</p>
-<ul>
-<li>JIRA (issues.apache.org)</li>
-<li>MoinMoin Wiki (wiki.apache.org)</li>
-<li>BugZilla (bz.apache.org)</li>
-</ul>
-<div><br/></div>
-<h3>If you are a normal user of our services:</h3>This very likely will never affect you, and you can go about your business just like normal :) If you DO experience errors or 429 (rate limited) response codes, please do let us know.<br/><br/>
-<h3>If you are a robot or otherwise automated tool:</h3>
-<p>There are now limits in place for how much CPU time you can use, varying from service to service. If you get limited, you will receive a HTTP 429 response instead of the normal 200, and a short text blob will explain that you have crossed our resource limits and have been rate-limited. It will also explain why, and when you can expect to be unblocked again (generally within two minutes time). Scrapers, bots etc using our services should check for a 429 response code and act accordingly (or just slow down the discovery pace in general, as that benefits all of us).</p>
-<p> </p>
-<h3>A general note about the rate limiting system, now and in the future:<br/></h3>
-<p>Rate limits are applied across IP blocks to discourage distributed abuse, thus if you have 1.2.3.4 abusing a service, 1.2.3.5 would potentially also be affected by the rate limits till they expire.</p>
-<p>Later this year, we will be rolling out rate limits on more services, and we encourage people automating tasks to honor the 429 responses across all ASF services.</p>
-<p>We would also like to point out that there are, as before, additional global limits in place regarding the use of our services, which can be found at: <a href="http://www.apache.org/dev/infra-ban.html">https://www.apache.org/dev/infra-ban.html</a> <br/></p>
-</content><category term="blog"></category></entry><entry><title>Roller updated to 5.2.2</title><link href="https://infra.apache.org/blog/roller-updated-to-5-2.html" rel="alternate"></link><published>2019-01-10T05:08:48+00:00</published><updated>2019-01-10T05:08:48+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2019-01-10:/blog/roller-updated-to-5-2.html</id><content type="html"><hr/>
-**Note**: Until June, 2023, the ASF supported using Apache Roller for project blogs. That support has ended. Please visit <a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a> for more information about blogs for projects.
-<hr/>
-<p>We've updated blogs.a.o to the latest version of Roller, 5.2.2!!</p>
-<p> </p>
-<p> </p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>Relocation of Apache git repositories on git-wip-us.apache.org to gitbox.apache.org</title><link href="https://infra.apache.org/blog/relocation-of-apache-git-repositories.html" rel="alternate"></link><published>2018-12-07T17:33:33+00:00</published><updated>2018-12-07T17:33:33+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2018-12-07:/blog/relocation-of-apache-git-repositories.html</id><summary type="html"><p>[IF YOUR PROJECT DOES NOT HAVE GIT REPOSITORIES ON GIT-WIP-US PLEASE DISREGARD THIS POST]<br/><br/>Hello Apache projects,<br/><br/>I am writing to you because you may have git repositories on the git-wip-us server, which is slated to be decommissioned in the coming months. All repositories will be moved to the new …</p></summary><content type="html"><p>[IF YOUR PROJECT DOES NOT HAVE GIT REPOSITORIES ON GIT-WIP-US PLEASE DISREGARD THIS POST]<br/><br/>Hello Apache projects,<br/><br/>I am writing to you because you may have git repositories on the git-wip-us server, which is slated to be decommissioned in the coming months. All repositories will be moved to the new gitbox service which includes direct write access on github as well as the standard ASF commit access via gitbox.apache.org.</p>
-<p><strong>Why this move?</strong><br/>The move comes as a result of retiring the git-wip service, as the hardware it runs on is longing for retirement. In lieu of this, we have decided to consolidate the two services (git-wip and gitbox), to ease the management of our repository systems and future-proof the underlying hardware. The move is fully automated, and ideally, nothing will change in your workflow other than added features and access to GitHub.<br/></p>
-<p><strong>Timeframe for relocation</strong><br/>Initially, we are asking that projects voluntarily request to move their repositories to gitbox. The voluntary time frame is between now and January 9th 2019, during which projects are free to either move over to gitbox or stay put on git-wip. After this phase, we will be requiring the remaining projects to move within one month, after which we will move the remaining projects over.<br/><br/>To have your project moved in this initial phase, you will need:<br/></p>
-<ul>
-<li>Consensus in the project (documented via the mailing list)</li>
-<li>File a JIRA ticket with INFRA to voluntarily move your project repos over to gitbox (as stated, this is highly automated and will take between a minute and an hour, depending on the size and number of your repositories)<br/></li>
-</ul>
-<p>To sum up the preliminary timeline;<span style="background-color: #02ff00;"></span></p>
-<ul>
-<li><span style="background-color: #02ff00;">December 9th 2018 -&gt; January 9th 2019: Voluntary (coordinated) relocation</span></li>
-<li><span style="background-color: #ffff00;">January 9th -&gt; February 6th: Mandated (coordinated) relocation</span></li>
-<li><span style="background-color: #ff0000;">February 7th: All remaining repositories are mass migrated</span></li>
-</ul>
-<p><br/>This timeline may change to accommodate various scenarios.<br/></p>
-<p><strong>Using GitHub with ASF repositories</strong><br/>When your project has moved, you are free to use either the ASF repository system (gitbox.apache.org) OR GitHub for your development and code pushes. To be able to use GitHub, please follow the primer at: <a href="https://reference.apache.org/committer/github">https://reference.apache.org/committer/github</a> We appreciate your understanding of this issue, and hope that your project can coordinate voluntarily moving your repositories in a timely manner.<br/><br/>All settings, such as commit mail targets, issue linking, PR notification schemes etc will automatically be migrated to gitbox as well.<br/></p>
-</content><category term="blog"></category></entry><entry><title>Position Available: Infrastructure Systems Administrator</title><link href="https://infra.apache.org/blog/position-available-infrastructure-systems-administrator.html" rel="alternate"></link><published>2018-09-17T07:55:22+00:00</published><updated>2018-09-17T07:55:22+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2018-09-17:/blog/position-available-infrastructure-systems-administrator.html</id><summary type="html"><h4><strong>UPDATE</strong>: &nbsp;We have received enough applicants at this time. Thank you all for your interest.&nbsp; <br/></h4>
-<p>The Apache Software Foundation (ASF) seeks to fill an Infrastructure Systems Administrator position. You will be responsible for working with the existing technical infrastructure team.&nbsp; The ASF manages a world-wide network of open source software …</p></summary><content type="html"><h4><strong>UPDATE</strong>: &nbsp;We have received enough applicants at this time. Thank you all for your interest.&nbsp; <br/></h4>
-<p>The Apache Software Foundation (ASF) seeks to fill an Infrastructure Systems Administrator position. You will be responsible for working with the existing technical infrastructure team.&nbsp; The ASF manages a world-wide network of open source software which includes more than 1600 software code repositories, a worldwide distribution and mirroring system for software, change management, issue tracking, and software management for 300+ open source initiatives and over 10,000 contributors around the world.<br/><br/>Applicants should have a strong background in Computer and Information Science, and should be familiar with modern DevOps environments. Applicants must demonstrate the ability to work in a remote team environment alongside others working in diverse locations around the world and in different timezones. The successful applicant will work with the existing Infrastructure team to manage the ASF's critical infrastructure and resources. Infrastructure team members are expected to work a weekly on-call rotation with the rest of the team.<br/><br/>Our infrastructure team also supports our broader community by enabling the creation of self-service tooling. The successful candidate will be able to balance the needs of our critical infrastructure and the needs of our community to self-serve. These two demands can often be in conflict and thus an ability to navigate such complex environments is a distinct advantage.<br/><br/>Familiarity with Puppet (or a similar configuration management tool) Linux (Ubuntu-based), Virtual Machines, Subversion/Git, Python, and full development environment stacks are a requirement. Further, the candidate should possess great documentation skills and should be well versed in not only developing and assisting in technical solutions, but in documenting them.<br/><br/>Daily tasks will include handling of alarms, outages, and security concerns on a timely basis; working with our many communities on their needs and issues; managing tickets on a timely basis; rolling out and upgrading services; reducing our large technical debt; and maintaining a professional and collegial atmosphere. The team coordinates primarily through daily chat usage, weekly meetings, and email. Social skills and ability to integrate closely with the team are expected.<br/><br/>Preferred qualifications include a Bachelor's Degree in Computer Science or similar background from an accredited university, though demonstrable and appropriate on-the-job experience is an acceptable substitute for formal qualifications. Familiarity with how open source communities work is a definite positive.<br/><br/>English as a spoken and written language is required in order to facilitate team collaboration.<br/><br/>This is a remote work position, the ASF does not require nor provide office locations. Travel once per year is required, for a team meetup and will typically be coincident with an Apache conference.<br/><br/> </p>
-</content><category term="blog"></category></entry><entry><title>Bringing GitPubSub to the Apache Jenkins build server</title><link href="https://infra.apache.org/blog/bringing-gitpubsub-to-the-apache.html" rel="alternate"></link><published>2017-03-26T01:07:08+00:00</published><updated>2017-03-26T01:07:08+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2017-03-26:/blog/bringing-gitpubsub-to-the-apache.html</id><summary type="html"><p>
-When it comes to <a href="#Jenkins">[Jenkins</a>], it has long been known that [polling must die].
-</p>
-<p>While we could go and create post commit hooks in all the ASF hosted Git repositories, that is something that realistically is just creating an added maintenance burden.
-<p>In any case, we have [GitPubSub]. </p></p>
-<p>The question …</p></summary><content type="html"><p>
-When it comes to <a href="#Jenkins">[Jenkins</a>], it has long been known that [polling must die].
-</p>
-<p>While we could go and create post commit hooks in all the ASF hosted Git repositories, that is something that realistically is just creating an added maintenance burden.
-<p>In any case, we have [GitPubSub]. </p></p>
-<p>The question then becomes, how do we integrate [GitPubSub] with [Jenkins]?
-<p>Thankfully, ASF committer stephenc is also an active committer to the [Jenkins] project and created a [plugin] that connects to [GitPubSub] parses the events and passes them through to the Jenkins [SCM API].</p>
-</p>
-<p>
-What does this mean?
-</p>
-<p>* You can turn your Git polling down - way way down - to something like once per day.
-This should significantly reduce the load on both the ASF git servers and builds.apache.org<br/>* Your builds will be triggered in seconds rather than having to wait for the next polling run.<br/>* You can try out using Multi-branch projects much like the [Maven] project has been doing for [Maven core] and [Maven Surefire]
-</p>
-<p>
-If the reaction to this change proves positive, the next step will be to integrate SvnPubSub with Jenkins and bring the benefits to the Subversion based projects too
- </p>
-<p> </p>
-<p>See also this blog post by Stephen Connolly:</p>
-<p> <a href="https://www.cloudbees.com/blog/using-multi-branch-pipelines-apache-maven-project">https://www.cloudbees.com/blog/using-multi-branch-pipelines-apache-maven-project</a><br/></p>
-<p>[polling must die]: http://kohsuke.org/2011/12/01/polling-must-die-triggering-jenkins-builds-from-a-git-hook/<br/>[GitPubSub]: https://www.apache.org/dev/gitpubsub.html
-<br/> <a name="Jenkins">[Jenkins]</a>: https://jenkins.io/
- <br/>[plugin]: https://github.com/stephenc/asf-gitpubsub-jenkins-plugin
- <br/>[SCM API]: https://plugins.jenkins.io/scm-api
- <br/>[Maven]: https://maven.apache.org
- <br/>[Maven core]: https://builds.apache.org/job/maven-3.x-jenkinsfile/
-<br/> [Maven Surefire]: https://builds.apache.org/job/maven-surefire-pipeline/
-</p>
-<p>Posted on behalf of Committer Stephen Connolly (stephenc)
-</p>
-</content><category term="blog"></category></entry><entry><title>blogs.a.o moved, upgraded and improved</title><link href="https://infra.apache.org/blog/blogs-a-o-moved-upgraded.html" rel="alternate"></link><published>2017-01-01T08:06:46+00:00</published><updated>2017-01-01T08:06:46+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2017-01-01:/blog/blogs-a-o-moved-upgraded.html</id><summary type="html"><p>Hi All,</p>
-<p> <a href="https://blogs.apache.org" title="blogs.apache.org main site">blogs.apache.org</a> &nbsp; - the site you are reading now! has had a bit of an update.<br/></p>
-<p> </p>
-<p>1. We moved it from an aged VM Host to the Cloud (thanks LeaseWeb!)</p>
-<p>2. We puppetised the entire service, from install to deploy (see our <a href="https://github.com/apache/infrastructure-puppet/tree/deployment/modules/blogs_asf" title="GitHub Mirror of infrastructure-puppet">GitHub</a> Mirror )</p>
-<p>3. We upgraded the …</p></summary><content type="html"><p>Hi All,</p>
-<p> <a href="https://blogs.apache.org" title="blogs.apache.org main site">blogs.apache.org</a> &nbsp; - the site you are reading now! has had a bit of an update.<br/></p>
-<p> </p>
-<p>1. We moved it from an aged VM Host to the Cloud (thanks LeaseWeb!)</p>
-<p>2. We puppetised the entire service, from install to deploy (see our <a href="https://github.com/apache/infrastructure-puppet/tree/deployment/modules/blogs_asf" title="GitHub Mirror of infrastructure-puppet">GitHub</a> Mirror )</p>
-<p>3. We upgraded the Apache Roller software from 5.0.3 to the latest 5.1.2</p>
-<p>4. We enabled LDAP for logins. That's right! Every single ASF Committer can now just login! No more creating an INFRA Jira ticket just to get a Roller account on <a href="http://blogs.apache.org">blogs.apache.org</a></p>
-<p> Other stuff remains the same - meaning if you are a Blog Administrator you still need to invite committers into your blog, you still need to choose to make them an Author or Admin etc - Roller doesn't support anything more than login auth for LDAP currently - but I bet the <a href="https://roller.apache.org" title="roller project website">project</a> would love to see the LDAP integration extended and improved if you feel the need!.</p>
-<p>Anyhow, our first new year present to our ASF Committers, a shiny updated blog instance,</p>
-<p>&nbsp;Enjoy, and have a great 2017!!<br/></p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>Position Available: Infrastructure Systems Administrator Architect</title><link href="https://infra.apache.org/blog/position_available_infrastructure_systems_administrator.html" rel="alternate"></link><published>2016-07-25T20:07:36+00:00</published><updated>2016-07-25T20:07:36+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2016-07-25:/blog/position_available_infrastructure_systems_administrator.html</id><summary type="html"><p><font size="5"><b>UPDATE</b>: &nbsp;We have received enough applicants at this time. Thank you all for your interest.&nbsp;</font></p>
-<div>
-<p>The Apache Software Foundation (ASF) seeks to fill an Infrastructure Systems Administrator/Architect position. You will be responsible for working with the existing technical infrastructure team, and VP of Infrastructure at the Apache Software Foundation …</p></div></summary><content type="html"><p><font size="5"><b>UPDATE</b>: &nbsp;We have received enough applicants at this time. Thank you all for your interest.&nbsp;</font></p>
-<div>
-<p>The Apache Software Foundation (ASF) seeks to fill an Infrastructure Systems Administrator/Architect position. You will be responsible for working with the existing technical infrastructure team, and VP of Infrastructure at the Apache Software Foundation. The ASF manages a world-wide network of open source software which includes more than 750 software code repositories, a worldwide distribution and mirroring system for software; change management, issue tracking, and software management for 300+ Open Source initiatives and more than 11,000 contributors around the world.</p>
-</div>
-<div><br/></div>
-<div>Applicants should have a strong background in Computer and Information Science, and should be familiar with modern Dev/Ops environments. Applicants must demonstrate the ability to work in a remote team environment alongside others working in diverse locations around the world and in different timezones. The successful applicant will work with the existing Infrastructure team and VP, Infrastructure to manage the ASF's critical infrastructure and resources. Infrastructure team members are expected to work an on-call rotation with the rest of the team.</div>
-<div><br/></div>
-<div>Our infrastructure team also supports our broader community by enabling the creation of self-service tooling. The successful candidate will be able to balance the needs of our critical infrastructure and the needs of our community to self-serve. These two demands can often be in conflict and thus an ability to navigate such complex environments is a distinct advantage.</div>
-<div><br/></div>
-<div>Familiarity with Puppet (or a similar configuration management tool) Linux (Debian-based), Virtual Machines, Subversion/Git and full development environment stacks are a requirement. Further, the candidate should possess great documentation skills and should be well versed in not only developing and assisting in technical solutions, but in documenting them.</div>
-<div><br/></div>
-<div>Preferred qualifications include a Bachelor's Degree in Computer Science or similar background from an accredited university, though demonstrable and appropriate on-the-job experience is an acceptable substitute for formal qualifications. Familiarity with how open source communities work is a plus.</div>
-<div><br/></div>
-<div>English as a spoken and written language is required in order to facilitate team collaboration.</div>
-<div><br/></div>
-<div>This is a remote work position, the ASF does not require nor provide office locations. Travel required for conferences and general team meetups.</div>
-<p>Contact <a href="mailto:vp-infra@apache.org">vp-infra@apache.org</a> with your CV.</p>
-</content><category term="blog"></category></entry><entry><title>ASF JIRA Outages and Troubleshooting</title><link href="https://infra.apache.org/blog/continued_outages_for_the_asf.html" rel="alternate"></link><published>2016-06-30T16:25:30+00:00</published><updated>2016-06-30T16:25:30+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2016-06-30:/blog/continued_outages_for_the_asf.html</id><summary type="html"><p>As people have noticed, our JIRA instance (arguably the largest public instance in the world) has been suffering from a yet unknown issue as of late.&nbsp;We are reasonably sure that this is related to specific queries being made against the instance (possibly automated queries from scrapers), but have yet …</p></summary><content type="html"><p>As people have noticed, our JIRA instance (arguably the largest public instance in the world) has been suffering from a yet unknown issue as of late.&nbsp;We are reasonably sure that this is related to specific queries being made against the instance (possibly automated queries from scrapers), but have yet to identify the exact cause of the problem.</p>
-<p>The failure condition arises when the database connection pool is exhausted, despite being configured and sized appropriately. These connections all appear idle, but when the pool is full, no new connections can be established, and the instance falls over, requiring a restart.&nbsp;</p>
-<p>We are working closely with Atlassian, the creator of JIRA, to remedy the situation. Unfortunately, this requires running diagnostics on the production JIRA instance, which in and of itself causes performance degradation and downtime. Over the past several days, we've identified and implemented some changes to the pool parameters which we hope will help stabilize the instance while we continue our diagnostic work.</p>
-<p>We expect that there may still be some moments of downtime and occasional restarts. Any longer duration outages will be announced via Twitter/infrabot and status.apache.org.</p>
-</content><category term="blog"></category></entry><entry><title>AppVeyor CI now available for GitHub Mirrors</title><link href="https://infra.apache.org/blog/appveyor_ci_now_available_for.html" rel="alternate"></link><published>2016-02-12T19:45:06+00:00</published><updated>2016-02-12T19:45:06+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2016-02-12:/blog/appveyor_ci_now_available_for.html</id><summary type="html"><p><span style="font-stretch: normal;">The ASF Infrastructure team is happy to announce that projects can how have AppVeyor CI setup on their GitHub mirrors.</span></p>
-<p>&nbsp;The only thing you need to do is create an INFRA ticket at <a href="https://issues.apache.org/jira/browse/INFRA/">issues.apache.org</a> with the following information:</p>
-<ul>
-<li>Repo Name</li>
-<li>Mailing list to send build notifications to (optional …</li></ul></summary><content type="html"><p><span style="font-stretch: normal;">The ASF Infrastructure team is happy to announce that projects can how have AppVeyor CI setup on their GitHub mirrors.</span></p>
-<p>&nbsp;The only thing you need to do is create an INFRA ticket at <a href="https://issues.apache.org/jira/browse/INFRA/">issues.apache.org</a> with the following information:</p>
-<ul>
-<li>Repo Name</li>
-<li>Mailing list to send build notifications to (optional)</li>
-</ul>
-<p>There are already a few projects using AppVeyor on their GitHub mirror, and we now have an Organization role account for central management (and I have gone through an updated previous tickets with new links to badges).</p>
-<p> </p>
-<p>If you have any questions, you can ask us in <a href="http://infra.chat/">Hipchat</a> or you can email infrastructure@apache.org<br/></p>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>Dear Apache</title><link href="https://infra.apache.org/blog/dear_apache.html" rel="alternate"></link><published>2015-10-19T18:30:41+00:00</published><updated>2015-10-19T18:30:41+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-10-19:/blog/dear_apache.html</id><summary type="html"><p>My name is Daniel Takamori and I'm so happy to be joining the Infra team here at Apache.&nbsp; I'm from Oregon in the United States and really enjoy the rain.&nbsp; While at Oregon State University I studied mathematics and physics with a lean towards error correcting codes and mathematical modelling …</p></summary><content type="html"><p>My name is Daniel Takamori and I'm so happy to be joining the Infra team here at Apache.&nbsp; I'm from Oregon in the United States and really enjoy the rain.&nbsp; While at Oregon State University I studied mathematics and physics with a lean towards error correcting codes and mathematical modelling.&nbsp; Some of my hobbies are playing Go in which I'm ranked 6.9 kyu by the AGA, cooking with eggs and green things, and old school platforming video games.&nbsp; In a former life I worked on underwater remotely operated vehicles and automated gardening systems.&nbsp; Traveling is something I liked to do once; living in Hungary was awesome and I hope to visit again. Oregon is a great place to live, with all the trees, rain and burritos but maybe things will change in the future.&nbsp; My handle Pono is my Hawaiian name, and I'm really proud to use it.<br/><br/>Previously I was at the Oregon State University Open Source Lab and really enjoyed my time there; getting to know the Open Source communities and even work with Apache!&nbsp; It was a real eye opening experience to the world of what software and DevOps (lol who knows what that even means).&nbsp; I'm very excited to continue working with the community and even more excited to start this next chapter with such an amazing group.<br/><br/>See you around internets!<br/></p>
-</content><category term="blog"></category></entry><entry><title>Planned downtime for ReviewBoard</title><link href="https://infra.apache.org/blog/planned_downtime_for_reviewboard.html" rel="alternate"></link><published>2015-08-19T19:19:38+00:00</published><updated>2015-08-19T19:19:38+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-08-19:/blog/planned_downtime_for_reviewboard.html</id><summary type="html"><div>
-<div>
-<div>The ReviewBoard vm ran out of space and despite our best
-efforts to fix the space issue without restarting the service, that is
-the only option left.<br/><br/></div>The plan is to restart the vm on
-Thursday August 20th at 21:00 UTC (14:00 PDT), but if it fills up …</div></div></summary><content type="html"><div>
-<div>
-<div>The ReviewBoard vm ran out of space and despite our best
-efforts to fix the space issue without restarting the service, that is
-the only option left.<br/><br/></div>The plan is to restart the vm on
-Thursday August 20th at 21:00 UTC (14:00 PDT), but if it fills up again
-before then, the resize will take place earlier.<br/><br/>
-</div>A tweet via @infrabot will be tweeted 1 hour before the scheduled downtime and a planned maintenance notice will be posted to <a href="http://status.apache.org" target="_blank">status.apache.org</a>.<br/><br/>
-</div>The actual downtime should take no more than 30 minutes.<br/><br/>The next email about this will be after the service has resumed from the <span>planned</span> downtime.<br/><br/>Thanks!<br/><br/>Geoff Corey
-</content><category term="blog"></category></entry><entry><title>Planned downtime for Jira1</title><link href="https://infra.apache.org/blog/planned_downtime_for_jira1.html" rel="alternate"></link><published>2015-08-03T23:07:37+00:00</published><updated>2015-08-03T23:07:37+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-08-03:/blog/planned_downtime_for_jira1.html</id><summary type="html"><p>There will be a planned reboot of Jira on Friday 7th August at 00:00 UTC.<br/><br/>This is 72 hours notice as recommended in our Core Services planned downtime SLA.<br/><br/>Currently, Jira requires a reboot when adding new projects to it. There is an outstanding <br/>ticket with Atlassian about this …</p></summary><content type="html"><p>There will be a planned reboot of Jira on Friday 7th August at 00:00 UTC.<br/><br/>This is 72 hours notice as recommended in our Core Services planned downtime SLA.<br/><br/>Currently, Jira requires a reboot when adding new projects to it. There is an outstanding <br/>ticket with Atlassian about this. They require logs and so these will be gathered at the <br/>time of the planned reboot. <br/><br/>Projects being added to Jira at this time will include:-<br/><br/>INFRA-9713 - Whimsy<br/><br/>and any more that get requested between now and downtime.<br/><br/>Any projects requiring issues to be imported from other issue trackers will NOT be done at <br/>this time.<br/><br/>A tweet via @infrabot will be tweeted 24 hrs and 1 hr before.<br/>A planned maintenance notice will be posted on status.apache.org.<br/><br/>Actual downtime should be no more than 10 minutes all being well.<br/><br/>The next email about this will be after the service has resumed from the planned downtime.<br/><br/>Thanks!</p>
-<p>Geoff Corey<br/></p>
-</content><category term="blog"></category></entry><entry><title>Mirroring to GitHub issues</title><link href="https://infra.apache.org/blog/mirroring_to_github_issues.html" rel="alternate"></link><published>2015-07-14T16:05:02+00:00</published><updated>2015-07-14T16:05:02+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-07-14:/blog/mirroring_to_github_issues.html</id><summary type="html"><p>As some of you are aware, there have been some issues syncing changes from repositories on <a href="https://git-wip-us.apache.org">https://git-wip-us.apache.org</a> to the mirrors on GitHub.</p>
-<p> </p>
-<p>The issues we are seeing:</p>
-<ul>
-<li>Pull requests not being closed when they should be</li>
-<li>Changes not being synced to the GitHub mirrors</li>
-<li>Bots other than …</li></ul></summary><content type="html"><p>As some of you are aware, there have been some issues syncing changes from repositories on <a href="https://git-wip-us.apache.org">https://git-wip-us.apache.org</a> to the mirrors on GitHub.</p>
-<p> </p>
-<p>The issues we are seeing:</p>
-<ul>
-<li>Pull requests not being closed when they should be</li>
-<li>Changes not being synced to the GitHub mirrors</li>
-<li>Bots other than asfgit closing PRs on Apache GitHub mirrors.</li>
-</ul>
-<p>We are looking into why changes are not being synced, as well as why PRs are not getting closed and why some PRs are being closed by other bots such as hubot.</p>
-<p> </p>
-<p>We will update this blog post as we get more information about the sync issues.<br/></p>
-</content><category term="blog"></category></entry><entry><title>Buildbot master currently off-line</title><link href="https://infra.apache.org/blog/buildbot_master_currently_off_line.html" rel="alternate"></link><published>2015-06-29T21:17:45+00:00</published><updated>2015-06-29T21:17:45+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-06-29:/blog/buildbot_master_currently_off_line.html</id><summary type="html"><p><b>Update (2015-06-30 ~12.00 UTC):</b></p>
-<p>The replacement buildbot master is now live. The CMS service and the <a href="http://ci.apache.org">ci.apache.org</a>&nbsp; website have been restored. The project CI builds are mostly working but builds that upload docs, snapshots etc. to the buildmaster for publishing are likely to fail at the upload …</p></summary><content type="html"><p><b>Update (2015-06-30 ~12.00 UTC):</b></p>
-<p>The replacement buildbot master is now live. The CMS service and the <a href="http://ci.apache.org">ci.apache.org</a>&nbsp; website have been restored. The project CI builds are mostly working but builds that upload docs, snapshots etc. to the buildmaster for publishing are likely to fail at the upload stage while we ensure all the necessary directory structures are in place to receive the uploads. Work to resolve these final few issues is ongoing.<br/></p>
-<p>We continue to try and contact the owner of the account where the IRC proxy was running. In case their account has been compromised, it remains locked. In addition, all their commits have been reviewed by other project committers and that review has confirmed that no malicious commits have been made by the account in question.</p>
-<p>The review of <a href="http://aegis.apache.org">aegis.apache.org</a>&nbsp; is ongoing. No evidence of compromise beyond the possible compromise of the single, non-privileged user account has been found.<br/></p>
-<p><b>Original post (2015-06-29 ~21.00 UTC):</b></p>
-<p>As per the e-mails to committers@ earlier today, <a href="http://aegis.apache.org">aegis.apache.org</a> is currently offline after a report was received that suspicious network traffic had been observed from that host. This blog post will be updated as more information becomes known.</p>
-<p><b>What we know:</b></p>
-<ul>
-<li>At ~16.00 UTC 28 June 2015 a report of suspicious network activity from a buildbot host was reported to the Apache security team.</li>
-<li>Further information was requested and at ~18.00 UTC 28 June 2015 the Apache Infrastructure team received a copy of network logs that showed a number of suspicious IRC connections originating from aegis.apache.org</li>
-<li>These IRC connections were traced to a non-privileged user account on <a href="http://aegis.apache.org">aegis.apache.org</a>&nbsp; running an open IRC proxy</li>
-<li>At ~20.00 UTC 28 June 2015 the user account concerned was locked for all ASF services and the proxy process terminated.</li>
-<li>At ~10.00 UTC 29 June 2015, after further discussion within the infrastructure team, aegis.apache.org was taken off-line as a precaution.</li>
-</ul>
-<p>It remains unclear whether the open IRC proxy was installed by the user that owned the account or whether their account was compromised and the IRC proxy was installed by an unauthorized user. <br/></p>
-<p>It is worth stressing that no further information came to light between 20.00 UTC 28 June 2015 and 10.00 UTC 29 June 2015 that triggered the decision to take the host off-line. The host was taken off-line purely as a precaution while we reviewed the available information. That process is ongoing. So far we have found no evidence to even suggest anything more than a user account being used to run an IRC proxy and plenty of evidence that suggests that this was the only activity this account was used for.<br/></p>
-<p><b>Risks:</b></p>
-<p>There is no risk to released source or binaries for any ASF project. There are multiple reasons for this:</p>
-<ul>
-<li>buildbot is a CI system used to build snapshots, not releases</li>
-<li>no builds are performed on <a href="http://aegis.apache.org">aegis.apache.org</a></li>
-</ul>
-<p>Buildbot is used to build some project web sites and / or project documentation. The risk of compromise here is viewed as very low for the following reasons:</p>
-<ul>
-<li>the builds do not take place on aegis.apache.org</li>
-<li>diffs of every change are sent to the relevant project team's mailing list for review and an unexpected / malicious change would be spotted</li>
-</ul>
-<p><b>Project impact:</b></p>
-<p> The following services are currently off-line and will remain so until the buildbot master is restored</p>
-<ul>
-<li>All buildbot builds</li>
-<li>Projects that use the CMS will be unable to update their web sites (the CMS uses buildbot to build web site updates)<br/></li>
-<li>the <a href="http://ci.apache.org">ci.apache.org</a>&nbsp; website<br/></li>
-</ul>
-<p><b>Work in progress:</b></p>
-<p>Analyzing <a href="http://aegis.apache.org">aegis.apache.org</a>&nbsp; is going to take time and, while we view the chances of a wider compromise of this host as very, very small, we are not willing to bring the host back on line at this point. This host was due for replacement so the decision has been taken to pull this work forward and rebuild the buildbot master on a new host now. We have taken this decision not because we believe <a href="http://aegis.apache.org">aegis.apache.org</a>&nbsp; to be compromised, but because it is possible to complete this work far more quickly than it is possible to confirm our view that <a href="http://aegis.apache.org">aegis.apache.org is not compromised.</a>&nbsp; We currently estimate that the rebuild of the new buildbot master host will be completed by 1 July 2015.<br/></p>
-<p>We continue to analyze the information we have obtained from <a href="http://aegis.apache.org">aegis.apache.org</a>&nbsp; and from other sources and will update this blog post as more information becomes available.</p>
-<p><b>Questions:</b></p>
-<p>Questions, concerns, comments etc. should be directed to infrastructure@apache.org <br/></p>
-</content><category term="blog"></category></entry><entry><title>Confluence Wiki service to be restarted</title><link href="https://infra.apache.org/blog/confluence_wiki_service_to_be.html" rel="alternate"></link><published>2015-06-10T08:32:13+00:00</published><updated>2015-06-10T08:32:13+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-06-10:/blog/confluence_wiki_service_to_be.html</id><summary type="html"><p>Hi All,<br/><br/>There will be a planned reboot of Confluence on Friday 12th June at 18:00 UTC+1<br/><br/>This is a blog post notice as recommended in our Core Services planned downtime SLA.<br/><br/>The Confluence wiki service configuration is stored in our Puppet configuration.<br/><br/>We have made some modifications …</p></summary><content type="html"><p>Hi All,<br/><br/>There will be a planned reboot of Confluence on Friday 12th June at 18:00 UTC+1<br/><br/>This is a blog post notice as recommended in our Core Services planned downtime SLA.<br/><br/>The Confluence wiki service configuration is stored in our Puppet configuration.<br/><br/>We have made some modifications to the Puppet Manifest affecting the Module that<br/>Confluence uses (cwiki_asf). Some code is being moved out from the module and <br/>into a host specific YAML file. This will make it easier for future hosts to reuse the <br/>module (such as an upgrade host currently awaiting these changes.)<br/>A twitter notification will be posted 1 hour before.<br/>A planned maintenance notice will be posted on status.apache.org.<br/><br/>If necessary we will make use this outage window to apply any OS updates and reboot <br/>the host VM.<br/><br/>Actual downtime should be no more than 1 hour all being well.<br/><br/>An email about this will be sent to infrastructure@ after the service has resumed from the planned downtime.</p>
-</content><category term="blog"></category></entry><entry><title>Planned downtime for Jira</title><link href="https://infra.apache.org/blog/planned_downtime_for_jira.html" rel="alternate"></link><published>2015-05-18T15:28:11+00:00</published><updated>2015-05-18T15:28:11+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-05-18:/blog/planned_downtime_for_jira.html</id><summary type="html"><p>Hi All,<br/><br/>There will be a planned reboot of Jira on Thursday 21st May at 16:00 UTC+1<br/><br/>This is 72 hours notice as recommended in our Core Services planned downtime SLA.<br/><br/>Currently, Jira requires a reboot when adding new projects to it. There is an outstanding <br/>ticket with …</p></summary><content type="html"><p>Hi All,<br/><br/>There will be a planned reboot of Jira on Thursday 21st May at 16:00 UTC+1<br/><br/>This is 72 hours notice as recommended in our Core Services planned downtime SLA.<br/><br/>Currently, Jira requires a reboot when adding new projects to it. There is an outstanding <br/>ticket with Atlassian about this. They require logs and so these will be gathered at the <br/>time of the planned reboot. <br/><br/>Projects being added to Jira at this time will include:-<br/><br/>INFRA-9516 - Myriad <br/>INFRA-9609 - Atlas <br/>INFRA-9635 - CMDA <br/><br/>and any more that get requested between now and downtime.<br/><br/>Any projects requiring issues to be imported from other issue trackers will NOT be done at <br/>this time.<br/><br/>A tweet via @infrabot will be tweeted 24 hrs and 1 hr before.<br/>A planned maintenance notice will be posted on status.apache.org.<br/><br/>Actual downtime should be no more than 10 minutes all being well.<br/><br/>The next email about this will be after the service has resumed from the planned downtime.<br/><br/>Thanks!<br/><br/>Gav&hellip;<br/></p>
-</content><category term="blog"></category></entry><entry><title>Mail Service Architecture Changes</title><link href="https://infra.apache.org/blog/mail_service_architecture_changes.html" rel="alternate"></link><published>2015-05-08T21:12:11+00:00</published><updated>2015-05-08T21:12:11+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-05-08:/blog/mail_service_architecture_changes.html</id><summary type="html"><p>For the past few months the Infrastructure team have been working extremely hard to re-design, implement and manage changes to the email service architecture. &nbsp;Today we are proud to announce that phase 1 of this has been completed, and has been running for several days now.</p>
-<p>Phase 1 covers all …</p></summary><content type="html"><p>For the past few months the Infrastructure team have been working extremely hard to re-design, implement and manage changes to the email service architecture. &nbsp;Today we are proud to announce that phase 1 of this has been completed, and has been running for several days now.</p>
-<p>Phase 1 covers all components of the service except the listserv service, and mail archives. &nbsp;These will be included in phase 2, which we will come onto later. When we started out on this project to review, update and manage our email infrastructure we had a several guiding principals that either the old system must be made to conform too; or any new service would need to meet before being accepted. &nbsp;When we talk about these principals really we are talking about criteria, these are:&nbsp;</p>
-<p> </p>
-<ul>
-<li>The service must be entirely managed (operationally) from our puppet service.&nbsp;</li>
-<li>The software (packages) must all be packaged - i.e. .deb's, either upstream or packaged locally and in our own repo. Deploying from source is no longer acceptable.</li>
-<li>All the work carried out by puppet et al must be idempotent</li>
-<li>We will not allow the service design to restrict our ability to either adapt it, or grow it at will and on demand.&nbsp;</li>
-</ul>
-<p>Very early on in the design and testing work it became clear that we needed clear separation of each of the roles in the email service infrastructure. This would allow us, in the future too add more capability of any given type if for some reason it were needed. Lets say for example we needed for SpamAssassin capability this can we scaled sideways and allow us to swallow the load without needing to also make it an MX host or listserv host etc.&nbsp;</p>
-<p> </p>
-<p>The design we have settled upon, with phase 1 complete can be seen in this diagram. <a href="http://www.apache.org/dev/mailflow.jpg" target="_blank">http://www.apache.org/dev/mailflow.jpg</a>&nbsp;- This diagram shows that we have deployed several MX hosts (each of which are more than capable of handling our entire inbound mail load comfortably); in differing AWS regions globally. This decision means that while we dont need 3 to cope with capacity we wanted 3 to cope with networking resilience should any of these instances suffer network degradation or outage. &nbsp;</p>
-<p>These MX hosts are simple Postfix instances that run <a href="http://www.postfix.org/POSTSCREEN_README.html" target="_blank">Postfix Postscreen</a>, RBL checks, and <a href="http://www.ijs.si/software/amavisd/" target="_blank">Amavisd-new</a>. &nbsp;This simple protection of only performing RBL checks at the edge frees up the internal scanning hosts from having to scan emails needlessly. Amavis is simply used to pass the emails internally for scanning.&nbsp;</p>
-<p>Once the mails have been passed on by the MX (and there is an interesting detail about how exactly the mails are handled by Amavis that might be a blog post in the near future) they are handled by our scanning cluster. This group of hosts utilise SpamAssassin, ClamAV and again Postfix. While these may not be new technologies, again having a dedicated host or hosts in our case allows us to tune the services specifically for the resources dedicated to scanning and not worry about choking other local services. Of course it also means that should we see a marked increase in mail volume we can easily deploy a new node in a matter of minutes and have it join the rotation and start scanning email.</p>
-<p>All of the scanning nodes are being fronted by a HAProxy instance, this allows us to load balance our nodes and not have to reconfigure the MX hosts should we change the number of scanning hosts. &nbsp;It also means we can take a node out of rotation for maintenance and none of the MX hosts need to be reconfigured or modified in anyway. </p>
-<p>As we said earlier this is only phase 1. &nbsp;You will see in the diagram that we are still running our old ezmlm/qmail stack. This will now become the focus of phase 2, to determine what changes, if any best suit our projects and the foundation as a whole. One of the failings of the current system is that if the listserv host goes down, mail basically stops flowing, as this is the authoritative host for all apache addresses. We will also be looking very hard as to how we can run multiple listserv hosts to remove that single point of failure concern.&nbsp;</p>
-<p>The foundation relies on email as it's official internal communication mechanism, this is evident no more than when we say "If it didn't happen on the list, it didn't happen". Moving this service forward will be a significant challenge, one which we hope to deliver as soon as we can.&nbsp;</p>
-<p>As always, if you have any questions please email <a href="mailto:infrastructure@apache.org">infrastructure@apache.org</a>&nbsp; and we will do what we can to help. <br/><br/></p>
-<p>On behalf of the Infrastructure Team<br/>--pctony &nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>Apache Services and SHA-1 SSL Cert deprecation</title><link href="https://infra.apache.org/blog/apache_services_and_sha_1.html" rel="alternate"></link><published>2015-04-29T23:02:29+00:00</published><updated>2015-04-29T23:02:29+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-04-29:/blog/apache_services_and_sha_1.html</id><summary type="html"><p>
-As some of you may have already encountered, certain services within Apache appear to have broken SSL support. While the cert is still valid, there is a part of the cert that both Microsoft and Google have stopped accepting as valid. We are working on fixing this and will use …</p></summary><content type="html"><p>
-As some of you may have already encountered, certain services within Apache appear to have broken SSL support. While the cert is still valid, there is a part of the cert that both Microsoft and Google have stopped accepting as valid. We are working on fixing this and will use this blogpost to track what services will be updated and when (as well as emails).</p>
-<p> </p>
-<p> </p>
-<p><u>Services:</u></p>
-<ul>
-<li><u></u>git-wip-us</li>
-<li>TLP sites</li>
-<li>SSL terminator (erebus-ssl)</li>
-<li>svn-master</li>
-<li>mail-relay</li>
-</ul>
-<p><u>Schedule:</u></p>
-<ul>
-<li>git-wip-us: <b>Friday May 1, 16:00 UTC</b><br/></li>
-<li>TLP sites: <b>Friday May 1, 16:00 UTC</b></li>
-<li>SSL terminator (erebus-ssl): <b>Friday May 1, 16:00 UTC</b></li>
-<li>svn-master: <b>Friday May 1, 16:00 UTC</b></li>
-<li>mail-relay: <b>Friday May 1, 16:00 UTC</b></li>
-</ul>
-</content><category term="blog"></category></entry><entry><title>Git based websites available</title><link href="https://infra.apache.org/blog/git_based_websites_available.html" rel="alternate"></link><published>2015-04-29T21:29:31+00:00</published><updated>2015-04-29T21:29:31+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-04-29:/blog/git_based_websites_available.html</id><summary type="html"><p>If you have worked on a web site for an Apache project, you've probably come across the fact that everything has to be in Subversion for web sites. The reason for this has been the desire to have a unified standard for publishing web site contents across all projects. The …</p></summary><content type="html"><p>If you have worked on a web site for an Apache project, you've probably come across the fact that everything has to be in Subversion for web sites. The reason for this has been the desire to have a unified standard for publishing web site contents across all projects. The current workflow is handled by two components, svnpubsub - a pubsub service for subversion - and svnwcsub, the client for svnpubsub. In&nbsp;2013 we added a similar method for Git, called gitpubsub. Nowadays, gitpubsub is used for a ton of different service messages in the ASF; Git commits, JIRA notifications, GitHub communication and so on, and as of today, we have added gitwcsub, a gitpubsub client similar to svnwcsub, <b>enabling projects to use git as their repository for web site content.</b></p>
-<p>&nbsp;In order to use git as your web site repository, you must have your web site in a git repo. This can either be an existing repository or a new one created just for your web site. gitwcsub will, by default, pull content from the <i>asf-site</i> branch of any repo set up for it, so all that needs to be done is to have this branch in a repo on <a href="http://git-wip-us.apache.org">git-wip-us.apache.org</a> and you can have your projects site published via git.</p>
-<p>To have your site transferred to a git based workflow, please file a JIRA ticket with infrastructure.</p>
-<p>Lastly, we want to thank the CouchDB project for being guinea pigs in this process!<br/></p>
-</content><category term="blog"></category></entry><entry><title>Apache gains additional Travis-CI capacity</title><link href="https://infra.apache.org/blog/apache_gains_additional_travis_ci.html" rel="alternate"></link><published>2015-04-15T20:32:10+00:00</published><updated>2015-04-15T20:32:10+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-04-15:/blog/apache_gains_additional_travis_ci.html</id><summary type="html"><p><span style="color: #222222; font-family: arial, sans-serif;"><a href="https://travis-ci.org" target="_blank">Travis-CI</a> is a distributed continuous integration platform that&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">integrates well with projects on GitHub. As many of our projects are&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">taking advantage of our <a href="https://blogs.apache.org/infra/entry/improved_integration_between_apache_and" target="_blank">GitHub integration</a>, they're also making use of&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">Travis-CI for testing of inbound patches.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">Travis CI offers a free account for open source projects, with a built …</span></p></summary><content type="html"><p><span style="color: #222222; font-family: arial, sans-serif;"><a href="https://travis-ci.org" target="_blank">Travis-CI</a> is a distributed continuous integration platform that&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">integrates well with projects on GitHub. As many of our projects are&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">taking advantage of our <a href="https://blogs.apache.org/infra/entry/improved_integration_between_apache_and" target="_blank">GitHub integration</a>, they're also making use of&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">Travis-CI for testing of inbound patches.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">Travis CI offers a free account for open source projects, with a built&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">in assumption that projects are generally a single project per GitHub&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">organization. The level of resources and jobs able to run is 'fair&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">use', which is fair indeed considering that is gratis.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">Of course, most GitHub organizations aren't as large as the Apache organization&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">on GitHub, and we recently discovered that the Foundation was one of the&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">largest gratis open source user of Travis CI.</span><span style="color: #222222; font-family: arial, sans-serif;">&nbsp;On average, our build queue length was in excess of 300 jobs.&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">While we appreciate the generosity of the Travis-CI folks, our demand&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">for their services was clearly outstripping the available supply. This&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">also meant that a lot of Apache projects were frustrated, or even&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">abandoning their efforts to use Travis-CI because the length of time&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">for a build to start was high enough to not really quality as&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">'continuous'.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">To that end, we've now purchased a subscription to Travis services,&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">and have moved from 'fair use' to having 30 concurrent builds. This&nbsp;</span><span style="color: #222222; font-family: arial, sans-serif;">should be a dramatic increase in throughput for Apache projects who make use of Travis.</span></p>
-</content><category term="blog"></category></entry><entry><title>Introducing JIRA Service Desk</title><link href="https://infra.apache.org/blog/introducing_jira_service_desk.html" rel="alternate"></link><published>2015-04-13T20:21:14+00:00</published><updated>2015-04-13T20:21:14+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-04-13:/blog/introducing_jira_service_desk.html</id><summary type="html"><hr/>
-Infra no longer offers the Jira Service Desk. You can manage most standard service requests yourself through the <a href="https://selfserve.apache.org/" target="_blank">Self-Serve service</a>.
-<hr/>
-<p>As part of our ongoing efforts to streamline our service offerings, and to make it easier to interact with the Infrastructure team we are launching an instance of JIRA Service …</p></summary><content type="html"><hr/>
-Infra no longer offers the Jira Service Desk. You can manage most standard service requests yourself through the <a href="https://selfserve.apache.org/" target="_blank">Self-Serve service</a>.
-<hr/>
-<p>As part of our ongoing efforts to streamline our service offerings, and to make it easier to interact with the Infrastructure team we are launching an instance of JIRA Service Desk.&nbsp;</p>
-<p>This should make it much simpler to submit common JIRA issues, such as SVN-&gt;GIT migration, New wiki, New JIRA project, etc. The forms ask for the minimum amount of data we would need to complete the request.&nbsp;</p>
-<p>One common theme we found that delayed resolution was needing additional information to action tickets. Service Desk allows us to request the exact information needed for a specific task.&nbsp;</p>
-<p>We would like to ask everyone to start using this to submit new issues. You can access this new service here: &nbsp;<a href="https://helpinfrahelpyou.apache.org">https://helpinfrahelpyou.apache.org</a>&nbsp; &nbsp;or &nbsp;<a href="https://infrahelp.apache.org">https://infrahelp.apache.org</a></p>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>Downtime notice for the RW git repositories</title><link href="https://infra.apache.org/blog/downtime_notice_for_the_r.html" rel="alternate"></link><published>2015-01-12T15:02:12+00:00</published><updated>2015-01-12T15:02:12+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2015-01-12:/blog/downtime_notice_for_the_r.html</id><summary type="html"><p><span style="color: #222222; font-family: arial, sans-serif;">Folks,</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">Please note than on Thursday 15th at 20:00 UTC the Infrastructure team</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">will be taking the read/write git repositories offline.&nbsp; We expect</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">that this migration to last about 4 hours.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">During the outage the service will be migrated from an old host to a</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">new one.&nbsp; &nbsp;We …</span></p></summary><content type="html"><p><span style="color: #222222; font-family: arial, sans-serif;">Folks,</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">Please note than on Thursday 15th at 20:00 UTC the Infrastructure team</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">will be taking the read/write git repositories offline.&nbsp; We expect</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">that this migration to last about 4 hours.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">During the outage the service will be migrated from an old host to a</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">new one.&nbsp; &nbsp;We intend to keep the URL the same for access to the repos</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">after the migration, but an alternate name is already in place in case</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">DNS updates take too long.&nbsp; &nbsp;Please be aware it might take some hours</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">after the completion of the downtime for github to update and reflect</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">any changes.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">The Infrastructure team have been trialling the new host for about a</span><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">week now, and [touch wood] have not had any problems with it.</span><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">The service is current;y available by accessing repos via:</span><br style="color: #222222; font-family: arial, sans-serif;"/><a href="https://git-wip-us.apache.org/" style="color: #1155cc; font-family: arial, sans-serif;" target="_blank"><a href="https://git-wip-us.apache.org">https://git-wip-us.apache.org</a></a><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/><span style="color: #222222; font-family: arial, sans-serif;">If you have any questions please address them to </span><a href="mailto:infrastructure@apache.org" rel="noreferrer" style="color: #1155cc; font-family: arial, sans-serif;" title="[GMCP] Compose a new mail to infrastructure@apache.org"><a href="mailto:infrastructure@apache.org">infrastructure@apache.org</a></a><br style="color: #222222; font-family: arial, sans-serif;"/><br style="color: #222222; font-family: arial, sans-serif;"/></p>
-</content><category term="blog"></category></entry><entry><title>SVN Service Outage - PostMortem</title><link href="https://infra.apache.org/blog/svn_service_outage_postmortem.html" rel="alternate"></link><published>2014-12-09T09:58:37+00:00</published><updated>2014-12-09T09:58:37+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-12-09:/blog/svn_service_outage_postmortem.html</id><summary type="html"><p> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Summary</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;">On Wednesday December 3rd the main US host for the ASF subversion service fails resulting in loss of service. &nbsp;This loss of subversion service prevent committers from submitting any changes, and whilst we have an EU mirror it is read-only and does not allow for any changes to be …</span></p></summary><content type="html"><p> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Summary</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;">On Wednesday December 3rd the main US host for the ASF subversion service fails resulting in loss of service. &nbsp;This loss of subversion service prevent committers from submitting any changes, and whilst we have an EU mirror it is read-only and does not allow for any changes to be submitted whilst the master is offline.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;">The cause of the outage was a failed disk. This failed disk was part of a mirrored OS pair. &nbsp;Some time prior to this the alternate disk had also been replaced due to a failed state.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Timeline</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>0401 UTC 2014-10-26 -</strong> eris daily run output notes the degraded state of root disk gmirror</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1212 UTC 2014-10-30 -</strong> INFRA-8551 created to deal with gmirror degradation.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>2243 UTC 2014-12-02 -</strong> OSUOSL replaced disk in eris</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>0208 UTC 2013-12-03 -</strong> Subversion begins to crawl to a halt</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>0756 UTC 2013-12-03 -</strong> First contractor discovers something awry with subversion service</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>0834 UTC 2013-12-03 -</strong> Infrastructure sends out a notice about the svn issue</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>0916 UTC 2013-12-03 -</strong> Response to issue begins</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1010 UTC 2013-12-03 -</strong> First complaints about mail being slow/down</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1025 UTC 2013-12-03 -</strong> Discovery that email queue alerts had been silenced.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1225 UTC 2013-12-03 -</strong> Discovery that Eris outage affecting LDAP-based services including Jenkins and mail</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1613 UTC 2013-12-03 -</strong> First attempt at power cycling eris</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1717 UTC 2013-12-03 -</strong> Concern emerges that the 'good' disk in the mirror isn't.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1744 UTC 2013-12-03 -</strong> OSUOSL staff shows up in the office</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1752 UTC 2013-12-03 -</strong> Blog post went up.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1906 UTC 2014-12-03 -</strong> New hermes/baldr (hades) being set up for replacement of eris</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>1911 UTC 2014-12-03 -</strong> #svnoutage clean room in hipchat began</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>2040 UTC 2014-12-03 -</strong> machine finally comes up and is usable.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>2050 UTC 2014-12-03 -</strong> confusion arises between which switch is in which rack. Impedance mismatch between what OSUOSL calls racks, and what we called racks.</span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] Tony Stevenson: which rack is this<br/></span><span style="font-family: Arial; -webkit-text-stroke-color: #000000;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] Tony Stevenson: 1, 2 or 3 <br/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] Justin Dugger (pwnguin): 19&nbsp; <br/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] David Nalley: what switch? <br/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] Justin Dugger (pwnguin): HW type: HP&nbsp; &nbsp; &nbsp; ProCurve 2530-48G&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OEM S/N 1: CN2BFPG1F5 <br/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] David Nalley: ^^^^^^^^^ points to this impedance mismatch for the postmortem <br/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [Dec-3 5:50 PM] David Nalley: no label on the switch?<br/></span><strong style="font-family: Arial; -webkit-text-stroke-color: #000000;">2054 UTC 2014-12-03 -</strong><span style="font-family: Arial; -webkit-text-stroke-color: #000000;"> Data copy begins<br/></span><strong style="font-family: Arial; -webkit-text-stroke-color: #000000;">0441 UTC 2014-12-04 -</strong><span style="font-family: Arial; -webkit-text-stroke-color: #000000;"> data migration finished<br/></span><strong style="font-family: Arial; -webkit-text-stroke-color: #000000;">1457 UTC 2014-12-04 -</strong><span style="font-family: Arial; -webkit-text-stroke-color: #000000;"> SVN starts working again - testing begins<br/></span><strong style="font-family: Arial; -webkit-text-stroke-color: #000000;">0647 UTC 2014-12-05 -</strong><span style="font-family: Arial; -webkit-text-stroke-color: #000000;"> svn-master is operational again with viewvc</span></p>
-<p><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Problems</strong></span><br/> </p>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">It took us far too long to spin up replacement machine. This in fact took a few hours due to having to manually build the host from source media and encountering several BIOS/RaidController issues. &nbsp;Our endeavour to have automated provisioning of tin (bare metal) would certainly have improved this time considerably had it been available at the time of the event. &nbsp;</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Many machines pointing to eris.a.o for LDAP - not to a service name (such as ldap1-us-west for example) which meant we couldn&rsquo;t easily restore LDAP services for some US hosts without making them also think SVN services had also moved.&nbsp;</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Assigning of issues in JIRA - It has perhaps been a long held understanding that if an issue is assigned to someone in JIRA then they are actively managing that issue. This event clearly shows how fragile that belief is.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">DNS (geo) updates were problematic - Daniel will be posting a proposal on Thursday, which will outline our concerns around DNS and a viable way forward that meets our needs and is not reliant on us storing all the data in SVN to be able to effect changes to zones. (This proposal was not created as a tiger of this event, it has been worked on for a number of weeks now).</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">architectural problems for availability</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">We couldn't promote svn-eu to master - data differences/corruption&nbsp;<span style="font-kerning: none; color: #042eee; -webkit-text-stroke-color: #042eee;"><u><a href="https://issues.apache.org/jira/browse/INFRA-6236">https://issues.apache.org/jira/browse/INFRA-6236</a><br/><br/></u></span></span></li>
-<li>Current monitoring setup was not sufficient in catching disk errors and correctly alerting infra.&nbsp;</li>
-<p> </p>
-</ul> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-size: 14px; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>To Do</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Daniel to investigate and evaluate multimaster service availability.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Implement an extended SSL check that not only ensures the service is up, but also checks cert validity (expire, revocation status etc), and the certificate chain is valid.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">De-couple DNS from SVN</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">De-couple the SVN authz file from SVN directly. Also breser@ has suggested we use the authz validation tool available from the svn install we have on hades, &nbsp;as part of the template-&gt;active file generation process.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Move the ASF status page (http://status.apache.org) outside of our main colos so folks can continue to see it in the event of an outage.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Vendor provided hardware monitoring tools mandatory on all new hardware deployments.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Broader audience for incidents and status reports</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">More aggressive host replacement before these issues arise&nbsp;</span></li>
-</ul> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-size: 14px; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Things being considered</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Mandatory use of SNMP for enhanced data gathering.&nbsp;</span></li>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Issue &lsquo;nagging&rsquo; - develop some thoughts and ideas around the concept of auto-transitioning un-modified JIRA issues after N hours of in activity and actively nag the group until an update is made. This for example is how Atlassian (and so many others) handle their issues. &nbsp;For example if an end-user doesn&rsquo;t update the issue within 5 days, it is automatically closed, if we don&rsquo;t update an open issue within 6 hours for a critical issue then we get nagged about it.&nbsp;</span></li>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Automatically create new JIRA issues (utilising above mentioned auto-transition) to notify of hardware issues (not just relying on hundreds of cron emails a day).</span></li>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">Again as part of a wider thinking of how we use issue tracking consider the concept that you only assign an issue to yourself if you are explicitly working on it at that moment, i.e it should not sit in the queue assigned to someone for &gt; N hours and not receive any updates.&nbsp;</span></li>
-</ul> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/> <span style="font-stretch: normal; font-size: 14px; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"><strong>Things that went well</strong></span><br/> <span style="font-stretch: normal; font-family: Arial; font-kerning: none; -webkit-text-stroke-color: #000000;"></span><br/>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">The people working on the issue worked extremely well as a team. &nbsp;Communicating with one another via hipchat and helping each other along where required. &nbsp;There was a real sense of camaraderie for the first time in a very long time and this see of team helped greatly.&nbsp;</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">The team put in a bloody hard shift.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">There is now a very solid understanding of the SVN service across at least 4 members of the team, as opposed to 2 x0.5 understandings before.</span></li>
-</ul>
-<ul>
-<li style="margin: 0px; font-stretch: normal; font-family: Arial; -webkit-text-stroke-color: #000000; -webkit-text-stroke-width: initial;"><span style="font-kerning: none;">A much broader insight into the current design of our infrastructure was gained by the newer members of the team.&nbsp;</span></li>
-</ul>
-</content><category term="blog"></category></entry><entry><title>Subversion master undergoing emergency maintenance</title><link href="https://infra.apache.org/blog/subversion_master_undergoing_emergency_maintenance.html" rel="alternate"></link><published>2014-12-03T17:52:32+00:00</published><updated>2014-12-03T17:52:32+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-12-03:/blog/subversion_master_undergoing_emergency_maintenance.html</id><summary type="html"><p>
-The primary master machine that hosts the Apache Software Foundation's subversion repositories is currently undergoing some emergency maintenance due to disk errors.<br/>
-We do not currently have an ETA on when this will be fixed.<br/> <br/>
-In the meantime, there will be no access to commit to SVN.<br/>
-The read-only mirror …</p></summary><content type="html"><p>
-The primary master machine that hosts the Apache Software Foundation's subversion repositories is currently undergoing some emergency maintenance due to disk errors.<br/>
-We do not currently have an ETA on when this will be fixed.<br/> <br/>
-In the meantime, there will be no access to commit to SVN.<br/>
-The read-only mirror at <a href="http://svn.eu.apache.org" target="_blank">svn.eu.apache.org</a> is still working.</p>
-<p><u><b>UPDATE: 18:30 UTC, 3 December 2014</b></u></p>
-<p>The machine that hosts the SVN master suffered root filesystem corruption. This corruption led to a severe degradation of the SVN service, and to repair the issue the service was taken down. </p>
-<p>This filesystem is separate from the filesystem that hosts the SVN repositories. We expect no data loss from this issue. (And we have multiple copies of this data available to us.)&nbsp;</p>
-<p>We'll be keeping this blog post updated with more details as they become available. </p>
-<p><b><u>UPDATE: 21:30 UTC, 3 December 2014</u></b></p>
-<p>We've removed the master from DNS rotation, so read-only access remains accessible everywhere. </p>
-<p>Commits to SVN remain disabled while we work on restoring the service.&nbsp;</p>
-<p> </p>
-<p><b><u>UPDATE: 04:45 UTC, 4 December 2014</u></b></p>
-<p>&nbsp;The service remains offline while we work on moving the service to a new host. &nbsp;During the work to resolve the failed disks on eris (the previous host) it became apparent that it would not be the best use of our time to keep working on this (and we had frankly lost faith in the disks).&nbsp;</p>
-<p>We are now several hours into this move. &nbsp;The data has been synchronised to the new host, and now we are working on porting the configuration of the old host into puppet and making it fit the new setup on which it will be run. &nbsp;We don't currently have an exact time when we think it will be finished, but we are hopeful it will be during Thursday 4th December 2014.</p>
-<p>We'd like to apologise the downtime, but we are taking actions that we feel are in the best interests of a key piece of foundation infrastructure. &nbsp;As always you can come and find us in the Hipchat channel #asfinfra -&nbsp;<a href="https://www.hipchat.com/gdAiIcNyE" title="https://www.hipchat.com/gdAiIcNyE">https://www.hipchat.com/gdAiIcNyE</a>&nbsp;if you have any questions.&nbsp;</p>
-<p> --pctony</p>
-<p> </p>
-<p><b><u>UPDATE: 11:18 UTC, 4 December 2014</u></b></p>
-<p>&nbsp;We are performing sanity checks on the new puppetized configuration. For historical reasons, our svn system has relied on specially crafted versions of svn, which we are attempting to replace with canonical release versions instead, so as to easier set up a new host, should we experience another major outage. This entails a lot of rewriting of scripts, but we expect most of this to have been done now, pending a full system check.<br/></p>
-<p>Once all this is done, we will be performing authorization checks to make sure everything is as it should be, and when satisfied, we will reopen the svn repo for committers.<br/></p>
-<p>The ETA is still uncertain, but remains a hopeful "today" (Thursday, December 4th). </p>
-<p>--humbedooh <br/></p>
-<p><b><u>UPDATE: 16:15 UTC, 4 December 2014</u></b></p>
-<p>We are nearly there. We are currently putting the finishing touches to the config, and we will begin closed testing within the infrastructure group very soon. Assuming this goes well we will aim to open the service as soon as possible after this. &nbsp;</p>
-<p>The delay will come when we ensure that no data could be lost as a result of re-starting the service. &nbsp;Data security and provenance is our utmost concern.&nbsp;</p>
-<p>More news to follow in the next couple of hours hopefully. </p>
-<p>--pctony&nbsp;</p>
-<p> </p>
-<p><b><u>UPDATE: 03:01 UTC, 5 December 2014 &nbsp;[FINAL UPDATE]&nbsp;</u></b></p>
-<p>Well. As of 5 minutes ago the main subversion service was restored. Only one repository is currently not available, the dist repository used by projects to stage dev and release outputs. This will be fixed ASAP.&nbsp;</p>
-<p>If you spot any issues with the service, in the first instance please hop onto HipChat and chat to us - <a href="https://www.hipchat.com/gdAiIcNyE">https://www.hipchat.com/gdAiIcNyE</a>.&nbsp; Or you can use the usual email address <a href="mailto:infrastructure@apache.org">infrastructure@apache.org</a>&nbsp; if you prefer that.</p>
-<p>This outage has forced us to review the setup of the primary subversion host and as a result of this we have made many changes to bring it inline with our current practice and standards. This involved re-engineering quite a lot of things that had accumulated over the years, and like many a good onion the more layers we peeled back the more we sobbed.&nbsp;</p>
-<p>We are happy to report that this host is now completely managed with puppet, and is delivering metrics to our instance of Circonus very happily. </p>
-<p>Once again thank you for your patience and we hope that the service feels a lot more sprightly on it's new host.&nbsp;</p>
-<p>Cheers,<br/>On behalf of the Apache Infrastructure Team</p>
-<p>--pctony&nbsp;</p>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>MoinMoin Service - User Account Tidy Up</title><link href="https://infra.apache.org/blog/moinmoin_service_user_account_tidy.html" rel="alternate"></link><published>2014-11-21T12:17:17+00:00</published><updated>2014-11-21T12:17:17+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-11-21:/blog/moinmoin_service_user_account_tidy.html</id><summary type="html"><hr/>
-**Note**: We no longer use the MoinMoin service. Projects can create a wiki in the <a href="https://infra.apache.org/cwiki.html" target="_blank">ASF Confluence Wiki</a>.
-<hr/>
-<p>In recent months we have become increasingly aware of a slowing down of our MoinMoin wiki service. &nbsp;We have attributed this, at least in part, due to the way MoinMoin stores some …</p></summary><content type="html"><hr/>
-**Note**: We no longer use the MoinMoin service. Projects can create a wiki in the <a href="https://infra.apache.org/cwiki.html" target="_blank">ASF Confluence Wiki</a>.
-<hr/>
-<p>In recent months we have become increasingly aware of a slowing down of our MoinMoin wiki service. &nbsp;We have attributed this, at least in part, due to the way MoinMoin stores some data about user accounts. &nbsp;</p>
-<p>Across all of our wiki instances (in the farm) we had a little over 1.08 million distinct user accounts. &nbsp;Many of which have never been used (spam etc). &nbsp;So we have decided to archive all users who have not accessed any of the wiki sites they were registered for in more than 128 days. &nbsp;</p>
-<p>This has resulted in us being able to archive a little over 800k users. &nbsp;This leaves us with around 200k users across 77 wikis. This still feels very high, and in the coming weeks we will investigate further still in how we can better understand if those remaining accounts are making valid changes, or are they just link farm home pages.</p>
-<p>If you think your account was affected by this, and you would like to have your account restored, then please contact the Infra team using this page&nbsp;<a href="http://www.apache.org/dev/infra-contact">http://www.apache.org/dev/infra-contact</a> <br/><br/><br/>Thanks,<br/>ASF Infra Team<br/><br/></p>
-</content><category term="blog"></category></entry><entry><title>Code signing service now available</title><link href="https://infra.apache.org/blog/code_signing_service_now_available.html" rel="alternate"></link><published>2014-10-06T16:36:09+00:00</published><updated>2014-10-06T16:36:09+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-10-06:/blog/code_signing_service_now_available.html</id><summary type="html"><p>The ASF Infrastructure team is pleased to announce the availability of a new code signing service for Java, Windows and Android applications. This service is available to any Apache project to use to sign their releases. Traditionally, Apache projects have shipped source code. The code tarballs are signed with a …</p></summary><content type="html"><p>The ASF Infrastructure team is pleased to announce the availability of a new code signing service for Java, Windows and Android applications. This service is available to any Apache project to use to sign their releases. Traditionally, Apache projects have shipped source code. The code tarballs are signed with a GPG signature to allow users and providers to verify the code's authenticity, but users have either compiled their own applications or some projects have provided convenience binaries. With projects like Apache OpenOffice, users expect to receive binaries that are ready to run. Today's desktop and mobile operating systems expect that binaries will be signed by the vendor -- which had left a gap to be filled for Apache projects. &nbsp;</p>
-<p>After a great deal of research, we have chosen Symantec's <a href="http://www.symantec.com/code-signing/secure-app-service">Secure App Service</a> offering to provide code signing service. This allows us to granularly permit access; and each PMC will have their own certificate(s) for signing. The per-project nature of certificate issuance allows us to revoke a signature without disrupting other projects.&nbsp;</p>
-<p>This service will permit projects to sign artifacts either via a web GUI or a SOAP API. In addition a <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/projects/code-signing/java-client/">Java client</a> and an <a href="http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/buildutil/SignCode.java?view=log">ant task</a> for signing have been written and a maven plugin is <a href="http://mail-archives.apache.org/mod_mbox/www-infrastructure-dev/201409.mbox/%3C542181B4.4030104%40apache.org%3E">under development</a>.<br/></p>
-<p>This service results in a 'pay for what you use' scenario, so PMCs are asked to use the service responsibly. To that end, projects will have access to a test environment to ensure that they have their process working correctly before consuming actual credits.</p>
-<p>Thus far, we've had two projects who have helped testing this and working out process for which we are very grateful. Those projects, Commons and Tomcat, have successfully released signed artifacts recently. (Commons Daemon 1.0.15 and Tomcat 8.0.14)</p>
-<p>Projects that wish to use this service should <a href="https://reference.apache.org/pmc/newcodesigning">open an Infra JIRA ticket</a> under the Codesigning component. Further <a href="https://reference.apache.org/pmc/codesigning">information for projects using the service</a> is also maintained by the infra team<br/></p>
-</content><category term="blog"></category></entry><entry><title>GitHub pull request builds now available on builds.apache.org</title><link href="https://infra.apache.org/blog/github_pull_request_builds_now.html" rel="alternate"></link><published>2014-10-02T13:00:00+00:00</published><updated>2014-10-02T13:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-10-02:/blog/github_pull_request_builds_now.html</id><summary type="html"><p><font face="arial, helvetica, sans-serif"><span style="font-stretch: normal;">The ASF Infrastructure team is happy to announce that you can now set up jobs on <a href="https://builds.apache.org">builds.apache.org</a> to listen for pull requests to <a href="https://github.com/apache">github.com/apache</a> repositories, build that pull request&rsquo;s changes, and then comment on the pull request with the build&rsquo;s results. This is done …</span></font></p></summary><content type="html"><p><font face="arial, helvetica, sans-serif"><span style="font-stretch: normal;">The ASF Infrastructure team is happy to announce that you can now set up jobs on <a href="https://builds.apache.org">builds.apache.org</a> to listen for pull requests to <a href="https://github.com/apache">github.com/apache</a> repositories, build that pull request&rsquo;s changes, and then comment on the pull request with the build&rsquo;s results. This is done using the <a href="http://www.cloudbees.com/products/jenkins-enterprise">Jenkins Enterprise</a> <a href="https://wiki.cloudbees.com/bin/view/DEV/Github+Pull+Request+Validation">GitHub pull request builder plugin</a>, generously provided to the ASF by our friends at <a href="http://www.cloudbees.com/">CloudBees</a>. We've set up the necessary hooks on all github.com/apache repositories that are up as of Wednesday, Oct 1, 2014, and will be adding the hooks to all new repositories going forward.</span><br/> <span style="font-stretch: normal;"></span><br/> <span style="font-stretch: normal;">Here&rsquo;s what you need to do to set it up:</span><br/> </font></p>
-<ul>
-<li><font face="arial, helvetica, sans-serif">Create a new job, probably copied from an existing job.</font></li>
-<li><font face="arial, helvetica, sans-serif">Make sure you&rsquo;re not doing any &ldquo;mvn deploy&rdquo; or equivalent in the new job - this job shouldn&rsquo;t be deploying any artifacts to Nexus, etc.</font></li>
-<li><font face="arial, helvetica, sans-serif">Check the "Enable Git validated merge support&rdquo; box - you can leave the first few fields set to their default, since we&rsquo;re not actually pushing anything. This is just required to get the pull request builder to register correctly.</font></li>
-<li><font face="arial, helvetica, sans-serif"><span style="font-stretch: normal;">Set the &ldquo;GitHub project&rdquo; field to the HTTP URL for your repository - i.e.,"http://github.com/apache/incubator-brooklyn/"</span><span style="font-stretch: normal;">- make sure it ends with that trailing slash and doesn&rsquo;t include .git, etc.</span></font></li>
-<li><font face="arial, helvetica, sans-serif"><span style="font-stretch: normal;"></span>In the Git SCM section of the job configuration, set the repository URL to point to the GitHub git:// URL for your repository - i.e.,&nbsp;git://github.com/apache/incubator-brooklyn.git.</font></li>
-<li><font face="arial, helvetica, sans-serif">You should be able to leave the &ldquo;Branches to build&rdquo; field as is - this won&rsquo;t be relevant anyway.</font></li>
-<li><font face="arial, helvetica, sans-serif">Click the &ldquo;Add&rdquo; button in &ldquo;Additional Behaviors&rdquo; and choose "Strategy for choosing what to build&rdquo;. Make sure the choosing strategy is set to &ldquo;Build commits submitted for validated merge&rdquo;.</font></li>
-<li><font face="arial, helvetica, sans-serif">Uncheck any existing build triggers - this shouldn&rsquo;t be running on a schedule, polling, running when SNAPSHOT dependencies are built, etc.</font></li>
-<li><font face="arial, helvetica, sans-serif">Check the &ldquo;Build pull requests to the repository&rdquo; option in the build triggers.</font></li>
-<li><font face="arial, helvetica, sans-serif">Optionally change anything else in the job that you&rsquo;d like to be different for a pull request build than for a normal build - i.e., any downstream build triggers should probably be removed, &nbsp;you may want to change email recipients, etc.</font></li>
-<li><font face="arial, helvetica, sans-serif">Save, and you&rsquo;re done!</font></li>
-</ul>
-<p> <span style="font-stretch: normal;"><font face="arial, helvetica, sans-serif">Now when a pull request is opened or new changes are pushed to an existing pull request to your repository, this job will be triggered, and it will build the pull request. A link will be added to the pull request in the list of builds for the job, and when the build completes, Jenkins will comment on the pull request with the build result and a link to the build at <a href="https://builds.apache.org">builds.apache.org</a>.&nbsp;</font></span></p>
-<p><font face="arial, helvetica, sans-serif"><span style="font-stretch: normal;"></span>In addition, you can also use the "Build when a change is pushed to GitHub" option in the build triggers for non-pull request jobs, instead of polling - Jenkins receives notifications from GitHub whenever one of our repositories has been pushed to. Jenkins can then determine which jobs use that repository and the branch that was pushed to, and trigger the appropriate build.<br/> <span style="font-stretch: normal;"></span><br/> <span style="font-stretch: normal;">If you have any questions or problems, please email builds@apache.org or open a BUILDS JIRA at <a href="https://issues.apache.org/jira/browse/BUILDS/">issues.apache.org</a>.&nbsp;</span></font> </p>
-</content><category term="blog"></category></entry><entry><title>Committer shell access to people.apache.org</title><link href="https://infra.apache.org/blog/committer_shell_access_to_people.html" rel="alternate"></link><published>2014-09-25T23:38:41+00:00</published><updated>2014-09-25T23:38:41+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-09-25:/blog/committer_shell_access_to_people.html</id><summary type="html"><p>Apache committers are granted shell access to a host known as either people.apache.org or minotaur. As you may know, there has been a two year grace period in which we have advertised the upcoming change away from password logins to SSH key only.</p>
-<p>Due to a significant recent …</p></summary><content type="html"><p>Apache committers are granted shell access to a host known as either people.apache.org or minotaur. As you may know, there has been a two year grace period in which we have advertised the upcoming change away from password logins to SSH key only.</p>
-<p>Due to a significant recent increase in security issues, the Infrastructure team has taken steps to complete the implementation of key-only logins to protect ASF computing resources.&nbsp;</p>
-<p>If you can't access the host anymore then it is very likely you do not have your key stored in LDAP. &nbsp;Please check your LDAP data in https://id.apache.org - and add your key(s) if they are not present.&nbsp; If necessary, ensure your keys are loaded locally (for linux see <a href="http://linux.die.net/man/1/ssh-add">http://linux.die.net/man/1/ssh-add</a>&nbsp; and <a href="http://linux.die.net/man/1/ssh-agent">http://linux.die.net/man/1/ssh-agent</a>)<br/></p>
-<p>The host will pick up this change within 5 minutes of you making your change and you should be able to get in again. </p>
-<p>As always if you have any issues please open a JIRA issue in the INFRA project and we will help you as soon as we can. &nbsp;</p>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>Committers mail relay service</title><link href="https://infra.apache.org/blog/committers_mail_relay_service.html" rel="alternate"></link><published>2014-09-25T22:57:44+00:00</published><updated>2014-09-25T22:57:44+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-09-25:/blog/committers_mail_relay_service.html</id><summary type="html"><p>For a very long time now we have allowed committers to send email from their @apache.org email address from any host. &nbsp;10 years ago this was less of an issue than it is today. &nbsp;In the current world of mass spam and junk flying around, mail server providers are …</p></summary><content type="html"><p>For a very long time now we have allowed committers to send email from their @apache.org email address from any host. &nbsp;10 years ago this was less of an issue than it is today. &nbsp;In the current world of mass spam and junk flying around, mail server providers are trying to find better ways to implement a sense of safety from this for their users. &nbsp;One such method is SPF [1]. These methodologies check that incoming email actually originated via a valid mail server for the senders domain.&nbsp;</p>
-<p>For example if you send from myuserid@apache.org, but you just send that via your ISP at home, it could be construed as being junk as it never came via an apache.org mail server. &nbsp;Some time ago we setup a service on people.apache.org to cater for this, but it was never enforced and it seems that the SMTP daemon running the service is not 100% RFC compliant and thus some people have been unable to use this service.</p>
-<p>As of today, we have stood up a new service on host mail-relay.apache.org that will allow committers to send their apache.org emails via a daemon that is RFC compliant and uses your LDAP credentials. You can read here [2] what settings you will need to be able to use this service.&nbsp;</p>
-<p>On Friday October 10th, at 13:00 UTC the old service on people.apache.org will be terminated, and the updates to the DNS to enforce sending of all apache.org email to have originated via an ASF mail server will be enabled. This means that as of this time if you do not send your apache.org email via mail-relay it is very likely that the mail will not reach it's destination. &nbsp;</p>
-<p>When we say 'send your apache.org email' &nbsp;- we mean that when you send *<b>from</b>* your userid@apache.org email. &nbsp; Emails sent *<b>to</b>* any apache.org email address will not affected by this.&nbsp;</p>
-<p> </p>
-<p>[1] - <a href="http://en.wikipedia.org/wiki/Sender_Policy_Framework" title="http://en.wikipedia.org/wiki/Sender_Policy_Framework">http://en.wikipedia.org/wiki/Sender_Policy_Framework</a></p>
-<p>[2] - <a href="https://reference.apache.org/committer/email#sendingemailfromyourapacheorgemailaddress" title="https://reference.apache.org/committer/email#sendingemailfromyourapacheorgemailaddress">https://reference.apache.org/committer/email#sendingemailfromyourapacheorgemailaddress</a> </p>
-</content><category term="blog"></category></entry><entry><title>Nexus reduced performance issues resolved</title><link href="https://infra.apache.org/blog/nexus_reduced_performance_issues_resolved.html" rel="alternate"></link><published>2014-09-11T09:19:46+00:00</published><updated>2014-09-11T09:19:46+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-09-11:/blog/nexus_reduced_performance_issues_resolved.html</id><summary type="html"><p>&nbsp;&nbsp; &nbsp;HI All,<br/><br/>So Tuesday morning we got a report in IRC that a committer was trying to get a release out <br/>and could not deploy. Shortly after a Nexus issue was reported in Jira INFRA-8321. A few <br/>hours later another issue INFRA-8322 related to Nexus was opened. So far, nothing …</p></summary><content type="html"><p>&nbsp;&nbsp; &nbsp;HI All,<br/><br/>So Tuesday morning we got a report in IRC that a committer was trying to get a release out <br/>and could not deploy. Shortly after a Nexus issue was reported in Jira INFRA-8321. A few <br/>hours later another issue INFRA-8322 related to Nexus was opened. So far, nothing unusual <br/>about that.<br/><br/>Yesterday, more issues reported on IRC/HipChat, and more issues opened.<br/>(INFRA-8326,INFRA-8327,INFRA-8328, INFRA-8334). By then it was obvious this more than <br/>a coincidence and it was already being looked into.<br/><br/>Twitter notifications and emails were sent out declaring the degraded performance an outage <br/>and On Call was full time looking into the issue. Others joined the call to assist and eventually <br/>the outage was determined to be a change to LDAP configuration made 2 days ago by Infra.<br/><br/>(See infra:r921805 for the revert of that.)<br/><br/>The LDAP change was made to improve response times as it was being reported as being slow<br/>to return queries. Reverting the change cured the issues Nexus was having contacting the <br/>groups that committers belonged to.<br/><br/>There will be another avenue looked into for improving LDAP query response times whilst not <br/>affecting those services that connect via anon bind.<br/><br/>Infra thanks everyone for their patience whilst this was looked into and resolved.<br/><br/>Thanks go to those involved in working towards the solution:-<br/><br/>Gavin McDonald (gmcdonald) <br/>Tony Stevenson (pctony)<br/>Chris Lambertus (cml)<br/>Daniel Gruno (humbedooh)<br/>Brian Fox (brianf)<br/><br/>Cheers<br/><br/>Gav&hellip;<br/></p>
-</content><category term="blog"></category></entry><entry><title>On-demand workers from Rackspace added to builds.apache.org</title><link href="https://infra.apache.org/blog/on_demand_workers_from_rackspace.html" rel="alternate"></link><published>2014-09-04T13:00:00+00:00</published><updated>2014-09-04T13:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-09-04:/blog/on_demand_workers_from_rackspace.html</id><summary type="html"><div>A couple of weeks ago, Apache's Infrastructure team added a new feature to our Jenkins server, <a href="http://builds.apache.org">builds.apache.org</a> to help deal with the at times overwhelming queues of builds waiting for an executor. While this has been improved dramatically by the increase in workers generously provided by Yahoo! on …</div></summary><content type="html"><div>A couple of weeks ago, Apache's Infrastructure team added a new feature to our Jenkins server, <a href="http://builds.apache.org">builds.apache.org</a> to help deal with the at times overwhelming queues of builds waiting for an executor. While this has been improved dramatically by the increase in workers generously provided by Yahoo! on physical hosts, we're always trying to look forward and be prepared for increased usage in the future.&nbsp;</div>
-<div><br/></div>
-<div>To that end, we've set up worker images on Rackspace, generated using the fantastic tool <a href="http://packer.io" target="_blank">Packer</a>. Using the <a href="http://jclouds.apache.org">Apache jclouds</a> <a href="https://wiki.jenkins-ci.org/display/JENKINS/JClouds+Plugin">plugin for Jenkins</a>, Ubuntu workers will be spun up dynamically on Rackspace using those images when there's a queue of pending builds that are able to run on the &ldquo;ubuntu&rdquo; label. Up to five of these workers can be running at a time, and they're automatically removed from Jenkins and destroyed on Rackspace once they've been idle a set period of time. This burst capacity will help us prevent a long wait for builds to run on <a href="http://builds.apache.org">builds.apache.org</a>.</div>
-<div><br/></div>
-<div>We're able to do this thanks to Rackspace generously donating resources to the Apache Software Foundation. We're extremely grateful for this, and if any other public cloud providers are also interested in donating compute cycles to the Foundation, please contact the Infrastructure team.</div>
-<div><br/></div>
-<div>One thing to note - the worker image we're using is still new and may have bugs in it. If you see your build suddenly failing for mysterious reasons, please take a look at the worker it ran on - if it's a worker named something like &ldquo;jenkins-ubuntu-1404-4gb-abc&rdquo;, please open a BUILDS JIRA at <a href="https://issues.apache.org">issues.apache.org</a> with a link to the failing build and we'll investigate.</div>
-<div><br/></div>
-<div>We've got more improvements for <a href="http://builds.apache.org">builds.apache.org</a> planned for the future, and we're looking forward to sharing them with all of you - there'll be a talk at ApacheCon EU this November on the current status of Jenkins at the ASF, what we've done to stabilize and improve the developer experience on <a href="http://builds.apache.org">builds.apache.org</a>&nbsp;this year, and what's planned for the future - hope to see you there!</div>
-</content><category term="blog"></category></entry><entry><title>Infrastructure Team Adopting an On-Call Rotation</title><link href="https://infra.apache.org/blog/infrastructure_team_adopting_an_on.html" rel="alternate"></link><published>2014-08-18T13:00:00+00:00</published><updated>2014-08-18T13:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-08-18:/blog/infrastructure_team_adopting_an_on.html</id><summary type="html"><p>As the Apache Software Foundation (ASF) has grown, the infrastructure required to support its diverse set of projects has grown as well. To care for the infrastructure that the ASF depends on, the foundation has hired several contractors to supplement the dedicated cadre of volunteers who help maintain the ASFs …</p></summary><content type="html"><p>As the Apache Software Foundation (ASF) has grown, the infrastructure required to support its diverse set of projects has grown as well. To care for the infrastructure that the ASF depends on, the foundation has hired several contractors to supplement the dedicated cadre of volunteers who help maintain the ASFs hardware and services. To best utilize the time of our paid contractors and volunteers, the Infrastructure team will be adopting an on-call rotation to meet requests and resolve outages in a timely fashion.&nbsp;</p>
-<h3>Why We're Establishing an On-Call Rotation
-</h3>
-<p>
-In groups, especially groups that are charged with overlapping duties, there's occasionally a sense of <a href="http://en.wikipedia.org/wiki/Diffusion_of_responsibility" target="_blank">diffusion of responsibility</a>. There tends to be a good number of tasks or incidents that routinely occur that need a clear owner. We've also tried to set expectations around our service levels relative to the importance of a service. In example, a new mailing list can be set up as convenient, but a failing mail service needs to be addressed immediately.
-</p>
-<p>The technical side of this has been that we have historically alerted via email and/or SMS about any urgent issues that came up. Of course those alerts went to everyone on the team. If the alert occurs at an inconvenient time, either everyone responds, which is likely wasteful, or no one responds thinking someone else will.
-</p>
-<p>At the Infrastructure team's face to face meeting in July we decided we'd adopt an on-call rotation for the contractors so that everyone wasn't responsible for everything all of the time. We then went looking for something to let us sanely (and without building it ourselves) deal with that. </p>
-<p>
-<p>We ended up choosing <a href="https://pagerduty.com" target="_blank">PagerDuty</a>, which has a number of ways of receiving alerts. More importantly, it allows us to set a schedule, easily override it for holidays or illnesses, and do so programmatically. It also seamlessly integrates with <a href="https://hipchat.com">HipChat</a>, which Infrastructure is running a trial of and communicates with our mobile devices. </p></p>
-<p>
-<p>PagerDuty also supports a clear escalation path that begins alerting other people about issues if the person on-call fails to respond in a timely manner. Additionally, PagerDuty's mobile apps are built with <a href="https://cordova.apache.org">Apache Cordova</a>, which is an interesting circle. We've finished our trial and decided to adopt PagerDuty. PagerDuty&nbsp;was especially gracious and made our account gratis.</p>
-</p>
-<p>Adopting an on-call rotation will allow us to provide a better service and response time, while also clearly setting expectations around contractor availability so they can relax on their off weeks. </p>
-<p>
-<p>If you have questions or want to get involved, feel free to join us on the infrastructure mailing list <a href="mailto:infrastructure@apache.org">infrastructure@apache.org</a> or joining us in our <a href="http://www.hipchat.com/gw4Cfp7JY" target="_blank">Hipchat room</a>.</p>
-</p>
-</content><category term="blog"></category></entry><entry><title>New status page for the ASF</title><link href="https://infra.apache.org/blog/new_status_page_for_the.html" rel="alternate"></link><published>2014-08-14T13:45:53+00:00</published><updated>2014-08-14T13:45:53+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-08-14:/blog/new_status_page_for_the.html</id><summary type="html"><p>We are pleased to announce that we have a new status page for our infrastructure and the ASF as a whole.</p>
-<p>Where we have previously been focused on reporting the up/down status of our services, we have now begun to look a bit more at the broader picture of …</p></summary><content type="html"><p>We are pleased to announce that we have a new status page for our infrastructure and the ASF as a whole.</p>
-<p>Where we have previously been focused on reporting the up/down status of our services, we have now begun to look a bit more at the broader picture of the ASF; What's going on, who is committing how much, where are emails going, what's going on on GitHub mirrors and so on, as well as tracking uptime and availability for our public services that power the ASF's online presence. </p>
-<p>The result of this broader scope can be seen on: <a href="http://status.apache.org" target="_blank" title="http://status.apache.org">http://status.apache.org</a> </p>
-<p>It is our hope that you'll find this new status page informative and helpful, both in times of trouble and times where everything is in working condition. <br/></p>
-</content><category term="blog"></category></entry><entry><title>Email from apache.org committer accounts bypasses moderation!</title><link href="https://infra.apache.org/blog/email_from_apache_org_committer.html" rel="alternate"></link><published>2014-06-15T02:29:06+00:00</published><updated>2014-06-15T02:29:06+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-06-15:/blog/email_from_apache_org_committer.html</id><summary type="html"><p>Good news! &nbsp; We've finally laid the necessary groundwork to extend the bypassing of committer emails sent from their apache.org addresses, from commit lists to now all Apache mailing lists. &nbsp;This feature was activated earlier today and represents a significant benefit for cross-collaboration between Apache mailing lists for committers, relieving …</p></summary><content type="html"><p>Good news! &nbsp; We've finally laid the necessary groundwork to extend the bypassing of committer emails sent from their apache.org addresses, from commit lists to now all Apache mailing lists. &nbsp;This feature was activated earlier today and represents a significant benefit for cross-collaboration between Apache mailing lists for committers, relieving moderators of needless burden.</p>
-<p>Also we'd like to remind you of the SSL-enabled SMTP submission service we offer committers listening on people.apache.org port 465. &nbsp;Gmail users in particular can enjoy a convenient way of sending email, to any recipient even outside apache.org, using their apache.org committer address. &nbsp;For more on that please see our website's <a href="http://www.apache.org/dev/user-email.html#via-smtp-based-mail-submission-service-recommended">documentation</a>.</p>
-<p>To complement these features we'd also like to remind committers of the ability to request an "owner file" be added to their email forwarder by filing an appropriate INFRA jira ticket. &nbsp;Owner files alleviate most of the problems associated with outside organizations, who may be running strict SPF policies, attempting to reach you at your apache.org address. &nbsp;Without an owner file those messages will typically bounce back to those organizations instead of successfully reaching you at your target forwarding address. &nbsp;For those familiar with SRS, this is a poor-man's version of that specification's feature set. &nbsp;Please direct your detailed questions about owner files to the infrastructure-dev@apache.org mailing list.</p>
-<p>NOTE: we've extended this bypass feature to include any committer email addresses listed in their personal LDAP record with Apache.</p>
-</content><category term="blog"></category></entry><entry><title>DMARC filtering on lists that munge messages</title><link href="https://infra.apache.org/blog/dmarc_filtering_on_lists_that.html" rel="alternate"></link><published>2014-06-03T21:57:08+00:00</published><updated>2014-06-03T21:57:08+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-06-03:/blog/dmarc_filtering_on_lists_that.html</id><summary type="html"><hr/>
-**Note**: The solution described below has been incorporated into ezmlm. However, it creates a new problem, generating double 'Reply-To:' headers in the case of lists with a `reply-to` set to something other than the list name. A complete rewrite of this function is under consideration. You can follow the discussion …</summary><content type="html"><hr/>
-**Note**: The solution described below has been incorporated into ezmlm. However, it creates a new problem, generating double 'Reply-To:' headers in the case of lists with a `reply-to` set to something other than the list name. A complete rewrite of this function is under consideration. You can follow the discussion on Jira ticket <a href="https://issues.apache.org/jira/browse/INFRA-24849" target="_blank">INFRA-24849</a>.
-<hr/>
-<p>Since Yahoo! switched their DMARC policy in mid-April, we've seen an increase in undeliverable messages sent from our mail server for Yahoo! accounts subscribed to our lists. &nbsp; Roughly half of Apache's mailing lists do some form of message munging, whether it be Subject header prefixes, appended message trailers, or removed mime components. &nbsp;Such actions are incompatible with Y!'s policy for its users, which has meant more bounces and more frustration trying to maintain inclusive discussions with Y! users.</p>
-<p>Since Y!'s actions are likely just the beginning of a trend towards strong DMARC policies aimed at eliminating forged emails, we've taken the extraordinary step of munging Y! user's From headers to append a spec-compliant .INVALID marker on their address, and dropping the DKIM-Signature: header for such messages. &nbsp;We are an ezmlm shop and maintain a heavily customized .ezmlmrc file, so carrying this action out was relatively straightforward with a 30-line perl header filter prepended to certain lines in the "editor" block of our .ezmlmrc file. &nbsp;The filter does a dynamic lookup of DMARC "p=reject" policies to inform its actions, so we are prepared for future adopters beyond the early ones like Yahoo!, AOL, Facebook, LinkedIn, and Twitter. &nbsp; Interested parties in our solution may visit <a href="http://www.sunstarsys.com/essays/mailing-lists">this page</a> for details and the Apache-licensed code.</p>
-<p>Of course this filter only applies to half our lists- the remainder that do no munging are perfectly compatible with DMARC rejection policies without modification of our list software or configuration. &nbsp;Apache projects that prefer to avoid munging may file a Jira ticket with infrastructure to ask that their lists be set to "ezmlm-make -+ -TXF" options.</p>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>Mail outage post-mortem</title><link href="https://infra.apache.org/blog/mail_outage_post_mortem.html" rel="alternate"></link><published>2014-05-28T05:16:39+00:00</published><updated>2014-05-28T05:16:39+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-05-28:/blog/mail_outage_post_mortem.html</id><summary type="html"><p><span style="color: #222222; font-family: arial; font-size: small;"><b>Overview:</b></span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">During the afternoon of May 6th we began experiencing delays in mail delivery of 1-2 hours. Initial efforts at remediation seemed to clear this up but on the morning of May 7th the problem worsened and we proactively disabled mail service to deal with the failure. This outage affected …</span></p></summary><content type="html"><p><span style="color: #222222; font-family: arial; font-size: small;"><b>Overview:</b></span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">During the afternoon of May 6th we began experiencing delays in mail delivery of 1-2 hours. Initial efforts at remediation seemed to clear this up but on the morning of May 7th the problem worsened and we proactively disabled mail service to deal with the failure. This outage affected all ASF mailing lists and mail forwarding. The service remained unavailable until May 10th, and it took almost 5 additional days to fully flush the backlog of messages. </span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">You can find a timeline here that was kept during the incident: https://blogs.apache.org/infra/entry/mail_outage</span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">This was a catastrophic failure for the Apache Software Foundation as email is core to virtually every operation and is our primary communication medium. &nbsp;</span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;"><b>What happened:</b> </span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">The mail service at the ASF is composed of three physical servers. Two of these are external facing mail exchangers that receive mail. The final server handles mailing list expansion, alias forwarding and mail delivery in general. That latter server had two volumes that experienced a disk outage each. This degraded performance substantially and led to the mail delays seen on May 6th and 7th. The service was proactively disabled on May 7th in an attempt to let the arrays rebuild without the significant disk I/O overhead caused by processing the large mail backlog. Ultimately multiple attempts to rebuild the underlying arrays failed and eventually other drives in the array where the data volume was stored failed rendering recovery a hopeless task on May 8th. We began working to restore backups from our offsite backup location to our primary US datacenter. When this began to take longer than expected, additional concurrent efforts began to restore service in one of our secondary datacenters as well as in a public cloud instance. Ultimately we ended up completing the restoration to our primary US datacenter first and were able to bring the service online. When the service resumed, we had an estimated 10 million message backlog in addition to our normal 1.7-2 million ongoing daily message flow. The amount of backlogged mail taxed the existing infrastructure and architecture of the mail service and took almost 5 days to completely clear. </span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;"></span></p>
-<p><span style="color: #222222; font-family: arial; font-size: small;"><b>What worked:</b></span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Our backups were sufficient to allow us to restore the service in good working order. </span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Early precautions taken when we discovered the problem combined with our backups resulted in no data loss from the incident. </span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Our mail exchangers continued to work during the outage and held incoming mail until the service was restored. </span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;"><b>What didn't work:</b></span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Our monitoring was not sufficient to identify the problem or alert us to the symptoms. </span><br style="color: #222222; font-family: arial; font-size: small;"/><font color="#222222" face="arial" size="2">No spare hard drives for this class of machine were on-hand in our primary datacenter.&nbsp;</font><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">The restore time from our remote backups took an excessively long time. This was partially due to the large size of the restore data, and partially due to the transport method used for the data. </span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">After the service was restored we had approximately a 10M message backlog that took days to clear.</span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">The primary administrator of the service was on vacation, and the remaining infrastructure contractors were not intimately familiar with the service.&nbsp;</span><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Our documentation was insufficient to easily restore the service in a rapid manner by folks without intimate knowledge.&nbsp;</span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;"><b>Remediation plan:</b></span><br style="color: #222222; font-family: arial; font-size: small;"/><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Our immediate action items:</span><br style="color: #222222; font-family: arial; font-size: small;"/> </p>
-<ul>
-<li><span style="color: #222222; font-family: arial; font-size: small;">Update the documentation to be current/diagram mail flow.</span></li>
-<li><span style="font-size: small; color: #222222; font-family: arial;">Improve the monitoring of the mail service itself as well as the hardware.</span><span style="font-size: small; color: #222222; font-family: arial;"> </span></li>
-<li><span style="font-size: small; color: #222222; font-family: arial;">Insure we have adequate spares on hand for the majority of our core services.</span><span style="font-size: small; color: #222222; font-family: arial;"> </span></li>
-<li><span style="font-size: small; color: #222222; font-family: arial;">Place our mail server under configuration management to reduce our MTTR</span><span style="font-size: small; color: #222222; font-family: arial;"> </span></li>
-</ul><br style="color: #222222; font-family: arial; font-size: small;"/><span style="color: #222222; font-family: arial; font-size: small;">Medium-to-Long term initiatives.</span><br style="color: #222222; font-family: arial; font-size: small;"/>
-<ul>
-<li><span style="color: #222222; font-family: arial; font-size: small;">Crosstraining contractors in all critical services</span></li>
-<li><span style="color: #222222; font-family: arial; font-size: small;">Work on moving to a more fault-tolerant/redundant architecture</span></li>
-<li><span style="color: #222222; font-family: arial; font-size: small;">More fully deploy our config management and automated provisioning across our infrastructure so MTTR is reduced.</span></li>
-</ul>
-<p>&nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>New monitoring system: nagios is dead long live circonus</title><link href="https://infra.apache.org/blog/new_monitoring_system_nagios_is.html" rel="alternate"></link><published>2014-05-23T22:29:12+00:00</published><updated>2014-05-23T22:29:12+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-05-23:/blog/new_monitoring_system_nagios_is.html</id><summary type="html"><p>23 may 2014 the old monitoring system "nagios" was put to sleep, and "circonus" was given production status.</p>
-<p>The new monitoring system is sponsored by circonus and most of the monitoring as well as the central database runs on <a href="www.circonus.com" target="_blank">www.circonus.com</a>. The infrastructure team have built and deployed logic …</p></summary><content type="html"><p>23 may 2014 the old monitoring system "nagios" was put to sleep, and "circonus" was given production status.</p>
-<p>The new monitoring system is sponsored by circonus and most of the monitoring as well as the central database runs on <a href="www.circonus.com" target="_blank">www.circonus.com</a>. The infrastructure team have built and deployed logic around the standard circonus system:<br/>
-- A private broker, to monitor internal services&nbsp; without exposing them on internet<br/> - A dedicated broker (inhouse development) that monitor special ASF systems (like svn compare US - EU)<br/>
-- A configuration system, that are based on svn.<br/>
-- A new status page <a href="status.apache.org" target="_blank">status.apache.org</a> <br/>
-- A new team structure (all committers with sudo karma on a vm, get an email when something happens with the vm)<br/> </p>
-<p> </p>
-<p>The new system is a lot faster and we can therefore offer projects monitoring of project URLs, of course the project also need to have a team that handles the alerts.</p>
-<p>The current version has approx. the same facilities as Nagios, but we are planning (and actively programming) a version.2 that will allow us to better predict problems before they occur.</p>
-<p>Some of the upcoming features are:<br/>
-- disk monitoring<br/>
-- vital data statistic from core system (like size of mail queues)</p>
-<p>The change of monitoring system is a vital component in our transition to automate services and thereby enable infra to more effectively secure the stability of the infrastructure as well as make early detection of potential problems.</p>
-<p>The system was presented in Apachecon denver 2014, slides can be found&nbsp; <a href="http://people.apache.org/~jani/circonus.pdf">here</a>. We hope to present the live version at apachecon budapest 2014.</p>
-<p>On behalf of the infrastructure team</p>
-<p> jan I.<br/></p>
-<p> </p>
-<p><br/></p>
-<p> </p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>Mail outage</title><link href="https://infra.apache.org/blog/mail_outage.html" rel="alternate"></link><published>2014-05-07T14:48:16+00:00</published><updated>2014-05-07T14:48:16+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-05-07:/blog/mail_outage.html</id><summary type="html"><p>During the afternoon of May 6th we began experiencing delays in mail delivery of 1-2 hours. Initial efforts at remediation seemed to clear this up but on the morning of May 7th the problem worsened and we proactively disabled mail service to deal with the failure. The underlying hardware suffered …</p></summary><content type="html"><p>During the afternoon of May 6th we began experiencing delays in mail delivery of 1-2 hours. Initial efforts at remediation seemed to clear this up but on the morning of May 7th the problem worsened and we proactively disabled mail service to deal with the failure. The underlying hardware suffered failures on multiple disks. This outage effects all ASF mailing lists and mail forwarding. </p>
-<p>&nbsp;This service is housed at <a href="http://osuosl.org">OSUOSL</a>, and we are currently waiting on smart hands to help with replacing hardware. Our expectation at this point is that we still have multiple hours worth of outage.&nbsp;</p>
-<p>&nbsp;Incoming mail is currently being received and held in queue by our mail exchangers. We also have a copy of the existing queue that hasn't been processed; so we expect no mail or data loss. &nbsp;</p>
-<p>ASF Infra's twitter bot will provide updates as we have them for the duration of the outage. Feel free to follow <a href="https://twitter.com/infrabot">@infrabot</a>&nbsp;on Twitter. There will be an update on this post as well as the situation progresses.</p>
-<p><b><u>UPDATE 7 May 19:27 UTC </u></b>- Drives have been replaced, array is attempting to rebuild. As indicated earlier on twitter, there likely remains hours of outage. &nbsp;</p>
-<p> </p>
-<p><b><u>UPDATE 7 May 20:44 UTC</u></b> - The disk array is still in the process of repairing. Several hundred mails were processed during a reboot, but more work remains before service is restored. &nbsp;Mail service has been disabled again as the array repair process is CPU-bound. The plan going forward is to allow the disk arrays to finish repairs. Once that is complete, we'll reenable the mail service and flush what is currently in the queue. Finally, once the queue is empty we'll begin receiving mail again.</p>
-<p><b><u>UPDATE 8 May 05:00 UTC</u></b> - The disk array failed to repair itself. The disks have been replaced and a new installation has been completed. Progress continues to be made towards resolution, but nothing firm enough yet for us to predict an time for restoration.</p>
-<p><u><b>UPDATE 8 May 15:45 UTC</b></u> - No material change of status has occurred. Infra worked in shifts around the clock last night and continue to do so to restore service. More updates as they become available. &nbsp;</p>
-<p><u><b>UPDATE 9 May 11:20 UTC</b></u> - We are working on temporarily restoring the most essential email aliases. In the meantime, inquiries may be made to <a href="mailto:infrastructure@apache.pw">infrastructure@apache.pw</a> or on our IRC channel, #asfinfra on Freenode. The work on restoring the service in full is still ongoing.</p>
-<p><b><u>UPDATE 9 May 17:20 UTC</u></b> - We've successfully restored a host from backups and will be starting testing soon. Based on the progress made in those tests we'll try and provide expectations around restoration of service timeline.</p>
-<p><b><u>UPDATE 10 May 15:45 UTC</u></b> - We've started pushing live mails through the system - you'll begin to see them trickle in as we gradually open the floodgates to restore service. Expect intermittent spurts for a while.&nbsp;</p>
-<p><b>UPDATE 10 May 21:55 UTC</b> - &nbsp;The floodgates have been opened. &nbsp;As we have a significant amount of backlog to catch up on, please be patient as the service does this. &nbsp;As always feel free to contact us if you have any questions. In the immediate short term (next day or so, we suggest you continue to use&nbsp;<a href="mailto:infrastructure@apache.pw">infrastructure@apache.pw</a>&nbsp;and our IRC channel, #asfinfra on Freenode. &nbsp;We would like to thank you for your patience during this extremely busy time.&nbsp;</p>
-<p><b><u>UPDATE 12 May 16:04 UTC</u></b> - Clarification - we have opened the floodgates, but have a substantial amount of backlog; and with the sudden rush of mail are being throttled by various mail services. With the addition of mail that's coming through anyway; it may take us from 2-5 days to fully flush the backlog. This time is so wide because of a wide variety of factors that are largely outside of our control, such as new mail coming in and mail services individual throttling policies. &nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>heartbleed fallout for apache</title><link href="https://infra.apache.org/blog/heartbleed_fallout_for_apache.html" rel="alternate"></link><published>2014-04-11T20:25:44+00:00</published><updated>2014-04-11T20:25:44+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-04-11:/blog/heartbleed_fallout_for_apache.html</id><summary type="html"><p>Remain calm.</p>
-<p>What we've learned about the heartbleed incident is that it is hard, in the sense of perhaps only viable to a well-funded blackhat operation, to steal a private certificate and key from a vulnerable service. &nbsp;Nevertheless, the central role Apache projects play in the modern software development world …</p></summary><content type="html"><p>Remain calm.</p>
-<p>What we've learned about the heartbleed incident is that it is hard, in the sense of perhaps only viable to a well-funded blackhat operation, to steal a private certificate and key from a vulnerable service. &nbsp;Nevertheless, the central role Apache projects play in the modern software development world require us to mitigate against that circumstance. &nbsp;Given the length of time and exposure window for this bug's existence, we have to assume that some/many Apache passwords may have been compromised, and perhaps even our private wildcard cert and key, so we've taken a few steps as of today:</p>
-<p> </p>
-<ol>
-<li>We fixed the vulnerability in our openssl installations to prevent further damage,</li>
-<li>We've acquired a new wildcard cert for apache.org that we have rolled out prior to this blog entry,</li>
-<li>We will require that all committers rotate their LDAP passwords (committers visit <a href="https://id.apache.org/reset/enter">id.apache.org</a> to reset LDAP passwords once they've been forcibly reset),</li>
-<li>We are encouraging all service administrators to all non-LDAP service like jira to rotate those passwords as well.</li>
-</ol>
-<div>
-<p>Regarding the cert change for svn users- we'd also like to suggest that you remove your existing apache.org certs from your .subversion cache to prevent potential MITM attacks using the old cert. &nbsp;Fortunately it is relatively painless to do this:</p>
-<p>&nbsp;% grep -l apache.org ~/.subversion/auth/svn.ssl.server/* | xargs rm</p>
-<p> </p>
-<p>NOTE: our openoffice wildcard cert was never vulnerable to this issue as it was served from an openssl-1.0.0 host.&nbsp;</p>
-<p> </p>
-</div>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>Scaling down the CMS to modest but intricate websites</title><link href="https://infra.apache.org/blog/scaling_down_the_cms_to.html" rel="alternate"></link><published>2014-03-25T18:23:50+00:00</published><updated>2014-03-25T18:23:50+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-03-25:/blog/scaling_down_the_cms_to.html</id><summary type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>The original focus of the CMS …</p></summary><content type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>The original focus of the CMS was to provide the tools necessary for handling <a href="http://www.apache.org/">http://www.apache.org/</a>&nbsp;and similar Anakia-based sites. &nbsp;The scope quickly changed when <a href="http://www.openoffice.org/">Apache OpenOffice</a> was accepted into the incubator... handling over 9GB of content well was quite an undertaking and will be soon discussed at Apachecon in Denver during <a href="http://apacheconnorthamerica2014.sched.org/event/041f72d553e8414e68180854cc62dc68#.UzHCItzoaRs">Dave Fisher's talk</a>. &nbsp;From there the build system was extended to allow builds using multiple technologies and programming languages.</p>
-<p>Since that time in late 2012 the CMS codebase has sat still, but recently we've upped the ante and decided to offer features aimed at parity with other site building technologies like jekyll, nanoc and middleman. &nbsp;You can see some of the new additions to the Apache CMS in action at <a href="http://thrift.apache.org/">http://thrift.apache.org/</a>. The Apache Thrift website was originally written to use nanoc before being ported to the newly improved Apache CMS. They kept the YAML headers for their markdown pages and converted from a custom preprocessing script used for inserting code snippets to using a fully-supported snippet-fetching feature in the Apache CMS.&nbsp;</p>
-<p>"The new improvements to the Apache CMS allowed us to quickly standardize the build process and guarantee repeatable results as well as integrate direct code snippets into the website from our source repository."<br/>- Jake Farrell, Apache Thrift PMC Chair</p>
-<p>Check out the Apache Thrift website&nbsp;<a href="http://svn.apache.org/repos/asf/thrift/cms-site/trunk/">cms sources</a> for sample uses of the new features found in <a href="https://svn.apache.org/repos/infra/websites/cms/build/lib/ASF/View.pm">ASF::View</a> and <a href="https://svn.apache.org/repos/infra/websites/cms/build/lib/ASF/Value/Snippet.pm">ASF::Value::Snippet</a>.</p>
-</content><category term="blog"></category></entry><entry><title>Improved integration between Apache and GitHub</title><link href="https://infra.apache.org/blog/improved_integration_between_apache_and.html" rel="alternate"></link><published>2014-02-12T01:16:30+00:00</published><updated>2014-02-12T01:16:30+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2014-02-12:/blog/improved_integration_between_apache_and.html</id><summary type="html"><p>After a few weeks of hard work and mind-boggling debugging, we are pleased to announce tighter and smarter integration between GitHub and the Apache Software Foundation's infrastructure.</p>
-<p>These new features mean a much higher level of replication and retention of what goes on on GitHub, which in turns both help …</p></summary><content type="html"><p>After a few weeks of hard work and mind-boggling debugging, we are pleased to announce tighter and smarter integration between GitHub and the Apache Software Foundation's infrastructure.</p>
-<p>These new features mean a much higher level of replication and retention of what goes on on GitHub, which in turns both help projects maintain control over what goes on within their project, as well as keeping a record of everything that's happening in the development of a project, whether it be on ASF hardware or off-site on GitHub. </p>
-<p>To be more precise, these new features allows for the following:</p>
-<ul>
-<li>Any Pull Request that gets opened, closed, reopened or commented on now gets recorded on the project's mailing list</li>
-<li>If a project has a JIRA instance, any PRs or comments on PRs that include a JIRA ticket ID will trigger an update on that specific ticket</li>
-<li>Replying to a GitHub comment on the dev@ mailing list will trigger a comment being placed on GitHub (yes, it works both ways!)</li>
-<li>GitHub activity can now be relayed to IRC channels on the Freenode network.<br/></li>
-</ul>
-<p>As with most of our things, this is an opt-in feature. If you are in a project that would like to take advantage of these new features, please contact infrastructure, preferably by filing a <a href="https://issues.apache.org/jira/browse/INFRA" target="_blank" title="JIRA">JIRA ticket</a> with the component set to Git, and specifying which of the new features you would like to see enabled for your project.<br/></p>
-<p>On behalf of the Infrastructure Team, I hope you will find these new features useful and be mindful in your use of them.<br/></p>
-</content><category term="blog"></category></entry><entry><title>paste.apache.org sees the light of day</title><link href="https://infra.apache.org/blog/paste_apache_org_sees_the.html" rel="alternate"></link><published>2013-03-06T18:37:42+00:00</published><updated>2013-03-06T18:37:42+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2013-03-06:/blog/paste_apache_org_sees_the.html</id><summary type="html"><p><em>Note</em>: As of May, 2024, Apache Paste is no longer available.</p>
-<hr/>
-<p>Today, the Apache Infrastructure team launched <a href="http://paste.apache.org">http://paste.apache.org</a>, a new ASF-driven site for posting snippets, scripts, logging output, configurations and much more and sharing them with the world.
-</p>
-<p><br/><b><i>&nbsp;Why yet another paste bin, you ask?</i></b></p>
-<p>Well, for …</p></summary><content type="html"><p><em>Note</em>: As of May, 2024, Apache Paste is no longer available.</p>
-<hr/>
-<p>Today, the Apache Infrastructure team launched <a href="http://paste.apache.org">http://paste.apache.org</a>, a new ASF-driven site for posting snippets, scripts, logging output, configurations and much more and sharing them with the world.
-</p>
-<p><br/><b><i>&nbsp;Why yet another paste bin, you ask?</i></b></p>
-<p>Well, for starters, this site is different in that is it run by the ASF, for the ASF, in that we fully control what happens to your data when you post it, or perhaps more important, what does NOT happen to it. The site enforces a "from committers to everyone" policy, meaning only <u>committers</u> may post new data on the site, but everyone is invited to watch the result. While this is not a blanket guarantee that the data is accurate or true, it is nonetheless a guarantee that <i><b>what you see is data posted by an Apache committer</b></i>.</p>
-<p>Secondly, committers have the option to post something as being "committers only", meaning only committers within the ASF can see the paste. This is much like the "private" pastes offered by many other sites, but with the added benefit that it prevents anyone snooping around from watching whatever you paste, unless they are actually a committer.</p>
-<p> </p>
-<p><b><i>&nbsp;Great, so how does it work?</i></b></p>
-<p> It works like most other paste sites, in that you go to <a href="http://paste.apache.org">http://paste.apache.org,</a>&nbsp; paste your data, select which type of highlighting to use, and you get an URL with your paste. For text-only clients, raw data will be displayed, while regular browsers will enjoy a full web page with the ability to download or edit a paste. Currently we have support for httpd configurations, C/C++, Java, Lua, Erlang, XML/HTML, PHP, Shell scripts, Diff/Patch, Python and Perl syntax highlighting. If you want to have any other type of highlighting added, don't hesitate to ask!<br/></p>
-<p>Since this site enforces the "from committers to everyone" policy, you are required to use your LDAP credentials when making a paste. To allow for the use of the service within console applications (shells etc) that might not (or should not) provide authentication credentials (on public machines you'd want to avoid storing your committer credentials for instance!), we have equipped the site with a token generator, that both allows you to pipe any output you may have directly to the site as well as gives you some hints on how you may achieve this.</p>
-<p>Imagine you have a directory listing that you'd only want your fellow committers to see. Publishing this, using the token system, is as easy as doing:<br/><span style="background-color: #b5ffb4;">$&gt; ls -la | privpaste&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br/>http://paste.apache.org/p/1234</span><br/></p>
-<p>And there you have it, the command returns a URL ready for sharing with your fellow committers. Had you wanted for everyone to be able to see it, you could have used the <i>pubpaste</i> alias instead (click on "generate token" on the site to get more information about tokens and the useful aliases).</p>
-<p> </p>
-<p> We hope you'll enjoy this new service, and use it wisely as well as often. Should you have any questions or suggestions, we'd be most happy to receive them through any infra channel you want to use. <br/></p>
-<p><br/></p>
-<p> <br/></p>
-</content><category term="blog"></category></entry><entry><title>New Infra Team Members</title><link href="https://infra.apache.org/blog/new_infra_team_members.html" rel="alternate"></link><published>2012-07-26T02:35:47+00:00</published><updated>2012-07-26T02:35:47+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-07-26:/blog/new_infra_team_members.html</id><summary type="html"><p>
-<p>Since out last update over a year ago, the Infra Team has expanded by another NINE (9) members!</p></p>
-<p>Congrats and our warmest thanks go to:</p>
-<p><br/>Niklas Gustavsson - (ngn)<br/>Jeremy Thomerson - (jrthomerson)<br/>Mark Struberg - (struberg)<br/>Eric Evans - (eevans)<br/>Brandon Williams - (brandonwilliams)<br/>Mohammad Nour El-Din - (mnour)<br/>David Nalley - (ke4qqq)<br/>Yang Shih-Ching - (imacat …</p></summary><content type="html"><p>
-<p>Since out last update over a year ago, the Infra Team has expanded by another NINE (9) members!</p></p>
-<p>Congrats and our warmest thanks go to:</p>
-<p><br/>Niklas Gustavsson - (ngn)<br/>Jeremy Thomerson - (jrthomerson)<br/>Mark Struberg - (struberg)<br/>Eric Evans - (eevans)<br/>Brandon Williams - (brandonwilliams)<br/>Mohammad Nour El-Din - (mnour)<br/>David Nalley - (ke4qqq)<br/>Yang Shih-Ching - (imacat)<br/>Daniel Gruno - (humbedooh)<br/></p>
-<p>The rest of the Infra team look forward to continuing to work with you all.</p>
-<p> </p>
-<p>There are now a total of 80 infrastructure members with another 36 in the infrastructure-interest group.</p>
-<p> </p>
-</content><category term="blog"></category></entry><entry><title>ASF Comments System Live!</title><link href="https://infra.apache.org/blog/asf_comments_system_live.html" rel="alternate"></link><published>2012-07-09T16:49:30+00:00</published><updated>2012-07-09T16:49:30+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-07-09:/blog/asf_comments_system_live.html</id><summary type="html"><hr/>
-**Note**: This service is no longer available from Infra.
-<hr/>
-<p>Daniel Gruno has recently developed a <a href="https://comments.apache.org/">comments system</a> for Apache projects to use.&nbsp; The purpose of the system is to enable public commentary on project webpages and is already in production use in the <a href="http://httpd.apache.org/docs/trunk/">httpd</a> and <a href="http://trafficserver.apache.org/docs/">trafficserver</a> projects.&nbsp; This new system …</p></summary><content type="html"><hr/>
-**Note**: This service is no longer available from Infra.
-<hr/>
-<p>Daniel Gruno has recently developed a <a href="https://comments.apache.org/">comments system</a> for Apache projects to use.&nbsp; The purpose of the system is to enable public commentary on project webpages and is already in production use in the <a href="http://httpd.apache.org/docs/trunk/">httpd</a> and <a href="http://trafficserver.apache.org/docs/">trafficserver</a> projects.&nbsp; This new system nicely complements the ASF CMS system and trivially integrates with it- see <a href="http://comments.apache.org/help.html">http://comments.apache.org/help.html</a> for details.</p>
-<p>The comment system is now open- enjoy!&nbsp; Please file a jira ticket with INFRA to get started today.</p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>Apache CMS: New features for anonymous users</title><link href="https://infra.apache.org/blog/apache_cms_new_features_for.html" rel="alternate"></link><published>2012-06-24T13:37:50+00:00</published><updated>2012-06-24T13:37:50+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-06-24:/blog/apache_cms_new_features_for.html</id><summary type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Two new features have recently been …</p></summary><content type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Two new features have recently been added to the CMS, courtesy of David Blevins.&nbsp; These features are geared towards streamlining the user experience for <a href="http://www.apache.org/dev/cmsref#non-committer">anonymous users</a>.&nbsp; The first feature is "Quick Mail", which is the analog of "Quick Commit" but for anonymous users who cannot otherwise commit their changes directly.&nbsp; Quick Mail, which is enabled by default, will take the immediate submission of an anonymous Edit session and post it directly to the project's dev list, saving several steps that might be hard for a new user to walk through.</p>
-<p>The second feature is a natural result of that known as anonymous clones.&nbsp; In the subsequent mailout from "Quick Mail", there will be an url for committers to use to effectively clone the working copy of the anonymous user who generated the patch.&nbsp; This makes review and subsequent commit operations much more convenient than directly applying the emailed patch to a local working copy.&nbsp; In fact it is possible for users to clone a non-anonymous user's working copy, so anyone experiencing chronic problems with their working copy on the CMS can get help from other committers by simply using the "Mail Diff" feature to contact either the dev list or another apache committer with details of their problem.</p>
-<p>We have added these features in the hopes this will considerably lower the bar for anonymous users in particular to take advantage of the CMS.&nbsp; Please let your community know about them!</p>
-<p><br/></p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>The value of taint checks in CGI scripts</title><link href="https://infra.apache.org/blog/the_value_of_taint_checks.html" rel="alternate"></link><published>2012-06-09T21:45:27+00:00</published><updated>2012-06-09T21:45:27+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-06-09:/blog/the_value_of_taint_checks.html</id><summary type="html"><p>Consider the following snippet taken from a live CGI script running on the host that serves www.apache.org:</p>
-<pre>#!/usr/bin/perl
-<p>use strict;
-use warnings;</p>
-<p>print "Content-Type: text/html\n\n";
-my $artifact = "/apache-tomee/1.0.1-SNAPSHOT/";
-$artifact = $ENV{PATH_INFO} if $ENV{PATH_INFO};</p>
-<p>$artifact = "/$artifact/";
-$artifact =~ s,/+,/,g;
-$artifact …</p></pre></summary><content type="html"><p>Consider the following snippet taken from a live CGI script running on the host that serves www.apache.org:</p>
-<pre>#!/usr/bin/perl
-<p>use strict;
-use warnings;</p>
-<p>print "Content-Type: text/html\n\n";
-my $artifact = "/apache-tomee/1.0.1-SNAPSHOT/";
-$artifact = $ENV{PATH_INFO} if $ENV{PATH_INFO};</p>
-<p>$artifact = "/$artifact/";
-$artifact =~ s,/+,/,g;
-$artifact =~ s,[^a-zA-Z.[0-9]-],,g;
-$artifact =~ s,../,,g;</p>
-<p>my $content = <code>wget -q -O - http://repository.apache.org/snapshots/org/apache/openejb$artifact</code>;
-...
-</p></pre>
-<p> </p><hr size="2" width="100%"/>
-<p> </p>
-<p>Looks pretty good right?&nbsp; Any questionable characters are removed from $artifact before exposing it to the shell via backticks... hmm, well turns out that's not so easy to determine.</p>
-<p>The first warning sign that was given to the author of this script was that he hadn't enabled taint checks- if he had this is how things probably would have looked:</p>
-<pre>#!/usr/bin/perl -T
-<p>use strict;
-use warnings;</p>
-<p>print "Content-Type: text/html\n\n";
-my $artifact = "/apache-tomee/1.0.1-SNAPSHOT/";
-$artifact = $ENV{PATH_INFO} if $ENV{PATH_INFO};</p>
-<p>$artifact = "/$artifact/";
-$artifact =~ s,/+,/,g;
-$artifact =~ m,^([a-zA-Z.[0-9]-]*)$, or die "Detainting regexp failed!";
-$artifact = $1;
-$artifact =~ s,../,,g;</p>
-<p>my $content = <code>wget -q -O - http://repository.apache.org/snapshots/org/apache/openejb$artifact</code>;
-... </p></pre><hr size="2" width="100%"/>
-<p>Which doesn't look like much of a change, but the impact on the actual logic is massive: we've gone from a substitution that strips unwanted chars to a fully-anchored pattern that matches only a string full of wanted chars only, and dies on pattern match failure.&nbsp; Sadly the developer in question did not heed this early advice.<br/></p>
-<p>As it turns out, there is a bug (well several) in the core pattern that renders the original substitution ineffective.&nbsp; However the impact on the taint-checked version causes the detainting match to fail and renders the script harmless!&nbsp; The practical difference is that instead of a script with a working remote shell exploit, we have script that serves no useful purpose.&nbsp; To the Apache sysadmins this is a superior outcome, even though to the developer the original, essentially working script is preferable- worlds are colliding here, but guess who wins?<br/></p>
-<p>At the ASF the sysadmins almost invariably refuse to run perl or ruby CGI scripts without taint-checking enabled, and will always prefer CGI scripts be written in languages that support taint checks as they tend to enforce good practice in dealing with untrusted input.&nbsp; This example, which is in fact one of the first times we've even considered allowing Apache devs to deploy non-download CGI scripts on the <a href="http://www.apache.org">www.apache.org</a>&nbsp; server, serves as a useful reminder to Apache devs as to why using languages that support taint checks is an essential component of scripting on the web.</p>
-<p><br/></p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>apache.org incident report for 05292012</title><link href="https://infra.apache.org/blog/apache_org_incident_report_for.html" rel="alternate"></link><published>2012-05-29T16:59:09+00:00</published><updated>2012-05-29T16:59:09+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-05-29:/blog/apache_org_incident_report_for.html</id><summary type="html"><p>Last week, internal audit activity discovered that the access logs of some committer-only Apache services contained passwords but had been available to every Apache committer.<br/></p>
-<h3> </h3>
-<h3>The problem</h3>
-<p>The httpd logs of several ASF services are aggregated and archived on minotaur.apache.org.&nbsp; Minotaur is also people.apache.org, the shell …</p></summary><content type="html"><p>Last week, internal audit activity discovered that the access logs of some committer-only Apache services contained passwords but had been available to every Apache committer.<br/></p>
-<h3> </h3>
-<h3>The problem</h3>
-<p>The httpd logs of several ASF services are aggregated and archived on minotaur.apache.org.&nbsp; Minotaur is also people.apache.org, the shell host for committers, and committers were encouraged to analyse the logs and <a href="http://mail-archives.apache.org/mod_mbox/subversion-dev/201205.mbox/%3CCABD8fLV30-YaFaYt21GuCJX+_xqqPCB+S+XpW_G1aydyTrgkug@mail.gmail.com%3E">produce aggregated data</a>.<br/><br/>However, for two services, the archived logs included <a href="http://httpd.apache.org/docs/current/mod/mod_log_forensic.html">forensic logs</a>, which are extra-verbose logs that include all HTTP request headers.&nbsp; (The logs are never encrypted, even if the HTTP connection was wrapped by SSL encryption.)&nbsp; Both of these services <a href="http://s.apache.org/">http://s.apache.org</a> and <a href="http://svn.apache.org/">http://svn.apache.org</a> allow anyone to use them in a read-only manner anonymously, and allow further operations (such as creating shortlinks) to LDAP-authenticated committers.&nbsp; Authentication is usually done by embedding the username and password, encoded in base64, in the "Authorization:" HTTP header, under SSL encryption.<br/><br/>Base64 is a reversible transform.&nbsp; (It is an encoding, not a cipher.)<br/><br/>Consequently, any Apache committer could learn the passwords of any other committer by reading the log files and reversing the base64 encoding.<br/></p>
-<h3>Shutting the barn door</h3>
-<p>The logs archive directory was made readable by the root user only.&nbsp; Forensic logging was disabled, and past forensic logs deleted.&nbsp; ZFS snapshots containing those logs were destroyed, too.<br/></p>
-<h3>Finding the horse<br/></h3>
-<p>We know that several committers had on one occasion or another copied the logs in order to analyse them, so we operated on the assumption that copies of the sensitive forensic logs were circulating on hardware we do not control.&nbsp; We therefore opted to have all passwords changed, or reset.<br/><br/>Several Apache committers whose passwords grant very high access were advised privately to change their passwords.&nbsp; The root@ team ensured the follow-through and, before announcing the vulnerability any further, changed the passwords of those whom had not done so themselves.&nbsp; The root@ team also changed the passwords of all non-human (role) accounts on those services.<br/><br/>The vulnerability was then announced to all Apache committers with the same instructions: 'Your passwords may be compromised; change them "now"; we will explain the problem later.'.&nbsp; This notice was authenticated via a PGP signature and via acknowledging it in a root-owned file on people.apache.org.<br/><br/>Finally, passwords that have not been changed after forensic logs had been disabled and, therefore, were presumed to be contained in compromised forensic logs were changed by the root@ team to random strings.</p>
-<h3>Implications<br/></h3>
-<p>Were some committer to have compromised another Apache account using this vulnerability prior to these steps being taken, note that root access to all apache.org hosts is only available using one-time-passwords (otp) for certain privileged sudo users.&nbsp; Such account holders have been instructed not to use the same password for otp as for LDAP, so this would not have resulted in an attacker gaining root privileges without our knowledge.&nbsp; All of our commit activity is peer-reviewed and logged to various commit lists, and no reports of unusual commit activity have been received during the time frame in which this exposure was effective.&nbsp; In fact no unusual activity has ever been reported regarding any of our LDAP-based services, so there is no reason for us to suspect malicious activity has occurred as a result of this vulnerability.<br/></p>
-<h3>Preventing recurrence</h3>
-<p>No code changes were needed to the software that s.apache.org and
-svn.apache.org run; the software was behaving correctly according to
-its configuration, but the configuration itself and the in-house
-log archiving scripts were incorrect.<br/><br/>A member of the infrastructure team will be approaching the Apache HTTPD PMC with a documentation patch for mod_log_forensic.</p>
-<h3>Epilogue</h3>
-<p>There were no malicious parties involved here (to our knowledge); we just made a configuration error.&nbsp; The nature of the error meant we had to assume all passwords were compromised, and that was costly to fix.<br/><br/>We hope our disclosure has been as open as possible and true to the ASF spirit.&nbsp; Hopefully others can learn from our mistakes.&nbsp; See our <a href="http://www.apache.org/info/20010519-hack.html">prior</a> <a href="https://blogs.apache.org/infra/entry/apache_org_downtime_report">incident</a> <a href="https://blogs.apache.org/infra/entry/apache_org_04_09_2010">reports</a> from the Apache Infrastructure Team.<br/><br/>Committers please address questions to root@apache.org only.<br/><br/>Queries from the press should be sent to press@apache.org.<br/><br/>Happy hacking!<br/><br/> </p>
-</content><category term="blog"></category></entry><entry><title>Apache CMS and external build support</title><link href="https://infra.apache.org/blog/apache_cms_and_external_build.html" rel="alternate"></link><published>2012-03-10T17:28:05+00:00</published><updated>2012-03-10T17:28:05+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-03-10:/blog/apache_cms_and_external_build.html</id><summary type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Recently we've been working with the …</p></summary><content type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Recently we've been working with the maven team to facilitate migration of <a href="http://maven.apache.org">maven.apache.org</a> to the Apache CMS, using maven as the core build system instead of the standard perl build scripts.&nbsp; A mockup has been created at <a href="http://maventest.apache.org/">maventest.apache.org</a>&nbsp; to see how this will work.&nbsp;&nbsp; Once the site is completed, there will be roughly 5GB of data to service, spanning dozens of maven components.&nbsp; Each component will be self-contained and managed externally from the CMS site using a local maven svnpubsub plugin written mainly by Benson Margulies.&nbsp; The CMS will glue all the components together into a single common site using the <a href="http://www.apache.org/dev/cmsref#generated-docs">extpaths.txt</a> file to configure the paths.</p>
-<p>The doxia subproject requires special treatment as an independent CMS subproject which is also using maven as it's core build system.&nbsp; Special logic was introduced into the CMS to properly redirect subproject links based on maven source tree layouts, and the system has worked seamlessly so far.</p>
-<p>Other recent news includes the migration of the main <a href="http://incubator.apache.org/">incubator.apache.or</a><a href="http://incubator.apache.org/">g</a> site to the CMS.&nbsp; There the CMS relies on Ant/Anakia to produce site builds instead of the standard perl build scripts, providing an easy migration path for folks accustomed to the old way of building the site.</p>
-<p>Essentially we've made good on the promise that the CMS is simply CI for websites with an easy way of editing pages within your browser.&nbsp; Support for forrest builds is planned but hasn't been fleshed out with any live examples to date.&nbsp; That would round out the major java site-building technologies currently deployed by Apache projects- volunteers welcome!<br/></p>
-</content><category term="blog"></category></entry><entry><title>Apache CMS: latest new feature is SPEED!</title><link href="https://infra.apache.org/blog/apache_cms_latest_new_feature.html" rel="alternate"></link><published>2012-02-26T02:23:56+00:00</published><updated>2012-02-26T02:23:56+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2012-02-26:/blog/apache_cms_latest_new_feature.html</id><summary type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Over the past few months the …</p></summary><content type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the general <a href="https://infra.apache.org/doc.html" target="_blank">Infrastructure documentation page</a>.</p>
-<hr/>
-<p>Over the past few months the&nbsp;<a href="http://www.apache.org/dev/cms">Apache CMS</a> has seen lots of new improvements, all under the general theme of making the system more performant.&nbsp; Supporting very large sites like the <a href="http://www.openoffice.org/">Apache OpenOffice User Site</a> with almost 10 GB of content has presented new challenges, met largely with the introduction of zfs clones for generating per-user server-side working copies, changing what was an O(N) rsync job to an O(1) operation.&nbsp; We've also moved the update processing out-of-band to further cut down on the time it takes for the bookmarklet to produce a page, eliminating all O(N) algorithms from the process.</p>
-<p>&nbsp;More recent work focuses on the merge-based publication process, which for large changesets took a considerable amount of time to process.&nbsp; That too has been recoded based on svnmucc and is now another O(1) operation- essentially a perfect copy of staging with a few adjustments for "external" paths.</p>
-<p>Combine that with the activity around parallelizing the build system and you have a completely different performance profile compared to the way the system worked in 2011.&nbsp; In short, if you haven't tried the CMS lately, and were a bit offput by the page rendering times or build speeds, have another look! <br/></p>
-<p> </p>
-<p>Next up: describing the work done around external build support, focusing first on maven based sites.<br/></p>
-<p><br/></p>
-</content><category term="blog"></category></entry><entry><title>translate service now open!</title><link href="https://infra.apache.org/blog/translate_service_now_open.html" rel="alternate"></link><published>2011-12-11T20:30:33+00:00</published><updated>2011-12-11T20:30:33+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2011-12-11:/blog/translate_service_now_open.html</id><summary type="html"><p>
-<p>A few projects have requested it, now it is here! Check out <a href="https://translate.apache.org"><a href="https://translate.apache.org">https://translate.apache.org</a></a> and get your project added.</p></p>
-<p>See also <a href="https://cwiki.apache.org/confluence/display/INFRA/translate+pootle+service+auth+levels">https://cwiki.apache.org/confluence/display/INFRA/translate+pootle+service+auth+levels</a> for more information - you will see that general public non-logged in users can submit translate …</p></summary><content type="html"><p>
-<p>A few projects have requested it, now it is here! Check out <a href="https://translate.apache.org"><a href="https://translate.apache.org">https://translate.apache.org</a></a> and get your project added.</p></p>
-<p>See also <a href="https://cwiki.apache.org/confluence/display/INFRA/translate+pootle+service+auth+levels">https://cwiki.apache.org/confluence/display/INFRA/translate+pootle+service+auth+levels</a> for more information - you will see that general public non-logged in users can submit translate requests whilst any logged in user (i.e. - committers) can process those submissions.</p>
-<p>Enjoy! - Any queries to the infra team please or file a INFRA Jira ticket.</p>
-</content><category term="blog"></category></entry><entry><title>PEAR package hosting available</title><link href="https://infra.apache.org/blog/pear_package_hosting_available1.html" rel="alternate"></link><published>2011-04-15T05:32:23+00:00</published><updated>2011-04-15T05:32:23+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2011-04-15:/blog/pear_package_hosting_available1.html</id><content type="html"><hr/>
-**Note**: Hosting releases of PEAR packages is no longer available.
-<hr/>
-<p>
-<p>Any projects in the position of being able to release via PEAR packages can now do so hosted officially on ASF servers.</p></p>
-<p><a href="http://pear.apache.org">http://pear.apache.org</a> is now up and running and ready to serve!</p>
-</content><category term="blog"></category></entry><entry><title>Welcome new members of the infra team</title><link href="https://infra.apache.org/blog/welcome_new_members_of_the.html" rel="alternate"></link><published>2011-03-22T10:09:45+00:00</published><updated>2011-03-22T10:09:45+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2011-03-22:/blog/welcome_new_members_of_the.html</id><summary type="html"><p>
-Well, some are not exactly new faces, but since our last blog update of new infra members in 2009 , we have conned with promises of fame, fortune and beer the following new additions to the infra team:
-</p>
-<ul>
-<li>Chris Rhodes: (arreyder)
-</li>
-<li>Brian Fox: (brianf)
-</li>
-<li>Matt Benson: (mbenson)
-</li>
-<li>David Blevins: (dblevins)
-</li>
-<li>Rudiger …</li></ul></summary><content type="html"><p>
-Well, some are not exactly new faces, but since our last blog update of new infra members in 2009 , we have conned with promises of fame, fortune and beer the following new additions to the infra team:
-</p>
-<ul>
-<li>Chris Rhodes: (arreyder)
-</li>
-<li>Brian Fox: (brianf)
-</li>
-<li>Matt Benson: (mbenson)
-</li>
-<li>David Blevins: (dblevins)
-</li>
-<li>Rudiger Pluem: (rpluem)
-</li>
-<li>Noirin Plunkett: (noirin)
-</li>
-<li>Ulrich St&auml;rk: (uli)
-</li>
-<li>Daniel Shahaf: (danielsh)
-</li>
-<li>Paul Davis: (davisp)
-</li>
-</ul>
-<p>Infra work is not your normal volunteer work, and it is greatly appreciated when any of these folks get to help.
-</p>
-</content><category term="blog"></category></entry><entry><title>Changes to email service for all committers</title><link href="https://infra.apache.org/blog/changes_to_email_service_for.html" rel="alternate"></link><published>2011-02-24T21:13:18+00:00</published><updated>2011-02-24T21:13:18+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2011-02-24:/blog/changes_to_email_service_for.html</id><summary type="html"><p>In the near future the Infrastructure team will be implementing a change to the way we handle emails for all committers. </p>
-<p>
-Historically we have allowed users to choose how to handle their apache.org email. However we will be making the following changes:
-<ol>
-<li>Making LDAP authoritative for all mail forwarding …</li></ol></p></summary><content type="html"><p>In the near future the Infrastructure team will be implementing a change to the way we handle emails for all committers. </p>
-<p>
-Historically we have allowed users to choose how to handle their apache.org email. However we will be making the following changes:
-<ol>
-<li>Making LDAP authoritative for all mail forwarding addresses.</li>
-<li>Users will no longer be allowed to store their apache.org email locally on people.apache.org (minotaur)</li>
-<li>The Infra team will take the mail address currently held in either your .qmail or .forward file (.qmail is authoritative if they both exist) and inject this into LDAP</li>
-<li>We will no longer allow users to configure mail filtering, but you can configure your SpamAssassin threshold as per <a href="https://blogs.apache.org/infra/entry/controlling_your_spamassassin_threshold1"> our recent blog post</a>.</li>
-<li>We will make committers ~/.forward and ~/.qmail files read-only, there will still be at least one of these files, but it will be owned by the mail daemon user. </li>
-</ol>
-</p>
-<p>This means that all committers will be required to forward their apache.org email to an email address outside of the foundation. </p>
-<p>We are doing this to simplify the email infrastructure, and to help reduce the current level of complexity of maintaining people.apache.org. Also, making LDAP authoritative means we can move some of the work straight out to the MXs, and thus avoid sending it through several mail servers. In the new architecture if someone emails you directly at your apache.org mail address it will only be handled by one apache.org MX. </p>
-<p>Of course, we won't delete any email you currently have on people.apache.org. Should you want to edit your LDAP record you should use <a href="https://id.apache.org">https://id.apache.org</a> to do this.</p>
-</content><category term="blog"></category></entry><entry><title>Controlling your SpamAssassin threshold</title><link href="https://infra.apache.org/blog/controlling_your_spamassassin_threshold1.html" rel="alternate"></link><published>2011-01-27T15:37:21+00:00</published><updated>2011-01-27T15:37:21+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2011-01-27:/blog/controlling_your_spamassassin_threshold1.html</id><summary type="html"><p>Committers,</p>
-<p>
-The Infrastructure Team has just enabled a new feature to control your SpamAssassin Threshold for your apache.org account. The default score for user delivery has always remained at 10, but with this new feature you can lower that score to anything you want. Many people with older accounts …</p></summary><content type="html"><p>Committers,</p>
-<p>
-The Infrastructure Team has just enabled a new feature to control your SpamAssassin Threshold for your apache.org account. The default score for user delivery has always remained at 10, but with this new feature you can lower that score to anything you want. Many people with older accounts will probably prefer a lower score, like 5, which is the default for all apache mailing lists.</p>
-<p>To lower your score login to <a href="https://id.apache.org/">id.apache.org</a> and change your 'SpamAssassin Threshold (asf-sascore)' attribute to your desired level. Don't forget to supply the form with your LDAP password.</p>
-<p>Enjoy.</p>
-</content><category term="blog"></category></entry><entry><title>id.apache.org -- New Password Service</title><link href="https://infra.apache.org/blog/https_id_apache_org_new.html" rel="alternate"></link><published>2011-01-14T16:36:42+00:00</published><updated>2011-01-14T16:36:42+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2011-01-14:/blog/https_id_apache_org_new.html</id><summary type="html"><p>Folks, <br/> <br/></p>
-<p>The infrastructure team are pleased to announce the availability of <a href="https://id.apache.org">id.apache.org</a> the new password management tool for all ASF committers and members. This new service will allow users to:</p>
-<ol>
-<li>Reset forgotten LDAP passwords themselves, no need to contact the Infra team anymore.</li>
-<li>The ability to change their …</li></ol></summary><content type="html"><p>Folks, <br/> <br/></p>
-<p>The infrastructure team are pleased to announce the availability of <a href="https://id.apache.org">id.apache.org</a> the new password management tool for all ASF committers and members. This new service will allow users to:</p>
-<ol>
-<li>Reset forgotten LDAP passwords themselves, no need to contact the Infra team anymore.</li>
-<li>The ability to change their LDAP password.</li>
-<li> The ability to update your LDAP record, i.e. change forename, surname or mail attributes. [1].</li>
-</ol>
-<p>Users should note that this service will only allow you to manage your LDAP password, thus controlling access to those resources currently protected by LDAP authnz. <br/> <br/>
-Once logged in you will note that some fields are not editable, this is by design and are there merely to show you your LDAP entry. You are currently only allowed to edit your Surname, Given name (Forename), and Mail attributes. This list may be extended as we make more features available, and they will be announced as and when.<br/> <br/></p>
-<p>Users of this service should note that we have a few small bugs to iron out, and this will be done as soon as possible. For example if you attempt to modify your details and do no re-enter your password you will currently see a generic HTTP 500 error. </p>
-<p>Thanks must go to Ian Boston (ieb), and Daniel Shahaf (danielsh) for making this work. Ian provided the initial code (his first ever attempt at Python too). Daniel then took it and implemented several changes and generally improved the backend.</p>
-<p>[1] - It should be noted that updating your mail record in LDAP will not currently have any affect on where your apache.org email is forwarded on too. This is planned to take place later this year. </p>
-</content><category term="blog"></category></entry><entry><title>LDAP and password policy</title><link href="https://infra.apache.org/blog/ldap_and_password_policy.html" rel="alternate"></link><published>2010-12-17T06:38:50+00:00</published><updated>2010-12-17T06:38:50+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-12-17:/blog/ldap_and_password_policy.html</id><summary type="html"><p>As of approximately 03:00 (UTC) today the infrastructure team have enabled a password policy for all LDAP accounts.<br/>
-This policy has been implemented at the LDAP infrastructure level and will affect all users. It has been deployed using OpenLDAP's password policy schema, and overlay.</p>
-<p>At the time of launch …</p></summary><content type="html"><p>As of approximately 03:00 (UTC) today the infrastructure team have enabled a password policy for all LDAP accounts.<br/>
-This policy has been implemented at the LDAP infrastructure level and will affect all users. It has been deployed using OpenLDAP's password policy schema, and overlay.</p>
-<p>At the time of launch we will be enforcing the following policy. </p>
-<ul>
-<li>At the time of a given users 10th successive login failure the account will be locked.</li>
-<li>The account will then be automatically unlocked 24 hours later, or until a member of root@ unlocks it for you.</li>
-<li>If the user successfully completes a login before the tally reaches 10, the counter for failed logins is reset back to 0.</li>
-</ul>
-<p>We are enabling this to try and prevent any brute force attempt at guessing passwords. It will also highlight potential issues with accounts. </p>
-<p>As with all account related queries, you should be contacting root@ - We will be able to unlock your account for you, allowing you to gain access.</p>
-</content><category term="blog"></category></entry><entry><title>The ASF CMS</title><link href="https://infra.apache.org/blog/the_asf_cms.html" rel="alternate"></link><published>2010-12-02T04:25:43+00:00</published><updated>2010-12-02T04:25:43+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-12-02:/blog/the_asf_cms.html</id><summary type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the <a href="https://infra.apache.org/doc.html" target="_blank">general Infrastructure documentation page</a>.</p>
-<hr/>
-<p>
-Over the past 3 months, the …</p></summary><content type="html"><hr/>
-**Note**: Projects and the ASF itself used the Apache Content Management System from 2010 to 2021. It is no longer available.
-<p>Links to suggestions for setting up a project website, and website guidelines, are available under "PMC resources" in the <a href="https://infra.apache.org/doc.html" target="_blank">general Infrastructure documentation page</a>.</p>
-<hr/>
-<p>
-Over the past 3 months, the Infrastructure Team has developed and deployed a custom CMS for Apache projects to use to manage their websites. There is a <a href="http://www.apache.org/dev/cms.html">document</a> available which explains the rationale, role, and future plans for the CMS. We have opened up the ACLs for the <a href="http://www.apache.org/">www.apache.org</a> site for all committers to now be able to edit content on the site using the cms (while still restricting live publication to the Apache membership and the Infrastructure Team).
-</p>
-<p>
-The basic workflow for committers is easy to describe: first install the <a href="https://cms.apache.org/#bookmark">javascript bookmarklet</a> on your browser toolbar. Next visit a webpage on the <a href="http://www.apache.org/">www.apache.org</a> website. When you've located a page you'd like
-to edit, click on the installed bookmarklet: you'll be taken to a working copy of the markdown source for the page in question. To edit the content click
-on the [Edit] link. A markdown editor will show you a preview of your changes while you work. When you have finished, submit your changes and [Commit] them.
-</p>
-<p>
-Your commit will trigger <a href="http://ci.apache.org/#buildbot">buildbot</a> to build a staging version of your changes. You can follow the build while it is ongoing, and once it has completed you can click on the [Staged] link to see the results. Members and Infrastructure Team members can continue on and publish those changes once they are satisfied with them. Other committers may need to send a note to the site-dev@ mailing list to request publication of their changes.
-</p>
-<p>
-The publication links in the CMS are essentially merge + commit operations in subversion which are tied into the live site via svnpubsub. That means
-publishing in the CMS is virtually instantaneous.
-</p>
-<p>
-The CMS is now open to all top-level and incubating projects. Interested projects should contact the infrastructure@ mailing list or simply file an <a href="https://issues.apache.org/jira/browse/INFRA">INFRA</a> ticket against the CMS component. Early adopters are encouraged to collaborate on
-the <a href="http://wiki.apache.org/general/ApacheCms2010">wiki page</a> for working out usage and adoption issues.
-</p>
-</content><category term="blog"></category></entry><entry><title>ReviewBoard instance running at the ASF</title><link href="https://infra.apache.org/blog/reviewboard_instance_running_at_the.html" rel="alternate"></link><published>2010-10-26T03:25:49+00:00</published><updated>2010-10-26T03:25:49+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-10-26:/blog/reviewboard_instance_running_at_the.html</id><summary type="html"><p>We know we have projects that use reviewboard externally to the ASF, we also have some projects using codereview.appspot.com and we also have some projects using Fisheye/Clover externally.</p>
-<p>Well, due to popular request, we now have an internal ReviewBoard running on <a href="https://reviews.apache.org">https://reviews.apache.org</a> !!</p>
-<p>So, sign …</p></summary><content type="html"><p>We know we have projects that use reviewboard externally to the ASF, we also have some projects using codereview.appspot.com and we also have some projects using Fisheye/Clover externally.</p>
-<p>Well, due to popular request, we now have an internal ReviewBoard running on <a href="https://reviews.apache.org">https://reviews.apache.org</a> !!</p>
-<p>So, sign up for an account, request that your projects repository be added (file an INFRA issue) and get collaborating!</p>
-<p>Questions or comments please raise them on the infrastructure-dev list as reviews.apache.org is in early stages it may need tweaking.</p>
-</content><category term="blog"></category></entry><entry><title>1 million commits and still going strong</title><link href="https://infra.apache.org/blog/1_million_commits_and_still.html" rel="alternate"></link><published>2010-09-23T11:55:55+00:00</published><updated>2010-09-23T11:55:55+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-09-23:/blog/1_million_commits_and_still.html</id><summary type="html"><p>Yesterday, the main ASF SVN code repository passed the 1 million commit mark. Shortly thereafter one of the ASF members enquired as to how he could best grab the SVN log entries for all of these commits. As always, there were a bunch of useful replies, but they were all …</p></summary><content type="html"><p>Yesterday, the main ASF SVN code repository passed the 1 million commit mark. Shortly thereafter one of the ASF members enquired as to how he could best grab the SVN log entries for all of these commits. As always, there were a bunch of useful replies, but they were all set to take quite some time; mainly because if anyone just simply runs</p>
-<pre>svn log http://svn.apache.org/repos/asf -r1:1000000 </pre>
-<p>It will not only take several hours, it will also cause high levels of load on one of the two geo-balanced SVN servers. Also, requesting that many log entries will likely result in your IP address being banned.</p>
-<p>So I decided to create the log set locally on one of the SVN servers. This is now available for download [<a href="http://s.apache.org/1m-svnlog">http://s.apache.org/1m-svnlog</a>] [<a href="people.apache.org/~pctony/asf-svnlog-1-1000000.tgz.md5">md5</a>] <br/>
-This is a 50Mb tar/gz file. It will uncompress to about 240Mb. The log 'only' contains the log entries from 1 -&gt; 1,000,000 - if you want the rest you can run:</p>
-<pre><code>&lt;pre&gt;svn log http://svn.apache.org/repos/asf -r1000001:HEAD&lt;/pre&gt;
-</code></pre>
-<p>This will give you all the log entries from 1M+1 to current</p>
-</content><category term="blog"></category></entry><entry><title>new hardware for apache.org</title><link href="https://infra.apache.org/blog/new_hardware_for_apache_org.html" rel="alternate"></link><published>2010-07-19T04:01:07+00:00</published><updated>2010-07-19T04:01:07+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-07-19:/blog/new_hardware_for_apache_org.html</id><summary type="html"><p>This weekend we rolled out a new server, a Dell Power Edge R410, named Eos, to host the Apache.org websites and MoinMoin wiki:</p>
-<ul>
-<li>OS: FreeBSD 8.1-RC2</li>
-<li>CPU: 2x Intel(R) Xeon(R) CPU X5550 @ 2.67GHz (2 package(s) x 4 core(s) x 2 SMT threads = 16 …</li></ul></summary><content type="html"><p>This weekend we rolled out a new server, a Dell Power Edge R410, named Eos, to host the Apache.org websites and MoinMoin wiki:</p>
-<ul>
-<li>OS: FreeBSD 8.1-RC2</li>
-<li>CPU: 2x Intel(R) Xeon(R) CPU X5550 @ 2.67GHz (2 package(s) x 4 core(s) x 2 SMT threads = 16 CPUs)</li>
-<li>RAM: 48gb DDR3</li>
-<li>Storage: 12x 15k RPM 300gb SAS, 2x 80gb SSD, configured in a ZFS raidz2 with the SSDs used for the L2ARC</li>
-</ul>
-<p>This new hardware replaces an older Sun T2000, also called eos, as the primary webserver for apache.org. We hope everyone enjoys the increased performance, especially from the Wiki!</p>
-<p>On the less visible infrastructure side, we are also upgrading Athena, one of our frontend mail servers. The new Athena is a DPE r210 with a 4 core 2.67GHz processor, replacing a Sun X2200.</p>
-</content><category term="blog"></category></entry><entry><title>s.apache.org - uri shortening service</title><link href="https://infra.apache.org/blog/s_apache_org_uri_shortening.html" rel="alternate"></link><published>2010-06-11T17:17:46+00:00</published><updated>2010-06-11T17:17:46+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-06-11:/blog/s_apache_org_uri_shortening.html</id><summary type="html"><p>
-Today we've brought <a href="http://s.apache.org/">s.apache.org</a> online. It's a url shortening service that's limited to Apache committers- the people who write all that Apache software! One of the main reasons we're providing this service is to allow committers to use shortened links whose provenance is known to be a trusted …</p></summary><content type="html"><p>
-Today we've brought <a href="http://s.apache.org/">s.apache.org</a> online. It's a url shortening service that's limited to Apache committers- the people who write all that Apache software! One of the main reasons we're providing this service is to allow committers to use shortened links whose provenance is known to be a trusted source, which is a big improvement over the generic shorteners out there in the wild. It is also meant to provide permanent links suitable for inclusion in board reports, or more generally email sent to our mailing lists - which will be archived, either publicly or privately, for as long as Apache is around.
-</p>
-<p>
-The service is easy to use, and being from Apache the <a href="http://s.apache.org?action=source">source code</a> for the service is readily available. The primary author of the code is Ulrich St&auml;rk (uli). Some of the more interesting features you can pick up from the source is the ability to "display" a link before doing a redirect by tacking on "?action=display" to any shortened url. For the truly paranoid there is the "?action=display;cookie=1" query string to force <strong>all</strong> shortened urls to display by default before redirecting. That feature may be turned off again with the "?action=display;cookie=" query string. Again, look over the source code for other interesting features you may wish to take advantage of.
-</p>
-<p>Committers: here's some javascript you might consider placing in a bookmark, courtesy of Doug Cutting. To use create a new bookmark and set the link url to</p>
-<blockquote style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><code>javascript:void(location.href='https://s.apache.org/?action=create&amp;search=ON&amp;uri='+escape(location.href)) </code></blockquote>
-</content><category term="blog"></category></entry><entry><title>apache.org incident report for 04092010</title><link href="https://infra.apache.org/blog/apache_org_04_09_2010.html" rel="alternate"></link><published>2010-04-13T05:04:50+00:00</published><updated>2010-04-13T05:04:50+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-04-13:/blog/apache_org_04_09_2010.html</id><summary type="html"><p>Apache.org services recently suffered a direct, targeted attack against our infrastructure, specifically the server hosting our issue-tracking software.</p>
-<p>The Apache Software Foundation uses a donated instance of <a href="http://www.atlassian.com/software/jira/">Atlassian JIRA</a> as an issue tracker for our projects. Among other projects, the ASF Infrastructure Team uses it to track issues and …</p></summary><content type="html"><p>Apache.org services recently suffered a direct, targeted attack against our infrastructure, specifically the server hosting our issue-tracking software.</p>
-<p>The Apache Software Foundation uses a donated instance of <a href="http://www.atlassian.com/software/jira/">Atlassian JIRA</a> as an issue tracker for our projects. Among other projects, the ASF Infrastructure Team uses it to track issues and requests. Our JIRA instance was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS.</p>
-<h2>Password Security</h2>
-<p><strong><font color="red">If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, a hashed copy of your password has been compromised.</font></strong></p>
-<p>JIRA and Confluence both use a SHA-512 hash, but without a random salt. We believe the risk to simple passwords based on dictionary words is quite high, and most users should rotate their passwords.</p>
-<p>Bugzilla uses a SHA-256, including a random salt. The risk for most users is low to moderate, since pre-built password dictionaries are not effective, but we recommend users should still remove these passwords from use. </p>
-<p>In addition, if you logged into the Apache JIRA instance between April 6th and April 9th, you should consider the password as compromised, because the attackers changed the login form to log them.</p>
-<h2>What Happened?</h2>
-<p>On April 5th, the attackers via a compromised <a href="http://www.slicehost.com">Slicehost</a> server opened a new issue, INFRA-2591. This issue contained the following text:</p>
-<blockquote>
-ive got this error while browsing some projects in jira
-http://tinyurl.com/XXXXXXXXX [obscured]
-</blockquote>
-<p>Tinyurl is a URL redirection and shortening tool. This specific URL redirected back to the Apache instance of JIRA, at a special URL containing a <a href="http://en.wikipedia.org/wiki/Cross-site_scripting">cross site scripting (XSS) attack</a>. The attack was crafted to steal the session cookie from the user logged-in to JIRA. When this issue was opened against the Infrastructure team, several of our administrators clicked on the link. This compromised their sessions, including their JIRA administrator rights.</p>
-<p>At the same time as the XSS attack, the attackers started a brute force attack against the JIRA login.jsp, attempting hundreds of thousands of password combinations.</p>
-<p>On April 6th, one of these methods was successful. Having gained administrator privileges on a JIRA account, the attackers used this account to disable notifications for a project, and to change the path used to upload attachments. The path they chose was configured to run JSP files, and was writable by the JIRA user. They then created several new issues and uploaded attachments to them. One of these attachments was a JSP file that was used to browse and copy the filesystem. The attackers used this access to create copies of many users' home directories and various files. They also uploaded other JSP files that gave them backdoor access to the system using the account that JIRA runs under.</p>
-<p>By the morning of April 9th, the attackers had installed a JAR file that would collect all passwords on login and save them. They then sent password reset mails from JIRA to members of the Apache Infrastructure team. These team members, thinking that JIRA had encountered an innocent bug, logged in using the temporary password sent in the mail, then changed the passwords on their accounts back to their usual passwords.</p>
-<p>One of these passwords happened to be the same as the password to a local user account on brutus.apache.org, and this local user account had full sudo access. The attackers were thereby able to login to brutus.apache.org, and gain full root access to the machine. This machine hosted the Apache installs of JIRA, Confluence, and Bugzilla.</p>
-<p>Once they had root on brutus.apache.org, the attackers found that several users had cached Subversion authentication credentials, and used these passwords to log in to minotaur.apache.org (aka people.apache.org), our main shell server. On minotaur, they were unable to escalate privileges with the compromised accounts.</p>
-<p>About 6 hours after they started resetting passwords, we noticed the attackers and began shutting down services. We notified Atlassian of the previously unreported XSS attack in JIRA and contacted SliceHost. Atlassian was responsive. Unfortunately, SliceHost did nothing and 2 days later, the <strong>very</strong> same virtual host (slice) <a href="http://blogs.atlassian.com/news/2010/04/oh_man_what_a_day_an_update_on_our_security_breach.html">attacked Atlassian directly</a>.</p>
-<p>We started moving services to a different machine, thor.apache.org. The attackers had root access on brutus.apache.org for several hours, and we could no longer trust the operating system on the original machine.</p>
-<p>By April 10th, JIRA and Bugzilla were back online.</p>
-<p>On April 13th, Atlassian provided a patch for JIRA to prevent the XSS attack. See
-<a href="http://jira.atlassian.com/browse/JRA-20994">JRA-20994</a> and <a href="http://jira.atlassian.com/browse/JRA-20995">JRA-20995</a> for details.
-</p>
-<p>Our Confluence wiki remains offline at this time. We are working to restore it.</p>
-<h2>What worked?</h2>
-<ul>
-<li>Limited use passwords, especially <a href="http://en.wikipedia.org/wiki/One-time_password">one-time passwords</a>, were a real lifesaver. If JIRA passwords had been shared with other services/hosts, the attackers could have caused widespread damage to the ASF's infrastructure. Fortunately, in this case, the damage was limited to rooting a single host.</li>
-<li>Service isolation worked with mixed results. The attackers must be presumed to have copies of our Confluence and Bugzilla databases, as well as our JIRA database, at this point. These databases include hashes of all passwords used on those systems. However, other services and hosts, including LDAP, were largely unaffected.</li>
-</ul>
-<h2>What didn't work?</h2>
-<ul>
-<li>The primary problem with our JIRA install is that the JIRA daemon runs as the user who installed JIRA. In this case, it runs as a jira role-account. There are historical reasons for this decision, but with 20/20 hindsight, and in light of the security issues at stake, we expect to revisit the decision!</li>
-<li>The same password should not have been used for a JIRA account as was used for sudo access on the host machine.</li>
-<li>Inconsistent application of one time passwords; We required them on other machines, but not on brutus. PAM was configured to allow optional use of OPIE, but not all of our sudoers had switched to it.</li>
-<li>SSH passwords should not have been enabled for login over the Internet. Although the Infrastructure Team had attempted to configure the sshd daemon to disable password-based logins, having <code>UsePAM yes</code> set meant that password-based logins were still possible.</li>
-<li>We use <a href="http://www.fail2ban.org">Fail2Ban</a> for many services, but we did not have it configured to track JIRA login failures.</li>
-</ul>
-<h2>What are we changing?</h2>
-<ul>
-<li>We have remedied the JIRA installation issues with our reinstall. JIRA is now installed by root and runs as a separate daemon with limited privileges.</li>
-<li>For the time being we are running JIRA in a httpd-tomcat proxy config with the following rules:
-<pre><code> &lt;pre&gt;
-</code></pre>
-<code>
- ProxyPass /jira/secure/popups/colorpicker.jsp !
- ProxyPass /jira/secure/popups/grouppicker.jsp !
- ProxyPass /jira/secure/popups/userpicker.jsp !
- ProxyPass /jira http://127.0.0.1:18080/jira
-</code>
-
-Sysadmins may find this useful to secure their JIRA installation until an upgrade is feasible.
-<pre><code>&lt;/li&gt;
-&lt;li&gt;We will be making one-time-passwords mandatory for all super-users, on all of our Linux and FreeBSD hosts.&lt;/li&gt;
-&lt;li&gt;We have disabled caching of svn passwords, and removed all currently cached svn passwords across all hosts ast the ASF via the global config &lt;code&gt;/etc/subversion/config&lt;/code&gt; file:
-
-
- &lt;pre&gt;
-</code></pre>
-<code>
-[auth]
-store-passwords = no
-</code>
-
-</li>
-<li>Use Fail2Ban to protect web application login failures from brute force attacks</li>
-</ul>
-<p>We hope our disclosure has been as open as possible and true to the ASF spirit. Hopefully others can learn from our mistakes.</p>
-</content><category term="blog"></category></entry><entry><title>ASF Buildbot svn setup</title><link href="https://infra.apache.org/blog/asf_buildbot_svn_setup.html" rel="alternate"></link><published>2010-03-29T10:25:59+00:00</published><updated>2010-03-29T10:25:59+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-03-29:/blog/asf_buildbot_svn_setup.html</id><summary type="html"><p>Here at the ASF we have a subversion setup with all our projects code in one repository, with each of those projects having their own style of trunk/branches/tags/site etc.. This works well for us, but did present us with some initial problems when setting up our Buildbot …</p></summary><content type="html"><p>Here at the ASF we have a subversion setup with all our projects code in one repository, with each of those projects having their own style of trunk/branches/tags/site etc.. This works well for us, but did present us with some initial problems when setting up our Buildbot instance to work with it.</p>
-<p>Knowing that others have the same or similar arrangement with their svn instance, we thought we would share how we got Buildbot working well for us. Note that this is not a tutorial on Buildbot, more of a quick mini guide with more code than explanation, hoping you'll work out the rest for your needs.We will be working with four files:- svn_buildbot.py, post-commit, buildbot_project_paths and master.cfg.</p>
-<p>First off, we needed to alter a section of the svn_buildbot.py file that comes in the buildbot/contrib directory. We copied this file to our svn host machine and edited this section:</p>
-<pre>def split_file_branches(changed_file, project_paths):
-<pre><code>pieces = changed_file.split(os.sep)
-#Assume the layout is something like :
-# trunk =&amp;gt; foo/bar/baz/trunk/file
-# branches/test =&amp;gt; foo/bar/baz/branches/test/file
-# Slurp everything up to one of these 2 'markers' and call that the branch
-found = False
-
-f = open(project_paths, 'r')
-for line in f.readlines():
- line = line.strip()
- regexp = re.compile(line)
- m = regexp.match(changed_file)
- if m:
- branch = m.group(1)
- path = m.group(2)
- print &amp;gt;&amp;gt; sys.stderr, &amp;quot;branch=%s, path=%s&amp;quot; % (branch, path)
- return (branch, path)
-
-
-i = 0
-for piece in pieces:
- i = i + 1
- # Find trunk, we are done
- if piece == 'trunk':
- found = True
- break
- elif piece == 'branches':
- i = i + 1
- found = True
- break
-
-# We found a layout we know, so send it to buildbot
-if found:
- branch = os.path.join(*pieces[0:i])
- path = os.path.join(*pieces[i:])
-else:
- branch = pieces[0]
- path = os.path.join(*pieces[1:])
-
-print &amp;gt;&amp;gt; sys.stderr, &amp;quot;branch=%s, path=%s&amp;quot; % (branch, path)
-return (branch, path)
-
-#return (pieces[0], os.path.join(*pieces[1:]))
-
-raise RuntimeError(&amp;quot;cannot determine branch for '%s'&amp;quot; % changed_file)
-</code></pre>
-<p>split_file = split_file_branches
-</p></pre>
-<p>Next up , the relevant entry in our subversion/hooks/post-commit file looks like this (with&nbsp;constants defined earlier in the file): </p>
-<pre> $SVNLOOK dirs-changed -r "$REV" "$REPOS" | egrep -qf "$BUILDBOT_PROJECT_PATHS" &amp;&amp;
-( $BUILDBOT --repository "$REPOS" --revision "$REV" --bbserver "$BBSERVER" --bbport "$BBPORT"
---project-paths "$BUILDBOT_PROJECT_PATHS" &gt;&gt;/var/log/svn_buildbot.log 2&gt;&amp;1 &amp; )
-</pre>
-<p>And, last but not least for the svn host side of things, our buildbot_project_paths file which contains entries such as :</p>
-<pre>^(<strong>incubator/wookie/trunk</strong>)/(.*)
-^(stdcxx/trunk)/(.*)
-^(incubator/trafficserver/traffic/trunk)/(.*)
-^(incubator/trafficserver/traffic/branches/2.0.x)/(.*)
-^(subversion/trunk)/(.*)
-</pre>
-<p>So you create an entry from the svn base directory for each projects trunk or branch that you want Buildbot to take notice of, the rest being ignored.</p>
-<p>Now, we match those buildbot_project_paths entries in our master.cfg file with an AnyBranchScheduler like this:</p>
-<pre># schedulers
-from buildbot.scheduler import AnyBranchScheduler
-<p>c['schedulers'].append(AnyBranchScheduler(name="on-wookie-commit",
-branches=["<strong>incubator/wookie/trunk</strong>"],
-treeStableTimer=2,
-builderNames=["wookie-trunk"]))</p>
-<p>#builders</p>
-<p>f28 = factory.BuildFactory()
-f28.addStep(SVN(
-mode="clobber",
-baseURL="<a href="http://svn.apache.org/repos/asf/">http://svn.apache.org/repos/asf/</a>",
-defaultBranch="<strong>incubator/wookie/trunk</strong>",
-haltOnFailure=True,
-))</p>
-<p>etc...
-</p></pre>
-<h4>Summary</h4>
-<p>So, to tie it all together, what we have done is created a workflow like this:-</p>
-<ol>
-<li>A commit happens, the post-commit file checks the buildbot_project_paths file to see if it is relevant to any of our projects. If not, nothing else happens. </li>
-<li>If we have a match then svn_buildbot.py is called, and uses the entry in buildbot_project_paths as the branch with the root dir of svn as the base, then sends these two pieces of information over to the Buildbot master. </li>
-<li>The Buildbot master checks its config, finds a match in the 'branches' entry for our AnyBranchScheduler and triggers the appropriate build. </li>
-</ol>
-<p>I hope that helps someone out there , at least, until Buildbot project changes again, it is a fast moving project currently! - 0.80 for instance has introduced the 'project' property and the 'repository' property for schedulers which may negate the need for some of this, but I haven't investigated to date. (See&nbsp;<a href="http://github.com/djmitche/buildbot/blob/buildbot-0.8.0/NEWS">http://github.com/djmitche/buildbot/blob/buildbot-0.8.0/NEWS</a>&nbsp;for more info on that.)</p>
-</content><category term="blog"></category></entry><entry><title>New secondary servers for ASF Buildbot</title><link href="https://infra.apache.org/blog/new_servers_for_asf_builbot.html" rel="alternate"></link><published>2010-03-04T22:03:23+00:00</published><updated>2010-03-04T22:03:23+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-03-04:/blog/new_servers_for_asf_builbot.html</id><summary type="html"><p>The ASF Buildbot CI instance has just launched two more secondary servers, expanding the range of platforms it can build and test on.</p>
-<p>Added are servers on the FreeBSD 8 platform (a VM on the Nyx VMware host)&nbsp;and a Solaris Zone.</p>
-<p>Projects are welcome to create an Infra issue …</p></summary><content type="html"><p>The ASF Buildbot CI instance has just launched two more secondary servers, expanding the range of platforms it can build and test on.</p>
-<p>Added are servers on the FreeBSD 8 platform (a VM on the Nyx VMware host)&nbsp;and a Solaris Zone.</p>
-<p>Projects are welcome to create an Infra issue or email the <a href="mailto:builds@apache.org">builds@apache.org</a> list asking for your project to begin CI testing on those and/or the existing Ubuntu and Windows secondary servers.</p>
-<p>&nbsp;</p>
-<p>For more information see <a href="http://ci.apache.org/buildbot.html">http://ci.apache.org/buildbot.html</a></p>
-<p>Enjoy!</p>
-</content><category term="blog"></category></entry><entry><title>The ASF LDAP system</title><link href="https://infra.apache.org/blog/the_asf_ldap_system.html" rel="alternate"></link><published>2010-02-22T22:17:39+00:00</published><updated>2010-02-22T22:17:39+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-02-22:/blog/the_asf_ldap_system.html</id><summary type="html"><p>When we decided some time ago to start using LDAP for auth{n,z} we had to come up with a sane structure. This is what we have thus far:&nbsp;</p><p>&nbsp;dc=apache,dc=org<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=people,dc=apache,dc=org <br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=groups,dc=apache,dc=org<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=people,ou=groups …</p></summary><content type="html"><p>When we decided some time ago to start using LDAP for auth{n,z} we had to come up with a sane structure. This is what we have thus far:&nbsp;</p><p>&nbsp;dc=apache,dc=org<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=people,dc=apache,dc=org <br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=groups,dc=apache,dc=org<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=people,ou=groups,dc=apache,dc=org<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | &nbsp; ou=committees,ou=groups,dc=apache,dc=org</p><p>&nbsp;As well as other OUs that contain infrastructure related objects.<br/><br/>So with "dc=apache,dc=org" being our basedn, we decided we needed to keep the structure as simple as possible and placed the following objects in the respective OUs:</p><ul><li>User accounts -&nbsp; "ou=groups,dc=apache,dc=org"</li><li>POSIX groups - "ou=groups,dc=apache,dc=org"</li><li>User Groups&nbsp; - "ou=people,ou=groups,dc=apache,dc=org"</li><li>PMC/Committee groups - "ou=committees,ou=groups,dc=apache,dc=org"</li></ul>Access to the LDAP infrastructure is connection limited to hosts within our co-location sites.&nbsp; This is essentially to help prevent unauthorised data leaving our network.&nbsp; <br/><br/>
-</content><category term="blog"></category></entry><entry><title>LDAP, groups and SVN - Coupled together</title><link href="https://infra.apache.org/blog/ldap_svn_coupled_together.html" rel="alternate"></link><published>2010-02-22T22:03:20+00:00</published><updated>2010-02-22T22:03:20+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-02-22:/blog/ldap_svn_coupled_together.html</id><summary type="html"><p>The infrastructure team have now completed the next stage of the planned LDAP migration.<br/>We have migrated our old SVN authorisation file, and POSIX groups into LDAP data.&nbsp; SVN access control is now managed using these groups.</p><p>This means to change access the Subversion repositories is now as simple as …</p></summary><content type="html"><p>The infrastructure team have now completed the next stage of the planned LDAP migration.<br/>We have migrated our old SVN authorisation file, and POSIX groups into LDAP data.&nbsp; SVN access control is now managed using these groups.</p><p>This means to change access the Subversion repositories is now as simple as changing group membership. We use some custom perl scripts that build the equivalent authorisation file meaning that we dont need to use the &lt;location&gt; blocks nasty hack to do this.&nbsp; It also means that all changes, including adding new groups and extending access control is made simple. <br/><br/>ASF PMC chairs, are now able to make changes to their POSIX, and SVN groups whilst logged into people.apache.org - using a selection of scripts:</p><ul><li>/usr/local/bin/list_unix_groups.pl</li><li>/usr/local/bin/list_committees.pl</li><li>/usr/local/bin/modify_unix_groups.pl</li><li>/usr/local/bin/modify_committees.pl</li></ul><p>All of these scripts have a '--help' option to show you how to use them. <br/><br/>What's next?&nbsp; We are now working on adding a custom ASF LDAP schema, that will allow us to record ASF specific data such as ICLA files and date of membership etc.<br/>We will also be looking at adding support for 3rd party applications such as Hudson, and building an identity management portal where people can manage their own account.<br/></p>
-</content><category term="blog"></category></entry><entry><title>SVN performance enhancements</title><link href="https://infra.apache.org/blog/svn_performance_enhancements.html" rel="alternate"></link><published>2010-02-17T00:41:04+00:00</published><updated>2010-02-17T00:41:04+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2010-02-17:/blog/svn_performance_enhancements.html</id><summary type="html"><p>Tonight we enabled a pair of Intel X25-M's to serve as <a href="http://blogs.sun.com/brendan/entry/test">l2arc cache</a> for the zfs array which contains all of our svn repositories.&nbsp; Over the next few hours as these SSD's start serving files from cache, the responsiveness and overall performance of svn on eris (our master US-based server …</p></summary><content type="html"><p>Tonight we enabled a pair of Intel X25-M's to serve as <a href="http://blogs.sun.com/brendan/entry/test">l2arc cache</a> for the zfs array which contains all of our svn repositories.&nbsp; Over the next few hours as these SSD's start serving files from cache, the responsiveness and overall performance of svn on eris (our master US-based server) should be noticeably better than it has been lately.</p><p>In addition we are planning to install 16GB of extra RAM into eris to improve zfs performance even further, but for now we are hopeful that committers will appreciate the performance we've added tonight.</p><p><br/>&nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>What can the ASF Buildbot do for your project?</title><link href="https://infra.apache.org/blog/what_can_the_asf_buildbot.html" rel="alternate"></link><published>2009-11-09T13:01:12+00:00</published><updated>2009-11-09T13:01:12+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-11-09:/blog/what_can_the_asf_buildbot.html</id><summary type="html"><p>The below information has just been published to the main&nbsp; ASF Buildbot URI <a href="http://ci.apache.org/buildbot.html" title="ASF Buildbot">ci.apache.org/buildbot.html</a>.</p><p>A summary of just some of the things the ASF Buildbot can do for your project:
- </p><ul><li>Perform per commit build &amp; test runs for your project</li><li>Not just svn! - Buildbot can pull in …</li></ul></summary><content type="html"><p>The below information has just been published to the main&nbsp; ASF Buildbot URI <a href="http://ci.apache.org/buildbot.html" title="ASF Buildbot">ci.apache.org/buildbot.html</a>.</p><p>A summary of just some of the things the ASF Buildbot can do for your project:
- </p><ul><li>Perform per commit build &amp; test runs for your project</li><li>Not just svn! - Buildbot can pull in from your Git/Mercurial branches too!</li><li>Build and Deploy your website to a staging area for review</li><li>Build and Deploy your website to mino (people) for syncing live</li><li>Automatically Build and Deploy Snapshots to Nexus staging area.</li><li>Create Nightly and historical zipped/tarred snapshot builds for download</li><li>Builds can be triggered manually from within your own freenode #IRC Channel</li><li>An IRCBot can report on success/failures of a build instantly</li><li>Build Success/Failures can go to your dev/notification mailing list</li><li>Perform multiple builds of an svn/git commit on multiple platforms asynchronously</li><li>ASF Buildbot uses the latest <a href="http://incubator.apache.org/rat" title="Incubating RAT project">RAT</a> build to check
- for license header issues for all your files.
- </li><li>RAT Reports are published live instantly to ci.apache.org/$project/rat-report.[txt|html]</li><li>As indicated above, plain text or html versions of RAT reports are published.</li><li>[Coming Soon] - RAT Reports sent to your dev list, only new failures will be listed.</li><li>[Coming Soon] - Email a patch with inserted ASL 2.0 Headers into your failed files!!</li><li>Currently Buildbot has Ubuntu 8.04, 9.04 and Windows Server 2008 Slaves</li><li>[Coming Soon] - ASF Buildbot will soon have Solaris, FreeBSD 8 and Windows 7 Slaves</li></ul>
-<pre><code>&lt;p&gt;Dont see a feature that you need? Join the &lt;a href="mailto:builds-subscribe@apache.org" title="Email Link to the builds subscribe list"&gt;builds.at.apache.org&lt;/a&gt;
-mailing list and request it now, or file a &lt;a href="http://issues.apache.org/jira/browse/INFRA/component/12312782"&gt;Jira Ticket.&lt;/a&gt;&lt;/p&gt;
-&lt;p&gt;Help is always on hand on the &lt;a href="mailto:builds@apache.org"&gt;builds.at.apache.org&lt;/a&gt; mailing list for any problems or
-build configuration issues/requests. Or try the #asftest channel on irc.freenode.net for live support.&lt;/p&gt;
-
-&lt;p&gt;So now you want your project to use Buildbot? No problem, best way is to file a &lt;a href="http://issues.apache.org/jira/browse/INFRA/component/12312782"&gt;Jira Ticket.&lt;/a&gt;
- and count to 10 (well maybe a bit longer but it won't be long before you are up and running).&lt;/p&gt;
-</code></pre>
-</content><category term="blog"></category></entry><entry><title>DDOS mystery involving Linux and mod_ssl</title><link href="https://infra.apache.org/blog/ddos_mystery_involving_linux_and.html" rel="alternate"></link><published>2009-10-12T01:53:03+00:00</published><updated>2009-10-12T01:53:03+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-10-12:/blog/ddos_mystery_involving_linux_and.html</id><summary type="html"><p>In the first week of October we started getting reports of performance issues, mainly connection timeouts, on all of our services hosted at <a href="https://issues.apache.org" title="https://issues.apache.org/">https://issues.apache.org/</a>.&nbsp; On further inspection we noticed a huge amount of "Browser disconnect" errors in the error log right at the beginning of the ssl …</p></summary><content type="html"><p>In the first week of October we started getting reports of performance issues, mainly connection timeouts, on all of our services hosted at <a href="https://issues.apache.org" title="https://issues.apache.org/">https://issues.apache.org/</a>.&nbsp; On further inspection we noticed a huge amount of "Browser disconnect" errors in the error log right at the beginning of the ssl transaction, on the order of 50 connections / second.&nbsp; This was grinding the machine to a standstill, so we wrote a quick and dirty <a href="http://people.apache.org/~joes/ddos_accept.pl">perl script</a> to investigate the matter.&nbsp; Initial reports indicated a ddos attack from nearly 100K machines targeting Apache + mod_ssl's accept loop, and the script was tweaked to filter out that traffic before proxying the connections to httpd.</p><p>As we started getting a picture of the IP space conducting the attack, the prognosis looked rather bleak: more and more IP's were getting involved and the ddos traffic continued to increase, getting to the point where Linux was shutting down the ethernet interface.&nbsp; So we then rerouted the traffic to an available FreeBSD machine, which did a stellar job of filtering out the traffic at the kernel level.&nbsp; We unfortunately didn't quite realize how good a job FreeBSD was doing, and for a time we were operating under the impression that the ddos was ending.&nbsp; So we eventually moved the traffic back to brutus, the original Linux host, and <a href="http://people.apache.org/~joes/avoid_dos_2.2.x-try2.diff">patched httpd</a> using code developed by Ruediger Pluem.<br/></p><p>And back came the ddos traffic.&nbsp; In a few days the rate of closed connections had nearly doubled, so we had little choice but to start dumping the most frequent IP addresses into iptables DROP rules.&nbsp; 5000 rules cut the traffic by 2/3 in an instant.&nbsp; But the problem was growing- our logs indicated there were now over 300K addresses participating in the attack.</p><p>We started looking closer at the IP's in an attempt to correlate them with regular http requests.&nbsp;&nbsp; The only pattern that seemed to emerge was that many of the IP's in question we're also generating spartan&nbsp; "GET / HTTP/1.1" requests with a single Host: <a href="http://140.211.11.140">140.211.11.140</a> header to port 443.&nbsp;&nbsp; Backtracking through a year of logs revealed that these spartan requests had been going on since August 6, 2008.&nbsp; The IP's originating these requests were as varied as, and more often that not matched up with, the rapid closed connection traffic we started seeing in October.<br/></p><p>So what exactly is going on here?&nbsp; The closed connection traffic continues to rise, and the origin of the associated spartan requests is currently unknown.</p>
-</content><category term="blog"></category></entry><entry><title>apache.org incident report for 8282009</title><link href="https://infra.apache.org/blog/apache_org_downtime_report.html" rel="alternate"></link><published>2009-09-02T08:56:09+00:00</published><updated>2009-09-02T08:56:09+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-09-02:/blog/apache_org_downtime_report.html</id><summary type="html"><p>Last week we <a href="https://blogs.apache.org/infra/entry/apache_org_downtime_initial_report">posted about the security breach</a> that caused us to temporarily suspend some services.&nbsp; All services
-have now been restored. We have analyzed the events that led to the breach, and continued to work on improving the security of our systems.<br/></p>
-<p><strong>NOTE</strong>: At
-no time were any Apache …</p></summary><content type="html"><p>Last week we <a href="https://blogs.apache.org/infra/entry/apache_org_downtime_initial_report">posted about the security breach</a> that caused us to temporarily suspend some services.&nbsp; All services
-have now been restored. We have analyzed the events that led to the breach, and continued to work on improving the security of our systems.<br/></p>
-<p><strong>NOTE</strong>: At
-no time were any Apache Software Foundation code repositories, downloads, or users put at risk by this intrusion. However, we believe that providing a detailed account
-of what happened will make the internet a better place, by allowing others to learn from our mistakes.</p>
-<h2>What Happened?</h2>
-<p>Our initial running theory was correct--the server that hosted
-the apachecon.com (dv35.apachecon.com) website had been compromised. The machine was running CentOS, and we
-suspect they may have used the recent local root exploits <a href="https://rhn.redhat.com/errata/RHSA-2009-1222.html">patched in RHSA-2009-1222</a> to escalate their privileges on this machine. The attackers fully compromised
-this machine, including gaining root privileges, and destroyed most of
-the logs, making it difficult for us to confirm the details of
-everything that happened on the machine.&nbsp;</p><p>This machine is owned by the ApacheCon conference production company,
-not by
-the Apache Software Foundation. However, members of the ASF
-infrastructure team had accounts on this machine, including one used to
-create backups.</p><p>The
-attackers attempted unsuccessfully to use passwords from the compromised ApacheCon
-host to log on to our production webservers.&nbsp; Later, using the SSH Key of the backup account, they were able to access
-people.apache.org (minotaur.apache.org). This account was an unprivileged user, used
-to create backups from the ApacheCon host.<br/></p><p>minotaur.apache.org runs FreeBSD 7-STABLE, and acts as the staging machine for our mirror
-network. It is
-our primary shell account server, and provides many other services for Apache developers. None of our Subversion (version control) data is kept on this machine, and there was never any risk to any Apache source code.<br/></p><p>Once
-the attackers had gained shell access, they added CGI scripts to the document root folders of
-several of our websites. A regular, scheduled rsync process copied these scripts to our
-production web server, eos.apache.org, where they became externally
-visible. The CGI scripts were used to obtain remote shells, with information sent using HTTP POST commands. </p><p>Our download pages are
-dynamically generated, to enable us to present users with a local mirror of our software. This means that all of our domains have <a href="http://httpd.apache.org/docs/2.2/mod/core.html#options">ExecCGI enabled</a>, making it harder for us to protect against an attack of this nature.<br/></p><p>After
-discovering the CGI scripts, the infrastructure team decided to shutdown
-any servers that could potentially have been affected. This included people.apache.org, and both the EU
-and US website servers. All website traffic was redirected to a known-good
-server, and a temporary security message was put in place to let people
-know we were aware of an issue.</p><p>One by one, we brought the potentially-affected servers up, in single user mode, using our out of band access. It quickly became clear that aurora.apache.org, the EU website server, had not been affected. Although the CGI scripts had been rsync'd to that machine, they had never been run. This machine was not included in the DNS rotation at the time of the attack.</p><p>aurora.apache.org runs Solaris 10, and we were
-able to restore the box to a known-good configuration by cloning
-and promoting a ZFS snapshot from a day before the CGI scripts were synced
-over. Doing so enabled us to bring the EU server back online, and to rapidly restore our main websites. Thereafter, we continued to analyze the cause of the breach, the method of access, and which, if any, other machines had been compromised.<br/></p><p>Shortly after bringing up
-aurora.apache.org we determined that the most likely route of the breach was
-the backup routine from dv35.apachecon.com. We grabbed all the
-available logs from dv35.apachecon.com, and promptly shut it down.<br/></p><p>Analysis continued on minotaur.apache.org and eos.apache.org (our US
-server), until we were confident that all remnants of the attackers had been removed. As each server was declared clean, it was brought back online.<br/></p><h2>What worked?</h2><ul><li>The use of ZFS snapshots enabled us to restore the EU production web server to a known-good state.</li><li>Redundant
-services in two locations allowed us to run services from an alternate
-location while continuing to work on the affected servers and services.</li><li>A non-uniform set of compromised machines
-(Linux/CentOS i386, FreeBSD-7 amd_64, and Solaris 10 on sparc) made it
-difficult for the attackers to escalate privileges on multiple machines.</li></ul><h2>What didn't work?</h2><ul><li>The
-use of SSH keys facilitated this attack. In hindsight, our implementation left a lot to be
-desired--we did not restrict SSH keys appropriately, and we were
-unaware of their misuse.<br/></li><li>The rsync setup, which uses people.apache.org to manage the deployment of our websites, enabled the attackers to get their files onto the US mirror, undetected.</li><li>The ability to run CGI scripts in any virtual host, when most of our websites do not need this functionality, made us unnecessarily vulnerable to an attack of this nature.<br/></li><li>The lack of logs from the ApacheCon host prevents us from conclusively determining the full
-course of action taken by the attacker. All but one log file were deleted by the attacker, and logs were not kept off the machine.</li></ul><br/><h2>What changes we are making now?</h2>As a result of
-this intrusion we are making several changes, to help further secure our
-infrastructure from such issues in the future. These changes include the following:<ul><li>Requiring all users with <a href="http://www.freebsd.org/doc/en/books/handbook/one-time-passwords.html">elevated privileges to use OPIE for sudo</a> on certain machines.&nbsp; We already require this in some places, but will expand its use as necessary.<br/></li><li>Recreating
-and using new SSH keys, one per host, for backups.&nbsp; Also enforcing use of the
-from="" and command="" strings in the authorized keys file on the
-destination backup server. In tandem with access restrictions which only allow connections
-from machines that are actually backing up data, this will prevent 3rd party
-machines from being able to establish an SSH connection.&nbsp; <br/></li><ul><li>The
-command="" string in the authorized_keys file is now explicit, and only allows one way rsync traffic, due to the paths and flags used.</li><li>New keys have been generated for all hosts, with a minimum key length of at least 4096 bits .</li></ul><li>The
-VM that hosted the old apachecon.com site remains powered down, awaiting
-further detailed analysis.&nbsp; The apachecon.com website has been re-deployed on a
-new VM, with a new provider and different operating system.<br/></li><li>We are looking at disabling CGI support on most of our website systems.&nbsp; This has led to the creation of <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/projects/mod_asf_mirrorcgi/mod_asf_mirrorcgi.c">a new httpd module</a> that will handle things like mirror locations for downloads.<br/></li><li>The
-method by which most of our public facing websites are deployed to our production servers will also change, becoming a much more automated process. We hope to have switched over to a <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/projects/svnpubsub/svnpubsub.py">SvnSubPub</a> / <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/projects/svnpubsub/svnwcsub.py">SvnWcSub</a> based system within the next few weeks. <br/></li><li>We will re-implement measures such as IP banning after several failed logins, on all machines.&nbsp;</li><li>A
-proposal has been made to introduce centralized logging. This would include all system logs, and possibly also services such as smtpd and httpd.<br/></li></ul><p><br/><br/></p>
-</content><category term="blog"></category></entry><entry><title>apache.org downtime - initial report</title><link href="https://infra.apache.org/blog/apache_org_downtime_initial_report.html" rel="alternate"></link><published>2009-08-28T12:33:19+00:00</published><updated>2009-08-28T12:33:19+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-08-28:/blog/apache_org_downtime_initial_report.html</id><summary type="html"><p>This is a short overview of what happened on Friday August 28 2009
-to the apache.org services.&nbsp; A more detailed post will come at a later
-time after we complete the audit of all machines involved.</p><p> On August 27th, starting at
-about 18:00 UTC an account used for …</p></summary><content type="html"><p>This is a short overview of what happened on Friday August 28 2009
-to the apache.org services.&nbsp; A more detailed post will come at a later
-time after we complete the audit of all machines involved.</p><p> On August 27th, starting at
-about 18:00 UTC an account used for automated backups for the ApacheCon
-website hosted on a 3rd party hosting provider was used to upload files
-to minotaur.apache.org.&nbsp; The account was accessed using SSH key
-authentication from this host.<br/></p><p><b>To the best of our knowledge at this time, no end users were affected by this incident,&nbsp; and the attackers were not able to escalate their
-privileges on any machines.</b></p><b>While we have no evidence that downloads were affected, users are always advised to check digital
-signatures where provided.</b><p>minotaur.apache.org runs
-FreeBSD 7-STABLE and is more widely known as people.apache.org.&nbsp;
-Minotaur serves as the seed host for most apache.org websites, in
-addition to providing shell accounts for all Apache committers.</p><p>The
-attackers created several files in the directory containing files for
-www.apache.org, including several CGI scripts.&nbsp; These files were then
-rsynced to our production webservers by automated processes.&nbsp; At about
-07:00 on August 28 2009 the attackers accessed these CGI scripts over
-HTTP, which spawned processes on our production web services. </p><p>At about 07:45 UTC we noticed these rogue processes on eos.apache.org, the Solaris 10 machine that normally serves our websites.</p><p>Within the next 10 minutes we decided to shutdown all machines involved as a precaution.</p><p>After
-an initial investigation we changed DNS for most apache.org services to
-eris.apache.org, a machine not affected and provided a basic downtime
-message.</p><p>After investigation, we determined that our European fallover and backup machine, aurora.apache.org, was not affected.&nbsp;&nbsp; While
-the some files had been copied to the machine by automated rsync
-processes, none of them were executed on the host, and we restored from
-a ZFS snapshot to a version of all our websites before any accounts
-were compromised.</p><p>At this time several machines remain offline, but most user facing websites and services are now available.</p><p>We will provide more information as we can.<br/></p><p>&nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>Relaying mail from apache.org.</title><link href="https://infra.apache.org/blog/relaying_mail_from_apache_org.html" rel="alternate"></link><published>2009-08-01T12:24:57+00:00</published><updated>2009-08-01T12:24:57+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-08-01:/blog/relaying_mail_from_apache_org.html</id><summary type="html"><p>One of the more common issues committers face at Apache is in trying to send mail from their apache.org account.&nbsp; We've just made that process a whole lot easier by setting up an SSL-enabled, smtp-auth based mail submission service on people.apache.org port 465; which is compatible with …</p></summary><content type="html"><p>One of the more common issues committers face at Apache is in trying to send mail from their apache.org account.&nbsp; We've just made that process a whole lot easier by setting up an SSL-enabled, smtp-auth based mail submission service on people.apache.org port 465; which is compatible with gmail's <a href="http://gmailblog.blogspot.com/2009/07/send-mail-from-another-address-without.html">recently announced feature</a> to allow outbound mail from your apache.org address to be directed to people.apache.org, instead of to a gmail server, for delivery.&nbsp; Say goodbye to all the ezmlm moderation battles: your SMTP envelope sender will now match your From header!<br/></p><p>In the future we may wish to tighten up the SPF records for apache.org, so please take advantage of this new service for all outbound delivery of your personal apache.org email.<br/>&nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>Public Preview of Drafts feature added to ASF Roller instance</title><link href="https://infra.apache.org/blog/public_preview_of_drafts_feature.html" rel="alternate"></link><published>2009-07-15T06:59:48+00:00</published><updated>2009-07-15T06:59:48+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-07-15:/blog/public_preview_of_drafts_feature.html</id><summary type="html"><hr/>
-**Note**: Until June, 2023, the ASF supported using Apache Roller for project blogs. That support has ended. Please visit <a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a> for more information about blogs for projects.
-<hr/>
-<p>Previously, to be able to preview a draft post by any Roller Blog, one had to be a member user of that …</p></summary><content type="html"><hr/>
-**Note**: Until June, 2023, the ASF supported using Apache Roller for project blogs. That support has ended. Please visit <a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a> for more information about blogs for projects.
-<hr/>
-<p>Previously, to be able to preview a draft post by any Roller Blog, one had to be a member user of that blog.</p><p>For those that would like an easy way to post previews of drafts for lazy consensus or voting, a script has been setup to allow the preview url that Roller generates to be shared publicly. &nbsp;For example:</p><p>&nbsp;&nbsp; (roller preview url)<br/>&nbsp;&nbsp; &nbsp;<span class="Apple-style-span" style="color: rgb(34, 34, 34); font-family: 'Helvetica Neue'; font-size: 13px; "><a href="https://blogs.apache.org/roller-ui/authoring/preview/test/?previewEntry=testing">https://blogs.apache.org/roller-ui/authoring/preview/test/?previewEntry=testing</a></span></p><p>&nbsp;&nbsp; (public preview url)<br/>&nbsp;&nbsp; &nbsp;<a href="https://blogs.apache.org/preview/test/?previewEntry=testing"><span class="Apple-style-span" style="font-size: small; ">https://blogs.apache.org/preview/test/?previewEntry=testing</span></a></p><p>A typical process is to create the blog post, set it up to publish in&nbsp;3-4 days via the "Advanced Settings", then post the modified preview URL to your dev@ list with the anticipated publish date for lazy consensus.</p><p>Projects must opt-in by adding the "preview" user with "Limited" access.</p><p>Details here:</p><p><a href="http://www.apache.org/dev/blogs.html">http://www.apache.org/dev/blogs.html&nbsp;</a></p>
-</content><category term="blog"></category></entry><entry><title>Confluence 2.10 migration for cwiki.a.o 11 July1</title><link href="https://infra.apache.org/blog/confluence_2_10_migration_for.html" rel="alternate"></link><published>2009-07-07T07:04:25+00:00</published><updated>2009-07-07T07:04:25+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-07-07:/blog/confluence_2_10_migration_for.html</id><summary type="html"><p>
-The ASF Infrastructure Team will be upgrading the Confluence instance powering <a href="http://cwiki.apache.org">http://cwiki.apache.org</a> from Confluence 2.2.9 to <a href="http://confluence.atlassian.com/display/DOC/Confluence%202.10%20Release%20Notes">Confluence 2.10.3</a> on July 11 at 0400 UTC, or July 10 at 2100 PST.&nbsp; The migration is expected to take several hours. &nbsp;<br/><br/>If you haven't already, this …</p></summary><content type="html"><p>
-The ASF Infrastructure Team will be upgrading the Confluence instance powering <a href="http://cwiki.apache.org">http://cwiki.apache.org</a> from Confluence 2.2.9 to <a href="http://confluence.atlassian.com/display/DOC/Confluence%202.10%20Release%20Notes">Confluence 2.10.3</a> on July 11 at 0400 UTC, or July 10 at 2100 PST.&nbsp; The migration is expected to take several hours. &nbsp;<br/><br/>If you haven't already, this would be a good time to check the test migration instance at:<br/><br/><a href="http://confluence-test.zones.apache.org:8080">http://confluence-test.zones.apache.org:8080</a><br/><br/>Exported pages can be found at http://confluence-test.zones.apache.org:8080/export/SPACE_KEY/PAGE_TITLE.html&nbsp;&nbsp; If in doubt, find your existing exported pages at <a href="http://cwiki.apache.org/">http://cwiki.apache.org/</a>, so:<br/><br/><a href="http://cwiki.apache.org/WW/home.html">http://cwiki.apache.org/WW/home.html</a><br/><br/>will become<br/><br/><a href="http://confluence-test.zones.apache.org:8080/export/WW/home.html">http://confluence-test.zones.apache.org:8080/export/WW/home.html</a><br/><br/>As much as possible, the space export templates will be preserved in the migration, although changes to the Confluence UI will mean the exports will look different.<br/><br/>Further updates with regards to the Confluence 2.10.3 migration will posted to this blog.</p><h4>Update 11-07-2009</h4><p>The Confluence 2.10.3 upgrade has been completed and all spaces have been exported.&nbsp; There are a few things to note:</p><ol><li>The Gliffy license is out of date.&nbsp; I'll try to track down a new one.</li><li>The visibility plugin doesn't support Confluence 2.10.3.&nbsp; Not sure if anyone uses it, however.</li><li>The exported html, as warned, generally looks a bit different.&nbsp; Let me know if you have any issues tweaking your template.</li></ol><h4>Update 11-07-2009 part 2</h4><p>If, for some reason, your templates didn't get copied over or the exported site is so messed up you need the old version, the old files are available:</p><ul><li><i>Autoexport templates</i> - <a href="http://cwiki.apache.org/autoexport-2.2.9-templates">http://cwiki.apache.org/autoexport-2.2.9-templates</a></li><li><i>Autoexport-generated html</i> - <a href="http://cwiki.apache.org/autoexport-2.2.9">http://cwiki.apache.org/autoexport-2.2.9</a></li></ul><h4>Update 14-07-2009</h4>The Gliffy folks were kind enough to give us a new license.&nbsp; Please re-export any applicable spaces.<br/>
-</content><category term="blog"></category></entry><entry><title>It's official, we now have LDAP running!</title><link href="https://infra.apache.org/blog/it_s_official_we_now.html" rel="alternate"></link><published>2009-05-21T16:01:19+00:00</published><updated>2009-05-21T16:01:19+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-05-21:/blog/it_s_official_we_now.html</id><summary type="html"><p>Earlier this week the Infrastructure team rolled out phase one of the planned LDAP services. &nbsp;</p><p>We are using LDAP for authentication of shell accounts. &nbsp;For now this is the extent of the implementation, however the next phase should follow this quite quickly. </p><p>The next phase will involve moving to LDAP …</p></summary><content type="html"><p>Earlier this week the Infrastructure team rolled out phase one of the planned LDAP services. &nbsp;</p><p>We are using LDAP for authentication of shell accounts. &nbsp;For now this is the extent of the implementation, however the next phase should follow this quite quickly. </p><p>The next phase will involve moving to LDAP to manage access to our subversion repositories. This is a slightly more complicated migration as we currently use an SVNAuthz file, that contains the appropriate groups and their memberships. &nbsp;We are currently working on a new template system where by changes to LDAP will trigger a build of the SVNAuthz file based on groups in LDAP. &nbsp;This means we must watch LDAP changes, work on a template system, and if a new version of the template is checked into Subversion we need to trigger a build again. &nbsp;This is a work in progress at the moment.&nbsp;</p><p>If you find yourself in the position of needing to change your shell account password you can do it by doing this on the command line "ldappasswd -W -S -A -D uid=availid,ou=people,dc=apache,dc=org" &nbsp;-- Where availid is your ASF username. &nbsp; For example &nbsp;"ldappasswd -W -S -A -D uid=pctony,ou=people,dc=apache,dc=org". &nbsp;This is far from an elegant solution, but for now it works. &nbsp;You will be required to enter and confirm your current password, and then enter and confirm your new password choice, followed by your LDAP password (this is your old password) .</p><p>We are working on a web portal that will allow users to edit attributes, such as forwarding address, password, etc. &nbsp;This will be made available as soon as it is ready. &nbsp;If you don't know your current password, then you will need to email &nbsp;root@ as per usual.&nbsp;</p><p>You can follow the trials and tribulations of the rollout on my personal <a href="http://blog.pc-tony.com">blog</a> &nbsp;</p>
-</content><category term="blog"></category></entry><entry><title>Git support at Apache</title><link href="https://infra.apache.org/blog/git_at_apache.html" rel="alternate"></link><published>2009-05-03T22:22:57+00:00</published><updated>2009-05-03T22:22:57+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2009-05-03:/blog/git_at_apache.html</id><summary type="html"><p><a href="http://git-scm.com/">Git</a> is a new version control system that has been getting increasingly popular during the past few years. Many Apache contributors have also expressed interested in using Git for working with Apache codebases. While the canonical location of all Apache source code is our Subversion repository, we also want to …</p></summary><content type="html"><p><a href="http://git-scm.com/">Git</a> is a new version control system that has been getting increasingly popular during the past few years. Many Apache contributors have also expressed interested in using Git for working with Apache codebases. While the canonical location of all Apache source code is our Subversion repository, we also want to support developers who prefer to use Git as their version control tool.</p><p>Based on work by volunteers on the <a href="http://www.apache.org/dev/infra-mail.html">infrastructure-dev@ mailing list</a>, we have recently set up read-only Git mirrors of many Apache codebases at <a href="http://git.apache.org/">http://git.apache.org/</a>.&nbsp;These mirrors contain the full version histories (including all branches and tags) of the mirrored codebases and are updated in near real time based on the latest svn commits.</p><p>See the <a href="http://www.apache.org/dev/git.html">documentation</a> and <a href="http://wiki.apache.org/general/GitAtApache">wiki</a> pages for more details about this service and how to best use it. We are also open to good ideas on how to extend or improve this service. Please join the infrastructure-dev@ mailing list for the ongoing discussion!</p>
-</content><category term="blog"></category></entry></feed>
\ No newline at end of file
+</ul></content><category term="blog"></category></entry><entry><title>Infra blogs has a new home</title><link href="https://infra.apache.org/blog/infra-blogs-has-a-new-home.html" rel="alternate"></link><published>2022-10-24T12:54:00+00:00</published><updated>2022-10-24T12:54:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2022-10-24:/blog/infra-blogs-has-a-new-home.html</id><content type="html"><p>Just moved posts over from blogs.apache.org/infra. New posts all go through the infrastructure-website repo and it should be as easy as posting some markdown.</p></content><category term="blog"></category></entry><entry><title>index</title><link href="https://infra.apache.org/blog/index.html" rel="alternate"></link><published>2020-02-02T00:00:00+00:00</published><updated>2020-02-02T00:00:00+00:00</updated><author><name></name></author><id>tag:infra.apache.org,2020-02-02:/blog/index.html</id><content type="html"></content><category term="blog"></category></entry></feed>
\ No newline at end of file
diff --git a/output/fingerprints.html b/output/fingerprints.html
index 2651dbb..5833979 100644
--- a/output/fingerprints.html
+++ b/output/fingerprints.html
@@ -76,6 +76,7 @@
<style type="text/css">
table { font-size: 12px }
</style>
+
<h3>FreeBSD:</h3>
<table>
<thead>
@@ -98,9 +99,9 @@
<td>baldr</td>
<td>9.1-RELEASE</td>
<td>DPE 1950</td>
-<td><a href="mailto:E5420@2.50GHz">E5420@2.50GHz</a> 2x4=8</td>
+<td>E5420@2.50GHz 2x4=8</td>
<td>4x2@667MHz + 4x4@667MHz=24GB</td>
-<td><a href="mailto:2x931GB@7.2k">2x931GB@7.2k</a> gpt+zmirror</td>
+<td>2x931GB@7.2k gpt+zmirror</td>
<td></td>
<td>Jails - Services</td>
<td>OSUOSL</td>
@@ -111,10 +112,10 @@
<td>minotaur</td>
<td>9.1-RELEASE</td>
<td>HP DL580G7</td>
-<td><a href="mailto:E7540@2.00GHz">E7540@2.00GHz</a> 4x2x6=48</td>
+<td>E7540@2.00GHz 4x2x6=48</td>
<td>8*4@1333MHz = 32GB</td>
<td>4x146GB@10k</td>
-<td>Powervault 220S:<a href="mailto:15x500GB@7.2k">15x500GB@7.2k</a> raidz2 + 2x120GB SSD l2arc</td>
+<td>Powervault 220S:15x500GB@7.2k raidz2 + 2x120GB SSD l2arc</td>
<td>e-mail, SSH, seed</td>
<td>OSUOSL</td>
<td>2011/04</td>
@@ -124,9 +125,9 @@
<td>eos</td>
<td>9.1-RELEASE</td>
<td>DPE r410</td>
-<td><a href="mailto:X5550@2.67GHz">X5550@2.67GHz</a> 2x4x2=16</td>
+<td>X5550@2.67GHz 2x4x2=16</td>
<td>6x8@1333MHz = 48GB</td>
-<td><a href="mailto:2x160GB@7.2k">2x160GB@7.2k</a> gpt+zmirror</td>
+<td>2x160GB@7.2k gpt+zmirror</td>
<td>Storform D55J:10x300GB@10k +2x75GB SSD raidz2 l2 arch</td>
<td>US: www, rsync, mod_mbox, wiki</td>
<td>OSUOSL</td>
@@ -137,7 +138,7 @@
<td>metis</td>
<td>9.1-RELEASE</td>
<td>DPE r510</td>
-<td><a href="mailto:X5650@2.66GHz">X5650@2.66GHz</a> 2x6=12</td>
+<td>X5650@2.66GHz 2x6=12</td>
<td>8x4@1333MHz = 32GB</td>
<td>6x600GB@15k 2x100GB SSD</td>
<td></td>
@@ -150,7 +151,7 @@
<td>harmonia</td>
<td>9.1-RELEASE</td>
<td>DPE r510</td>
-<td><a href="mailto:E5649@2.53GHz">E5649@2.53GHz</a> 2x6=12</td>
+<td>E5649@2.53GHz 2x6=12</td>
<td>6x4@1333MHz = 24GB</td>
<td>2x300GB SAS@15k, 2x100GB SSD, 6x2TB SATA</td>
<td></td>
@@ -158,7 +159,9 @@
<td>FUB</td>
<td>2012/06</td>
<td>svn</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>SunOS:</h3>
<table>
<thead>
@@ -193,7 +196,9 @@
<td>OSUOSL</td>
<td>2008/07</td>
<td>dist</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>Ubuntu:</h3>
<table>
<thead>
@@ -216,7 +221,7 @@
<td>arcas</td>
<td>12.04.2 LTS</td>
<td>r410</td>
-<td><a href="mailto:X5550@2.67GHz">X5550@2.67GHz</a> 2x4x2=16</td>
+<td>X5550@2.67GHz 2x4x2=16</td>
<td>8x8GB@1333MHz = 64GB</td>
<td></td>
<td></td>
@@ -229,7 +234,7 @@
<td>crius</td>
<td>12.04.5 LTS</td>
<td>r720</td>
-<td><a href="mailto:E5-2665@2.6GHz">E5-2665@2.6GHz</a></td>
+<td>E5-2665@2.6GHz</td>
<td>4x16=64 @ 1600MHz</td>
<td>1x200SSD + 2x300SAS RAID1 + 5 x 600SAS</td>
<td></td>
@@ -359,7 +364,7 @@
<td>themis</td>
<td>14.04 LTS</td>
<td>DPE r720</td>
-<td><a href="mailto:E5-2665@2.4GHz">E5-2665@2.4GHz</a> 2x6=12</td>
+<td>E5-2665@2.4GHz 2x6=12</td>
<td>32x8GB@1600MHz = 256GB</td>
<td>6x300GB SSD</td>
<td></td>
@@ -367,7 +372,9 @@
<td>OSUOSL</td>
<td>2014/08</td>
<td>tlp</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>MacOSX:</h3>
<table>
<thead>
@@ -392,7 +399,9 @@
<td>OSUOSL</td>
<td>2010/07</td>
<td>ci</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>vCenter</h3>
<table>
<thead>
@@ -415,9 +424,9 @@
<td>aether</td>
<td>Win 2k8</td>
<td>DPE r210</td>
-<td><a href="mailto:X3430@2.4GHz">X3430@2.4GHz</a> 1x4=4</td>
+<td>X3430@2.4GHz 1x4=4</td>
<td>8x2@1333MHz = 16GB</td>
-<td><a href="mailto:2x500GB@7.2k">2x500GB@7.2k</a></td>
+<td>2x500GB@7.2k</td>
<td>None</td>
<td>VM mgmt</td>
<td>OSUOSL</td>
@@ -428,9 +437,9 @@
<td>erebus</td>
<td>ESX</td>
<td>DPE r515</td>
-<td><a href="mailto:4176HE@2.4GHz">4176HE@2.4GHz</a> 2x6x1=12</td>
+<td>4176HE@2.4GHz 2x6x1=12</td>
<td>8x8GB@1333MHz = 64GB</td>
-<td><a href="mailto:1x2TB@7.2k">1x2TB@7.2k</a></td>
+<td>1x2TB@7.2k</td>
<td>TBD</td>
<td>VM host</td>
<td>OSUOSL</td>
@@ -441,7 +450,7 @@
<td>eirene</td>
<td>ESX</td>
<td>DPE r720</td>
-<td><a href="mailto:E5-2665@2.4GHz">E5-2665@2.4GHz</a> 2x8x2=32</td>
+<td>E5-2665@2.4GHz 2x8x2=32</td>
<td>256GB</td>
<td>? = 830GB</td>
<td>? = 2 x 1.6TB</td>
@@ -454,7 +463,7 @@
<td>phanes</td>
<td>ESX</td>
<td>DPE r510</td>
-<td><a href="mailto:X5670@2.93GHz">X5670@2.93GHz</a> 2x6x2=24</td>
+<td>X5670@2.93GHz 2x6x2=24</td>
<td>8x16@1066MHz</td>
<td>2x300GB@10k</td>
<td>(chaos) SM Storform iServ R518.v2.1. 3 x 120GB SSD Front : 24 x 1TB SAS</td>
@@ -462,7 +471,9 @@
<td>OSUOSL</td>
<td>2012/05</td>
<td>vms</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>Virtual Machines:</h3>
<table>
<thead>
@@ -791,7 +802,9 @@
<td></td>
<td>PNAP</td>
<td>pnapvm</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>Zones:</h3>
<table>
<thead>
@@ -886,7 +899,9 @@
<td>TLP playground</td>
<td>SARA</td>
<td>odynezone</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>Jails - Services</h3>
<table>
<thead>
@@ -923,7 +938,9 @@
<td>pear.a.o</td>
<td>OSUOSL</td>
<td>baldrjail</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>Hardware:</h3>
<table>
<thead>
@@ -991,7 +1008,9 @@
<td>VPN</td>
<td>OSUOSL</td>
<td>2010/04</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>Deprecated</h3>
<table>
<thead>
@@ -1022,7 +1041,9 @@
<td>OSUOSL</td>
<td>2007/12</td>
<td></td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>SSH RSA Keys:</h3>
<table>
<thead>
@@ -1091,7 +1112,9 @@
<tr>
<td>whimsy-vm3</td>
<td>2048 8c:72:f8:b6:ea:06:94:5c:42:0e:d5:98:1a:02:46:a2</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>SSH ECDSA Keys:</h3>
<table>
<thead>
@@ -1144,7 +1167,9 @@
<tr>
<td>whimsy-vm3</td>
<td>256 a1:e3:d1:b4:d7:f6:34:7a:43:e3:50:68:d4:e2:c0:03</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>SSH ED25519 Keys:</h3>
<table>
<thead>
@@ -1157,7 +1182,9 @@
<tr>
<td>home</td>
<td>256 79:04:05:a4:79:38:99:d8:f2:e9:49:a1:39:4b:78:bb</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h3>SSL Keys:</h3>
<table>
<thead>
@@ -1202,10 +1229,12 @@
<tr>
<td>people (home, sha1)</td>
<td>4a:d7:22:dd:04:42:04:36:57:d1:76:f9:c8:1a:ab:66:09:4d:42:23</td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h1>Monitoring</h1>
<p><a href="http://status.apache.org/">the public host & service status
-page</a></p>
+page</a> </p>
<h1>Colos</h1>
<ul>
<li>
@@ -1225,7 +1254,6 @@
<p>Y!: ....</p>
</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/gfm.html b/output/gfm.html
index 64f0483..6b7e261 100644
--- a/output/gfm.html
+++ b/output/gfm.html
@@ -85,16 +85,13 @@
</li>
<li>
<p>If your project previously built its site using the Apache CMS, here are some differences from <code>markdown.pl</code> that the CMS used:</p>
-<ul>
+</li>
<li>
<p><a href="https://github.github.com/gfm/#html-block">HTML Blocks</a></p>
<ul>
<li>Make sure the first line of any html block starts in column one.</li>
-<li>A blank line terminates an html block
-<ul>
+<li>A blank line terminates an html block</li>
<li><a href="https://github.github.com/gfm/#example-139">Exception</a> to this rule for <code>style</code>, <code>pre</code>, and <code>script</code>.</li>
-</ul>
-</li>
<li>Review <a href="https://github.github.com/gfm/#example-122">Markdown content within an HTML block</a></li>
</ul>
</li>
@@ -109,8 +106,6 @@
<li>
<p><a href="https://github.github.com/gfm/#disallowed-raw-html-extension-">Disallowed html</a> the tagfilter extension disables certain html tags. The asfgenid plugin reenables <code>script</code>, <code>style</code>, and <code>iframe</code> html tags.</p>
</li>
-</ul>
-</li>
<li>
<p><a href="https://sindresorhus.com/github-markdown-css/">Examples</a></p>
</li>
@@ -118,22 +113,25 @@
<p>ID and Class annotations</p>
</li>
</ul>
-<pre><code class="language-md">## What is the Apache Software Foundation? {#what}
+<div class="highlight"><pre><span></span><code><span class="gu">## What is the Apache Software Foundation? {#what}</span>
The Apache Software Foundation (ASF) is a non-profit 501(c)(3) corporation,
incorporated in Delaware, USA, in June of 1999. The ASF is a natural
outgrowth of The Apache Group, which formed in 1995 to develop the Apache HTTP Server.
-</code></pre>
+</code></pre></div>
+
<p>Set the class to display an image to <code>float-right</code>:</p>
-<pre><code class="language-md"> {.float-right}
-</code></pre>
+<div class="highlight"><pre><span></span><code>![<span class="nt">Logo</span>](<span class="na">images/logo.svg</span>) {.float-right}
+</code></pre></div>
+
<p>You can also float an HTML fragment at the right of the page display:</p>
-<pre><code class="language-html"><div class=".pull-right" style="float:right; border-style:dotted; width:200px; padding:5px; margin:5px">
+<div class="highlight"><pre><span></span><code><span class="p"><</span><span class="nt">div</span> <span class="na">class</span><span class="o">=</span><span class="s">".pull-right"</span> <span class="na">style</span><span class="o">=</span><span class="s">"float:right; border-style:dotted; width:200px; padding:5px; margin:5px"</span><span class="p">></span>
SEE INSTEAD: [Trademark Resources Site Map][resources].
-</div>
-</code></pre>
+<span class="p"></</span><span class="nt">div</span><span class="p">></span>
+</code></pre></div>
+
<ul>
<li>Migrating a site from the Apache CMS</li>
</ul>
@@ -145,7 +143,6 @@
<li>Only one {#id} or {.class} annotation is allowed on a tag.</li>
<li>{.class} annotations are seldom used.</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/gha-policy.html b/output/gha-policy.html
index 1a15258..a9eef7c 100644
--- a/output/gha-policy.html
+++ b/output/gha-policy.html
@@ -73,16 +73,15 @@
<h1>
Policy on use of GitHub Actions
</h1>
- <p>Due to misconfigurations in their builds, some projects have been using unsupportable numbers of <a href="github-actions-secrets.html">GitHub Actions</a>. As part of fixing this situation, Infra has established a policy for GitHub Actions use. This policy comes into effect on <strong>April 20, 2024</strong>:</p>
+ <p>Due to misconfigurations in their builds, some projects have been using unsupportable numbers of <a href="github-actions-secrets.html">GitHub Actions</a>. As part of fixing this situation, Infra has established a policy for GitHub Actions use. This policy comes into effect on <strong>April 20, 2024</strong>:</p>
<ul>
-<li>All workflows <strong>MUST</strong> have a job concurrency level less than or equal to 20. This means a workflow cannot have more than 20 jobs running at the same time across all matrices.</li>
-<li>All workflows <strong>SHOULD</strong> have a job concurrency level less than or equal to 15. Just because 20 is the max, doesn't mean you should strive for 20.</li>
-<li>Workflows <strong>MUST NOT</strong> use <code>pull_request_target</code> in a workflow without prior consent from Infra.</li>
-<li>The average number of minutes a project uses <em>per calendar week</em> <strong>MUST NOT</strong> exceed the equivalent of 25 full-time runners (250,000 minutes, or 4,200 hours).</li>
-<li>The average number of minutes a project uses <em>in any consecutive five-day period</em> <strong>MUST NOT</strong> exceed the equivalent of 30 full-time runners (216,000 minutes, or 3,600 hours).</li>
+<li>All workflows <strong>MUST</strong> have a job concurrency level less than or equal to 20. This means a workflow cannot have more than 20 jobs running at the same time across all matrices.</li>
+<li>All workflows <strong>SHOULD</strong> have a job concurrency level less than or equal to 15. Just because 20 is the max, doesn't mean you should strive for 20.</li>
+<li>Workflows <strong>MUST NOT</strong> use <code>pull_request_target</code> in a workflow without prior consent from Infra.</li>
+<li>The average number of minutes a project uses <em>per calendar week</em> <strong>MUST NOT</strong> exceed the equivalent of 25 full-time runners (250,000 minutes, or 4,200 hours).</li>
+<li>The average number of minutes a project uses <em>in any consecutive five-day period</em> <strong>MUST NOT</strong> exceed the equivalent of 30 full-time runners (216,000 minutes, or 3,600 hours).</li>
</ul>
<p>Projects whose builds consistently cross the maximum use limits will lose their access to GitHub Actions until they fix their build configurations.</p>
-
</div>
</div>
</div>
diff --git a/output/git-primer.html b/output/git-primer.html
index 779cdfc..10669fc 100644
--- a/output/git-primer.html
+++ b/output/git-primer.html
@@ -76,8 +76,7 @@
<p>This document is a primer on using Git for an Apache Software Foundation project.</p>
<h2>Contents</h2>
<ul>
-<li><a href="#repotypes">Repository types</a>
-<ul>
+<li><a href="#repotypes">Repository types</a><ul>
<li><a href="#publicprivate">Public and private repositories</a></li>
</ul>
</li>
@@ -89,6 +88,7 @@
<li><a href="#further">Further reading</a></li>
</ul>
<h2 id="repotypes">Repository types<a class="headerlink" href="#repotypes" title="Permanent link">¶</a></h2>
+
<p>There are two forms of Git repositories:</p>
<ol>
<li>Read-only mirrors hosted at <code>https://git.apache.org</code></li>
@@ -96,7 +96,8 @@
</ol>
<p>This document is chiefly about the read/write repositories.</p>
<h3 id="publicprivate">Public and private repositories<a class="headerlink" href="#publicprivate" title="Permanent link">¶</a></h3>
-<p>Projects can set up as many <strong>public repositories</strong> as their development work requires, using <a href="https://selfserve.apache.org/" target="_blank">SelfServe</a>.</p>
+
+<p>Projects can set up as many <strong>public repositories</strong> as their development work requires, using <a href="https://selfserve.apache.org/" target="_blank">SelfServe</a>. </p>
<p>Each project can also have a <strong>private repository</strong> space for working on sensitive issues such as:</p>
<ul>
<li>security patches</li>
@@ -105,43 +106,52 @@
</ul>
<p>The private repository is <strong>not</strong> for uses such as project code development not related to a security issue.</p>
<p>See the <a href="project-repo-policy.html">Project Code Repository Policy</a> for further details.</p>
-<p>Open a Jira ticket for Infra to request a private repository.</p>
+<p>Open a Jira ticket for Infra to request a private repository. </p>
<h2 id="repocheckout">Repository checkout<a class="headerlink" href="#repocheckout" title="Permanent link">¶</a></h2>
+
<p>The repository URLs are all of the form:</p>
-<pre><code>https://gitbox.apache.org/repos/asf/reponame.git
-</code></pre>
+<div class="highlight"><pre><span></span><code>https://gitbox.apache.org/repos/asf/reponame.git
+</code></pre></div>
+
<h3>Cloning a repository</h3>
<ul>
<li><strong>Committers</strong>: <code>$ git clone https://gitbox.apache.org/repos/asf/reponame.git</code></li>
<li><strong>Non-Committers</strong>: <code>$ git clone http://gitbox.apache.org/repos/asf/reponame.git</code></li>
</ul>
<h2 id="committers">Committers: getting started<a class="headerlink" href="#committers" title="Permanent link">¶</a></h2>
+
<p>Set up your name and email that Git will use when you make commits:</p>
-<pre><code>$ git config --global user.name "My Name Here"
-$ git config --global user.email myusername@apache.org
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>git<span class="w"> </span>config<span class="w"> </span>--global<span class="w"> </span>user.name<span class="w"> </span><span class="s2">"My Name Here"</span>
+$<span class="w"> </span>git<span class="w"> </span>config<span class="w"> </span>--global<span class="w"> </span>user.email<span class="w"> </span>myusername@apache.org
+</code></pre></div>
+
<p>If you're a long-time GitHub user you can set these configuration variables on a per-repository basis:</p>
-<pre><code>$ git config user.name "My Name Here"
-$ git config user.email myusername@apache.org
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>git<span class="w"> </span>config<span class="w"> </span>user.name<span class="w"> </span><span class="s2">"My Name Here"</span>
+$<span class="w"> </span>git<span class="w"> </span>config<span class="w"> </span>user.email<span class="w"> </span>myusername@apache.org
+</code></pre></div>
+
<p>You can also add your <code>apache.org</code> email address to your GitHub account so that the Apache mirrors on GitHub link to your Gravatar and user account.</p>
<p>To push to a repository you need to authenticate. More recent versions of Git prompt for a user name and password, and in some cases will cache the credentials in your operating system's default credential store.</p>
<p>On Mac OS X, you need to have <code>git-credential-osxkeychain</code> installed, and to set the following configuration:</p>
-<pre><code>$ git config --global credential.helper osxkeychain
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>git<span class="w"> </span>config<span class="w"> </span>--global<span class="w"> </span>credential.helper<span class="w"> </span>osxkeychain
+</code></pre></div>
+
<p>If you do not see an authentication prompt, you need to set up a <code>~/.netrc</code> file that contains your user credentials:</p>
-<pre><code>$ (umask 0277; cat >> ~/.netrc <<EOF)
-machine gitbox.apache.org
-login username
-password mypassword
-EOF
-chmod 0600 ~/.netrc
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="o">(</span><span class="nb">umask</span><span class="w"> </span><span class="m">0277</span><span class="p">;</span><span class="w"> </span>cat<span class="w"> </span>>><span class="w"> </span>~/.netrc<span class="w"> </span><span class="s"><<EOF)</span>
+<span class="s">machine gitbox.apache.org</span>
+<span class="s">login username</span>
+<span class="s">password mypassword</span>
+<span class="s">EOF</span>
+chmod<span class="w"> </span><span class="m">0600</span><span class="w"> </span>~/.netrc
+</code></pre></div>
+
<p>You can list your user name in the Git repository URL, but this requires that you provide your password for every fetch and push. You can simplify this step by cloning a URL like:</p>
-<pre><code>$ git clone https://username@gitbox.apache.org/repos/asf/reponame.git
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>git<span class="w"> </span>clone<span class="w"> </span>https://username@gitbox.apache.org/repos/asf/reponame.git
+</code></pre></div>
+
<p>While it's <em>possible</em> to list your password in the URL, we discourage this practice as it leaves your password in plain text in the shell history.</p>
<h2 id="windowsusers">Windows users<a class="headerlink" href="#windowsusers" title="Permanent link">¶</a></h2>
+
<p>You can use <code>git-gui</code> as part of the <code>msysgit</code> package.</p>
<p>Instead of setting up a <code>~/.netrc</code> file you need to:</p>
<ol>
@@ -149,28 +159,32 @@
<li>Create a <code>_netrc</code> file in <code>%HOME%_netrc</code> with this text all on one line: <code>machine gitbox.apache.org login username password mypassword</code></li>
</ol>
<h2 id="lineendings">Line endings<a class="headerlink" href="#lineendings" title="Permanent link">¶</a></h2>
+
<p>In general, you should normalize line endings in the Git repository and set them to be platform specific on checkout.</p>
<ul>
-<li>The <code>msysgit</code> installer on <strong>Windows</strong> will prompt you to set the <code>core.autocrlf</code> setting to <code>true</code> by default.</li>
+<li>The <code>msysgit</code> installer on <strong>Windows</strong> will prompt you to set the <code>core.autocrlf</code> setting to <code>true</code> by default. </li>
<li>On <strong>Mac OS X or Linux</strong>, use this setting: <code>$ git config --global core.autocrlf input</code></li>
</ul>
<p>Further details and attributes for handling line endings differently per file type are available at <a href="https://help.github.com/en/github/using-git/configuring-git-to-handle-line-endings" target="_blank">Configuring Git to handle line endings</a>.</p>
<h2 id="trouble">Troubleshooting<a class="headerlink" href="#trouble" title="Permanent link">¶</a></h2>
+
<h4>no DAV locking</h4>
<p>If you get an error like this:</p>
-<pre><code>error: no DAV locking support on http://gitbox.apache.org/repos/asf/reponame.git/
-fatal: git-http-push failed
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">error</span><span class="o">:</span><span class="w"> </span><span class="n">no</span><span class="w"> </span><span class="n">DAV</span><span class="w"> </span><span class="n">locking</span><span class="w"> </span><span class="n">support</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="n">http</span><span class="o">://</span><span class="n">gitbox</span><span class="o">.</span><span class="na">apache</span><span class="o">.</span><span class="na">org</span><span class="sr">/repos/asf/reponame.git/</span>
+<span class="n">fatal</span><span class="o">:</span><span class="w"> </span><span class="n">git</span><span class="o">-</span><span class="n">http</span><span class="o">-</span><span class="n">push</span><span class="w"> </span><span class="n">failed</span>
+</code></pre></div>
+
<p>It means that you're trying to push over <strong>HTTP</strong>, which is disabled. To fix this error change the remote repository URL to use <strong>HTTPS</strong>. You can edit the <code>.git/config</code> file to update the URL variable, or use:</p>
-<pre><code>$ git config remote.origin.url https://gitbox.apache.org/repos/asf/reponame.git
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>git<span class="w"> </span>config<span class="w"> </span>remote.origin.url<span class="w"> </span>https://gitbox.apache.org/repos/asf/reponame.git
+</code></pre></div>
+
<h2 id="further">Further reading<a class="headerlink" href="#further" title="Permanent link">¶</a></h2>
+
<ul>
<li><a href="https://lab.github.com/" target="_blank">GitHub Learning Lab</a></li>
<li><a href="https://github.github.com/training-kit/" target="_blank">Git Cheat Sheets</a></li>
<li><a href="github-roles.html">GitHub roles</a></li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/git.html b/output/git.html
index 94d79c2..884bd2c 100644
--- a/output/git.html
+++ b/output/git.html
@@ -75,7 +75,8 @@
</h1>
<p>The Apache Software Foundation projects use <a href="https://subversion.apache.org/" target="_blank">Subversion</a> (SVN) or <a href="https://git-scm.com/" target="_blank">Git</a> for <a href="version-control.html">version control</a> of their software and documentation assets. This page is about <em>read-only</em> Git mirrors of Apache SVN codebases. <a href="project-repo-policy.html">Writable Git repositories</a> are also available.</p>
<h2 id="git-mirrors">Read-only Git mirrors<a class="headerlink" href="#git-mirrors" title="Permanent link">¶</a></h2>
-<p>We maintain read-only Git mirrors of many Apache codebases at <a href="https://git.apache.org/" target="_blank"><a href="https://git.apache.org/">https://git.apache.org/</a></a>. These mirrors contain the full version histories (including all branches and tags) of the mirrored codebases and are updated in near real time based on the latest svn commits.</p>
+
+<p>We maintain read-only Git mirrors of many Apache codebases at <a href="https://git.apache.org/" target="_blank">https://git.apache.org/</a>. These mirrors contain the full version histories (including all branches and tags) of the mirrored codebases and are updated in near real time based on the latest svn commits.</p>
<p>You can clone the mirrors or download them using both the Git and HTTP protocols. Less frequently updated copies of the
mirrors are also available on GitHub.</p>
<p>Please file an <a href="https://issues.apache.org/jira/browse/INFRA" target="_blank">INFRA</a> ticket (component: Git) to request a new codebase to be mirrored or to change the settings of an existing mirror. When requesting a new mirror, please include the following information:</p>
@@ -83,9 +84,10 @@
<li>Name of the codebase, for example "Apache Tika"</li>
<li>Name of the requested Git mirror, for example "tika.git"</li>
<li>Subversion path of the codebase, for example "/lucene/tika"
-= Subversion layout, in case it is different from the standard "trunk, branches, tags" structure.</li>
+ = Subversion layout, in case it is different from the standard "trunk, branches, tags" structure.</li>
</ul>
<h2 id="workflow">Workflow<a class="headerlink" href="#workflow" title="Permanent link">¶</a></h2>
+
<p>Here is how to use Git with an Apache codebase. This workflow is mainly targeted to contributors who don't already have commit
access to a project.</p>
<p>Once you have cloned or pulled the latest changes to your local Git repository of an Apache codebase, you can start working on it. Whenever you make some changes to the codebase, it's good to have a related issue filed in the issue tracker of the project and to use a similarly named branch in your Git repository. For example, to create a branch for an issue with the key <code>TIKA-123</code>:</p>
@@ -97,9 +99,8 @@
<p><code>git commit</code></p>
<p>Once you're ready to share your changes with the rest of the project team, you can use the git <code>format-patch</code> command to produce a nice set of patches to attach to the relevant issue:</p>
<p><code>git format-patch origin/trunk</code></p>
-<p>The sooner you share your work, the better.</p>
+<p>The sooner you share your work, the better. </p>
<p>You can repeat the steps of this workflow as often as you like, producing more patches to be attached to the issue tracker. Once some of your patches are accepted and committed to svn, you can rebase your work against the latest trunk. Alternatively, if you're asked to make some changes, you can go back to the original Git commit and modify it until the project team accepts your changes.</p>
-
</div>
</div>
</div>
diff --git a/output/github-actions-policy.html b/output/github-actions-policy.html
index 96aa049..85509fe 100644
--- a/output/github-actions-policy.html
+++ b/output/github-actions-policy.html
@@ -76,12 +76,12 @@
<p>This page documents the policies for using <a href="github-actions-secrets.html">GitHub Actions</a> at the Apache Software Foundation.</p>
<p>For details on the use of requirement level terms, see the <a href="https://www.ietf.org/rfc/rfc2119.txt" target="_blank">requirements levels</a> standard.</p>
<h3>Resource use</h3>
-<p>Due to misconfigurations in their builds, some projects have been using unsupportable numbers of <a href="github-actions-secrets.html">GitHub Actions</a>. As part of fixing this situation, Infra has established a policy for GitHub Actions use. This section of the policy comes into effect on <strong>April 20, 2024</strong>:</p>
+<p>Due to misconfigurations in their builds, some projects have been using unsupportable numbers of <a href="github-actions-secrets.html">GitHub Actions</a>. As part of fixing this situation, Infra has established a policy for GitHub Actions use. This section of the policy comes into effect on <strong>April 20, 2024</strong>:</p>
<ul>
-<li>All workflows <strong>MUST</strong> have a job concurrency level less than or equal to 20. This means a workflow cannot have more than 20 jobs running at the same time across all matrices.</li>
-<li>All workflows <strong>SHOULD</strong> have a job concurrency level less than or equal to 15. Just because 20 is the max, doesn't mean you should strive for 20.</li>
-<li>The average number of minutes a project uses <em>per calendar week</em> <strong>MUST NOT</strong> exceed the equivalent of 25 full-time runners (250,000 minutes, or 4,200 hours).</li>
-<li>The average number of minutes a project uses <em>in any consecutive five-day period</em> <strong>MUST NOT</strong> exceed the equivalent of 30 full-time runners (216,000 minutes, or 3,600 hours).</li>
+<li>All workflows <strong>MUST</strong> have a job concurrency level less than or equal to 20. This means a workflow cannot have more than 20 jobs running at the same time across all matrices.</li>
+<li>All workflows <strong>SHOULD</strong> have a job concurrency level less than or equal to 15. Just because 20 is the max, doesn't mean you should strive for 20.</li>
+<li>The average number of minutes a project uses <em>per calendar week</em> <strong>MUST NOT</strong> exceed the equivalent of 25 full-time runners (250,000 minutes, or 4,200 hours).</li>
+<li>The average number of minutes a project uses <em>in any consecutive five-day period</em> <strong>MUST NOT</strong> exceed the equivalent of 30 full-time runners (216,000 minutes, or 3,600 hours).</li>
</ul>
<p>Projects whose builds consistently cross the maximum use limits will lose their access to GitHub Actions until they fix their build configurations.</p>
<h3>Triggers</h3>
@@ -96,11 +96,10 @@
<p>Automated services such as GitHub Actions (and Jenkins, BuildBot, etc.) <strong>MAY</strong> work on website content and other non-released data such as documentation and convenience binaries.
Automated services <strong>MUST NOT</strong> push data to a repository or branch that is subject to official release as a software package by the project, <strong>unless</strong> the project secures specific prior authorization of the workflow from Infrastructure.</p>
<h3>Non-committer contributors and GitHub Actions</h3>
-<p>GitHub provides an option to allow a non-committer contributor to use GitHub Actions if a previous pull request by that person has been approved. This raises security concerns, and could cause issues with overall use of GitHub Actions.</p>
-<p>The default for this option is to “always require approval for external contributors”.</p>
-<p>Projects that have a strong desire to use the “only require approval first time” option should communicate that, explaining their reasons, in a Jira ticket for Infra.</p>
+<p>GitHub provides an option to allow a non-committer contributor to use GitHub Actions if a previous pull request by that person has been approved. This raises security concerns, and could cause issues with overall use of GitHub Actions. </p>
+<p>The default for this option is to “always require approval for external contributors”.</p>
+<p>Projects that have a strong desire to use the “only require approval first time” option should communicate that, explaining their reasons, in a Jira ticket for Infra.</p>
<p>Projects will be allowed to continue using the "only require approval first time" feature, provided they affirm that they will actively monitor their workflows for abuse and act accordingly. Failure to do so may result in the workflow settings being switched back to "always require approval for external contributors".</p>
-
</div>
</div>
</div>
diff --git a/output/github-actions-secrets.html b/output/github-actions-secrets.html
index 22e6c54..c045ca7 100644
--- a/output/github-actions-secrets.html
+++ b/output/github-actions-secrets.html
@@ -75,7 +75,7 @@
</h1>
<p><strong>Notice</strong>: December 27, 2020: We only allow Actions that are official "Made by GitHub" or local to the Apache org on GitHub, to address a potential security vulnerability. This is an incident-related policy change. We are researching the situation, and the policy may evolve based on what we learn.</p>
<p><strong>GitHub <a href="https://help.github.com/en/actions/getting-started-with-github-actions/about-github-actions" target="_blank">Actions</a></strong> help you automate your software development workflows in the same place you store code and collaborate on pull requests and issues. You can write individual tasks, called actions, and combine them to create a custom workflow. Workflows are custom automated processes that you can set up in your repository to build, test, package, release, or deploy any code project on GitHub.</p>
-<p><em><strong>A note on testing</strong></em>: Some projects would like to use GitHub Actions for complex processes, such as automating their tests of software builds.</p>
+<p><strong><em>A note on testing</em></strong>: Some projects would like to use GitHub Actions for complex processes, such as automating their tests of software builds. </p>
<p>The <em>time</em> runners are in use (measured in minutes) is unlimited for public repositories so how long a test takes isn't the issue. The issue is tying up limited 'runners' (nodes) while those minutes are running. Apache has 180 runners for over 1200 repositories, so the concern would be how many runners the test requires, which are then unavailable to other projects for the duration of the test. Out of those 180 runners, only 50 Mac OS runners can be in use at one time for all ASF projects.</p>
<p>The ASF maxes out its runner allocation quite often, so a project needs to plan carefully to make best use of them for everyone's sake. For example, it would be important not to trigger a full release test with a pull request that is correcting a typo on one page in one module.</p>
<p><strong>Evolving knowledge</strong></p>
@@ -99,12 +99,11 @@
Additionally, in DockerHub, an 'arrow-dev' repository was created and the DockerHub 'jenkins' team (containing the DockerHub 'DOCKERHUB_USER' user) was given admin access.</p>
<h4>GitHub Actions</h4>
<p>Using Apache Arrow again as an example, the tokens above can be called using this code:</p>
-<pre><code>run: |
-docker login -u ${{ secrets.DOCKERHUB_USER }} \
--p ${{ secrets.DOCKERHUB_TOKEN }}
-docker-compose push ...
-</code></pre>
-
+<div class="highlight"><pre><span></span><code>run:<span class="w"> </span>|
+docker<span class="w"> </span>login<span class="w"> </span>-u<span class="w"> </span><span class="cp">${</span><span class="p">{</span> <span class="n">secrets</span><span class="o">.</span><span class="n">DOCKERHUB_USER</span> <span class="cp">}</span>}<span class="w"> </span>\
+-p<span class="w"> </span><span class="cp">${</span><span class="p">{</span> <span class="n">secrets</span><span class="o">.</span><span class="n">DOCKERHUB_TOKEN</span> <span class="cp">}</span>}
+docker-compose<span class="w"> </span>push<span class="w"> </span>...
+</code></pre></div>
</div>
</div>
</div>
diff --git a/output/github-pages.html b/output/github-pages.html
index dbe30ff..eb60ace 100644
--- a/output/github-pages.html
+++ b/output/github-pages.html
@@ -73,7 +73,7 @@
<h1>
GitHub Pages for projects
</h1>
- <p>Projects with a Git repository can use <a href="https://pages.github.com/" target="_blank">GitHub Pages</a> (gh-pages) to host and deploy the project website.</p>
+ <p>Projects with a Git repository can use <a href="https://pages.github.com/" target="_blank">GitHub Pages</a> (gh-pages) to host and deploy the project website. </p>
<h3>Using gh-pages for staging a website, product preview, or documentation</h3>
<p>Projects can use GitHub and gh-pages for staging a website for review and improvement before publishing it to TLP servers.</p>
<p>See <a href="https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-GitHubPages" target="_blank">this section on the Infra wiki page about asf.yaml</a> for how to enable gh-pages for your Git repository.</p>
@@ -86,7 +86,6 @@
<h3>Using gh-pages for the project website</h3>
<p>Projects are welcome to use GitHub for their source code, and to generate (or collect) website pages host and display them at GitHub instead of using the ASF TLP servers.</p>
<p>See <a href="https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-GitHubPages">this section on the Infra wiki page about asf.yaml</a> for how to enable gh-pages for your Git repository. Then prepare and review your website. When you are happy with its look and functions, change the DNS to point to the site on GitHub.</p>
-
</div>
</div>
</div>
diff --git a/output/github-roles.html b/output/github-roles.html
index d683f3e..07b4b7c 100644
--- a/output/github-roles.html
+++ b/output/github-roles.html
@@ -81,8 +81,8 @@
</ul>
<p>See <a href="https://docs.github.com/en/articles/managing-access-to-your-organizations-repositories" target="_blank">Managing access to your organization's repositories'</a>.</p>
<h3>Triage</h3>
-<p>As of September, 2020 Apache projects can assign the GitHub <em>triage</em> role to PMC members, committers, and others with a vote link, to help with management of their code repository.</p>
-<p>A person with the triage role can</p>
+<p>As of September, 2020 Apache projects can assign the GitHub <em>triage</em> role to PMC members, committers, and others with a vote link, to help with management of their code repository. </p>
+<p>A person with the triage role can </p>
<ul>
<li>apply labels to code</li>
<li>close, reopen, and assign issues and pull requests</li>
@@ -92,7 +92,6 @@
</ul>
<p>Git recommends the role "for contributors who need to proactively manage issues and pull requests without write access." It is a good role for people who are interested in supporting and contributing to the project, but who are not ready to be Committers.</p>
<p>Read more at <a href="https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization" target="_blank">Permission levels for repositories</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/glossary.html b/output/glossary.html
index 6840a60..155b754 100644
--- a/output/glossary.html
+++ b/output/glossary.html
@@ -83,7 +83,6 @@
<li><strong>RTC</strong> - "review, then commit" - explanation coming</li>
<li><strong>signature</strong> - definition coming</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/gradle.html b/output/gradle.html
index 4c68b0f..dab7191 100644
--- a/output/gradle.html
+++ b/output/gradle.html
@@ -75,14 +75,13 @@
</h1>
<p>Gradle, a longtime a leader in developer productivity and build analytics, has become a platinum-level sponsor of the ASF. The ASF instance of Gradle Develocity is at <a href="https://ge.apache.org" target="_blank">ge.apache.org</a>.</p>
<p>Gradle provides <strong>Develocity</strong> (formerely Gradle Enterprise), a suite of acceleration and analytics technologies for CI/CD systems to help projects identify and analyze trends while optimizing build resources. The result is faster builds, with fewer failures,</p>
-<p>Develocity scans, ingests, and caches build data, which it then analyzes. It displays the results in an an easy-to-use interface where project members can identify bottlenecks and roadblocks. Projects can also leverage cached results to ensure that only changes in each new build are tested. This approach results in faster feedback and less use of build resources.</p>
+<p>Develocity scans, ingests, and caches build data, which it then analyzes. It displays the results in an an easy-to-use interface where project members can identify bottlenecks and roadblocks. Projects can also leverage cached results to ensure that only changes in each new build are tested. This approach results in faster feedback and less use of build resources. </p>
<h3>Integrating Develocity into project builds</h3>
-<p>See <a href="https://cwiki.apache.org/confluence/display/INFRA/Project+Onboarding+Instructions+for+Develocity" target="_blank">Project Onboarding Instructions for Develocity</a>.</p>
+<p>See <a href="https://cwiki.apache.org/confluence/display/INFRA/Project+Onboarding+Instructions+for+Develocity" target="_blank">Project Onboarding Instructions for Develocity</a>. </p>
<p>If your project runs into difficulties or has questions, open a Jira ticket for Infra. If we can't help with your issue ourselves, we can draw on the ASF's community of Gradle users.</p>
<p>Once a project has integrated Develocity into their build process, scans of each new build are sent to the instance at ge.apache.org. Project members can review the build scan dashboard for graphic analysis.</p>
<h3>Impact</h3>
<p>We hope that, with increased insight into build processes, projects will see build time savings across all jobs, reducing queue times and driving down time spent building serially or dealing with build failures.</p>
-
</div>
</div>
</div>
diff --git a/output/hosting-external-agent.html b/output/hosting-external-agent.html
index fc1c733..f7de5cd 100644
--- a/output/hosting-external-agent.html
+++ b/output/hosting-external-agent.html
@@ -74,19 +74,16 @@
Host a Jenkins or Buildbot agent
</h1>
<p>Individuals and organizations can support the work of the ASF and its projects by hosting Jenkins or Buildbot agents on virtual machines in their own systems. Donors often provide this service to make available extra build resources for a project that needs more than Infra can easily provide.</p>
-<p><strong>Notes</strong></p>
-<ul>
-<li>Ubuntu is a core supported OS at the ASF and we do not need any external hosting by individuals at this time.</li>
-<li>Organizations wanting to donate multiple VMs for Jenkins and/or Buildbot use should email <code>private@infra.apache.org</code> to start discussions.</li>
-</ul>
+<p><strong>Notes</strong>
+ - Ubuntu is a core supported OS at the ASF and we do not need any external hosting by individuals at this time.
+ - Organizations wanting to donate multiple VMs for Jenkins and/or Buildbot use should email <code>private@infra.apache.org</code> to start discussions.</p>
<h2>Getting ready to host</h2>
<p>There are a few things you'll need to know and to adhere to.</p>
<ul>
<li>Keep up to date with security patches etc,, the obvious stuff; we may want to be added to root alias for security reporting etc.</li>
-<li>Spec requirements:
-<ul>
+<li>Spec requirements: <ul>
<li>minimum 16GB RAM</li>
-<li>500GB Hard disk</li>
+<li>500GB Hard disk </li>
<li>A permanent static IP address</li>
</ul>
</li>
@@ -103,7 +100,6 @@
<li>Create a Jenkins user and group using /home/jenkins.</li>
<li>Add the Jenkins ssh public key into the users' <code>~/.ssh/authorized</code> keys.</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/how-to-mirror.html b/output/how-to-mirror.html
index e458d03..4f320b2 100644
--- a/output/how-to-mirror.html
+++ b/output/how-to-mirror.html
@@ -74,7 +74,7 @@
How to mirror ASF software releases locally
</h1>
<p><strong>NOTE - as of August, 2021, the ASF itself is not accepting further mirror site applications.</strong></p>
-<p>Organizations may wish to create a download mirror that includes the releases of most or all of the Apache Software Foundation's projects. You may mirror either the full distributions tree, or a reduced tree that excludes a few very resource-intensive (disk-wise and bandwidth-wise) projects (see <a href="#techniques">Mirroring techniques</a>).</p>
+<p>Organizations may wish to create a download mirror that includes the releases of most or all of the Apache Software Foundation's projects. You may mirror either the full distributions tree, or a reduced tree that excludes a few very resource-intensive (disk-wise and bandwidth-wise) projects (see <a href="#techniques">Mirroring techniques</a>). </p>
<p>Here is how to set up such a mirror.</p>
<ul>
<li><a href="#requirements">Requirements</a></li>
@@ -85,34 +85,38 @@
<li><a href="#questions">Questions?</a></li>
</ul>
<h2 id="requirements">Requirements<a class="headerlink" href="#requirements" title="Permanent link">¶</a></h2>
+
<p>Hosting a mirror has a few requirements:</p>
<ul>
<li>You should have at least 150 GB of available disk space. The current distribution directory is around 110 GB, but it is constantly expanding.</li>
<li>You should not trim or abridge the mirrored tree in any way.</li>
<li>You should not modify the mirrored tree in any way. In particular, you should not alter or remove HEADER.html or README.html files. See below for adding information about the mirror host.</li>
</ul>
-<p>We encourage you to</p>
+<p>We encourage you to </p>
<ul>
<li>do an <strong>update-check</strong> at least four times a day a day. You may sync a maximum of six times per day, but only if you have a slow or poor connection that causes timeouts.</li>
<li>run the <a href="https://httpd.apache.org/" target="_blank">Apache HTTP Server</a> version 2.2 or later and use the following configuration for your web mirror to allow all the features of our download site to function optimally:</li>
</ul>
-<pre><code><Directory /path/to/mirror>
- IndexOptions FancyIndexing NameWidth=* FoldersFirst ScanHTMLTitles DescriptionWidth=*
- HeaderName HEADER.html
- ReadmeName README.html
- AllowOverride FileInfo Indexes
- Options Indexes SymLinksIfOwnerMatch FollowSymLinks
- ErrorDocument 404 default
-</Directory>
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="nt"><Directory</span><span class="w"> </span><span class="err">/path/to/mirror</span><span class="nt">></span>
+<span class="w"> </span>IndexOptions<span class="w"> </span>FancyIndexing<span class="w"> </span>NameWidth=*<span class="w"> </span>FoldersFirst<span class="w"> </span>ScanHTMLTitles<span class="w"> </span>DescriptionWidth=*
+<span class="w"> </span>HeaderName<span class="w"> </span>HEADER.html
+<span class="w"> </span>ReadmeName<span class="w"> </span>README.html
+<span class="w"> </span>AllowOverride<span class="w"> </span>FileInfo<span class="w"> </span>Indexes
+<span class="w"> </span>Options<span class="w"> </span>Indexes<span class="w"> </span>SymLinksIfOwnerMatch<span class="w"> </span>FollowSymLinks
+<span class="w"> </span>ErrorDocument<span class="w"> </span>404<span class="w"> </span>default
+<span class="nt"></Directory></span>
+</code></pre></div>
+
<p><strong>Note</strong> that our HEADER.html files do not contain the HTML preamble, so it is important <strong>not</strong> to enable the <code>SuppressHTMLPreamble</code> option.</p>
<p>Make sure that the server does not send a <code>Content-Encoding</code> header for any of the compressed archives. The hashes and signatures used to check downloads are created for the compressed archives so it is vital that the browser is not told to decompress them. For example, <code>.tar.gz</code> and <code>.tgz</code> files are compressed TAR files. They should have a suitable Content-Type - e.g. <code>application/x-gzip</code> - but no <code>Content-Encoding</code> should be sent. If the server incorrectly sends <code>Content-Encoding: x-gzip</code> (for example), many browsers will automatically decompress the response. This produces a TAR file which will not verify when checked against the hashes or sigs.</p>
<h2 id="techniques">Mirroring techniques<a class="headerlink" href="#techniques" title="Permanent link">¶</a></h2>
+
<h3>Updating</h3>
<p>We only support <a href="https://rsync.samba.org/" target="_blank">rsync</a> for updating mirrors.</p>
<p>Update your mirror with:</p>
-<pre><code>rsync -avz --delete --safe-links rsync.apache.org::apache-dist /path/to/mirror
-</code></pre>
+<div class="highlight"><pre><span></span><code>rsync -avz --delete --safe-links rsync.apache.org::apache-dist /path/to/mirror
+</code></pre></div>
+
<ul>
<li>Don't rsync "on the hour" (<code>cronjob minute 0</code>). Pick a random minute between 5 and 55. Never run cronjobs at minute 0 unless the nature of the job requires it.</li>
<li>Run the job four times a day; no more than six times a day in any case.</li>
@@ -122,19 +126,22 @@
<p>To exclude resource-intensive projects, replace <code>::apache-dist</code> with <code>::apache-dist-most</code>. Do not use <code>--exclude</code>.</p>
<h3>Directory permissions</h3>
<p>If there is a problem with file/directory permissions, make sure you use a proper umask in your cronjob:</p>
-<pre><code>umask 022 ; rsync ...
-</code></pre>
+<div class="highlight"><pre><span></span><code>umask 022 ; rsync ...
+</code></pre></div>
+
<h3>Excluded file types</h3>
<p>Private mirrors of ASF downloads cannot host the following file types:</p>
-<pre><code>exclude => ['/tmp/', '*.md5', '*.MD5', '*.sha1', '*.sha',
- '*.sha256', '*.sha512', '*.asc', 'MD5SUM', 'SHA*SUM*',
- '*.mds', '*.sha2', '*.sha3', 'META',
- '*.sig', '*.KEYS', 'KEYS', 'KEYS.txt',
- '.svn/', '/.rsync.td/',
- '/openoffice',
- '/zzz/rsync-module/apache-dist', '.revision'],
-</code></pre>
+<div class="highlight"><pre><span></span><code>exclude => ['/tmp/', '*.md5', '*.MD5', '*.sha1', '*.sha',
+ '*.sha256', '*.sha512', '*.asc', 'MD5SUM', 'SHA*SUM*',
+ '*.mds', '*.sha2', '*.sha3', 'META',
+ '*.sig', '*.KEYS', 'KEYS', 'KEYS.txt',
+ '.svn/', '/.rsync.td/',
+ '/openoffice',
+ '/zzz/rsync-module/apache-dist', '.revision'],
+</code></pre></div>
+
<h2 id="sponsorinfo">Mirror host information<a class="headerlink" href="#sponsorinfo" title="Permanent link">¶</a></h2>
+
<p>Here is how to add information explaining who is hosting the private download mirror:</p>
<ol>
<li>Edit the file <code>/local/path/to/mirror/README.html</code></li>
@@ -142,26 +149,29 @@
</ol>
<p>The contents of README.html appear near the bottom of your mirror's home page.</p>
<ul>
-<li>Only customize the home-page (top-level) README.html. Do not change any other README.html files.</li>
+<li>Only customize the home-page (top-level) README.html. Do not change any other README.html files. </li>
<li>Don't omit the '/' in <code>"/README.html"</code>.</li>
</ul>
<p>Please limit the contents of the README.html to something like:</p>
-<pre><code>This mirror is donated by www.domain.com [url] to support the Apache open source community.
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">This</span><span class="w"> </span><span class="n">mirror</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">donated</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="n">www</span><span class="p">.</span><span class="k">domain</span><span class="p">.</span><span class="n">com</span><span class="w"> </span><span class="o">[</span><span class="n">url</span><span class="o">]</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">support</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">Apache</span><span class="w"> </span><span class="k">open</span><span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="n">community</span><span class="p">.</span>
+</code></pre></div>
+
<p>Search engines interpret referring to specific services or products as <em>PageRank manipulation</em>. This could hurt your site's ranking.</p>
<h2 id="testing">Testing your mirror<a class="headerlink" href="#testing" title="Permanent link">¶</a></h2>
+
<p>If your mirror is not working properly, check the following:</p>
<ul>
<li>Page headers and footers display correctly.</li>
<li>All top-level directories and files on the ASF mirror are present on your mirror.</li>
-<li>Download a couple of files to check that the process works.</li>
+<li>Download a couple of files to check that the process works. </li>
<li>Trying to download a missing file should generate a <code>404 Not Found</code> error. You can verify this by modifying one of the valid URLs that you tested above.</li>
</ul>
<h2 id="verifying">Verifying the download<a class="headerlink" href="#verifying" title="Permanent link">¶</a></h2>
+
<p>If you want to verify that the download is a true mirror of what the ASF project posted, using KEYS and signatures, THIS INFORMATION IS COMING.</p>
<h2 id="questions">Questions?<a class="headerlink" href="#questions" title="Permanent link">¶</a></h2>
-<p>If you have any questions, contact us at <code>users@infra.apache.org</code>.</p>
+<p>If you have any questions, contact us at <code>users@infra.apache.org</code>.</p>
</div>
</div>
</div>
diff --git a/output/infra-ban.html b/output/infra-ban.html
index f909575..696f306 100644
--- a/output/infra-ban.html
+++ b/output/infra-ban.html
@@ -74,7 +74,7 @@
Site-wide ban policy
</h1>
<h2>Policy</h2>
-<p>The Apache Software Foundation provides a robust and extensive system for serving the needs of the Foundation, of our projects as they create and deploy product releases, and of people all around the world who wish to download and use those products. These services are free of charge; but we offer them with the assumption that everyone uses them appropriately.</p>
+<p>The Apache Software Foundation provides a robust and extensive system for serving the needs of the Foundation, of our projects as they create and deploy product releases, and of people all around the world who wish to download and use those products. These services are free of charge; but we offer them with the assumption that everyone uses them appropriately. </p>
<p>If you abuse the system by overloading it in one way or another, you make it harder for others to do what they need to do. The Infrastructure team will take steps to prevent abuse and restore normal access to all who rely on the ASF.</p>
<h3>PMCs and committers</h3>
<p>Projects misusing ASF resources may see their access to those resources suspended without warning. Examples of misuse include:</p>
@@ -103,7 +103,6 @@
<li>More than 2,500 code <code>429</code> (rate-limited) responses not respected per 12 hours. Services like Gitbox, Jira, Confluence, and Bugzilla have rate limits imposed. Abusing these services will result in a <code>429 HTTP</code> response code. Not respecting the HTTP response may result in a <strong>permanent ban</strong>.</li>
</ul>
<p>If you think we banned your IP address by mistake, or if you have been banned but have an explanation why we should bend the rules for your specific case (for instance, if you have a NAT IP address that a lot of people use), contact us at <code>abuse@infra.apache.org</code> or through the "asfinfra" <a href="https://the-asf.slack.com/" target="_blank">Slack channel</a>. We will consider leniency and allow-listing on a case-by-case basis.</p>
-
</div>
</div>
</div>
diff --git a/output/infra-contact.html b/output/infra-contact.html
index 4db4dda..9709e35 100644
--- a/output/infra-contact.html
+++ b/output/infra-contact.html
@@ -75,188 +75,196 @@
</h1>
<p>Here is how to contact Infra in a wide range of situations.</p>
<h2 id="how">How should I make contact?<a class="headerlink" href="#how" title="Permanent link">¶</a></h2>
+
<p>That depends on your role and what you want to do. If this chart doesn't help, Infra maintains a publicly accessible channel (<code>#asfinfra</code>) within the <a href="https://the-asf.slack.com/#asfinfra" target="_blank">ASF presence on Slack</a>, and you can ask there whether to create a bug report or do something else.</p>
<table style="border: 1px solid">
-<tr style="border: 1px solid">
-<th style="padding:10px;border: 1px solid">If you...</th><th style="padding:10px;border: 1px solid">and want to...</th><th style="padding:10px;border: 1px solid">then contact...</th><th style="padding:10px;border: 1px solid">Notes</th>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td rowspan="7" style="padding:10px;border: 1px solid">are anyone</td>
-<td style="padding:10px;border: 1px solid">report a <b>security vulnerability</b> in a service that runs on apache.org</td>
-<td style="padding:10px;border: 1px solid"><code>root@apache.org</code></td>
-<td style="padding:10px;border: 1px solid">You may also encrypt the email to this <a href="https://home.apache.org/keys/group/infrastructure-root.asc" target="_blank">set of keys</a>.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">report a <b>security vulnerability</b> in an Apache project</td>
-<td style="padding:10px;border: 1px solid"> the <a href="https://www.apache.org/security/" target="_blank">Apache Security Team</a></td>
-<td style="padding:10px;border: 1px solid">The Security Team is not part of Infra.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">report that a <b>service is down</b> <em>and</em> <a href="https://status.apache.org/" target="_blank">status.apache.org</a> doesn't show it</td>
-<td style="padding:10px;border: 1px solid">Infra's <a href="https://the-asf.slack.com/#asfinfra" target="_blank">Slack channel</a></td>
-<td style="padding:10px;border: 1px solid">Email to <code>users@infra.apache.org</code> is an acceptable alternative. The <a href="https://twitter.com/infrabot/" target="_blank">infrabot</a> feed on X (formerly Twitter) may contain information about current outages and maintenances.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid"><b>unsubscribe</b> from a mailing list</td>
-<td style="padding:10px;border: 1px solid">See <a href="https://www.apache.org/foundation/mailinglists#subscribe" target="_blank">unsubscription instructions</a></td>
-<td style="border: 1px solid"></td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">discuss something publicly with Infra, or ask Infra a question</td>
-<td style="padding:10px;border: 1px solid"><code>users@infra.apache.org</code></td>
-<td style="padding:10px;border: 1px solid">Consider this a semi-public list, as many people subscribe to it. The discussion archives are available for ASF Members only.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">get your <b>IP</b> unblocked</td>
-<td style="padding:10px;border: 1px solid"><code>abuse@infra.apache.org</code></td>
-<td style="padding:10px;border: 1px solid"></td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid"><b>edit</b> the mail archives of a mailing list you posted to</td>
-<td style="padding:10px;border: 1px solid"><a href="https://www.apache.org/foundation/public-archives" target="_blank">Public forum archive policy</a></td>
-<td style="padding:10px;border: 1px solid">Contact <code>privacy@apache.org</code>. We deny almost all requests.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">are a <b>newly-invited committer</b></td>
-<td style="padding:10px;border: 1px solid">ask a question about your committership</td>
-<td style="padding:10px;border: 1px solid"><code>private@$project</code></td>
-<td style="border: 1px solid"></td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td rowspan="2" style="padding:10px;border: 1px solid">are a <b>committer</b></td>
-<td style="padding:10px;border: 1px solid"><b>regain access</b> to your account</td>
-<td style="padding:10px;border: 1px solid">See <a href="https://infra.apache.org/account-mgmt.html" target="_blank">ASF account management</a></td>
-<td style="padding:10px;border: 1px solid">If commits fail, double-check that you are using <code>https://</code>, not <code>http://</code>.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">change your <b>account details</b></td>
-<td style="padding:10px;border: 1px solid"><a href="https://id.apache.org/" target="_blank">Self-serve</a></td>
-<td style="padding:10px;border: 1px solid"></td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">are a <b>supplier</b></td>
-<td style="padding:10px;border: 1px solid">anything</td>
-<td style="padding:10px;border: 1px solid"><code>private@infra.apache.org</code></td>
-<td style="padding:10px;border: 1px solid"><em>Suppliers donate or sell hardware or services to Apache.</em> <a href="https://home.apache.org/keys/group/infrastructure-root.asc" target="_blank">Encrypt</a> passwords or send them by other means.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">submitted an <b>ICLA</b> in the past</td>
-<td style="padding:10px;border: 1px solid">change your <b>contact details</b> of record</td>
-<td style="padding:10px;border: 1px solid"><code>secretary@apache.org</code></td>
-<td style="padding:10px;border: 1px solid">Snail mail is possible too; see <a href="https://www.apache.org/foundation/contact.html" target="_blank">apache.org/foundation/contact.html</a>.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td rowspan="2" style="padding:10px;border: 1px solid">are part of a <b>PMC</b></td>
-<td style="padding:10px;border: 1px solid">request <b>account creation</b> for a newly-elected committer</td>
-<td style="padding:10px;border: 1px solid"><a href="https://whimsy.apache.org/officers/acreq" target="_blank">Whimsy</a></td>
-<td style="padding:10px;border: 1px solid">Instructions are <a href="https://www.apache.org/dev/pmc#newcommitter" target="_blank">here</a></td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">ask Infra to do something</td>
-<td style="padding:10px;border: 1px solid"><a href="https://issues.apache.org/jira/browse/INFRA" target="_blank">Create a Jira ticket</a></td>
-<td style="padding:10px;border: 1px solid">See <a href="https://infra.apache.org/infra-contact.html#requesting-action" target="_blank">On Requests</a> and <a href="https://infra.apache.org/infra-contact.html#what-we-need-to-know" target="_blank">What we need to know</a>.</td>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">are a <b>committer</b> or part of a <b>PMC</b></td>
-<td style="padding:10px;border: 1px solid">change <b>Jenkins</b> build settings</td>
-<td style="padding:10px;border: 1px solid"><code>builds@apache.org</code></td>
-<td style="padding:10px;border: 1px solid">Project members having hudson-jobadmin <em>karma</em> can perform some tasks; ask your <code>dev@</code> list.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">are part of a newly-accepted <b>podling</b></td>
-<td style="padding:10px;border: 1px solid">create podling infrastructure (site, lists, etc.)</td>
-<td style="padding:10px;border: 1px solid">See <a href="https://infra.apache.org/infra-incubator.html" target="_blank">Infra and the Incubator</a></td>
-<td></td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">are part of a <b>podling</b> that has just <b>graduated</b></td>
-<td style="padding:10px;border: 1px solid"><b>migrate resources</b> from Incubator locations to top-level-project (TLP) locations</td>
-<td style="padding:10px;border: 1px solid">See <a href="https://infra.apache.org/infra-incubator.html" target="_blank">Infra and the Incubator</a></td>
-<td></td>
-<tr style="border: 1px solid" valign="top">
-<tr valign="top">
-<td style="padding:10px;border: 1px solid">are part of a PMC or a podling</td>
-<td style="padding:10px;border: 1px solid">request <b>mailing list creation</b></td>
-<td style="padding:10px;border: 1px solid"><a href="https://selfserve.apache.org/mailinglist-new.html" target="_blank">Self-serve</a></td>
-<td style="padding:10px;border: 1px solid">Only ASF Members and Officers (including PMC chairs) can submit the form</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">are an <b>Officer</b> of the ASF</td>
-<td style="padding:10px;border: 1px solid">ask an organizational (as opposed to technical) question</td>
-<td style="padding:10px;border: 1px solid">VP Infrastructure, or <code>private@infra.apache.org</code></td>
-<td style="padding:10px;border: 1px solid">The target audience for this item is members of the Apache Board of Directors, the VPs of Fundraising and Marketing, etc.</td>
-</tr>
-</tr></tr></tr></table>
-<h2 id="what-we-need-to-know">What we need to know<a class="headerlink" href="#what-we-need-to-know" title="Permanent link">¶</a></h2>
-<table style="border: 1px solid">
-<tr style="border: 1px solid">
-<th style="padding:10px;border: 1px solid">If you ask us to...</th><th style="padding:10px;border: 1px solid">we need to know...</th><th style="padding:10px;border: 1px solid">Notes</th>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid"><b>create</b> a podling</td>
-<td style="padding:10px;border: 1px solid"></td>
-<td style="padding:10px;border: 1px solid">See <a href="https://infra.apache.org/infra-incubator.html" target="_blank">Infra and the Incubator</a></td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid"><b>promote</b> a podling to Top-Level Project (TLP)</td>
-<td style="border: 1px solid"></td>
-<td style="padding:10px;border: 1px solid">See <a href="https://infra.apache.org/infra-incubator.html" target="_blank">Infra and the Incubator</a></td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">load a repository's <b>Subversion history</b></td>
-<td style="padding:10px;border: 1px solid">URL and checksum (or PGP signature) of a dumpfile; proof of <a href="https://www.apache.org/legal/resolved#category-a" target="_blank">IP rights</a></td>
-<td style="padding:10px;border: 1px solid">Produce with <code>svnadmin dump --incremental --deltas</code> or <code>svnrdump</code>. The paths within the dumpfile should be relative to the project root (e.g., to <code>/repos/asf/incubator/MyPodling</code>).</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">load a repository's <b>Git history</b></td>
-<td style="padding:10px;border: 1px solid">URL of a repository or an export stream; proof of <a href="https://www.apache.org/legal/resolved#category-a" target="_blank">IP rights</a></td>
-<td style="padding:10px;border: 1px solid">If linking to a file, provide PGP signature or checksum. If to a remote repository, you must review and sign off on the import ("Yes, that is the repository and history we asked to import and have IP rights for") before it will be writable.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">create an <b>svnpubsub-based site</b></td>
-<td style="padding:10px;border: 1px solid">SVN URL of the compiled site (directory containing HTML files)</td>
-<td style="padding:10px;border: 1px solid">For Git-based web sites, refer to <a href="https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features" target="_blank">Git-.asf.yaml features</a> for instructions on publishing.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">create a <b>project blog</b></td>
-<td style="border: 1px solid"></td>
-<td style="padding:10px;border: 1px solid"><a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a></td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">create a project <b>Confluence wiki space</b></td>
-<td style="padding:10px;border: 1px solid">wiki name, destination for commit mails, and Confluence usernames of at least two community members who will be space admins</td>
-<td style="padding:10px;border: 1px solid">Go to <a href="https://selfserve.apache.org/confluence-new.html" target="_blank">Self-serve</a> and follow the prompts.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">set up your project on <b>Review Board</b></td>
-<td style="padding:10px;border: 1px solid">project name, which SVN/Git repositories to support</td>
-<td style="padding:10px;border: 1px solid"><a href="https://reviews.apache.org/" target="_blank">Review Board</a> is a web-based collaborative code review tool, available as free software under the MIT License.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">create a <b>Jira project</b></td>
-<td style="padding:10px;border: 1px solid">Key name (e.g., INFRA), Jira user names of 1-2 project members who will be project admins, mailing list address to which Jira notifications should go</td>
-<td style="padding:10px;border: 1px solid">Go to <a href="https://selfserve.apache.org/jira-project.html" target="_blank">Self-serve</a> and follow the prompts</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid"><b>migrate</b> your project's SVN repository to Git</td>
-<td style="padding:10px;border: 1px solid"></td>
-<td style="padding:10px;border: 1px solid">Use <a href="https://selfserve.apache.org/" target="_blank">Self-serve</a> to create your intended Git repo(s). Run <code>svn2git</code> locally using this <a href="https://gitbox.apache.org/authors.txt" target="_blank">authors file</a> and push once the conversion result is confirmed. Submit a Jira ticket for Infra to mark your SVN repository <code>readonly</code>. Optionally, submit a Jira ticket to temporarily disable commit emails while you push your converted clone.</td>
-</tr>
-<tr style="border: 1px solid" valign="top">
-<td style="padding:10px;border: 1px solid">become an email list moderator</td>
-<td style="border: 1px solid"></td>
-<td style="padding:10px;border: 1px solid">See "How do I change moderators?" on <a href="https://infra.apache.org/mailing-list-moderation.html" target="_blank">Mailing list moderation</a>. You will need to involve someone from the list on that page of those with authority to manage project mailing lists.</td>
-</tr>
+ <tr style="border: 1px solid">
+ <th style="padding:10px;border: 1px solid">If you...</th><th style="padding:10px;border: 1px solid">and want to...</th><th style="padding:10px;border: 1px solid">then contact...</th><th style="padding:10px;border: 1px solid">Notes</th>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td rowspan="7" style="padding:10px;border: 1px solid">are anyone</td>
+ <td style="padding:10px;border: 1px solid">report a <b>security vulnerability</b> in a service that runs on apache.org</td>
+ <td style="padding:10px;border: 1px solid"><code>root@apache.org</code></td>
+ <td style="padding:10px;border: 1px solid">You may also encrypt the email to this <a href="https://home.apache.org/keys/group/infrastructure-root.asc" target="_blank">set of keys</a>.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">report a <b>security vulnerability</b> in an Apache project</td>
+ <td style="padding:10px;border: 1px solid"> the <a href="https://www.apache.org/security/" target="_blank">Apache Security Team</a></td>
+ <td style="padding:10px;border: 1px solid">The Security Team is not part of Infra.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">report that a <b>service is down</b> <em>and</em> <a href="https://status.apache.org/" target="_blank">status.apache.org</a> doesn't show it</td>
+ <td style="padding:10px;border: 1px solid">Infra's <a href="https://the-asf.slack.com/#asfinfra" target="_blank">Slack channel</a></td>
+ <td style="padding:10px;border: 1px solid">Email to <code>users@infra.apache.org</code> is an acceptable alternative. The <a href="https://twitter.com/infrabot/" target="_blank">infrabot</a> feed on X (formerly Twitter) may contain information about current outages and maintenances.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid"><b>unsubscribe</b> from a mailing list</td>
+ <td style="padding:10px;border: 1px solid">See <a href="https://www.apache.org/foundation/mailinglists#subscribe" target="_blank">unsubscription instructions</a></td>
+ <td style="border: 1px solid"></td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">discuss something publicly with Infra, or ask Infra a question</td>
+ <td style="padding:10px;border: 1px solid"><code>users@infra.apache.org</code></td>
+ <td style="padding:10px;border: 1px solid">Consider this a semi-public list, as many people subscribe to it. The discussion archives are available for ASF Members only.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">get your <b>IP</b> unblocked</td>
+ <td style="padding:10px;border: 1px solid"><code>abuse@infra.apache.org</code></td>
+ <td style="padding:10px;border: 1px solid"></td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid"><b>edit</b> the mail archives of a mailing list you posted to</td>
+ <td style="padding:10px;border: 1px solid"><a href="https://www.apache.org/foundation/public-archives" target="_blank">Public forum archive policy</a></td>
+ <td style="padding:10px;border: 1px solid">Contact <code>privacy@apache.org</code>. We deny almost all requests.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">are a <b>newly-invited committer</b></td>
+ <td style="padding:10px;border: 1px solid">ask a question about your committership</td>
+ <td style="padding:10px;border: 1px solid"><code>private@$project</code></td>
+ <td style="border: 1px solid"></td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td rowspan="2" style="padding:10px;border: 1px solid">are a <b>committer</b></td>
+ <td style="padding:10px;border: 1px solid"><b>regain access</b> to your account</td>
+ <td style="padding:10px;border: 1px solid">See <a href="https://infra.apache.org/account-mgmt.html" target="_blank">ASF account management</a></td>
+ <td style="padding:10px;border: 1px solid">If commits fail, double-check that you are using <code>https://</code>, not <code>http://</code>.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">change your <b>account details</b></td>
+ <td style="padding:10px;border: 1px solid"><a href="https://id.apache.org/" target="_blank">Self-serve</a></td>
+ <td style="padding:10px;border: 1px solid"></td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">are a <b>supplier</b></td>
+ <td style="padding:10px;border: 1px solid">anything</td>
+ <td style="padding:10px;border: 1px solid"><code>private@infra.apache.org</code></td>
+ <td style="padding:10px;border: 1px solid"><em>Suppliers donate or sell hardware or services to Apache.</em> <a href="https://home.apache.org/keys/group/infrastructure-root.asc" target="_blank">Encrypt</a> passwords or send them by other means.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">submitted an <b>ICLA</b> in the past</td>
+ <td style="padding:10px;border: 1px solid">change your <b>contact details</b> of record</td>
+ <td style="padding:10px;border: 1px solid"><code>secretary@apache.org</code></td>
+ <td style="padding:10px;border: 1px solid">Snail mail is possible too; see <a href="https://www.apache.org/foundation/contact.html" target="_blank">apache.org/foundation/contact.html</a>.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td rowspan="2" style="padding:10px;border: 1px solid" >are part of a <b>PMC</b></td>
+ <td style="padding:10px;border: 1px solid">request <b>account creation</b> for a newly-elected committer</td>
+ <td style="padding:10px;border: 1px solid"><a href="https://whimsy.apache.org/officers/acreq" target="_blank">Whimsy</a></td>
+ <td style="padding:10px;border: 1px solid">Instructions are <a href="https://www.apache.org/dev/pmc#newcommitter" target="_blank">here</a></td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">ask Infra to do something</td>
+ <td style="padding:10px;border: 1px solid"><a href="https://issues.apache.org/jira/browse/INFRA" target="_blank">Create a Jira ticket</a></td>
+ <td style="padding:10px;border: 1px solid">See <a href="https://infra.apache.org/infra-contact.html#requesting-action" target="_blank">On Requests</a> and <a href="https://infra.apache.org/infra-contact.html#what-we-need-to-know" target="_blank">What we need to know</a>.</td>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">are a <b>committer</b> or part of a <b>PMC</b></td>
+ <td style="padding:10px;border: 1px solid">change <b>Jenkins</b> build settings</td>
+ <td style="padding:10px;border: 1px solid"><code>builds@apache.org</code></td>
+ <td style="padding:10px;border: 1px solid">Project members having hudson-jobadmin <em>karma</em> can perform some tasks; ask your <code>dev@</code> list.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">are part of a newly-accepted <b>podling</b></td>
+ <td style="padding:10px;border: 1px solid">create podling infrastructure (site, lists, etc.)</td>
+ <td style="padding:10px;border: 1px solid">See <a href="https://infra.apache.org/infra-incubator.html" target="_blank">Infra and the Incubator</a></td>
+ <td></td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">are part of a <b>podling</b> that has just <b>graduated</b></td>
+ <td style="padding:10px;border: 1px solid"><b>migrate resources</b> from Incubator locations to top-level-project (TLP) locations</td>
+ <td style="padding:10px;border: 1px solid">See <a href="https://infra.apache.org/infra-incubator.html" target="_blank">Infra and the Incubator</a></td>
+ <td></td>
+ <tr valign="top" style="border: 1px solid">
+ <tr valign="top">
+ <td style="padding:10px;border: 1px solid">are part of a PMC or a podling</td>
+ <td style="padding:10px;border: 1px solid">request <b>mailing list creation</b></td>
+ <td style="padding:10px;border: 1px solid"><a href="https://selfserve.apache.org/mailinglist-new.html" target="_blank">Self-serve</a></td>
+ <td style="padding:10px;border: 1px solid">Only ASF Members and Officers (including PMC chairs) can submit the form</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">are an <b>Officer</b> of the ASF</td>
+ <td style="padding:10px;border: 1px solid">ask an organizational (as opposed to technical) question</td>
+ <td style="padding:10px;border: 1px solid">VP Infrastructure, or <code>private@infra.apache.org</code></td>
+ <td style="padding:10px;border: 1px solid">The target audience for this item is members of the Apache Board of Directors, the VPs of Fundraising and Marketing, etc.</td>
+ </tr>
</table>
+
+<h2 id="what-we-need-to-know">What we need to know<a class="headerlink" href="#what-we-need-to-know" title="Permanent link">¶</a></h2>
+
+<table style="border: 1px solid">
+ <tr style="border: 1px solid">
+ <th style="padding:10px;border: 1px solid">If you ask us to...</th><th style="padding:10px;border: 1px solid" >we need to know...</th><th style="padding:10px;border: 1px solid">Notes</th>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid"><b>create</b> a podling</td>
+ <td style="padding:10px;border: 1px solid"></td>
+ <td style="padding:10px;border: 1px solid">See <a href="https://infra.apache.org/infra-incubator.html" target="_blank">Infra and the Incubator</a></td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid"><b>promote</b> a podling to Top-Level Project (TLP)</td>
+ <td style="border: 1px solid"></td>
+ <td style="padding:10px;border: 1px solid">See <a href="https://infra.apache.org/infra-incubator.html" target="_blank">Infra and the Incubator</a></td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">load a repository's <b>Subversion history</b></td>
+ <td style="padding:10px;border: 1px solid">URL and checksum (or PGP signature) of a dumpfile; proof of <a href="https://www.apache.org/legal/resolved#category-a" target="_blank">IP rights</a></td>
+ <td style="padding:10px;border: 1px solid">Produce with <code>svnadmin dump --incremental --deltas</code> or <code>svnrdump</code>. The paths within the dumpfile should be relative to the project root (e.g., to <code>/repos/asf/incubator/MyPodling</code>).</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">load a repository's <b>Git history</b></td>
+ <td style="padding:10px;border: 1px solid">URL of a repository or an export stream; proof of <a href="https://www.apache.org/legal/resolved#category-a" target="_blank">IP rights</a></td>
+ <td style="padding:10px;border: 1px solid">If linking to a file, provide PGP signature or checksum. If to a remote repository, you must review and sign off on the import ("Yes, that is the repository and history we asked to import and have IP rights for") before it will be writable.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">create an <b>svnpubsub-based site</b></td>
+ <td style="padding:10px;border: 1px solid">SVN URL of the compiled site (directory containing HTML files)</td>
+ <td style="padding:10px;border: 1px solid">For Git-based web sites, refer to <a href="https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features" target="_blank">Git-.asf.yaml features</a> for instructions on publishing.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">create a <b>project blog</b></td>
+ <td style="border: 1px solid"></td>
+ <td style="padding:10px;border: 1px solid"><a href="https://infra.apache.org/project-blogs.html" target="_blank">Project Blog</a></td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">create a project <b>Confluence wiki space</b></td>
+ <td style="padding:10px;border: 1px solid">wiki name, destination for commit mails, and Confluence usernames of at least two community members who will be space admins</td>
+ <td style="padding:10px;border: 1px solid">Go to <a href="https://selfserve.apache.org/confluence-new.html" target="_blank">Self-serve</a> and follow the prompts.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">set up your project on <b>Review Board</b></td>
+ <td style="padding:10px;border: 1px solid">project name, which SVN/Git repositories to support</td>
+ <td style="padding:10px;border: 1px solid"><a href="https://reviews.apache.org/" target="_blank">Review Board</a> is a web-based collaborative code review tool, available as free software under the MIT License.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">create a <b>Jira project</b></td>
+ <td style="padding:10px;border: 1px solid">Key name (e.g., INFRA), Jira user names of 1-2 project members who will be project admins, mailing list address to which Jira notifications should go</td>
+ <td style="padding:10px;border: 1px solid">Go to <a href="https://selfserve.apache.org/jira-project.html" target="_blank">Self-serve</a> and follow the prompts</td>
+ </tr>
+ <tr valign="top"style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid"><b>migrate</b> your project's SVN repository to Git</td>
+ <td style="padding:10px;border: 1px solid"></td>
+ <td style="padding:10px;border: 1px solid">Use <a href="https://selfserve.apache.org/" target="_blank">Self-serve</a> to create your intended Git repo(s). Run <code>svn2git</code> locally using this <a href="https://gitbox.apache.org/authors.txt" target="_blank">authors file</a> and push once the conversion result is confirmed. Submit a Jira ticket for Infra to mark your SVN repository <code>readonly</code>. Optionally, submit a Jira ticket to temporarily disable commit emails while you push your converted clone.</td>
+ </tr>
+ <tr valign="top" style="border: 1px solid">
+ <td style="padding:10px;border: 1px solid">become an email list moderator</td>
+ <td style="border: 1px solid"></td>
+ <td style="padding:10px;border: 1px solid">See "How do I change moderators?" on <a href="https://infra.apache.org/mailing-list-moderation.html" target="_blank">Mailing list moderation</a>. You will need to involve someone from the list on that page of those with authority to manage project mailing lists.</td>
+ </tr>
+</table>
+
<p>Don't see here what you're looking for? See above for <a href="#requesting-where">other cases</a>.</p>
<h2 id="requesting-action">Other Requests<a class="headerlink" href="#requesting-action" title="Permanent link">¶</a></h2>
+
<h4 id="requesting-menu">What can I ask for?<a class="headerlink" href="#requestin-menu" title="Permanent link">¶</a></h4>
-<p>See the list of <a href="https://infra.apache.org/services.html">Services and tools</a> Infra provides for projects. If you want something that isn't listed, get in touch with a Jira ticket for Infra. It might be possible to support it, especially if the feature request includes a list of <a href="infra-volunteer.html">volunteers</a> who will help maintain it hint, hint.</p>
+
+<p>See the list of <a href="https://infra.apache.org/services.html">Services and tools</a> Infra provides for projects. If you want something that isn't listed, get in touch with a Jira ticket for Infra. It might be possible to support it, especially if the feature request includes a list of <a href="infra-volunteer.html">volunteers</a> who will help maintain it hint, hint.</p></p>
<h4 id="requesting-where">Where should I submit my request?<a class="headerlink" href="#requesting-where" title="Permanent link">¶</a></h4>
-<p>If there is a <a href="https://selfserve.apache.org/" target="_blank">dedicated app</a>, use it. If not, file a <a href="https://issues.apache.org/jira/browse/INFRA" target="_blank">Jira ticket</a> for Infra.</p>
+
+<p>If there is a <a href="https://selfserve.apache.org/" target="_blank">dedicated app</a>, use it. If not, file a <a href="https://issues.apache.org/jira/browse/INFRA" target="_blank">Jira ticket</a> for Infra. </p>
<p>Please review the tables above before filing a ticket - often you or someone in your PMC can effect the change without involving infra at all.</p>
<h5 id="request-checklist">Before you press `Send` on your ticket:<a class="headerlink" href="#request-checklist" title="Permanent link">¶</a></h5>
+
<ul>
-<li><strong>Ask</strong> in your project whether someone has the karma to implement the requested change. This eases the load on the infra team. The moderators and volunteer admins of the project's issue tracker and wiki can often address issues with those services.</li>
+<li><strong>Ask</strong> in your project</strong> whether someone has the karma to implement the requested change. This eases the load on the infra team. The moderators and volunteer admins of the project's issue tracker and wiki can often address issues with those services.</li>
<li><strong>Aggregate requests</strong>: instead of sending five emails, each asking for one more moderator to be added, send one email asking for five moderators to be added.</li>
<li><strong>CC your PMC</strong> on emails. When creating Jira tickets, some cases <strong>SHOULD</strong> or even <strong>MUST</strong> demonstrate PMC consensus. If the ticket does not demonstrate PMC consensus, Infra will close the ticket as <strong>invalid</strong> or <strong>reject</strong> it. For more details, please refer to our <a href="jira-guidelines.html">Jira Guidelines</a>.</li>
<li>If you create a Jira ticket, create it in the <strong>right Jira component</strong>. This helps the team spot pending tasks in their areas. If it's not obvious which component is the right one, select "documentation".</li>
@@ -265,14 +273,15 @@
</ul>
<p><strong>Thanks</strong>. Making requests following these guidelines might require a little effort, but saves time for all involved.</p>
<h4 id="reopen">My issue got closed with a request to reopen it<a class="headerlink" href="#reopen" title="Permanent link">¶</a></h4>
+
<p>The closed ticket may have a note indicating why we closed it. For instance, the ticket may have lacked information required to confirm or adddress the issue.</p>
<p>If you have additional information that would help us understand and respond to your issue, please include it in a new INFRA Jira ticket and we will give it a look.</p>
<h4 id="ignored">My issue got ignored<a class="headerlink" href="#ignored" title="Permanent link">¶</a></h4>
+
<p>There could be a few reasons: some areas have longer turn-around times than others; sometimes we're busy on backend projects like installing new hardware and have little time for user-facing tasks; sometimes an issue blocks as we wait for new hardware to get
shipped, installed, and configured; sometimes we're just backlogged and are working on issues ahead of yours in the
queue; and sometimes we do tickets of a certain category in batch, and yours will be done in the next batch in a few days.</p>
<p>To make sure your issue doesn't get lost, feel free to add a comment to the relevant Jira issue, or email the <code>users@infra</code> list with a question. If the matter remains unresolved after that, feel free to escalate it to <a href="https://www.apache.org/foundation/" target="_blank">the VP-Infrastructure</a> or to the <code>operations@</code> privately-archived mailing list (everyone may post to it).</p>
-
</div>
</div>
</div>
diff --git a/output/infra-incubator.html b/output/infra-incubator.html
index 101a62a..62acd3c 100644
--- a/output/infra-incubator.html
+++ b/output/infra-incubator.html
@@ -77,7 +77,7 @@
<p>The Infrastructure team (Infra) manages the systems and hardware that run the services that the ASF and its projects depend on. Infra also reviews requests to install new systems or software on ASF machines, and provides virtual machines (VMs) for projectrs. It's a small team, distributed across many time zones. Someone is on duty at all hours to respond to emergency issues.</p>
<h2>Infra and incubating projects</h2>
<p>Your mentor is your first stop in figuring out technical issues for your incubating project. They can explain, based on long experience, how to get the best out of the ASF systems, machines, and services. However, if the mentor is not available, members of the new project can move forward the process of setting up project resources.</p>
-<img src="https://cwiki.apache.org/confluence/rest/gliffy/1.0/embeddedDiagrams/7df21120-01db-421e-bb47-353b7977097a.png"/>
+<p><img src="https://cwiki.apache.org/confluence/rest/gliffy/1.0/embeddedDiagrams/7df21120-01db-421e-bb47-353b7977097a.png" /></p>
<h3>Phase 1: Establishing a podling</h3>
<p><strong>Podling bootstrap file</strong></p>
<p>The very first task is for a mentor or champion to bootstrap the project via the <em>podlings.xml</em> file that tracks all current and previous podlings.</p>
@@ -104,7 +104,7 @@
<p>Moving existing repositories into ASF version control generally requires a github.com transition to the <code>github.com/apache/</code> organization. To make the transition,, file a Jira ticket with Infra.</p>
<p>If you wish to copy existing code without transferring github stars, etc., your mentor can request <strong>new repositories</strong> for the project via <a href="https://selfserve.apache.org/" target="_blank">SelfServe</a>.</p>
<p><strong>Bug tracking</strong></p>
-<p>You can enable GitHub issues (and wikis) via our (<a href="https://cwiki.apache.org/confluence/display/INFRA/git+-+.asf.yaml+features" target="_blank">.asf.yaml</a> service, a configuration file that controls features such as notification schemes, website staging, GitHub settings, and Pelican builds. This is a per-repo feature.</p>
+<p>You can enable GitHub issues (and wikis) via our (<a href="https://cwiki.apache.org/confluence/display/INFRA/git+-+.asf.yaml+features" target="_blank">.asf.yaml</a> service, a configuration file that controls features such as notification schemes, website staging, GitHub settings, and Pelican builds. This is a per-repo feature. </p>
<p>The project can request a Jira instance for issue tracking via <a href="https://selfserve.apache.org/" target="_blank">SelfServe</a>.</p>
<p><strong>Confluence Wiki</strong></p>
<p>Every project can have a dedicated space on the Apache Confluence wiki. Project participants can use the space to develop documentation, share planning and process documents, and work collaboratively. They can opt to make some pages in their space available to the public. Request a Confluence wiki space for the project via <a href="https://selfserve.apache.org/" target="_blank">SelfServe</a>.</p>
@@ -112,8 +112,7 @@
<p>Standard practice is to create a web site repository via <a href="https://selfserve.apache.org/" target="_blank_">SelfServe</a>, and then use .asf.yaml for publishing on <code>$project.apache.org</code>.</p>
<h2>Contacting Infra</h2>
<p>If there is a problem, or you need Infra to do something, the best option is to start a Jira ticket assigned to Infra. That helps us and you track progress on whatever the thing is.</p>
-<p>For more informal contact, you can use the <em>asfinfra</em> Slack channel in the Apache Slack workspace, or send an email. Further details are <a href="contact.html">here</a>.</p>
-
+<p>For more informal contact, you can use the <em>asfinfra</em> Slack channel in the Apache Slack workspace, or send an email. Further details are <a href="contact.html">here</a>.</p>
</div>
</div>
</div>
diff --git a/output/infra-mail.html b/output/infra-mail.html
index 515aad3..07f98b4 100644
--- a/output/infra-mail.html
+++ b/output/infra-mail.html
@@ -74,14 +74,17 @@
Apache Infrastructure mailing lists
</h1>
<p id="infra-lists">Participation in the Infra mailing lists is only available to ASF committers.</p>
-<p>You can subscribe in the normal way. The moderators will verify that you are an ASF committer, so please either use your <code>@apache.org</code> address or its forwarding address. There are public archives for issues@ and site-dev@; all other infra@ lists are private. (We often call it "infra@" because that is less typing, but there is no such list.)</p>
+
+<p>You can subscribe in the normal way. The moderators will verify that you are an ASF committer, so please either use your <code>@apache.org</code> address or its forwarding address. There are public archives for issues@ and site-dev@; all other infra@ lists are private. (We often call it "infra@" because that is less typing, but there is no such list.)</p></p>
<p id="private-lists">The infra@ mailing lists are (mostly) private. You must not forward messages from there to public lists. Forwarding to more private mailing lists (like a pmc mailing list, the board, or the members mailing list) might be appropriate on some occasions. Ask if in doubt.</p>
+
<h2 id="lists">The lists</h2>
+
<ul>
<li><code>users@infra</code>: Infra uses the general discussion list to discuss issues concerning the operation of the Apache Software Foundation systems, and for committers to report problems or issues. <strong>This is not the address for questions about
the ASF or any of its projects.</strong> It is for communication between ASF committers <em>only</em> to support the infrastructure. Anyone may send mail to report problems with ASF systems, but check <a href="https://status.apache.org/" target="_blank">the status page</a> before mailing to see whether Infra already knows about what you have noticed.</li>
<li><code>private@infra</code>: For the core infra@ team only. It focuses on the infrastructure team working directly on pressing issues. Infra moderates subscriptions, which are restricted to ASF members and current infra <a href="infra-volunteer.html">volunteers</a>. Only
-subscribers can post.</li>
+subscribers can post. </li>
<li><code>commits@infra</code>: SVN commit messages for the ASF Infrastructure trunk, and Git commit messages for ASF Infra.</li>
<li><code>issues@infra</code>: Messages from the INFRA Issue Tracker. Only ASF committers and people invited by the infra@ team can join. To "post" to this list, file a Jira comment which Jira sends to the list.</li>
<li><code>site-cvs@</code>: Private lists for SVN commit messages for the ASF Infrastructure website.</li>
@@ -89,7 +92,6 @@
ASF (e.g. /dev/) and for co-ordination of infrastructure needs and publishing methods for all ASF project websites. Participation is open to to any committer or interested party invited by a committer (by sending an email to site-dev-owner). The list is normally low volume.</li>
<li><code>infrastructure-dev@</code>: This list was closed in October, 2016 and not replaced. Instead please use <code>users@infra</code>. It was dedicated to developing and documenting software tools for potential ASF infrastructure.</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/infra-reports.html b/output/infra-reports.html
index f9baad8..b2d7b7c 100644
--- a/output/infra-reports.html
+++ b/output/infra-reports.html
@@ -74,7 +74,7 @@
ASF Infrastructure Reporting Dashboard
</h1>
<p>The dashboard, at <a href="https://infra-reports.apache.org" target="_blank">infra-reports.apache.org</a>, provides a collection of reports on the overall health and activity of the infrastructure at the ASF. These reports can be helpful in understanding the status of all the ASF 'under the hood' resources, and in assessing the resource cost of some activities, like build processes.</p>
-<p>Some of the reports are open to the public, while others are restricted to those who genuinely need them.</p>
+<p>Some of the reports are open to the public, while others are restricted to those who genuinely need them. </p>
<h2>Reports available to all</h2>
<ul>
<li><strong>Uptime Statistics</strong>: This dashboard provides an overview of uptime of a wide range of services, including email, forums and Confluence wikis, version control systems, and websites.</li>
@@ -86,10 +86,9 @@
<li><strong>Jira tickets</strong>: Infra uses this dashboard to track resolution of Jira tickets related to infrastructure work. Gauges and charts cover how quickly issues are resolved and whether the number of open tickets for Jira is increasing or decreasing, and provides a drive-by view of all open Jira tickets.</li>
<li><strong>Mail Transport Statistics</strong>: This screen, for the Infrastructure team, gives a visualization of how the system is handling ASF and project email.</li>
<li><strong>Real-time Download Stats</strong>: On this screen, an ASF Member or Committer can select a project to which they belong and get a series of informative charts (over time, by country, by artifact) of downloads of the project's released artifacts.</li>
-<li><strong>GitHub Actions Usage</strong>: This screen displays the use of GitHub Actions for projects you belong to. The chart can be configured for project (if you belong to more than one), time range and other options.</li>
+<li><strong>GitHub Actions Usage</strong>: This screen displays the use of GitHub Actions for projects you belong to. The chart can be configured for project (if you belong to more than one), time range and other options. </li>
</ul>
<p>Send questions or suggestions about the dashboard to <code>users@infra.apache.org</code>.</p>
-
</div>
</div>
</div>
diff --git a/output/infra-volunteer.html b/output/infra-volunteer.html
index 36c68fb..639f349 100644
--- a/output/infra-volunteer.html
+++ b/output/infra-volunteer.html
@@ -78,15 +78,14 @@
<ul>
<li>Read infrastructure mailing lists and be aware of what is going on. Read #asfinfra as well in the ASF Slack space.</li>
<li>Work on documentation, especially procedural documentation and answers to FAQs. Everybody saves time if committers, contributors and PMCs can consult web pages that have most of the information they ask for most of the time..</li>
-<li>Answer questions that other people ask on <a href="mailto:users@infra.apache.org">users@infra.apache.org</a>. This is immensely beneficial to the rest of the team, as it frees them up to get on with other things.</li>
+<li>Answer questions that other people ask on users@infra.apache.org. This is immensely beneficial to the rest of the team, as it frees them up to get on with other things.</li>
<li>Work through the Jira Issue Tracker and submit patches, comments, links, etc. that may help in resolving them.</li>
-<li>Look for support requests on <a href="mailto:users@infra.apache.org">users@infra.apache.org</a> as they come in and volunteer to handle them.</li>
+<li>Look for support requests on users@infra.apache.org as they come in and volunteer to handle them.</li>
<li>Add entries to the Issue Tracker for issues raised via e-mail that are not yet being handled. We don't want them slipping through the cracks.</li>
<li>Work on in-house tasks. At any time there are several outstanding TODOs involving general documentation, in-house services, patches, and scripts; not everything is recorded on the issue tracker.</li>
</ul>
<p><strong>Visit</strong> <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Volunteers+and+Roles" target="_blank">this Wiki</a> page for details about all the lovely infrastructure tasks waiting for volunteers.</p>
<p><strong>Come talk to us on <a href="https://the-asf.slack.com/">Slack</a> in the #asfinfra channel!</strong></p>
-
</div>
</div>
</div>
diff --git a/output/jira-approve-account.html b/output/jira-approve-account.html
index 1341ca5..33207b2 100644
--- a/output/jira-approve-account.html
+++ b/output/jira-approve-account.html
@@ -75,7 +75,7 @@
</h1>
<p>The ASF uses Jira as one of its main systems for receiving and tracking bug reports and feature requests for our many projects. We require people who are not already part of the ASF community to have an ASF Jira account in order to submit Jira tickets. To get that account, a person who does not already have an ASF identity has to apply in one of two ways:</p>
<ol>
-<li>Using this form on our self-serve system: <a href="https://selfserve.apache.org/jira-account.html" target="_blank"><a href="https://selfserve.apache.org/jira-account.html">https://selfserve.apache.org/jira-account.html</a></a>, which asks them to identify the project to which they want to submit tickets. ASF members associated with that project then review the application to make sure the information is correct and the reason for the account is valid.</li>
+<li>Using this form on our self-serve system: <a href="https://selfserve.apache.org/jira-account.html" target="_blank">https://selfserve.apache.org/jira-account.html</a>, which asks them to identify the project to which they want to submit tickets. ASF members associated with that project then review the application to make sure the information is correct and the reason for the account is valid.</li>
<li>Some projects ask requesters to send their request to the <code>users@</code> list for review, giving the same information in their email that they would provide on the self-serve form.</li>
</ol>
<p><strong>Note</strong>: a person does not need a Jira account to view existing issue reports and enhancement requests.</p>
@@ -88,7 +88,6 @@
<h2>Approving account requests</h2>
<p>In general, if the request seems valid--all fields are filled in with appropriate information, the reason for the account does not seem suspicious (or machine-written), and the reason given is not about a security vulnerability (see above)--approve it. Do not worry too much about increasing the number of ASF Jira accounts, as Infra is working on addressing that issue in other ways than rejecting valid requests.</p>
<p>If you are in doubt, consult with colleagues on your PMC.</p>
-
</div>
</div>
</div>
diff --git a/output/jira-guidelines.html b/output/jira-guidelines.html
index da98210..f8462de 100644
--- a/output/jira-guidelines.html
+++ b/output/jira-guidelines.html
@@ -83,16 +83,21 @@
<li><a href="#before">Before you create a ticket</a></li>
<li><a href="#writing">Writing a good Jira ticket</a></li>
<li><a href="#followup">Jira tickets for Infra</a></li>
-</li></ul>
+
+</ul>
+
<h3 id="who">Who can create a ticket<a class="headerlink" href="#who" title="Permanent link">¶</a></h3>
+
<p>Any person with an ASF Jira account can open a ticket for any ASF project.</p>
<p>In November, 2022, due to an influx of false Jira accounts creating a flood of spam tickets, Infra ended public signups to ASF Jira accounts. This <a href="https://infra.apache.org/blog/jira-public-signup-disabled.html" target="_blank">blog post</a> discusses the decision.</p>
<p>If you need to open a Jira ticket for a particular project and do not have an ASF Jira account, you can use the <a href="https://selfserve.apache.org/jira-account.html" target="_blank">Jira account request</a> feature in our <a href="https://selfserve.apache.org" target="_blank">self-serve portal</a> to request an account. The project which you specify in your request will review your information and either approve or reject the application. You will get a notification of their decision.</p>
<p>If your application is approved, you receive an email with a link to where you can request a password for your Jira account. Once you have logged in, you can create Jira tickets for ASF projects, for Infra, or for the ASF in general.</p>
<h3 id="account">Approving an account request for a non-ASF reporter<a class="headerlink" href="#account" title="Permanent link">¶</a></h3>
+
<p>When someone who is not part of the ASF community requests a Jira account so they can submit tickets related to a project's product, the PMC of the project they specify in their application receives a notice that the application is pending. Please review the <a href="jira-approve-account.html">policy on approving Jira accounts</a> for people who are not members of the ASF community before reviewing the application.</p>
<p>Review the applicant's information and either approve or deny the request. If you deny the request, you have the option of adding an explanation for the denial. The system sends an email with your decision (including any explanation you provide for a denial) to the applicant.</p>
<h3 id="before">Before you create a ticket<a class="headerlink" href="#before" title="Permanent link">¶</a></h3>
+
<p><strong>Note</strong>: Do not use Jira to submit a ticket about a security vulnerability. Review <a href="https://www.apache.org/security/#reporting-a-vulnerability" target="_blank">the guidelines on reporting vulnerabilities</a> to learn how to report such issues.</p>
<ol>
<li>Browse the existing Jira tickets to see if others have already reported the bug you noticed or have requested the task or additional feature that you were going to ask for. If you find a ticket that covers what you wanted to report, you can add a comment and maybe some more relevant information to the existing ticket.</li>
@@ -101,7 +106,7 @@
<li><strong>Note</strong>: If the ticket is for Infra, and is for a major request, such as to set up a virtual machine for the project, the ticket <strong>should</strong> demonstrate PMC approval of the request, no matter what status the ticket-creator has.</li>
</ol>
<h3 id="writing">Writing a good Jira ticket<a class="headerlink" href="#writing" title="Permanent link">¶</a></h3>
-If there is nothing in Jira already that covers what's on your mind, and the topic seems related to Apache services or an Apache project rather than a third party, click "Create" to display a form where you can describe your issue or request. Providing as much relevant information as you can helps Infra respond quickly and appropriately.
+<p>If there is nothing in Jira already that covers what's on your mind, and the topic seems related to Apache services or an Apache project rather than a third party, click "Create" to display a form where you can describe your issue or request. Providing as much relevant information as you can helps Infra respond quickly and appropriately.</p>
<p>The form is pretty clear, so the focus here is on a couple of key fields.</p>
<h4>Project</h4>
<p>This is the group you want to take a look at the ticket. Select "Infra" for an infrastructure issue or request. Select a specific project if the issue is something like a problem in the project's documentation or website.</p>
@@ -136,6 +141,7 @@
<p>There are many optional fields that you can probably skip.</p>
<p>When you have completed entering the useful information, click <strong>Create</strong> to create the ticket.</p>
<h3 id="followup">Jira tickets for Infra<a class="headerlink" href="#followup" title="Permanent link">¶</a></h3>
+
<p>You cannot read or comment on existing Jira tickets for Infra without having logged in with your Apache credentials. See the "Who can create a ticket" section, at the top of this page, for details.</p>
<p>The largest group of tickets assigned to Infra are requests for Infra to perform a task of one sort or another. The next largest category is reports of possible bugs in the Infrastructure system.</p>
<p>Infra may respond in a number of ways, including:</p>
@@ -145,8 +151,7 @@
<li>Reporting the issue <strong>resolved</strong>. Please verify the fix or that the requested service is now available. If all is well, and Infra has not changed the status to <em>closed</em> or one of its variants, feel free to do so yourself.</li>
</ul>
<p><strong>Note</strong>: A ticket in the status of <em>Waiting for User</em>, will not generally be worked on until the ticket status is set to <em>Waiting for Infra</em>. Be sure to set the ticket to <em>Waiting for Infra</em> if the ticket needs follow-up!</p>
-<p>Here are details about Infra's typical <a href="https://infra.apache.org/responsetime.html" target="_blank">response times</a> to Jira tickets and other requests, which largely depend on the severity of the issue.</p>
-
+<p>Here are details about Infra's typical <a href="https://infra.apache.org/responsetime.html" target="_blank">response times</a> to Jira tickets and other requests, which largely depend on the severity of the issue. </p>
</div>
</div>
</div>
diff --git a/output/key-transition.html b/output/key-transition.html
index 79b473d..d76dd8a 100644
--- a/output/key-transition.html
+++ b/output/key-transition.html
@@ -74,6 +74,7 @@
How to transition to a new PGP key
</h1>
<h2 id="status">Introduction<a class="headerlink" href="#status" title="Permanent link">¶</a></h2>
+
<p>This document is for project <strong>committers</strong> who wish to change the PGP key they use at Apache (for example to sign releases). It explains how to create a new PGP key and break it in, gradually having it replace the old key.</p>
<h2>Contents</h2>
<ul>
@@ -83,14 +84,19 @@
<li><a href="#transition-export">Exporting both new and old keys</a></li>
<li><a href="#transition-fingerprints">Fingerprinting new and old keys</a></li>
</ul>
+
<h2 id="important">Important note<a class="headerlink" href="#important" title="Permanent link">¶</a></h2>
+
<p>If your key has been compromised, you <strong>must not</strong> use a transition period as described below. Revoke the compromised key immediately and create a new one. Consider all <a href="/release-signing.html#web-of-trust" target="_blank">web of trust</a> links signed by the old key as suspect. You must establish a completely new set of links.</p>
<h2 id="motivation">Why replace a key?<a class="headerlink" href="#motivation" title="Permanent link">¶</a></h2>
+
<p>When replacing one uncompromised key with a newer (typically longer) one, using a transition period when both keys are trustworthy and participate in the <a href="/release-signing.html#web-of-trust" target="_blank">web of trust</a> uses <em>trust transitivity</em> to use links to the old key to trust signatures and links created by the new key. During a transition, both keys are trustworthy but you only use the newer one to sign documents and certify links in the web of trust.</p>
<p>This document describes how to use <a href="openpgp.html">GnuPG</a> to create a new key and manage both keys during this transition period.</p>
<h2 id="single-keyring">Using a single keyring for two keys<a class="headerlink" href="#single-keyring" title="Permanent link">¶</a></h2>
+
<p>It is best to use a single keyring containing both keys.</p>
<h3 id="generate-new-key">Generate a new key<a class="headerlink" href="#generate-new-key" title="Permanent link">¶</a></h3>
+
<p>Generate the new key either:</p>
<ul>
<li>directly in the keyring containing the old key</li>
@@ -98,167 +104,188 @@
</ul>
<p>To generate a strong <a href="release-signing.html#rsa">RSA key</a> follow <a href="openpgp.html#generate-key">these instructions</a>. If you use a separate keyring, follow <a href="openpgp.html#secret-key-transfer">these instructions</a> to transfer it.</p>
<p>Both new and old keys should now be contained in the same keyring. Verify this by:</p>
-<pre><code>$ gpg --list-secret-keys
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--list-secret-keys<span class="w"> </span>
alice/secring.gpg
-sec 1024D/AD741727 2009-08-20
-uid Alice Example (EXAMPLE OF OLD KEY) <alice@example.org>
-ssb 1024g/268883A9 2009-08-20
+sec<span class="w"> </span>1024D/AD741727<span class="w"> </span><span class="m">2009</span>-08-20
+uid<span class="w"> </span>Alice<span class="w"> </span>Example<span class="w"> </span><span class="o">(</span>EXAMPLE<span class="w"> </span>OF<span class="w"> </span>OLD<span class="w"> </span>KEY<span class="o">)</span><span class="w"> </span><alice@example.org>
+ssb<span class="w"> </span>1024g/268883A9<span class="w"> </span><span class="m">2009</span>-08-20
-sec 4096R/E2B054B8 2009-08-20
-uid Alice Example (EXAMPLE NEW KEY) <alice@example.org>
-ssb 4096R/4A6D5217 2009-08-20
-</code></pre>
+sec<span class="w"> </span>4096R/E2B054B8<span class="w"> </span><span class="m">2009</span>-08-20
+uid<span class="w"> </span>Alice<span class="w"> </span>Example<span class="w"> </span><span class="o">(</span>EXAMPLE<span class="w"> </span>NEW<span class="w"> </span>KEY<span class="o">)</span><span class="w"> </span><alice@example.org>
+ssb<span class="w"> </span>4096R/4A6D5217<span class="w"> </span><span class="m">2009</span>-08-20
+</code></pre></div>
+
<p>Both new and old keys should be listed.</p>
<h3 id="open-interaction-edit">Open interactive edit mode<a class="headerlink" href="#open-interaction-edit" title="Permanent link">¶</a></h3>
+
<p>You need to perform a number of operations on the new key. Though you can perform them individually, saving and closing after each one, it is more convenient to use <em>interactive edit</em> mode.</p>
<p>Start by opening an edit session on the new key, for example E2B054B8</p>
-<pre><code>$ gpg --edit-key E2B054B8
-gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
-This is free software: you are free to change and redistribute it.
-There is NO WARRANTY, to the extent permitted by law.
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--edit-key<span class="w"> </span>E2B054B8
+gpg<span class="w"> </span><span class="o">(</span>GnuPG<span class="o">)</span><span class="w"> </span><span class="m">1</span>.4.9<span class="p">;</span><span class="w"> </span>Copyright<span class="w"> </span><span class="o">(</span>C<span class="o">)</span><span class="w"> </span><span class="m">2008</span><span class="w"> </span>Free<span class="w"> </span>Software<span class="w"> </span>Foundation,<span class="w"> </span>Inc.
+This<span class="w"> </span>is<span class="w"> </span>free<span class="w"> </span>software:<span class="w"> </span>you<span class="w"> </span>are<span class="w"> </span>free<span class="w"> </span>to<span class="w"> </span>change<span class="w"> </span>and<span class="w"> </span>redistribute<span class="w"> </span>it.
+There<span class="w"> </span>is<span class="w"> </span>NO<span class="w"> </span>WARRANTY,<span class="w"> </span>to<span class="w"> </span>the<span class="w"> </span>extent<span class="w"> </span>permitted<span class="w"> </span>by<span class="w"> </span>law.
-Secret key is available.
+Secret<span class="w"> </span>key<span class="w"> </span>is<span class="w"> </span>available.
-pub 4096R/E2B054B8 created: 2009-08-20 expires: never usage: SC
+pub<span class="w"> </span>4096R/E2B054B8<span class="w"> </span>created:<span class="w"> </span><span class="m">2009</span>-08-20<span class="w"> </span>expires:<span class="w"> </span>never<span class="w"> </span>usage:<span class="w"> </span>SC
- trust: unknown validity: unknown
-sub 4096R/4A6D5217 created: 2009-08-20 expires: never usage: E
+<span class="w"> </span>trust:<span class="w"> </span>unknown<span class="w"> </span>validity:<span class="w"> </span>unknown
+sub<span class="w"> </span>4096R/4A6D5217<span class="w"> </span>created:<span class="w"> </span><span class="m">2009</span>-08-20<span class="w"> </span>expires:<span class="w"> </span>never<span class="w"> </span>usage:<span class="w"> </span>E<span class="w"> </span>
-[ unknown] (1). Alice Example (EXAMPLE NEW KEY) <alice@example.org>
+<span class="o">[</span><span class="w"> </span>unknown<span class="o">]</span><span class="w"> </span><span class="o">(</span><span class="m">1</span><span class="o">)</span>.<span class="w"> </span>Alice<span class="w"> </span>Example<span class="w"> </span><span class="o">(</span>EXAMPLE<span class="w"> </span>NEW<span class="w"> </span>KEY<span class="o">)</span><span class="w"> </span><alice@example.org>
-Command>
-</code></pre>
+Command><span class="w"> </span>
+</code></pre></div>
+
<h3 id="trust-new-key">Trust the new key<a class="headerlink" href="#trust-new-key" title="Permanent link">¶</a></h3>
+
<p>The new key needs to be marked as ultimately trusted in this keyring. This will ensure that the <a href="release-signing.html#web-of-trust" target="_blank">web of trust</a> links signed by this key will be trusted automatically.</p>
-<pre><code>Command> trust
-pub 4096R/E2B054B8 created: 2009-08-20 expires: never usage: SC
+<div class="highlight"><pre><span></span><code><span class="n">Command</span><span class="o">></span><span class="w"> </span><span class="n">trust</span>
+<span class="n">pub</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="n">E2B054B8</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="n">never</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">SC</span>
- trust: unknown validity: unknown
-sub 4096R/4A6D5217 created: 2009-08-20 expires: never usage: E
+<span class="w"> </span><span class="nl">trust</span><span class="p">:</span><span class="w"> </span><span class="k">unknown</span><span class="w"> </span><span class="nl">validity</span><span class="p">:</span><span class="w"> </span><span class="k">unknown</span>
+<span class="n">sub</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="mi">4</span><span class="n">A6D5217</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="n">never</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">E</span><span class="w"> </span>
-[ unknown] (1). Alice Example (EXAMPLE NEW KEY) <alice@example.org>
+<span class="o">[</span><span class="n"> unknown</span><span class="o">]</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="w"> </span><span class="n">Alice</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">alice</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
-Please decide how far you trust this user to correctly verify other users' keys
-(by looking at passports, checking fingerprints from different sources, etc.)
+<span class="n">Please</span><span class="w"> </span><span class="n">decide</span><span class="w"> </span><span class="n">how</span><span class="w"> </span><span class="n">far</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">trust</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="k">user</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">correctly</span><span class="w"> </span><span class="n">verify</span><span class="w"> </span><span class="n">other</span><span class="w"> </span><span class="n">users</span><span class="s1">' keys</span>
+<span class="s1">(by looking at passports, checking fingerprints from different sources, etc.)</span>
-1 = I don't know or won't say
- 2 = I do NOT trust
- 3 = I trust marginally
- 4 = I trust fully
- 5 = I trust ultimately
- m = back to the main menu
+<span class="s1">1 = I don'</span><span class="n">t</span><span class="w"> </span><span class="n">know</span><span class="w"> </span><span class="ow">or</span><span class="w"> </span><span class="n">won</span><span class="err">'</span><span class="n">t</span><span class="w"> </span><span class="n">say</span>
+<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">I</span><span class="w"> </span><span class="n">do</span><span class="w"> </span><span class="ow">NOT</span><span class="w"> </span><span class="n">trust</span>
+<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">I</span><span class="w"> </span><span class="n">trust</span><span class="w"> </span><span class="n">marginally</span>
+<span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">I</span><span class="w"> </span><span class="n">trust</span><span class="w"> </span><span class="n">fully</span>
+<span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">I</span><span class="w"> </span><span class="n">trust</span><span class="w"> </span><span class="n">ultimately</span>
+<span class="w"> </span><span class="n">m</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">back</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">main</span><span class="w"> </span><span class="n">menu</span>
-Your decision? 5
-Do you really want to set this key to ultimate trust? (y/N) y
+<span class="n">Your</span><span class="w"> </span><span class="n">decision</span><span class="vm">?</span><span class="w"> </span><span class="mi">5</span>
+<span class="n">Do</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">really</span><span class="w"> </span><span class="n">want</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">ultimate</span><span class="w"> </span><span class="n">trust</span><span class="vm">?</span><span class="w"> </span><span class="p">(</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">)</span><span class="w"> </span><span class="n">y</span>
-pub 4096R/E2B054B8 created: 2009-08-20 expires: never usage: SC
+<span class="n">pub</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="n">E2B054B8</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="n">never</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">SC</span>
- trust: ultimate validity: unknown
-sub 4096R/4A6D5217 created: 2009-08-20 expires: never usage: E
+<span class="w"> </span><span class="nl">trust</span><span class="p">:</span><span class="w"> </span><span class="n">ultimate</span><span class="w"> </span><span class="nl">validity</span><span class="p">:</span><span class="w"> </span><span class="k">unknown</span>
+<span class="n">sub</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="mi">4</span><span class="n">A6D5217</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="n">never</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">E</span>
-[ unknown] (1). Alice Example (EXAMPLE NEW KEY) <alice@example.org>
-Please note that the shown key validity is not necessarily correct
-unless you restart the program.
-</code></pre>
-<p><h/3 id="sign-new-key">Use the old key to sign the new key<a class="headerlink" href="#sign-new-key" title="Permanent link">¶</a></p>
+<span class="o">[</span><span class="n"> unknown</span><span class="o">]</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="w"> </span><span class="n">Alice</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">alice</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="n">Please</span><span class="w"> </span><span class="n">note</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">shown</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="n">validity</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="ow">not</span><span class="w"> </span><span class="n">necessarily</span><span class="w"> </span><span class="n">correct</span>
+<span class="n">unless</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">restart</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">program</span><span class="p">.</span>
+</code></pre></div>
+
+<p><h/3 id="sign-new-key">Use the old key to sign the new key<a class="headerlink" href="#sign-new-key" title="Permanent link">¶</a></h3></p>
<p>Use the old key (AD741727, say) to sign the new key:</p>
-<pre><code>Command> sign AD741727
+<div class="highlight"><pre><span></span><code><span class="n">Command</span><span class="o">></span><span class="w"> </span><span class="nf">sign</span><span class="w"> </span><span class="n">AD741727</span>
-pub 4096R/E2B054B8 created: 2009-08-20 expires: never usage: SC
+<span class="n">pub</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="n">E2B054B8</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="n">never</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">SC</span>
- trust: ultimate validity: ultimate
-Primary key fingerprint: FF96 6261 C995 1DDE BF34 5150 D5D2 BDB5 E2B0 54B8
+<span class="w"> </span><span class="nl">trust</span><span class="p">:</span><span class="w"> </span><span class="n">ultimate</span><span class="w"> </span><span class="nl">validity</span><span class="p">:</span><span class="w"> </span><span class="n">ultimate</span>
+<span class="k">Primary</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="nl">fingerprint</span><span class="p">:</span><span class="w"> </span><span class="n">FF96</span><span class="w"> </span><span class="mi">6261</span><span class="w"> </span><span class="n">C995</span><span class="w"> </span><span class="mi">1</span><span class="n">DDE</span><span class="w"> </span><span class="n">BF34</span><span class="w"> </span><span class="mi">5150</span><span class="w"> </span><span class="n">D5D2</span><span class="w"> </span><span class="n">BDB5</span><span class="w"> </span><span class="n">E2B0</span><span class="w"> </span><span class="mi">54</span><span class="n">B8</span>
- Alice Example (EXAMPLE NEW KEY) &lt;alice@example.org&gt;
+<span class="w"> </span><span class="n">Alice</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span><span class="w"> </span><span class="o">&</span><span class="n">lt</span><span class="p">;</span><span class="n">alice</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">&</span><span class="n">gt</span><span class="p">;</span>
-Are you sure that you want to sign this key with your
-key "Alice Example (EXAMPLE OF OLD KEY) <alice@example.org>"
-(AD741727)
+<span class="k">Are</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">sure</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">want</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="nf">sign</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">your</span>
+<span class="k">key</span><span class="w"> </span><span class="ss">"Alice Example (EXAMPLE OF OLD KEY) <alice@example.org>"</span>
+<span class="p">(</span><span class="n">AD741727</span><span class="p">)</span>
-Really sign? (y/N) y
+<span class="n">Really</span><span class="w"> </span><span class="nf">sign</span><span class="vm">?</span><span class="w"> </span><span class="p">(</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">)</span><span class="w"> </span><span class="n">y</span>
-You need a passphrase to unlock the secret key for
-user: "Alice Example (EXAMPLE OF OLD KEY) <alice@example.org>"
-1024-bit DSA key, ID AD741727, created 2009-08-20
-</code></pre>
+<span class="n">You</span><span class="w"> </span><span class="n">need</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">passphrase</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">unlock</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">secret</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="k">for</span>
+<span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="ss">"Alice Example (EXAMPLE OF OLD KEY) <alice@example.org>"</span>
+<span class="mi">1024</span><span class="o">-</span><span class="nc">bit</span><span class="w"> </span><span class="n">DSA</span><span class="w"> </span><span class="k">key</span><span class="p">,</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="n">AD741727</span><span class="p">,</span><span class="w"> </span><span class="n">created</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+</code></pre></div>
+
<h3 id="check-sha">Check preferences<a class="headerlink" href="#check-sha" title="Permanent link">¶</a></h3>
+
<p>Make sure you are <a href="openpgp.html#sha1">avoiding SHA-1</a> in the <a href="openpgp.html#key-prefs">key preferences</a> of both the new and old keys.</p>
<h3 id="finish-off">Complete the edit<a class="headerlink" href="#finish-off" title="Permanent link">¶</a></h3>
+
<p>It is convenient to add secondary user ids for current email accounts at this point.</p>
<p>Then save your changes, which will exit you from edit mode:</p>
-<pre><code>Command> save
-</code></pre>
+<div class="highlight"><pre><span></span><code>Command> save
+</code></pre></div>
+
<h3 id="sign-old-with-new">Whether to sign the old key with the new<a class="headerlink" href="#sign-old-with-new" title="Permanent link">¶</a></h3>
+
<p>Arguments can be made for and against signing the old key with the new. The old key is less trustworthy now and will be revoked in future, so signing with it may be misleading for those unaware of the potential weaknesses. However, without this signature, signers of the new key will not receive the transitive benefit of the links made from the old key. Anyone who chooses not to sign the old key with the new should made efforts to re-sign links made by the old key with the new key.</p>
<h3 id="set-default-to-new">Set the default to the new key<a class="headerlink" href="#set-default-to-new" title="Permanent link">¶</a></h3>
+
<p>Next, change the default key on the keyring to the new. This ensures that all future signatures use the new key. Though you could still use the old key for signing by explicitly specifying it, avoid this since the signatures will be weak.</p>
<p>To make the new key the default, set the <code>default-key</code> in the <code>gpg.conf</code> configuration file. For example, to set the default to <code>E2B054B8</code> add:</p>
-<pre><code>default-key E2B054B8
-This setting can be tested by creating a test signature:
-$ gpg --detach-sig --armor document
+<div class="highlight"><pre><span></span><code><span class="k">default</span><span class="o">-</span><span class="k">key</span><span class="w"> </span><span class="n">E2B054B8</span>
+<span class="n">This</span><span class="w"> </span><span class="n">setting</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">tested</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="n">creating</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">test</span><span class="w"> </span><span class="nl">signature</span><span class="p">:</span>
+<span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">detach</span><span class="o">-</span><span class="n">sig</span><span class="w"> </span><span class="o">--</span><span class="n">armor</span><span class="w"> </span><span class="n">document</span>
-You need a passphrase to unlock the secret key for
-user: "Alice Example (EXAMPLE NEW KEY) <alice@example.org>"
-4096-bit RSA key, ID E2B054B8, created 2009-08-20
-</code></pre>
+<span class="n">You</span><span class="w"> </span><span class="n">need</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">passphrase</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">unlock</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">secret</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="k">for</span>
+<span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="ss">"Alice Example (EXAMPLE NEW KEY) <alice@example.org>"</span>
+<span class="mi">4096</span><span class="o">-</span><span class="nc">bit</span><span class="w"> </span><span class="n">RSA</span><span class="w"> </span><span class="k">key</span><span class="p">,</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="n">E2B054B8</span><span class="p">,</span><span class="w"> </span><span class="n">created</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+</code></pre></div>
+
<p>Verify that the new key has been chosen by default.</p>
<h3 id="update-keys">Upload both keys<a class="headerlink" href="#update-keys" title="Permanent link">¶</a></h3>
+
<p>Finish the process by uploading the new and old keys to the keyserver:</p>
-<pre><code>$ gpg --send-keys E2B054B8 AD741727
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--send-keys<span class="w"> </span>E2B054B8<span class="w"> </span>AD741727
+</code></pre></div>
+
<h3 id="backups">Create backups<a class="headerlink" href="#backups" title="Permanent link">¶</a></h3>
+
<p>Follow <a href="openpgp.html#backup">these instructions</a>.</p>
<h3 id="revocation-certificates">Generate and store revocation certificates<a class="headerlink" href="#revocation-certificates" title="Permanent link">¶</a></h3>
+
<p>Follow <a href="openpgp.html#revocation-certs">these instructions</a> to create and securely store [generic revocation certificates](release-signing.html#revocation-cert" for the new key.</p>
<h3 id="update-documents">Update documents<a class="headerlink" href="#update-documents" title="Permanent link">¶</a></h3>
+
<p>The final stage in the process is to update documents containing references to the old key so that they contain both the new and old keys. For Apache documents, follow <a href="openpgp.html#update">this checklist</a>. Use the instructions for a transition when there is a choice.</p>
<p>For other documents:</p>
<ul>
<li>Update those that contain an <a href="release-signing.html#export">export</a> with a <a href="#transition-export">dual export</a>.</li>
-<li>Update those that contain a <a href="release-signing.html#fingerprint%22">fingerprint</a> with <a href="#transition-fingerprints">both fingerprints</a>.</li>
+<li>Update those that contain a <a href="release-signing.html#fingerprint"">fingerprint</a> with <a href="#transition-fingerprints">both fingerprints</a>.</li>
</ul>
<h3 id="wot">Web of trust<a class="headerlink" href="#wot" title="Permanent link">¶</a></h3>
+
<p>Read this <a href="openpgp.html#wot">Guide to Apache use</a> of the <a href="release-signing.html#web-of-trust">web of trust</a> and make arrangements to include your new key at the earliest opportunity.</p>
<h2 id="transition-export">Exporting both new and old keys<a class="headerlink" href="#transition-export" title="Permanent link">¶</a></h2>
-<p>During the transition period, use a single export containing both new and old public keys whenever you need an export.</p>
+
+<p>During the transition period, use a single export containing both new and old public keys whenever you need an export. </p>
<p>To create a suitable export, supply both key IDs on the command line. For example, to export keys AD741727 (old) and E2B054B8 (new) to FILENAME use:</p>
-<pre><code>$ gpg --export --armor --output FILENAME AD741727 E2B054B8
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--export<span class="w"> </span>--armor<span class="w"> </span>--output<span class="w"> </span>FILENAME<span class="w"> </span>AD741727<span class="w"> </span>E2B054B8
+</code></pre></div>
+
<p>This exports only the public keys, and so isn't confidential. Replace the old public key with this dual export everywhere it was published.</p>
<h2 id="transition-fingerprints">Fingerprinting new and old keys<a class="headerlink" href="#transition-fingerprints" title="Permanent link">¶</a></h2>
-<p>During the transitions, use both fingerprints. For example, to fingerprint old key <code>AD741727</code> and new key <code>E2B054B8</code>, use:</p>
-<pre><code>$ gpg --fingerprint AD741727 E2B054B8
-pub 1024D/AD741727 2009-08-20
- Key fingerprint = CD0C 5281 D0A9 E963 19AF F365 AD81 612A AD74 1727
-uid Alice Example (EXAMPLE OF OLD KEY) <alice@example.org>
-sub 1024g/268883A9 2009-08-20
-pub 4096R/E2B054B8 2009-08-20
- Key fingerprint = FF96 6261 C995 1DDE BF34 5150 D5D2 BDB5 E2B0 54B8
-uid Alice Example (EXAMPLE NEW KEY) <alice@example.org>
-sub 4096R/4A6D5217 2009-08-20
-</code></pre>
+<p>During the transitions, use both fingerprints. For example, to fingerprint old key <code>AD741727</code> and new key <code>E2B054B8</code>, use:</p>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--fingerprint<span class="w"> </span>AD741727<span class="w"> </span>E2B054B8
+pub<span class="w"> </span>1024D/AD741727<span class="w"> </span><span class="m">2009</span>-08-20
+<span class="w"> </span>Key<span class="w"> </span><span class="nv">fingerprint</span><span class="w"> </span><span class="o">=</span><span class="w"> </span>CD0C<span class="w"> </span><span class="m">5281</span><span class="w"> </span>D0A9<span class="w"> </span>E963<span class="w"> </span>19AF<span class="w"> </span>F365<span class="w"> </span>AD81<span class="w"> </span>612A<span class="w"> </span>AD74<span class="w"> </span><span class="m">1727</span>
+uid<span class="w"> </span>Alice<span class="w"> </span>Example<span class="w"> </span><span class="o">(</span>EXAMPLE<span class="w"> </span>OF<span class="w"> </span>OLD<span class="w"> </span>KEY<span class="o">)</span><span class="w"> </span><alice@example.org>
+sub<span class="w"> </span>1024g/268883A9<span class="w"> </span><span class="m">2009</span>-08-20
+
+pub<span class="w"> </span>4096R/E2B054B8<span class="w"> </span><span class="m">2009</span>-08-20
+<span class="w"> </span>Key<span class="w"> </span><span class="nv">fingerprint</span><span class="w"> </span><span class="o">=</span><span class="w"> </span>FF96<span class="w"> </span><span class="m">6261</span><span class="w"> </span>C995<span class="w"> </span>1DDE<span class="w"> </span>BF34<span class="w"> </span><span class="m">5150</span><span class="w"> </span>D5D2<span class="w"> </span>BDB5<span class="w"> </span>E2B0<span class="w"> </span>54B8
+uid<span class="w"> </span>Alice<span class="w"> </span>Example<span class="w"> </span><span class="o">(</span>EXAMPLE<span class="w"> </span>NEW<span class="w"> </span>KEY<span class="o">)</span><span class="w"> </span><alice@example.org>
+sub<span class="w"> </span>4096R/4A6D5217<span class="w"> </span><span class="m">2009</span>-08-20
+</code></pre></div>
+
<p>So the fingerprints are:</p>
<ul>
<li><code>CD0C 5281 D0A9 E963 19AF F365 AD81 612A AD74 1727</code> for <code>AD741727</code></li>
<li><code>FF96 6261 C995 1DDE BF34 5150 D5D2 BDB5 E2B0 54B8</code> for <code>E2B054B8</code></li>
</ul>
<p>For every fingerprint, the last 8 digits are the key ID.</p>
-
</div>
</div>
</div>
diff --git a/output/licensing-howto.html b/output/licensing-howto.html
index 8065a08..40a98f0 100644
--- a/output/licensing-howto.html
+++ b/output/licensing-howto.html
@@ -84,8 +84,7 @@
<li><a href="#guiding">Guiding principle</a></li>
<li><a href="#source-tree-location">Location</a></li>
<li><a href="#step-by-step">Step-by-step instructions</a></li>
-<li>Bundling
-<ul>
+<li>Bundling<ul>
<li><a href="#permissive-deps">Bundling permissively-licensed dependencies</a></li>
<li><a href="#alv2-dep">Bundling an Apache 2-0 licensed dependency</a></li>
<li><a href="#bundle-asf-product">Bundling other ASF products</a></li>
@@ -98,56 +97,67 @@
<li><a href="#example-notice">Example NOTICE file</a></li>
</ul>
<h3 id="guiding">Guiding principle<a class="headerlink" href="#guiding" title="Permanent link">¶</a></h3>
+
<p>The <code>LICENSE</code> and <code>NOTICE</code> files must <strong>exactly represent</strong> the contents of the distribution they reside in. Only components and resources that are actually included in a distribution have any bearing on the content of that distribution's <code>NOTICE</code> and <code>LICENSE</code>.</p>
<h3 id="source-tree-location">Location<a class="headerlink" href="#source-tree-location" title="Permanent link">¶</a></h3>
+
<p><code>LICENSE</code> and <code>NOTICE</code> files belong at the top level of the source tree. ASF prefers that the files have their bare names, but a PMC can opt to call them <code>LICENSE.txt</code> and <code>NOTICE.txt</code>.</p>
<h3 id="step-by-step">Step-by-step instructions<a class="headerlink" href="#step-by-step" title="Permanent link">¶</a></h3>
+
<p>To assemble <code>LICENSE</code> and <code>NOTICE</code> files from scratch for products with complex requirements, follow these steps:</p>
<ul>
<li>Copy the full <a href="https://www.apache.org/licenses/LICENSE-2.0.txt" target="_blank">Apache 2.0 license</a> text into a <code>LICENSE</code> file.</li>
-<li>Create a 'NOTICE' file specific to your product's details, and complying with the instructions below. An <a href="#example-notice">example <code>NOTICE</code> file</a> is at the bottom of this page.
-<ul>
+<li>Create a 'NOTICE' file specific to your product's details, and complying with the instructions below. An <a href="#example-notice">example <code>NOTICE</code> file</a> is at the bottom of this page.<ul>
<li>Add any <a href="#mod-notice">mandatory</a> legal notifications specific to the IP of your product.</li>
<li>For any <a href="#bundled-vs-non-bundled">bundled</a> dependency, consider whether <code>LICENSE</code> and/or <code>NOTICE</code> need to be modified. <strong>Do not</strong> modify <code>LICENSE</code> or <code>NOTICE</code> for non-bundled dependencies.</li>
</ul>
</li>
</ul>
<h3 id="permissive-deps">Bundling permissively-licensed dependencies<a class="headerlink" href="#permissive-deps" title="Permanent link">¶</a></h3>
+
<p>Bundling a dependency which is issued under one of the following licenses is straightforward, assuming that license applies uniformly to all files within the dependency:</p>
<ul>
<li>BSD (without advertising clause)</li>
<li>MIT/X11</li>
</ul>
<p>In <code>LICENSE</code>, add a <a href="http://s.apache.org/Hqj" target="_blank">pointer</a> to the dependency's license within the distribution and a short note summarizing its licensing:</p>
-<pre><code>This product bundles SuperWidget 1.2.3, which is available under a
-"3-clause BSD" license. For details, see deps/superwidget/.
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="nv">This</span><span class="w"> </span><span class="nv">product</span><span class="w"> </span><span class="nv">bundles</span><span class="w"> </span><span class="nv">SuperWidget</span><span class="w"> </span><span class="mi">1</span>.<span class="mi">2</span>.<span class="mi">3</span>,<span class="w"> </span><span class="nv">which</span><span class="w"> </span><span class="nv">is</span><span class="w"> </span><span class="nv">available</span><span class="w"> </span><span class="nv">under</span><span class="w"> </span><span class="nv">a</span>
+<span class="s2">"3-clause BSD"</span><span class="w"> </span><span class="nv">license</span>.<span class="w"> </span><span class="k">For</span><span class="w"> </span><span class="nv">details</span>,<span class="w"> </span><span class="nv">see</span><span class="w"> </span><span class="nv">deps</span><span class="o">/</span><span class="nv">superwidget</span><span class="o">/</span>.
+</code></pre></div>
+
<p>Under normal circumstances, there is no need to modify <code>NOTICE</code> to mention a bundled dependency.</p>
<p><strong>NOTE</strong>: It's also possible to include the text of the 3rd party license within your product's <code>LICENSE</code> file. This is best reserved for short licenses. It's important to specify the version of the dependency as licenses sometimes change as product versions change.</p>
<p>There are a number of other "permissive" licenses which the ASF Legal Affairs Committee has <a href="https://www.apache.org/legal/resolved.html#category-a" target="_blank"> approved</a> for use. Some of these may require additions to <code>NOTICE</code> -- if in doubt, <a href="https://www.apache.org/legal/resolved.html#asking-questions" target="_blank">ask for assistance</a>.</p>
<h3 id="alv2-dep">Bundling an Apache 2-0-licensed dependency<a class="headerlink" href="#alv2-dep" title="Permanent link">¶</a></h3>
+
<p>Assuming that the bundled dependency itself contains no bundled sub-components under other licenses, so the ALv2 applies uniformly to all files, there is no need to modify <code>LICENSE</code>. However, for completeness it is useful to list the products and their versions, as is done for products under other licenses.</p>
<p>If the dependency supplies a <code>NOTICE</code> file, its contents must be analyzed and the relevant portions bubbled up into the top-level <code>NOTICE</code> file.</p>
<h3 id="bundle-asf-product">Bundling other ASF products<a class="headerlink" href="#bundle-asf-product" title="Permanent link">¶</a></h3>
+
<p>It is not necessary to duplicate the line "This product includes software developed at the Apache Software Foundation...", though the ASF copyright line and any other portions of <code>NOTICE</code> must be considered for propagation.</p>
<h3 id="bundled-vs-non-bundled">Bundled vs. non-bundled dependencies<a class="headerlink" href="#bundled-vs-non-bundled" title="Permanent link">¶</a></h3>
+
<p>You must customize <code>LICENSE</code> and <code>NOTICE</code> files according to the content of the specific distribution they reside within. Do not add to <code>LICENSE</code> and <code>NOTICE</code> dependencies which are not in the distribution. <strong>Only bundled bits matter.</strong></p>
<p>Example: If the only difference between <code>apache-foo-1.0.tgz</code> and <code>apache-foo-1.1.tgz</code> is that one bundles SuperWidget while the other forces users to download SuperWidget separately, <code>LICENSE</code> and <code>NOTICE</code> may need to be modified to account for the different bundled bits.</p>
<h3 id="deps-of-deps">Dependencies of dependencies<a class="headerlink" href="#deps-of-deps" title="Permanent link">¶</a></h3>
+
<p>Dependencies of dependencies (including so-called "transitive dependencies") are no different from first-order dependencies for the purposes of assembling <code>LICENSE</code> and <code>NOTICE</code>: <code>LICENSE</code> and <code>NOTICE</code> need only be modified to accommodate them <strong>only if their bits are bundled</strong>.</p>
<h3 id="mod-notice">Modifications to NOTICE<a class="headerlink" href="#mod-notice" title="Permanent link">¶</a></h3>
+
<p>The <code>NOTICE</code> file is reserved for a certain subset of legally required notifications which are not satisfied by either the text of <code>LICENSE</code> or the presence of licensing information embedded within the bundled dependency. Aside from Apache-licensed dependencies which supply <code>NOTICE</code> files of their own, it is uncommon for a dependency to require additions to <code>NOTICE</code>.</p>
<p>Copyright notifications which have been <a href="https://www.apache.org/legal/src-headers.html#headers" target="_blank">relocated</a>, rather than removed, from source files must be preserved in <code>NOTICE</code>. However, elements such as the copyright notifications embedded within BSD and MIT licenses <a href="https://issues.apache.org/jira/browse/LEGAL-59" target="_blank">do not need to be duplicated</a> in <code>NOTICE</code>. You can leave those notices in their original locations.</p>
<p>It is important to keep <code>NOTICE</code> as brief and simple as possible, as each addition places a burden on downstream consumers.</p>
<p><strong>Do not</strong> add anything to <code>NOTICE</code> which is not legally required.</p>
<h3 id="binary">Binary distributions<a class="headerlink" href="#binary" title="Permanent link">¶</a></h3>
+
<p>What applies to canonical source distributions also applies to all redistributions, including binary redistributions:</p>
<p><strong>All redistributions must obey the licensing requirements of the contents.</strong></p>
<p>When assembling binary distributions, it is common to pull in and bundle additional dependencies which are not bundled with the source distribution. You must account for these additional dependencies in <code>LICENSE</code> and <code>NOTICE</code>. As a result, the <code>LICENSE</code> and <code>NOTICE</code> files for a binary distribution may differ from those in the source distribution it was built from.</p>
<p>In any case, the principle remains the same: <code>LICENSE</code> and <code>NOTICE</code> must <strong>exactly</strong> represent the contents of the distribution they reside in.</p>
<h3 id="example-notice">Example NOTICE file<a class="headerlink" href="#example-notice" title="Permanent link">¶</a></h3>
+
<p>The following is the text of the <code>NOTICE</code> file for <a href="https://royale.apache.org/" target="_blank">Apache Royale</a>:</p>
-<pre><code>Apache Royale
+<div class="highlight"><pre><span></span><code>Apache Royale
Copyright 2020 The Apache Software Foundation
This product includes software developed at
@@ -164,8 +174,7 @@
The ping sound effect (ping.mp3) in
examples/mxroyale/tourdeflexmodules/src/mx/effects/assets
was created by CameronMusic. (http://www.freesound.org/people/cameronmusic/sounds/138420/)
-</code></pre>
-
+</code></pre></div>
</div>
</div>
</div>
diff --git a/output/localization.html b/output/localization.html
index e1ee76e..007549e 100644
--- a/output/localization.html
+++ b/output/localization.html
@@ -73,9 +73,8 @@
<h1>
Localization
</h1>
- <p>The <a href="https://translate.apache.org/" target="_blank">ASF Translation Service</a> provides the <strong>Pootle</strong> localization tool to help projects that want to provide documentation and user-interface text in multiple languages. <em>NOTE</em>: While several ASF projects continue to use Pootle, AFS is not approving new Pootle use.</p>
+ <p>The <a href="https://translate.apache.org/" target="_blank">ASF Translation Service</a> provides the <strong>Pootle</strong> localization tool to help projects that want to provide documentation and user-interface text in multiple languages. <em>NOTE</em>: While several ASF projects continue to use Pootle, AFS is not approving new Pootle use. </p>
<p><a href="https:tomcat.apache.org" target="_blank">Apache Tomcat</a> uses <a href="https://poeditor.com/" target="_blank">POEditor</a> to localize its log messages and other text. POEditor provides free, unlimited licenses to open-source projects. PMC member Mark Thomas provided a description of <a href="https://cwiki.apache.org/confluence/display/INFRA/Localization+-+Apache+Tomcat%27s+process+using+POEditor" target="_blank">the Tomcat localization process</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/machines.html b/output/machines.html
index a1c9881..fb88cbd 100644
--- a/output/machines.html
+++ b/output/machines.html
@@ -80,212 +80,14 @@
<p>You can change the hash type with the option: <code>ssh -o FingerprintHash=sha256 ...</code></p>
<p>Please note that <code>people.apache.org</code> and <code>home.apache.org</code> are aliases and appear in the table as <code>home-lw-us</code>.</p>
<p>For example, <code>ssh-keygen -lf <(ssh-keyscan home.apache.org 2>/dev/null)</code> currently (Sep 2023) shows:</p>
-<pre><code>256 SHA256:HZvgAd9EZi5cfyVhmhfk1gdn7a9zDzhsqNY5Umopr5I home.apache.org (ED25519)
-3072 SHA256:Ek/qjqOOyyX5pNNSkNCIsLIf81X/sRcm7UVkkCSzdgY home.apache.org (RSA)
-256 SHA256:Oz9+wOnlHvjYYXE06xENo3Z2l09ULBT3TO7gHHhdNnM home.apache.org (ECDSA)
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="mf">256</span><span class="w"> </span><span class="n">SHA256</span><span class="p">:</span><span class="n">HZvgAd9EZi5cfyVhmhfk1gdn7a9zDzhsqNY5Umopr5I</span><span class="w"> </span><span class="n">home</span><span class="mf">.</span><span class="n">apache</span><span class="mf">.</span><span class="ow">or</span><span class="n">g</span><span class="w"> </span><span class="p">(</span><span class="n">ED25519</span><span class="p">)</span>
+<span class="mf">3072</span><span class="w"> </span><span class="n">SHA256</span><span class="p">:</span><span class="n">Ek</span><span class="o">/</span><span class="n">qjqOOyyX5pNNSkNCIsLIf81X</span><span class="o">/</span><span class="n">sRcm7UVkkCSzdgY</span><span class="w"> </span><span class="n">home</span><span class="mf">.</span><span class="n">apache</span><span class="mf">.</span><span class="ow">or</span><span class="n">g</span><span class="w"> </span><span class="p">(</span><span class="n">RSA</span><span class="p">)</span>
+<span class="mf">256</span><span class="w"> </span><span class="n">SHA256</span><span class="p">:</span><span class="n">Oz9</span><span class="o">+</span><span class="n">wOnlHvjYYXE06xENo3Z2l09ULBT3TO7gHHhdNnM</span><span class="w"> </span><span class="n">home</span><span class="mf">.</span><span class="n">apache</span><span class="mf">.</span><span class="ow">or</span><span class="n">g</span><span class="w"> </span><span class="p">(</span><span class="n">ECDSA</span><span class="p">)</span>
+</code></pre></div>
+
<p>The order of lines may differ, but the hashes should agree with the entry for <code>home-lw-us</code> in the table below.</p>
<p><strong>The hashes shown below are what the real machines SHOULD have. If an entry differs from what you see, please contact infra.</strong></p>
-<p>
-<style>
- #fingerprints td:last-child {
- font-size: 0.8rem;
- font-family: sans-serif;
- }
- #fingerprints tr:nth-child(even) {
- background-color: #f4f4f4
- }
- #fingerprints>kbd,#fingerprints td:not(:first-child) kbd,#fingerprints li>kbd {
- -moz-border-radius:3px;
- -moz-box-shadow:0 1px 0 rgba(0,0,0,0.2),0 0 0 2px #fff inset;
- -webkit-border-radius:3px;
- -webkit-box-shadow:0 1px 0 rgba(0,0,0,0.2),0 0 0 2px #fff inset;
- background-color:#f7f7f7;
- border:1px solid #ccc;
- border-radius:3px;
- box-shadow:0 1px 0 rgba(0,0,0,0.2),0 0 0 2px #fff inset;
- color:#333;
- display:inline-block;
- font-family:monospace;
- font-size:11px;
- line-height:1.4;
- margin:0 .1em;
- padding:.1em .6em;
- text-shadow:0 1px 0 #fff;
- }
- #fingerprints th, #fingerprints td {
- padding: 6px !important;
- }
-
- </style>
-<h2>141 verified hosts (24 hosts not reachable) @ 2024-05-20 16:31:44 +0000</h2><table cellpadding="6" cellspacing="0" id="fingerprints" style="border: 0.75px solid #333;"><tr><th>Hostname</th><th>IPv4</th><th>RSA Fingerprint (SHA256)</th><th>ECDSA Fingerprint (SHA256)</th><th>Status</th></tr>
-<tr style="background: inherit;"><td><kbd><b>adp-mirror-vm1-he-fi</b></kbd></td><td><kbd>65.21.62.149</kbd></td><td><kbd>qM2zvlfOXgXi+bt3hxHVCfQ2AeTiFqL6FmhykY+iZEQ</kbd></td><td><kbd>rRCYrduEexAiawrQxRCbdCddjtwQv7CHNISiY+EDv7I</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>agendatest1-ec2-va</b></kbd></td><td><kbd>3.238.105.197</kbd></td><td><kbd>hkL5reP62Moi9GiAVYfB8Ul06+HE9U/tzrPPMEDysII</kbd></td><td><kbd>agqBL9fPRVJPtcpU/xr/TABlnsNL5DOC7xUT7938MWo</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>allura-vm</b></kbd></td><td><kbd>209.188.14.158</kbd></td><td><kbd>GllVyvydLeiYfh+G5AB6KoTkfhVJaF/4VyQ6JgmgvsQ</kbd></td><td><kbd>YpcElo0B6N7ZT3PoOy4pKfXOjqML/K7OjkL8l7xNxTE</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>any23-vm2</b></kbd></td><td><kbd>209.188.14.140</kbd></td><td><kbd>vaZo5W+Jlg9LAEWtHP98M9ZBrTzYIqLuLkIYJzoR0EY</kbd></td><td><kbd>BLN8DlJntQj4IfVZlfy3rHpzvpLYizxGKCcIXpH92Io</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>archiva-vm</b></kbd></td><td><kbd>209.188.14.164</kbd></td><td><kbd>lPO540g1KD1BM6+56TIUILYm8U318M2I6B6wjDMRXh8</kbd></td><td><kbd>TVM/mDXawU+PHO3RxQJhYdSVAXB0zHf4E/ivqM/vM2E</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>archive-he-fi</b></kbd></td><td><kbd>65.108.204.189</kbd></td><td><kbd>0nMT7pWWYlvS371wkvdi7+C1+OdD32KNlxxhzlewiNI</kbd></td><td><kbd>A7Eb8vEtF1PzL4QNMxG3jaFaLqwMKQFHZ9FtsChXe54</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>arrbot-ec2-va</b></kbd></td><td><kbd>34.201.26.217</kbd></td><td><kbd>LWwuOtQRkHRnlHN3LS/Bu06UKbGRQqJutqJQ4xUJs8k</kbd></td><td><kbd>LzUBoOmEMxQJwhOM+ZriwGXkYvR8y8Ds2XWYtzmYd4Q</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>artifacts-vm-he-fi</b></kbd></td><td><kbd>95.216.202.191</kbd></td><td><kbd>m/75rKEFQV2mI0xDJqynSdpMRFnJDV0RGXRorBpFov0</kbd></td><td><kbd>cbAPiBbrOmu1U0AmwLyH84fR2nQ4uKfbpGHplHBQT1Y</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>asfbot-vm</b></kbd></td><td><kbd>95.217.217.132</kbd></td><td><kbd>iYheDJ+iKkD2B0pNw6MV1Oas8OAHR8KjlSIxSgMJJdc</kbd></td><td><kbd>OkWGskNiQBjlmREa9njG7TkyG1pfKdQtObhdB4z6Ijc</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>asfbot-vm-ec2-va</b></kbd></td><td><kbd>54.80.246.140</kbd></td><td><kbd>Loe/V/bZAtvMTe+XB7264x99jRNkPeSJIzV/T133gNA</kbd></td><td><kbd>27HV5rYY5gYICpyuqo1y7ZDqKR5plBP/1Xt2rtrO3nA</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>auth-ec2-or</b></kbd></td><td><kbd>52.89.232.241</kbd></td><td><kbd>a8qm5Bw3zhANCoW1KXKOm9k02dCs/o5Ma7uAI56EtWE</kbd></td><td><kbd>cLZLMSQdfVc7hxWRpiXFTlJji22mXJywndQBX5hcyWo</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>backup03-he-de</b></kbd></td><td><kbd>65.21.139.126</kbd></td><td><kbd>hYKevg6/lx4AQbz1nirUtsdz6az+aBDtxcQXCPNmO3A</kbd></td><td><kbd>cGJOfRh7gwdd4Ts4Oa+7AE5db6ZbwiwNMCOOoMAx+1k</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>bb-worker1</b></kbd></td><td><kbd>209.188.14.143</kbd></td><td><kbd>qoJR2rNpCwkRV221Hg9aa71HHZXNH+SkCAnbBV2JB/s</kbd></td><td><kbd>yDPJqkojmCEcKkTotXd2WUlFNIUaZCwSTz4XKA84P7I</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>bb-worker2</b></kbd></td><td><kbd>52.247.26.172</kbd></td><td><kbd>2eOwnG4z46sPkHA2g2xPkAPsfAJOCPPqnyBW3kGV9+g</kbd></td><td><kbd>pv8L/HiF92FxgiQkNwf7dQ0P0rqDW1f67lvqrAxK9Ec</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>bb-worker3</b></kbd></td><td><kbd>20.127.9.164</kbd></td><td><kbd>oi6xEYwlhD0vR3z1ZkozYz0sIvdi5kBvGNdjUU2wIkg</kbd></td><td><kbd>slVyaeO9pre+WZTBqimlLkxJVNtd4kppfiTI2vKCpqs</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>bb-worker4</b></kbd></td><td><kbd>20.124.199.77</kbd></td><td><kbd>JQOCmQCzFGzanLbBXmkufNihTZNVgFzL9wWroNlL4bQ</kbd></td><td><kbd>/qD7zTJfwH4WMtwoFMJ60icK+aBKyyecyt6JofXQtLM</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>bb-worker5</b></kbd></td><td><kbd>20.163.221.0</kbd></td><td><kbd>hcrXheFO1d7t5aEyCWAbqkjL8N2B07tDCansnSfBcOw</kbd></td><td><kbd>aVVN3Q9J16JUxVY5d52z4uhxSpCmyNHtWf5JqJ8laiA</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>bb-worker6</b></kbd></td><td><kbd>54.163.214.239</kbd></td><td><kbd>KkuFpWF/HJUEoQr/LDcnrJBbNjF1idV+U2vuqRdYbdo</kbd></td><td><kbd>FRnSU8cCzZzVsw6qHHFc+9/O44+YU7ASn4FeWvnDblA</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>beam-cache-ec2-oh-us</b></kbd></td><td><kbd>3.17.59.115</kbd></td><td><kbd>Ss0LfxwBUSX7RH4H1mGPy/doVf2jl8hNJmPt00+1CQE</kbd></td><td><kbd>kfs4qRYvKBF/R+fwwZ7VruMLbLbbzSGaQsVX1Ymcl8o</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>blocky4-he-de</b></kbd></td><td><kbd>23.88.41.51</kbd></td><td><kbd>4n57djRXDOnEFK64kkHqP57oIPa+zlwVpvcl9pOSXcI</kbd></td><td><kbd>W2UW5LOgyQxv0mZgPWkKHJWUGk2cMVdGvxQRFEJrRcw</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>bpc1-he-fi</b></kbd></td><td><kbd>135.181.17.179</kbd></td><td><kbd>lHnxCxiVyVBso5SEFBz5O00IEWVpwDaUmqEX7F5hoL0</kbd></td><td><kbd>exelkkKinYBcuTNcxm004tWK6f/GsXrCELTm+uvGRL4</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>buildbot-master-he-de</b></kbd></td><td><kbd>116.203.213.169</kbd></td><td><kbd>hTT+hiGXliteNLmM00CnMR1wNfMWL5fyAXP8hhhaGcI</kbd></td><td><kbd>ORU59it2PmGHrdT5GOmo0+seJBoQPaWknbUr57zksy4</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>butler.cassandra</b></kbd></td><td><kbd>35.202.205.72</kbd></td><td><kbd>ni01DymS6VVgdbGEGnd6L7+YvLLgttc5kjphdOiyImk</kbd></td><td><kbd>M+Te7Jj04ElvsEk15N300nj5oiJlCDFURod3WO9o+Qc</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>bz-he-de</b></kbd></td><td><kbd>148.251.237.210</kbd></td><td><kbd>sbA1v0RZ5Yvzn445lcPZhP00yxbiR/A9gR/IGnr7wls</kbd></td><td><kbd>2taJ1G/Qc5bUI3CW88/f3pPDfyAaiWiNK9IY7y/Gcls</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>bz-vm-he-de</b></kbd></td><td><kbd>116.203.55.214</kbd></td><td><kbd>ZwXpplW73ZRBnZiclsKfwohkNhWLA9V+gV00zeHrj2Y</kbd></td><td><kbd>9NdS+u1kkiTz90LQ0Ri0DryRDh0pgZvEZyx7Pjoi2qo</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>ci-beam2-ec2-va</b></kbd></td><td><kbd>54.81.28.192</kbd></td><td><kbd>BckCI7S3AQ3F/i+lk5vtpaCaP8MdZbAd2E4vpkS0dfo</kbd></td><td><kbd>5rBlQnyRQiWtZpXUlY1amXhDPIqaeCky/9t9Pgsly/s</kbd></td><td><span color="F70">CHANGED</span></td></tr>
-<tr style="background: inherit;"><td><kbd><b>ci-builds-he-fi</b></kbd></td><td><kbd>95.217.196.215</kbd></td><td><kbd>Blk4VlLSImx2IW4yxAC7ixKi0Ny1DUk4FO5OKuQP6uM</kbd></td><td><kbd>UIC5Nc3tnwPtPYASNab4xDfmvDvIpDG+mVZTSAcYe6w</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>ci-cassandra2-ec2-va</b></kbd></td><td><kbd>18.208.174.254</kbd></td><td><kbd>HZYEbOXTynWRE0Y40aX2eJ+9/bdM762tV02LAhSIpBE</kbd></td><td><kbd>YP7b3+7rq273OXnG3vZkvPki0xLLQEND84IngXtOMtI</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>ci-couchdb2-ec2-va</b></kbd></td><td><kbd>54.84.82.115</kbd></td><td><kbd>aGxml8n/T2iK3PaREKP71v5vJzKn4zOjK7b9ZTKxdlA</kbd></td><td><kbd>01yNWMeiAom7lh0MUG++8TDToz6h8dPtpm0Ly6uR5qc</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>ci-hadoop2-ec2-va</b></kbd></td><td><kbd>3.82.198.101</kbd></td><td><kbd>MzlZkvj0DFQ2NyfQWHxWFwvnnqApk9L855OgAkgUj6I</kbd></td><td><kbd>ttV0ffBsN5cZNFpH0aK9yeKQn4LmRT44ZEpG+OXzytI</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>ci-hbase2-he-fi</b></kbd></td><td><kbd>95.216.8.237</kbd></td><td><kbd>tSJBTy56aQKM8RBFws/twWb9Vhvjp5a77likwX13SP4</kbd></td><td><kbd>MF9ksb7ups2Ay9uFXYPiNY/d6WwZz2BuxdRtciXTquw</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>ci-infra1-ec2-va</b></kbd></td><td><kbd>3.222.58.77</kbd></td><td><kbd>vmTxN6ii48qPL3xSaahhTtnDt3w1CTIU3U1LyPciYJg</kbd></td><td><kbd>rinR0zslQER6nZrj0tjDG+YzlmP7DxCZNN0HaepC3Dk</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>ci-maven2-ec2-va</b></kbd></td><td><kbd>54.89.179.137</kbd></td><td><kbd>lo1is0NYMi8WTI9Bo5B5L+srbh99v2w8xI/Ps1Zzb7c</kbd></td><td><kbd>fdNPVqvPwJrfXsI0g3vjVKz41Fj1gKVZp1Hax/ggWUU</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>cocoon-vm1</b></kbd></td><td><kbd>209.188.14.144</kbd></td><td><kbd>HXj9RF384lmT7yYxkEyE3lIdY06NXdg4Nj2dPxIamuU</kbd></td><td><kbd>ibA2pHrsjJP5odt33Azyo77LiHH+knKNAXxe7kohZ6Y</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>crowd-dev-vm</b></kbd></td><td><kbd>54.172.21.146</kbd></td><td><kbd>8dBDaaSX2bqAie328ARzZXEqaLGVxQqJcSJ7oggEaW8</kbd></td><td><kbd>b4DO+fTIl0lkDzRCbzqFA2IrDCWePt2gWIFncqMlLSw</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>crowd-vm2</b></kbd></td><td><kbd>52.7.189.212</kbd></td><td><kbd>iKkHkV2X2ML16a5NOdUBkj3FKvRchjUjQfcQIWdteOo</kbd></td><td><kbd>5dam9pVeWX2syCdTHAgSNifa0mZsMUbTBOIutKivTBo</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>cwiki-he-fi</b></kbd></td><td><kbd>135.181.16.82</kbd></td><td><kbd>7fw2ujogEtgOBoovVazjEFMSbNA84Xby+6mMKluw38c</kbd></td><td><kbd>tQD89mLBbxoCbj9ANKjNqN2d1tkWfbjhJseP2mn1BBo</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>cwiki-test-ec2-va</b></kbd></td><td><kbd>3.229.135.95</kbd></td><td><kbd>SweBa2TJPrGVHCIsT/nW+euZSGg8r0V2oia8ilVEYWs</kbd></td><td><kbd>v+4n1KgXHjICJuKAix71Whw2f8c5czu/YAkJyIo/N2s</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>discourse-vm</b></kbd></td><td><kbd>44.211.121.102</kbd></td><td><kbd>9hKSnDD9VSSiuPY8ebH2cKizG8fJiIAfBANBDV0HAp0</kbd></td><td><kbd>UEfo5ByoXHpZnNoI4+8d8a3pkg8dpBLsPDOgn5iRkQo</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>dns-vm</b></kbd></td><td><kbd>207.244.88.136</kbd></td><td><kbd>HUVi3m8NEZRV3+9ebSIbyied8HXl9ZbjLVJ1vhIXqow</kbd></td><td><kbd>crQFbaOunjAaOG4zuV8Oxgasmmi77QM1PlEcTsypYEg</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>docs.trafficserver</b></kbd></td><td><kbd>72.167.35.147</kbd></td><td><kbd>MDZ5HzctOINLX88Heb1yrlNThOIWz6vdtPoqxJeyicI</kbd></td><td><kbd>a1Ep7S/2tNXxGlbCM5qM5KdG8ZDNf03VeMq15DBEDBM</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>downloads-he-de-2</b></kbd></td><td><kbd>88.99.208.237</kbd></td><td><kbd>A9KU6o7zqwHRj2A/rJif7RXRqJRIfLsPLglguxjrYVw</kbd></td><td><kbd>MQNH0yzC+f19uTKWleENmta7jEEdoApoK31K5MubZ1A</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>downloads-he-fi-1</b></kbd></td><td><kbd>135.181.214.104</kbd></td><td><kbd>NS4oUjEdm1AqFZK31c2U08n33pTJkWnuQfbh8qHoEpY</kbd></td><td><kbd>I7+0Hp3ueXbDkljh+LRgzrKt4Zcb/dPHdxErcKiNvNw</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>dubbo-vm</b></kbd></td><td><kbd>207.244.88.152</kbd></td><td><kbd>g+oXCa+f3lxsK4tOIVPVov4LwlCi2b+K2YBwk6Opx5k</kbd></td><td><kbd>8DnyWXdsU4ROC4tJ1WZxpx19XfZnb/XiKbdz+Fn3HAU</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>edi-vm-he-fi</b></kbd></td><td><kbd>65.21.184.230</kbd></td><td><kbd>0jcp44wl9euYkYRo043fLD0Hv2mF4EH6tkmN61ANjR4</kbd></td><td><kbd>ul9Zqt5EkxuN6+YdqskJXUU7RAdPAYQOxY8fQu440ck</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>fineract-vm</b></kbd></td><td><kbd>209.188.14.146</kbd></td><td><kbd>JqvbULvS0YRG2Ty9hEMGIFSEh5qlsiVDvZqgouBGa6Y</kbd></td><td><kbd>88YKC271QHBq4NX7quDhmPVS6zcW5k732/Q690/yYYo</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>foal-demo.ponymail</b></kbd></td><td><kbd>95.216.166.202</kbd></td><td><kbd>3qgLDwgIJSOPyq76EMVwdBcUNYK6Zc0K43aSBlyPIM8</kbd></td><td><kbd>2k24sMIO1UdP/pZyOWR+HzZZCNkafSpnZBHHosUnFn4</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>freemarker-vm1</b></kbd></td><td><kbd>209.188.14.131</kbd></td><td><kbd>6f1s85BA0ZGDquWjtS3jOrDowV8ykeeat695dqshLik</kbd></td><td><kbd>24U8fvpdCCClHXQxnbA6roPKLKAnSl+mjBmQdcKuHUA</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>gitbox2-he-fi</b></kbd></td><td><kbd>65.108.73.173</kbd></td><td><kbd>cjXYsi+Tr+BtxWkFhAZtHGyEIxBhm3/3BeZeWGHELyg</kbd></td><td><kbd>hKCOFRIQOmR+9NuChvXFrggGWmP9F7Sg+EsHR6mzLLg</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>gump-vm2</b></kbd></td><td><kbd>209.188.14.154</kbd></td><td><kbd>yx+VSwGVIXzqB/ghJNjGD2MaE0Nu+/Iay4nnGIsFC10</kbd></td><td><kbd>Z6rekkjgGl6uSBo1DJa7LWSfL1kEarzfF3LFtAV/8co</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>home-lw-us</b></kbd></td><td><kbd>207.244.88.131</kbd></td><td><kbd>Ek/qjqOOyyX5pNNSkNCIsLIf81X/sRcm7UVkkCSzdgY</kbd></td><td><kbd>Oz9+wOnlHvjYYXE06xENo3Z2l09ULBT3TO7gHHhdNnM</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>http-proxy-vm-ec2-va</b></kbd></td><td><kbd>35.172.124.167</kbd></td><td><kbd>l8PUhoR5vgySy1CyVw2eM+0vmDPRFViaywoU45JUKGM</kbd></td><td><kbd>RLMcWGE48fcNUGts4iSGmfNXDRNVdVrcQ+18mfKvaDQ</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>httpd-azr-us-east</b></kbd></td><td><kbd>20.127.133.168</kbd></td><td><kbd>d+Wq/veVMyPFUbeMRtuNN4FPPDrn/z+55XYMf+eVYFE</kbd></td><td><kbd>tXxR3f2Z67mtMF57NccBoAp23t+/3L1EJviVU5E3nwI</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>idm1-ec2-va</b></kbd></td><td><kbd>54.92.167.239</kbd></td><td><kbd>aHJ1lXHhqMh3PaxdqQv/tallwyrARysLNdzj7ZlaBiE</kbd></td><td><kbd>YQmNNxe/2giZmuvL3K/2mSqH09ZaauEnHfLzYIj8DEk</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>idm1-he-de</b></kbd></td><td><kbd>116.203.29.34</kbd></td><td><kbd>jjp9BlYxjRNBuF15k4g41qANBIEnNJcZE8kTIjwkOtw</kbd></td><td><kbd>X6Iqv1Cw81d/jxhvh/zswMvy80X2fO4HTnnh5sYw92A</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>idmpoc-ec2-va</b></kbd></td><td><kbd>107.23.184.252</kbd></td><td><kbd>+KKNEszMUezH3FvwQVln+4mALZXftKom3IF3v03zSa0</kbd></td><td><kbd>bISLv/2GKSqT44St7KW3sd6kV0e92W6hV+GknufSPmM</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>idmtest1-ec2-va</b></kbd></td><td><kbd>34.207.133.157</kbd></td><td><kbd>UdyOWX6NerXtGl5XaG8ynkUobJc4UbY9Qt47/MQ5jKA</kbd></td><td><kbd>XrkC9GsbjDDekyRWyeM+eOfbawqe/pC3vJQGwgN8OI4</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>idmtest2-ec2-va</b></kbd></td><td><kbd>107.23.203.249</kbd></td><td><kbd>+5n9cYGnYc4IQtyB9PBzYXgU7IJetZt43TMeDDURFhQ</kbd></td><td><kbd>+9OHR8KVXV0urdQU+MjLSHiu2O5La0+dZt2HZjEY310</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>idmui-ec2-va</b></kbd></td><td><kbd>54.159.191.216</kbd></td><td><kbd>Un4kgkOs0zM5M412I9W+mhlCaOVxT7YBcFUPmVFk2n8</kbd></td><td><kbd>BWz224j1BUpGsLiJVIbmCFGZoaN54BpaUZxVvpHqEM0</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>infra-reporting-ec2-va</b></kbd></td><td><kbd>3.211.80.200</kbd></td><td><kbd>Bd8A+z86rTkk7dueQsJIFmi4NOH/8H4h39+yqYyWEn4</kbd></td><td><kbd>Qnd9LZ9VGMra49dyV9ng5tR9wf0Tc2Cq/HrMlyYk5GM</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>iotdb-vm</b></kbd></td><td><kbd>207.244.88.150</kbd></td><td><kbd>VL70gInxAe7IvsqUCcNtpnAws6h0pSqzGqzi378iRt0</kbd></td><td><kbd>lMCchVpLBpPRZTmcVuJAQNTbPA2HWaGTNkulfktU2SY</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>jena-vm</b></kbd></td><td><kbd>209.188.14.138</kbd></td><td><kbd>02OrX+3zzTYTscRKGH8I3MSavptICmYFKQEJ6asVBvE</kbd></td><td><kbd>ab7Q+J92xOZr13nEyC2CwlAqdGIDEnFO1+pmY8+zezk</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>jenkins.kudu</b></kbd></td><td><kbd>35.185.99.38</kbd></td><td><kbd>3TpZ49yR2heCEfyYos0UcnxJo5fpUJObx07a/YvYKYc</kbd></td><td><kbd>YzgbodBvWSCyquG75pbyt7Zc0J98klo0JzGnrfQxDD0</kbd></td><td><span color="F70">CHANGED</span></td></tr>
-<tr style="background: inherit;"><td><kbd><b>jira2-he-de</b></kbd></td><td><kbd>168.119.33.54</kbd></td><td><kbd>Dgpfcq0CCy2q1whjOQZEf4A+pIxBdMDReb6YRT62BtA</kbd></td><td><kbd>RseK3WC4BT5YIRvyxWpBoSLgGBnI6FyksSbnfjAimFE</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>jiratest-ec2-va</b></kbd></td><td><kbd>34.204.185.29</kbd></td><td><kbd>Tw/1nyc+NCF97jbyQsULYI1QCOy+RKsULLHc6wLUor0</kbd></td><td><kbd>i46XEPc61pOMOVK+sUB6SuRCJo/ihMAwtUoaZDCayPI</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>joshua-vm</b></kbd></td><td><kbd>209.188.14.166</kbd></td><td><kbd>Mqpt68P5+IWUHl+yBQtZmwPCtLkdgxHZT0a/ar/TGAo</kbd></td><td><kbd>8PgpCVMW8Z/JHzPX+TMI+pp8E4YifLzYZjmFMtsWeHI</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>jspwiki-vm1</b></kbd></td><td><kbd>209.188.14.141</kbd></td><td><kbd>S2ZtgdmJLokJSCoOwNvUCrHvI+O5smMnGCEOJS4UCv4</kbd></td><td><kbd>ZFVbp678/9bdd6OXdcfJuc/sHpFgUg/TduMNBRCLsgE</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>kafka-cache-ec2-va-us</b></kbd></td><td><kbd>3.90.65.167</kbd></td><td><kbd>QSFqQBx3Cw8vNPb1y53NamJUP/lYzVJ6pRAdjDcNapE</kbd></td><td><kbd>dOZuC3/QkI8SU0+sUktRtnLqEWv6j1zqlPqFcCmooSY</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>logging01-he-de</b></kbd></td><td><kbd>144.76.43.233</kbd></td><td><kbd>ofi8tJDbQntYIcHp73sWOUj0rEuAnt9KyKEk/AIa+/E</kbd></td><td><kbd>7wsw5kT3CdMOnDGk8EzWVFd8PRnJhG7/vgMxSCg5VZg</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>logging02-he-de</b></kbd></td><td><kbd>144.76.44.113</kbd></td><td><kbd>MjbhvkEdt10+kDXHolDwds8cPmXlN+/3ypbaUomcRvI</kbd></td><td><kbd>IaG8pbE4Xqf9ZArkDk/LAQF6WSj+q9+XnyCnsHfgEMI</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>logging2-he-de</b></kbd></td><td><kbd>162.55.1.41</kbd></td><td><kbd>wQ3cd26e0TJEmQhix4Vy9aj5KTadB3WNc1xjKmdaUQ8</kbd></td><td><kbd>3Z8mXur7L9R1C5/0h6aec4U9dtAz53k6HqfBDsVGXGc</kbd></td><td><span color="F70">CHANGED</span></td></tr>
-<tr style="background: inherit;"><td><kbd><b>logos-ec2-va</b></kbd></td><td><kbd>3.235.154.206</kbd></td><td><kbd>ZdTcUr+WRC8p3tvKOrGhbdODzkEcC+ptiQp1WqF9Tb4</kbd></td><td><kbd>hY29OIKOJ4TiVsFZ3DQENq/gBa59FxPJISXT+Y05CHs</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>lucene-us-west</b></kbd></td><td><kbd>209.188.14.153</kbd></td><td><kbd>vaZo5W+Jlg9LAEWtHP98M9ZBrTzYIqLuLkIYJzoR0EY</kbd></td><td><kbd>BLN8DlJntQj4IfVZlfy3rHpzvpLYizxGKCcIXpH92Io</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>lucene1-us-west</b></kbd></td><td><kbd>209.188.14.136</kbd></td><td><kbd>/p77iWPhjlfJShOgYkET62qcAHFNkMuzcGsR3IwfMcM</kbd></td><td><kbd>85Zh6HmqXGSZfBPgxEb+fEo9x+952UAI79+8sc66Wfc</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mail-outbound-he-de</b></kbd></td><td><kbd>116.203.166.180</kbd></td><td><kbd>I/bHct/bNk1UAcA58T5eV4UZlWyGx9iN8xharxm6oTI</kbd></td><td><kbd>jYKNJ3O0bwXdf1TBxpT6koitFzAbTorQZkAOxomowzQ</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mailgw-dr-ec2-de</b></kbd></td><td><kbd>18.185.108.252</kbd></td><td><kbd>eg5233/ZQgztgaWRCdlae7/wUoIRQuo/uA5iTq4BSQM</kbd></td><td><kbd>80zNArYISWbfhihe3dLdLh+TH/BWn6pLlahzMmJfbtQ</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mailgw-he-de</b></kbd></td><td><kbd>116.203.246.181</kbd></td><td><kbd>tSs7hKpbltTzzNjVhs42nwUsRmETcR1lqc87I0rioZ4</kbd></td><td><kbd>SGZ69YfEDghH5BudF7GbI0+wbc7JbXru6mEaLZd8Vi4</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mailrelay1-ec2-va</b></kbd></td><td><kbd>52.204.25.47</kbd></td><td><kbd>M9lQj3RFO6DxfLf37UT+gEutwi7z/BxhieCdCVvBMW0</kbd></td><td><kbd>Seb/i5c4v970GWh24leGtXg0sqDJWVoN16+/+j6dwi4</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mailrelay1-he-de</b></kbd></td><td><kbd>116.203.21.61</kbd></td><td><kbd>I/bHct/bNk1UAcA58T5eV4UZlWyGx9iN8xharxm6oTI</kbd></td><td><kbd>jYKNJ3O0bwXdf1TBxpT6koitFzAbTorQZkAOxomowzQ</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mailrelaytest1-ec2-va</b></kbd></td><td><kbd>3.230.135.33</kbd></td><td><kbd>DUw2gKLyWMAHd1WKR3AmMc6aMrkq0dvRrHuEq2dTtFw</kbd></td><td><kbd>GTAdMQoa7ZfLOcPukD6giw+TOyOAv5ccAKrIfWJvlWs</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mailroute1-lw-us</b></kbd></td><td><kbd>207.244.88.153</kbd></td><td><kbd>whLbZxqOr1DSJ1eVEQ50LI63yAS3QnDYL2I/qXctUfo</kbd></td><td><kbd>7SWPvHdy7RUT3EwLXvQhUwMu5TV+farJ9u9CivdrFCg</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mbox-vm-he-fi</b></kbd></td><td><kbd>65.108.60.193</kbd></td><td><kbd>PJR0nvDn5WnkkQq5nGtBchhmUmKbXx+LmGktBVULIBs</kbd></td><td><kbd>lkUn0FPbcsR2BVp1H8BQfPKK3Fl4DU+jVBngL8tlxf4</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mx1-ec2-va</b></kbd></td><td><kbd>34.199.147.133</kbd></td><td><kbd>P77Gi1v+7aVeFXqhc03fiajqYpVZ1MUvNaeaD/+TBJI</kbd></td><td><kbd>+pH7c+vQ9clITWb+fVQjDpkoebBtOdI+ai4QNCEBQws</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mx1-he-de</b></kbd></td><td><kbd>116.203.90.47</kbd></td><td><kbd>9tV+wqU+jBct3oJ9Vr70UaldCUiyljOJdXMV9Twcuo4</kbd></td><td><kbd>FSC8pTr/YXFfkB/2EBZE6efWrDnI1DvS+v0sndQXVVg</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mxout-dkim-ec2-va</b></kbd></td><td><kbd>18.232.173.146</kbd></td><td><kbd>Ff9YqeeW6Do5Umx7jkHweMXw1Dpid204x4dqKf9rEDM</kbd></td><td><kbd>nXO5mlYHxOfYIj4rT7T2SUkBttcFxT251W4WPzT/RjY</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mxout1-ec2-va</b></kbd></td><td><kbd>3.227.148.255</kbd></td><td><kbd>jRNdmilzqlInwMZZ8CVYh9LX2rfcNkknD9SxgwdqDXs</kbd></td><td><kbd>s2MmwHV0gE3irN1zpD+82+Tf56lQJiv7dgPwew1mDl4</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mxout1-he-de</b></kbd></td><td><kbd>95.216.194.37</kbd></td><td><kbd>dKzn0JhMvRSOTbqoT29stsxpzXF8dWmccJ66UHVk3mE</kbd></td><td><kbd>m04xdE3w14QxIT1JgcTffStxAEtg9NMnGr7iGSVBaqM</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mxtest1-ec2-va</b></kbd></td><td><kbd>3.91.55.215</kbd></td><td><kbd>MGrrwr0kVKHwH9Ds/bDl47zAUMlcbe/zwmwRfxyynvs</kbd></td><td><kbd>BhSbzPS/QEjP4qYR1D0tCHnDeAQWMWsx7IF2/refgt8</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mysql-vm1-he-de</b></kbd></td><td><kbd>116.203.211.76</kbd></td><td><kbd>VxIgDQQxNh2lMKS7KGfZYQ3iDFIIu61iEdYeCfzcneI</kbd></td><td><kbd>W+h2nuVTK5cA084LUz7ViAlwRNb7veYZ5WmKHw+E+ys</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mysql1-ec2-va</b></kbd></td><td><kbd>52.91.232.133</kbd></td><td><kbd>AhgumbCq+lBNJIZj8vQPgAYqrGzls+VPQsTbAsw7kSE</kbd></td><td><kbd>25KYUWh5ToNRe1HS8/Dgbn6J1XOJ60Fe+vjjIDvG/3E</kbd></td><td><span color="F70">CHANGED</span></td></tr>
-<tr style="background: inherit;"><td><kbd><b>mysql2-ec2-va</b></kbd></td><td><kbd>3.210.148.126</kbd></td><td><kbd>4WPO+rP9anbCNYmgx7bKqqqxltSfVtFAdexhMse68tA</kbd></td><td><kbd>AZYnq55v62xDJHz7eYHwa2HhxisovXt+Ahg1YAfjcrk</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>netbeans-vm1</b></kbd></td><td><kbd>209.188.14.165</kbd></td><td><kbd>kBFlqIbAjCjWJCeVnRntVgSMZfwCouMd7xZwMivOxL8</kbd></td><td><kbd>hDfrWp+4KRE7Y/uhq6DRorzM1tWsx75YIqYngF6Usng</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>nightlies-he-fi</b></kbd></td><td><kbd>95.217.87.228</kbd></td><td><kbd>uGT70QbPioMD8HLAwalHN8gCz7wUsot+h9Kj16TiYws</kbd></td><td><kbd>je9dH/mwDiS9dtOiC55L/q9ARIlnWRTZYW0S4yGBTvA</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>nuttx-vm-ec2-va</b></kbd></td><td><kbd>174.129.211.106</kbd></td><td><kbd>VeX1841XHcy/CikUm8I3jIlJvaiW6mpsRDLULA/3TTA</kbd></td><td><kbd>gkf0/KysIZMRd/3d2g5ZIABwvgZBdr0KLXhxlsGFC20</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>ofbiz-vm1</b></kbd></td><td><kbd>35.169.121.235</kbd></td><td><kbd>jNiBTG1sQzHP7DcS/kJYJTCoHrjcBUZitKQ/ebmyGnM</kbd></td><td><kbd>H/WvihUh5iXTPLHgKf2+XPxJaa57lfm9UJS+EX/+MKc</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>oidctest-ec2-va</b></kbd></td><td><kbd>3.95.37.121</kbd></td><td><kbd>4VPAUvh0ezmqEaaNdPB9V3bZdy2nRYJlE5qqFeHHFDw</kbd></td><td><kbd>loQLy/9XUBdu9ryTyp6aLrM9/q2NQ3b8u95fvJnhRNY</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>openmeetings-ec2-de</b></kbd></td><td><kbd>3.127.65.212</kbd></td><td><kbd>inFi5wq5FXUSga/PSbj033T/cS7k/TgPgQ3S2TMAzik</kbd></td><td><kbd>xVgZLFTi7fa7NDP15b0odLWU+fpEmxXQOIGKwf4SZto</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>openmeetings-vm3</b></kbd></td><td><kbd>116.203.209.181</kbd></td><td><kbd>GdnVwgsQDcnT6FVZtebs0wnKexCS5VmMAiyFToLa4YY</kbd></td><td><kbd>rg+ZyGt/ydZ8G/5ucq4nW8geBGhlg8NXlQ+TslQ3MkQ</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>openoffice-vm1-he-de</b></kbd></td><td><kbd>88.99.85.105</kbd></td><td><kbd>4HuQhXMdkrqVQMLwshV5os/5BitHRxT9NWQ2sLkS4w0</kbd></td><td><kbd>UvfDn/rCRPtdVYuBMg2gjwTOS8AcKXjdh5uJMP0A/JA</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>openoffice-vm1-lw-us</b></kbd></td><td><kbd>207.244.88.139</kbd></td><td><kbd>wWa21vGe/fUOuqcD55deZgsPhVg2Np+DnET6urHbMV8</kbd></td><td><kbd>dMw+Tu/mmJq9VbKHFjLVTpxaGQJc36kZ9YDea9QNLvg</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>openwhisk-vm1-he-de</b></kbd></td><td><kbd>144.76.63.94</kbd></td><td><kbd>nlJ20DIh83Nd2OPti5u7nFrUMUagusucxv7+qi6jTDU</kbd></td><td><kbd>6l+pmcY4qYHMpSh3uSeVkwDcdDxOYtbzAvsNf/z/tHQ</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>pbx1-ec2-va</b></kbd></td><td><kbd>3.84.152.46</kbd></td><td><kbd>BaDSyxkEWKvibz+6XS7KFoTMN8L0EFFkZ5zwufMf7tA</kbd></td><td><kbd>RJg/gcJs/4IoOyzrzw9ZJGd2BIUbqg8ir7TDo8nkUeI</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>plausible.cassandra</b></kbd></td><td><kbd>3.124.255.5</kbd></td><td><kbd>aLkbc6wsQcHF0CcmJli7F6YCy/IqMUUnlS8sH+Yjp90</kbd></td><td><kbd>MICB6LFJYdGnzmYg3gmGdLy6OnjVkp5SxYuvpThFPQI</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>plc4x-vm2</b></kbd></td><td><kbd>209.188.14.145</kbd></td><td><kbd>4v/+eexuDkGbnQyaqzBMV1wotRQ87ErPQKAoPGmBBHM</kbd></td><td><kbd>0EHW+S9FAPAitSTkIg9YXdLeDEpHxuh7r29HTDAZVBI</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>privacy-vm1</b></kbd></td><td><kbd>3.220.53.221</kbd></td><td><kbd>D9IB0yJbKgWXskoEoH/GWX1EcPL+/MqSb4+WlAg9h80</kbd></td><td><kbd>D3OmGO/qFUYs+4HU5NbVf7hOPUIEH/X5A0IikS+vjmI</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>projects-vm3</b></kbd></td><td><kbd>209.188.14.137</kbd></td><td><kbd>oAqYNdi74e56qX5Wi5eqTvL/uY2dkz8lqD9s8wZ3cUU</kbd></td><td><kbd>7bMFIk5lFEOYVqAItFyRz8gXar3ncoQo0Rq0kR9aHIc</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>proxy-us-west</b></kbd></td><td><kbd>209.188.14.135</kbd></td><td><kbd>dJrVZo6UHzwdUjthiwcu8JIC5N6jKbkCP10t5rdENGk</kbd></td><td><kbd>sY0hBkIbIhfEeplRibtDu3tjwFkY8TWvB0mDB8GxXdQ</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>psql01-ec2-va</b></kbd></td><td><kbd>44.192.71.126</kbd></td><td><kbd>VvZeTVAumM4jUgBWpU+Zjy81rmwrr2KCKES/y8n3yPo</kbd></td><td><kbd>xvRXtUyDXGbmM+XwrjVvM3h+P3UYoUXtNtrKrvdPzzU</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>pupcompile01-ec2-va</b></kbd></td><td><kbd>3.236.253.5</kbd></td><td><kbd>exR4VC2IC7UtSqCQUUx2XBmB+FaN1OzTeQnGp6/jXAs</kbd></td><td><kbd>SNZIR1thwrf1oBwffSBWRkNCEikku9umsQnlnehAc2s</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>pupcompile02-ec2-va</b></kbd></td><td><kbd>3.237.30.30</kbd></td><td><kbd>Y/BhyG9h9DjEoTS0YzT4+zVzLJ7vYOJ/RD0DfOOaFLk</kbd></td><td><kbd>ZF9Q0QpLnkXjyEFtw8Lk4KUeI9qar2G2ICMgSsCW0gA</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>pupdb01-ec2-va</b></kbd></td><td><kbd>3.236.17.51</kbd></td><td><kbd>0TPzOPsQjCs9183Ppa4kPS9J6kxDslnb2kINKtXmgPs</kbd></td><td><kbd>7KNdxMVchwchSWRz7CbEWT75Tu8FrKgXr7U37ASWJt0</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>pupserver01-ec2-va</b></kbd></td><td><kbd>3.235.64.154</kbd></td><td><kbd>qUDy21uaU5I156y/F/aflVJ+htg9s5Q9lqOIE3TOUYw</kbd></td><td><kbd>Y0O57SqOrkNwdWF9nc5RdXBXdKz2P6lxMkrzCPXbgoo</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>rao-he-fi</b></kbd></td><td><kbd>65.109.119.155</kbd></td><td><kbd>xwKkMyz6q/3hOKuqN17Y7JQFm5v/ZJI6V9hdBB+bU/o</kbd></td><td><kbd>KeuYeqDLZFbXjOecrjzfndaDbelTkqGpcrcQy8oGdlM</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>recognition.ignite</b></kbd></td><td><kbd>138.197.201.250</kbd></td><td><kbd>o96dtfGRQ9SndTuD5XBMuEGg0pFjaQBLxzm6ZJSvVT0</kbd></td><td><kbd>rereufnBGMd8QKJwy0pKo3/AA5fRFWgFCGZfwwlQL4E</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>reviews-vm-he-fi</b></kbd></td><td><kbd>95.217.165.199</kbd></td><td><kbd>asNbYZ4cYu6HbGzBhWwjAOc7E7pvdl6kxxDxyTt1NkA</kbd></td><td><kbd>Rfmw3GxdcRsXrEyHvsIWiH+sEftvbFBM1N/hPj/qgcM</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>roundtrip-he-fi</b></kbd></td><td><kbd>135.181.199.107</kbd></td><td><kbd>PwbL0GGhTSVVRfYJUeO4vsLnEvTtY0/Is0AzZ3KYsig</kbd></td><td><kbd>U2m5QK4Mu2od/tPI5/5SV7QSR+FQGjRvFRTMcrjU/lI</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>rsync-he-fi</b></kbd></td><td><kbd>95.216.246.156</kbd></td><td><kbd>WUjGeIhwdZjP/kuMrlAFOB8bccdQRH7cJwC+JgEgsH8</kbd></td><td><kbd>06u8RypYFa0YkRcn+BI45SlvFzT3C8/LKdqbFjAUq80</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>sa-vm</b></kbd></td><td><kbd>209.188.14.132</kbd></td><td><kbd>bHwcC9fRY8uOQwy1As9Zr6noP6XiqjJIEISkjpwZd6Y</kbd></td><td><kbd>j9cV7eTLB6ow5hC4t2T+rzOTg6xFT3zi9eu/VD5GgjM</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>secdb-ec2-va</b></kbd></td><td><kbd>52.202.80.70</kbd></td><td><kbd>fUfDwjsENwMAVDgGjOQSCiZbTSOrmfvvRrbx88ixhxs</kbd></td><td><kbd>56JSf2HGoIkYlBfPyamAXffVd4r4Yk7oBLvCxG7WSHg</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>security-tools-ec2-va</b></kbd></td><td><kbd>3.82.172.250</kbd></td><td><kbd>MfmcPhGVHFDMx1NhMjQs+89k3IBx+VHA/H4sMM31Ldo</kbd></td><td><kbd>zjBkSU8dfKWskRfWsuexWQauE05us+n4wTVCBvjZCCc</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>security-vm-he-fi</b></kbd></td><td><kbd>95.217.212.187</kbd></td><td><kbd>9SNkQu3WBpcWemM1XjSnM8cQPpPi+db/aiZmW7Uzfeo</kbd></td><td><kbd>I3f/0BuWGSZzMnbT+imJ2aVzOJ2LOzkx3HIUfsax4ao</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>selfserve-ec2-or</b></kbd></td><td><kbd>54.185.93.87</kbd></td><td><kbd>MblSYhkzMDhVe31wi0YRh11oBLjT2aJHNODP83GPsjU</kbd></td><td><kbd>52fPBmN7K93QjgiZkYbAk+8BdRxJvzl0h+wpDPU38u0</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>selfserve-test-ec2-or</b></kbd></td><td><kbd>44.227.128.184</kbd></td><td><kbd>gmnKEdp0qzeXln6N2V6pokUnBKldsZkZnPLCw3Y1fsc</kbd></td><td><kbd>wSFsYNIM4xThKCthL4zKfiabbLW/3LH2+EWqteIGzAg</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>spamproc1-he-de</b></kbd></td><td><kbd>116.203.196.100</kbd></td><td><kbd>yu8pGQeSjjPxDLA232deLlMqdj27mrtcyEx13tPzOyM</kbd></td><td><kbd>/dYXk2dZyvQNoUTmtQVzAwMFl/EBQgMHyQRM1gKKXyY</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>spamproc1-he-fi</b></kbd></td><td><kbd>95.217.134.168</kbd></td><td><kbd>4mTzjPCYcig674xRHAD3hSrFolZuJcsj1lp487P41Sc</kbd></td><td><kbd>6Nq99BvcoxvUnyHR8GUjZ/FYcudzRiv35KwD4C8dX6o</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>spamroute1-he-de</b></kbd></td><td><kbd>116.203.227.195</kbd></td><td><kbd>9fkuu4UkqWrUrOE8SdgtzQj8AQLt1GUCkXuyAKl4lWw</kbd></td><td><kbd>FF+C1orQZpYsi8rAiLtVlkNQGKYYzpFDi96qMPW5Lhg</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>staging-vm-he-de</b></kbd></td><td><kbd>116.203.91.37</kbd></td><td><kbd>UkgCKtR+RNDKJB3tQ0wzbRh7U6eDoh8t8oi0SZaQHoc</kbd></td><td><kbd>bCHk4ZN2agf0mdJ/9gqN8nUAEJszEt0MT+1EJjJ79Ck</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>steve-demo</b></kbd></td><td><kbd>18.212.72.163</kbd></td><td><kbd>o5wK54DmyNY3uheLn0YWtKyNOsc5jyRENmkNMNOeL+A</kbd></td><td><kbd>TIE3s0IxHgn7KnQtQtrwMFnM2mZn8X9njuAITJv6YlY</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>svn-qavm1</b></kbd></td><td><kbd>207.244.88.149</kbd></td><td><kbd>Dpkf/VM8GUa6nPTkYYqUMPj4N/5IbHeglyEWcWgmH4g</kbd></td><td><kbd>nmxxlrPddrtWExUiOqQrNCxTbTr9NP2RcF3KNOMOYs8</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>svn01-us-east</b></kbd></td><td><kbd>13.90.137.153</kbd></td><td><kbd>PnbDE4z7G5UH2Z7mw73FtJTMTwNBTYQZYOuDLs7+bMA</kbd></td><td><kbd>C/kkDeyGOJdCUdKAPPzLkoy7/yeY1tGhPp6ep5GTj3c</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>svn02-us-east</b></kbd></td><td><kbd>20.232.109.10</kbd></td><td><kbd>t0MgePXx2rlDIOPlj6WUKo5iUi+KJIKcX6v9Q507RZs</kbd></td><td><kbd>/sezjUIKbXnVQB+oMO8/QLjutiueiTM/OCSTx1vUuNw</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>syncope-vm2</b></kbd></td><td><kbd>3.83.15.61</kbd></td><td><kbd>YxRTO23qAV4JZJJWvcnhVLtIsJ0Bel30KpMXC0x4//0</kbd></td><td><kbd>2QP8T2Tu7tGOWvUwi8PM9MvCmEGc7ffk32NAMEZ6+jU</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>tac-vm-ec2-va</b></kbd></td><td><kbd>54.208.134.40</kbd></td><td><kbd>J/9xjCNubcxEjZDidhVVOj1yGYMewXkvQHzHJycl6jc</kbd></td><td><kbd>daPyEVSFLhQ38D0BWY9p7sraj+pUcupkohEl2xw08S4</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>tac-vm1</b></kbd></td><td><kbd>209.188.14.163</kbd></td><td><kbd>pMR5YxvnivVpfiy2YrLjbC17cjW1A6QfbET2CMgy6PY</kbd></td><td><kbd>rt9qYBuW9fXRBsgSs3ZUQndPIHgyCF690rk94M8oiYY</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>tapestry-vm</b></kbd></td><td><kbd>209.188.14.152</kbd></td><td><kbd>jrdhi2EhXcvlmqU1RvYysAXOcA2gDOSEkeTGA3jd7GY</kbd></td><td><kbd>7PcJ4LenFiYJegj/w90F2LymwjaGGNxi3Hw6hPUNyH4</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>tlpserver-he-fi</b></kbd></td><td><kbd>65.108.131.22</kbd></td><td><kbd>PMaFeTq+3BXCxZimjOnKKVDIeWe/yujLsiouze9scDc</kbd></td><td><kbd>hU3NpIR8+dPIIDXk5Ga6crOS2t0fJwuxcpAqRxup2bo</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>tobago-vm</b></kbd></td><td><kbd>209.188.14.148</kbd></td><td><kbd>9wVxWGqmoJB6KbVUf+qbrsFrrzWm+76A0av4GiGBNjI</kbd></td><td><kbd>LaMfDxIp5s0aOMJhH65tSx7POrJS3y01uJ8+HpDntiM</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>tools-ec2-de</b></kbd></td><td><kbd>3.120.167.68</kbd></td><td><kbd>fLu8Ty3egpjXMLwwe7Jm28kiHoji4QadZYF0tS7btW4</kbd></td><td><kbd>cRfoWSUIGDZrvRFOYz3i7z7n0hGblRpb19+yEd5a20w</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>tools-vm-he-de</b></kbd></td><td><kbd>116.203.81.167</kbd></td><td><kbd>EZmSwd5FbHOJvE1yg0brj2MeFOJSg7dh/uZw2hVZvz0</kbd></td><td><kbd>rPntJNCSrQbuy6DmT0hyVseQnVvm1I7tBtKPdl4hUEw</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>tools-vm-he-de-2</b></kbd></td><td><kbd>78.47.201.44</kbd></td><td><kbd>EtJSoM/eYPAUGb7TxRBlUruNq03Mgd9dk6vHbd0wZUs</kbd></td><td><kbd>w89FY9nIqb1F2vRHZx+uxQNSDf9NW+P3GsaW9Ayfw1E</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>translate-ec2-va</b></kbd></td><td><kbd>34.201.217.110</kbd></td><td><kbd>BPwyjKSRPIbrHLwWn8qTRR7aWyFT0FX6ls7NQpIu+3g</kbd></td><td><kbd>rRjmwRO+PjH+6TQw4f23xQqHNo3FNN9Ebm+IiwWUpp8</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>ubuntu-2404-ec2-va</b></kbd></td><td><kbd>54.161.236.101</kbd></td><td><kbd>O8hACvvvmivUQszZuQ00MuGfmGekVWZI4+7jMXsMN3E</kbd></td><td><kbd>+HThnc2oExRrEcPJ97Af85lBbWnMUJFcizKHHmp+N6g</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>vpn-test-ec2-va</b></kbd></td><td><kbd>54.82.173.247</kbd></td><td><kbd>knsCUCUP0in9yRM+7FubGBWBse1i5s/hCsznnzzgXwc</kbd></td><td><kbd>X8TSlSDw0ZRUsuosiCl1sGnNGH6tGmQ15toIsoA1cDQ</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>whimsy-vm</b></kbd></td><td><kbd>209.188.14.157</kbd></td><td><kbd>QFPbfGxpOXBMrmko+qA04aA/yiV+cK03LfQQ1oMjWYg</kbd></td><td><kbd>PXSEBjPnPqwdN/n+0lPs28p+LBTGMlZgrnaDIgkcGYQ</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>whimsy-vm6</b></kbd></td><td><kbd>52.6.211.55</kbd></td><td><kbd>NpUp8SsH3ljgik61YrnWwVYwfkbiHoOvvCJsupE5Pog</kbd></td><td><kbd>j0CjIwDKs6cSbduYw4Rqe1PaQoLSy4Idwte+CJsJDrg</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>whimsy-vm7</b></kbd></td><td><kbd>52.86.25.21</kbd></td><td><kbd>Cr5MyLNtFg9aKPPxYAqZU1rx5lKPggumEL2eg6uBEWE</kbd></td><td><kbd>gBik8ndegu4rvdV8pQLndbsDaV/irvmw8mmp7EZqtZQ</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>wicket-vm2</b></kbd></td><td><kbd>209.188.14.147</kbd></td><td><kbd>6PW9+kv1ZxXuH64GtAw5XNfVeTMsp8K7v5W9Nt7jGq8</kbd></td><td><kbd>p7bL4UDvZCSCLKqD64fmvxO2QbeFsy/s2qjPjDCGIF8</kbd></td><td>Verified (OK)</td></tr>
-<tr style="background: inherit;"><td><kbd><b>wiki.trafficserver</b></kbd></td><td><kbd>72.167.42.180</kbd></td><td><kbd>dIsqeIBRryDy+X6Jzej5tEvgtxH8H2M+SgAJla0X2ys</kbd></td><td><kbd>xJTNEw5kYCXDfnWdx5NQVrx/bzA5dLlTYLwh+DkTIY4</kbd></td><td><span color="F70">CHANGED</span></td></tr>
-<tr style="background: inherit;"><td><kbd><b>action.beam</b></kbd></td><td><kbd>34.36.200.132</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>bloodhound-vm</b></kbd></td><td><kbd>209.188.14.150</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>ci.ignite</b></kbd></td><td><kbd>216.218.135.140</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>cn.dubbo</b></kbd></td><td><kbd>47.57.246.137</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>couchdb-vm</b></kbd></td><td><kbd>209.188.14.151</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>cwiki-vm6</b></kbd></td><td><kbd>209.188.14.134</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>ldap1-ec2-va</b></kbd></td><td><kbd>50.19.201.70</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>logging1-he-de</b></kbd></td><td><kbd>162.55.1.40</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mailarchive-vm</b></kbd></td><td><kbd>207.244.88.142</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mailprivate-vm</b></kbd></td><td><kbd>207.244.88.133</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mbox-vm-old</b></kbd></td><td><kbd>207.244.88.138</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>mysql-us-west</b></kbd></td><td><kbd>209.188.14.133</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>news</b></kbd></td><td><kbd>192.0.78.24</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>ooo-wiki3-vm</b></kbd></td><td><kbd>34.207.3.4</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>play-dev.beam</b></kbd></td><td><kbd>34.102.224.106</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>tlp-he2</b></kbd></td><td><kbd>95.216.26.30</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-<tr style="background: inherit;"><td><kbd><b>tour.beam</b></kbd></td><td><kbd>199.36.158.100</kbd></td><td><kbd>N/A</kbd></td><td><kbd>N/A</kbd></td><td>Unreachable</td></tr>
-</table></p>
-
+<p><code>spu:fetch('https://infra-reports.apache.org/machines/index.html')</code></p>
</div>
</div>
</div>
diff --git a/output/mail-migration-faq.html b/output/mail-migration-faq.html
index 2318237..042f0ac 100644
--- a/output/mail-migration-faq.html
+++ b/output/mail-migration-faq.html
@@ -73,7 +73,7 @@
<h1>
Mailing List Migration Project
</h1>
- <h3 id="migration">Hermes → Mailgw</h3>
+ <h3 id="migration">Hermes → Mailgw</h3>
<p>
As part of the Apache Infrastructure team's goals of modernization and
service improvement, we are pleased to announce the general availability
@@ -135,24 +135,35 @@
<p>
Email users@infra.apache.org or open an Infra Jira ticket.
<p>
-<hr/>
+<hr>
<h3> APMAIL Volunteer Specific Information</h3>
-<h4>Will apmail volunteers be able to access the new server?</h4>
-<p>Yes, apmail access will be re-granted upon request. Ask Infra if you
+
+#### Will apmail volunteers be able to access the new server?
+
+Yes, apmail access will be re-granted upon request. Ask Infra if you
wish to continue as an apmail volunteer, and we will add you to the new
-server.</p>
-<h4>What is the actual hostname of the new server?</h4>
-<p>mailgw-he-de.apache.org</p>
-<h4>How do we know if a list has been migrated?</h4>
-<p>The list will exist on mailgw-he-de.apache.org, and the list directory
-on hermes will contain a flag file called 'migrated-to-mailgw'.</p>
-<h4>Do apmail processes remain the same?</h4>
-<p>For the most part, tools in ~apmail/bin will perform as expected, and
-ezmlm commands (subscriptions, moderation, etc.,) work as expected.
-Contact Infra if anything doesn't work as expected.</p>
-<h4>Has my project been migrated?</h4>
-<p>The following projects have been migrated:</p>
-<p>accumulo.apache.org
+server.
+
+#### What is the actual hostname of the new server?
+
+mailgw-he-de.apache.org
+
+#### How do we know if a list has been migrated?
+
+The list will exist on mailgw-he-de.apache.org, and the list directory
+on hermes will contain a flag file called 'migrated-to-mailgw'.
+
+#### Do apmail processes remain the same?
+
+For the most part, tools in ~apmail/bin will perform as expected, and
+ezmlm commands (subscriptions, moderation, etc.,) work as expected.
+Contact Infra if anything doesn't work as expected.
+
+#### Has my project been migrated?
+
+The following projects have been migrated:
+
+accumulo.apache.org
activemq.apache.org
age.apache.org
airavata.apache.org
@@ -230,8 +241,7 @@
zookeeper.apache.org
freemarker.apache.org datafu.apache.org geode.apache.org datalab.apache.org geronimo.apache.org datasketches.apache.org giraph.apache.org db.apache.org gobblin.apache.org deltaspike.apache.org gora.apache.org devlake.apache.org griffin.apache.org directory.apache.org groovy.apache.org diversity.apache.org guacamole.apache.org dolphinscheduler.apache.org gump.apache.org doris.apache.org hadoop.apache.org drill.apache.org hawq.apache.org druid.apache.org hbase.apache.org dubbo.apache.org hc.apache.org dump_subs_dig_mods.sh helix.apache.org felix.apache.org heron.apache.org fineract.apache.org hive.apache.org flagon.apache.org hivemall.apache.org flex.apache.org hop.apache.org flink.apache.org httpd.apache.org flume.apache.org hudi.apache.org fluo.apache.org hugegraph.apache.org
iceberg.apache.org ignite.apache.org impala.apache.org inlong.apache.org iotdb.apache.org isis.apache.org incubator.apache.org jackrabbit.apache.org jmeter.apache.org juddi.apache.org james.apache.org johnzon.apache.org juneau.apache.org jclouds.apache.org joshua.apache.org jena.apache.org jspwiki.apache.org kafka.apache.org knox.apache.org kylin.apache.org karaf.apache.org kudu.apache.org kyuubi.apache.org kvrocks.apache.org
-pagespeed.apache.org parquet.apache.org pdfbox.apache.org pegasus.apache.org perl.apache.org petri.apache.org phoenix.apache.org pig.apache.org pinot.apache.org plc4x.apache.org poi.apache.org ponymail.apache.org portals.apache.org pulsar.apache.org</p>
-</p></p></p></p></p></p></p></p></p></p></p></p></p></p></p></p></p></p></p></p></p>
+pagespeed.apache.org parquet.apache.org pdfbox.apache.org pegasus.apache.org perl.apache.org petri.apache.org phoenix.apache.org pig.apache.org pinot.apache.org plc4x.apache.org poi.apache.org ponymail.apache.org portals.apache.org pulsar.apache.org
</div>
</div>
</div>
diff --git a/output/mail-rejection.html b/output/mail-rejection.html
index 1431c06..4b771b2 100644
--- a/output/mail-rejection.html
+++ b/output/mail-rejection.html
@@ -74,13 +74,13 @@
Mail Rejection Policy
</h1>
<h3>"Not authorized" message</h3>
-<p>People emailing ASF addresses may see this message:</p>
+<p>People emailing ASF addresses may see this message: </p>
<p><code>Recipient address rejected: ASF gnomes rejected your message: SPF fail - not authorized. See https://infra.apache.org/mail-rejection.html</code></p>
<p>The apache.org MX servers reject messages under many of the following circumstances:</p>
<ul>
<li>SPF (Sender Policy Framework) hard fail for domains which have it configured (-all)</li>
<li>SPF hard fail for major spam targets despite ~all (gmail.com, yahoo.com)</li>
-<li>SPF hard fail for inbound mail from apache.org addresses which do NOT originate from apache.org servers</li>
+<li>SPF hard fail for inbound mail from apache.org addresses which do NOT originate from apache.org servers </li>
<li>Various RBL provider match</li>
<li>Invalid HELO hostname (hostname does not exist)</li>
<li>Invalid HELO domain (domain does not exist)</li>
@@ -95,10 +95,9 @@
<p>Infra takes a hard-line approach to prolific spammers, and will block all mail traffic from spam domains with a rejection message of <code>550 Domain Blocked - Spam. Contact abuse@infra.apache.org</code>. If you receive this message, you may contact that address (using a different domain) to request review.</p>
<p>Refer to <a href="https://blogs.apache.org/infra/entry/committers_mail_relay_service" target="_blank">this blog post</a> for additional information.</p>
<p><a href="/contact.html">Contact Infra</a> via an alternate email address, or <a href="https://issues.apache.org/jira/" target="_blank">file a Jira ticket</a> with any questions.</p>
-<p>If you feel your email has been blocked or rejected in error, please open a ticket at <a href="https://issues.apache.org/jira">https://issues.apache.org/jira</a> and include your external IP address and the To: header.</p>
+<p>If you feel your email has been blocked or rejected in error, please open a ticket at https://issues.apache.org/jira and include your external IP address and the To: header.</p>
<h3>Issue related to reporting ASF mail as spam</h3>
<p>Please read <a href="spam-reporting.html">Dealing with spam in your ASF email account</a> and <strong>do not</strong> flag valid ASF-related email as spam.</p>
-
</div>
</div>
</div>
diff --git a/output/mailing-list-moderation.html b/output/mailing-list-moderation.html
index a28c885..5f6fd94 100644
--- a/output/mailing-list-moderation.html
+++ b/output/mailing-list-moderation.html
@@ -90,6 +90,7 @@
</ul>
<p>See also Infra's general guidelines on <a href="https://infra.apache.org/content-moderation.html" target="_blank">content moderation</a>.</p>
<h3 id="new-mailing-list">How do we create a new mailing list?<a class="headerlink" href="#new-mailing-list" title="Permanent link">¶</a></h3>
+
<p>It is wise to keep the number of mailing lists per codebase the smallest possible to allow the community to reach that critical mass that is necessary to bootstrap a codebase and keep it in good shape.</p>
<p>At the same time, as communities grow, the need for more specialized mailing lists appears. If you think your project requires a new list:</p>
<ul>
@@ -99,18 +100,15 @@
</ul>
<p><strong>WARNING</strong>: Creating a user email list can harm a project community if the developers don't pay attention to their users and reply to their emails. One would expect a well-behaving user community to reply to one another in a civil, adult manner that is focused on whatever the list was created for, but it can take time for a community to learn and take to heart such good behavior.</p>
<h3 id="mailing-list-moderators">How do I change moderators?<a class="headerlink" href="#mailing-list-moderators" title="Permanent link">¶</a></h3>
+
<p>You can manage the list of moderators for a project's email list if you are:</p>
<ul>
-<li>
-<p>a Foundation member and on the PMC of the project</p>
-</li>
-<li>
-<p>chair of the project</p>
-</li>
+<li>a Foundation member and on the PMC of the project</li>
+<li>chair of the project</li>
<li>
<p>an existing moderator of the list</p>
<ul>
-<li>Log in to <a href="https://webmod.apache.org/" target="_blank">WebMod</a> with your ASF credentials.</li>
+<li>Log in to <a href="https://webmod.apache.org/" target="_blank">WebMod</a> with your ASF credentials. </li>
<li>Select the 'List moderator management' tab.</li>
<li>In the dropdown list, select the project which has the email list in question.</li>
<li>In the list of email lists that appears, select the list whose moderators you want to manage.</li>
@@ -124,15 +122,19 @@
</ul>
<p>To determine who the existing moderators are, any committer can use the technique described in the "committers" SVN module at <a href="https://svn.apache.org/repos/private/committers/docs/resources.txt" target="_blank">resources.txt</a>.</p>
<h3 id="subscribers">How do I find who is subscribed to a list?<a class="headerlink" href="#subscribers" title="Permanent link">¶</a></h3>
+
<p>Moderators can send an email to <code>listname-list@tlp.apache.org</code>.</p>
<p>Anyone with access to the apmail account can run the following command to get a count of the subscribers:</p>
-<pre><code>ezmlm-list~/lists/project/listname| wc -l
-</code></pre>
+<div class="highlight"><pre><span></span><code>ezmlm-list~/lists/project/listname| wc -l
+</code></pre></div>
+
<p>Remember that there often are people subscribed to the digest version of the list. To find them:</p>
-<pre><code>~lists/project/listname/digest
-</code></pre>
+<div class="highlight"><pre><span></span><code>~lists/project/listname/digest
+</code></pre></div>
+
<p>However, most committers do not have access to apmail. See the notes in the "committers" SVN module (<code>https://svn.apache.org/repos/private/committers</code>) at <code>/docs/resources.txt</code> for another way.</p>
<h3 id="mail-moderate">What should I do with "MODERATE" emails?<a class="headerlink" href="#mail-moderate" title="Permanent link">¶</a></h3>
+
<p>You can review and manage email that is waiting for moderation in two ways:</p>
<h4>WebMod</h4>
<p><a href="https://webmod.apache.org/" target="_blank">WebMod</a> simplifies reviewing and responding to emails that require moderation.</p>
@@ -145,80 +147,92 @@
<h4>Manual moderation</h4>
<p>Review the mail to see if it is spam (or other severely misguided mail). If it is spam, just ignore the mail to have it silently dropped after 5 days.</p>
<p>To bounce non-spam with a notice to the sender, reply to the <code>-reject</code> address in the mail header. If you wish to include a comment with the rejection, the body of the message should look like this:</p>
-<pre><code>%%% Start comment
-Your message goes here...
-%%% End comment
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="c">%%% Start comment</span>
+<span class="n">Your</span><span class="w"> </span><span class="s">message</span><span class="w"> </span><span class="s">goes</span><span class="w"> </span><span class="s">here...</span>
+<span class="c">%%% End comment</span>
+</code></pre></div>
+
<p>If it is legitimate mail from a non-subscriber (or someone sending with a different envelope sender than the one subscribed), reply to the <code>-accept</code> address. If you also send mail to the <code>-allow</code> address (i.e. reply to all), future postings from that address will be allowed through automatically.</p>
<p>If there is no <code>-allow</code> address in the moderate requests, the list is misconfigured. Contact <code>apmail@apache.org</code> and ask them to enable remote administration.</p>
<p>See the <a href="http://www.ezmlm.org/" target="_blank">EZMLM</a> "Moderator's and Administrator's Manual". You can also send a request for advice to <code>{listname}-help@tlp.apache.org</code> from your moderation address.</p>
<p>Some lists are only open to ASF committers. The moderators have methods to ensure that subscribers are committers, so subscribers can use whatever email address that they want. Moderators see the tips described in the "committers" SVN module at <a href="https://svn.apache.org/repos/private/committers/docs/resources.txt" target="_blank">resources.txt</a>.</p>
<h3 id="spam">Dealing with MODERATE requests for spam<a class="headerlink" href="#spam" title="Permanent link">¶</a></h3>
+
<p><strong>NOTE</strong>: You may receive a moderation email that contains email identified as spam. Moderation emails containing spam emails are <strong>not spam</strong>. <strong>DO NOT</strong> report mod emails as spam because this causes our legitimate moderation email and the ASF servers themselves to lose sender reputation. Various email providers may block the ASF as a whole as a result of your action.</p>
<p>If the content of the MODERATE request is clearly spam, the simplest solution is just to delete the request. Do not reject it. However, if you are receiving a lot of such requests, it may perhaps be worth taking additional action.</p>
<p>Some SPAM emails have an opt-out link. Whether this will actually do anything useful is another matter, but it might be worth trying if the spam seems to be from a legitimate business.</p>
<p>To avoid revealing your personal IP address, you may wish to use an anonymizing service such as Tor.</p>
<p>If the spam emails are all sent from the same address, try adding them to the 'deny' list:</p>
-<pre><code>{listname}-deny-subscribe-badposter=menace.com@tlp.apache.org</code>
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="err">{</span><span class="n">listname</span><span class="err">}</span><span class="o">-</span><span class="k">deny</span><span class="o">-</span><span class="n">subscribe</span><span class="o">-</span><span class="n">badposter</span><span class="o">=</span><span class="n">menace</span><span class="p">.</span><span class="n">com</span><span class="nv">@tlp</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span><span class="o"></</span><span class="n">code</span><span class="o">></span>
+</code></pre></div>
+
<p>You can find the sender's address in the moderation request in the <code>cc:</code> area:</p>
-<pre><code>Cc: {listname}-allow-tc.<digits>.<alphanumeric>-badposter=menace.com@tlp.apache.org
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="nl">Cc</span><span class="p">:</span><span class="w"> </span><span class="err">{</span><span class="n">listname</span><span class="err">}</span><span class="o">-</span><span class="n">allow</span><span class="o">-</span><span class="n">tc</span><span class="p">.</span><span class="o"><</span><span class="n">digits</span><span class="o">></span><span class="p">.</span><span class="o"><</span><span class="n">alphanumeric</span><span class="o">>-</span><span class="n">badposter</span><span class="o">=</span><span class="n">menace</span><span class="p">.</span><span class="n">com</span><span class="nv">@tlp</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span>
+</code></pre></div>
+
<p>The sender's e-mail address is contained between the '-' (hyphens) immediately following the "alphanumerics" and the '@' sign.</p>
<p>This is already in the correct form for use in the 'deny' subscription request, as the '@' has been changed to '='. In the example above this is:</p>
-<pre><code>badposter=menace.com
-</code></pre>
+<div class="highlight"><pre><span></span><code>badposter=menace.com
+</code></pre></div>
+
<p>If this address contains random alphanumerics, it is probably a short-lived address, in which case there is no point trying to use the deny list.</p>
<h3 id="allowing_posts">Allowing posts from non-subscribers<a class="headerlink" href="#allowing_posts" title="Permanent link">¶</a></h3>
+
<p>Most lists require people to subscribe in order to post messages. However, subscribers receive copies of all mails (or digests). This is obviously unsuitable for bots, or for private lists which need to accept posts from non-subscribers.</p>
<p>A moderator can fix this by using 'Reply All' to a moderation message from the poster. This will both 'accept' the message and 'allow' further posts.</p>
<p>It's also possible to set this up in advance, by subscribing the poster to the 'allow' list. For example, if you want <code>mailbot@host.com</code> to be able to post, use:</p>
-<pre><code>{listname}-allow-subscribe-mailbot=host.com@tlp.apache.org
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="err">{</span><span class="n">listname</span><span class="err">}</span><span class="o">-</span><span class="n">allow</span><span class="o">-</span><span class="n">subscribe</span><span class="o">-</span><span class="n">mailbot</span><span class="o">=</span><span class="k">host</span><span class="p">.</span><span class="n">com</span><span class="nv">@tlp</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span>
+</code></pre></div>
+
<p>Replace the '@' in the sender email with '='.</p>
<h3 id="problem_posts">Dealing with problem posts<a class="headerlink" href="#problem_posts" title="Permanent link">¶</a></h3>
+
<p>If you have a troublesome poster, you can un-subscribe them from the list using</p>
-<pre><code>{listname}-unsubscribe-badboy=menace.com@tlp.apache.org
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="err">{</span><span class="n">listname</span><span class="err">}</span><span class="o">-</span><span class="n">unsubscribe</span><span class="o">-</span><span class="n">badboy</span><span class="o">=</span><span class="n">menace</span><span class="p">.</span><span class="n">com</span><span class="nv">@tlp</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span>
+</code></pre></div>
+
<p>Send a courtesy email to them to let them know they have been unsubscribed, and why.</p>
<p>Occasionally you will get someone with a poorly-configured spam filter sending automated replies to the list. You can deny their postings using</p>
-<pre><code>{listname}-deny-subscribe-badposter=menace.com@tlp.apache.org
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="err">{</span><span class="n">listname</span><span class="err">}</span><span class="o">-</span><span class="k">deny</span><span class="o">-</span><span class="n">subscribe</span><span class="o">-</span><span class="n">badposter</span><span class="o">=</span><span class="n">menace</span><span class="p">.</span><span class="n">com</span><span class="nv">@tlp</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span>
+</code></pre></div>
+
<p>Send a courtesy email suggesting how they can resolve the problem.</p>
<p>If an unsubscribed user was added to the moderation list and is sending spam to the list, remove them by sending an email to:</p>
-<pre><code>{listname}-allow-unsubscribe-badposter=menace.com@tlp.apache.org
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="err">{</span><span class="n">listname</span><span class="err">}</span><span class="o">-</span><span class="n">allow</span><span class="o">-</span><span class="n">unsubscribe</span><span class="o">-</span><span class="n">badposter</span><span class="o">=</span><span class="n">menace</span><span class="p">.</span><span class="n">com</span><span class="nv">@tlp</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span>
+</code></pre></div>
+
<p>To see a list of who is allowed to post on the moderation list, send an email to <code>{listname}-allow-list@tlp.apache.org</code>.</p>
<p>There is an <em>opt-in</em> configuration for problem posters, which lets you subscribe him or her to a 'sendsubscribertomod' list. It works in exactly the same way as adding or removing someone from an 'allow' or 'deny' list. File an INFRA ticket to have it enabled for your list (you don't have to use it, but having it enabled adds an option for you to consider).</p>
<p>To use it (once it has been enabled) do this:</p>
-<pre><code>{listname}-sendsubscribertomod-subscribe-badposter=menace.com@tlp.apache.org
+<div class="highlight"><pre><span></span><code><span class="err">{</span><span class="n">listname</span><span class="err">}</span><span class="o">-</span><span class="n">sendsubscribertomod</span><span class="o">-</span><span class="n">subscribe</span><span class="o">-</span><span class="n">badposter</span><span class="o">=</span><span class="n">menace</span><span class="p">.</span><span class="n">com</span><span class="nv">@tlp</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span>
+</code></pre></div>
-</code></pre>
<p>All emails from this person now go to a moderator for approval before they appear in the mailing list.</p>
<p>Once a bad poster starts behaving in the proper manner again, feel free to 'unsubscribe' them from the 'sendsubscriberstomod' list so they can resume normal operations.</p>
<p>Send moderation commands from your <strong>moderator address</strong>. You can tell if you're sending from the right address by emailing the <code>-help</code> address (e.g.,
<code>dev-help@tlp.apache.org</code>) and checking if the subject of the reply contains the word "Moderator help".</p>
<h3 id="missing">Dealing with reports of missing mail<a class="headerlink" href="#missing" title="Permanent link">¶</a></h3>
+
<p>If a subscriber reports that they are not receiving some e-mails, check which ones are involved. If they are not seeing their own e-mails, note that GMail hides duplicates.
Also check whether the emails could have been treated as SPAM by their e-mail client.</p>
<h3 id="bounce">Dealing with reports of message bounces<a class="headerlink" href="#bounce" title="Permanent link">¶</a></h3>
+
<p>If a subscriber reports getting a bounce message from ezmlm, ask them to provide the details.
For example:</p>
-<pre><code>Hi! This is the ezmlm program.
-I'm managing the user@tlp.apache.org mailing list.
+<div class="highlight"><pre><span></span><code><span class="n">Hi</span><span class="err">!</span><span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">ezmlm</span><span class="w"> </span><span class="n">program</span><span class="p">.</span>
+<span class="n">I</span><span class="err">'</span><span class="n">m</span><span class="w"> </span><span class="n">managing</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">user</span><span class="nv">@tlp</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span><span class="w"> </span><span class="n">mailing</span><span class="w"> </span><span class="n">list</span><span class="p">.</span>
-Messages to you from the user mailing list seem to
-have been bouncing
-...
-Here are the message numbers:
- 12345
+<span class="n">Messages</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="k">from</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">user</span><span class="w"> </span><span class="n">mailing</span><span class="w"> </span><span class="n">list</span><span class="w"> </span><span class="n">seem</span><span class="w"> </span><span class="k">to</span>
+<span class="n">have</span><span class="w"> </span><span class="n">been</span><span class="w"> </span><span class="n">bouncing</span>
+<span class="p">...</span>
+<span class="n">Here</span><span class="w"> </span><span class="k">are</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">message</span><span class="w"> </span><span class="nl">numbers</span><span class="p">:</span>
+<span class="w"> </span><span class="mi">12345</span>
+</code></pre></div>
-</code></pre>
-<p>This can occur if the recipient's mail system has strict SPAM detection rules.</p>
+<p>This can occur if the recipient's mail system has strict SPAM detection rules. </p>
<p>One way to find such emails is to request an index listing from ezmlm, for example
by sending an email to <code>dev-index-12345@tlp.apache.org</code>. This will show the subject, timestamp and sender of the email. That may be sufficient to identify it as spam.
If not, the subject and date should make it easy to find the email in the archives.</p>
-
</div>
</div>
</div>
diff --git a/output/managing-committers.html b/output/managing-committers.html
index 2c1c829..f5c5423 100644
--- a/output/managing-committers.html
+++ b/output/managing-committers.html
@@ -75,7 +75,7 @@
</h1>
<p>The PMC of each project encourages and guides their new committers, ensures that they have access to the proper resources, advises them about relevant ASF documentation such as the <a href="/new-committers-guide.html" target="_blank">Guide for New Committers</a>, and generally eases their way.</p>
<h3>Account creation</h3>
-<p>Make sure the new committer fills out the appropriate forms, including the <a href="https://www.apache.org/licenses/contributor-agreements.html" target="_blank">Contributior License Agreement</a>, or CLA. A committer account cannot be processed until the ASF secretary or a board member acknowledges receipt of the CLA.</p>
+<p>Make sure the new committer fills out the appropriate forms, including the <a href="https://www.apache.org/licenses/contributor-agreements.html" target="_blank">Contributior License Agreement</a>, or CLA. A committer account cannot be processed until the ASF secretary or a board member acknowledges receipt of the CLA. </p>
<p>Work with your new committer to ensure that their CLA is received and recorded properly; monitor the file iclas.txt in the <code>foundation/officers</code> repository. Only ASF members and officers (including PMC chairs) have access. The page <a href="https://people.apache.org/committer-index.html" target="_blank">Apache Committers</a> has a link to "Unlisted CLAs". This list is generated daily from the iclas.txt file, so recently received CLAs appear there.</p>
<p>Encourage your new committer to include both the PMC and the desired account id on the submitted ICLA so the secretary or assistant filing the ICLA can request the account. If the new account information is not provided on the ICLA, the PMC chair is responsible for getting the new committer's desired account ID and requesting the new account. Use the <a href="https://whimsy.apache.org/officers/acreq" target="_blank"> New Account Request form</a> on Whimsy. Should the PMC chair be unavailable for any reason, any ASF member can use the same form in their stead.</p>
<p>Most PMCs decide on new committers through an <strong>election process</strong> on their private mailing list. Please include a URL or message-id reference to the final vote tally using the Mail Search tool. If the election was held on a public list, you can supply the URL using <a hrefg="https://mail-archives.apache.org/mod_mbox/" target="_blank">mail-archives.apache.org</a>.</p>
@@ -86,7 +86,6 @@
<p>To grant or deny access to directories in SVN, the PMC chair needs to update the appropriate <strong>group entry</strong> in LDAP:</p>
<p>Go to the <a href="https://whimsy.apache.org/roster/committee/" target="_blank">Whimsy roster tool</a>, select the appropriate committee, and either double click on the person or the plus sign to modify or add a person.</p>
<p>If the SVN access group is not defined as an LDAP group (e.g. it is an Incubator podling) then edit the appropriate entry in the <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/subversion/authorization/asf-authorization-template" target="_blank">asf-authorization-template file</a> and commit the change.</p>
-
</div>
</div>
</div>
diff --git a/output/matomo.html b/output/matomo.html
index 6447043..e1f31c8 100644
--- a/output/matomo.html
+++ b/output/matomo.html
@@ -76,7 +76,7 @@
<p>Matomo, formerly known as Piwik, is a free (GPL licensed) web analytics software platform. It provides detailed reports on your website and its visitors, including the search engines and keywords they used, the language they speak, which pages they like, and the files they download. Matomo is an open source alternative to Google Analytics, and is <a href="https://gdpr.eu/what-is-gdpr/" target="_blank">GDPR</a> compliant.</p>
<h2>Why use Matomo?</h2>
<p><em>what a project would get out of it</em></p>
-<p><em>include negatives? For example, 'Projects should be aware that there are a number of bug reports that suggest Matomo sometimes delivers inaccurate data.'</em> (<a href="https://www.trustradius.com/products/matomo/reviews?qs=pros-and-cons#overview">https://www.trustradius.com/products/matomo/reviews?qs=pros-and-cons#overview</a>).</p>
+<p><em>include negatives? For example, 'Projects should be aware that there are a number of bug reports that suggest Matomo sometimes delivers inaccurate data.'</em> (https://www.trustradius.com/products/matomo/reviews?qs=pros-and-cons#overview).</p>
<h2>Installing and running Matomo</h2>
<h3>Getting and using the license key</h3>
<p><em>how to get the license key</em></p>
@@ -87,8 +87,7 @@
<h3>Troubleshooting Matomo</h3>
<p><em>details here</em></p>
<h3>Using Matomo analytics</h3>
-<p>The analytics reports for all ASF projects using Matomo are at <a href="https://analytics.apache.org/index.php?module=MultiSites&action=index&idSite=1&period=day&date=yesterday" target="_blank">analytics.apache.org</a>. Click a project name to see detailed information on visits and page views for that project.</p>
-
+<p>The analytics reports for all ASF projects using Matomo are at <a href="https://analytics.apache.org/index.php?module=MultiSites&action=index&idSite=1&period=day&date=yesterday" target="_blank">analytics.apache.org</a>. Click a project name to see detailed information on visits and page views for that project.</p>
</div>
</div>
</div>
diff --git a/output/mfa-reset.html b/output/mfa-reset.html
index 44993cb..9a39010 100644
--- a/output/mfa-reset.html
+++ b/output/mfa-reset.html
@@ -99,7 +99,6 @@
</li>
</ol>
<p>If a committer has lost their ASF MFA, GitHub 2FA, their GPG private key/passphrase, and Infra is unable to perform ICLA validation, the person will need to work with their project to be considered as a new committer, and will need to go through the new committership/new account process. The old account is unrecoverable and will be <strong>disabled</strong>.</p>
-
</div>
</div>
</div>
diff --git a/output/mfa.html b/output/mfa.html
index 3f36c4e..216e319 100644
--- a/output/mfa.html
+++ b/output/mfa.html
@@ -82,8 +82,7 @@
<li>The committer should use an existing feature at <a href="https://id.apache.org/" target="_blank">id.apache.org</a> to upload their GPG public key.</li>
<li>This GPG key can be used by Infra to validate an account if MFA tokens are lost.</li>
<li>The committer should link their ASF and GitHub accounts via <a href="https://gitbox.apache.org/boxer/" target="_blank">Boxer</a>. This establishes a verifiable relationship between the ASF account and the GitHub account which Infra can use to validate an account if MFA tokens are lost.</li>
-<li>The committer should visit (URL TBD) to establish their Keycloak MFA tokens.
-<ul>
+<li>The committer should visit (URL TBD) to establish their Keycloak MFA tokens.<ul>
<li>Be sure to save the provided recovery keys!</li>
<li>You can add multiple tokens, including standard TOTP (Authy, Google Authenticator, etc.) or WebAuthN tokens (Apple Magic Keyboard, YubiKey, etc.)</li>
</ul>
@@ -91,7 +90,6 @@
<li>If a committer attempts to access an ASF (not GitHub) feature or service protected by MFA prior to establishing their MFA factors, Keycloak walks the committer through the process of setting up those factors.</li>
</ul>
<p>See also the draft <a href="https://infra.apache.org/mfa-reset.html">MFA reset policy</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/mirrors.html b/output/mirrors.html
index 37c20d6..8d2ddbd 100644
--- a/output/mirrors.html
+++ b/output/mirrors.html
@@ -75,7 +75,6 @@
</h1>
<p><strong>Note</strong>: as of August, 2021, The ASF stopped using its download mirror system. It is now using a global content distribution network (CDN).</p>
<p>Read about <a href="https://apache.org/history/mirror-history.html">the history of the Apache download mirror system</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/new-committers-guide.html b/output/new-committers-guide.html
index 2f4edcf..df7d1b7 100644
--- a/output/new-committers-guide.html
+++ b/output/new-committers-guide.html
@@ -76,8 +76,7 @@
<p>Here's how to set up the technical and social environment that will support your work as a committer to an Apache project. Some projects have more specific guidelines which the project website or the PMC provide for you. We also have a thorough <a href="committers.html">Committers' FAQs</a> for both new and experienced committers.</p>
<ul>
<li><a href="#what-is-a-committer">What is a committer?</a></li>
-<li><a href="#becoming-a-committer">Becoming a committer</a>
-<ul>
+<li><a href="#becoming-a-committer">Becoming a committer</a><ul>
<li><a href="#the-committers-way">The Committer's Way</a></li>
<li><a href="#submitting-your-individual-contributor-license-agreement-icla">Submitting your Individual Contributor License Agreement (ICLA)</a></li>
<li><a href="#acceptance-of-your-icla">Acceptance of your ICLA</a></li>
@@ -88,13 +87,11 @@
<li><a href="#set-up-security-and-pgp-keys">Set up Security and PGP Keys</a></li>
</ul>
</li>
-<li><a href="#committer-resources">Committer resources</a>
-<ul>
+<li><a href="#committer-resources">Committer resources</a><ul>
<li><a href="#check-out-the-committers-only-subversion-module">the Committers-only Subversion module</a></li>
</ul>
</li>
-<li><a href="#get-to-know-the-apache-community">The Apache Community</a>
-<ul>
+<li><a href="#get-to-know-the-apache-community">The Apache Community</a><ul>
<li><a href="#mailing-lists">Join mailing lists</a></li>
</ul>
</li>
@@ -106,8 +103,10 @@
<li><a href="#last">The last word</a></li>
</ul>
<h3 id="what-is-a-committer">What is a committer?<a class="headerlink" href="#what-is-a-committer" title="Permanent link">¶</a></h3>
+
<p>The plain sense of the word "committer" is that you have access rights to your project's repository so you can read and write the source code. Rather than creating a patch and submitting it to be actively reviewed and then committed, you can now create a local patch and commit it yourself - or even review and commit patches created by others. Your fellow committers will review your patches, usually after you commit them.</p>
<h3 id="becoming-a-committer">Becoming a committer<a class="headerlink" href="#becoming-a-committer" title="Permanent link">¶</a></h3>
+
<p>If you are not yet a committer, but would like to become one, review:</p>
<ul>
<li><a href="https://www.apache.org/foundation/getinvolved.html#become-a-committer" target="_blank">Become a committer</a></li>
@@ -115,11 +114,13 @@
<li><a href="https://www.apache.org/foundation/how-it-works.html#meritocracy" target="_blank">Meritocracy</a></li>
</ul>
<h3 id="the-committers-way">The Committer's Way<a class="headerlink" href="#the-committers-way" title="Permanent link">¶</a></h3>
+
<p>As a committer, you have access to a specific Apache project's repository so you can create and edit source code files, not just read them. Instead of having to create and submit a patch which other committers would have to review and approve, you can now create a local patch and commit it yourself; you can also review and commit patches that other project contributors and committers create. Your patches can still be reviewed by your fellow committers.</p>
<p>Some projects use <strong>RTC</strong> (Review then Commit) rather than <strong>CTR</strong> (Commit then Review). Check which pattern your project uses, and then follow it.</p>
<p>Take more care than you may have done before when working on the code, since you can now change things directly, without review. Make sure you understand how your project's committers work and coordinate with each other. Ask your project PMC, or any active committer on the project, for guidance if there are things you are not sure about. In general, the more visible and engaged you are in the project, the more fun you will have and the more access you will have to advice and feedback.</p>
<h3 id="submitting-your-individual-contributor-license-agreement-icla">Submitting your Individual Contributor License Agreement (ICLA)</h3>
-<p>If you are a brand-new committer, you must complete and submit an <a href="https://www.apache.org/licenses/#contributor-license-agreements" target="_blank">Individual Contributor License Agreement</a> (ICLA) before the ASF can activate your committer account. Note that an account can only be created if a PMC (or Incubator podling) has invited you. The ICLA is a formal contract that declares the terms under which you will contribute intellectual property to the ASF. Note that the ICLA does <strong>not</strong> assign copyright to the ASF; you retain copyright to your own work. However it does grant the ASF sufficient rights to release any work you submit under the Apache license.</p>
+
+<p>If you are a brand-new committer, you must complete and submit an <a href="https://www.apache.org/licenses/#contributor-license-agreements" target="_blank">Individual Contributor License Agreement</a> (ICLA) before the ASF can activate your committer account. Note that an account can only be created if a PMC (or Incubator podling) has invited you. The ICLA is a formal contract that declares the terms under which you will contribute intellectual property to the ASF. Note that the ICLA does <strong>not</strong> assign copyright to the ASF; you retain copyright to your own work. However it does grant the ASF sufficient rights to release any work you submit under the Apache license.</p></p>
<ul>
<li>Choose an Apache ID before submitting your ICLA. Also select an alternative, in case the ID you want is unsuitable or already taken. Your ID must consist of at least three lower-case alphanumeric characters, starting with a letter. (<a href="https://home.apache.org/committer-index.html" target="_blank">This list</a> shows the IDs that are already taken.)</li>
<li>Identify your project (PMC or incubator podling).</li>
@@ -128,8 +129,9 @@
<li>Make sure that any code you contribute is original work, and that you publicly contribute it to the ASF. In the case of any doubt (or when a contribution has a complex history) please consult your project PMC before committing it.</li>
</ul>
<p>Some procedures may appear a little bureaucratic, but they are there to protect you as well as ASF. For a clearer understanding read the <a href="https://www.apache.org/licenses/" target="_blank">ASF license guide</a>.</p>
-<p>For details on how to submit your ICLA, please see <a href="https://www.apache.org/licenses/#submitting" target="_blank">Submitting License Agreements</a>. Make sure you fill out the ICLA clearly. To minimize the chance of typographical errors, submit the ICLA as an attachment to an email you send from the email address you provide in the ICLA.</p>
+<p>For details on how to submit your ICLA, please see <a href="https://www.apache.org/licenses/#submitting" target="_blank">Submitting License Agreements</a>. Make sure you fill out the ICLA clearly. To minimize the chance of typographical errors, submit the ICLA as an attachment to an email you send from the email address you provide in the ICLA.</p></p>
<h3 id="acceptance-of-your-icla">Acceptance of your ICLA<a class="headerlink" href="#acceptance-of-your-icla" title="Permanent link">¶</a></h3>
+
<p>After the ASF Secretary records your ICLA, your PMC can submit your requested ID for activation. The acceptance process may take some time. The ASF will inform you and your PMC chair when the process is complete. This quiet lull is a good time to familiarize yourself with the Apache Software Foundation in general. Browse the <a href="https://www.apache.org/dev/" target="_blank">developer guides and information</a>, material about the ASF <a href="https://infra.apache.org/" target="_blank">infrastructure</a>, and the <a href="https://www.apache.org/foundation/" target="_blank">Foundation website</a>. We update the websites regularly.</p>
<p>You will also need to familiarize yourself with some Apache policies and procedures. You have probably picked up a lot of this by osmosis already, and your fellow committers and PMC members on your project's <code>dev@</code> mailing list are the first place to ask questions.</p>
<p>Key Committer resources:</p>
@@ -140,15 +142,19 @@
<li>the <a href="https://www.apache.org/foundation/bylaws.html" target="_blank">ASF Bylaws</a></li>
</ul>
<h3 id="apache-committer-account-creation">Apache Committer account creation<a class="headerlink" href="#apache-committer-account-creation" title="Permanent link">¶</a></h3>
+
<p>You will receive an email when your account has been created. (This may take a week or two.) It is now time to do several general tasks, and possibly take some other steps specific to your project that your PMC will share with you.</p>
<h4 id="set-up-your-apacheorg-email-address">Set up your `@apache.org` email address<a class="headerlink" href="#set-up-your-apacheorg-email-address" title="Permanent link">¶</a></h4>
+
<p>Read the <a href="https://infra.apache.org/committer-email.html" target="_blank">guide</a> to connecting to and working with your Apache email inbox.</p>
<p>Record any email aliases you use in the <code>asf-altEmail</code> field in your LDAP record. You can do this through the the <a href="https://id.apache.org/" target="_blank">self-serve application</a>. The system uses the address in the LDAP <code>mail</code> field to forward email sent to your <code>@apache.org</code> address. This field must have at least one entry, which must not be your <code>@apache.org</code> address.</p>
<p>The <code>asf-altEmail</code> field is used to validate subscription requests and correlate subscriptions. (There is no need to duplicate <code>mail</code> entries in <code>asf-altEmail</code>.)</p>
<p><strong>Note</strong>: Please read <a href="spam-reporting.html">Dealing with spam in your ASF email account</a> and <strong>do not</strong> flag valid ASF-related email as spam.</p>
<h3 id="set-up-subversion-or-git-access">Set up Subversion or Git access<a class="headerlink" href="#set-up-subversion-or-git-access" title="Permanent link">¶</a></h3>
+
<p>Read about <a href="version-control.html">source control repositories at Apache</a>.</p>
<h3 id="config-access">Configure your access to project Git repositories<a class="headerlink" href="#config-access" title="Permanent link">¶</a></h3>
+
<p>If your project uses Git to store, develop, and deploy its product code, you can use either GitHub or Apache's Gitbox for actions such as merging pull requests.</p>
<h4>Using GitHub</h4>
<p>To use GitHub, you need to integrate your GitHub ID with your Apache account, so that you can merge pull requests and perform other Git tasks.</p>
@@ -164,18 +170,23 @@
<p>It also serves another purpose: you will learn how to add documentation to your project's website and the technology used to build it. Documentation is vital, and being able to improve the project's web site is a skill that you will need. If your project has not documented how to rebuild the website, then ask on your <code>dev@</code> mailing list and use the answer to create a document describing how to do that. It will be gratefully received!</p>
<p>Every team has a lot of "tribal knowledge" that team members hold in their heads or in private notes, but that the whole team needs to know in order to function well and survive a disaster like a key team member suddenly becoming unavailable. You can help migrate tribal knowledge into the documentation, by noting where you have to ask a team member for guidance that you cannot find in the docs.</p>
<h3 id="set-up-security-and-pgp-keys">Set Up Security And PGP Keys<a class="headerlink" href="#set-up-security-and-pgp-keys" title="Permanent link">¶</a></h3>
+
<p>Security is vital and Apache pays great attention to it. Remember that at all times, and ensure that all your Apache passwords are sufficiently secure, and that any code you check in is safe.</p>
<p><a href="https://www.openpgp.org/" target="_blank">OpenPGP</a> is a <a href="https://www.ietf.org/rfc/rfc2440.txt" target="_blank">standard</a> that provides (among other things) methods to create digital signatures for documents ranging from emails to ASF releases. Many applications provide OpenPGP compatible signatures, including the well-known <a href="https://gnupg.org/" target="_blank">GPG</a>. We recommend that you create a PGP key for your <code>apache.org</code> address (or add that address to an existing key). <strong>DO NOT</strong> create this key on any machine to which many users have access and <strong>DO NOT</strong> ever copy your private key to any other shared machine. Release managers need to take particular <a href="https://infra.apache.org/release-signing.html#private-key-protection" target="_blank">care of keys used to sign releases</a>.</p>
<p>Upload the public key to a public key server, for example the <a href="https://pgp.mit.edu/" target="_blank">MIT PGP Public Key Server</a>. Then add your keys' primary fingerprints to <a href="https://id.apache.org/" target="_blank">your LDAP profile</a>. The system adds your key to the <a href="https://home.apache.org/keys/" target="_blank">individual and per-project pre-fetched KEYS files</a>, and lets automated tools encrypt communications to you.</p>
<p>Start to build up a good web of trust now before you need to use it in earnest. Be prepared to exchange key information at face-to-face events where ASF folks may be present. The best practice is to insist on identification before signing another person's key. See the <a href="release-signing.html#link-into-wot" target="_blank">Apache release signing guide</a>.</p>
<h3 id="committer-resources">Committer Resources<a class="headerlink" href="#committer-resources" title="Permanent link">¶</a></h3>
+
<p>The <a href="doc.html">Infra documentation page</a> provides a list of resources for committers and other Apache folks.</p>
<h4 id="check-out-the-committers-only-subversion-module">Check out the Committers-only Subversion module<a class="headerlink" href="#check-out-the-committers-only-subversion-module" title="Permanent link">¶</a></h4>
+
<p>Do a checkout of the private <code>committers</code> module. This is stored in the subversion repository at <code>https://svn.apache.org/repos/private/committers</code>. See <a href="svn-basics.html">Subversion basics</a> if you are unfamiliar with Subversion.</p>
<p>Once you have checked out this module, read all the documents contained in the <code>docs</code> directory, especially the <code>resources.txt</code> file. There are a number of private mailing lists you need to know about. Join in the Apache community by signing up to every list that interests you. It is better to sign up (even if you sign off later) than to miss out! Please respect the usage guidelines for these private lists.</p>
<h3 id="get-to-know-the-apache-community">Get to know the Apache community<a class="headerlink" href="#get-to-know-the-apache-community" title="Permanent link">¶</a></h3>
+
<p>Taking part in the community makes Apache fun. The <a href="https://community.apache.org/" target="_blank">Community Development project</a> has a central mailing list for topics that cut across PMC boundaries. Discussions of all kinds are on topic as long as the matter is not sensitive or confidential.</p>
<h4 id="mailing-lists">Join email lists<a class="headerlink" href="#mailing-lists" title="Permanent link">¶</a></h4>
+
<p>A lot of Apache knowledge-sharing and all formal decision-making takes place on email lists. Most of the lists are public, and you can join and participate in any that attract you.</p>
<ul>
<li>Your project probably has a <code>dev@</code> and a <code>users@</code> email list, and it is a good idea to join both.</li>
@@ -183,26 +194,31 @@
</ul>
<p>Instructions for joining and leaving lists, and a browsable list of Apache mailing lists, are <a href="https://www.apache.org/foundation/mailinglists.html" target="_blank">here</a>.</p>
<h3 id="committer-responsibilities">Committer Responsibilities<a class="headerlink" href="#committer-responsibilities" title="Permanent link">¶</a></h3>
+
<p>Join your project's <code>commits@</code> and <code>dev@</code> mailing lists to keep up with project activity. Answering questions on <code>users@</code> is also very much appreciated and noticed by your PMC.</p>
<p>Each committer has a responsibility to monitor changes made for potential issues, both coding and legal. If you spot any potential issues in a commit, the right course of action is to post a reply (to the email) raising your concerns to the <code>dev@</code> list. In extreme situations, it may be necessary to veto (-1) a commit, but this is an extreme sanction and rarely warranted. Read the <a href="https://www.apache.org/foundation/voting.html" target="_blank">voting guidelines</a> before deploying a veto.</p>
<p>Do not be surprised if your first commit has a delayed diff email. It needs to go through the human moderators.</p>
<h3 id="attending-apachecon">Attending ApacheCon<a class="headerlink" href="#attending-apachecon" title="Permanent link">¶</a></h3>
+
<p>If you do not have one already, make a note in your diary about the next <a href="https://www.apachecon.com/" target="_blank">ApacheCon</a>. This is a great opportunity to meet other Apache folks, hack code and learn about great new open source projects. Watch the lists as the conference dates approach for details about special deals for committers and opportunities to speak.</p>
<h3 id="personal-web-space">Personal web space<a class="headerlink" href="#personal-web-space" title="Permanent link">¶</a></h3>
+
<p>Some Apache committers have personal content served from ASF web servers. There are no fixed guidelines about appropriate content: committers should know how to behave! In general, people use this option to host ASF-related content or to showcase interesting private projects. If you do use this feature, please do so responsibly.</p>
<p>Material placed in the <code>public_html</code> directory is available under the <code>http://home.apache.org/~username/</code> url (where <strong>username</strong> is your ASF account ID).</p>
<h3 id="identity-theft">Identity theft<a class="headerlink" href="#identity-theft" title="Permanent link">¶</a></h3>
+
<p>Please be aware that Apache Software Foundation committers are targets for identity theft. These spoof attacks resemble <a href="https://en.wikipedia.org/wiki/Phishing" target="_blank">phishing</a> attacks used to gain access to bank accounts and other web subscriptions. They typically seek to persuade you to enter your access details into a fake website. The ASF will <strong>never</strong> solicit such 'verification'.</p>
<p>Leaking your access to Apache can have very destructive consequences. <strong>Never</strong> disclose your ASF password to anyone.</p>
<p>The Apache Infrastructure team is clueful about DNS maintenance: do <strong>not</strong> trust any redirection by IP address. Your access to Apache will be through the
machines serving the <code>svn.apache.org</code> domain. The SSH/SSL fingerprints of machines are listed on the <a href="/machines" target="_blank">machines</a> page, and our <a href="https://infra.apache.org/version-control.html#cert" target="_blank">SVN server fingerprints</a> are also listed.</p>
<p>Please use caution. Do not hesitate to ask if you have doubts: post a question to infrastructure before taking any action.</p>
<h3 id="share-your-wisdom">Share your wisdom<a class="headerlink" href="#share-your-wisdom" title="Permanent link">¶</a></h3>
+
<p>Please help to improve this document (see <a href="https://www.apache.org/dev/infra-site.html" target="_blank">guidelines</a> for updating <a href="https://github.com/apache/infrastructure-website" target="_blank">this website</a>).</p>
<p><a href="infra-volunteer.html">Volunteer</a> if you would like to help the Infrastructure team keep the good ship ASF afloat.</p>
<h3 id="last">The last word</h3>
-<p>Welcome!!</p>
+<p>Welcome!!</p>
</div>
</div>
</div>
diff --git a/output/nexus101.html b/output/nexus101.html
index 68ee8a8..78d36c3 100644
--- a/output/nexus101.html
+++ b/output/nexus101.html
@@ -74,10 +74,9 @@
Nexus 101
</h1>
<p><em>This page will hold information and tips to help users work with <code>repository.apache.org</code>, and to answer the most frequently-asked questions</em>.</p>
-<p>The ASF service <a href="https://repository.apache.org">https://repository.apache.org</a> (sometimes referred to as <code>RAO</code> or <code>Nexus</code>,) utilizes Sonatype Nexus Repository Manager to provide signed Java artifact staging and release to <a href="https://maven.apache.org/repository/">Maven Central</a> for ASF projects and committers.</p>
+<p>The ASF service https://repository.apache.org (sometimes referred to as <code>RAO</code> or <code>Nexus</code>,) utilizes Sonatype Nexus Repository Manager to provide signed Java artifact staging and release to <a href="https://maven.apache.org/repository/">Maven Central</a> for ASF projects and committers.</p>
<p><em>links to existing resources</em></p>
<p><em>frequently asked questions</em></p>
-
</div>
</div>
</div>
diff --git a/output/nightlies.html b/output/nightlies.html
index 27f658e..ee93e5e 100644
--- a/output/nightlies.html
+++ b/output/nightlies.html
@@ -112,7 +112,6 @@
guaranteed. Data is ephemeral, should be considered volatile and is not backed up. Projects should utilize off site
backups for any data it deems too important to lose. Projects should be able to reproduce the data at any time should
they wish for any restoration of data following data loss (hardware issue etc.).</p>
-
</div>
</div>
</div>
diff --git a/output/open-access-svn.html b/output/open-access-svn.html
index 4e2fd53..ac6ff4f 100644
--- a/output/open-access-svn.html
+++ b/output/open-access-svn.html
@@ -82,23 +82,27 @@
<li><a href="#alternate-proposal-1">Alternate proposal 1</a></li>
<li><a href="#alternative-proposal-2-slow-pedal-this-idea-and-focus-on-social-aspects-bimargulies">Alternative proposal 2</a></li>
</ul>
+
<h2 id="upsides">Upsides<a class="headerlink" href="#upsides" title="Permanent link">¶</a></h2>
+
<ul>
<li>Simplifies administration of SVN ACL.</li>
<li>Allows more cross-collaboration into participating projects.</li>
<li>Changes the culture from a set of technically-closed communities to a set of mostly-open ones.</li>
</ul>
<h2 id="downsides">Downsides<a class="headerlink" href="#downsides" title="Permanent link">¶</a></h2>
+
<ul>
<li>PMCs no longer control who has commit privileges (technically untrue. They are simply being asked to use blacklists instead of whitelists).</li>
<li>Increases leverage for abusive behavior, though this is mitigated by the relative ease by which bad commits can be reverted via reverse-merging, or, for more invasive changes, plastering over them by deleting the entire tree and copying the last known good revision to HEAD. This only starts getting complicated when good commits start being mingled with bad ones.</li>
<li>One hacked account can damage all of <code>/repos/asf</code> (disregard for basic tenet of security: provide access only to those who require it and only to the bare minimum of what they need).</li>
<li>May lead to confusion about the distinction between technical and social privileges.</li>
-<li>No single usable accounting of who on a PMC has commit permissions. Impact on non SVN-related resources for PMC and foundation (example: <code>https://home.apache.org/committer-index.html</code>).</li>
+<li>No single usable accounting of who on a PMC has commit permissions. Impact on non SVN-related resources for PMC and foundation (example: <code>https://home.apache.org/committer-index.html</code>). </li>
<li>Increases workload on PMCs and volunteer committers.</li>
<li>Creates a precedent where the foundation imposes its will on PMCs for no clearly defined or overwhelming reason (also technically untrue as allowances will be made for grandfathering projects).</li>
</ul>
<h2 id="participating-projects">Participating Projects<a class="headerlink" href="#participating-projects" title="Permanent link">¶</a></h2>
+
<ul>
<li>Lucy</li>
<li>Onami</li>
@@ -107,13 +111,15 @@
<li>Hadoop Developer Tools</li>
<li>Helix</li>
<li>Kalumet</li>
-<li>Infra buildbot config</li>
+<li>Infra buildbot config</li></li>
</ul>
<h2 id="alternate-proposal-1">Alternate proposal 1<a class="headerlink" href="#alternate-proposal-1" title="Permanent link">¶</a></h2>
+
<p>Each project that is using svn shall have a top-level 'sandbox' directory where any committer may make branches of trunk (or of other branches). Members/Committers will be encouraged to participate in any ASF project via this sandbox area until such time as they are offered direct commit access to the rest of the project's svn tree.</p>
<p>Each project will additionally have a <code>sandbox-commits@project.apache.org</code> svn commit mailing list that anyone may join.</p>
<p>It would be wonderful from an Infra standpoint, if this alternate proposal gains traction, that we could "standardize" and "templatize" our authz rules. The authorization file is already preprocessed by a script before it becomes live, so this is something that could still lead to some simplification of our rulesets.</p>
<h2 id="alternative-proposal-2-slow-pedal-this-idea-and-focus-on-social-aspects-bimargulies">Alternative Proposal 2: slow-pedal this and focus on social aspects<a class="headerlink" href="#alternative-proposal-2-slow-pedal-this-idea-and-focus-on-social-aspects-bimargulies" title="Permanent link">¶</a></h2>
+
<p>The proposal from bimargulies here rests on two foundations:</p>
<ul>
<li>Streamline administration</li>
@@ -121,11 +127,12 @@
</ul>
<p>Changing the authz scheme can give projects a push. However, we have many other possible means of encouraging projects to adopt a more open approach. <code>SCM authz</code> is a tool that the foundation provides to help projects manage themselves. The theory is that many projects could benefit from a shift in attitude toward authz and even commit rights. However, 'many' is not all. I've been talking to someone who might bring a project to the incubator. This project builds software that has very strict assurance requirements. If they were to come, they would probably feel the need to manage a tight ACL. In discussions, it seems to me that existing projects that are far along the sequence towards, 'a stable product that evolves very cautiously' are less likely to adopt an open ACL.</p>
<p>In any case, the argument about the ACL versus culture cuts both ways. Right now, with no change to the LDAP-based ACL, any project could adopt the following policy:</p>
-<pre><code>Commit Access is granted upon request and acceptance of an ICLA.
-If you request and receive commit access, you are expected to read, understand, and comply with the project's policies.
-If you abuse this, we will remove your access.
-</code></pre>
-<p>(Of course, this could be weakened to mention Foundation membership or committer status on other projects.)</p>
+<div class="highlight"><pre><span></span><code><span class="nv">Commit</span><span class="w"> </span><span class="nv">Access</span><span class="w"> </span><span class="nv">is</span><span class="w"> </span><span class="nv">granted</span><span class="w"> </span><span class="nv">upon</span><span class="w"> </span><span class="nv">request</span><span class="w"> </span><span class="nv">and</span><span class="w"> </span><span class="nv">acceptance</span><span class="w"> </span><span class="nv">of</span><span class="w"> </span><span class="nv">an</span><span class="w"> </span><span class="nv">ICLA</span>.<span class="w"> </span>
+<span class="k">If</span><span class="w"> </span><span class="nv">you</span><span class="w"> </span><span class="nv">request</span><span class="w"> </span><span class="nv">and</span><span class="w"> </span><span class="nv">receive</span><span class="w"> </span><span class="nv">commit</span><span class="w"> </span><span class="nv">access</span>,<span class="w"> </span><span class="nv">you</span><span class="w"> </span><span class="nv">are</span><span class="w"> </span><span class="nv">expected</span><span class="w"> </span><span class="nv">to</span><span class="w"> </span><span class="nv">read</span>,<span class="w"> </span><span class="nv">understand</span>,<span class="w"> </span><span class="nv">and</span><span class="w"> </span><span class="nv">comply</span><span class="w"> </span><span class="nv">with</span><span class="w"> </span><span class="nv">the</span><span class="w"> </span><span class="nv">project</span><span class="err">'s policies. </span>
+<span class="err">If you abuse this, we will remove your access.</span>
+</code></pre></div>
+
+<p>(Of course, this could be weakened to mention Foundation membership or committer status on other projects.) </p>
<p>In any case, the eager would-be contributor with an existing ICLA would merely need to wait for the PMC chair to type a command in response to a request. Is this really much of a barrier? I submit that the cultural posture that accompanies the tight ACL on many projects today is a much stronger barrier.</p>
<p>Thus, my alternative proposal has two aspects. First, to focus attention via the Community Development PMC on exploring more open project cultures. Second, to look for ways to ease administration on the assumption that (some) projects will still maintain ACLs.</p>
<p>I offer a few thoughts on that:</p>
@@ -134,7 +141,6 @@
<li>The incubator seems to me to be an authz accident waiting to happen. Maybe the solution here is simply to adopt the 'all committers' model for the incubator, or maybe we could have an LDAP group after all, so that fat-fingered IPMC chairs are not making many tiny edits.</li>
</ol>
<p>In other words, could we significantly reduce the amount of template editing that goes on without clear-cutting all the existing ACLs?</p>
-
</div>
</div>
</div>
diff --git a/output/openpgp.html b/output/openpgp.html
index 590f1cb..0d2576d 100644
--- a/output/openpgp.html
+++ b/output/openpgp.html
@@ -93,125 +93,143 @@
<li><a href="#wot">use the Web of Trust</a></li>
</ul>
<h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permanent link">¶</a></h2>
+
<p><a href="https://keys.openpgp.org/" target="_blank">OpenPGP</a> is encryption software. The program provides cryptographic privacy and authentication for data communication, covering signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and increasing the security of e-mail communications.</p>
<p>Reliable cryptography applications follow OpenPGP, an open standard of Pretty Good Privacy (PGP) encryption software, standard (RFC 4880), for encrypting and decrypting data.</p>
<h2 id="gnupg">Gnu Privacy Guard (GPG)<a class="headerlink" href="#gnupg" title="Permanent link">¶</a></h2>
+
<p>The Apaches Software Foundation recommends using <a href="https://www.gnupg.org" target="_blank">Gnu Privacy Guard (GPG)</a>, a well-known open source cryptography tool with OpenPGP support. Always use the latest version.</p>
<p>GnuPG has a good set of <a href="https://www.gnupg.org/documentation" target="_blank">documentation</a>. This guide covers only some important points.</p>
<h3 id="home">GnuPG Home<a class="headerlink" href="#home" title="Permanent link">¶</a></h3>
+
<p>GnuPG stores important files, including keyrings and configuration files, in a home directory. You can specify your project's home directory in an environmental variable or on the command line. This allows different configurations and keys to be used.</p>
<p>For example:</p>
-<pre><code> ::console
+<div class="highlight"><pre><span></span><code> ::console
$ gpg --homedir /home/alice/keys --list-keys
-</code></pre>
+</code></pre></div>
+
<p>Projects generally rely on the default. For <code>\*nux</code> (linux, BSD, MacOSX, Solaris, AIX) this is:</p>
-<pre><code> :::shell
+<div class="highlight"><pre><span></span><code> :::shell
$HOME/.gnupg
-</code></pre>
+</code></pre></div>
+
<h4 id="switch-home">How to switch Home<a class="headerlink" href="#switch-home" title="Permanent link">¶</a></h4>
+
<p>You can set Home using an environmental variable. This lets you select a specific configuration and keyring for the duration of a
command line session. This is useful when <a href="release-signing.html#safe-practice">practicing</a> and when using multiple keyrings.</p>
<p>For example, to set home directory to <code>alice</code> when using Linux:</p>
-<pre><code> :::console
- $ export GNUPGHOME=alice
-</code></pre>
-<p>When switching key rings, check that the required keyring has been selected by examining the secret keys. For example:</p>
-<pre><code> :::console
- $ gpg --list-secret-keys
- alice/secring.gpg
- -----------------
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="p">:::</span><span class="n">console</span>
+<span class="w"> </span><span class="o">$</span><span class="w"> </span><span class="k">export</span><span class="w"> </span><span class="n">GNUPGHOME</span><span class="o">=</span><span class="n">alice</span>
+</code></pre></div>
- sec 4096R/E2B054B8 2009-08-20
- uid Alice Example (EXAMPLE NEW KEY) <alice@example.org>
- ssb 4096R/4A6D5217 2009-08-20
-</code></pre>
+<p>When switching key rings, check that the required keyring has been selected by examining the secret keys. For example:</p>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="o">-</span><span class="n">secret</span><span class="o">-</span><span class="n">keys</span>
+<span class="w"> </span><span class="n">alice</span><span class="o">/</span><span class="n">secring</span><span class="p">.</span><span class="n">gpg</span>
+<span class="w"> </span><span class="o">-----------------</span>
+
+<span class="w"> </span><span class="n">sec</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="n">E2B054B8</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+<span class="w"> </span><span class="n">uid</span><span class="w"> </span><span class="n">Alice</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">alice</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="n">ssb</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="mi">4</span><span class="n">A6D5217</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+</code></pre></div>
+
<h3 id="configuration">Configuration<a class="headerlink" href="#configuration" title="Permanent link">¶</a></h3>
+
<p>GnuPG supports a wide range of configuration options. You can specify them on the command line, but it is usually more convenient to set them in the <code>gpg.conf</code> file. By default, this is located in the <a href="#home">GnuPG Home</a> directory.</p>
<h3 id="sha1">Avoid SHA-1<a class="headerlink" href="#sha1" title="Permanent link">¶</a></h3>
+
<p><a href="release-signing.html#sha1">Avoid</a> using <code>SHA-1</code>. Use <code>SHA512</code> or <code>SHA256</code> instead. <code>SHA512</code> is stronger than <code>SHA256</code>. Though some old
clients lack <code>SHA512</code> support, we recommend switching to <code>SHA512</code> if possible.</p>
<h3 id="sha-defaults">Setting defaults<a class="headerlink" href="#sha-defaults" title="Permanent link">¶</a></h3>
+
<p>To configure <code>gpg</code> to avoid SHA-1, edit the options in <a href="#configuration"><code>gpg.conf</code></a>. Options need to be added or given the correct values for:</p>
<ul>
-<li><code>cert-digest-algo</code> - the certificate digest used when linking into the <a href="release-signing.html#link-into-wot">web of trust</a></li>
-<li><code>personal-digest-preferences</code> - the digest used for <a href="release-signing.html#detach-sig">signing messages</a></li>
+<li><code>cert-digest-algo</code> - the certificate digest used when linking into the <a href="release-signing.html#link-into-wot">web of trust</a> </li>
+<li><code>personal-digest-preferences</code> - the digest used for <a href="release-signing.html#detach-sig">signing messages</a> </li>
<li><code>default-preference-list</code> - the default algorithm preferences for <a href="release-signing.html#generate">new keys</a> (this does not affect existing keys: see next paragraph)</li>
</ul>
<p>To use <code>SHA512</code> (recommended):</p>
-<pre><code> :::text
+<div class="highlight"><pre><span></span><code> :::text
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
-</code></pre>
+</code></pre></div>
+
<p>To use SHA256:</p>
-<pre><code> :::text
+<div class="highlight"><pre><span></span><code> :::text
personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
-</code></pre>
+</code></pre></div>
+
<h3 id="key-prefs">Setting preferences for keys<a class="headerlink" href="#key-prefs" title="Permanent link">¶</a></h3>
+
<p>The digest preferences for each key (from the <a href="#sha-defaults">configuration defaults</a> ) are set when the key is generated. Once the
configuration has been updated to avoid SHA-1, all new keys generated will use these defaults, but keys generated before the configuration won't be affected.</p>
<p>All existing private keys in the ring need to be updated to indicate that stronger hashes are preferred. For each public-private key pair (generated with the previous defaults):</p>
-<pre><code> :::console
- $ gpg --edit-key F8B7B4FD
- gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
- This program comes with ABSOLUTELY NO WARRANTY.
- This is free software, and you are welcome to redistribute it
- under certain conditions. See the file COPYING for details.
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">edit</span><span class="o">-</span><span class="k">key</span><span class="w"> </span><span class="n">F8B7B4FD</span>
+<span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="p">(</span><span class="n">GnuPG</span><span class="p">)</span><span class="w"> </span><span class="mf">1.4.9</span><span class="p">;</span><span class="w"> </span><span class="n">Copyright</span><span class="w"> </span><span class="p">(</span><span class="n">C</span><span class="p">)</span><span class="w"> </span><span class="mi">2008</span><span class="w"> </span><span class="k">Free</span><span class="w"> </span><span class="n">Software</span><span class="w"> </span><span class="n">Foundation</span><span class="p">,</span><span class="w"> </span><span class="n">Inc</span><span class="p">.</span>
+<span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="n">program</span><span class="w"> </span><span class="n">comes</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">ABSOLUTELY</span><span class="w"> </span><span class="k">NO</span><span class="w"> </span><span class="n">WARRANTY</span><span class="p">.</span>
+<span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="k">free</span><span class="w"> </span><span class="n">software</span><span class="p">,</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="k">are</span><span class="w"> </span><span class="n">welcome</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">redistribute</span><span class="w"> </span><span class="n">it</span>
+<span class="w"> </span><span class="k">under</span><span class="w"> </span><span class="n">certain</span><span class="w"> </span><span class="n">conditions</span><span class="p">.</span><span class="w"> </span><span class="n">See</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">file</span><span class="w"> </span><span class="n">COPYING</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">details</span><span class="p">.</span>
- Secret key is available.
+<span class="w"> </span><span class="n">Secret</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">available</span><span class="p">.</span>
- pub 1024D/F8B7B4FD created: 2009-08-12 expires: 2009-09-11 usage: SC
- trust: ultimate validity: ultimate
- sub 1024g/D55BD150 created: 2009-08-12 expires: 2009-09-11 usage: E
- [ultimate] (1). Example Key (NOT FOR DISTRIBUTION) <bogus@example.org>
+<span class="w"> </span><span class="n">pub</span><span class="w"> </span><span class="mi">1024</span><span class="n">D</span><span class="o">/</span><span class="n">F8B7B4FD</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">12</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">09</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">SC</span><span class="w"> </span>
+<span class="w"> </span><span class="nl">trust</span><span class="p">:</span><span class="w"> </span><span class="n">ultimate</span><span class="w"> </span><span class="nl">validity</span><span class="p">:</span><span class="w"> </span><span class="n">ultimate</span>
+<span class="w"> </span><span class="n">sub</span><span class="w"> </span><span class="mi">1024</span><span class="n">g</span><span class="o">/</span><span class="n">D55BD150</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">12</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">09</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">E</span><span class="w"> </span>
+<span class="w"> </span><span class="o">[</span><span class="n">ultimate</span><span class="o">]</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="k">Key</span><span class="w"> </span><span class="p">(</span><span class="ow">NOT</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">DISTRIBUTION</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">bogus</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
- Command> showpref
- [ultimate] (1). Example Key (NOT FOR DISTRIBUTION) <bogus@example.org>
- Cipher: AES256, AES192, AES, CAST5, 3DES
- Digest: SHA1, SHA256, RIPEMD160
- Compression: ZLIB, BZIP2, ZIP, Uncompressed
- Features: MDC, Keyserver no-modify
+<span class="w"> </span><span class="n">Command</span><span class="o">></span><span class="w"> </span><span class="n">showpref</span>
+<span class="w"> </span><span class="o">[</span><span class="n">ultimate</span><span class="o">]</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="k">Key</span><span class="w"> </span><span class="p">(</span><span class="ow">NOT</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">DISTRIBUTION</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">bogus</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="nl">Cipher</span><span class="p">:</span><span class="w"> </span><span class="n">AES256</span><span class="p">,</span><span class="w"> </span><span class="n">AES192</span><span class="p">,</span><span class="w"> </span><span class="n">AES</span><span class="p">,</span><span class="w"> </span><span class="n">CAST5</span><span class="p">,</span><span class="w"> </span><span class="mi">3</span><span class="n">DES</span>
+<span class="w"> </span><span class="nl">Digest</span><span class="p">:</span><span class="w"> </span><span class="n">SHA1</span><span class="p">,</span><span class="w"> </span><span class="n">SHA256</span><span class="p">,</span><span class="w"> </span><span class="n">RIPEMD160</span>
+<span class="w"> </span><span class="nl">Compression</span><span class="p">:</span><span class="w"> </span><span class="n">ZLIB</span><span class="p">,</span><span class="w"> </span><span class="n">BZIP2</span><span class="p">,</span><span class="w"> </span><span class="n">ZIP</span><span class="p">,</span><span class="w"> </span><span class="n">Uncompressed</span>
+<span class="w"> </span><span class="nl">Features</span><span class="p">:</span><span class="w"> </span><span class="n">MDC</span><span class="p">,</span><span class="w"> </span><span class="n">Keyserver</span><span class="w"> </span><span class="k">no</span><span class="o">-</span><span class="k">modify</span>
- Command> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
- Set preference list to:
- Cipher: AES256, AES192, AES, CAST5, 3DES
- Digest: SHA512, SHA384, SHA256, SHA224, SHA1
- Compression: ZLIB, BZIP2, ZIP, Uncompressed
- Features: MDC, Keyserver no-modify
- Really update the preferences? (y/N) y
+<span class="w"> </span><span class="n">Command</span><span class="o">></span><span class="w"> </span><span class="n">setpref</span><span class="w"> </span><span class="n">SHA512</span><span class="w"> </span><span class="n">SHA384</span><span class="w"> </span><span class="n">SHA256</span><span class="w"> </span><span class="n">SHA224</span><span class="w"> </span><span class="n">AES256</span><span class="w"> </span><span class="n">AES192</span><span class="w"> </span><span class="n">AES</span><span class="w"> </span><span class="n">CAST5</span><span class="w"> </span><span class="n">ZLIB</span><span class="w"> </span><span class="n">BZIP2</span><span class="w"> </span><span class="n">ZIP</span><span class="w"> </span><span class="n">Uncompressed</span>
+<span class="w"> </span><span class="k">Set</span><span class="w"> </span><span class="n">preference</span><span class="w"> </span><span class="n">list</span><span class="w"> </span><span class="k">to</span><span class="err">:</span>
+<span class="w"> </span><span class="nl">Cipher</span><span class="p">:</span><span class="w"> </span><span class="n">AES256</span><span class="p">,</span><span class="w"> </span><span class="n">AES192</span><span class="p">,</span><span class="w"> </span><span class="n">AES</span><span class="p">,</span><span class="w"> </span><span class="n">CAST5</span><span class="p">,</span><span class="w"> </span><span class="mi">3</span><span class="n">DES</span>
+<span class="w"> </span><span class="nl">Digest</span><span class="p">:</span><span class="w"> </span><span class="n">SHA512</span><span class="p">,</span><span class="w"> </span><span class="n">SHA384</span><span class="p">,</span><span class="w"> </span><span class="n">SHA256</span><span class="p">,</span><span class="w"> </span><span class="n">SHA224</span><span class="p">,</span><span class="w"> </span><span class="n">SHA1</span>
+<span class="w"> </span><span class="nl">Compression</span><span class="p">:</span><span class="w"> </span><span class="n">ZLIB</span><span class="p">,</span><span class="w"> </span><span class="n">BZIP2</span><span class="p">,</span><span class="w"> </span><span class="n">ZIP</span><span class="p">,</span><span class="w"> </span><span class="n">Uncompressed</span>
+<span class="w"> </span><span class="nl">Features</span><span class="p">:</span><span class="w"> </span><span class="n">MDC</span><span class="p">,</span><span class="w"> </span><span class="n">Keyserver</span><span class="w"> </span><span class="k">no</span><span class="o">-</span><span class="k">modify</span>
+<span class="w"> </span><span class="n">Really</span><span class="w"> </span><span class="k">update</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">preferences</span><span class="vm">?</span><span class="w"> </span><span class="p">(</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">)</span><span class="w"> </span><span class="n">y</span>
- You need a passphrase to unlock the secret key for
- user: "Example Key (NOT FOR DISTRIBUTION) <bogus@example.org>"
- 1024-bit DSA key, ID F8B7B4FD, created 2009-08-12
+<span class="w"> </span><span class="n">You</span><span class="w"> </span><span class="n">need</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">passphrase</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">unlock</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">secret</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="k">for</span>
+<span class="w"> </span><span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="ss">"Example Key (NOT FOR DISTRIBUTION) <bogus@example.org>"</span>
+<span class="w"> </span><span class="mi">1024</span><span class="o">-</span><span class="nc">bit</span><span class="w"> </span><span class="n">DSA</span><span class="w"> </span><span class="k">key</span><span class="p">,</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="n">F8B7B4FD</span><span class="p">,</span><span class="w"> </span><span class="n">created</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">12</span>
- pub 1024D/F8B7B4FD created: 2009-08-12 expires: 2009-09-11 usage: SC
- trust: ultimate validity: ultimate
- sub 1024g/D55BD150 created: 2009-08-12 expires: 2009-09-11 usage: E
- [ultimate] (1). Example Key (NOT FOR DISTRIBUTION) <bogus@example.org>
+<span class="w"> </span><span class="n">pub</span><span class="w"> </span><span class="mi">1024</span><span class="n">D</span><span class="o">/</span><span class="n">F8B7B4FD</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">12</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">09</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">SC</span><span class="w"> </span>
+<span class="w"> </span><span class="nl">trust</span><span class="p">:</span><span class="w"> </span><span class="n">ultimate</span><span class="w"> </span><span class="nl">validity</span><span class="p">:</span><span class="w"> </span><span class="n">ultimate</span>
+<span class="w"> </span><span class="n">sub</span><span class="w"> </span><span class="mi">1024</span><span class="n">g</span><span class="o">/</span><span class="n">D55BD150</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">12</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">09</span><span class="o">-</span><span class="mi">11</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">E</span><span class="w"> </span>
+<span class="w"> </span><span class="o">[</span><span class="n">ultimate</span><span class="o">]</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="k">Key</span><span class="w"> </span><span class="p">(</span><span class="ow">NOT</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">DISTRIBUTION</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">bogus</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
- Command> save
-</code></pre>
+<span class="w"> </span><span class="n">Command</span><span class="o">></span><span class="w"> </span><span class="k">save</span>
+</code></pre></div>
+
<p>Then upload the modified public key to a public keyserver. For example:</p>
-<pre><code> :::console
- $ gpg --send-keys F8B7B4FD
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span>:::<span class="nv">console</span>
+<span class="w"> </span>$<span class="w"> </span><span class="nv">gpg</span><span class="w"> </span><span class="o">--</span><span class="k">send</span><span class="o">-</span><span class="nv">keys</span><span class="w"> </span><span class="nv">F8B7B4FD</span>
+</code></pre></div>
+
<h2 id="generate-key">How to generate a strong key<a class="headerlink" href="#generate-key" title="Permanent link">¶</a></h2>
+
<p>The weaknesses found in <a href="release-signing.html#sha1">SHA-1</a> threaten all DSA keys and those RSA keys with length less than 2048 bits. Though no realistic attack against those keys have been made public and these keys continue to be useful (and do not need to be revoked), Projects should not generate new keys that are exposed to this weakness.</p>
<p>The next generation of <a href="release-signing.html#openpgp">OpenPGP</a> will use <a href="release-signing.html#sha3">SHA-3</a>. For now, the 2048 bit RSA keys with SHA256 hash should be strong enough. For those with 2048 bit RSA keys, the best advice is to <a href="#sha1">switch</a> to SHA256 or SHA512 as soon as possible. All new keys generated should be RSA with at least 4096 bits.</p>
<p>Though 8192 bit keys are stronger, they are slower and may be incompatible with some older clients. For the present, 4096 bit RSA should be strong enough for code signing at Apache. To generate RSA keys with length more
than 4096 bits, <a href="https://www.jroller.com/robertburrelldonkin/entry/gnupg_8192bit_rsa_keys" target="_blank">changes are needed</a>. Then you can follow the procedure for 4096 bits.</p>
<h3 id="key-gen-install-latest-gnupg">Install and configure GnuPG<a class="headerlink" href="#key-gen-install-latest-gnupg" title="Permanent link">¶</a></h3>
+
<p><a href="https://www.gnupg.org" target="_blank">GnuPG</a> comes in two flavors. To easily generate a 4096 bit RSA signing and encryption key pair with strong digests, use either GnuPG version:</p>
<ul>
<li><code>2.0.12</code> or higher (well-known, portable version)</li>
<li><code>1.4.10</code> or higher (version with advanced features)</li>
</ul>
-<p>Once you generate the key, you can use it with the widely available <code>1.4.9</code> and <code>2.x</code> releases.</p>
+<p>Once you generate the key, you can use it with the widely available <code>1.4.9</code> and <code>2.x</code> releases. </p>
<p>If the right version of GnuPG is not currently distributed for your platform, you need to <a href="http://www.gnupg.org/download/index.en.html" target="_blank">install it</a>. You only need this version to generate keys, so you do not need to replace the version distributed with your platform. You can install the new version into a working directory.</p>
<p>Checking that the installation has worked and that the version is correct, using either</p>
-<pre><code> :::console
+<div class="highlight"><pre><span></span><code> :::console
$ gpg --version
gpg (GnuPG) 1.4.10
Copyright (C) 2008 Free Software Foundation, Inc.
@@ -227,9 +245,10 @@
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
-</code></pre>
+</code></pre></div>
+
<p>or</p>
-<pre><code> :::console
+<div class="highlight"><pre><span></span><code> :::console
$ gpg2 --version
gpg (GnuPG) 2.0.12
libgcrypt 1.4.4
@@ -246,151 +265,160 @@
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
-</code></pre>
+</code></pre></div>
+
<p>Now confirm that the configuration file is <a href="#sha1">set up to avoid SHA-1</a>.</p>
<h3 id="key-gen-generate-key">Generate a new key<a class="headerlink" href="#key-gen-generate-key" title="Permanent link">¶</a></h3>
+
<p>Versions <code>2.0.12</code>and <code>1.4.10</code> introduced a new default key generation option - <em>RSA and RSA</em>. <a href="release-signing.html#rsa">RSA</a>
keys are used for both encryption and signing. Longer key lengths are available. Select or accept this option when generating new keys.</p>
<p>Follow the recommendations about <a href="release-signing.html#user-id">user ID</a> and <a href="release-signing.html#key-comment">comment</a>. Use a strong
<a href="release-signing.html#passphrase">passphrase</a>.</p>
<p>Follow either</p>
-<pre><code> :::console
- $ gpg --gen-key
- gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
- This is free software: you are free to change and redistribute it.
- There is NO WARRANTY, to the extent permitted by law.
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="p">:::</span><span class="n">console</span>
+<span class="w"> </span><span class="o">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">gen</span><span class="o">-</span><span class="n">key</span><span class="w"> </span>
+<span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="p">(</span><span class="n">GnuPG</span><span class="p">)</span><span class="w"> </span><span class="mf">1.4</span><span class="o">.</span><span class="mi">10</span><span class="p">;</span><span class="w"> </span><span class="n">Copyright</span><span class="w"> </span><span class="p">(</span><span class="n">C</span><span class="p">)</span><span class="w"> </span><span class="mi">2008</span><span class="w"> </span><span class="n">Free</span><span class="w"> </span><span class="n">Software</span><span class="w"> </span><span class="n">Foundation</span><span class="p">,</span><span class="w"> </span><span class="n">Inc</span><span class="o">.</span>
+<span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">free</span><span class="w"> </span><span class="n">software</span><span class="p">:</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">are</span><span class="w"> </span><span class="n">free</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">change</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">redistribute</span><span class="w"> </span><span class="n">it</span><span class="o">.</span>
+<span class="w"> </span><span class="n">There</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">NO</span><span class="w"> </span><span class="n">WARRANTY</span><span class="p">,</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">extent</span><span class="w"> </span><span class="n">permitted</span><span class="w"> </span><span class="n">by</span><span class="w"> </span><span class="n">law</span><span class="o">.</span>
- Please select what kind of key you want:
- (1) RSA and RSA (default)
- (2) DSA and Elgamal
- (3) DSA (sign only)
- (4) RSA (sign only)
- Your selection? 1
- RSA keys may be between 1024 and 4096 bits long.
- What keysize do you want? (2048) 4096
- Requested keysize is 4096 bits
- Please specify how long the key should be valid.
- 0 = key does not expire
- <n> = key expires in n days
- <n>w = key expires in n weeks
- <n>m = key expires in n months
- <n>y = key expires in n years
- Key is valid for? (0)
- Key does not expire at all
- Is this correct? (y/N) y
+<span class="w"> </span><span class="n">Please</span><span class="w"> </span><span class="n">select</span><span class="w"> </span><span class="n">what</span><span class="w"> </span><span class="n">kind</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">want</span><span class="p">:</span>
+<span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">)</span><span class="w"> </span><span class="n">RSA</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">RSA</span><span class="w"> </span><span class="p">(</span><span class="n">default</span><span class="p">)</span>
+<span class="w"> </span><span class="p">(</span><span class="mi">2</span><span class="p">)</span><span class="w"> </span><span class="n">DSA</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">Elgamal</span>
+<span class="w"> </span><span class="p">(</span><span class="mi">3</span><span class="p">)</span><span class="w"> </span><span class="n">DSA</span><span class="w"> </span><span class="p">(</span><span class="nb">sign</span><span class="w"> </span><span class="n">only</span><span class="p">)</span>
+<span class="w"> </span><span class="p">(</span><span class="mi">4</span><span class="p">)</span><span class="w"> </span><span class="n">RSA</span><span class="w"> </span><span class="p">(</span><span class="nb">sign</span><span class="w"> </span><span class="n">only</span><span class="p">)</span>
+<span class="w"> </span><span class="n">Your</span><span class="w"> </span><span class="n">selection</span><span class="err">?</span><span class="w"> </span><span class="mi">1</span>
+<span class="w"> </span><span class="n">RSA</span><span class="w"> </span><span class="n">keys</span><span class="w"> </span><span class="n">may</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">between</span><span class="w"> </span><span class="mi">1024</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="mi">4096</span><span class="w"> </span><span class="n">bits</span><span class="w"> </span><span class="n">long</span><span class="o">.</span>
+<span class="w"> </span><span class="n">What</span><span class="w"> </span><span class="n">keysize</span><span class="w"> </span><span class="n">do</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">want</span><span class="err">?</span><span class="w"> </span><span class="p">(</span><span class="mi">2048</span><span class="p">)</span><span class="w"> </span><span class="mi">4096</span>
+<span class="w"> </span><span class="n">Requested</span><span class="w"> </span><span class="n">keysize</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="mi">4096</span><span class="w"> </span><span class="n">bits</span>
+<span class="w"> </span><span class="n">Please</span><span class="w"> </span><span class="n">specify</span><span class="w"> </span><span class="n">how</span><span class="w"> </span><span class="n">long</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">should</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">valid</span><span class="o">.</span>
+<span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">does</span><span class="w"> </span><span class="ow">not</span><span class="w"> </span><span class="n">expire</span>
+<span class="w"> </span><span class="o"><</span><span class="n">n</span><span class="o">></span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">expires</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">n</span><span class="w"> </span><span class="n">days</span>
+<span class="w"> </span><span class="o"><</span><span class="n">n</span><span class="o">></span><span class="n">w</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">expires</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">n</span><span class="w"> </span><span class="n">weeks</span>
+<span class="w"> </span><span class="o"><</span><span class="n">n</span><span class="o">></span><span class="n">m</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">expires</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">n</span><span class="w"> </span><span class="n">months</span>
+<span class="w"> </span><span class="o"><</span><span class="n">n</span><span class="o">></span><span class="n">y</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">expires</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">n</span><span class="w"> </span><span class="n">years</span>
+<span class="w"> </span><span class="n">Key</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">valid</span><span class="w"> </span><span class="k">for</span><span class="err">?</span><span class="w"> </span><span class="p">(</span><span class="mi">0</span><span class="p">)</span><span class="w"> </span>
+<span class="w"> </span><span class="n">Key</span><span class="w"> </span><span class="n">does</span><span class="w"> </span><span class="ow">not</span><span class="w"> </span><span class="n">expire</span><span class="w"> </span><span class="n">at</span><span class="w"> </span><span class="n">all</span>
+<span class="w"> </span><span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">correct</span><span class="err">?</span><span class="w"> </span><span class="p">(</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">)</span><span class="w"> </span><span class="n">y</span>
- You need a user ID to identify your key; the software constructs the user
- ID
- from the Real Name, Comment and Email Address in this form:
- "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
+<span class="w"> </span><span class="n">You</span><span class="w"> </span><span class="n">need</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">identify</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="n">key</span><span class="p">;</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">software</span><span class="w"> </span><span class="n">constructs</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">user</span>
+<span class="w"> </span><span class="n">ID</span>
+<span class="w"> </span><span class="n">from</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">Real</span><span class="w"> </span><span class="n">Name</span><span class="p">,</span><span class="w"> </span><span class="n">Comment</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">Email</span><span class="w"> </span><span class="n">Address</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">form</span><span class="p">:</span>
+<span class="w"> </span><span class="s2">"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"</span>
- Real name: Robert Burrell Donkin
- Email address: rdonkin@apache.org
- Comment: CODE SIGNING KEY
- You selected this USER-ID:
- "Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>"
+<span class="w"> </span><span class="n">Real</span><span class="w"> </span><span class="n">name</span><span class="p">:</span><span class="w"> </span><span class="n">Robert</span><span class="w"> </span><span class="n">Burrell</span><span class="w"> </span><span class="n">Donkin</span><span class="w"> </span>
+<span class="w"> </span><span class="n">Email</span><span class="w"> </span><span class="n">address</span><span class="p">:</span><span class="w"> </span><span class="n">rdonkin</span><span class="err">@</span><span class="n">apache</span><span class="o">.</span><span class="n">org</span>
+<span class="w"> </span><span class="n">Comment</span><span class="p">:</span><span class="w"> </span><span class="n">CODE</span><span class="w"> </span><span class="n">SIGNING</span><span class="w"> </span><span class="n">KEY</span>
+<span class="w"> </span><span class="n">You</span><span class="w"> </span><span class="n">selected</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">USER</span><span class="o">-</span><span class="n">ID</span><span class="p">:</span>
+<span class="w"> </span><span class="s2">"Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>"</span>
- Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
- You need a Passphrase to protect your secret key.
-</code></pre>
+<span class="w"> </span><span class="n">Change</span><span class="w"> </span><span class="p">(</span><span class="n">N</span><span class="p">)</span><span class="n">ame</span><span class="p">,</span><span class="w"> </span><span class="p">(</span><span class="n">C</span><span class="p">)</span><span class="n">omment</span><span class="p">,</span><span class="w"> </span><span class="p">(</span><span class="n">E</span><span class="p">)</span><span class="n">mail</span><span class="w"> </span><span class="ow">or</span><span class="w"> </span><span class="p">(</span><span class="n">O</span><span class="p">)</span><span class="n">kay</span><span class="o">/</span><span class="p">(</span><span class="n">Q</span><span class="p">)</span><span class="n">uit</span><span class="err">?</span><span class="w"> </span><span class="n">O</span>
+<span class="w"> </span><span class="n">You</span><span class="w"> </span><span class="n">need</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">Passphrase</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">protect</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="n">secret</span><span class="w"> </span><span class="n">key</span><span class="o">.</span>
+</code></pre></div>
+
<p>or</p>
-<pre><code> :::console
- $ gpg2 --full-gen-key
- gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
- This is free software: you are free to change and redistribute it.
- There is NO WARRANTY, to the extent permitted by law.
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="p">:::</span><span class="n">console</span>
+<span class="w"> </span><span class="o">$</span><span class="w"> </span><span class="n">gpg2</span><span class="w"> </span><span class="o">--</span><span class="n">full</span><span class="o">-</span><span class="n">gen</span><span class="o">-</span><span class="n">key</span>
+<span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="p">(</span><span class="n">GnuPG</span><span class="p">)</span><span class="w"> </span><span class="mf">2.0</span><span class="o">.</span><span class="mi">12</span><span class="p">;</span><span class="w"> </span><span class="n">Copyright</span><span class="w"> </span><span class="p">(</span><span class="n">C</span><span class="p">)</span><span class="w"> </span><span class="mi">2009</span><span class="w"> </span><span class="n">Free</span><span class="w"> </span><span class="n">Software</span><span class="w"> </span><span class="n">Foundation</span><span class="p">,</span><span class="w"> </span><span class="n">Inc</span><span class="o">.</span>
+<span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">free</span><span class="w"> </span><span class="n">software</span><span class="p">:</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">are</span><span class="w"> </span><span class="n">free</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">change</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">redistribute</span><span class="w"> </span><span class="n">it</span><span class="o">.</span>
+<span class="w"> </span><span class="n">There</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">NO</span><span class="w"> </span><span class="n">WARRANTY</span><span class="p">,</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">extent</span><span class="w"> </span><span class="n">permitted</span><span class="w"> </span><span class="n">by</span><span class="w"> </span><span class="n">law</span><span class="o">.</span>
- Please select what kind of key you want:
- (1) RSA and RSA (default)
- (2) DSA and Elgamal
- (3) DSA (sign only)
- (4) RSA (sign only)
- Your selection? 1
- RSA keys may be between 1024 and 4096 bits long.
- What keysize do you want? (2048) 4096
- Requested keysize is 4096 bits
- Please specify how long the key should be valid.
- 0 = key does not expire
- <n> = key expires in n days
- <n>w = key expires in n weeks
- <n>m = key expires in n months
- <n>y = key expires in n years
- Key is valid for? (0)
- Key does not expire at all
- Is this correct? (y/N) y
+<span class="w"> </span><span class="n">Please</span><span class="w"> </span><span class="n">select</span><span class="w"> </span><span class="n">what</span><span class="w"> </span><span class="n">kind</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">want</span><span class="p">:</span>
+<span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">)</span><span class="w"> </span><span class="n">RSA</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">RSA</span><span class="w"> </span><span class="p">(</span><span class="n">default</span><span class="p">)</span>
+<span class="w"> </span><span class="p">(</span><span class="mi">2</span><span class="p">)</span><span class="w"> </span><span class="n">DSA</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">Elgamal</span>
+<span class="w"> </span><span class="p">(</span><span class="mi">3</span><span class="p">)</span><span class="w"> </span><span class="n">DSA</span><span class="w"> </span><span class="p">(</span><span class="nb">sign</span><span class="w"> </span><span class="n">only</span><span class="p">)</span>
+<span class="w"> </span><span class="p">(</span><span class="mi">4</span><span class="p">)</span><span class="w"> </span><span class="n">RSA</span><span class="w"> </span><span class="p">(</span><span class="nb">sign</span><span class="w"> </span><span class="n">only</span><span class="p">)</span>
+<span class="w"> </span><span class="n">Your</span><span class="w"> </span><span class="n">selection</span><span class="err">?</span><span class="w"> </span><span class="mi">1</span>
+<span class="w"> </span><span class="n">RSA</span><span class="w"> </span><span class="n">keys</span><span class="w"> </span><span class="n">may</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">between</span><span class="w"> </span><span class="mi">1024</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="mi">4096</span><span class="w"> </span><span class="n">bits</span><span class="w"> </span><span class="n">long</span><span class="o">.</span>
+<span class="w"> </span><span class="n">What</span><span class="w"> </span><span class="n">keysize</span><span class="w"> </span><span class="n">do</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">want</span><span class="err">?</span><span class="w"> </span><span class="p">(</span><span class="mi">2048</span><span class="p">)</span><span class="w"> </span><span class="mi">4096</span>
+<span class="w"> </span><span class="n">Requested</span><span class="w"> </span><span class="n">keysize</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="mi">4096</span><span class="w"> </span><span class="n">bits</span>
+<span class="w"> </span><span class="n">Please</span><span class="w"> </span><span class="n">specify</span><span class="w"> </span><span class="n">how</span><span class="w"> </span><span class="n">long</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">should</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">valid</span><span class="o">.</span>
+<span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">does</span><span class="w"> </span><span class="ow">not</span><span class="w"> </span><span class="n">expire</span>
+<span class="w"> </span><span class="o"><</span><span class="n">n</span><span class="o">></span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">expires</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">n</span><span class="w"> </span><span class="n">days</span>
+<span class="w"> </span><span class="o"><</span><span class="n">n</span><span class="o">></span><span class="n">w</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">expires</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">n</span><span class="w"> </span><span class="n">weeks</span>
+<span class="w"> </span><span class="o"><</span><span class="n">n</span><span class="o">></span><span class="n">m</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">expires</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">n</span><span class="w"> </span><span class="n">months</span>
+<span class="w"> </span><span class="o"><</span><span class="n">n</span><span class="o">></span><span class="n">y</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">expires</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">n</span><span class="w"> </span><span class="n">years</span>
+<span class="w"> </span><span class="n">Key</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">valid</span><span class="w"> </span><span class="k">for</span><span class="err">?</span><span class="w"> </span><span class="p">(</span><span class="mi">0</span><span class="p">)</span><span class="w"> </span>
+<span class="w"> </span><span class="n">Key</span><span class="w"> </span><span class="n">does</span><span class="w"> </span><span class="ow">not</span><span class="w"> </span><span class="n">expire</span><span class="w"> </span><span class="n">at</span><span class="w"> </span><span class="n">all</span>
+<span class="w"> </span><span class="n">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">correct</span><span class="err">?</span><span class="w"> </span><span class="p">(</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">)</span><span class="w"> </span><span class="n">y</span>
- GnuPG needs to construct a user ID to identify your key.
+<span class="w"> </span><span class="n">GnuPG</span><span class="w"> </span><span class="n">needs</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">construct</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">identify</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="n">key</span><span class="o">.</span>
- Real name: Robert Burrell Donkin
- Email address: rdonkin@apache.org
- Comment: CODE SIGNING KEY
- You selected this USER-ID:
- "Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>"
+<span class="w"> </span><span class="n">Real</span><span class="w"> </span><span class="n">name</span><span class="p">:</span><span class="w"> </span><span class="n">Robert</span><span class="w"> </span><span class="n">Burrell</span><span class="w"> </span><span class="n">Donkin</span>
+<span class="w"> </span><span class="n">Email</span><span class="w"> </span><span class="n">address</span><span class="p">:</span><span class="w"> </span><span class="n">rdonkin</span><span class="err">@</span><span class="n">apache</span><span class="o">.</span><span class="n">org</span>
+<span class="w"> </span><span class="n">Comment</span><span class="p">:</span><span class="w"> </span><span class="n">CODE</span><span class="w"> </span><span class="n">SIGNING</span><span class="w"> </span><span class="n">KEY</span>
+<span class="w"> </span><span class="n">You</span><span class="w"> </span><span class="n">selected</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">USER</span><span class="o">-</span><span class="n">ID</span><span class="p">:</span>
+<span class="w"> </span><span class="s2">"Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>"</span>
- Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
- You need a Passphrase to protect your secret key.
-</code></pre>
+<span class="w"> </span><span class="n">Change</span><span class="w"> </span><span class="p">(</span><span class="n">N</span><span class="p">)</span><span class="n">ame</span><span class="p">,</span><span class="w"> </span><span class="p">(</span><span class="n">C</span><span class="p">)</span><span class="n">omment</span><span class="p">,</span><span class="w"> </span><span class="p">(</span><span class="n">E</span><span class="p">)</span><span class="n">mail</span><span class="w"> </span><span class="ow">or</span><span class="w"> </span><span class="p">(</span><span class="n">O</span><span class="p">)</span><span class="n">kay</span><span class="o">/</span><span class="p">(</span><span class="n">Q</span><span class="p">)</span><span class="n">uit</span><span class="err">?</span><span class="w"> </span><span class="n">O</span>
+<span class="w"> </span><span class="n">You</span><span class="w"> </span><span class="n">need</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">Passphrase</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">protect</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="n">secret</span><span class="w"> </span><span class="n">key</span><span class="o">.</span>
+</code></pre></div>
+
<h3 id="key-gen-avoid-sha1">Check that the key avoids using SHA-1<a class="headerlink" href="#key-gen-avoid-sha1" title="Permanent link">¶</a></h3>
+
<p>Check that the configuration has correctly set the key preferences to avoid SHA-1, using either:</p>
-<pre><code> :::console
- $ gpg --edit-key 773447FD
- gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
- This is free software: you are free to change and redistribute it.
- There is NO WARRANTY, to the extent permitted by law.
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">edit</span><span class="o">-</span><span class="k">key</span><span class="w"> </span><span class="mi">773447</span><span class="n">FD</span>
+<span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="p">(</span><span class="n">GnuPG</span><span class="p">)</span><span class="w"> </span><span class="mf">1.4.10</span><span class="p">;</span><span class="w"> </span><span class="n">Copyright</span><span class="w"> </span><span class="p">(</span><span class="n">C</span><span class="p">)</span><span class="w"> </span><span class="mi">2008</span><span class="w"> </span><span class="k">Free</span><span class="w"> </span><span class="n">Software</span><span class="w"> </span><span class="n">Foundation</span><span class="p">,</span><span class="w"> </span><span class="n">Inc</span><span class="p">.</span>
+<span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="k">free</span><span class="w"> </span><span class="nl">software</span><span class="p">:</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="k">are</span><span class="w"> </span><span class="k">free</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">change</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">redistribute</span><span class="w"> </span><span class="n">it</span><span class="p">.</span>
+<span class="w"> </span><span class="n">There</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="k">NO</span><span class="w"> </span><span class="n">WARRANTY</span><span class="p">,</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">extent</span><span class="w"> </span><span class="n">permitted</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="n">law</span><span class="p">.</span>
- Secret key is available.
+<span class="w"> </span><span class="n">Secret</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">available</span><span class="p">.</span>
- pub 4096R/773447FD created: 2010-02-16 expires: never usage: SC
- trust: ultimate validity: ultimate
- sub 4096R/436E0F7C created: 2010-02-16 expires: never usage: E
- [ultimate] (1). Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>
+<span class="w"> </span><span class="n">pub</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="mi">773447</span><span class="n">FD</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2010</span><span class="o">-</span><span class="mi">02</span><span class="o">-</span><span class="mi">16</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="n">never</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">SC</span><span class="w"> </span>
+<span class="w"> </span><span class="nl">trust</span><span class="p">:</span><span class="w"> </span><span class="n">ultimate</span><span class="w"> </span><span class="nl">validity</span><span class="p">:</span><span class="w"> </span><span class="n">ultimate</span>
+<span class="w"> </span><span class="n">sub</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="mf">436E0</span><span class="n">F7C</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2010</span><span class="o">-</span><span class="mi">02</span><span class="o">-</span><span class="mi">16</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="n">never</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">E</span><span class="w"> </span>
+<span class="w"> </span><span class="o">[</span><span class="n">ultimate</span><span class="o">]</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="w"> </span><span class="n">Robert</span><span class="w"> </span><span class="n">Burrell</span><span class="w"> </span><span class="n">Donkin</span><span class="w"> </span><span class="p">(</span><span class="n">CODE</span><span class="w"> </span><span class="n">SIGNING</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">rdonkin</span><span class="nv">@apache</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
- Command> showpref
- [ultimate] (1). Robert Burrell Donkin (CODE SIGNING KEY)
- <rdonkin@apache.org>
- Cipher: AES256, AES192, AES, CAST5, 3DES
- Digest: SHA512, SHA384, SHA256, SHA224, SHA1
- Compression: ZLIB, BZIP2, ZIP, Uncompressed
- Features: MDC, Keyserver no-modify
-</code></pre>
+<span class="w"> </span><span class="n">Command</span><span class="o">></span><span class="w"> </span><span class="n">showpref</span>
+<span class="w"> </span><span class="o">[</span><span class="n">ultimate</span><span class="o">]</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="w"> </span><span class="n">Robert</span><span class="w"> </span><span class="n">Burrell</span><span class="w"> </span><span class="n">Donkin</span><span class="w"> </span><span class="p">(</span><span class="n">CODE</span><span class="w"> </span><span class="n">SIGNING</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span>
+<span class="w"> </span><span class="o"><</span><span class="n">rdonkin</span><span class="nv">@apache</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="nl">Cipher</span><span class="p">:</span><span class="w"> </span><span class="n">AES256</span><span class="p">,</span><span class="w"> </span><span class="n">AES192</span><span class="p">,</span><span class="w"> </span><span class="n">AES</span><span class="p">,</span><span class="w"> </span><span class="n">CAST5</span><span class="p">,</span><span class="w"> </span><span class="mi">3</span><span class="n">DES</span>
+<span class="w"> </span><span class="nl">Digest</span><span class="p">:</span><span class="w"> </span><span class="n">SHA512</span><span class="p">,</span><span class="w"> </span><span class="n">SHA384</span><span class="p">,</span><span class="w"> </span><span class="n">SHA256</span><span class="p">,</span><span class="w"> </span><span class="n">SHA224</span><span class="p">,</span><span class="w"> </span><span class="n">SHA1</span>
+<span class="w"> </span><span class="nl">Compression</span><span class="p">:</span><span class="w"> </span><span class="n">ZLIB</span><span class="p">,</span><span class="w"> </span><span class="n">BZIP2</span><span class="p">,</span><span class="w"> </span><span class="n">ZIP</span><span class="p">,</span><span class="w"> </span><span class="n">Uncompressed</span>
+<span class="w"> </span><span class="nl">Features</span><span class="p">:</span><span class="w"> </span><span class="n">MDC</span><span class="p">,</span><span class="w"> </span><span class="n">Keyserver</span><span class="w"> </span><span class="k">no</span><span class="o">-</span><span class="k">modify</span>
+</code></pre></div>
+
<p>or</p>
-<pre><code> :::console
- $ gpg2 --edit-key A6EE6908
- gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
- This is free software: you are free to change and redistribute it.
- There is NO WARRANTY, to the extent permitted by law.
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg2</span><span class="w"> </span><span class="o">--</span><span class="n">edit</span><span class="o">-</span><span class="k">key</span><span class="w"> </span><span class="n">A6EE6908</span>
+<span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="p">(</span><span class="n">GnuPG</span><span class="p">)</span><span class="w"> </span><span class="mf">2.0.12</span><span class="p">;</span><span class="w"> </span><span class="n">Copyright</span><span class="w"> </span><span class="p">(</span><span class="n">C</span><span class="p">)</span><span class="w"> </span><span class="mi">2009</span><span class="w"> </span><span class="k">Free</span><span class="w"> </span><span class="n">Software</span><span class="w"> </span><span class="n">Foundation</span><span class="p">,</span><span class="w"> </span><span class="n">Inc</span><span class="p">.</span>
+<span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="k">free</span><span class="w"> </span><span class="nl">software</span><span class="p">:</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="k">are</span><span class="w"> </span><span class="k">free</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">change</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">redistribute</span><span class="w"> </span><span class="n">it</span><span class="p">.</span>
+<span class="w"> </span><span class="n">There</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="k">NO</span><span class="w"> </span><span class="n">WARRANTY</span><span class="p">,</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">extent</span><span class="w"> </span><span class="n">permitted</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="n">law</span><span class="p">.</span>
- Secret key is available.
+<span class="w"> </span><span class="n">Secret</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">available</span><span class="p">.</span>
- pub 8192R/A6EE6908 created: 2009-08-07 expires: never usage: SC
- trust: ultimate validity: ultimate
- sub 8192R/B800EFC1 created: 2009-08-07 expires: never usage: E
- [ultimate] (1). Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>
+<span class="w"> </span><span class="n">pub</span><span class="w"> </span><span class="mi">8192</span><span class="n">R</span><span class="o">/</span><span class="n">A6EE6908</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="n">never</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">SC</span><span class="w"> </span>
+<span class="w"> </span><span class="nl">trust</span><span class="p">:</span><span class="w"> </span><span class="n">ultimate</span><span class="w"> </span><span class="nl">validity</span><span class="p">:</span><span class="w"> </span><span class="n">ultimate</span>
+<span class="w"> </span><span class="n">sub</span><span class="w"> </span><span class="mi">8192</span><span class="n">R</span><span class="o">/</span><span class="n">B800EFC1</span><span class="w"> </span><span class="nl">created</span><span class="p">:</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">07</span><span class="w"> </span><span class="nl">expires</span><span class="p">:</span><span class="w"> </span><span class="n">never</span><span class="w"> </span><span class="k">usage</span><span class="err">:</span><span class="w"> </span><span class="n">E</span><span class="w"> </span>
+<span class="w"> </span><span class="o">[</span><span class="n">ultimate</span><span class="o">]</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="w"> </span><span class="n">Robert</span><span class="w"> </span><span class="n">Burrell</span><span class="w"> </span><span class="n">Donkin</span><span class="w"> </span><span class="p">(</span><span class="n">CODE</span><span class="w"> </span><span class="n">SIGNING</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">rdonkin</span><span class="nv">@apache</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
- Command> showpref
- [ultimate] (1). Robert Burrell Donkin (CODE SIGNING KEY)
- <rdonkin@apache.org>
- Cipher: AES256, AES192, AES, CAST5, 3DES
- Digest: SHA512, SHA384, SHA256, SHA224, SHA1
- Compression: ZLIB, BZIP2, ZIP, Uncompressed
- Features: MDC, Keyserver no-modify
+<span class="w"> </span><span class="n">Command</span><span class="o">></span><span class="w"> </span><span class="n">showpref</span><span class="w"> </span>
+<span class="w"> </span><span class="o">[</span><span class="n">ultimate</span><span class="o">]</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="w"> </span><span class="n">Robert</span><span class="w"> </span><span class="n">Burrell</span><span class="w"> </span><span class="n">Donkin</span><span class="w"> </span><span class="p">(</span><span class="n">CODE</span><span class="w"> </span><span class="n">SIGNING</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span>
+<span class="w"> </span><span class="o"><</span><span class="n">rdonkin</span><span class="nv">@apache</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="nl">Cipher</span><span class="p">:</span><span class="w"> </span><span class="n">AES256</span><span class="p">,</span><span class="w"> </span><span class="n">AES192</span><span class="p">,</span><span class="w"> </span><span class="n">AES</span><span class="p">,</span><span class="w"> </span><span class="n">CAST5</span><span class="p">,</span><span class="w"> </span><span class="mi">3</span><span class="n">DES</span>
+<span class="w"> </span><span class="nl">Digest</span><span class="p">:</span><span class="w"> </span><span class="n">SHA512</span><span class="p">,</span><span class="w"> </span><span class="n">SHA384</span><span class="p">,</span><span class="w"> </span><span class="n">SHA256</span><span class="p">,</span><span class="w"> </span><span class="n">SHA224</span><span class="p">,</span><span class="w"> </span><span class="n">SHA1</span>
+<span class="w"> </span><span class="nl">Compression</span><span class="p">:</span><span class="w"> </span><span class="n">ZLIB</span><span class="p">,</span><span class="w"> </span><span class="n">BZIP2</span><span class="p">,</span><span class="w"> </span><span class="n">ZIP</span><span class="p">,</span><span class="w"> </span><span class="n">Uncompressed</span>
+<span class="w"> </span><span class="nl">Features</span><span class="p">:</span><span class="w"> </span><span class="n">MDC</span><span class="p">,</span><span class="w"> </span><span class="n">Keyserver</span><span class="w"> </span><span class="k">no</span><span class="o">-</span><span class="k">modify</span>
+</code></pre></div>
-</code></pre>
<p>The <code>Digest</code> line should list SHA-512 first and SHA-1 last. Instructions for altering the preferences of a key are
<a href="#key-prefs">here</a>.</p>
<h3 id="final-steps">Final steps<a class="headerlink" href="#final-steps" title="Permanent link">¶</a></h3>
+
<p>When you generate a new code signing key, you need to update a number of Apache documents and perform some other tasks.</p>
<h5 id="generation-final-steps-transition">Final transition steps<a class="headerlink" href="#generation-final-steps-transition" title="Permanent link">¶</a></h5>
+
<p>If you are generating a key for use in a <a href="release-signing.html#transition">transition</a>, there is more you should do before updating these documents, so <a href="key-transition.html#ContinueAfterGeneration">go to the transition instructions now</a>.</p>
<h5 id="generation-final-steps-new-key">New key final steps<a class="headerlink" href="#generation-final-steps-new-key" title="Permanent link">¶</a>Final steps for a new key</h5>
+
<p>If this is a new code signing key not involved with a transition:</p>
<ol>
<li>
<p><a href="release-signing.html#keyserver-upload">Upload</a> the new <a href="release-signing.html#public-private">public key</a> to a public
-<a href="release-signing.html#keyserver">keyserver</a></p>
+<a href="release-signing.html#keyserver">keyserver</a> </p>
</li>
<li>
-<p>Create backups by following these <a href="#backup">instructions</a></p>
+<p>Create backups by following these <a href="#backup">instructions</a> </p>
</li>
<li>
<p>Follow these <a href="#revocation-certs">instructions</a> to create and securely store generic <a href="release-signing.html#revocation-cert">revocation
@@ -405,6 +433,7 @@
</li>
</ol>
<h2 id="private-keyring-management">Private keyring management<a class="headerlink" href="#private-keyring-management" title="Permanent link">¶</a></h2>
+
<ol>
<li>
<p>Never transmit your private keyring over the internet!</p>
@@ -418,63 +447,76 @@
</li>
</ol>
<h2 id="find-key-id">Finding a key ID<a class="headerlink" href="#find-key-id" title="Permanent link">¶</a></h2>
+
<p>There are a number of ways to identify a key. Only one is unique: the <a href="release-signing.html#fingerprint">key fingerprint</a>.</p>
<p>Attackers can easily create new keys similar to yours with identical user IDs and comments. Such a public key may be introduced to your keyring when you download keys from a <a href="release-signing.html#keyserver">public keyserver</a> or as part of an import. If this information is used to identify public keys then you may be misled into believing that another public key is yours. A cunning attacker may even introduce a matching secret key that lets you sign with that key.</p>
<p>Creating a different key with a matching identity is considered <a href="release-signing.html#infeasible">infeasible</a>. For all operations where
precise identity matters and that identity is specified on the command line, you should use the key ID to identify the key. Avoid using
user ID or other information.</p>
<h3 id="find-key-id-from-trusted-source">Find a key ID from a trusted source<a class="headerlink" href="#finbd-key-id-from-trusted-source" title="Permanent link">¶</a></h3>
+
<p>The best way to find a key ID is to obtain it directly from a trusted source, for example, from a business card you obtain personally from the owner of the key.</p>
<h3 id="find-key-id-with-fingerprint">Find a key ID with its fingerprint<a class="headerlink" href="#find-key-ide-with-fingerprint" title="Permanent link">¶</a></h3>
+
<p>If you have a <a href="release-signing.html#fingerprint">fingerprint</a>, the key ID should be the last 8 digits. For example, the ID of the key with this fingerprint:</p>
-<pre><code> :::text
+<div class="highlight"><pre><span></span><code> :::text
FF96 6261 C995 1DDE BF34 5150 D5D2 BDB5 E2B0 54B8
-</code></pre>
+</code></pre></div>
+
<p>should be:</p>
-<pre><code> :::text
+<div class="highlight"><pre><span></span><code> :::text
E2B054B8
-</code></pre>
+</code></pre></div>
+
<p>You can confirm this using:</p>
-<pre><code> :::console
- $ gpg --list-keys --fingerprint E2B054B8
- pub 4096R/E2B054B8 2009-08-20
- Key fingerprint = FF96 6261 C995 1DDE BF34 5150 D5D2 BDB5 E2B0 54B8
- uid Alice Example (EXAMPLE NEW KEY) <alice@example.org>
- sub 4096R/4A6D5217 2009-08-20
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="o">-</span><span class="n">keys</span><span class="w"> </span><span class="o">--</span><span class="n">fingerprint</span><span class="w"> </span><span class="n">E2B054B8</span>
+<span class="w"> </span><span class="n">pub</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="n">E2B054B8</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+<span class="w"> </span><span class="k">Key</span><span class="w"> </span><span class="n">fingerprint</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">FF96</span><span class="w"> </span><span class="mi">6261</span><span class="w"> </span><span class="n">C995</span><span class="w"> </span><span class="mi">1</span><span class="n">DDE</span><span class="w"> </span><span class="n">BF34</span><span class="w"> </span><span class="mi">5150</span><span class="w"> </span><span class="n">D5D2</span><span class="w"> </span><span class="n">BDB5</span><span class="w"> </span><span class="n">E2B0</span><span class="w"> </span><span class="mi">54</span><span class="n">B8</span>
+<span class="w"> </span><span class="n">uid</span><span class="w"> </span><span class="n">Alice</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">alice</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="n">sub</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="mi">4</span><span class="n">A6D5217</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+</code></pre></div>
+
<h3 id="find-key-id-with-secret-key">When you have the secret key<a class="headerlink" href="#find-key-id-with-secret-key" title="Permanent link">¶</a></h3>
+
<p>When you have the secret key, listing the secret key details allows the key ID to be read from the <code>sec</code> lines in the output.</p>
<p><strong>Note</strong> that it is possible for an attacker to introduce a new secret key into your keyring (for example, as part of an import). It is vital that you know how many secret keys each keyring should hold. If any unexpected secret keys are present, this probably indicates an attack.</p>
<p>For example, Alice is <a href="key-transition.html">transitioning</a> and so expects two secret keys in her main keyring. (The case of a single key is similar but less complex.) She lists all secret keys on the keyring:</p>
-<pre><code> :::console
- $ gpg --list-secret-keys
- alice/secring.gpg
- -----------------
- sec 1024D/AD741727 2009-08-20
- uid Alice Example (EXAMPLE OF OLD KEY) <alice@example.org>
- ssb 1024g/268883A9 2009-08-20
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="o">-</span><span class="n">secret</span><span class="o">-</span><span class="n">keys</span>
+<span class="w"> </span><span class="n">alice</span><span class="o">/</span><span class="n">secring</span><span class="p">.</span><span class="n">gpg</span>
+<span class="w"> </span><span class="o">-----------------</span>
+<span class="w"> </span><span class="n">sec</span><span class="w"> </span><span class="mi">1024</span><span class="n">D</span><span class="o">/</span><span class="n">AD741727</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+<span class="w"> </span><span class="n">uid</span><span class="w"> </span><span class="n">Alice</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">OF</span><span class="w"> </span><span class="k">OLD</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">alice</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="n">ssb</span><span class="w"> </span><span class="mi">1024</span><span class="n">g</span><span class="o">/</span><span class="mi">268883</span><span class="n">A9</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
- sec 4096R/E2B054B8 2009-08-20
- uid Alice Example (EXAMPLE NEW KEY) <alice@example.org>
- ssb 4096R/4A6D5217 2009-08-20
-</code></pre>
+<span class="w"> </span><span class="n">sec</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="n">E2B054B8</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+<span class="w"> </span><span class="n">uid</span><span class="w"> </span><span class="n">Alice</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">alice</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="n">ssb</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="mi">4</span><span class="n">A6D5217</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+</code></pre></div>
+
<p>Alice verifies that details for only two keys are listed and that there are no unexpected additions.</p>
<p>The <code>sec</code> lines are:</p>
-<pre><code> :::text
+<div class="highlight"><pre><span></span><code> :::text
sec 1024D/AD741727 2009-08-20
-</code></pre>
+</code></pre></div>
+
<p>and</p>
-<pre><code> :::text
+<div class="highlight"><pre><span></span><code> :::text
sec 4096R/E2B054B8 2009-08-20
-</code></pre>
+</code></pre></div>
+
<p>The key ID forms part of the second column, to the right of the key length. In this case the key IDs are <code>AD741727</code> and <code>E2B054B8</code>. The
<a href="release-signing.html#key-comment">comments</a> help Alice identify each key.</p>
<h3 id="find-key-id-otherwise">When you do not have the secret key<a class="headerlink" href="#find-key-id-otherwise" title="Permanent link">¶</a></h3>
+
<p>Unless you have the <a href="release-signing.html#public-private">private key</a> or a <a href="release-signing.html#fingerprint">fingerprint</a>, the only safe way to find the key ID is to ask the owner of the key, using a secure communication channel.</p>
<p>Trusting that an import contains only the owner's public key is <strong>not recommended</strong>. The import may contain additional public keys (intentionally or not). So, when using an import, always verify the key ID of interest from another source.</p>
-<p>For example, a <a href="http://home.apache.org/~rdonkin/" target="_blank">web page with an embedded export</a> should also list the key IDs of interest.</p>
+<p>For example, a <a href="http://home.apache.org/~rdonkin/" target="_blank">web page with an embedded export</a> should also list the key IDs of interest. </p>
<h2 id="backup">How to back up keys<a class="headerlink" href="#backup" title="Permanent link">¶</a></h2>
+
<h3 id="backup-public">Back up public information<a class="headerlink" href="#backup-public" title="Permanent link">¶</a></h3>
+
<p>The <a href="release-signing.html#key-id">key ID</a> is not confidential but without access to this information from a trusted source, substitution attacks are <a href="release-signing.html#infeasible">feasible</a> (see this <a href="#find-key-id">discussion</a>).</p>
<p>So, for each <a href="release-signing.html#public-private">key pair</a> you generate, the <a href="release-signing.html#key-id">key ID</a> needs to recorded in a form that makes tampering difficult. Defense in depth is the best strategy. We recommend that you use a range of methods::</p>
<ul>
@@ -484,6 +526,7 @@
<li>Include a text document containing the key ID in your <a href="#backup-private">secure, tamperproof private backups</a></li>
</ul>
<h3 id="backup-private">Back up private information<a class="headerlink" href="#backup-private" title="Permanent link">¶</a></h3>
+
<p>Keep your <a href="release-signing.html#public-private">private key</a> both safe and away from attackers. If a private key is destroyed or lost, it must be revoked and should no longer be used. Given the effort that's needed to build a strong <a href="release-signing.html#web-of-trust">web of trust</a>, it is important to back up the private key without compromising security.</p>
<p>The best way to back up a private key is to securely archive the entire <a href="#home">GnuPG home</a> by copying the contents into secure, encrypted storage. We recommended that you version each archived copy and store it permanently.</p>
<p>Full disk encryption is the best storage solution for disks containing the private key. How to encrypt a full disc is platform dependent and is beyond the scope of this guide, but many major platforms now support this.</p>
@@ -495,45 +538,56 @@
</ul>
<p>Make and securely store multiple copies.</p>
<h2 id="export-key">How to export a key<a class="headerlink" href="#export-key" title="Permanent link">¶</a></h2>
+
<p>Exporting public keys is a common operation. It is rarely necessary to export a <a href="release-signing.html#public-private">private key</a> and use of that operation should be kept to a minimum (see <a href="#export-secret-key">below</a> ). So, the unqualified term <em>exporting a key</em>
almost always means <em>exporting a public key</em>.</p>
<p>GnuPG seeks to limit accidental private key exports by using different operations for each export. Both operations share common options.</p>
<h3 id="export-option-output">Output options<a class="headerlink" href="#export-option-output" title="Permanent link">¶</a></h3>
+
<p>By default, operations print their results to the command line. For example, to export all public keys (with ASCII encoding) to the command line, do:</p>
-<pre><code> :::console
- $ gpg --export --armor
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="p">:::</span><span class="n">console</span>
+<span class="w"> </span><span class="o">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="k">export</span><span class="w"> </span><span class="o">--</span><span class="n">armor</span><span class="w"> </span>
+</code></pre></div>
+
<p>The <code>--output</code> option followed by the name of a file creates that file and stores the output in it. To export all public keys (with ASCII encoding) into a newly created file named <code>export.asc</code>, use:</p>
-<pre><code> :::console
- $ gpg --export --output export.asc --armor
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="p">:::</span><span class="n">console</span>
+<span class="w"> </span><span class="o">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="k">export</span><span class="w"> </span><span class="o">--</span><span class="n">output</span><span class="w"> </span><span class="k">export</span><span class="o">.</span><span class="n">asc</span><span class="w"> </span><span class="o">--</span><span class="n">armor</span><span class="w"> </span>
+</code></pre></div>
+
<p>Though most of the examples in this guide choose to output to a file, command line output is often useful (for example, the output can be piped into a second command) and is equally valid for most operations. The exception is <a href="#export-secret-key">secret key export</a>, which should always be to a secure temporary file.</p>
<h3 id="export-option-armor">The armor option<a class="headerlink" href="#export-option-armor" title="Permanent link">¶</a></h3>
+
<p>The <em>--armor</em> option encodes the output using <a href="release-signing.html#ascii">ASCII characters only</a>. This permits embedding the output easily in documents and displaying it on the command line.</p>
<p>For example, to export all public keys (to the command line) encoded in ASCII, use:</p>
-<pre><code> :::console
- $ gpg --export --armor
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="p">:::</span><span class="n">console</span>
+<span class="w"> </span><span class="o">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="k">export</span><span class="w"> </span><span class="o">--</span><span class="n">armor</span><span class="w"> </span>
+</code></pre></div>
+
<p>The binary format is shorter but has few other advantages. For all uses at Apache, use ASCII armor.</p>
<h3 id="export-public-key">How to export public keys<a class="headerlink" href="#export-public-key" title="Permanent link">¶</a></h3>
+
<p>The <code>--export</code> operation exports public keys.</p>
<p>When you don't specify a key, the system exports all public keys in the keyring. For example, to export all public keys to the <a href="#export-option-output">command
line</a> with <a href="#export-option-armor">ASCII encoding</a>:</p>
-<pre><code> :::console
- $ gpg --export --armor
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="p">:::</span><span class="n">console</span>
+<span class="w"> </span><span class="o">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="k">export</span><span class="w"> </span><span class="o">--</span><span class="n">armor</span><span class="w"> </span>
+</code></pre></div>
+
<p>To export specific keys, add identifiers for these keys to the end of the command. There are a number of ways to identify keys, but only the <a href="release-signing.html#key-id">key ID</a> will definitely select a single key. This <a href="#find-key-id">guide</a> discusses how to find the key ID when it is unknown.</p>
<p>For example, to export to the <a href="#export-option-output">command line</a> with <a href="#export-option-armor">ASCII encoding</a> the public key with ID <code>AD741727</code>, use:</p>
-<pre><code> :::console
- $ gpg --export --armor AD741727
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="p">:::</span><span class="n">console</span>
+<span class="w"> </span><span class="o">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="k">export</span><span class="w"> </span><span class="o">--</span><span class="n">armor</span><span class="w"> </span><span class="n">AD741727</span>
+</code></pre></div>
+
<h3 id="export-all-or-some-public-keys">Should I export all or some public keys"<a class="headerlink" href="#export-all-or-some-puiblic-keys" title="Permanent link">¶</a></h3>
+
<p>This is often a tricky question. An import should not be trusted for key identification (see <a href="#find-key-id">discussion</a>). So, for an import to be useful, usually the key ID of interest needs to be known.</p>
<p>Keys used at Apache should be available through the global <a href="release-signing.html#keyserver">public keyserver</a> network. Using this network, given the <a href="release-signing.html#key-id">key ID</a> the person who needs it can download the public key.</p>
<p>So an export is really only useful for someone who cannot use the global keyserver network. But in this case, the import really needs to include all the public keys on the ring to maximise the chances of a trusted path being found in the <a href="release-signing.html#web-of-trust">web of trust</a>.</p>
<p>The risk of exporting all keys is that users who don't understand that they should not use an export for key identification may be mislead by the other keys in the export. The risk with exporting just one public key is that users may mistakenly think that imports are trustworthy for key identification.</p>
<p>So neither is a very satisfactory solution. Now that global keyserver network works so well, Apache may move away from the use of exports in the future.</p>
<h3 id="export-secret-key">How to export secret keys<a class="headerlink" href="#export-secret-key" title="Permanent link">¶</a></h3>
+
<p>This is a risky operation. The most vulnerable part of the system is the <a href="release-signing.html#passphrase">passphrase</a> that encrypts the private key. If an attacker obtains a copy of the encrypted private key file, an attack on the passphrase is likely to be
<a href="release-signing.html#infeasible">feasible</a>. So it is vital to store the <a href="release-signing.html#public-private">private key</a> securely at
all times.</p>
@@ -541,50 +595,58 @@
<p>To ensure that you do not accidentally expose private keys, the GnuPG <code>--export</code> operation exports only public keys.</p>
<p><strong>Never</strong> export secret keys to the command line. Instead, use a secure temporary file that you can securely delete after use. Here is one way to do this:</p>
<h2 id="secret-key-transfer">How to transfer a secret key<a class="headerlink" href="#secret-key-transfer" title="Permanent link">¶</a></h2>
+
<p>Start by <a href="#switch-home">switching</a> GnuPG <a href="#home">home</a> to the source. To export all secret keys to a temporary file such as <code>/tmp/new.sec</code>, do this:</p>
-<pre><code> :::console
- $ gpg --export-secret-keys --armor --output /tmp/new.sec
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="p">:::</span><span class="n">console</span>
+<span class="w"> </span><span class="o">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="k">export</span><span class="o">-</span><span class="n">secret</span><span class="o">-</span><span class="n">keys</span><span class="w"> </span><span class="o">--</span><span class="n">armor</span><span class="w"> </span><span class="o">--</span><span class="n">output</span><span class="w"> </span><span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">new</span><span class="o">.</span><span class="n">sec</span>
+</code></pre></div>
+
<p>Import this temporary file into the target keyring. Ensure that GnuPG <a href="#home">home</a> is set to the target keyring (by either
<a href="#switch-home">switching</a> the current session or opening a new terminal configured to use the target keyring). Then do this:</p>
-<pre><code> :::console
- $ gpg --import /tmp/new.sec
- gpg: key E2B054B8: secret key imported
- gpg: key E2B054B8: public key "Alice Example (EXAMPLE NEW KEY)
- <alice@example.org>" imported
- gpg: Total number processed: 1
- gpg: imported: 1 (RSA: 1)
- gpg: secret keys read: 1
- gpg: secret keys imported: 1
-</code></pre>
-<p>Check for <em>secret keys imported</em> in the output. Listing secret keys for the target keyring should now show the existence of the secret key:</p>
-<pre><code> :::console
- $ gpg --list-secret-keys
- alice/secring.gpg
- -----------------
- sec 1024D/AD741727 2009-08-20
- uid Alice Example (EXAMPLE OF OLD KEY) <alice@example.org>
- ssb 1024g/268883A9 2009-08-20
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="p">:::</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="kn">import</span><span class="w"> </span><span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">new</span><span class="o">.</span><span class="n">sec</span><span class="w"> </span>
+<span class="w"> </span><span class="n">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">E2B054B8</span><span class="p">:</span><span class="w"> </span><span class="n">secret</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">imported</span>
+<span class="w"> </span><span class="n">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">E2B054B8</span><span class="p">:</span><span class="w"> </span><span class="n">public</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="s2">"Alice Example (EXAMPLE NEW KEY)</span>
+<span class="w"> </span><span class="o"><</span><span class="n">alice</span><span class="nd">@example</span><span class="o">.</span><span class="n">org</span><span class="o">></span><span class="s2">" imported</span>
+<span class="w"> </span><span class="n">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">Total</span><span class="w"> </span><span class="n">number</span><span class="w"> </span><span class="n">processed</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span>
+<span class="w"> </span><span class="n">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">imported</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="p">(</span><span class="n">RSA</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">)</span>
+<span class="w"> </span><span class="n">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">secret</span><span class="w"> </span><span class="n">keys</span><span class="w"> </span><span class="n">read</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span>
+<span class="w"> </span><span class="n">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">secret</span><span class="w"> </span><span class="n">keys</span><span class="w"> </span><span class="n">imported</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span>
+</code></pre></div>
- sec 4096R/E2B054B8 2009-08-20
- uid Alice Example (EXAMPLE NEW KEY) <alice@example.org>
- ssb 4096R/4A6D5217 2009-08-20
-</code></pre>
+<p>Check for <em>secret keys imported</em> in the output. Listing secret keys for the target keyring should now show the existence of the secret key:</p>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="o">-</span><span class="n">secret</span><span class="o">-</span><span class="n">keys</span>
+<span class="w"> </span><span class="n">alice</span><span class="o">/</span><span class="n">secring</span><span class="p">.</span><span class="n">gpg</span>
+<span class="w"> </span><span class="o">-----------------</span>
+<span class="w"> </span><span class="n">sec</span><span class="w"> </span><span class="mi">1024</span><span class="n">D</span><span class="o">/</span><span class="n">AD741727</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+<span class="w"> </span><span class="n">uid</span><span class="w"> </span><span class="n">Alice</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">OF</span><span class="w"> </span><span class="k">OLD</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">alice</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="n">ssb</span><span class="w"> </span><span class="mi">1024</span><span class="n">g</span><span class="o">/</span><span class="mi">268883</span><span class="n">A9</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+
+<span class="w"> </span><span class="n">sec</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="n">E2B054B8</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+<span class="w"> </span><span class="n">uid</span><span class="w"> </span><span class="n">Alice</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">NEW</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">alice</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="n">ssb</span><span class="w"> </span><span class="mi">4096</span><span class="n">R</span><span class="o">/</span><span class="mi">4</span><span class="n">A6D5217</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
+</code></pre></div>
+
<p>Finally make sure that the temporary file you used cannot be read. We recommend secure deletion. If you are working on Linux, for example, you can use the <a href="http://www.linfo.org/shred.html" target="_blank">shred</a> command:</p>
-<pre><code> :::console
+<div class="highlight"><pre><span></span><code> :::console
$ shred /tmp/new.sec
$ rm /tmp/new.sec
-</code></pre>
+</code></pre></div>
+
<p>Those using encrypted <code>tmp</code> should now restart the machine.</p>
<h2 id="transition">How to transition from an old to a new key<a class="headerlink" href="#transition" title="Permanent link">¶</a></h2>
+
<p>If you have a short but uncompromised key and would like to <a href="release-signing.html#transition">transition</a> to a longer one, follow these
<a href="key-transition.html">instructions</a>.</p>
<p>If your key has been compromised, you <strong>must not</strong> transition. Instead, <a href="release-signing.html#revoke-key">revoke</a> the old key and replace it with a new one immediately. <strong>Do not</strong> use a transition period.</p>
<h2 id="revocation-certs">How to use revocation certificates<a class="headerlink" href="#revocation-certs" title="Permanent link">¶</a></h2>
+
<p>When a private key is lost or compromised, a <a href="release-signing.html#revocation-cert">revocation certificate</a> should be
-<a href="release-signing.html#revoke-cert">distributed</a> to <a href="release-signing.html#keyserver">publicly</a> <a href="release-signing.html#delete-vs-revoke">revoke the key</a>. In the event of a compromise or loss of the key, it is best to create a new revocation certification including the particulars of the case. Since this may not always be possible, you can <a href="#generate-key">generate</a> and <a href="release-signing.html#revocation-certificate-storage">securely
+<a href="release-signing.html#revoke-cert">distributed</a> to <a href="release-signing.html#keyserver">publicly</a> <a href="release-signing.html#delete-vs-revoke">revoke the key</a>. In the event of a compromise or loss of the key, it is best to create a new revocation certification including the particulars of the case. Since this may not always be possible, you can <a href="#generate-key">generate</a> and <a href="release-signing.html#revocation-certificate-storage">securely
store</a> generic revocation certificates for each new key pair.</p>
<h3 id="revocation-cert-generic">Generic revocation certificates<a class="headerlink" href="#revocation-cert-generic" title="Permanent link">¶</a></h3>
+
<p>When you create a new <a href="release-signing.html#public-private">key pair</a>, also generate and store generic revocation certificates for that key pair. We recommend that you generate a certificate (following the instructions in the next section) for each appropriate
revocation reason type:</p>
<ul>
@@ -597,92 +659,96 @@
<p>We recommend that you store these certificates directly onto secure media with good long term stability (for example, an encrypted file
system on a top end USB drive or a CDROM). Print and store hard copies of the certificates yourself, and with trusted third parties.</p>
<h3 id="revocation-cert-gen">How to generate a revocation certificate<a class="headerlink" href="#revocation-cert-gen" title="Permanent link">¶</a></h3>
+
<p>Revocation certificates include a small amount of additional information"</p>
<p>One of four machine readable reason types:</p>
<ul>
-<li>No reason specified - <em>a catch-all category</em></li>
-<li>Key has been compromised - <em>also use this if you believe that the key may have been compromised (for example, when a storage device containing the private key has been lost)</em></li>
-<li>Key is superseded - <em>the comment should suggest the replacement key</em></li>
-<li>Key is no longer used - <em>useful when the key has been destroyed and so a generic revocation prepared earlier must be used</em></li>
+<li>No reason specified - <em>a catch-all category</em> </li>
+<li>Key has been compromised - <em>also use this if you believe that the key may have been compromised (for example, when a storage device containing the private key has been lost)</em> </li>
+<li>Key is superseded - <em>the comment should suggest the replacement key</em> </li>
+<li>Key is no longer used - <em>useful when the key has been destroyed and so a generic revocation prepared earlier must be used</em> </li>
</ul>
<p>The certificate also includes a human-readable <em>comment</em>. Explain here the reason why you are revoking the key. This lets those affected by the revocation to formulate an appropriate response.</p>
<p>When a key has been compromised, lost or superseded, when possible generate a new certificate containing a comment explaining the
situation. For example, generate an <a href="release-signing.html#ascii">ASCII armored</a> (for
ease of handling) revocation certificate for key <code>AD741727</code> like this:</p>
-<pre><code> :::console
- $ gpg --output revoke-AD741727.asc --armor --gen-revoke AD741727
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="k">output</span><span class="w"> </span><span class="k">revoke</span><span class="o">-</span><span class="n">AD741727</span><span class="p">.</span><span class="k">asc</span><span class="w"> </span><span class="o">--</span><span class="n">armor</span><span class="w"> </span><span class="o">--</span><span class="n">gen</span><span class="o">-</span><span class="k">revoke</span><span class="w"> </span><span class="n">AD741727</span>
- sec 1024D/AD741727 2009-08-20 Alice Example (EXAMPLE OF OLD KEY)
- <alice@example.org>
+<span class="w"> </span><span class="n">sec</span><span class="w"> </span><span class="mi">1024</span><span class="n">D</span><span class="o">/</span><span class="n">AD741727</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span><span class="w"> </span><span class="n">Alice</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">OF</span><span class="w"> </span><span class="k">OLD</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span>
+<span class="w"> </span><span class="o"><</span><span class="n">alice</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
- Create a revocation certificate for this key? (y/N) y
- Please select the reason for the revocation:
- 0 = No reason specified
- 1 = Key has been compromised
- 2 = Key is superseded
- 3 = Key is no longer used
- Q = Cancel
- (Probably you want to select 1 here)
- Your decision? 1
- Enter an optional description; end it with an empty line:
- > THIS IS AN EXAMPLE MESSAGE DESCRIBING THAT THIS KEY WAS COMPROMISED
- >
- Reason for revocation: Key has been compromised
- THIS IS AN EXAMPLE MESSAGE DESCRIBING THAT THIS KEY WAS COMPROMISED
- Is this okay? (y/N) y
+<span class="w"> </span><span class="k">Create</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">revocation</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="k">key</span><span class="vm">?</span><span class="w"> </span><span class="p">(</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">)</span><span class="w"> </span><span class="n">y</span>
+<span class="w"> </span><span class="n">Please</span><span class="w"> </span><span class="k">select</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">reason</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="nl">revocation</span><span class="p">:</span>
+<span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">No</span><span class="w"> </span><span class="n">reason</span><span class="w"> </span><span class="n">specified</span>
+<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">Key</span><span class="w"> </span><span class="n">has</span><span class="w"> </span><span class="n">been</span><span class="w"> </span><span class="n">compromised</span>
+<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">Key</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">superseded</span>
+<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">Key</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="k">no</span><span class="w"> </span><span class="n">longer</span><span class="w"> </span><span class="n">used</span>
+<span class="w"> </span><span class="n">Q</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Cancel</span>
+<span class="w"> </span><span class="p">(</span><span class="n">Probably</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">want</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">select</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">here</span><span class="p">)</span>
+<span class="w"> </span><span class="n">Your</span><span class="w"> </span><span class="n">decision</span><span class="vm">?</span><span class="w"> </span><span class="mi">1</span>
+<span class="w"> </span><span class="n">Enter</span><span class="w"> </span><span class="n">an</span><span class="w"> </span><span class="n">optional</span><span class="w"> </span><span class="n">description</span><span class="p">;</span><span class="w"> </span><span class="k">end</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">an</span><span class="w"> </span><span class="n">empty</span><span class="w"> </span><span class="nl">line</span><span class="p">:</span>
+<span class="w"> </span><span class="o">></span><span class="w"> </span><span class="n">THIS</span><span class="w"> </span><span class="k">IS</span><span class="w"> </span><span class="n">AN</span><span class="w"> </span><span class="n">EXAMPLE</span><span class="w"> </span><span class="n">MESSAGE</span><span class="w"> </span><span class="n">DESCRIBING</span><span class="w"> </span><span class="n">THAT</span><span class="w"> </span><span class="n">THIS</span><span class="w"> </span><span class="k">KEY</span><span class="w"> </span><span class="n">WAS</span><span class="w"> </span><span class="n">COMPROMISED</span><span class="w"> </span>
+<span class="w"> </span><span class="o">></span><span class="w"> </span>
+<span class="w"> </span><span class="n">Reason</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="nl">revocation</span><span class="p">:</span><span class="w"> </span><span class="k">Key</span><span class="w"> </span><span class="n">has</span><span class="w"> </span><span class="n">been</span><span class="w"> </span><span class="n">compromised</span>
+<span class="w"> </span><span class="n">THIS</span><span class="w"> </span><span class="k">IS</span><span class="w"> </span><span class="n">AN</span><span class="w"> </span><span class="n">EXAMPLE</span><span class="w"> </span><span class="n">MESSAGE</span><span class="w"> </span><span class="n">DESCRIBING</span><span class="w"> </span><span class="n">THAT</span><span class="w"> </span><span class="n">THIS</span><span class="w"> </span><span class="k">KEY</span><span class="w"> </span><span class="n">WAS</span><span class="w"> </span><span class="n">COMPROMISED</span>
+<span class="w"> </span><span class="k">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">okay</span><span class="vm">?</span><span class="w"> </span><span class="p">(</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">)</span><span class="w"> </span><span class="n">y</span>
- You need a passphrase to unlock the secret key for
- user: "Alice Example (EXAMPLE OF OLD KEY) <alice@example.org>"
- 1024-bit DSA key, ID AD741727, created 2009-08-20
+<span class="w"> </span><span class="n">You</span><span class="w"> </span><span class="n">need</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">passphrase</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">unlock</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">secret</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="k">for</span>
+<span class="w"> </span><span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="ss">"Alice Example (EXAMPLE OF OLD KEY) <alice@example.org>"</span>
+<span class="w"> </span><span class="mi">1024</span><span class="o">-</span><span class="nc">bit</span><span class="w"> </span><span class="n">DSA</span><span class="w"> </span><span class="k">key</span><span class="p">,</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="n">AD741727</span><span class="p">,</span><span class="w"> </span><span class="n">created</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
- Revocation certificate created.
+<span class="w"> </span><span class="n">Revocation</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="n">created</span><span class="p">.</span>
- Please move it to a medium which you can hide away; if Mallory gets
- access to this certificate he can use it to make your key unusable.
- It is smart to print this certificate and store it away, just in case
- your media become unreadable. But have some caution: The print system of
- your machine might store the data and make it available to others!
-</code></pre>
+<span class="w"> </span><span class="n">Please</span><span class="w"> </span><span class="n">move</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">medium</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="n">hide</span><span class="w"> </span><span class="n">away</span><span class="p">;</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="n">Mallory</span><span class="w"> </span><span class="n">gets</span>
+<span class="w"> </span><span class="n">access</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="n">he</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="k">use</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">make</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="n">unusable</span><span class="p">.</span>
+<span class="w"> </span><span class="n">It</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">smart</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">print</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">store</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="n">away</span><span class="p">,</span><span class="w"> </span><span class="n">just</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="k">case</span>
+<span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="n">media</span><span class="w"> </span><span class="n">become</span><span class="w"> </span><span class="n">unreadable</span><span class="p">.</span><span class="w"> </span><span class="n">But</span><span class="w"> </span><span class="n">have</span><span class="w"> </span><span class="ow">some</span><span class="w"> </span><span class="nl">caution</span><span class="p">:</span><span class="w"> </span><span class="n">The</span><span class="w"> </span><span class="k">print</span><span class="w"> </span><span class="k">system</span><span class="w"> </span><span class="k">of</span>
+<span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="n">machine</span><span class="w"> </span><span class="n">might</span><span class="w"> </span><span class="n">store</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">data</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">make</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="n">available</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">others</span><span class="err">!</span>
+</code></pre></div>
+
<p>When preparing generic certificates (for use if the <a href="release-signing.html#public-private">private key</a> is unavailable), the comment
-cannot include the specifics and so should indicate this.</p>
+cannot include the specifics and so should indicate this. </p>
<p>The process for generating a generic certificate is identical, but you should add a different comment. For example, generate an <a href="release-signing.html#ascii">ASCII armored</a> (for ease of handling) revocation certificate for key <code>AD741727</code> like this:</p>
-<pre><code> :::console
- $ gpg --output revoke-AD741727.asc --armor --gen-revoke AD741727
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="k">output</span><span class="w"> </span><span class="k">revoke</span><span class="o">-</span><span class="n">AD741727</span><span class="p">.</span><span class="k">asc</span><span class="w"> </span><span class="o">--</span><span class="n">armor</span><span class="w"> </span><span class="o">--</span><span class="n">gen</span><span class="o">-</span><span class="k">revoke</span><span class="w"> </span><span class="n">AD741727</span>
- sec 1024D/AD741727 2009-08-20 Alice Example (EXAMPLE OF OLD KEY)
- <alice@example.org>
+<span class="w"> </span><span class="n">sec</span><span class="w"> </span><span class="mi">1024</span><span class="n">D</span><span class="o">/</span><span class="n">AD741727</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span><span class="w"> </span><span class="n">Alice</span><span class="w"> </span><span class="n">Example</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">OF</span><span class="w"> </span><span class="k">OLD</span><span class="w"> </span><span class="k">KEY</span><span class="p">)</span>
+<span class="w"> </span><span class="o"><</span><span class="n">alice</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
- Create a revocation certificate for this key? (y/N) y
- Please select the reason for the revocation:
- 0 = No reason specified
- 1 = Key has been compromised
- 2 = Key is superseded
- 3 = Key is no longer used
- Q = Cancel
- (Probably you want to select 1 here)
- Your decision? 1
- Enter an optional description; end it with an empty line:
- > This revocation certificate was generate when the key was created.
- >
- Reason for revocation: Key has been compromised
- This revocation certificate was generate when the key was created.
- Is this okay? (y/N) y
+<span class="w"> </span><span class="k">Create</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">revocation</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="k">key</span><span class="vm">?</span><span class="w"> </span><span class="p">(</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">)</span><span class="w"> </span><span class="n">y</span>
+<span class="w"> </span><span class="n">Please</span><span class="w"> </span><span class="k">select</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">reason</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="nl">revocation</span><span class="p">:</span>
+<span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">No</span><span class="w"> </span><span class="n">reason</span><span class="w"> </span><span class="n">specified</span>
+<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">Key</span><span class="w"> </span><span class="n">has</span><span class="w"> </span><span class="n">been</span><span class="w"> </span><span class="n">compromised</span>
+<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">Key</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">superseded</span>
+<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">Key</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="k">no</span><span class="w"> </span><span class="n">longer</span><span class="w"> </span><span class="n">used</span>
+<span class="w"> </span><span class="n">Q</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Cancel</span>
+<span class="w"> </span><span class="p">(</span><span class="n">Probably</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">want</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">select</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">here</span><span class="p">)</span>
+<span class="w"> </span><span class="n">Your</span><span class="w"> </span><span class="n">decision</span><span class="vm">?</span><span class="w"> </span><span class="mi">1</span>
+<span class="w"> </span><span class="n">Enter</span><span class="w"> </span><span class="n">an</span><span class="w"> </span><span class="n">optional</span><span class="w"> </span><span class="n">description</span><span class="p">;</span><span class="w"> </span><span class="k">end</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">an</span><span class="w"> </span><span class="n">empty</span><span class="w"> </span><span class="nl">line</span><span class="p">:</span>
+<span class="w"> </span><span class="o">></span><span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="n">revocation</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="n">was</span><span class="w"> </span><span class="n">generate</span><span class="w"> </span><span class="k">when</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="n">was</span><span class="w"> </span><span class="n">created</span><span class="p">.</span><span class="w"> </span>
+<span class="w"> </span><span class="o">></span><span class="w"> </span>
+<span class="w"> </span><span class="n">Reason</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="nl">revocation</span><span class="p">:</span><span class="w"> </span><span class="k">Key</span><span class="w"> </span><span class="n">has</span><span class="w"> </span><span class="n">been</span><span class="w"> </span><span class="n">compromised</span>
+<span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="n">revocation</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="n">was</span><span class="w"> </span><span class="n">generate</span><span class="w"> </span><span class="k">when</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="n">was</span><span class="w"> </span><span class="n">created</span><span class="p">.</span><span class="w"> </span>
+<span class="w"> </span><span class="k">Is</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">okay</span><span class="vm">?</span><span class="w"> </span><span class="p">(</span><span class="n">y</span><span class="o">/</span><span class="n">N</span><span class="p">)</span><span class="w"> </span><span class="n">y</span>
- You need a passphrase to unlock the secret key for
- user: "Alice Example (EXAMPLE OF OLD KEY) <alice@example.org>"
- 1024-bit DSA key, ID AD741727, created 2009-08-20
+<span class="w"> </span><span class="n">You</span><span class="w"> </span><span class="n">need</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">passphrase</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">unlock</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">secret</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="k">for</span>
+<span class="w"> </span><span class="k">user</span><span class="err">:</span><span class="w"> </span><span class="ss">"Alice Example (EXAMPLE OF OLD KEY) <alice@example.org>"</span>
+<span class="w"> </span><span class="mi">1024</span><span class="o">-</span><span class="nc">bit</span><span class="w"> </span><span class="n">DSA</span><span class="w"> </span><span class="k">key</span><span class="p">,</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="n">AD741727</span><span class="p">,</span><span class="w"> </span><span class="n">created</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">08</span><span class="o">-</span><span class="mi">20</span>
- Revocation certificate created.
+<span class="w"> </span><span class="n">Revocation</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="n">created</span><span class="p">.</span>
- Please move it to a medium which you can hide away; if Mallory gets
- access to this certificate he can use it to make your key unusable.
- It is smart to print this certificate and store it away, just in case
- your media become unreadable. But have some caution: The print system of
- your machine might store the data and make it available to others!
-</code></pre>
+<span class="w"> </span><span class="n">Please</span><span class="w"> </span><span class="n">move</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">medium</span><span class="w"> </span><span class="n">which</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="n">hide</span><span class="w"> </span><span class="n">away</span><span class="p">;</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="n">Mallory</span><span class="w"> </span><span class="n">gets</span>
+<span class="w"> </span><span class="n">access</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="n">he</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="k">use</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">make</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="n">unusable</span><span class="p">.</span>
+<span class="w"> </span><span class="n">It</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">smart</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">print</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">certificate</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">store</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="n">away</span><span class="p">,</span><span class="w"> </span><span class="n">just</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="k">case</span>
+<span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="n">media</span><span class="w"> </span><span class="n">become</span><span class="w"> </span><span class="n">unreadable</span><span class="p">.</span><span class="w"> </span><span class="n">But</span><span class="w"> </span><span class="n">have</span><span class="w"> </span><span class="ow">some</span><span class="w"> </span><span class="nl">caution</span><span class="p">:</span><span class="w"> </span><span class="n">The</span><span class="w"> </span><span class="k">print</span><span class="w"> </span><span class="k">system</span><span class="w"> </span><span class="k">of</span>
+<span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="n">machine</span><span class="w"> </span><span class="n">might</span><span class="w"> </span><span class="n">store</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">data</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">make</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="n">available</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">others</span><span class="err">!</span>
+</code></pre></div>
+
<h2 id="symmetric">How to use symmetric encryption<a class="headerlink" href="#symmetric" title="Permanent link">¶</a></h2>
+
<p>GnuPG supports symmetric (in addition to public key) cryptography, but the ciphers available sometimes differ. Use <code>gpg --version</code> to discover which ciphers are available in the current installation:</p>
-<pre><code> :::console
+<div class="highlight"><pre><span></span><code> :::console
$ gpg --version
gpg (GnuPG) 1.4.9
Copyright (C) 2008 Free Software Foundation, Inc.
@@ -697,32 +763,38 @@
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
-</code></pre>
+</code></pre></div>
+
<p>In this case, the available ciphers are:</p>
-<pre><code> :::text
+<div class="highlight"><pre><span></span><code> :::text
3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
-</code></pre>
+</code></pre></div>
+
<p>Note that most of the ciphers early on the list are weak. This is typical. We recommend that you specify a strong cipher on the command
line. For example, to encrypt a document <code>INPUT_FILENAME</code> using <code>AES256</code> (a strong cipher) and output it to file <code>ENCRYPTED_FILE</code>:</p>
-<pre><code> :::console
+<div class="highlight"><pre><span></span><code> :::console
$ gpg --cipher-algo AES256 --output ENCRYPTED_FILE --symmetric INPUT_FILENAME
-</code></pre>
+</code></pre></div>
+
<p>When prompted for a <a href="release-signing.html#passphrase">passphrase</a>, choose a strong one.</p>
<p>The file format contains metadata, including the cipher used. So to decrypt <code>ENCRYPTED_FILE</code> into <code>OUTPUT_FILE</code> use:</p>
-<pre><code> :::console
+<div class="highlight"><pre><span></span><code> :::console
$ gpg --output OUTPUT_FILE --decrypt ENCRYPTED_FILE
-</code></pre>
+</code></pre></div>
+
<h2 id="update">How to update Apache documents with details of a new key<a class="headerlink" href="#update" title="Permanent link">¶</a></h2>
+
<p>For the new key, you will need to provide both the <a href="release-signing.html#fingerprint">fingerprint</a> and the <a href="release-signing.html#public-private">public key</a> export more than once. We repeat the creation instructions below for each case but you may find it more convenient to create, store then reuse the results.</p>
<h3 id="publish-in-web-space">Publish the new public key<a class="headerlink" href="#publish-in-web-space" title="Permanent link">¶</a></h3>
+
<p><strong>Note</strong>: you must <a href="release-signing.html#keyserver-upload">upload signing keys to a public key server</a>. You must also add them to your LDAP record using the Apache <a href="https://id.apache.org" target="_blank">self-service app</a>.</p>
<p>A reliable, permanent URL for your new public key is useful. Your Apache web space is an ideal location for this. Copy an
-<a href="release-signing.html#ascii">ASCII armored</a> <a href="release-signing.html#public-private">public key</a>
+<a href="release-signing.html#ascii">ASCII armored</a> <a href="release-signing.html#public-private">public key</a>
<a href="release-signing.html#export">export</a> (see instructions later, or use documents you created earlier) into the <code>public_html</code> subdirectory of your home on <a href="https://home.apache.org" target="_blank">home.apache.org</a>.</p>
<p>The suffix <code>.asc</code> is conventional for ASCII armored public key exports. So, for example, <code>A6EE6908.asc</code> is a reasonable choice for the export of key <code>A6EE6908</code>. Record the URL (for example <code>http://home.apache.org/~rdonkin/A6EE6908.asc</code> ) for use later in your
<a href="#foaf">FOAF</a>.</p>
<p>If your Apache home page contains details of your keys (recommended), update the <a href="release-signing.html#fingerprint">fingerprints</a> and the <a href="release-signing.html#ascii">ASCII armored</a> <a href="release-signing.html#public-private">public key</a> <a href="release-signing.html#export">export</a>. Any browser with a suitable <a href="release-signing.html#openpgp">OpenPGP</a> plugin (for example, <a href="https://www.mozilla.com/firefox/" target="_blank">Firefox</a> with the <a href="https://www.getfiregpg.org" target="_blank">FireGPG plugin</a>) will let you download the key into the local keyring.</p>
-<p>For example, <a href="https://home.apache.org/~rdonkin/" target="_blank">this home page contains a section with fingerprints and a for exporting them. At the bottom, the export has been inlined so browsers with <a href="release-signing.html#opengpg">OpenPGP</a> support can import the keys.</a></p>
+<p>For example, <a href="https://home.apache.org/~rdonkin/" target="_blank">this home page contains a section with fingerprints and a for exporting them. At the bottom, the export has been inlined so browsers with <a href="release-signing.html#opengpg">OpenPGP</a> support can import the keys.</p>
<p>To create an <a href="release-signing.html#ascii">ASCII armored</a> <a href="release-signing.html#public-private">public key</a> <a href="release-signing.html#export">export</a>:</p>
<ul>
<li>When using a <a href="release-signing.html#transition">transition</a>, follow these <a href="key-transition.html#transition-export">instructions</a>.</li>
@@ -735,23 +807,25 @@
</ul>
<p>Ensure that each <code>pubkeyAddress</code> points to the new export <a href="#publish-in-web-space">uploaded into your Apache home web space</a>.</p>
<p>When <a href="release-signing.html#transition">transitioning</a>, include one entry for the old and one for the new key. Yu can use the same URL for both since the target should be the <a href="key-transition.html#transition-export">dual export</a> you <a href="#publish-in-web-space">uploadedearlier</a>. For example, for keys A6EE6908 (new) and B1313DE2 (old):</p>
-<pre><code> :::xml
- <wot:hasKey>
- <wot:PubKey>
- <wot:hex_id>A6EE6908</wot:hex_id>
- <wot:fingerprint>597C729B02371932E77CB9D5EDB8C082A6EE6908</wot:fingerprint>
- <wot:pubkeyAddress
- rdf:resource="http://home.apache.org/~rdonkin/A6EE6908.asc"/>
- </wot:PubKey>
- <wot:PubKey>
- <wot:hex_id>B1313DE2</wot:hex_id>
- <wot:fingerprint>EA6141E8E49E560C224B2F74D5334E75B1313DE2</wot:fingerprint>
- <wot:pubkeyAddress
- rdf:resource="http://home.apache.org/~rdonkin/A6EE6908.asc"/>
- </wot:PubKey>
- </wot:hasKey>
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span>:::xml
+<span class="w"> </span><span class="nt"><wot:hasKey></span>
+<span class="w"> </span><span class="nt"><wot:PubKey></span>
+<span class="w"> </span><span class="nt"><wot:hex_id></span>A6EE6908<span class="nt"></wot:hex_id></span>
+<span class="w"> </span><span class="nt"><wot:fingerprint></span>597C729B02371932E77CB9D5EDB8C082A6EE6908<span class="nt"></wot:fingerprint></span>
+<span class="w"> </span><span class="nt"><wot:pubkeyAddress</span>
+<span class="w"> </span><span class="na">rdf:resource=</span><span class="s">"http://home.apache.org/~rdonkin/A6EE6908.asc"</span><span class="nt">/></span>
+<span class="w"> </span><span class="nt"></wot:PubKey></span>
+<span class="w"> </span><span class="nt"><wot:PubKey></span>
+<span class="w"> </span><span class="nt"><wot:hex_id></span>B1313DE2<span class="nt"></wot:hex_id></span>
+<span class="w"> </span><span class="nt"><wot:fingerprint></span>EA6141E8E49E560C224B2F74D5334E75B1313DE2<span class="nt"></wot:fingerprint></span>
+<span class="w"> </span><span class="nt"><wot:pubkeyAddress</span>
+<span class="w"> </span><span class="na">rdf:resource=</span><span class="s">"http://home.apache.org/~rdonkin/A6EE6908.asc"</span><span class="nt">/></span>
+<span class="w"> </span><span class="nt"></wot:PubKey></span>
+<span class="w"> </span><span class="nt"></wot:hasKey></span>
+</code></pre></div>
+
<h3 id="update-KEYS">Update keys on the next release<a class="headerlink" href="#update-KEYS" title="Permanent link">¶</a></h3>
+
<p>Projects maintain <a href="release-signing.html#keys-policy">KEYS</a> files containing the public keys used to sign Apache releases. These documents need not be updated immediately, but you <strong>must</strong> update your project's file with the new key, with an export, before publishing a release using the new key.</p>
<p>To create an <a href="release-signing.html#ascii">ASCII armored</a> <a href="release-signing.html#export">export</a>:</p>
<ul>
@@ -761,15 +835,19 @@
<p>If there is an older export in the <code>KEYS</code> file, only remove it if it has not been used to sign a release. It is important
that the KEYS file can also be used to check archived releases.</p>
<h3 id="members-details">ASF Members only: update details<a class="headerlink" href="#members-details" title="Permanent link">¶</a></h3>
+
<p><a href="https://www.apache.org/foundation/members.html" target="_blank">ASF Members</a> should add the new key to their details stored in Subversion.</p>
<p>Update your Apache business card with fingerprints (see <code>Cards</code> directory in the members area in Subversion) and place a new order for cards.</p>
<h2 id="wot">How to use the Web of Trust<a class="headerlink" href="#wot" title="Permanent link">¶</a></h2>
+
<p>A link to a new key from a <a href="release-signing.html#web-of-trust">web of trust</a> is made when a key that is part of that network signs the new key.</p>
<p>Each link is only one way. By signing a key, you indicate that you have verified the identity of the owner of that key. Links are established in both directions once the owner of that key also signs your key. When the owner has suitable identification, expect the owner to ask you to sign their key in return.</p>
<p>You can use directional links to establish trust in the identity of a key whose owner you haven't met.</p>
<h3 id="wot-verifying-links">How to verify identity<a class="headerlink" href="#wot-verifying-links" title="Permanent link">¶</a></h3>
+
<p>Verifying identities is usually automated, but here is an example to explain the process. If you already understand the process, feel free to <a href="#apache-wot">skip forward</a>.</p>
<h4 id="wot-manual-example">Example - the hard way<a class="headerlink" href="#wot-manual-example" title="Permanent link">¶</a></h4>
+
<p>Take Alice, Bob and Charlie. Alice has verified Bob's identity in person. Bob has verified Charlie's identity in person. But Alice has
never met Charlie. So</p>
<ul>
@@ -779,54 +857,60 @@
<p>Alice has obtained a file ( <code>document</code> in this example) which Charlie may have created, and a detached signature for that file ( <code>document.asc</code> in this example). Alice wishes to discover whether Charlie signed this file.</p>
<p>The basic idea is easy. If Alice has verified Bob's identity and trusts Bob to verify the Charlie's identity before signing, then Alice should be able to work out whether Charlie owns the key which was used to sign the file.</p>
<p>Alice starts by verifying the signature:</p>
-<pre><code> :::console
+<div class="highlight"><pre><span></span><code> :::console
$ gpg --verify document.asc
gpg: Signature made Wed Sep 9 14:33:12 2009 BST using RSA key ID 8F8A2525
- gpg: Can't check signature: public key not found
-</code></pre>
+ gpg: Can't check signature: public key not found
+</code></pre></div>
+
<p>This indicates that the key used to create this signature is missing from Alice's keyring. This is not unexpected. Alice adds the public key, perhaps by using a public key server or by importing an export, and tries again:</p>
-<pre><code> :::console
- $ gpg --verify document.asc
- gpg: Signature made Wed Sep 9 14:33:12 2009 BST using RSA key ID 8F8A2525
- gpg: checking the trustdb
- gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
- gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u
- gpg: depth: 1 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0u
- gpg: Good signature from "Charlie (EXAMPLE ONLY NOT FOR DISTRIBUTION)
- <charlie@example.org>"
- gpg: WARNING: This key is not certified with a trusted signature!
- gpg: There is no indication that the signature belongs to the
- owner.
- Primary key fingerprint: B7F6 17FA 4DEF E61F 37A4 7463 41F4 40D4 8F8A 2525
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">verify</span><span class="w"> </span><span class="n">document</span><span class="p">.</span><span class="k">asc</span><span class="w"> </span>
+<span class="w"> </span><span class="nl">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">Signature</span><span class="w"> </span><span class="n">made</span><span class="w"> </span><span class="n">Wed</span><span class="w"> </span><span class="n">Sep</span><span class="w"> </span><span class="mi">9</span><span class="w"> </span><span class="mi">14</span><span class="err">:</span><span class="mi">33</span><span class="err">:</span><span class="mi">12</span><span class="w"> </span><span class="mi">2009</span><span class="w"> </span><span class="n">BST</span><span class="w"> </span><span class="k">using</span><span class="w"> </span><span class="n">RSA</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="mi">8</span><span class="n">F8A2525</span>
+<span class="w"> </span><span class="nl">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">checking</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">trustdb</span>
+<span class="w"> </span><span class="nl">gpg</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="n">marginal</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"> </span><span class="n">needed</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">complete</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"> </span><span class="n">needed</span><span class="p">,</span><span class="w"> </span><span class="n">PGP</span><span class="w"> </span><span class="n">trust</span><span class="w"> </span><span class="n">model</span>
+<span class="w"> </span><span class="nl">gpg</span><span class="p">:</span><span class="w"> </span><span class="k">depth</span><span class="err">:</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="nl">valid</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="nl">signed</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="nl">trust</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="o">-</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="n">q</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="n">n</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="n">m</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="n">f</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="n">u</span>
+<span class="w"> </span><span class="nl">gpg</span><span class="p">:</span><span class="w"> </span><span class="k">depth</span><span class="err">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="nl">valid</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="nl">signed</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="nl">trust</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="o">-</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="n">q</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="n">n</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="n">m</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="n">f</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="n">u</span>
+<span class="w"> </span><span class="nl">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">Good</span><span class="w"> </span><span class="n">signature</span><span class="w"> </span><span class="k">from</span><span class="w"> </span><span class="ss">"Charlie (EXAMPLE ONLY NOT FOR DISTRIBUTION)</span>
+<span class="ss"> <charlie@example.org>"</span>
+<span class="w"> </span><span class="nl">gpg</span><span class="p">:</span><span class="w"> </span><span class="nl">WARNING</span><span class="p">:</span><span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="ow">not</span><span class="w"> </span><span class="n">certified</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">trusted</span><span class="w"> </span><span class="n">signature</span><span class="err">!</span>
+<span class="w"> </span><span class="nl">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">There</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="k">no</span><span class="w"> </span><span class="n">indication</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">signature</span><span class="w"> </span><span class="n">belongs</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">the</span>
+<span class="w"> </span><span class="n">owner</span><span class="p">.</span>
+<span class="w"> </span><span class="k">Primary</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="nl">fingerprint</span><span class="p">:</span><span class="w"> </span><span class="n">B7F6</span><span class="w"> </span><span class="mi">17</span><span class="n">FA</span><span class="w"> </span><span class="mi">4</span><span class="n">DEF</span><span class="w"> </span><span class="n">E61F</span><span class="w"> </span><span class="mi">37</span><span class="n">A4</span><span class="w"> </span><span class="mi">7463</span><span class="w"> </span><span class="mi">41</span><span class="n">F4</span><span class="w"> </span><span class="mi">40</span><span class="n">D4</span><span class="w"> </span><span class="mi">8</span><span class="n">F8A</span><span class="w"> </span><span class="mi">2525</span>
+</code></pre></div>
+
<p>This output indicates that this key says that Charlie created it. This is a reasonable start but is easily faked.</p>
<p>Alice examines the signatures on this key:</p>
-<pre><code> :::console
- $ gpg --list-sigs 8F8A2525
- pub 2048R/8F8A2525 2009-09-09
- uid Charlie (EXAMPLE ONLY NOT FOR DISTRIBUTION) <charlie@example.org>
- sig 3 8F8A2525 2009-09-09 Charlie (EXAMPLE ONLY NOT FOR DISTRIBUTION) <charlie@example.org>
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="o">-</span><span class="n">sigs</span><span class="w"> </span><span class="mi">8</span><span class="n">F8A2525</span>
+<span class="w"> </span><span class="n">pub</span><span class="w"> </span><span class="mi">2048</span><span class="n">R</span><span class="o">/</span><span class="mi">8</span><span class="n">F8A2525</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">09</span><span class="o">-</span><span class="mi">09</span>
+<span class="w"> </span><span class="n">uid</span><span class="w"> </span><span class="n">Charlie</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">ONLY</span><span class="w"> </span><span class="ow">NOT</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">DISTRIBUTION</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">charlie</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="n">sig</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="mi">8</span><span class="n">F8A2525</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">09</span><span class="o">-</span><span class="mi">09</span><span class="w"> </span><span class="n">Charlie</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">ONLY</span><span class="w"> </span><span class="ow">NOT</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">DISTRIBUTION</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">charlie</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+</code></pre></div>
+
<p>This key is signed only by itself. This is not indicative. Unless all keys in the ring have been refreshed, it is possible that a signature has been made but is missing from the ring. Alice refreshes the keys on the ring then verifies once more:</p>
-<pre><code> :::console
- $ gpg --list-sigs 8F8A2525
- pub 2048R/8F8A2525 2009-09-09
- uid Charlie (EXAMPLE ONLY NOT FOR DISTRIBUTION) <charlie@example.org>
- sig 3 8F8A2525 2009-09-09 Charlie (EXAMPLE ONLY NOT FOR DISTRIBUTION) <charlie@example.org>
- sig 1B912854 2009-09-09 Bob___ (EXAMPLE ONLY NOT FOR DISTRIBUTION) <bob@example.org>
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="o">-</span><span class="n">sigs</span><span class="w"> </span><span class="mi">8</span><span class="n">F8A2525</span>
+<span class="w"> </span><span class="n">pub</span><span class="w"> </span><span class="mi">2048</span><span class="n">R</span><span class="o">/</span><span class="mi">8</span><span class="n">F8A2525</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">09</span><span class="o">-</span><span class="mi">09</span>
+<span class="w"> </span><span class="n">uid</span><span class="w"> </span><span class="n">Charlie</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">ONLY</span><span class="w"> </span><span class="ow">NOT</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">DISTRIBUTION</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">charlie</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="n">sig</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="mi">8</span><span class="n">F8A2525</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">09</span><span class="o">-</span><span class="mi">09</span><span class="w"> </span><span class="n">Charlie</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">ONLY</span><span class="w"> </span><span class="ow">NOT</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">DISTRIBUTION</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">charlie</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="n">sig</span><span class="w"> </span><span class="mi">1</span><span class="n">B912854</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">09</span><span class="o">-</span><span class="mi">09</span><span class="w"> </span><span class="n">Bob___</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">ONLY</span><span class="w"> </span><span class="ow">NOT</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">DISTRIBUTION</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">bob</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+</code></pre></div>
+
<p>The key now has a signature from Bob's key - or so says the key. But Alice has met Bob. So, she lists the signatures for that key that may - or may not - be owned by Bob:</p>
-<pre><code> :::console
- $ gpg --list-sigs 1B912854
- pub 2048R/1B912854 2009-09-09
- uid Bob___ (EXAMPLE ONLY NOT FOR DISTRIBUTION) <bob@example.org>
- sig 3 1B912854 2009-09-09 Bob___ (EXAMPLE ONLY NOT FOR DISTRIBUTION) <bob@example.org>
- sig 81590910 2009-09-09 Alice (EXAMPLE ONLY NOT FOR DISTRIBUTION) <alice@example.org>
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="o">::</span><span class="err">:</span><span class="n">console</span>
+<span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">list</span><span class="o">-</span><span class="n">sigs</span><span class="w"> </span><span class="mi">1</span><span class="n">B912854</span>
+<span class="w"> </span><span class="n">pub</span><span class="w"> </span><span class="mi">2048</span><span class="n">R</span><span class="o">/</span><span class="mi">1</span><span class="n">B912854</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">09</span><span class="o">-</span><span class="mi">09</span>
+<span class="w"> </span><span class="n">uid</span><span class="w"> </span><span class="n">Bob___</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">ONLY</span><span class="w"> </span><span class="ow">NOT</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">DISTRIBUTION</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">bob</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="n">sig</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="mi">1</span><span class="n">B912854</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">09</span><span class="o">-</span><span class="mi">09</span><span class="w"> </span><span class="n">Bob___</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">ONLY</span><span class="w"> </span><span class="ow">NOT</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">DISTRIBUTION</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">bob</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+<span class="w"> </span><span class="n">sig</span><span class="w"> </span><span class="mi">81590910</span><span class="w"> </span><span class="mi">2009</span><span class="o">-</span><span class="mi">09</span><span class="o">-</span><span class="mi">09</span><span class="w"> </span><span class="n">Alice</span><span class="w"> </span><span class="p">(</span><span class="n">EXAMPLE</span><span class="w"> </span><span class="k">ONLY</span><span class="w"> </span><span class="ow">NOT</span><span class="w"> </span><span class="k">FOR</span><span class="w"> </span><span class="n">DISTRIBUTION</span><span class="p">)</span><span class="w"> </span><span class="o"><</span><span class="n">alice</span><span class="nv">@example</span><span class="p">.</span><span class="n">org</span><span class="o">></span>
+</code></pre></div>
+
<p>Alice finds it signed by <code>81590910</code> - the master key for this keyring. Alice can therefore trust that Charlie has signed the file provided so long as Alice trusts Bob to verify Charlie's identity.</p>
<h4 id="wot-automated">Automated trust<a class="headerlink" href="#wot-automated" title="Permanent link">¶</a></h4>
-<p>Most clients allow automation of this process of transitive trust resolution. This is easier and more convenient than by hand but clients differ in the amount of human control they provide. Some clients (including GnuPG) are highly configurable (allowing different trust models to be used) and allow finely grained control over trust placed in each signed key. For more details see <a href="https://www.gnupg.org/gph/en/manual.html" target="_blank">The GNU Privacy Handbook</a<</a></p>
-<h3 id="apache-wot">Code signing keys and the Web of Trust<a class="headerlink" href="#apache-wot" title="Permanent link">¶</a></h3>
+
+<p>Most clients allow automation of this process of transitive trust resolution. This is easier and more convenient than by hand but clients differ in the amount of human control they provide. Some clients (including GnuPG) are highly configurable (allowing different trust models to be used) and allow finely grained control over trust placed in each signed key. For more details see <a href="https://www.gnupg.org/gph/en/manual.html" target="_blank">The GNU Privacy Handbook</a<</p>
+<p><h3 id="apache-wot">Code signing keys and the Web of Trust<a class="headerlink" href="#apache-wot" title="Permanent link">¶</a></h3></p>
<p>It is vital that Apache code signing keys are linked into a strong <a href="release-signing.html#web-of-trust">web of trust</a>. This allows independent verification of the fidelity of Apache releases by anyone strongly linked to this web. In particular, this lets two important groups independently verify releases:</p>
<ul>
<li>The Apache Infrastructure Team</li>
@@ -834,15 +918,19 @@
</ul>
<p>The Apache web of trust is reasonably well connected to the wider-open source web of trust. Though every opportunity should be taken to link into wider networks, the most important action needs to be to plan to exchange signatures with other Apache committers.</p>
<h3 id="apache-wot-link">How to link into the Apache Web of Trust<a class="headerlink" href="#apache-wot-link" title="Permanent link">¶</a></h3>
+
<p>The process (explained below) is the same but the people are different: this means arranging to meet in person with Apache committers. For a global distributed organisation like Apache, this is not always easy and usually takes some planning.</p>
<h4 id="wot-apachecon">Keysigning at ApacheCon<a class="headerlink" href="#wot-apachecon" title="Permanent link">¶</a></h4>
+
<p>Apache organizes a major <a href="release-signing.html#key-signing-party">keysigning party</a> at every <a href="https://apachecon.com/" target="_blank">ApacheCon</a>. This is a great opportunity to collect dozens of signatures.</p>
<h4 id="wot-apache-other-events">Keysigning at other Apache events<a class="headerlink" href="#wot-apache-other-events" title="Permanent link">¶</a></h4>
+
<p>Other Apache events may also hold keysigning parties (and most will if asked). Typically, these will be smaller and less informal.</p>
<h4 id="wot-apache-party">Informal Apache meetings<a class="headerlink" href="#wot-apache-party" title="Permanent link">¶</a></h4>
+
<p>Smaller, informal Apache-sponsored meetings are also an opportunity to swap keys (as well as gossip) with other committers.</p>
-<p>Subscribe to the party list (see committer documentation) to find out about informal meetings. When you travel, take advantage of this opportunity to meet up with other Apache committers by posting to the party list. The <a href="<a href="https://community.zones.apache.org/map.html">https://community.zones.apache.org/map.html</a>" target="_blank>committer map shows locations for many committers. If there are committers near you, you can organise an informal meetup.</p>
-<h3 id="wot-link-in">How to link into a public web of trust<a class="headerlink" href="#wot-link-in" title="Permanent link">¶</a></h3>
+<p>Subscribe to the party list (see committer documentation) to find out about informal meetings. When you travel, take advantage of this opportunity to meet up with other Apache committers by posting to the party list. The <a href="https://community.zones.apache.org/map.html" target="_blank>committer map</a> shows locations for many committers. If there are committers near you, you can organise an informal meetup.</p>
+<p><h3 id="wot-link-in">How to link into a public web of trust<a class="headerlink" href="#wot-link-in" title="Permanent link">¶</a></h3></p>
<p>In short, expect that:</p>
<ul>
<li>this will involve a face-to-face meeting</li>
@@ -852,20 +940,21 @@
</ul>
<p>Bring the key <a href="release-signing.html#fingerprint">fingerprint</a> but keep the private key safely at home.</p>
<h4 id="wot-public-preparations">Be prepared<a class="headerlink" href="#wot-public-preparations" title="Permanent link">¶</a></h4>
+
<p>A small amount of preparation (before attending technical conferences or meetings) lets you exchange keys easily (if the other person is suitably prepared) or get your key signed if the opportunity presents itself. All that is required is suitable identification and the <a href="release-signing.html#fingerprint">public key fingerprint</a> (which can can be conveniently printed onto a small card).</p>
<h4 id="wot-public-keysigning">Keysigning parties<a class="headerlink" href="#wot-public-keysigning" title="Permanent link">¶</a></h4>
+
<p>The most effective way to achieve this is to attend a <a href="release-signing.html#key-signing-party">key signing party</a>. Apache and many other open-source organisations organize parties at their conferences. It may also be possible to arrange such a party at other events.</p>
<p>Expect to:</p>
<ul>
<li>bring identification</li>
-<li>bring a hard copy of your key's <a href="release-signing.html#fingerprint">fingerprint</a></li>
+<li>bring a hard copy of your key's <a href="release-signing.html#fingerprint">fingerprint</a> </li>
<li>supply the key ID or public key to the organiser before the party</li>
<li>check that the <a href="release-signing.html#fingerprint">fingerprint</a> for your key supplied by the organiser matches your hard copy</li>
<li>confirm this to those present</li>
</ul>
<p>Do <strong>not</strong> bring your private key. This <strong>must</strong> stay safe and secure at all times. Wait until the conference has finished and you have returned home before signing keys.</p>
<p>For more information, see this <a href="https://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html" target="_blank">guide</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/os-upgrade-policy.html b/output/os-upgrade-policy.html
index 9a9169d..ebf4636 100644
--- a/output/os-upgrade-policy.html
+++ b/output/os-upgrade-policy.html
@@ -73,15 +73,14 @@
<h1>
Operating system upgrade policy
</h1>
- <p>Infra supports Ubuntu long-term support (LTS) releases and Windows platforms.</p>
-<p>Some services are on a virtual machine (VM) on a host physical server, and some services run on "bare metal".</p>
+ <p>Infra supports Ubuntu long-term support (LTS) releases and Windows platforms. </p>
+<p>Some services are on a virtual machine (VM) on a host physical server, and some services run on "bare metal". </p>
<ul>
<li>When we move to a new machine running Ubuntu, we install the current stable version of the operating system.</li>
<li>Windows servers typically run Windows Server 2016 Standard. As we replace older physical machines with newer ones, we install the most recent stable version of Windows Server Standard that is available at the time of migration.</li>
<li>ASF Windows desktops typically run Windows 10 Professional. The migration pattern is as for the servers.</li>
<li>For builds, we run <a href="https://cwiki.apache.org/confluence/display/INFRA/Buildbot" target="_blank">Buildbot</a> on Windows desktops and <a href="https://cwiki.apache.org/confluence/display/INFRA/Jenkins" target="_blank">Jenkins</a> on Windows servers.</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/password-policy.html b/output/password-policy.html
index 654ec39..f4b0a81 100644
--- a/output/password-policy.html
+++ b/output/password-policy.html
@@ -73,35 +73,34 @@
<h1>
Committer password policy
</h1>
- <p>This page outlines the policy on committer passwords for LDAP accounts, and explains a bit
+ <p>This page outlines the policy on committer passwords for LDAP accounts, and explains a bit
about the logic behind it.</p>
<h3>Minimum password length: eight characters</h3>
<p>All passwords must have eight or more characters. You can use any combination of letters, numbers, special characters, and spaces, and there is no upper limit to the password length.</p>
<h3>Minimum password entropy size: 54 bits</h3>
-<p>Entropy size is a measure of how many attempts if would potentially take to crack the password, whether
-through brute-forcing, dictionary attacks or simply guessing. It is measured in bits that
-correspond to the size of the maximum number of attempts required in binary format. Thus,
-a password with an entropy size of 24 bits would require up to <code>2^24</code> == 16,777,216 attempts
-to crack. Entropy size is calculated as the length of the password (in characters/bytes),
-multiplied by the binary logarithmic (log2) of the alphabetical cardinality of the password,
-meaning the number of unique characters in the password.</p>
-<p>In the example password <code>I am Groot</code>, there are 10 characters in the string, and 8 unique
+<p>Entropy size is a measure of how many attempts if would potentially take to crack the password, whether
+through brute-forcing, dictionary attacks or simply guessing. It is measured in bits that
+correspond to the size of the maximum number of attempts required in binary format. Thus,
+a password with an entropy size of 24 bits would require up to <code>2^24</code> == 16,777,216 attempts
+to crack. Entropy size is calculated as the length of the password (in characters/bytes),
+multiplied by the binary logarithmic (log2) of the alphabetical cardinality of the password,
+meaning the number of unique characters in the password. </p>
+<p>In the example password <code>I am Groot</code>, there are 10 characters in the string, and 8 unique
characters in total (`I,a,m,G,r,o,t, and a whitespace), thus the entropy size is:</p>
-<p><img alt="entropy=10*\log{2}(8) => entropy=10 * 3 => entropy=30" src="../images/pwdpolicy-1.svg"/></p>
-<p>At the ASF, we require a minimum entropy size of <strong>54 bits</strong>, meaning it should require more than
+<p><img alt="entropy=10*\log{2}(8) => entropy=10 * 3 => entropy=30" src="../images/pwdpolicy-1.svg"></p>
+<p>At the ASF, we require a minimum entropy size of <strong>54 bits</strong>, meaning it should require more than
approximately 18 quadrillion attempts to brute-force a password.</p>
<h3>Minimum password complexity: 0.60</h3>
-<p>We also require a complexity degree of 0.60. Password complexity ranges from 0 to 1, where 0 is
-a password consisting of only the same letters over and over, and 1 means a password is
-long enough and with enough entropy to require quadrillions of computations to crack, and also
-has enough sequential variety to negate any speed improvements a malicious actor might employ in
+<p>We also require a complexity degree of 0.60. Password complexity ranges from 0 to 1, where 0 is
+a password consisting of only the same letters over and over, and 1 means a password is
+long enough and with enough entropy to require quadrillions of computations to crack, and also
+has enough sequential variety to negate any speed improvements a malicious actor might employ in
order to simplify or otherwise optimize an attempt at cracking a password.</p>
<p>The exact formula we use is as follows:</p>
-<p><img alt="complexity=1-\frac{2}{3}(2^{(-\frac{-\log_{2}(\frac{1-0.950}{1-\frac{1}{3}})}{90}*(entropy-30)})" src="../images/pwdpolicy-2.svg"/></p>
-<p>Our <a href="https://id.apache.org" target="_blank">self-serve page for (re)setting passwords</a> can provide you with
-an instant assessment of your password strength using these requirements, to help you find a
+<p><img alt="complexity=1-\frac{2}{3}(2^{(-\frac{-\log_{2}(\frac{1-0.950}{1-\frac{1}{3}})}{90}*(entropy-30)})" src="../images/pwdpolicy-2.svg"></p>
+<p>Our <a href="https://id.apache.org" target="_blank">self-serve page for (re)setting passwords</a> can provide you with
+an instant assessment of your password strength using these requirements, to help you find a
password that is sufficiently strong.</p>
-
</div>
</div>
</div>
diff --git a/output/patch.html b/output/patch.html
index fdfc60a..17e2b83 100644
--- a/output/patch.html
+++ b/output/patch.html
@@ -85,15 +85,16 @@
</ol>
<p>If all this works, you can create your patch. Remove all build products and remnants (like any 'build', 'dist' or 'bin' directories) from the module tree, then build the actual patch. Here's how to do it using the command line SVN client under unix:</p>
<p>Apache projects prefer the unified diff format. The subversion tool creates that automatically. If you use other tools, please refer to their documentation for details on setting the diff format.</p>
-<pre><code> # location where the modules are stored
- cd checkout</p>
-<div class="codehilite"><pre><span class="c"># directory of the module</span>
-<span class="n">cd</span> <span class="n">site</span>
+<div class="highlight"><pre><span></span><code><span class="w"> </span>#<span class="w"> </span>location<span class="w"> </span>where<span class="w"> </span>the<span class="w"> </span>modules<span class="w"> </span>are<span class="w"> </span>stored
+<span class="w"> </span>cd<span class="w"> </span>checkout<span class="nt"></p></span>
+<span class="nt"><div</span><span class="w"> </span><span class="na">class=</span><span class="s">"codehilite"</span><span class="nt">><pre><span</span><span class="w"> </span><span class="na">class=</span><span class="s">"c"</span><span class="nt">></span>#<span class="w"> </span>directory<span class="w"> </span>of<span class="w"> </span>the<span class="w"> </span>module<span class="nt"></span></span>
+<span class="nt"><span</span><span class="w"> </span><span class="na">class=</span><span class="s">"n"</span><span class="nt">></span>cd<span class="nt"></span></span><span class="w"> </span><span class="nt"><span</span><span class="w"> </span><span class="na">class=</span><span class="s">"n"</span><span class="nt">></span>site<span class="nt"></span></span>
-<span class="c"># creation of the diff</span>
-<span class="n">svn</span> <span class="nb">diff</span> <span class="o">&gt;</span> <span class="n">site</span><span class="p">.</span><span class="nb">patch</span>
-</pre></div>
-</code></pre>
+<span class="nt"><span</span><span class="w"> </span><span class="na">class=</span><span class="s">"c"</span><span class="nt">></span>#<span class="w"> </span>creation<span class="w"> </span>of<span class="w"> </span>the<span class="w"> </span>diff<span class="nt"></span></span>
+<span class="nt"><span</span><span class="w"> </span><span class="na">class=</span><span class="s">"n"</span><span class="nt">></span>svn<span class="nt"></span></span><span class="w"> </span><span class="nt"><span</span><span class="w"> </span><span class="na">class=</span><span class="s">"nb"</span><span class="nt">></span>diff<span class="nt"></span></span><span class="w"> </span><span class="nt"><span</span><span class="w"> </span><span class="na">class=</span><span class="s">"o"</span><span class="nt">></span><span class="ni">&gt;</span><span class="nt"></span></span><span class="w"> </span><span class="nt"><span</span><span class="w"> </span><span class="na">class=</span><span class="s">"n"</span><span class="nt">></span>site<span class="nt"></span><span</span><span class="w"> </span><span class="na">class=</span><span class="s">"p"</span><span class="nt">></span>.<span class="nt"></span><span</span><span class="w"> </span><span class="na">class=</span><span class="s">"nb"</span><span class="nt">></span>patch<span class="nt"></span></span>
+<span class="nt"></pre></div></span>
+</code></pre></div>
+
<p>The Subversion client now examines all subdirectories for changed files, then compares the changed file to the one on the server. It generates the
patch.</p>
<p>The '>' redirection results in the resulting patch being put in a text file named (in this case) <code>site.patch</code>.</p>
@@ -101,7 +102,7 @@
<h3>Using Git</h3>
<p>See <a href="git-primer.html">Getting started with Git</a> for general information.</p>
<p>The general pattern for creating and submitting a patch for a project using Git is:</p>
-<ol start="0">
+<ol>
<li>Before you start: talk to the project team! Somebody else may be working on the same thing, or there may be some not-obvious reason why what you are proposing would take the project in a different direction from its current path. Usually, you will get a "Great! Go ahead," response; and if you find out your proposed change is not needed for some reason, you will have saved some time for some other initiative.</li>
<li>Create and download a branch of the project.</li>
<li>In that branch, on your local computer, change the source files to incorporate your change or addition. Make sure you provide appropriate source code documentation and follow the project's coding conventions.</li>
@@ -115,7 +116,6 @@
<p>A very few projects don't use an issue tracker. In that case, send the patch as an attachment to an e-mail with a subject prefixed with "<code>[PATCH]</code>", to the appropriate development mailing list. If the patch is large, please ask before e-mailing it in case there is a better way to provide it.</p>
<p>Supply a different patch per issue. A patch can span multiple files but you should normally try not to fix multiple bugs in a single patch, unless those bugs are intimately related.</p>
<p>Be patient if your patch is not applied as fast as you'd like (open source developers are all volunteers, often doing the development in their spare time) or a developer asks you to make changes to the patch. If you do not receive any feedback in a reasonable amount of time (say, a week or two), feel free to send a follow-up e-mail to the developer list.</p>
-
</div>
</div>
</div>
diff --git a/output/pelican-buildbot.html b/output/pelican-buildbot.html
index 5a63781..b2179e0 100644
--- a/output/pelican-buildbot.html
+++ b/output/pelican-buildbot.html
@@ -81,8 +81,7 @@
<p>The repository structure for your Pelican project website has three key directories and a configuration file.</p>
<p>The directories are:</p>
<ul>
-<li><strong>content/pages</strong>: holds the static pages for your website. You write and edit them using GFM.
-<ul>
+<li><strong>content/pages</strong>: holds the static pages for your website. You write and edit them using GFM.<ul>
<li>Each page is a <code>.md</code> file.</li>
<li>The first line is <code>Title:</code> and the name of the page.</li>
<li>the second line is <code>Date:</code> and the date of the current version of the page.</li>
@@ -93,13 +92,11 @@
</ul>
<p>The configuration file is <code>pelicanconf.py</code>.</p>
<h3>Setting up a Pelican website on Git</h3>
-<p>Create the repository for the website content using the <a href="https://gitbox.apache.org/setup/newrepo.html" target="_blank">GitBox's Boxer self service tool</a> (<a href="https://gitbox.apache.org/setup/newrepo.html">https://gitbox.apache.org/setup/newrepo.html</a>).</p>
+<p>Create the repository for the website content using the <a href="https://gitbox.apache.org/setup/newrepo.html" target="_blank">GitBox's Boxer self service tool</a> (https://gitbox.apache.org/setup/newrepo.html).</p>
<ol>
+<li>Clone the repository to a local workspace</li>
<li>
-<p>Clone the repository to a local workspace</p>
-</li>
-<li>
-<p>Run <code>pelican-quickstart</code> in the root of the repository on the master branch.</p>
+<p>Run <code>pelican-quickstart</code> in the root of the repository on the master branch. </p>
<ul>
<li>The script asks where you want to create the website. Accept " . ", the default, unless you have a specific location in mind for it.</li>
<li>Use $PROJECTNAME for the site title.</li>
@@ -116,13 +113,13 @@
</li>
</ol>
<p>In your site repository, run the following commands:</p>
-<pre><code>for x in "content/pages content/articles theme/plugins"; do mkdir -p $x; done
+<div class="highlight"><pre><span></span><code>for x in "content/pages content/articles theme/plugins"; do mkdir -p $x; done
rm -rf output publishconf.py
-echo -e "\nPLUGIN_PATHS=['./theme/plugins']\nPLUGINS=[]\n" >> pelicanconf.py
-echo -e "pelican\nbeautifulsoup4" >> requirements.txt
+echo -e "\nPLUGIN_PATHS=['./theme/plugins']\nPLUGINS=[]\n" >> pelicanconf.py
+echo -e "pelican\nbeautifulsoup4" >> requirements.txt
+</code></pre></div>
-</code></pre>
-<ol start="4">
+<ol>
<li>Commit and push your changes.</li>
<li>Set up continuous integration (CI): use the <a href="https://cwiki.apache.org/confluence/display/INFRA/git+-+.asf.yaml+features" target="_blank">asf.yaml</a> mechanism to have Pelican build and, optionally, publish your website.</li>
</ol>
@@ -134,7 +131,6 @@
<p>Pelican provides a range of <a href="http://www.pelicanthemes.com/" target="_blank">themes</a> that can help you develop a pleasing site without too much effort. Be sure to specify the directory containing the 'static' and 'templates' directories as <code>theme:</code> in the .asf.yaml file.</p>
<h3>Pelican plugins</h3>
<p>There is a directory of <a href="https://github.com/getpelican/pelican-plugins/" target="_blank">Pelican plugins</a> that deliver extra functionality for a website.</p>
-
</div>
</div>
</div>
diff --git a/output/policies.html b/output/policies.html
index f887d16..5e691ae 100644
--- a/output/policies.html
+++ b/output/policies.html
@@ -83,31 +83,24 @@
<li><a href="password-policy.html">Password requirements</a></li>
</ul>
<h2>Projects</h2>
-<p><strong>Code repositories</strong></p>
-<ul>
-<li><a href="project-repo-policy.html">Project code repositories</a></li>
-<li><a href="github-actions-policy.html">GitHub Actions</a></li>
-</ul>
-<p><strong>Releases</strong></p>
-<ul>
-<li><a href="https://www.apache.org/legal/apply-license.html" target="_blank">Applying the Apache 2.0 license</a></li>
-<li><a href="docker-hub-policy.html">Docker Hub policy</a></li>
-<li><a href="release-distribution.html">Release distribution policy</a></li>
-<li><a href="release-download-pages.html">Release download pages policy</a></li>
-<li><a href="nightlies.html">Project use of nightlies.a.o</a></li>
-</ul>
-<p><strong>Other</strong></p>
-<ul>
-<li><a href="app-upgrade-policy.html">Application upgrades</a></li>
-<li><a href="backup-policy.html">Backups</a> for systems and content</li>
-<li><a href="os-upgrade-policy.html">Operating system upgrades</a></li>
-<li><a href="project-site-policy.html">Top-Level Project sites</a></li>
-<li><a href="vm-policy.html">Virtual machines for projects</a></li>
-<li><a href="jira-approve-account.html">Approving Jira account requests</a></li>
-</ul>
+<p><strong>Code repositories</strong>
+- <a href="project-repo-policy.html">Project code repositories</a>
+- <a href="github-actions-policy.html">GitHub Actions</a></p>
+<p><strong>Releases</strong>
+- <a href="https://www.apache.org/legal/apply-license.html" target="_blank">Applying the Apache 2.0 license</a>
+- <a href="docker-hub-policy.html">Docker Hub policy</a>
+- <a href="release-distribution.html">Release distribution policy</a>
+- <a href="release-download-pages.html">Release download pages policy</a>
+- <a href="nightlies.html">Project use of nightlies.a.o</a></p>
+<p><strong>Other</strong>
+- <a href="app-upgrade-policy.html">Application upgrades</a>
+- <a href="backup-policy.html">Backups</a> for systems and content
+- <a href="os-upgrade-policy.html">Operating system upgrades</a>
+- <a href="project-site-policy.html">Top-Level Project sites</a>
+- <a href="vm-policy.html">Virtual machines for projects</a>
+- <a href="jira-approve-account.html">Approving Jira account requests</a></p>
<h2>Infrastructure team</h2>
<p>The Apache Infrastructure Team (Infra) operates under the <a href="https://www.apache.org/foundation/policies/conduct.html" target="_blank">ASF Code of Conduct</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/project-blogs.html b/output/project-blogs.html
index 2aa05b0..9a9ee39 100644
--- a/output/project-blogs.html
+++ b/output/project-blogs.html
@@ -80,7 +80,7 @@
<h3>Requesting a project blog</h3>
<p>You no longer have to request a blog from Infra. If your project doesn't currently have a blog, you should discuss this on the project mailing lists and come to a decision about the blogging software to use before moving forward.</p>
<h3>Getting editor access</h3>
-<p>Your blog code should be in your project's website repo or another separate GitHub/GitBox repo. Access is controlled via the same process as committing code to any other ASF repo. Contributors can use PRs to create new content that can be reviewed by the project and then approved to be published.</p>
+<p>Your blog code should be in your project's website repo or another separate GitHub/GitBox repo. Access is controlled via the same process as committing code to any other ASF repo. Contributors can use PRs to create new content that can be reviewed by the project and then approved to be published. </p>
<h3>Working with your blog</h3>
<p>This is not a personal blog; it is part of the way your project presents itself to the world. The PMC should approve a plan that covers</p>
<ul>
@@ -91,7 +91,6 @@
</ul>
<h3>What's next for blogs.apache.org?</h3>
<p>Moving forward, Infra will set up an aggregator which will work the way Roller did, gathering the latest posts from each project blog into one page. We have no timeline for making this available yet.</p>
-
</div>
</div>
</div>
diff --git a/output/project-names.html b/output/project-names.html
index 2c8a897..b641bba 100644
--- a/output/project-names.html
+++ b/output/project-names.html
@@ -74,7 +74,6 @@
Project and product names
</h1>
<p>This information is available in the <a href="https://apache.org/foundation/marks/pmcs.html#naming" target="_blank">Project Naming Policy</a> section of the page on website branding policy.</p>
-
</div>
</div>
</div>
diff --git a/output/project-repo-policy.html b/output/project-repo-policy.html
index d80a12f..a0e48f1 100644
--- a/output/project-repo-policy.html
+++ b/output/project-repo-policy.html
@@ -77,7 +77,7 @@
<ul>
<li>Each project can have a public directory in the Subversion repository, or as many public Git repositories as their work requires.</li>
<li>Each project can request (using a Jira ticket) that Infra set up <strong>a temporary private Git repository fork</strong> for use with tasks, such as fixing security issues in project code, that should not be publicly available. The PMC must explain its need of a private fork in the Jira ticket. Forks will be tied to Jira tickets or CVEs such that upon completion of the work, the private fork can be decommissioned by Infra.</li>
-<li>Private repos <strong>must</strong> have commit/PR/issues emails sent to the project's <code>private@</code> list.</li>
+<li>Private repos <strong>must</strong> have commit/PR/issues emails sent to the project's <code>private@</code> list. </li>
<li>To follow the Infra convention, name project repos in the pattern <code>$project-$reponame</code> in order to map the project LDAP group to the permissions scheme.</li>
</ul>
<h3>Git repositories</h3>
@@ -91,8 +91,7 @@
<h4>Git customizations</h4>
<p>Git offers a number of customizations for committing code to a repository. Apache does not support all of them for its projects. For instance:</p>
<ul>
-<li><strong>supported</strong>
-<ul>
+<li><strong>supported</strong><ul>
<li><a href="https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-the-automatic-deletion-of-branches" target="_blank">Head branches automatically deleted after pull requests are merged</a>.</li>
<li><a href="https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-squashing-for-pull-requests" target="_blank">Commit squashing for pull requests</a>.</li>
<li><a href="https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-squashing-for-pull-requests" target="_blank">Default to pull request titles for squash commits</a>.</li>
@@ -104,8 +103,7 @@
</ul>
<p>To deploy one of these customizations for your project's repository, ask Infra for help via a Jira ticket.</p>
<ul>
-<li><strong>not supported</strong>
-<ul>
+<li><strong>not supported</strong><ul>
<li><a href="https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository" target="_blank">Auto-merge of pull requests</a>.</li>
<li><a href="https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue" target="_blank">Merge queues</a>. This feature is in limited beta.</li>
</ul>
@@ -123,7 +121,6 @@
<li>However, if projects create and house their documentation inside the ASF, statement 2 applies to it.</li>
</ol>
<p>Since the primary presence of an Apache project must be within Apache, there is an argument for storing project documentation in its own repository alongside the project's code repository. This practice also makes it easier for project committers to move from committing new features, or updates to existing features, to writing about them for the project's users.</p>
-
</div>
</div>
</div>
diff --git a/output/project-site-policy.html b/output/project-site-policy.html
index 4149086..d94c180 100644
--- a/output/project-site-policy.html
+++ b/output/project-site-policy.html
@@ -77,12 +77,11 @@
<p>Whimsy's <a href="https://whimsy.apache.org/site/" target="_blank">Apache Project Website Checks</a> tool periodically reviews all TLP websites to provide a report on how well they comply with that policy, and to identify issues that a project may need to address.</p>
<p>From Infra's point of view:</p>
<ol>
-<li>Each TLP's website <strong>must</strong> be hosted on ASF-operated hardware, or on an approved alternative such as WordPress or GitHub Pages. Consult with Infra if you are considering a host not mentioned here.</li>
+<li>Each TLP's website <strong>must</strong> be hosted on ASF-operated hardware, or on an approved alternative such as WordPress or GitHub Pages. Consult with Infra if you are considering a host not mentioned here. </li>
<li>The website's source code must be stored in an ASF Git or Subversion repository to track the site's change history and so the source code is available for download.</li>
<li>The website's source code must be available under the current <a href="https://www.apache.org/licenses/LICENSE-2.0" target="_blank">Apache license</a>.</li>
</ol>
<p>See more about <a href="project-site.html">developing your project site</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/project-site.html b/output/project-site.html
index 890e450..2182a52 100644
--- a/output/project-site.html
+++ b/output/project-site.html
@@ -81,7 +81,9 @@
<li><a href="#sitemanagement">Site management</a></li>
<li><a href="#preview">Previewing the website</a></li>
</ul>
+
<h2 id="planning">Planning the project website<a class="headerlink" href="#planning" title="Permanent link">¶</a></h2>
+
<p>Your project team wants to build an excellent application that solves a problem, simplifies a process, or breaks new ground. You also want people to find it, try it, and adopt it. Your project website is key to attracting and engaging both contributors to project development and people and organizations that will become part of your user community.</p>
<p>Your website <strong>must</strong></p>
<ul>
@@ -100,6 +102,7 @@
</ul>
<p>Once you have outlined the content that will be on the website, and decided how and where to display it, you need to decide how to build the site.</p>
<h2 id="default">Creating the website<a class="headerlink" href="#default" title="Permanent link">¶</a></h2>
+
<p>Projects are free to choose their own styles and layout for websites, and have a range of options for actually creating the pages. The goal is to create an informative and useful <strong>static</strong> HTML website that can engage visitors, explain your project to them, and provide download links and documentation so they can use your project's applications.</p>
<h3>JavaScript issues</h3>
<p>Many TLP sites use JavaScript (JS) to provide functions ranging from menu navigation to animations and image galleries. While JS can enhance the site experience for most visitors, it can pose problems:</p>
@@ -117,18 +120,18 @@
<li>Completely static output is easy to host anywhere.</li>
</ul>
<p>Pelican has paths to <a href="https://docs.getpelican.com/en/stable/importer.html#import" target="_blank">migrate existing websites from many technologies</a>, including Blogger, Dotclear, Posterous, Tumblr, WordPress, and RSS/Atom.</p>
-<p>Any ASF project can use the <a href="asf-pelican.html"><strong>ASF-Pelican template</strong></a> as the basis for their project website.</p>
+<p>Any ASF project can use the <a href="asf-pelican.html"><strong>ASF-Pelican template</strong></a> as the basis for their project website. </p>
<p>See a how-to on using <a href="pelican-buildbot.html">Pelican and Buildbot</a> to develop and deploy a project website.</p>
<p>Pelican supports both flat websites and those that have subdirectories. For the latter, Pelican provides a <a href="https://github.com/akhayyat/pelican-page-hierarchy" target="_blank">plugin</a>.</p>
-<p>Browse a <a href="https://github.com/getpelican/pelican-plugins/" target="_blank">collection of Pelican plugins</a> to find others that support functionality you want to add to your site.</p>
-<p>This <a href="https://github.com/search?q=topic%3Apelican+org%3Aapache&type=Repositories" target="_blank">GitHub query</a> returns ASF repositories
+<p>Browse a <a href="https://github.com/getpelican/pelican-plugins/" target="_blank">collection of Pelican plugins</a> to find others that support functionality you want to add to your site. </p>
+<p>This <a href="https://github.com/search?q=topic%3Apelican+org%3Aapache&type=Repositories" target="_blank">GitHub query</a> returns ASF repositories
which have the <code>pelican</code> Topic. You can review them as examples of Pelican in action.</p>
<h4>Jekyll</h4>
<p><a href="https://jekyllrb.com/" target="_blank">Jekyll</a> is a straightforward tool for developing blogs or static websites using Markdown, and it is easy to deploy the resulting website as GitHub Pages. There are many tutorials online about doing this.</p>
<h4>Hugo</h4>
-<p>At least <a href="https://github.com/search?q=topic%3Ahugo+org%3Aapache&type=Repositories" target="_blank">six ASF projects</a> use <a href="https://gohugo.io/" target="_blank">Hugo</a>, an open-source framework for building static web sites.</p>
+<p>At least <a href="https://github.com/search?q=topic%3Ahugo+org%3Aapache&type=Repositories" target="_blank">six ASF projects</a> use <a href="https://gohugo.io/" target="_blank">Hugo</a>, an open-source framework for building static web sites.</p>
<h4>JBake</h4>
-<p>At least <a href="https://github.com/search?q=topic%3Ajbake+org%3Aapache&type=Repositories" target="_blank">two ASF projects</a> use <a href="https://jbake.org/" target="_blank">JBake</a>, a Java-based tool for building static web sites.</p>
+<p>At least <a href="https://github.com/search?q=topic%3Ajbake+org%3Aapache&type=Repositories" target="_blank">two ASF projects</a> use <a href="https://jbake.org/" target="_blank">JBake</a>, a Java-based tool for building static web sites.</p>
<h4>MKDocs</h4>
<p><a href="https://www.mkdocs.org/" target="_blank">MKDocs</a> is a static site generator designed for creating project documentation. However, at least one ASF project uses it to build their entire project website. See <a href="asfyaml-mkdocs.html">this note</a> on the build sequence to use to preserve your project site's <a href="asf-yaml.html">.asf.yaml</a> file.</p>
<h4>Basic website template in Markdown</h4>
@@ -136,7 +139,7 @@
<h4>HTML files</h4>
<p>You can use any other tool that generates static HTML pages, or hand-code those pages. You then check them into your project's website repository. The check-in will trigger a site update.</p>
<h4>Custom website directives using .htaccess files</h4>
-<p>Project websites can make use of .htaccess files for setting up custom redirects and other tweaks to the handling of requests. The default <a href="https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride">AllowOverride</a> setting is <code>All</code>,
+<p>Project websites can make use of .htaccess files for setting up custom redirects and other tweaks to the handling of requests. The default <a href="https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride">AllowOverride</a> setting is <code>All</code>,
which generally enables any sort of redirects or rewrites (using <code>RewriteRule</code>, <code>Redirect</code>, etc.). Some project websites have custom settings in their dedicated virtual host configuration, which may require asking the Infrastructure Team for assistance. If you are in doubt, ask.</p>
<h3>Tools not supported</h3>
<h4>GitHub Pages</h4>
@@ -148,29 +151,33 @@
<p>The convention is to name the repository <code>$project-site.git</code>, for instance <code>httpd-site.git</code>.</p>
<p>Copy whatever you need to start a build into the master branch of the new repository. This will act as the base of the build process.</p>
<h3>3. The build process</h3>
-<p>Configure Pelican or Jekyll to build the site automatically when its contents change, using <a href="asf-yaml.html">.asf.yaml</a> and Buildbot.</p>
+<p>Configure Pelican or Jekyll to build the site automatically when its contents change, using <a href="asf-yaml.html">.asf.yaml</a> and Buildbot. </p>
<h3>4. A staging website</h3>
<p>Using <a href="asf-yaml.html">.asf.yaml</a> with a Git repository, once you have your generated web site committed and pushed to a branch, you can set up a staging web site to test your changes before publishing them to your main web site.</p>
<p>To do so, add or edit <code>.asf.yaml</code> in the staging branch (where the build output is generated) and add the following (assuming your staging branch is asf-staging):</p>
-<pre><code>staging:
- profile: ~
- whoami: asf-staging
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">staging</span><span class="o">:</span>
+<span class="w"> </span><span class="n">profile</span><span class="o">:</span><span class="w"> </span><span class="o">~</span>
+<span class="w"> </span><span class="n">whoami</span><span class="o">:</span><span class="w"> </span><span class="n">asf</span><span class="o">-</span><span class="n">staging</span>
+</code></pre></div>
+
<p>Upon commits to this branch, your staging web site will appear with the latest output at: <code>https://$project.staged.apache.org/</code>
For more details, see <a href="asf-yaml.html">.asf.yaml</a>.</p>
<h3>5. Publishing</h3>
<p>When you are ready to publish a branch of your Git web site repository to your project web site, you can use <code>.asf.yaml</code>:</p>
-<pre><code>publish:
- whoami: asf-site
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">publish</span><span class="o">:</span>
+<span class="w"> </span><span class="n">whoami</span><span class="o">:</span><span class="w"> </span><span class="n">asf</span><span class="o">-</span><span class="n">site</span>
+</code></pre></div>
+
<p>For more detailed procedures, see see <a href="asf-yaml.html">.asf.yaml</a>.</p>
<h2 id="sitemanagement">Site management</h2>
-<p>The basic requirements for site management are that</p>
+
+<p>The basic requirements for site management are that </p>
<ul>
<li>only committers should be able to modify the site.</li>
<li>notifications of all site changes are sent to the relevant project mailing lists.</li>
</ul>
<h3 id="tools">Management tools<a class="headerlink" href="#tools" title="Permanent link">¶</a></h3>
+
<p>Infra supports these tools for publishing and maintaining Apache project websites:</p>
<ul>
<li><strong><a href="asf-pelican.html">Site template</a></strong> streamlines migration of an existing project site on the deprecated CMS, and creation of new project sites.</li>
@@ -182,25 +189,30 @@
<h3>Build tools</h3>
<p>Infra provides these build tools:</p>
<ul>
-<li><strong>Jenkins</strong> is an open-source automation server that supports building, deploying and automating a project. Infra resources on Jenkins start <a href="https://cwiki.apache.org/confluence/display/INFRA/Jenkins" target="_blank">here</a>.</li>
-<li><strong>Buildbot</strong> is a job scheduling system: it queues jobs, executes the jobs when the required resources are available, and reports the results.</li>
+<li><strong>Jenkins</strong> is an open-source automation server that supports building, deploying and automating a project. Infra resources on Jenkins start <a href="https://cwiki.apache.org/confluence/display/INFRA/Jenkins" target="_blank">here</a>. </li>
+<li><strong>Buildbot</strong> is a job scheduling system: it queues jobs, executes the jobs when the required resources are available, and reports the results. </li>
</ul>
<h3 id="logging">Logging<a class="headerlink" href="#logging" title="Permanent link">¶</a></h3>
+
<p>The build output from your job when you compile your site is available from either Buildbot or Jenkins, depending on which you use.</p>
<h3 id="svnpubsub-revision">Finding the site revision number<a class="headerlink" href="#svnpubsub-revision" title="Permanent link">¶</a></h3>
+
<p>This only applies to <em>SVN based websites</em>.</p>
-<p>Look at the <code>.revision</code> file at the root of your site (for example, <a href="http://subversion.apache.org/.revision" target="_blank"><a href="http://subversion.apache.org/.revision">http://subversion.apache.org/.revision</a></a>). That file updates after every successful svn update. (If the update is underway or exited abnormally, <code>.revision</code> won't have changed.)</p>
+<p>Look at the <code>.revision</code> file at the root of your site (for example, <a href="http://subversion.apache.org/.revision" target="_blank">http://subversion.apache.org/.revision</a>). That file updates after every successful svn update. (If the update is underway or exited abnormally, <code>.revision</code> won't have changed.)</p>
<h3>Topics in GitHub</h3>
<p>If you're managing an ASF website repository in GitHub, please add <code>website</code> and <code><TOOL></code> Topics to it, where <code><TOOL></code> is the name of the tool you are using to generate the website, like <code>pelican</code> or <code>hugo</code>. This helps others who are looking for an example of use of that tool find your repository, with queries like
-<a href="https://github.com/search?q=org%3Aapache+topic%3Ahugo" target="_blank">this one</a>.</p>
+ <a href="https://github.com/search?q=org%3Aapache+topic%3Ahugo" target="_blank">this one</a>.</p>
<p>You can use the <a href="asf-yaml.html">.asf.yaml</a> mechanism to add those Topics.</p>
<h3 id="mail">Providing public access to the project's mail archive mbox files<a class="headerlink" href="#mail" title="Permanent link">¶</a></h3>
+
<p>Some projects have a "mail" directory at the top of their project website. Enable this by creating a symbolic link to <code>/home/apmail/public-arch/$tlp.apache.org</code> in <code>svnpubsub</code>.</p>
<p>See more <a href="https://apache.org/dev/#mail" target="_blank">notes about project mail</a>.</p>
<h3 id="feather">Using the project's favicon<a class="headerlink" href="#feather" title="Permanent link">¶</a></h3>
+
<p>To use a custom favicon for your project's website, add the <code>favicon.ico</code> file to your site's root directory. The ASF feather appears for project sites that don't have a <code>favicon.ico</code> file.</p>
<h3 id="generated">Minimizing the number of changes committed in the project's Maven- or JavaDoc- generated site<a class="headerlink" href="#generated" title="Permanent link">¶</a></h3>
-<p>If you are using <code>svnpubsub</code>, the commit performs very slowly if the number of changes is large, particularly if the number of files is also large. This is often the case with JavaDoc, and to a lesser extent with Maven-generated sites.</p>
+
+<p>If you are using <code>svnpubsub</code>, the commit performs very slowly if the number of changes is large, particularly if the number of files is also large. This is often the case with JavaDoc, and to a lesser extent with Maven-generated sites. </p>
<p>To speed up the commit:</p>
<ul>
<li>When running JavaDoc, pass the <code>-notimestamp</code> option. This will avoid most files from being modified between runs if there haven't been code changes.</li>
@@ -212,11 +224,11 @@
<li>Avoid publishing Maven reports that change constantly to the project site. Code coverage, style reports, static analysis, etc. can be generated into working copies on the CI server instead for easy developer viewing.</li>
</ul>
<h2 id="preview">Previewing the website<a class="headerlink" href="#preview" title="Permanent link">¶</a></h2>
+
<ul>
<li>For svnpubsub sites, review the local files in your svn checkout before committing them. The changes will be published immediately after you commit them.</li>
<li>There is no preview mode for <code>pypubsub</code>. You should ideally have a way to build and test the website locally.</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/publishing-maven-artifacts.html b/output/publishing-maven-artifacts.html
index d8788ec..d9ec98f 100644
--- a/output/publishing-maven-artifacts.html
+++ b/output/publishing-maven-artifacts.html
@@ -78,12 +78,12 @@
<p><strong>Note</strong> make sure you are using version 3.0.5 or newer of Maven. You can <a href="https://maven.apache.org/download.cgi" target="_blank">download</a> and install the latest version of Maven before continuing.</p>
<h2>Setting up your project in the ASF Nexus Repository</h2>
<p>The <a href="https://repository.apache.org/">ASF Nexus repository</a> enforces security by constraining who can deploy or release a project's artifacts. Nexus maps which artifacts (usually by GroupId) your project produces. This is particularly helpful in preventing accidental releases of a project.</p>
-<p>Before a project can use the repository to release Maven artifacts, it must be configured in Nexus. This is generally a quick and easy process. To get set up, <a href="https://issues.apache.org/jira/secure/CreateIssueDetails!init.jspa?issuetype=3&priority=3&pid=10410&components=12312660&summary=Enable+Nexus+Access+For+[insert+project]&description=Project+URL:%0D%0DSVN+URL:%0D%0DMaven+Group+Ids:%0D%0DManaged+By+This+TLP+Project:" target="_blank">use this link</a> to create a Jira ticket with the following information:</p>
+<p>Before a project can use the repository to release Maven artifacts, it must be configured in Nexus. This is generally a quick and easy process. To get set up, <a href="https://issues.apache.org/jira/secure/CreateIssueDetails!init.jspa?issuetype=3&priority=3&pid=10410&components=12312660&summary=Enable+Nexus+Access+For+[insert+project]&description=Project+URL:%0D%0DSVN+URL:%0D%0DMaven+Group+Ids:%0D%0DManaged+By+This+TLP+Project:" target="_blank">use this link</a> to create a Jira ticket with the following information:</p>
<ul>
<li><strong>Project URL</strong>: a link to your project page (usually <code>https://<project>.apache.org/</code>).</li>
<li><strong>SVN URL</strong>: where you store your source code, in case Infra needs to look up more information.</li>
<li><strong>Maven Group IDs</strong>: a list of the groupIDs for this project. They should all be subgroups of <code>org.apache</code>.</li>
-<li><strong>Managed By This TLP Project</strong>: if this is a subproject, list the TLP that is responsible. Subprojects usually don't have their own LDAP group, so we need the TLP LDAP group for permissions.</li>
+<li><strong>Managed By This TLP Project</strong>: if this is a subproject, list the TLP that is responsible. Subprojects usually don't have their own LDAP group, so we need the TLP LDAP group for permissions. </li>
</ul>
<p>If you have specific questions or concerns, please call them out in the ticket.</p>
<p>Once you file the Jira ticket, Infra will do the following:</p>
@@ -97,37 +97,39 @@
<p>To use the ASF Nexus repository, follow these steps.</p>
<h3>Inherit the Apache POM</h3>
<p>Inherit the Apache Parent POM like this:</p>
-<pre><code><parent>
- <groupId>org.apache</groupId>
- <artifactId>apache</artifactId>
- <version>23</version>
-</parent>
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="nt"><parent></span>
+<span class="w"> </span><span class="nt"><groupId></span>org.apache<span class="nt"></groupId></span>
+<span class="w"> </span><span class="nt"><artifactId></span>apache<span class="nt"></artifactId></span>
+<span class="w"> </span><span class="nt"><version></span>23<span class="nt"></version></span>
+<span class="nt"></parent></span>
+</code></pre></div>
+
<p>This parent POM sets up the defaults so your <code><distributionManagement></code> section uses the correct release and snapshot repositories. Be sure to remove those from your POM so they inherit correctly. Keep the entry for deploying your site (if you use Maven to deploy your site). If you do, we suggest you use <code>apache.website</code> as the ID to better match the settings below and to save the sanity of committers working on multiple projects.</p>
<p>The POM also provides a default configuration to make sure that a correct source archive is created for your project. This is separate and in addition to the typical <code>-sources.jar</code> that is created.</p>
<h3>Set up your development environment</h3>
<p>You must sign all artifacts with a key that is publicly verifiable. Follow the instructions here to get your keys created and environment set up.</p>
<p><strong>Note</strong>: We recommend that you use <a href="https://maven.apache.org/guides/mini/guide-encryption.html" target="_blank">Maven's password encryption capabilities</a> for your passwords. <strong>Do not</strong> store your signing key in <code>settings.xml</code>.</p>
<p>The <a href="https://maven.apache.org/plugins/maven-gpg-plugin/" target="_blank">gpg plugin</a> can prompt for the key (input is masked) or you can configure it to use an agent.</p>
-<pre><code><settings>
+<div class="highlight"><pre><span></span><code><span class="nt"><settings></span>
...
- <servers>
- <!-- To publish a snapshot of your project -->
- <server>
- <id>apache.snapshots.https</id>
- <username> <!-- YOUR APACHE LDAP USERNAME --> </username>
- <password> <!-- YOUR APACHE LDAP PASSWORD (encrypted) --> </password>
- </server>
- <!-- To stage a release of your project -->
- <server>
- <id>apache.releases.https</id>
- <username> <!-- YOUR APACHE LDAP USERNAME --> </username>
- <password> <!-- YOUR APACHE LDAP PASSWORD (encrypted) --> </password>
- </server>
- ...
- </servers>
-</settings>
-</code></pre>
+<span class="w"> </span><span class="nt"><servers></span>
+<span class="w"> </span><span class="cm"><!-- To publish a snapshot of your project --></span>
+<span class="w"> </span><span class="nt"><server></span>
+<span class="w"> </span><span class="nt"><id></span>apache.snapshots.https<span class="nt"></id></span>
+<span class="w"> </span><span class="nt"><username></span><span class="w"> </span><span class="cm"><!-- YOUR APACHE LDAP USERNAME --></span><span class="w"> </span><span class="nt"></username></span>
+<span class="w"> </span><span class="nt"><password></span><span class="w"> </span><span class="cm"><!-- YOUR APACHE LDAP PASSWORD (encrypted) --></span><span class="w"> </span><span class="nt"></password></span>
+<span class="w"> </span><span class="nt"></server></span>
+<span class="w"> </span><span class="cm"><!-- To stage a release of your project --></span>
+<span class="w"> </span><span class="nt"><server></span>
+<span class="w"> </span><span class="nt"><id></span>apache.releases.https<span class="nt"></id></span>
+<span class="w"> </span><span class="nt"><username></span><span class="w"> </span><span class="cm"><!-- YOUR APACHE LDAP USERNAME --></span><span class="w"> </span><span class="nt"></username></span>
+<span class="w"> </span><span class="nt"><password></span><span class="w"> </span><span class="cm"><!-- YOUR APACHE LDAP PASSWORD (encrypted) --></span><span class="w"> </span><span class="nt"></password></span>
+<span class="w"> </span><span class="nt"></server></span>
+<span class="w"> </span>...
+<span class="w"> </span><span class="nt"></servers></span>
+<span class="nt"></settings></span>
+</code></pre></div>
+
<h3>Test your settings</h3>
<p>Try installing locally artifacts with activation of the <code>apache-release</code> profile:</p>
<p><code>mvn clean install -Papache-release</code></p>
@@ -142,12 +144,13 @@
<li>Diff the original file <code>pom.xml</code> with the one called <code>pom.xml.tag</code> to see if the license or any other info has been removed. This has been known to happen if the starting <code><project></code> tag is not on a single line. The only things that should be different between these files are the <code><version></code> and <code><scm></code> elements. Backport any other changes you find to the original <code>pom.xml</code> file and commit it before proceeding with the release.</li>
</ol>
<h3>2. Publish a snapshot</h3>
-<pre><code>mvn deploy
-...
-[INFO] [deploy:deploy]
-[INFO] Retrieving previous build number from apache.snapshots.https
-...
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">mvn</span><span class="w"> </span><span class="n">deploy</span>
+<span class="p">...</span>
+<span class="o">[</span><span class="n">INFO</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">deploy:deploy</span><span class="o">]</span>
+<span class="o">[</span><span class="n">INFO</span><span class="o">]</span><span class="w"> </span><span class="n">Retrieving</span><span class="w"> </span><span class="n">previous</span><span class="w"> </span><span class="n">build</span><span class="w"> </span><span class="n">number</span><span class="w"> </span><span class="k">from</span><span class="w"> </span><span class="n">apache</span><span class="p">.</span><span class="n">snapshots</span><span class="p">.</span><span class="n">https</span>
+<span class="p">...</span>
+</code></pre></div>
+
<p><strong>Notes</strong></p>
<ul>
<li>If you experience an error like a <em>HTTP 401</em> during deployment, check your settings for the required server entries as outlined above.</li>
@@ -155,9 +158,10 @@
<li>Verify the deployment under the ASF <a href="https://repository.apache.org/content/repositories/snapshots/" target="_blank">Maven Snapshot repository</a>.</li>
</ul>
<h3>3. Prepare the release</h3>
-<pre><code>mvn release:clean
+<div class="highlight"><pre><span></span><code>mvn release:clean
mvn release:prepare
-</code></pre>
+</code></pre></div>
+
<p><strong>Notes</strong></p>
<ul>
<li>Don't try to publish <code>.sha256</code> or <code>.sha512</code> files; Nexus doesn't handle them.</li>
@@ -173,37 +177,39 @@
<ol>
<li>If you get an <strong>error message</strong> like this:</li>
</ol>
-<pre><code>[INFO] Unable to tag SCM
-Provider message:
-The svn tag command failed.
-Command output:
-svn: Commit failed (details follow):
-svn: File
-'/repos/asf/maven/plugins/tags/maven-eclipse-plugin-2.7/.../EclipsePlugin.java'
-already exists
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">INFO</span><span class="o">]</span><span class="w"> </span><span class="n">Unable</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">tag</span><span class="w"> </span><span class="n">SCM</span>
+<span class="n">Provider</span><span class="w"> </span><span class="nl">message</span><span class="p">:</span>
+<span class="n">The</span><span class="w"> </span><span class="n">svn</span><span class="w"> </span><span class="n">tag</span><span class="w"> </span><span class="n">command</span><span class="w"> </span><span class="n">failed</span><span class="p">.</span>
+<span class="n">Command</span><span class="w"> </span><span class="k">output</span><span class="err">:</span>
+<span class="nl">svn</span><span class="p">:</span><span class="w"> </span><span class="k">Commit</span><span class="w"> </span><span class="n">failed</span><span class="w"> </span><span class="p">(</span><span class="n">details</span><span class="w"> </span><span class="n">follow</span><span class="p">)</span><span class="err">:</span>
+<span class="nl">svn</span><span class="p">:</span><span class="w"> </span><span class="k">File</span>
+<span class="s1">'/repos/asf/maven/plugins/tags/maven-eclipse-plugin-2.7/.../EclipsePlugin.java'</span>
+<span class="n">already</span><span class="w"> </span><span class="ow">exists</span>
+</code></pre></div>
+
<p>Then use a Subversion client 1.6 or newer and run <code>svn update</code>.</p>
-<ol start="2">
+<ol>
<li>If you get an <strong>error message</strong> similar to:</li>
</ol>
-<pre><code>[ERROR] BUILD FAILURE
-[INFO]
-[INFO] Unable to tag SCM
-Provider message:
-The svn tag command failed.
-Command output:
-svn: Path
-'https://svn.apache.org/repos/asf/maven/plugins/tags/maven-eclipse-plugin-2.7'
-already exists
-</code></pre>
-<p>Delete the tag using</p>
+<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">ERROR</span><span class="o">]</span><span class="w"> </span><span class="n">BUILD</span><span class="w"> </span><span class="n">FAILURE</span>
+<span class="o">[</span><span class="n">INFO</span><span class="o">]</span>
+<span class="o">[</span><span class="n">INFO</span><span class="o">]</span><span class="w"> </span><span class="n">Unable</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">tag</span><span class="w"> </span><span class="n">SCM</span>
+<span class="n">Provider</span><span class="w"> </span><span class="nl">message</span><span class="p">:</span>
+<span class="n">The</span><span class="w"> </span><span class="n">svn</span><span class="w"> </span><span class="n">tag</span><span class="w"> </span><span class="n">command</span><span class="w"> </span><span class="n">failed</span><span class="p">.</span>
+<span class="n">Command</span><span class="w"> </span><span class="k">output</span><span class="err">:</span>
+<span class="nl">svn</span><span class="p">:</span><span class="w"> </span><span class="k">Path</span>
+<span class="s1">'https://svn.apache.org/repos/asf/maven/plugins/tags/maven-eclipse-plugin-2.7'</span>
+<span class="n">already</span><span class="w"> </span><span class="ow">exists</span>
+</code></pre></div>
+
+<p>Delete the tag using </p>
<p><code>svn del -m "re-releasing build" {svn path}</code></p>
<p>This likely occurred because you're trying to restage the release and you didn't roll back the changes that created the previous tag, or you're trying to release a version that already exists. If that is the case, you need to adjust the versions in your POM and start over.</p>
<h2>Procedures for Ant + Ivy</h2>
-<p><a href="https://ant.apache.org/" target="_blank">Apache Ant</a> is a popular command-line build tool. <a href="https://ant.apache.org/ivy/" target="_blank">Ivy</a> is a dependency manager designed to work with Ant.</p>
+<p><a href="https://ant.apache.org/" target="_blank">Apache Ant</a> is a popular command-line build tool. <a href="https://ant.apache.org/ivy/" target="_blank">Ivy</a> is a dependency manager designed to work with Ant. </p>
<h3>1 Prepare your build</h3>
<p>Usually your normal build process will create the artifacts you want to publish (typically jars), but you may need to PGP-sign them the same way you sign your normal distribution artifacts. The jars are expected to follow the naming scheme <code>artifactId-version.jar</code>.</p>
-<p>You will need a minimal POM for your jar. If you are already using Ivy, you can use the <code>makepom</code> task to create one from your <code>ivy.xml</code> file. Otherwise see the Apache Maven project's <a href="https://maven.apache.org/pom.html" target="_blank">documentation</a> for "minimal" and the Apache Compress Antlib's <a href="https://svn.apache.org/repos/asf/ant/antlibs/compress/trunk/project-template.pom" target="_blank">POM</a> for an example.</p>
+<p>You will need a minimal POM for your jar. If you are already using Ivy, you can use the <code>makepom</code> task to create one from your <code>ivy.xml</code> file. Otherwise see the Apache Maven project's <a href="https://maven.apache.org/pom.html" target="_blank">documentation</a> for "minimal" and the Apache Compress Antlib's <a href="https://svn.apache.org/repos/asf/ant/antlibs/compress/trunk/project-template.pom" target="_blank">POM</a> for an example. </p>
<p>If you are publishing multiple jars you may consider adding a parent POM to encapsulate the common information; see the Maven documentation for details. An example might be <a href="https://svn.apache.org/repos/asf/ant/core/trunk/src/etc/poms/pom.xml" target="_blank">Ant's parent POM</a>, used for the several jars that make up an Ant release.</p>
<p>Users who use your project's jars from the Maven repository rather than using your "normal" distributions will likely want additional artifacts containing the source files or javadocs matching your jars in files named <code>artifactId-version-sources.jar</code> and <code>artifactId-version-javadoc.jar</code> respectively. Don't forget to sign those jars as well if you provide them.</p>
<h3>2. Create minimal Ivy files for your project</h3>
@@ -233,7 +239,6 @@
<p>If you bungled the release or your vote failed, follow <a href="http://central.sonatype.org/pages/releasing-the-deployment.html#close-and-drop-or-release-your-staging-repository" target="_blank">these instructions</a> to drop your repo. <em>Don't forget to roll back any SCM changes</em>.</p>
<h3>Promote a repository</h3>
<p>Congratulations, your vote was successful. The last step is to <a href="http://central.sonatype.org/pages/releasing-the-deployment.html#close-and-drop-or-release-your-staging-repository" target="_blank">promote the artifacts</a> to the release repository where they will get picked up by Central.</p>
-
</div>
</div>
</div>
diff --git a/output/pypubsub.html b/output/pypubsub.html
index 432547a..d27533d 100644
--- a/output/pypubsub.html
+++ b/output/pypubsub.html
@@ -83,9 +83,9 @@
<li>Pull Requests and Issues from GitHub</li>
<li>Staging and publishing notifications sent via our <a href="https://s.apache.org/asfyaml">.asf.yaml</a> offering.</li>
</ul>
-<p>Events are delivered as JSON objects in a <a href="https://en.wikipedia.org/wiki/Chunked_transfer_encoding" target="_blank">chunked response stream</a>, with each new chunk being either an event payload or a keep-alive ping.</p>
+<p>Events are delivered as JSON objects in a <a href="https://en.wikipedia.org/wiki/Chunked_transfer_encoding" target="_blank">chunked response stream</a>, with each new chunk being either an event payload or a keep-alive ping. </p>
<h2>How to subscribe</h2>
-<p>Subscribers can pick one or multiple topics to subscribe to, with more specific subscriptions getting fewer, but more specific, event payloads. Construct subscriptions in the form of: <code>http://pubsub.apache.org:2069/topics/go/here</code>, and separate the topics you want to subscribe to with forward slashes.</p>
+<p>Subscribers can pick one or multiple topics to subscribe to, with more specific subscriptions getting fewer, but more specific, event payloads. Construct subscriptions in the form of: <code>http://pubsub.apache.org:2069/topics/go/here</code>, and separate the topics you want to subscribe to with forward slashes. </p>
<p>The service returns events that match <em>all</em> of the topics you are subscribed to.
To subscribe to multiple topic batches in an OR'ed way, you may use a comma to separate your batches of topics.</p>
<p>Some examples:</p>
@@ -108,43 +108,47 @@
<code>https://svn.apache.org/repos/private/committers/board/</code></p>
<h2>Event payload examples</h2>
<p>Pings are simple objects like this:</p>
-<pre><code class="language-json">{"stillalive": 1583973410.9620552}
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="p">{</span><span class="nt">"stillalive"</span><span class="p">:</span><span class="w"> </span><span class="mf">1583973410.9620552</span><span class="p">}</span>
+</code></pre></div>
+
<p>An example of a real event payload, in this case a git commit, could be (emails redacted in this example):</p>
-<pre><code class="language-json">{
- "commit": {
- "body": "[maven-release-plugin] prepare for next development iteration\n",
- "committer": "sblackmon <s...@apache.org>",
- "hash": "8e6f956",
- "log": "[maven-release-plugin] prepare for next development iteration",
- "repository": "git",
- "sha": "8e6f956c2eda06ca9debf21634cedcecc96293ff",
- "author": "sblackmon",
- "files": ["pom.xml", "streams-cli/pom.xml", "streams-components/pom.xml"],
- "server": "gitbox",
- "project": "streams",
- "autopublish": false,
- "date": "Wed Mar 11 19:25:06 2020 -0500",
- "committed": "Wed Mar 11 19:25:06 2020 -0500",
- "subject": "[maven-release-plugin] prepare for next development iteration",
- "ref": "refs/heads/master",
- "email": "s...@apache.org",
- "authored": "Wed Mar 11 19:25:06 2020 -0500",
- "ref_names": ""
- },
- "pubsub_topics": ["git", "streams", "commit"],
- "pubsub_path": "/git/streams/commit"
-}
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="p">{</span>
+<span class="w"> </span><span class="nt">"commit"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nt">"body"</span><span class="p">:</span><span class="w"> </span><span class="s2">"[maven-release-plugin] prepare for next development iteration\n"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"committer"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sblackmon <s...@apache.org>"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"hash"</span><span class="p">:</span><span class="w"> </span><span class="s2">"8e6f956"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"log"</span><span class="p">:</span><span class="w"> </span><span class="s2">"[maven-release-plugin] prepare for next development iteration"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"repository"</span><span class="p">:</span><span class="w"> </span><span class="s2">"git"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"sha"</span><span class="p">:</span><span class="w"> </span><span class="s2">"8e6f956c2eda06ca9debf21634cedcecc96293ff"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"author"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sblackmon"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"pom.xml"</span><span class="p">,</span><span class="w"> </span><span class="s2">"streams-cli/pom.xml"</span><span class="p">,</span><span class="w"> </span><span class="s2">"streams-components/pom.xml"</span><span class="p">],</span>
+<span class="w"> </span><span class="nt">"server"</span><span class="p">:</span><span class="w"> </span><span class="s2">"gitbox"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"project"</span><span class="p">:</span><span class="w"> </span><span class="s2">"streams"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"autopublish"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"date"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Wed Mar 11 19:25:06 2020 -0500"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"committed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Wed Mar 11 19:25:06 2020 -0500"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"subject"</span><span class="p">:</span><span class="w"> </span><span class="s2">"[maven-release-plugin] prepare for next development iteration"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"ref"</span><span class="p">:</span><span class="w"> </span><span class="s2">"refs/heads/master"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"s...@apache.org"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"authored"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Wed Mar 11 19:25:06 2020 -0500"</span><span class="p">,</span>
+<span class="w"> </span><span class="nt">"ref_names"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span>
+<span class="w"> </span><span class="p">},</span>
+<span class="w"> </span><span class="nt">"pubsub_topics"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"git"</span><span class="p">,</span><span class="w"> </span><span class="s2">"streams"</span><span class="p">,</span><span class="w"> </span><span class="s2">"commit"</span><span class="p">],</span>
+<span class="w"> </span><span class="nt">"pubsub_path"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/git/streams/commit"</span>
+<span class="p">}</span>
+</code></pre></div>
+
<p>Payloads vary depending on what they represent, so check both what sub-objects are present in the payload and the <code>pubsub_path</code> variable, which will show the full payload event path and explain which type is being sent.</p>
<h2>Try it yourself</h2>
<p>To try it out and take a look at the event stream, use <a href="https://en.wikipedia.org/wiki/CURL">cURL</a> in your terminal:</p>
-<pre><code class="language-bash">curl http://pubsub.apache.org:2069/git/commit
-</code></pre>
-<br/>
+<div class="highlight"><pre><span></span><code>curl<span class="w"> </span>http://pubsub.apache.org:2069/git/commit
+</code></pre></div>
+
+<p><br/></p>
<p>A secure version also exists on port 2070, for use with authenticated event streams:</p>
-<pre><code class="language-bash">curl https://pubsub.apache.org:2070/git/commit
-</code></pre>
+<div class="highlight"><pre><span></span><code>curl<span class="w"> </span>https://pubsub.apache.org:2070/git/commit
+</code></pre></div>
+
<p>Please note that due to limitations in our TLS terminator, payloads larger than 64kb are split into 64kb chunks on
port 2070. If you are using port 2070, you should ensure that the data you receive is terminated with a newline (\n),
or continue fetching data till you hit a chunk terminated with a newline.</p>
@@ -156,126 +160,127 @@
<h2>Using PyPubSub in programming</h2>
<h3>Using PyPubSub with Python</h3>
<p>You can listen for and react to payloads in Python using the <a href="https://pypi.org/project/asfpy/">asfpy</a> pip package:</p>
-<pre><code class="language-python">import asfpy.pubsub
+<div class="highlight"><pre><span></span><code><span class="kn">import</span> <span class="nn">asfpy.pubsub</span>
-def process_event(payload):
- print("Got an event from PyPubSub!")
- ...
+<span class="k">def</span> <span class="nf">process_event</span><span class="p">(</span><span class="n">payload</span><span class="p">):</span>
+ <span class="nb">print</span><span class="p">(</span><span class="s2">"Got an event from PyPubSub!"</span><span class="p">)</span>
+ <span class="o">...</span>
-def main():
- pubsub = asfpy.pubsub.Listener('http://pubsub.apache.org:2069/')
- pubsub.attach(process_event, raw=True)
+<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
+ <span class="n">pubsub</span> <span class="o">=</span> <span class="n">asfpy</span><span class="o">.</span><span class="n">pubsub</span><span class="o">.</span><span class="n">Listener</span><span class="p">(</span><span class="s1">'http://pubsub.apache.org:2069/'</span><span class="p">)</span>
+ <span class="n">pubsub</span><span class="o">.</span><span class="n">attach</span><span class="p">(</span><span class="n">process_event</span><span class="p">,</span> <span class="n">raw</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span>
+</code></pre></div>
-</code></pre>
<h3>Using PyPubSub with node.js</h3>
<p>This sample snippet lets you use <code>node.js</code> for listening for and processing pubsub events:</p>
-<pre><code class="language-javascript">const http = require("http");
-const https = require("https");
+<div class="highlight"><pre><span></span><code><span class="kd">const</span><span class="w"> </span><span class="nx">http</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nx">require</span><span class="p">(</span><span class="s2">"http"</span><span class="p">);</span>
+<span class="kd">const</span><span class="w"> </span><span class="nx">https</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nx">require</span><span class="p">(</span><span class="s2">"https"</span><span class="p">);</span>
-class PyPubSub {
- constructor(url) {
- this.url = url;
- this.getter = url.match(/^https/i) ? https : http;
- }
+<span class="kd">class</span><span class="w"> </span><span class="nx">PyPubSub</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="kr">constructor</span><span class="p">(</span><span class="nx">url</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="k">this</span><span class="p">.</span><span class="nx">url</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nx">url</span><span class="p">;</span>
+<span class="w"> </span><span class="k">this</span><span class="p">.</span><span class="nx">getter</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nx">url</span><span class="p">.</span><span class="nx">match</span><span class="p">(</span><span class="sr">/^https/i</span><span class="p">)</span><span class="w"> </span><span class="o">?</span><span class="w"> </span><span class="nx">https</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="nx">http</span><span class="p">;</span>
+<span class="w"> </span><span class="p">}</span>
- attach(func) {
- this.getter.get(this.url, res => {
- res.setEncoding("utf8");
- let body = '';
- res.on("data", data => {
- // Be mindful of proxies that split pubsub chunks into smaller ones,
- // only load the JSON blob once we hit a newline (\n)
- body += data;
- if (data.endsWith("\n")) {
- let payload = JSON.parse(body);
- body = '';
- func(payload);
- }
- });
- });
- }
-}
+<span class="w"> </span><span class="nx">attach</span><span class="p">(</span><span class="nx">func</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="k">this</span><span class="p">.</span><span class="nx">getter</span><span class="p">.</span><span class="nx">get</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">url</span><span class="p">,</span><span class="w"> </span><span class="nx">res</span><span class="w"> </span><span class="p">=></span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nx">res</span><span class="p">.</span><span class="nx">setEncoding</span><span class="p">(</span><span class="s2">"utf8"</span><span class="p">);</span>
+<span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="nx">body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">''</span><span class="p">;</span>
+<span class="w"> </span><span class="nx">res</span><span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="s2">"data"</span><span class="p">,</span><span class="w"> </span><span class="nx">data</span><span class="w"> </span><span class="p">=></span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="c1">// Be mindful of proxies that split pubsub chunks into smaller ones,</span>
+<span class="w"> </span><span class="c1">// only load the JSON blob once we hit a newline (\n)</span>
+<span class="w"> </span><span class="nx">body</span><span class="w"> </span><span class="o">+=</span><span class="w"> </span><span class="nx">data</span><span class="p">;</span>
+<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">endsWith</span><span class="p">(</span><span class="s2">"\n"</span><span class="p">))</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="nx">payload</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">JSON</span><span class="p">.</span><span class="nx">parse</span><span class="p">(</span><span class="nx">body</span><span class="p">);</span>
+<span class="w"> </span><span class="nx">body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">''</span><span class="p">;</span>
+<span class="w"> </span><span class="nx">func</span><span class="p">(</span><span class="nx">payload</span><span class="p">);</span>
+<span class="w"> </span><span class="p">}</span>
+<span class="w"> </span><span class="p">});</span>
+<span class="w"> </span><span class="p">});</span>
+<span class="w"> </span><span class="p">}</span>
+<span class="p">}</span>
-// Test
-function process(payload) {
- // ping-back?
- if (payload.stillalive) {
- console.log("Got a ping-back");
- // Actual payload? process it!
- } else {
- console.log("Got a payload from PyPubSub!");
- console.log(payload);
- }
-}
+<span class="c1">// Test</span>
+<span class="kd">function</span><span class="w"> </span><span class="nx">process</span><span class="p">(</span><span class="nx">payload</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="c1">// ping-back?</span>
+<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="nx">payload</span><span class="p">.</span><span class="nx">stillalive</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="s2">"Got a ping-back"</span><span class="p">);</span>
+<span class="w"> </span><span class="c1">// Actual payload? process it!</span>
+<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="p">{</span>
+<span class="w"> </span><span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="s2">"Got a payload from PyPubSub!"</span><span class="p">);</span>
+<span class="w"> </span><span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">payload</span><span class="p">);</span>
+<span class="w"> </span><span class="p">}</span>
+<span class="p">}</span>
-const pps = new PyPubSub('http://pubsub.apache.org:2069/');
-pps.attach(process);
-</code></pre>
+<span class="kd">const</span><span class="w"> </span><span class="nx">pps</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="ow">new</span><span class="w"> </span><span class="nx">PyPubSub</span><span class="p">(</span><span class="s1">'http://pubsub.apache.org:2069/'</span><span class="p">);</span>
+<span class="nx">pps</span><span class="p">.</span><span class="nx">attach</span><span class="p">(</span><span class="nx">process</span><span class="p">);</span>
+</code></pre></div>
+
<h3>Using PyPubSub with Ruby</h3>
<p>This sample lets you connect to our pubsub service via Ruby:</p>
-<pre><code class="language-ruby">require 'net/http'
-require 'json'
-require 'thread'
+<div class="highlight"><pre><span></span><code><span class="nb">require</span><span class="w"> </span><span class="s1">'net/http'</span>
+<span class="nb">require</span><span class="w"> </span><span class="s1">'json'</span>
+<span class="nb">require</span><span class="w"> </span><span class="s1">'thread'</span>
-pubsub_URL = 'https://pubsub.apache.org:2070/'
+<span class="n">pubsub_URL</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'https://pubsub.apache.org:2070/'</span>
-def do_stuff_with(event)
- print("Got a pubsub event!:\n")
- print(event)
- print("\n")
-end
+<span class="k">def</span><span class="w"> </span><span class="nf">do_stuff_with</span><span class="p">(</span><span class="n">event</span><span class="p">)</span>
+<span class="w"> </span><span class="nb">print</span><span class="p">(</span><span class="s2">"Got a pubsub event!:</span><span class="se">\n</span><span class="s2">"</span><span class="p">)</span>
+<span class="w"> </span><span class="nb">print</span><span class="p">(</span><span class="n">event</span><span class="p">)</span>
+<span class="w"> </span><span class="nb">print</span><span class="p">(</span><span class="s2">"</span><span class="se">\n</span><span class="s2">"</span><span class="p">)</span>
+<span class="k">end</span>
-def listen(url)
- ps_thread = Thread.new do
- begin
- uri = URI.parse(url)
- Net::HTTP.start(uri.host, uri.port, :use_ssl => url.match(/^https:/) ? true : false) do |http|
- request = Net::HTTP::Get.new uri.request_uri
- http.request request do |response|
- body = ''
- response.read_body do |chunk|
- body += chunk
- # All chunks are terminated with \n. Since 2070 can split events into 64kb sub-chunks
- # we wait till we have gotten a newline, before trying to parse the JSON.
- if chunk.end_with? "\n"
- event = JSON.parse(body.chomp)
- body = ''
- if event['stillalive'] # pingback
- print("ping? PONG!\n")
- else
- do_stuff_with(event)
- end
- end
- end
- end
- end
- rescue Errno::ECONNREFUSED => e
- restartable = true
- STDERR.puts e
- sleep 3
- rescue Exception => e
- STDERR.puts e
- STDERR.puts e.backtrace
- end
- end
- return ps_thread
-end
+<span class="k">def</span><span class="w"> </span><span class="nf">listen</span><span class="p">(</span><span class="n">url</span><span class="p">)</span>
+<span class="w"> </span><span class="n">ps_thread</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="no">Thread</span><span class="o">.</span><span class="n">new</span><span class="w"> </span><span class="k">do</span>
+<span class="w"> </span><span class="k">begin</span>
+<span class="w"> </span><span class="n">uri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="no">URI</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="n">url</span><span class="p">)</span>
+<span class="w"> </span><span class="no">Net</span><span class="o">::</span><span class="no">HTTP</span><span class="o">.</span><span class="n">start</span><span class="p">(</span><span class="n">uri</span><span class="o">.</span><span class="n">host</span><span class="p">,</span><span class="w"> </span><span class="n">uri</span><span class="o">.</span><span class="n">port</span><span class="p">,</span><span class="w"> </span><span class="ss">:use_ssl</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="n">url</span><span class="o">.</span><span class="n">match</span><span class="p">(</span><span class="sr">/^https:/</span><span class="p">)</span><span class="w"> </span><span class="p">?</span><span class="w"> </span><span class="kp">true</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="kp">false</span><span class="p">)</span><span class="w"> </span><span class="k">do</span><span class="w"> </span><span class="o">|</span><span class="n">http</span><span class="o">|</span>
+<span class="w"> </span><span class="n">request</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="no">Net</span><span class="o">::</span><span class="no">HTTP</span><span class="o">::</span><span class="no">Get</span><span class="o">.</span><span class="n">new</span><span class="w"> </span><span class="n">uri</span><span class="o">.</span><span class="n">request_uri</span>
+<span class="w"> </span><span class="n">http</span><span class="o">.</span><span class="n">request</span><span class="w"> </span><span class="n">request</span><span class="w"> </span><span class="k">do</span><span class="w"> </span><span class="o">|</span><span class="n">response</span><span class="o">|</span>
+<span class="w"> </span><span class="n">body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">''</span>
+<span class="w"> </span><span class="n">response</span><span class="o">.</span><span class="n">read_body</span><span class="w"> </span><span class="k">do</span><span class="w"> </span><span class="o">|</span><span class="n">chunk</span><span class="o">|</span>
+<span class="w"> </span><span class="n">body</span><span class="w"> </span><span class="o">+=</span><span class="w"> </span><span class="n">chunk</span>
+<span class="w"> </span><span class="c1"># All chunks are terminated with \n. Since 2070 can split events into 64kb sub-chunks</span>
+<span class="w"> </span><span class="c1"># we wait till we have gotten a newline, before trying to parse the JSON.</span>
+<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="n">chunk</span><span class="o">.</span><span class="n">end_with?</span><span class="w"> </span><span class="s2">"</span><span class="se">\n</span><span class="s2">"</span>
+<span class="w"> </span><span class="n">event</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="no">JSON</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="n">body</span><span class="o">.</span><span class="n">chomp</span><span class="p">)</span>
+<span class="w"> </span><span class="n">body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">''</span>
+<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="n">event</span><span class="o">[</span><span class="s1">'stillalive'</span><span class="o">]</span><span class="w"> </span><span class="c1"># pingback</span>
+<span class="w"> </span><span class="nb">print</span><span class="p">(</span><span class="s2">"ping? PONG!</span><span class="se">\n</span><span class="s2">"</span><span class="p">)</span>
+<span class="w"> </span><span class="k">else</span>
+<span class="w"> </span><span class="n">do_stuff_with</span><span class="p">(</span><span class="n">event</span><span class="p">)</span>
+<span class="w"> </span><span class="k">end</span>
+<span class="w"> </span><span class="k">end</span>
+<span class="w"> </span><span class="k">end</span>
+<span class="w"> </span><span class="k">end</span>
+<span class="w"> </span><span class="k">end</span>
+<span class="w"> </span><span class="k">rescue</span><span class="w"> </span><span class="no">Errno</span><span class="o">::</span><span class="no">ECONNREFUSED</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="n">e</span>
+<span class="w"> </span><span class="n">restartable</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kp">true</span>
+<span class="w"> </span><span class="no">STDERR</span><span class="o">.</span><span class="n">puts</span><span class="w"> </span><span class="n">e</span>
+<span class="w"> </span><span class="nb">sleep</span><span class="w"> </span><span class="mi">3</span>
+<span class="w"> </span><span class="k">rescue</span><span class="w"> </span><span class="no">Exception</span><span class="w"> </span><span class="o">=></span><span class="w"> </span><span class="n">e</span>
+<span class="w"> </span><span class="no">STDERR</span><span class="o">.</span><span class="n">puts</span><span class="w"> </span><span class="n">e</span>
+<span class="w"> </span><span class="no">STDERR</span><span class="o">.</span><span class="n">puts</span><span class="w"> </span><span class="n">e</span><span class="o">.</span><span class="n">backtrace</span>
+<span class="w"> </span><span class="k">end</span>
+<span class="w"> </span><span class="k">end</span>
+<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">ps_thread</span>
+<span class="k">end</span>
-begin
- ps_thread = listen(pubsub_URL)
- print("Pubsub thread started, waiting for results...\n")
- while ps_thread.alive?
- sleep 10
- end
-end
-</code></pre>
+<span class="k">begin</span>
+<span class="w"> </span><span class="n">ps_thread</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">listen</span><span class="p">(</span><span class="n">pubsub_URL</span><span class="p">)</span>
+<span class="w"> </span><span class="nb">print</span><span class="p">(</span><span class="s2">"Pubsub thread started, waiting for results...</span><span class="se">\n</span><span class="s2">"</span><span class="p">)</span>
+<span class="w"> </span><span class="k">while</span><span class="w"> </span><span class="n">ps_thread</span><span class="o">.</span><span class="n">alive?</span>
+<span class="w"> </span><span class="nb">sleep</span><span class="w"> </span><span class="mi">10</span>
+<span class="w"> </span><span class="k">end</span>
+<span class="k">end</span>
+</code></pre></div>
+
<h2>Want to know more? Have questions?</h2>
<p>To learn more, or just get some questions answered, please contact us at <code>users@infra.apache.org</code>, and we'll try our best to help you out.</p>
<h2>Acknowledgements</h2>
<p>PyPubSub is based on <a href="https://paul.querna.org/articles/2010/10/22/evolution-of-apaches-websites/">SvnPubSub</a>
and <a href="/gitpubsub.html">gitpubsub</a>. We wish to thank the Subversion project for building the precursor to this service.</p>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/email.html b/output/reference/committer/email.html
index c0d2ee5..958e368 100644
--- a/output/reference/committer/email.html
+++ b/output/reference/committer/email.html
@@ -74,7 +74,6 @@
Committer e-mail configuration
</h1>
<p>This information is available at <a href="https://infra.apache.org/committer-email.html">Committer email</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/git.html b/output/reference/committer/git.html
index 5f25928..05ddd36 100644
--- a/output/reference/committer/git.html
+++ b/output/reference/committer/git.html
@@ -74,7 +74,6 @@
Getting started with Git
</h1>
<p>This information is available at <a href="https://infra.apache.org/git-primer.html">Getting started with Git</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/github.html b/output/reference/committer/github.html
index 7fe8aa3..1001249 100644
--- a/output/reference/committer/github.html
+++ b/output/reference/committer/github.html
@@ -74,7 +74,6 @@
Apache and GitHub
</h1>
<p>Information about using GitHub to access Git repositories is available at <a href="https://infra.apache.org/git-primer.html">Getting started with Git</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/id.html b/output/reference/committer/id.html
index 764813c..6609107 100644
--- a/output/reference/committer/id.html
+++ b/output/reference/committer/id.html
@@ -74,7 +74,6 @@
Changing your account details (self serve)
</h1>
<p>Information on changing your Apache account details is available at <a href="https://infra.apache.org/account-mgmt.html">ASF account management</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/index.html b/output/reference/committer/index.html
index 8b522a2..94695cb 100644
--- a/output/reference/committer/index.html
+++ b/output/reference/committer/index.html
@@ -74,7 +74,7 @@
Committer Documentation
</h1>
<p>For committers (primarily)</p>
-<p>A more general list of <a href="https://infra.apache.org/services.html">services and tools</a> is available.</p>
+<p>A more general list of <a href="https://infra.apache.org/services.html">services and tools</a> is available. </p>
<ul>
<li><a href="https://infra.apache.org/infra-contact.html">Contacting Infrastructure</a></li>
<li><a href="https://infra.apache.org/committer-email.html">Committer e-mail configuration</a></li>
@@ -90,7 +90,6 @@
<li><a href="https://infra.apache.org/svngit2jira.html">Subversion and Git integration with JIRA tickets</a></li>
<li><a href="https://infra.apache.org/project-site-policy.html">Project website policy</a></li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/jenkins-docker.html b/output/reference/committer/jenkins-docker.html
index 5a01533..72865d8 100644
--- a/output/reference/committer/jenkins-docker.html
+++ b/output/reference/committer/jenkins-docker.html
@@ -74,7 +74,6 @@
Using Docker with builds.apache.org
</h1>
<p>Please see <a href="https://infra.apache.org/release-distribution.html#dockerhub">this guidance</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/newaccount.html b/output/reference/committer/newaccount.html
index 306ba68..b5c431e 100644
--- a/output/reference/committer/newaccount.html
+++ b/output/reference/committer/newaccount.html
@@ -74,7 +74,6 @@
Guide to new committers
</h1>
<p>This information is available at <a href="https://infra.apache.org/new-committers-guide.html">New committer's guide</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/opie.html b/output/reference/committer/opie.html
index 3a0badc..35f7c74 100644
--- a/output/reference/committer/opie.html
+++ b/output/reference/committer/opie.html
@@ -74,7 +74,6 @@
Using OPIE
</h1>
<p>This information is available on the <a href="https://cwiki.apache.org/confluence/display/INFRA/OPIE">Infra Wiki space</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/release.html b/output/reference/committer/release.html
index b1ab4dd..a837047 100644
--- a/output/reference/committer/release.html
+++ b/output/reference/committer/release.html
@@ -74,7 +74,6 @@
Releasing project packages
</h1>
<p>See <a href="https://infra.apache.org/release-publishing.html">Release creation process</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/start.html b/output/reference/committer/start.html
index 3e88199..f16a493 100644
--- a/output/reference/committer/start.html
+++ b/output/reference/committer/start.html
@@ -108,7 +108,6 @@
<ul>
<li><a href="https://infra.apache.org/release-distribution.html#dockerhub">Using Docker on builds.apache.org</a></li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/subversion.html b/output/reference/committer/subversion.html
index 6e22604..fff62bd 100644
--- a/output/reference/committer/subversion.html
+++ b/output/reference/committer/subversion.html
@@ -74,7 +74,6 @@
Using Subversion
</h1>
<p>See <a href="https://infra.apache.org/svn-basics.html">Subversion basics</a></p>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/svngit2jira.html b/output/reference/committer/svngit2jira.html
index 80cde29..f3cebde 100644
--- a/output/reference/committer/svngit2jira.html
+++ b/output/reference/committer/svngit2jira.html
@@ -74,7 +74,6 @@
Subversion and Git integration with JIRA tickets
</h1>
<p>See <a href="https://infra.apache.org/svngit2jira.html">Subversion and Git integration with Jira tickets</a></p>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/website-policy.html b/output/reference/committer/website-policy.html
index b793b0c..1204225 100644
--- a/output/reference/committer/website-policy.html
+++ b/output/reference/committer/website-policy.html
@@ -74,7 +74,6 @@
Web Site Guidelines
</h1>
<p>See <a href="https://infra.apache.org/project-site-policy.html">Project site policy</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/reference/committer/website.html b/output/reference/committer/website.html
index 3ab73e3..575e324 100644
--- a/output/reference/committer/website.html
+++ b/output/reference/committer/website.html
@@ -74,7 +74,6 @@
How To Manage any Apache Project's Website
</h1>
<p>See <a href="https://infra.apache.org/project-site.html">Managing your project website</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/reference/index.html b/output/reference/index.html
index 6767685..5902073 100644
--- a/output/reference/index.html
+++ b/output/reference/index.html
@@ -81,7 +81,6 @@
<ul>
<li><a href="https://cwiki.apache.org/confluence/display/INFRA/Index">Confluence Documentation for Committers and PMC members</a></li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/release-distribution.html b/output/release-distribution.html
index d9c2458..63cc911 100644
--- a/output/release-distribution.html
+++ b/output/release-distribution.html
@@ -74,8 +74,10 @@
Release Distribution Policy
</h1>
<h1 id="policy"> </h1>
+
<p>This policy governs how Apache Top Level Projects (TLPs) distribute releases of their software through the technical channels that Infra maintains, and through other distribution platforms. It complements the formal <a href="https://www.apache.org/legal/release-policy.html" target="_blank">Apache Release Policy</a>, which defines what must be in a software release; and the <a href="release-publishing.html">Release Creation Process</a> page, which describes the steps for a PMC to create a release.</p>
<h2 id="links">Contents</h2>
+
<ul>
<li><a href="#channels">Release distribution channels</a></li>
<li><a href="#dist-dir">Release distribution directory</a></li>
@@ -87,12 +89,14 @@
<li><a href="#download-links">Download links</a></li>
<li><a href="#archival">Releases are archived</a></li>
<li><a href="#maven">Using Maven for releases</a></li>
-<li><a href="#other-platforms">Other release platforms</a></li>
+ <li><a href="#other-platforms">Other release platforms</a></li>
<li><a href="#dockerhub">DockerHub and releases</a></li>
<li><a href="#administration">Policy Administration</a></li>
</ul>
+
<p><strong>Note</strong>: <a href="https://www.ietf.org/rfc/rfc2119.txt" target="_blank">RFC 2119</a> describes how to interpret <strong>must</strong>, <strong>should</strong>, <strong>should not</strong> and similar terms.</p>
<h2 id="channels">Release distribution channels<a class="headerlink" href="#channels" title="Permanent link">¶</a></h2>
+
<ul>
<li>The Apache Software Foundation's official channel for distribution of current Apache software releases to the general public is <code>downloads.apache.org/</code>. This directory provides access for current releases to the ASF content distribution network (CDN), through which most users download releases.</li>
<li>The public may also obtain Apache software from downstream channels (rpm, deb, homebrew, etc.) which redistribute our releases in original or derived form. The vast majority of such downstream channels operate independently of Apache.</li>
@@ -100,12 +104,15 @@
<li>All historical Apache releases are available from <code>archive.apache.org</code>.</li>
</ul>
<h2 id="dist-dir">Release distribution directory<a class="headerlink" href="#dist-dir" title="Permanent link">¶</a></h2>
+
<p>Every top-level project at Apache has its own public distribution directory, which is a subdirectory of <code>downloads.apache.org/</code>. Each PMC is responsible for all artifacts within their project's distribution directory.</p>
<p>Apache Incubator podlings cannot create official ASF releases; see the <a href="http://incubator.apache.org/guides/releasemanagement.html" target="_blank">Incubator documentation</a> for details and discussion.</p>
<h2 id="release-content">Release content<a class="headerlink" href="#release-content" title="Permanent link">¶</a></h2>
+
<p>The <a href="http://www.apache.org/dev/release#what" target="_blank">Apache Release Policy</a> governs the content of official Apache releases and the process by which projects create valid releases.</p>
<p>The Policy specifies that TLPs may distribute binary packages, provided by the project or third parties which meet certain criteria, may be distributed alongside official source packages. Such packages are sometimes referred to as "convenience binaries" or "PMC-approved artifacts", to distinguish them from other binary packages.</p>
<h2 id="public-distribution">Public distribution channels<a class="headerlink" href="#public-distribution" title="Permanent link">¶</a></h2>
+
<p>Projects <strong>must</strong> upload all official releases to the official distribution channel, <code>downloads.apache.org/</code>. Content suitable for the official distribution channel includes:</p>
<ul>
<li>Official releases</li>
@@ -116,6 +123,7 @@
</ul>
<p>If an Apache PMC wishes to publish additional materials through the official distribution channel and there is any question about the suitability of the materials, the PMC <strong>must</strong> consult with the ASF Board before publishing.</p>
<h2 id="unreleased">Distribution of unreleased materials<a class="headerlink" href="#unreleased" title="Permanent link">¶</a></h2>
+
<p>Unreleased materials, in original or derived form,</p>
<ul>
<li><strong>may</strong> be distributed to consenting members of a project's development community</li>
@@ -124,8 +132,10 @@
<li><strong>must not</strong> be distributed through channels which encourage use by anyone outside the project development community</li>
</ul>
<h2 id="heads-up">Notify Infra before uploading large artifacts<a class="headerlink" href="#heads-up" title="Permanent link">¶</a></h2>
+
<p>Projects <strong>must</strong> coordinate with Infra in advance about releases larger than 1GB of artifacts to mitigate strain on content distribution resources.</p>
<h2 id="sigs-and-sums">Requirements for cryptographic signatures and checksums<a class="headerlink" href="#sigs-and-sums" title="Permanent link">¶</a></h2>
+
<p>See the <a href="/release-signing.html" target="_blank">release signing</a> page.</p>
<p>For every artifact distributed to the public through Apache channels, the PMC</p>
<ul>
@@ -162,11 +172,11 @@
<li>You <strong>must</strong> revoke and replace compromised signing keys immediately.</li>
</ul>
<h2 id="download-links">Download links<a class="headerlink" href="#download-links" title="Permanent link">¶</a></h2>
+
<ul>
<li>Website documentation for any Apache product <strong>must</strong> provide public download links where interested parties may obtain current official source releases and accompanying cryptographic files.</li>
<li>Links to artifacts <strong>must not</strong> reference the main Apache web site. They <strong>must</strong> use the <a href="release-download-pages.html">standard procedure</a> to make downloads available through the content distribution system.</li>
-<li>All links to checksums, detached signatures and public keys for current releases <strong>must</strong> reference <code>downloads.apache.org/</code> using <code>https://</code>.
-<ul>
+<li>All links to checksums, detached signatures and public keys for current releases <strong>must</strong> reference <code>downloads.apache.org/</code> using <code>https://</code>. <ul>
<li>Legacy links to <code>https://[www.]apache.org/dist/...</code> still work, but new links should use <code>downloads.apache.org</code>.</li>
<li>Older release checksums are on <code>archive.apache.org</code>, and you <strong>may</strong> also link to them.</li>
</ul>
@@ -174,22 +184,26 @@
<li>All releases, including old releases, are archived automatically. You <strong>may</strong> link from your PMC's download page to archived older releases for community convenience.</li>
</ul>
<h2 id="archival">Releases are archived<a class="headerlink" href="#archival" title="Permanent link">¶</a></h2>
+
<ul>
<li>All releases are archived automatically on <code>archive.apache.org</code>. This automated process generally adds releases to the archive about a day after they first appear on <code>downloads.apache.org/</code>.</li>
<li>Each project's distribution directory <strong>should</strong> contain the latest release in each branch that is currently under development. When development ceases on a version branch, the PMC <strong>should</strong> remove links to releases of that branch from their download directory.</li>
</ul>
<h2 id="maven">Using Maven for releases<a class="headerlink" href="#maven" title="Permanent link">¶</a></h2>
+
<p>Infra operates an Apache Maven repository manager at <code>repository.apache.org</code>. Projects <strong>may</strong> use the repository system as a downstream channel to redistribute released materials via Maven Central, and <strong>may</strong> use it to distribute snapshots containing unreleased materials directly to consenting members of a project development community.</p>
<p>Projects <strong>must not</strong> point or refer to <code>repository.apache.org</code> directly in download pages, release announcements or emails. Instead, any public download links for those releases <strong>should</strong> point to Maven Central.</p>
<p>Read more about <a href="publishing-maven-artifacts.html">Maven releases for Apache projects</a>.</p>
<h2 id="other-platforms">Other release platforms<a class="headerlink" href="#other-platforms" title="Permanent link">¶</a></h2>
+
<p>The ASF manages a number of distribution platforms that projects are welcome to use. Projects can distribute PMC-approved artifacts on ASF managed distribution platforms and other distribution platforms as long as those binaries comply with ASF release, licensing, branding and trademark policies. Currently, ASF managed platforms include <a href="https://github.com/apache" target="_blank">GitHub</a> and <a href="https://hub.docker.com/u/apache" target="_blank">Docker</a>.</p>
<h2 id="dockerhub">Docker Hub and releases<a class="headerlink" href="#dockerhub" title="Permanent link">¶</a></h2>
+
<p>The ASF only supports two modes of operation on Docker Hub: automated builds based on tags, and some more generalized access (see notes in the Jira ticket INFRA-14586.) Note that Docker Hub is <strong>not</strong> an approved release channel for ASF artifacts. Anything you do on Docker Hub requires the description and supporting documentation to be clear that these are <em>convenience releases</em>, not official distribution artifacts.</p>
<p>See the <a href="docker-hub-policy.html">Docker Hub policy</a> for further information.</p>
<h2 id="administration">Policy administration<a class="headerlink" href="#administration" title="Permanent link">¶</a></h2>
-<p>This policy is <strong>required</strong> for all Apache projects. The <a href="https://whimsy.apache.org/foundation/orgchart/vp-infrastructure" target="_blank">V.P. of Apache Infrastructure</a> <strong>must</strong> approve changes to this policy.</p>
+<p>This policy is <strong>required</strong> for all Apache projects. The <a href="https://whimsy.apache.org/foundation/orgchart/vp-infrastructure" target="_blank">V.P. of Apache Infrastructure</a> <strong>must</strong> approve changes to this policy.</p>
</div>
</div>
</div>
diff --git a/output/release-download-pages.html b/output/release-download-pages.html
index 2263390..8cdb2e8 100644
--- a/output/release-download-pages.html
+++ b/output/release-download-pages.html
@@ -88,7 +88,9 @@
<li><a href="#stats">Download statistics</a></li>
<li><a href="#questions">Questions?</a></li>
</ul>
+
<h2 id="links">Download links<a class="headerlink" href="#links" title="Permanent link">¶</a></h2>
+
<ul>
<li>Your project's download page can only link to release artifacts that your PMC has approved.</li>
<li>Do not link directly to <code>dist.apache.org</code>.</li>
@@ -99,16 +101,18 @@
<li>Remove all official pre-releases (e.g. milestones, alphas, betas) in a timely fashion once the project releases the final or GA version.</li>
</ul>
<h2 id="download-page">Your Apache project's download page<a class="headerlink" href="#download-page" title="Permanent link">¶</a></h2>
+
<p>Your Apache project's download page:</p>
<ul>
<li><strong>must</strong> have at least one link to the current release. This link <strong>must</strong> use the <code>closer.lua</code> utility. For example: <code>https://www.apache.org/dyn/closer.lua/PROJECT/VERSION/SOURCE-RELEASE</code>. (Note: the <code>mirrors.cgi</code> and <code>closer.cgi</code> scripts have been deprecated. Calls to them redirect to <code>closer.lua</code>.)</li>
<li><strong>must</strong> have a link to the checksum for the current release. These links <strong>must</strong> use direct links to the Apache distribution server. For example: <code>https://downloads.apache.org/PROJECT/VERSION/CHECKSUM</code>.</li>
<li><strong>must</strong> have a link to the KEYS file for your project on the Apache distribution server. For example: <code>https://downloads.apache.org/PROJECT/KEYS</code>.</li>
-<li><strong>must</strong> have a link to the signature file for each release. See see the <a href="release-signing.html">release signing</a> page for more information.</li>
+<li><strong>must</strong> have a link to the signature file for each release. See see the <a href="release-signing.html">release signing</a> page for more information. </li>
<li><strong>should</strong> have instructions on how to verify downloads. For this you can include a link to the <a href="https://www.apache.org/info/verification.html" target="_blank">Apache documentation on verification</a>.</li>
<li><strong>must not</strong> include a download link to the top-level <code>closer.lua</code> utility (e.g. <code>http://www.apache.org/dyn/closer.lua/PROJECT</code>).</li>
</ul>
<h3 id="current-and-older-releases">Current and older releases<a class="headerlink" href="#current-and-older-releases" title="Permanent link">¶</a></h3>
+
<ul>
<li>
<p>Do <strong>not</strong> keep software distributions on your project's website. Move them to one of the two software distribution sites:</p>
@@ -117,13 +121,14 @@
<p><strong>Current public releases</strong> appear on <code>downloads.apache.org/</code>. Place current, official releases that the PMC has approved for end-users on the main public release site. Make all changes at <a href="https://dist.apache.org/repos/dist/release/" target="_blank"><code>https://dist.apache.org/repos/dist/release/</code></a>.</p>
</li>
<li>
-<p><strong>Older releases</strong> that you no longer recommend to the general public still appear on <code>archive.apache.org/dist/</code>. This site automatically contains all the content that has ever appeared on <code>downloads.apache.org/</code>. It is rarely necessary to touch this site, except during a reorganization. Once your project no longer recommends public use of a particular release, delete it from <code>downloads.apache.org/dist/</code> by removing it from <a href="https://dist.apache.org/repos/dist/release/" target="_blank"><a href="https://dist.apache.org/repos/dist/release/">https://dist.apache.org/repos/dist/release/</a></a>, and removing the link to it from your download page. It remain on the archive site.</p>
+<p><strong>Older releases</strong> that you no longer recommend to the general public still appear on <code>archive.apache.org/dist/</code>. This site automatically contains all the content that has ever appeared on <code>downloads.apache.org/</code>. It is rarely necessary to touch this site, except during a reorganization. Once your project no longer recommends public use of a particular release, delete it from <code>downloads.apache.org/dist/</code> by removing it from <a href="https://dist.apache.org/repos/dist/release/" target="_blank">https://dist.apache.org/repos/dist/release/</a>, and removing the link to it from your download page. It remain on the archive site.</p>
</li>
</ul>
<p>To remove an old release from the release area, use a command of the form:</p>
<p><code>svn del -m"Archiving release m.n" https://dist.apache.org/repos/dist/release/<project>/etc/m.n</code></p>
<p>You can use this for release directories or individual files (if multiple releases are present in a single directory).</p>
<h2 id="download-scripts">Using the closer.lua download script<a class="headerlink" href="#download-scripts" title="Permanent link">¶</a></h2>
+
<p>Apache project download pages <strong>must</strong> use a closer.lua script. You'll find below a standard mechanism to let you easily create scripts that comply with the ASF distribution policy.</p>
<p>There are two options:</p>
<ul>
@@ -131,7 +136,8 @@
<li>A <a href="#custom">project-specific script</a>, which in the end calls <code>closer.lua</code> integrated with a page created in the normal way for the project and uses the project's standard document look and feel. This option takes more time to set up.</li>
</ul>
<h3 id="closer">Generic closer.lua download script<a class="headerlink" href="#closer" title="Permanent link">¶</a></h3>
-<p>The starting point for using the generic <code>closer.lua</code> script is a download page in your project's standard documentation which describes the releases. To use the generic script:</p>
+
+<p>The starting point for using the generic <code>closer.lua</code> script is a download page in your project's standard documentation which describes the releases. To use the generic script: </p>
<ul>
<li>Alter the page so the download link points to <code>closer.lua</code>.</li>
<li>Pass in the relative path from the distribution root to the artifact as a parameter.</li>
@@ -141,6 +147,7 @@
<p><code>http://www.apache.org/dyn/closer.lua/bar/foo/foo-5.5.1.zip?action=download</code></p>
<p><strong>Note</strong>: there is some information which every project should include on the download page (e.g. KEYS and signatures). Please read about <a href="#best_practice">best practices</a> for download pages.</p>
<h3 id="custom">Project-specific download script<a class="headerlink" href="#custom" title="Permanent link">¶</a></h3>
+
<p>To use a project-specific download script, create a project page containing information for the user about the release to download, together with variables the script populates with the appropriate values.</p>
<p>Assuming you have called your download page <code>download.html</code>, you can invoke our global download script by using the URI <code>download.cgi</code>.</p>
<p>This URI takes the path to the page as an input and passes it to <code>closer.lua</code>. When you link to the project page (for example, from the rest of the project documentation), it is important to target these links at the script address (and not the html page address).</p>
@@ -154,35 +161,42 @@
<p>For example, for artifact <code>foo-1.0.0.tar.gz</code> contained in <code>bar/foo</code>, use <code>[preferred]/bar/foo/foo-1.0.0.tar.gz</code></p>
<p>Provide links to the checksum and signature for the artifact next to the download link. It is important that users check the sum and verify the signature, so these links should be close and clear.</p>
<p>For example, for artifact foo-1.0.0.tar.gz contained in bar/foo :</p>
-<pre><code>`<a href="[preferred]/bar/foo/foo-1.0.0.tar.gz">zip</a>`
-`<a href='https://downloads.apache.org/bar/foo/foo-1.0.0.tar.gz.asc'>PGP</a>`
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="err">`</span><span class="o"><</span><span class="n">a</span><span class="w"> </span><span class="n">href</span><span class="o">=</span><span class="ss">"[preferred]/bar/foo/foo-1.0.0.tar.gz"</span><span class="o">></span><span class="n">zip</span><span class="o"></</span><span class="n">a</span><span class="o">></span><span class="err">`</span>
+<span class="err">`</span><span class="o"><</span><span class="n">a</span><span class="w"> </span><span class="n">href</span><span class="o">=</span><span class="s1">'https://downloads.apache.org/bar/foo/foo-1.0.0.tar.gz.asc'</span><span class="o">></span><span class="n">PGP</span><span class="o"></</span><span class="n">a</span><span class="o">></span><span class="err">`</span>
+</code></pre></div>
+
<p>More advice on creating a good project page is <a href="#best_practice">below</a>.</p>
<p>All that remains is to wait for the main website to sync with the new page.</p>
<h2 id="best_practice">Best practices<a class="headerlink" href="#best_practice" title="Permanent link">¶</a></h2>
+
<h3 id="remind-users">Remind users to check sums and signatures</h3>
+
<p>It is important that users understand that they should always verify the check sums and (if possible) the OpenPGP compatible signature of each file they download. The content of the release download page plays a critical role in this education process.</p>
<p>Provide clear and easy links to the KEYS, sums and signatures from the download release page or include the information directly in the page itself. The <a href="https://httpd.apache.org/download.cgi" target="_blank">HTTPD page</a> is a good example.</p>
<p>Include a reminder text with links to more information for users. For example:</p>
-<pre><code>Note: when downloading, please check the
-<a href="https://infra.apache.org/release-signing.html#sha-checksum" target="_blank">sha checksum</a>
-and verify the
-<a href="https://www.infra.apache.org/release-signing#openpgp" target="_blank">OpenPGP compatible signature</a>
-from the <a href="https://www.apache.org" target="_blank">main Apache site</a>.
-Links are provided above (next to the release download link).
-This <a href="https://downloads.apache.org/ws/axis2/KEYS" target="_blank">KEYS file</a>
-contains the public keys used for signing release. We recommend that you use a web of trust, if possible, to confirm the identity of these keys.
-For more information, please see the <a href="https://www.apache.org/dev/release.html" target="_blank">Apache Release FAQ</a>.
-</code></pre>
+<div class="highlight"><pre><span></span><code>Note:<span class="w"> </span>when<span class="w"> </span>downloading,<span class="w"> </span>please<span class="w"> </span>check<span class="w"> </span>the
+<span class="nt"><a</span><span class="w"> </span><span class="na">href=</span><span class="s">"https://infra.apache.org/release-signing.html#sha-checksum"</span><span class="w"> </span><span class="na">target=</span><span class="s">"_blank"</span><span class="nt">></span>sha<span class="w"> </span>checksum<span class="nt"></a></span>
+and<span class="w"> </span>verify<span class="w"> </span>the<span class="w"> </span>
+<span class="nt"><a</span><span class="w"> </span><span class="na">href=</span><span class="s">"https://www.infra.apache.org/release-signing#openpgp"</span><span class="w"> </span><span class="na">target=</span><span class="s">"_blank"</span><span class="nt">></span>OpenPGP<span class="w"> </span>compatible<span class="w"> </span>signature<span class="nt"></a></span><span class="w"> </span>
+from<span class="w"> </span>the<span class="w"> </span><span class="nt"><a</span><span class="w"> </span><span class="na">href=</span><span class="s">"https://www.apache.org"</span><span class="w"> </span><span class="na">target=</span><span class="s">"_blank"</span><span class="nt">></span>main<span class="w"> </span>Apache<span class="w"> </span>site<span class="nt"></a></span>.<span class="w"> </span>
+Links<span class="w"> </span>are<span class="w"> </span>provided<span class="w"> </span>above<span class="w"> </span>(next<span class="w"> </span>to<span class="w"> </span>the<span class="w"> </span>release<span class="w"> </span>download<span class="w"> </span>link).
+This<span class="w"> </span><span class="nt"><a</span><span class="w"> </span><span class="na">href=</span><span class="s">"https://downloads.apache.org/ws/axis2/KEYS"</span><span class="w"> </span><span class="na">target=</span><span class="s">"_blank"</span><span class="nt">></span>KEYS<span class="w"> </span>file<span class="nt"></a></span><span class="w"> </span>
+contains<span class="w"> </span>the<span class="w"> </span>public<span class="w"> </span>keys<span class="w"> </span>used<span class="w"> </span>for<span class="w"> </span>signing<span class="w"> </span>release.<span class="w"> </span>We<span class="w"> </span>recommend<span class="w"> </span>that<span class="w"> </span>you<span class="w"> </span>use<span class="w"> </span>a<span class="w"> </span>web<span class="w"> </span>of<span class="w"> </span>trust,<span class="w"> </span>if<span class="w"> </span>possible,<span class="w"> </span>to<span class="w"> </span>confirm<span class="w"> </span>the<span class="w"> </span>identity<span class="w"> </span>of<span class="w"> </span>these<span class="w"> </span>keys.
+For<span class="w"> </span>more<span class="w"> </span>information,<span class="w"> </span>please<span class="w"> </span>see<span class="w"> </span>the<span class="w"> </span><span class="nt"><a</span><span class="w"> </span><span class="na">href=</span><span class="s">"https://www.apache.org/dev/release.html"</span><span class="w"> </span><span class="na">target=</span><span class="s">"_blank"</span><span class="nt">></span>Apache<span class="w"> </span>Release<span class="w"> </span>FAQ<span class="nt"></a></span>.
+</code></pre></div>
+
<h3 id="linked-urls">Make sure the browser displays linked URLs<a class="headerlink" href="#linked-urls" title="Permanent link">¶</a></h3>
+
<p>Users need to be able to verify the origin of the artifacts, signatures and sums they download. Check that the stylesheets your download site uses do not obscure the linked URLs. It is best to use a simple, plain style for download links. Note that some of the Maven-style sheets may obscure some external links in some browsers.</p>
<h3 id="less-than-24hr">Timing your release announcement<a class="headerlink" href="#less-than-24hr" title="Permanent link">¶</a></h3>
+
<p>Your release will be available almost immediately after you upload it to <code>https://downloads.apache.org/</code>, please refer to this <a href="release-publishing.html#timeline">release distribution timeline</a> document for details.</p>
<h2 id="stats">Download statistics<a class="headerlink" href="#stats" title="Permanent link">¶</a></h2>
+
<p>You can review downloads of your project's releases by day, week, month or quarter at our <a href="https://logs.apache.org/stats/">download statistics site</a>. Only project committers can access the page, but they can view download statistics for any Apache project.</p>
<h2 id="questions">Questions?<a class="headerlink" href="#questions" title="Permanent link">¶</a></h2>
-<p>If you need assistance in implementing this policy, contact the <code>users@infra.apache.org</code> mailing list.</p>
+<p>If you need assistance in implementing this policy, contact the <code>users@infra.apache.org</code> mailing list.</p>
</div>
</div>
</div>
diff --git a/output/release-integrity-primer.html b/output/release-integrity-primer.html
index a94afbe..08b8c96 100644
--- a/output/release-integrity-primer.html
+++ b/output/release-integrity-primer.html
@@ -102,30 +102,29 @@
<tr>
<td><code>CHK04</code></td>
<td>The signature used for signing expired before signing the file</td>
-<td><ul><li>It’s possible the expiry has been changed. Make sure the <a href="https://infra.apache.org/release-signing.html#key-basics"><code>KEYS</code></a> file is updated.</li><li>If the key has really expired treat the file as if it has no signature (<code>CHK05</code>).</li></ul></td>
+<td><ul><li>It’s possible the expiry has been changed. Make sure the <a href="https://infra.apache.org/release-signing.html#key-basics"><code>KEYS</code></a> file is updated.</li><li>If the key has really expired treat the file as if it has no signature (<code>CHK05</code>).</td>
</tr>
<tr>
<td><code>CHK05</code></td>
<td>No (or invalid) signature found for the release artifact</td>
-<td>Check: <ul><li>Is there a signature file for this artifact?:<ul><li>If the signature is valid but has the wrong file name or extension, rename it to the appropriate .asc file name.</li><li>If the signature is invalid, see <a href="#invalid-sig">handling invalid or missing signatures</a>.</li></ul></li><li>If there is no signature file at all, see <a href="#invalid-sig">handling invalid or missing signatures</a>.</li></ul></td>
+<td>Check: <ul><li>Is there a signature file for this artifact?:<ul><li>If the signature is valid but has the wrong file name or extension, rename it to the appropriate .asc file name.</li><li>If the signature is invalid, see <a href="#invalid-sig">handling invalid or missing signatures</a>.</li></ul></li><li>If there is no signature file at all, see <a href="#invalid-sig">handling invalid or missing signatures</a>.</td>
</tr>
<tr>
<td><code>CHK06</code></td>
<td>Checksum mismatch</td>
<td>Try to spot what the problem was (why are you generating the wrong checksum?): <ul><li>If the file has a valid signature (no <code>CHK04</code> or <code>CHK05</code> errors for this file), generate a <a href="https://infra.apache.org/release-signing.html#sha-checksum">conforming checksum</a>, add it, and remove the broken one.</li><li>Otherwise: treat as if <code>CHK05</code>.</li></ul></td>
-</tr></tbody></table>
+</tr>
+</tbody>
+</table>
<h2><a id="invalid-sig">Handling invalid or missing signatures</a></h2>
-<p>In case of an invalid or missing signature for a release artifact, the project MUST choose one of the following actions:</p>
-<ul>
-<li>Remove the artifact(s)</li>
-<li>Re-assert that the artifact is valid, sign and upload the correct .asc signature file (and fix any missing/invalid checksum files)</li>
-</ul>
-<p>In either case, the project MUST inform the ASF Infrastructure and Security Team
-at <code>private@infra.apache.org</code> and <code>security@apache.org</code> of their action, with clear evidence that the action
-has been discussed and agreed upon (a link to a lists.apache.org thread will suffice).</p>
-<p>If you have questions about the error reports, this page, or our release distribution polices in general,
+<p>In case of an invalid or missing signature for a release artifact, the project MUST choose one of the following actions:
+ - Remove the artifact(s)
+ - Re-assert that the artifact is valid, sign and upload the correct .asc signature file (and fix any missing/invalid checksum files)</p>
+<p>In either case, the project MUST inform the ASF Infrastructure and Security Team
+ at <code>private@infra.apache.org</code> and <code>security@apache.org</code> of their action, with clear evidence that the action
+ has been discussed and agreed upon (a link to a lists.apache.org thread will suffice).</p>
+<p>If you have questions about the error reports, this page, or our release distribution polices in general,
feel free to reach out to us at <code>users@infra.apache.org</code>.</p>
-
</div>
</div>
</div>
diff --git a/output/release-publishing.html b/output/release-publishing.html
index 14c209d..886ced8 100644
--- a/output/release-publishing.html
+++ b/output/release-publishing.html
@@ -82,8 +82,7 @@
<li><a href="#valid">A valid release package</a></li>
<li><a href="#signing">Signing release artifacts</a></li>
<li><a href="#voting">Voting whether to approve the release</a></li>
-<li><a href="#distribution">Distribution</a>
-<ul>
+<li><a href="#distribution">Distribution</a><ul>
<li><a href="#uploading">Uploading packages</a></li>
<li><a href="#normal">Normal distribution on the Apache downloads site</a></li>
<li><a href="#tomaven">Maven distribution</a></li>
@@ -93,6 +92,7 @@
<li><a href="#faqs">FAQs</a></li>
</ul>
<h2 id="definition">An Apache release<a class="headerlink" href="#definition" title="Permanent link">¶</a></h2>
+
<p>An Apache release is a set of <strong>valid</strong>, <strong>signed</strong>, artifacts, <strong>voted on</strong> by the appropriate PMC and <strong>distributed</strong> on the official ASF release infrastructure. See below for discussion of the words in bold, all of which are essential.</p>
<p>To make a release, an Apache project:</p>
<ol>
@@ -104,21 +104,26 @@
</ol>
<p>A release starts when the project community agrees to make a release. However, no release manager can make a valid release unless the community has taken the necessary steps. The source code and build process must comply with the ASF legal and intellectual property requirements for a valid release, and the project must have the infrastructure in place to correctly <strong>sign</strong> the release artifacts (see below).</p>
<h2 id="releasemanager">The release manager<a class="headerlink" href="#releasemanager" title="Permanent link">¶</a></h2>
+
<p>Most projects designate a committer to be the <em>release manager</em> who takes responsibility for the mechanics of a release. It is a good idea to let several committers take this role on different releases so that more than one person is comfortable doing a release. Release managers shepherd a release from an initial community consensus to getting the compiled code package to final distribution, and may be involved in publicizing the release to the project's community and the ASF in general.</p>
<p>Unless otherwise specified, only PMC members can act as release managers. If your project wishes to allow normal committers to release files, please <a href="contact.html">contact infrastructure</a> with your request.</p>
<p>Release managers do the mechanical work; but the PMC in general, and the PMC chair in particular (as an officer of the Foundation), are responsible for compliance with ASF requirements.</p>
<p>Any committer may serve as release manager.</p>
<h2 id="valid">A valid release package<a class="headerlink" href="#valid" title="Permanent link">¶</a></h2>
+
<p>The Apache Software Foundation exists to create open source software, so the fundamental requirement for a release is that it has the necessary source code to build the project. A project may provide compiled binaries of each release for the convenience of users.</p>
<p>All project source code must be covered by the <a href="https://www.apache.org/licenses/LICENSE-2.0" target="_blank">Apache License, version 2.0</a>. The license or appropriate boilerplate text must be included in each source file. For the license to be valid, the code must have been contributed by an individual covered by an appropriate <a href="https://www.apache.org/licenses/contributor-agreements.html" target="_blank">contributor license agreement</a>, or have otherwise been licensed to the Foundation and passed through IP clearance. See <a href="https://www.apache.org/legal/release-policy.html" target="_blank">this page</a> for details on release requirements. When in doubt, contact the Foundation's Legal resources by filing a Jira ticket under the 'LEGAL' project. The Apache <a href="https://creadur.apache.org/rat/" target="_blank">Release Audit Tool (RAT)</a> can help you verify that your proposed release complies with the requirements.</p>
<p>Many projects have dependencies on non-Apache components. For an Apache release to be valid, it can only depend on non-Apache components that have compatible licenses. For more information on third party licenses allowed, see the <a href="https://www.apache.org/legal/resolved.html" target="_blank">ASF Third Party License Policy</a>.</p>
<h2 id="signing">Signing release artifacts<a class="headerlink" href="#signing" title="Permanent link">¶</a></h2>
+
<p>The files that make up an Apache release always are accompanied by cryptographic signatures. This allows users to ensure that the files have not been tampered with since they were created. The mechanics of signing depend on the project's build technology. Infra strongly recommends that projects set up automated infrastructure to sign the files to simplify the work. Generally, projects set up their build system so that the same process that creates the files for a release also signs them.</p>
<p>The process of setting up to sign the code is somewhat complicated, and is described on the <a href="release-signing.html">release signing</a> page. If you plan to serve as a release manager, you should generate a key and publish it well in advance of creating a release.</p>
<p><strong>Note</strong> while your project can create and review as many release candidates as it wishes, and can use any automated build process that makes it easier and more reliable to create them, the project cannot publish any release candidate as an official release until it is approved by the voting process described below, and signed by a legal person. The ASF has <strong>not</strong> authorized a completely-automated process for both building and releasing artifacts that does not involve review and approval by the project's PMC and the signature of a human in the release artifact bundle.</p>
<h2 id="voting">Voting whether to approve the release<a class="headerlink" href="#voting" title="Permanent link">¶</a></h2>
+
<p>A binding release vote of the PMC is the critical gating step in the release process. Without such a vote, the release is just a set of files prepared by an individual. After such a vote, it is a formal offering of the ASF, backed by the "full faith and credit" of the Foundation.</p>
<h2 id="distribution">Distribution<a class="headerlink" href="#distribution" title="Permanent link">¶</a></h2>
+
<p>The Apache infrastructure <em>must</em> be the primary source for all artifacts officially released by the ASF.</p>
<p>Infra maintains the Apache release distribution infrastructure, which has three parts:</p>
<ul>
@@ -127,12 +132,14 @@
<li>Maven repository on <code>repository.apache.org</code></li>
</ul>
<h3 id="uploading">Uploading packages<a class="headerlink" href="#uploading" title="Permanent link">¶</a></h3>
+
<ul>
<li>Upload development packages and snapshots to <code>https://dist.apache.org/repos/dist/dev/$project/</code></li>
<li>Upload release packages to <code>https://dist.apache.org/repos/dist/release/$project/</code>. If your project uses a Subersion repository, you can use <code>svn mv</code> from the <code>dev</code> folder.</li>
<li>Incubator projects can find their dev/release folder inside their incubator directory.</li>
</ul>
<h3 id="normal">Normal distribution on the Apache downloads site<a class="headerlink" href="#normal" title="Permanent link">¶</a></h3>
+
<p>See the <a href="release-distribution.html">Release Distribution Policy</a> for specific technical requirements.</p>
<p>Each Apache TLP has a <code>release/TLP-name</code> directory in the distribution Subversion repository at <code>https://dist.apache.org/repos/dist/</code>. Once a release vote passes, the release manager adds the release artifacts (plus signature and hash files) to this location. Each project is responsible for the structure of its directory. <a href="pypubsub.html">PyPubSub</a> pushes the contents of these directories to <code>http://downloads.apache.org/</code>. <strong>Note</strong> only store the most recent version of each supported release here.</p>
<ul>
@@ -148,12 +155,8 @@
</ul>
<p><code>*.md5 *.sha *.sha1 *.sha256 *.sha512 *.asc *.sig KEYS *.mds MD5SUM SHA*SUM</code></p>
<ul>
-<li>
-<p><strong>Do not</strong> publish <code>.md5</code> files because MD5 is broken.</p>
-</li>
-<li>
-<p><strong>Do not</strong> publish <code>.sig</code> files. Make sure your <code>.asc</code>s are plain-text files.</p>
-</li>
+<li><strong>Do not</strong> publish <code>.md5</code> files because MD5 is broken.</li>
+<li><strong>Do not</strong> publish <code>.sig</code> files. Make sure your <code>.asc</code>s are plain-text files.</li>
<li>
<p>The download page should use <code>HTTPS:</code> rather than plain <code>HTTP:</code> for linking to KEYS, sigs and hashes (for example: <code>https://downloads.apache.org/httpd/KEYS</code>).</p>
</li>
@@ -164,17 +167,19 @@
<p>If the release directory does not yet exist, please create a Jira ticket for INFRA with the required information (see the <a href="contact.html">contact</a> page).</p>
<p><strong>Note</strong>: By default, only PMC/PPMC members have write access to the <code>dist/release</code> directories. The <code>dist/dev</code> directories by default allow write access by committers.</p>
<h3 id="tomaven">Maven distribution<a class="headerlink" href="#tomaven" title="Permanent link">¶</a></h3>
+
<p>See <a href="publishing-maven-artifacts.html">Publishing Maven releases</a>.</p>
<h2 id="timeline">Release distribution availability schedule<a class="headerlink" href="#timeline" title="Permanent link">¶</a></h2>
-<p>Releases pushed to the <code>dist/release</code> subversion directory will be available for download almost immediately after the push/move operation has completed,
-though the exact speed depends on the size of the artifact(s) that have been uploaded. Generally speaking, releases should be available on
+
+<p>Releases pushed to the <code>dist/release</code> subversion directory will be available for download almost immediately after the push/move operation has completed,
+though the exact speed depends on the size of the artifact(s) that have been uploaded. Generally speaking, releases should be available on
<a href="https://downloads.apache.org/">downloads.apache.org</a> within 15 minutes of publishing them to <code>dist/release</code>.</p>
-<p>Our global content delivery network (CDN) at <a href="https://dlcdn.apache.org/">dlcdn.apache.org</a> will have files available for download within
-seconds of them appearing on downloads.apache.org. However, due to our current caching algorithms, they may not appear in the raw directory listings
-for up to two hours even though the files are present on the service. We are currently working on ways to improve this experience, and will
+<p>Our global content delivery network (CDN) at <a href="https://dlcdn.apache.org/">dlcdn.apache.org</a> will have files available for download within
+seconds of them appearing on downloads.apache.org. However, due to our current caching algorithms, they may not appear in the raw directory listings
+for up to two hours even though the files are present on the service. We are currently working on ways to improve this experience, and will
update this page when/if the process has changed.</p>
-<p>Our <a href="release-download-pages.html#download-scripts">download helper script</a> also employ caching to help speed up processing, and its findings
-(whether or not a release is present on the CDN) may be delayed by up to an hour in some circumstances. We therefore advise projects to wait
+<p>Our <a href="release-download-pages.html#download-scripts">download helper script</a> also employ caching to help speed up processing, and its findings
+(whether or not a release is present on the CDN) may be delayed by up to an hour in some circumstances. We therefore advise projects to wait
for one hour after publishing a release before announcing it to the wider public.</p>
<p>As a rule of thumb, projects should currently:</p>
<ol>
@@ -183,10 +188,10 @@
<li>when the download is present, wait one hour for any caching to reset, then announce the general availability of the release</li>
</ol>
<h2 id="faqs">FAQs<a class="headerlink" href="#faqs" title="Permanent link">¶</a></h2>
+
<ul>
<li><strong>How do I archive an old release?</strong> <code>downloads.apache.org</code> is automatically archived every four hours. Therefore, a copy of every official release exists in the archives. Just delete the copy of the release that is in your project's dist directory. Remember to update any links from the download page related to that release.</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/release-signing.html b/output/release-signing.html
index 140564f..acd94a1 100644
--- a/output/release-signing.html
+++ b/output/release-signing.html
@@ -74,11 +74,14 @@
Signing Releases
</h1>
<h2 id="abstract">Introduction<a class="headerlink" href="#abstract" title="Permanent link">¶</a></h2>
+
<p>The first part of this document gives release managers a basic introduction to release signing. See under <a href="#reading">Further reading</a> for links to authoritative sources of deeper information.</p>
<p>The second part answers some frequently-asked questions from people who download releases from Apache projects.</p>
<p>This document is informative and does not constitute policy.</p>
<h2>Contents</h2>
+
<h3>For release managers</h3>
+
<ul>
<li><a href="#note">Important notes</a></li>
<li><a href="#basic-facts">Basic facts</a></li>
@@ -103,6 +106,7 @@
</ul>
<h2>For release managers</h2>
<h3 id="note">Important notes<a class="headerlink" href="#note" title="Permanent link">¶</a></h3>
+
<p>All new <strong>RSA</strong> keys generated should be at least <strong>4096</strong> bits. <strong>Do not</strong> generate new <strong>DSA</strong> keys.</p>
<p>Recent research has revealed weaknesses in SHA-1, and thus in the DSA and 1024 bit RSA OpenPGP keys which must use this algorithm. Though no realistic attacks have been made public, experience with similar weaknesses in MD5 suggests that further advances may well lead to practical attacks within the next few years. This accords with current NIST guidance on DSA.</p>
<p>The impact of this weakness on Apache can be mitigated by action now. What needs to be done is a little involved, so we have provided complete instructions.</p>
@@ -113,19 +117,21 @@
</ul>
<p>How to find the length of your key is described <a href="#key-length-how-to">here</a>.</p>
<h3 id="basic-facts">The basics<a class="headerlink" href="#basic-facts" title="Permanent link">¶</a></h3>
+
<p>Every artifact distributed by the Apache Software Foundation <strong>must</strong> be accompanied by one file containing an <a href="#openpgp-ascii-detach-sig">OpenPGP-compatible ASCII armored detached signature</a> and another file containing a <a href="release-signing#sha-checksum">SHA</a> or <a href="release-signing#md5">MD5</a>) checksum.</p>
<ul>
<li>MD5 hashes are <strong>deprecated</strong>; please use SHA for new releases.</li>
-<li><strong>Avoid</strong> further use of <code>SHA-1</code>.</li>
+<li><strong>Avoid</strong> further use of <code>SHA-1</code></code>.</li>
</ul>
-<p>Form the names of these files by adding to the name of the artifact the following suffixes:</p>
+<p>Form the names of these files by adding to the name of the artifact the following suffixes:</p></p>
<ul>
<li>the signature by suffixing <code>.asc</code></li>
<li>the checksum by suffixing <code>.md5</code> or <code>.sha[1|256|512]</code> (as appropriate)</li>
</ul>
-<p>Release managers <strong>must not</strong> store private keys used to sign Apache releases on ASF hardware.</p>
+<p>Release managers <strong>must not</strong> store private keys used to sign Apache releases on ASF hardware. </p>
<p>See the <a href="release-distribution.html#sigs-and-sums">release distribution policy</a> for details.</p>
<h3 id="motivation">Why we sign releases<a class="headerlink" href="#motivation" title="Permanent link">¶</a></h3>
+
<p>A signature allows anyone to verify that a file is identical to the one your project's release manager created. Since your project's release has a signature:</p>
<ul>
<li>users can make sure that what they received has not been modified in any way, either accidentally via a faulty transmission channel, or intentionally (with or without malicious intent).</li>
@@ -133,93 +139,116 @@
</ul>
<p><a href="#openpgp">OpenPGP</a> <a href="#verifying-signature">signatures</a> confer the usual advantages of digital signatures: authentication, integrity and non-repudiation. <a href="#md5">MD5</a> and <a href="#sha-checksum">SHA</a> checksums only provide the integrity part as they are not encrypted.</p>
<h3 id="security-basics">Security checklist<a class="headerlink" href="#security-basics" title="Permanent link">¶</a></h3>
+
<ul>
<li><a href="#private-key-protection">Protect</a> your <a href="#public-private">private key</a></li>
<li>Choose a <a href="#passphrase">good passphrase</a></li>
<li>Opt for a reasonably <a href="#key-length">long key length</a></li>
</ul>
<h3 id="signing-basics">Signing basics<a class="headerlink" href="#signing-basics" title="Permanent link">¶</a></h3>
+
<ul>
<li>Signatures should be <a href="#openpgp-ascii-detach-sig">ASCII armored and detached</a>.</li>
<li>You should <a href="#export">export</a> your <a href="#public-private">public key</a> and append the result to the appropriate <a href="#keys-policy">KEYS</a> file(s).</li>
</ul>
<h3 id="sign-release">How do I sign a release?<a class="headerlink" href="#sign-release" title="Permanent link">¶</a></h3>
+
<p>Create a <a href="#openpgp-ascii-detach-sig">OpenPGP compatible ASCII armored detached signature</a> for the released artifact. Upload the signature with the released artifact. See <a href="#basics">here</a> for a basic overview.</p>
<h3 id="openpgp-ascii-detach-sig">What Is an OpenPGP compatible ASCII armored detached signature?<a class="headerlink" href="#openpgp-ascii-detach-sig" title="Permanent link">¶</a></h3>
+
<p>It is</p>
<ul>
-<li>an <a href="#openpgp">OpenPGP</a> compatible</li>
-<li><a href="#ascii">ASCII armored</a></li>
+<li>an <a href="#openpgp">OpenPGP</a> compatible </li>
+<li><a href="#ascii">ASCII armored</a> </li>
<li><a href="#detach-sig">detached signature</a></li>
</ul>
<p>To create one using <a href="https://www.gnupg.org" target="_blank">GNU Privacy Guard</a> for file
<code>foo.tar.gz</code>, type:</p>
-<pre><code>$ gpg --armor --output foo.tar.gz.asc --detach-sig foo.tar.gz
-</code></pre>
-<h3 id="md5">What is an MD5 checksum?<a class="headerlink" href="#md5" title="Permanent link">¶</a></h3>
-<p>MD5 is a <a href="http://www.faqs.org/rfcs/rfc1321.html" target="_blank">well known</a> <a href="#message-digest">message
-digest algorithm</a>. Many tools are available to calculate these sums. For example, you can use <a href="https://www.openssl.org/" target="_blank">OpenSSL</a>:</p>
-<pre><code>$ openssl md5 < file
-</code></pre>
-<p>Platform-specific applications are also common, such as <code>md5sum</code> on linux:</p>
-<pre><code>$ md5sum file
-</code></pre>
-<p>With GnuPG:</p>
-<pre><code>$ gpg --print-md MD5 [fileName] > [fileName].md5
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--armor<span class="w"> </span>--output<span class="w"> </span>foo.tar.gz.asc<span class="w"> </span>--detach-sig<span class="w"> </span>foo.tar.gz<span class="w"> </span>
+</code></pre></div>
-</code></pre>
+<h3 id="md5">What is an MD5 checksum?<a class="headerlink" href="#md5" title="Permanent link">¶</a></h3>
+
+<p>MD5 is a <a href="http://www.faqs.org/rfcs/rfc1321.html" target="_blank">well known</a> <a href="#message-digest">message
+digest algorithm</a>. Many tools are available to calculate these sums. For example, you can use <a href="https://www.openssl.org/" target="_blank">OpenSSL</a>:</p>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openssl<span class="w"> </span>md5<span class="w"> </span><<span class="w"> </span>file
+</code></pre></div>
+
+<p>Platform-specific applications are also common, such as <code>md5sum</code> on linux:</p>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>md5sum<span class="w"> </span>file
+</code></pre></div>
+
+<p>With GnuPG:</p>
+<div class="highlight"><pre><span></span><code><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="c1">--print-md MD5 [fileName] > [fileName].md5</span>
+</code></pre></div>
+
<p>Run the command in the same directory as the file so the output only contains the file name with no directory prefixes.</p>
<p><strong>Note</strong> that the security of MD5 is now <a href="#md5-security">questionable</a> and is only useful as part of a defense in depth.</p>
<h3 id="sha-checksum">What is an SHA checksum?<a class="headerlink" href="#sha-checksum" title="Permanent link">¶</a></h3>
+
<p>Like <a href="#md5">MD5</a>, <a href="http://www.ietf.org/rfc/rfc3174.txt">SHA</a> is a <a href="#message-digest">message digest</a> algorithm. Using GnuPG, you can create a SHA1 signature as follows:</p>
-<pre><code> $ gpg --print-md SHA1 [fileName] > [fileName].sha1
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="c1">--print-md SHA1 [fileName] > [fileName].sha1</span>
+</code></pre></div>
+
<p><strong>Avoid</strong> further use of <a href="#sha1">SHA-1</a>. <code>SHA256</code> and <code>SHA512</code> use the same <code>SHA</code> algorithm family with longer hash
lengths (256 and 512 bits respectively). These longer variations are less vulnerable to the weaknesses found in the algorithm family than <code>SHA1</code>. Apache recommends using <a href="#sha1">SHA512</a>.</p>
<p>To create a <code>SHA512</code> checksum use:</p>
-<pre><code> $ sha512sum [fileName] > [fileName].sha512
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">sha512sum</span><span class="w"> </span><span class="o">[</span><span class="n">fileName</span><span class="o">]</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="o">[</span><span class="n">fileName</span><span class="o">]</span><span class="p">.</span><span class="n">sha512</span>
+</code></pre></div>
+
<p>Run the command in the same directory as the file so the output only contains the file name with no directory prefixes.</p>
<p>There are other members of the <code>SHA</code> family that are rarely used.</p>
<h3 id="message-digest">Message digest algorithms<a class="headerlink" href="#message-digest" title="Permanent link">¶</a></h3>
-<p>A message digest algorithm takes a document and produces a much smaller hash of that document. A good algorithm will produce different digests for very similar documents. A good algorithm makes it <a href="#infeasible">infeasible</a> to create a message matching a given hash.</p>
+
+<p>A message digest algorithm takes a document and produces a much smaller hash of that document. A good algorithm will produce different digests for very similar documents. A good algorithm makes it <a href="#infeasible">infeasible</a> to create a message matching a given hash.</p></p>
<p>You can use a trusted digest for a document can be used to verify the contents of an untrusted file. You can deliver the digest, which has a small size over a secure but expensive channel while delivering the untrusted file over an insecure but inexpensive one. This is useful when distributing releases.</p>
<h3 id="infeasible">Why infeasible and not impossible?<a class="headerlink" href="#infeasible" title="Permanent link">¶</a></h3>
+
<p>Responsible cryptography talks about infeasible cracks (rather than impossible ones) since this is more accurate. All current practical methods can be subjected to brute force attacks and so can be cracked. So a better question is whether attacks are feasible <em>given the current state of the art</em>.</p>
<h3 id="openpgp-applications">Applications that create OpenPGP-compatible signatures<a class="headerlink" href="#openpgp-applications" title="Permanent link">¶</a></h3>
+
<p>Many applications are available (some commercial, some freeware, some software libre) to help you sign releases. Whichever one you choose, please subscribe to the appropriate security lists and keep the application fully patched.</p>
<p>Apache recommends that ASF release managers use <a href="https://www.gnupg.org" target="_blank">GNU Privacy Guard</a>.</p>
<h3 id="where">Where should I create the signatures?<a class="headerlink" href="#where" title="Permanent link">¶</a></h3>
+
<p>Creating signatures requires the private key. Keep limited copies of the private key securely and confidentially. Though the file used
-to store the private key is typically protected by encryption, it is vulnerable to dictionary attacks on the <a href="#passphrase">passphrase</a>. So keep this file secret.</p>
+to store the private key is typically protected by encryption, it is vulnerable to dictionary attacks on the <a href="#passphrase">passphrase</a>. So keep this file secret. </p>
<p>Create signatures on the machine where you store the private key, on secure hardware with limited read permissions, protected by a good
<a href="#passphrase">passphrase</a>. Consider using removable media or an <a href="#isolated-installation">isolated
installation</a>.</p>
<p>A master private key used to sign Apache artifacts (or to secure communications with the ASF) is particularly valuable. If you want or need to be able to create signatures for other purposes (for example, signing email messages) in other, less secure, locations, create multiple <a href="#email-subkey">sub keys</a> for these purposes.</p>
<p>Do <strong>not</strong> store your private key on any ASF machine. Do <strong>not</strong> create signatures on ASF machines.</p>
<h3 id="insecure-memory">What is 'insecure memory'?<a class="headerlink" href="#insecure-memory" title="Permanent link">¶</a></h3>
+
<p>When you use <a href="http://www.gnupg.org">GNU Privacy Guard</a> you may see a warning similar to:</p>
-<pre><code>gpg: WARNING: using insecure memory!
-gpg: please see http://www.gnupg.org/faq.html for more information
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">gpg</span><span class="o">:</span><span class="w"> </span><span class="n">WARNING</span><span class="o">:</span><span class="w"> </span><span class="n">using</span><span class="w"> </span><span class="n">insecure</span><span class="w"> </span><span class="n">memory</span><span class="o">!</span>
+<span class="n">gpg</span><span class="o">:</span><span class="w"> </span><span class="n">please</span><span class="w"> </span><span class="n">see</span><span class="w"> </span><span class="n">http</span><span class="o">://</span><span class="n">www</span><span class="o">.</span><span class="na">gnupg</span><span class="o">.</span><span class="na">org</span><span class="o">/</span><span class="n">faq</span><span class="o">.</span><span class="na">html</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">more</span><span class="w"> </span><span class="n">information</span>
+</code></pre></div>
+
<p>If you are using GnuPG on Apache hardware, please read <a href="#where">this</a>. Do <strong>not</strong> carry out sensitive operations using a private key on ASF hardware.</p>
<p>If you encounter this issue elsewhere, it indicates that GnuPG cannot lock memory pages, so they may be swapped out to disc. It would
-then be feasible for an attacker who had gained access to the machine to read the private key from the swap file. For more details, read the <a href="https://www.gnupg.org/faq.html" target="_blank">FAQ</a>.</p>
+then be feasible for an attacker who had gained access to the machine to read the private key from the swap file. For more details, read the <a href="https://www.gnupg.org/faq.html" target="_blank">FAQ</a>.</p></p>
<h3 id="secure-machine">How secure does the machine I use to sign releases need to be?<a class="headerlink" href="#secure-machine" title="Permanent link">¶</a></h3>
+
<p>If the code signing machine is <a href="http://www.catb.org/~esr/jargon/html/O/owned.html">owned</a>, it is only a matter of time before the key is compromised.</p>
<p>At a minimum, the machine should well maintained: kept up to date with security patches and with appropriate anti-virus and firewall software. The ideal is an isolated, well-maintained installation that you only use for creating releases. You can achieve this with a little effort by creating an <a href="#isolated-installation">isolated installation</a> on a separate hard disc (which is physically disconnected when not in use signing releases) or a live CD.</p>
<h3 id="md5-security">Is MD5 still secure?<a class="headerlink" href="#md5-security" title="Permanent link">¶</a></h3>
+
<p>Though <a href="#infeasible">feasible</a> collision attacks that can defeat MD5 are known, they are still computationally expensive. MD5 may still be useful as an additional layer in a defense in depth, but Apache does <strong>not recommend</strong> it as your single security option.</p>
<h3 id="sha1">Is SHA-1 still secure?<a class="headerlink" href="#sha1" title="Permanent link">¶</a></h3>
+
<p>Research has revealed weaknesses in this algorithm. Though there are no practical attacks known at the time of writing, experience with similar weaknesses in <a href="#md5-security">MD5</a> suggest that code signers should move away from this algorithm.</p>
<p>Breaking the longest members of this family (<code>SHA512</code> and <code>SHA256</code>) is still considered <a href="#infeasible">infeasible</a>. Until <a href="#sha3">SHA-3</a> is available, avoid new uses of <code>SHA-1</code> and use <code>SHA512</code> or <code>SHA256</code> instead.</p>
<h4 id="sha3">What is SHA-3?<a class="headerlink" href="#sha3" title="Permanent link">¶</a></h4>
+
<p>SHA-3 is the designation for a new <a href="#message-digest">cryptographic hash algorithm</a> to replace the SHA family. The full standard was issued in 2015, but it hasn't yet been officially introduced into the OpenPGP standard. For that reason GnuPG doesn't support it yet.</p>
<h3 id="secure-hash-algorithms">Which standard cryptographic hash algorithms are secure?<a class="headerlink" href="#secure-hash-algorithms" title="Permanent link">¶</a></h3>
+
<p><a href="#infeasible">Feasible</a> - though expensive - attacks on MD5 have been made public. Similar weaknesses have been found in the SHA family of hashes, though practical attacks are not yet publicly known. However, longer hash sizes offer considerable protection, so larger members of the SHA family still look likely to be secure enough for a number of years.</p>
-<p>SHA512 is the strongest well-studied, widely-used cryptographic hash. It is therefore the best recommendation until <a href="#sha3">SHA3</a> is available.</p>
+<p>SHA512 is the strongest well-studied, widely-used cryptographic hash. It is therefore the best recommendation until <a href="#sha3">SHA3</a> is available.</p></p>
<h3 id="generate">How to generate a code signing key<a class="headerlink" href="#generate" title="Permanent link">¶</a></h3>
-<p>The exact mechanics are <a href="#openpgp-applications">application</a>-dependent. For GnuPG (recommended):</p>
+
+<p>The exact mechanics are <a href="#openpgp-applications">application</a>-dependent. For GnuPG (recommended): </p>
<ul>
<li>Follow the <a href="openpgp.html#generate-key">strong key generation instructions</a></li>
<li>Decide on the <a href="#key-length">right key length</a></li>
@@ -228,46 +257,58 @@
<li>Use the recommended <a href="#user-id">id</a> and <a href="#key-comment">comment</a></li>
</ul>
<h3 id="user-id">The OpenPGP User-ID to use for your code-signing key<a class="headerlink" href="#user-id" title="Permanent link">¶</a></h3>
+
<p>We recommend that you use your Apache email address as the primary <code>User-ID</code> for the code signing key. For example, <code>rdonkin@apache.org</code>.</p>
<h3 id="key-comment">The OpenPGP comment to choose for your code-signing key<a class="headerlink" href="#key-comment" title="Permanent link">¶</a></h3>
+
<p>The comment should include <em>CODE SIGNING KEY</em>. This makes clear the primary use for this key. This can be helpful if you later
generate keys for other uses.</p>
<p>Include the comment <em>NOT FOR CODE SIGNING</em> for keys you generate for other purposes.</p>
<h3 id="keyserver">What is a public key server?<a class="headerlink" href="#keyserver" title="Permanent link">¶</a></h3>
+
<p>A public key server manages <a href="#public-private">public keys</a>. Available functions may vary but typically include <a href="#keyserver-upload">upload</a>, search, and download.</p>
<p>Public key servers exist to distribute public keys. They do not vouch for the actual identity of the owner of each key. You must establish this either directly or through a <a href="#web-of-trust">web of trust</a>. Do not trust a key just because it has been downloaded from a key server.</p>
<p>The major public key servers synchronize their records regularly so you only need to upload a key to one and rely on that server to disseminate it to the other key servers. We recommend using <a href="https://keys.openpgp.org/" target="_blank">OpenPGP Public Key Server</a>.</p>
<h3 id="keyserver-upload">How to upload a key to a public key server<a class="headerlink" href="#keyserver-upload" title="Permanent link">¶</a></h3>
+
<p>There are two common ways to upload a key to a <a href="#keyserver">public key server</a>:</p>
<ul>
<li>Most key servers let you upload <a href="#export">exports</a> through their websites</li>
<li>Use automatic facilities built into most <a href="#openpgp">OpenPGP</a> <a href="#openpgp-applications">implementations</a></li>
</ul>
<p>For example, using <a href="https://www.gnupg.org" target="_blank">GNU Privacy Guard</a>, send the key with <a href="#key-id">ID</a> B1313DE2 to the default public key server by:</p>
-<pre><code>$ gpg --send-key B13131DE2
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--send-key<span class="w"> </span>B13131DE2
+</code></pre></div>
+
<p>You must export each changed key separately.</p>
<h3 id="update-web-of-trust">How to make sure your local web of trust is up-to-date<a class="headerlink" href="#update-web-of-trust" title="Permanent link">¶</a></h3>
+
<p>The public web of trust grows constantly as people sign new keys and upload the new signatures onto the network of <a href="#keyserver">public key servers</a>. You should refresh public keys periodically to make sure that your local web of trust is as full as possible. Many <a href="#openpgp">OpenPGP</a> <a href="#openpgp-applications">clients</a> make it easy to refresh keys by
querying a public key server. For example, to refresh all keys using <a href="https://www.gnupg.org" target="_blank">GNU Privacy Guard</a>, use:</p>
-<pre><code>$ gpg --refresh-keys
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--refresh-keys
+</code></pre></div>
+
<h3 id="export">How to export a key</h3>
+
<p>You can export a public key through <a href="https://www.gnupg.org" target="_blank">OpenPGP</a> by using
-<code>--export</code>. Typically, the export should be ASCII armored.</p>
+<code>--export</code>. Typically, the export should be ASCII armored. </p>
<p>To export all public keys to the command line use:</p>
-<pre><code>gpg --export --armor
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="k">export</span><span class="w"> </span><span class="o">--</span><span class="n">armor</span>
+</code></pre></div>
+
<p>In most cases, it is better to export all keys - this ensures that signatures made on other keys will be exported. However, it is possible to export just one key by specifying it on the command line.</p>
<p>You can export secret keys. However, this poses a security risk and there are better solutions for most common use cases. For
example, copying the <code>GNUPGHOME</code> directory (typically <code>~/.gnupg</code>) is a better way to transfer an <a href="https://www.gnupg.org" target="_blank">OpenPGP</a> keyring from one machine to another.</p>
<h3 id="key-id">What a key ID is<a class="headerlink" href="#key-id" title="Permanent link">¶</a></h3>
+
<p>A key ID is similar to a <a href="#fingerprint">fingerprint</a> but is much smaller in length. There is no guarantee that key IDs are unique. Consequently, we strongly recommend that you check the key's fingerprint before signing with it. People us key IDs for locating keys and identifying keys already contained within the keyring.</p>
<p>A short guide to discovering the key ID for a key is <a href="openpgp.html#find-key-id">available</a>.</p>
<h3 id="subkey">What a sub key is<a class="headerlink" href="#subkey" title="Permanent link">¶</a></h3>
+
<p>Each <a href="#openpgp">OpenPGP</a> keyring has a single master key. This key is for signing only. It may also optionally have a number of sub keys for encryption and signing.</p>
<p>If you want to sign emails using a key related to one you use to sign code, we recommend that you use a signing <a href="#email-subkey">sub key</a>.</p>
<h3 id="email-subkey">How to use a sub key to sign emails<a class="headerlink" href="#email-subkey" title="Permanent link">¶</a></h3>
+
<p>To keep a code signing key <a href="#safe-and-secure">safe and secure</a> we recommend that you don't keep the key on a drive on a regular development machine. This means that you should not use the master key directly to sign emails. However, there are occasions when digitally signed emails are desirable.</p>
<p>To do that, create a sub key for email signing and export it to your regular machine. You can then keep the master key safely
offline. For more details, read <a href="https://www.gnupg.org/(en)/faq/subkey-cross-certify.html" target="_blank">Subkey cross
@@ -275,72 +316,87 @@
<p><strong>Note</strong> that some <a href="#keyserver">public key servers</a> do not handle sub keys correctly. It may be necessary to use one on the
<a href="https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Home" target="_blank">SKS</a> network.</p>
<h3 id="quick-signing">A quick way to sign several distributions<a class="headerlink" href="#quick-signing" title="Permanent link">¶</a></h3>
+
<p>The private <code>https://svn.apache.org/repos/private/committers</code> repository contains scripts that assist with batch signing several distributions at one time.</p>
<h3 id="transfer-secret-keys">How to transfer a secret key<a class="headerlink" href="#transfer-secret-keys" title="Permanent link">¶</a></h3>
+
<p>The way to transfer secret keys depends on the application you are using. Instructions for GnuPG are <a href="openpgp.html#secret-key-transfer">available</a>.</p>
<h3 id="two-keys">Why some people have two keys<a class="headerlink" href="#two-keys" title="Permanent link">¶</a></h3>
+
<p>When you switch from an uncompromised key to another, usually stronger, one, it is convenient to use a <a href="#transition">transition period</a>. During a transition, both keys are trustworthy but you only use the newer one to sign documents and certify links in the <a href="#web-of-trust">web of trust</a>.</p>
<h3 id="transition">What a transition period for keys is<a class="headerlink" href="#transition" title="Permanent link">¶</a></h3>
+
<p>When you replace one uncompromised key with a newer and usually larger one, a transition period during which both keys are trustworthy and participate in the <a href="#web-of-trust">web of trust</a> allows - by <a href="#web-of-trust">trust transitivity</a> - links to the old key to be used to trust signatures and links created by the new key. During a transition, both keys are trustworthy but you only use the newer oneto sign documents and certify links in the <a href="#web-of-trust">web of trust</a>.</p>
<h3 id="how-to-transition">How to transition from a short to a longer key<a class="headerlink" href="#how-to-transition" title="Permanent link">¶</a></h3>
+
<p>If you have a short but uncompromised key and would like to <a href="#transition">transition</a> to a longer one, follow these
<a href="key-transition.html">instructions</a>.</p>
<p>If your key has been compromised then you <strong>must not</strong> transition. <a href="#revoke-key">Revoke</a> the old key and replace it with a new one immediately. <strong>Do not</strong> use a transition period.</p>
<h3 id="update-document">I have a new key. What Apache documents do I have to update?<a class="headerlink" href="#update-document" title="Permanent link">¶</a></h3>
+
<p>There are several Apache documents you have to update when you have a new key. Follow these <a href="openpgp.html#update">instructions</a>.</p>
<h3 id="rsa">What RSA is<a class="headerlink" href="#rsa" title="Permanent link">¶</a></h3>
<p>RSA is a well known public key cryptography algorithm which supports signing and encryption. See <a href="#reading">further reading</a> for more details.</p>
+
<h3 id="key-length-how-to">How to find the length of a key<a class="headerlink" href="#key-length-how-to" title="Permanent link">¶</a></h3>
+
<p>The easiest way to discover the length of a key with id <code>KEYID</code> is to use <code>gpg --list-keys KEYID</code>. This prints basic information about the key. The first line includes the size in the second column, just before the id.
For example:</p>
-<pre><code>$ gpg --list-keys B1313DE2
-pub 1024D/B1313DE2 2003-01-15
-uid Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>
-uid Robert Burrell Donkin <robertburrelldonkin@gmail.com>
-uid Robert Burrell Donkin <robertburrelldonkin@blueyonder.co.uk>
-sub 4096R/40A882CB 2009-06-18 [expires: 2010-06-18]</p>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--list-keys<span class="w"> </span>B1313DE2
+pub<span class="w"> </span>1024D/B1313DE2<span class="w"> </span>2003-01-15
+uid<span class="w"> </span>Robert<span class="w"> </span>Burrell<span class="w"> </span>Donkin<span class="w"> </span>(CODE<span class="w"> </span>SIGNING<span class="w"> </span>KEY)<span class="w"> </span><span class="nt"><rdonkin</span><span class="err">@apache.org</span><span class="nt">></span>
+uid<span class="w"> </span>Robert<span class="w"> </span>Burrell<span class="w"> </span>Donkin<span class="w"> </span><span class="nt"><robertburrelldonkin</span><span class="err">@gmail.com</span><span class="nt">></span>
+uid<span class="w"> </span>Robert<span class="w"> </span>Burrell<span class="w"> </span>Donkin<span class="w"> </span><span class="nt"><robertburrelldonkin</span><span class="err">@blueyonder.co.uk</span><span class="nt">></span>
+sub<span class="w"> </span>4096R/40A882CB<span class="w"> </span>2009-06-18<span class="w"> </span>[expires:<span class="w"> </span>2010-06-18]<span class="nt"></p></span>
-$ gpg --list-keys A6EE6908
-pub 8192R/A6EE6908 2009-08-07
-uid Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>
-sub 8192R/B800EFC1 2009-08-07
-</code></pre>
+$<span class="w"> </span>gpg<span class="w"> </span>--list-keys<span class="w"> </span>A6EE6908
+pub<span class="w"> </span>8192R/A6EE6908<span class="w"> </span>2009-08-07
+uid<span class="w"> </span>Robert<span class="w"> </span>Burrell<span class="w"> </span>Donkin<span class="w"> </span>(CODE<span class="w"> </span>SIGNING<span class="w"> </span>KEY)<span class="w"> </span><span class="nt"><rdonkin</span><span class="err">@apache.org</span><span class="nt">></span>
+sub<span class="w"> </span>8192R/B800EFC1<span class="w"> </span>2009-08-07
+</code></pre></div>
+
<p>shows that key <code>B1313DE2</code> has length 1024 and <code>A6EE6908</code> length 8192.</p>
<h2 id="key-basics">Key basics<a class="headerlink" href="#key-basics" title="Permanent link">¶</a></h2>
+
<p>To sign releases, you need to <a href="#generate">generate</a> a new master key-pair for code signing. Follow these <a href="openpgp.html#generate-key" target="_blank">instructions</a>.</p>
<h3 id="keys-policy">The KEYS File<a class="headerlink" href="#keys-policy" title="Permanent link">¶</a></h3>
-<p>The KEYS file is a plain-text file containing the public key signatures of the release managers (and optionally other committers) for the project. A good example is the <a href="https://downloads.apache.org/ant/KEYS" target="_blank">Apache Ant KEYS file</a>.</p>
+
+<p>The KEYS file is a plain-text file containing the public key signatures of the release managers (and optionally other committers) for the project. A good example is the <a href="https://downloads.apache.org/ant/KEYS" target="_blank">Apache Ant KEYS file</a>. </p>
<p>It is traditional to include the following header to explain how to use the file. These commands generate a descriptive comment describing the key, followed by the key itself. Key handling software ignores the comments when importing a key file:</p>
-<pre><code>This file contains the PGP keys of various developers.</p>
-Users: pgp < KEYS
-or
- gpg --import KEYS
-
-Developers:
- pgp -kxa <your name> and append it to this file.
-or
- (pgpk -ll <your name> && pgpk -xa <your name>) >> this file.
-or
- (gpg --list-sigs <your name> && gpg --armor --export <your name>) >> this file.
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="n">This</span><span class="w"> </span><span class="n">file</span><span class="w"> </span><span class="n">contains</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">PGP</span><span class="w"> </span><span class="n">keys</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">various</span><span class="w"> </span><span class="n">developers</span><span class="o">.</</span><span class="n">p</span><span class="o">></span>
+<span class="n">Users</span><span class="p">:</span><span class="w"> </span><span class="n">pgp</span><span class="w"> </span><span class="o"><</span><span class="w"> </span><span class="n">KEYS</span>
+<span class="ow">or</span>
+<span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="kn">import</span><span class="w"> </span><span class="nn">KEYS</span>
+
+<span class="n">Developers</span><span class="p">:</span><span class="w"> </span>
+<span class="w"> </span><span class="n">pgp</span><span class="w"> </span><span class="o">-</span><span class="n">kxa</span><span class="w"> </span><span class="o"><</span><span class="n">your</span><span class="w"> </span><span class="n">name</span><span class="o">></span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">append</span><span class="w"> </span><span class="n">it</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">file</span><span class="o">.</span>
+<span class="ow">or</span>
+<span class="w"> </span><span class="p">(</span><span class="n">pgpk</span><span class="w"> </span><span class="o">-</span><span class="n">ll</span><span class="w"> </span><span class="o"><</span><span class="n">your</span><span class="w"> </span><span class="n">name</span><span class="o">></span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">pgpk</span><span class="w"> </span><span class="o">-</span><span class="n">xa</span><span class="w"> </span><span class="o"><</span><span class="n">your</span><span class="w"> </span><span class="n">name</span><span class="o">></span><span class="p">)</span><span class="w"> </span><span class="o">>></span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">file</span><span class="o">.</span>
+<span class="ow">or</span>
+<span class="w"> </span><span class="p">(</span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="nb">list</span><span class="o">-</span><span class="n">sigs</span><span class="w"> </span><span class="o"><</span><span class="n">your</span><span class="w"> </span><span class="n">name</span><span class="o">></span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="n">armor</span><span class="w"> </span><span class="o">--</span><span class="n">export</span><span class="w"> </span><span class="o"><</span><span class="n">your</span><span class="w"> </span><span class="n">name</span><span class="o">></span><span class="p">)</span><span class="w"> </span><span class="o">>></span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">file</span><span class="o">.</span>
+</code></pre></div>
+
<p>Store the KEYS file with the release archives to which it applies at the top level of the ASF mirror area for the project. This makes it available for users to download, and for automatic archiving with its release. For example, the Ant KEYS file is in the directory <code>https://downloads.apache.org/ant</code>. The corresponding SVN area is at <code>https://dist.apache.org/repos/dist/release/ant</code>.</p>
<p>Since users may need the KEYS file to check signatures for archived releases, it is important to retain in the file all keys that have ever been used to sign releases. Add entries with eadch new key the project uses, but do not remove entries.</p>
<p><a href="#pke">Applied cryptography</a> is a subject that has considerable depth. Luckily, it's possible to get started signing releases without being an expert. Just remember that you will encounter some situations that require research and learning. We hope the
<a href="#faq">FAQ</a> will be a reasonable first port of call.</p>
<p>You need an <a href="#openpgp-applications">application</a> to manage keys and create signatures. We recommend <a href="http://www.gnupg.org/">GNU Privacy Guard</a>, and the Apache documentation generally assumes that's what
-you're using. (We welcome contributions that document use of other tools.) Read the <a href="openpgp.html#gnupg">Apache PGP user guide</a> and keep the <a href="https://www.gnupg.org/gph/en/manual.html" target="_blank">manual</a> handy.</p>
+you're using. (We welcome contributions that document use of other tools.) Read the <a href="openpgp.html#gnupg">Apache PGP user guide</a> and keep the <a href="https://www.gnupg.org/gph/en/manual.html" target="_blank">manual</a> handy. </p>
<p>GnuPG can handle MD5 and SHA checksums as well as PGP signatures. It is your all-in-one cross-platform tool for release signing and verification.</p>
<p><strong>Note:</strong> It can be hard for newbies to be confident that they have executed operations correctly. Consider doing some <a href="#safe-practice">practice</a> before you try to sign an actual release.</p>
<h3 id="openpgp">What is OpenPGP?<a class="headerlink" href="#openpgp" title="Permanent link">¶</a></h3>
-[OpenPGP](openpgp.html) is an <a href="http://www.ietf.org/rfc/rfc2440.txt" target="_blank">RFC</a> describing a system for interoperable <a href="#pke">public key cryptography</a>. Various implementations exist. Apache recommends <a href="https://www.gnupg.org/" target="_blank">GNU Privacy Guard</a> (GnuPG), an open-source, OpenPGP compatible implementation. It comes with <a href="https://www.gnupg.org/(en)/documentation/guides.html" target="_blank">good documentation</a> that describes GnuPG and gives a good general introduction to public key cryptography.
+<p><a href="openpgp.html">OpenPGP</a> is an <a href="http://www.ietf.org/rfc/rfc2440.txt" target="_blank">RFC</a> describing a system for interoperable <a href="#pke">public key cryptography</a>. Various implementations exist. Apache recommends <a href="https://www.gnupg.org/" target="_blank">GNU Privacy Guard</a> (GnuPG), an open-source, OpenPGP compatible implementation. It comes with <a href="https://www.gnupg.org/(en)/documentation/guides.html" target="_blank">good documentation</a> that describes GnuPG and gives a good general introduction to public key cryptography.</p>
<h3 id="pke">What is public key cryptography?<a class="headerlink" href="#pke" title="Permanent link">¶</a></h3>
-Public key cryptography is asymmetric. You use one key to encrypt a message which only the other key can decrypt. You can share the first key publicly without compromising the security of the second key. One key is therefore called the _public key_ and one the _private key_.
-<p>When you use public key cryptography, you can freely distribute the public key, but you must keep the private key secret. It is vital to <a href="#private-key-protection">protect</a> private key files.. Private keys are typically stored in files protected by symmetric encryption. Choose a strong <a href="#passphrase">passphrase</a> to protect the file.</p>
+<p>Public key cryptography is asymmetric. You use one key to encrypt a message which only the other key can decrypt. You can share the first key publicly without compromising the security of the second key. One key is therefore called the <em>public key</em> and one the <em>private key</em>.</p>
+<p>When you use public key cryptography, you can freely distribute the public key, but you must keep the private key secret. It is vital to <a href="#private-key-protection">protect</a> private key files.. Private keys are typically stored in files protected by symmetric encryption. Choose a strong <a href="#passphrase">passphrase</a> to protect the file.</p></p>
<h3 id="detach-sig">What is a detached signature?<a class="headerlink" href="#detach-sig" title="Permanent link">¶</a></h3>
+
<p>You create a digital signature from an original document using a <a href="#pke">private key</a>. Possession of the corresponding public key allows verification that a given file is identical to the original document. An <em>attached signature</em> is attached to the document whereas a <em>detached signature</em> is contained in a separate file.</p>
<h3 id="ascii">What is ASCII armoring?<a class="headerlink" href="#ascii" title="Permanent link">¶</a></h3>
+
<p>ASCII armoring is an encoding format that converts a binary file into a string of ASCII characters. This format is more human readable and more portable than other formats.</p>
<h2 id="safe-practice">How can I safely practice using OpenPGP?<a class="headerlink" href="#safe-practice" title="Permanent link">¶</a></h2>
+
<p>To practice using OpenPGP, use separate environments. each with a different practice keyring.</p>
<p>For example, using <a href="http://www.gnupg.org" target="_blank">GNU Privacy Guard</a>:</p>
<ul>
@@ -351,15 +407,19 @@
<li>Set up the environment: <code>export GNUPGHOME=.gnupg</code></li>
</ul>
<h2 id="web-of-trust">What is a Web Of Trust?<a class="headerlink" href="#web-of-trust" title="Permanent link">¶</a></h2>
+
<p>It is difficult to personally verify the identity of all useful <a href="#pke">public keys</a>. However, having verified the identity of only a small number of public keys it is possible to deduce the identity of public keys trusted by the owners of these keys. This process can be repeated. This extended graph of trusted identities is termed a <a href="http://en.wikipedia.org/wiki/Web_of_trust" target="_blank">>web of trust</a>.</p>
<p>You can use webs of trust to solve the problem of verifying the identity of public keys.</p>
-<p><strong>Note:</strong> to take full advantage of a web of trust, it is important to actively build your personal web of trust into the major public webs of trust. Conferences are an ideal opportunity for exchanging key information, but you must come <a href="#link-into-wot">prepared</a>.</p>
+<p><strong>Note:</strong> to take full advantage of a web of trust, it is important to actively build your personal web of trust into the major public webs of trust. Conferences are an ideal opportunity for exchanging key information, but you must come <a href="#link-into-wot">prepared</a>. </p>
<p>For more information read the <a href="https://www.gnupg.org/(en)/documentation/guides.html" target="_blank">GNU Privacy Handbook</a>.</p>
<h3 id="link-into-wot">How do I link into a public web of trust?<a class="headerlink" href="#link-into-wot" title="Permanent link">¶</a></h3>
+
<p>You join a web of trust when an existing member of that web signs your public key to verify your identity. See <a href="openpgp.html#wot">a short explanation</a>.</p>
<h3 id="key-signing-party">What is a key-signing party?<a class="headerlink" href="#key-signing-party" title="Permanent link">¶</a></h3>
+
<p>A key signing party is a meeting organised to allow the exchange of public keys to extend the <a href="#web-of-trust">web of trust</a>. See the <a href="https://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html" target="_blank">Keysigning Party HOWTO</a>.</p>
<h3 id="apache-wot">How can I link my key into the Apache Web of Trust?<a class="headerlink" href="#apache-wot" title="Permanent link">¶</a></h3>
+
<p>You can link into the Apache web of trust by meeting other Apache committers face-to-face and <a href="#link-into-wot">exchanging public
keys</a>:</p>
<ul>
@@ -368,8 +428,10 @@
</ul>
<p>Subscribe to the <code>party</code> list and when you visit a new city, see if committers want to meet up.</p>
<h3 id="public-private">The difference between a public and a private key<a class="headerlink" href="#public-private" title="Permanent link">¶</a></h3>
+
<p>A public key is for verifying signatures and encrypting messages; a private key is for generating signatures and decrypting messages. You can freely distribute public keys safely , but you must keep private keys <a href="#safe-and-secure">protected</a>. More details <a href="#pke">here</a>.</p>
<h3 id="private-key-protection">How to protect your code signing private key<a class="headerlink" href="#private-key-protection" title="Permanent link">¶</a></h3>
+
<p>Anyone who possesses a copy of a <a href="#public-private">private key</a> used to <a href="#sign-release">sign</a> releases can create doctored releases with valid signatures. If this person intends harm then the consequences could be serious indeed. It is therefore very important to keep the private key secret.</p>
<ul>
<li>Only sign releases on a <a href="#secure-machine">secure machine</a>.</li>
@@ -378,23 +440,29 @@
<li>Choose a good <a href="#passphrase">passphrase</a>.</li>
</ul>
<h3 id="safe-and-secure">How safe does the private key need to be?<a class="headerlink" href="#safe-and-secure" title="Permanent link">¶</a></h3>
+
<p>It is vital that the private key is kept safe and secure. Though the file is encrypted using a <a href="#passphrase">passphrase</a> , given enough time any determined cracker will be able to break that encryption. Basic precautions should include ensuring that only the user can read the directories.</p>
<p>However, for code signing keys we recommend taking additional measures. Reduce the window of vulnerability by using an
<a href="#isolated-installation">isolated installation</a> or by storing the private key on removable media (which you should remove and store securely when not actually signing a release.).</p>
<h3 id="isolated-installation">The meaning of 'isolated installation'<a class="headerlink" href="#isolated-installation" title="Permanent link">¶</a></h3>
+
<p>An isolated installation is inaccessible when you are not using it to sign releases. For example, create an installation on a separate hard disc or use a live CD.</p>
<h3 id="key-length">Recommended key length<a class="headerlink" href="#key-length" title="Permanent link">¶</a></h3>
+
<p>The number of operations required to break a key by brute force increases with key size. However, the cost of using the key also rises. You must take into account the planned use of the key. You will use keys for code signing rarely and in situations where performance is not the main concern, so you can use long keys.</p>
<p>Over time, the cost of attacking a key of a given length by brute force falls as computing power increases. So a key whose length
seems adequate today may be seem too short in a few years time. This is a significant issue for long-lived keys such as those used to sign ASF releases, and another reason to use longer keys with releases.</p>
<p>Now that there is doubt about the medium term security of <a href="#sha1">SHA-1</a>, avoid the DSA keys and 1024 bit RSA keys which depend on this algorithm. We recommended that new keys be at least 4096 bit RSA (the longest widely supported key length).</p>
+
<h2 id="passphrase">What is a Passphrase?<a class="headerlink" href="#passphrase" title="Permanent link">¶</a></h2>
+
<p>In cryptography <em>passphrase</em> is often used for what might be known as a password in other contexts. For example, an
<a href="#openpgp">OpenPGP</a> private key is typically stored to disc in a file encrypted by a symmetric cypher keyed by a passphrase. This passphrase is one of the weakest elements in the system: should anyone else gain access to the file then a dictionary attack will be feasible on a weak passphrase. So choosing a strong passphrase is very important.</p>
<p>Passphrases, unlike passwords, are typically unlimited in length. We recommend using long passphrases. You can use sequences of (at least seven) unrelated words or more conventional mixtures of symbols and alphanumerics.</p>
<p>Even a good passphrase offers only limited protection. Given the encrypted file and enough time, a determined cracker will be able to
break any passphrase. A good passphrase will buy important time in the event of a compromise, but is no substitute for keeping the private key <a href="#safe-and-secure">safe and secure</a> in the first place.</p>
<h2 id="revocation-cert">Revocation Certificate basics<a class="headerlink" href="#revocation-cert" title="Permanent link">¶</a></h2>
+
<p><a href="#openpgp">OpenPGP</a> defines a special type of signed message called a <strong>revocation certificate</strong>. This message indicates that the signer believes that the key is no longer trustworthy. Typically, the revocation certificate will be signed by the key to be revoked (though the key may specify that other keys should be trusted for revocation). Use the type of revocation and the comment included to judge how much trust to place in a good signature by a revoked key.</p>
<p>You should generate a revocation certificate for each public key you use. Store the revocation certificates safely, securely and separately from their public keys.</p>
<p>Each revocation certificate has a type specifying a general (machine readable) reason for the revocation:</p>
@@ -406,22 +474,27 @@
</ul>
<p>Create certificates to cover the first two cases. Note that if a key is lost or can no longer be accessed (due to
media failure or some other reason), assume that the key has been potentially compromised. Print copies of the revocation certificates and store them safely to guard against media failure.</p>
-<p>You can generate an <a href="#ascii">ASCII armored</a> revocation certificate for key <code>bob</code> and save it to <code>revoke.asc</code> using <a href="<a href="https://www.gnupg.org">https://www.gnupg.org</a>" target="_blank:>GNU Privacy Guard:</p>
-<pre><code>$ gpg --output revoke.asc --armor --gen-revoke bob
-</code></pre>
+<p>You can generate an <a href="#ascii">ASCII armored</a> revocation certificate for key <code>bob</code> and save it to <code>revoke.asc</code> using <a href="https://www.gnupg.org" target="_blank:>GNU Privacy Guard</a>:</p>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--output<span class="w"> </span>revoke.asc<span class="w"> </span>--armor<span class="w"> </span>--gen-revoke<span class="w"> </span>bob
+</code></pre></div>
+
<p><a href="#revocation-certificate-storage">Securely store</a> the certificate.</p>
-<p>If you are preparing a revocation certificate for future use, you should test it before storing it. See <a href="#safe-practice">safe practice.</a></p>
+<p>If you are preparing a revocation certificate for future use, you should test it before storing it. See <a href="#safe-practice">safe practice.</p>
<h3 id="revoke-key">Revoking a key<a class="headerlink" href="#revoke-key" title="Permanent link">¶</a></h3>
+
<p>To revoke a key with a <a href="#revocation-cert">revocation certificate</a> using <a href="https://www.gnupg.org" target="_blank">GNU Privacy Guard</a>, import the certificate:</p>
-<pre><code>$ gpg --import revoke.asc
-gpg: key 4A03679A: "Some User<someuser@example.org>" revocation
-certificate imported
-gpg: Total number processed: 1
-gpg: new key revocations: 1
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="kn">import</span><span class="w"> </span><span class="nn">revoke.asc</span><span class="w"> </span>
+<span class="n">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="mi">4</span><span class="n">A03679A</span><span class="p">:</span><span class="w"> </span><span class="s2">"Some User<someuser@example.org>"</span><span class="w"> </span><span class="n">revocation</span>
+<span class="n">certificate</span><span class="w"> </span><span class="n">imported</span>
+<span class="n">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">Total</span><span class="w"> </span><span class="n">number</span><span class="w"> </span><span class="n">processed</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span>
+<span class="n">gpg</span><span class="p">:</span><span class="w"> </span><span class="n">new</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">revocations</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span>
+</code></pre></div>
+
<h3 id="revocation-certificate-storage">Where to store revocation certificates<a class="headerlink" href="#revocation-certificate-storage" title="Permanent link">¶</a></h3>
+
<p>Store each revocation certificate securely and separately from the key it revokes. Burning the certificate onto a CDROM or printing it out as a hard copy are good solutions.</p>
<h3 id="revoke-cert">Distributing a revocation certificate<a class="headerlink" href="#revoke-cert" title="Permanent link">¶</a></h3>
+
<p>If a key has been compromised, distribute its <a href="#revocation-cert">revocation certificate</a> to those using the key. This process is a mirror of the process by which you distributred the original key.</p>
<ul>
<li>Inform the Apache infrastructure team by a post containing the revocation certificate.</li>
@@ -430,50 +503,60 @@
<li>Post an announcement to the appropriate lists with the revocation certificate attached.</li>
</ul>
<h3 id="delete-vs-revoke">The difference between deleting and revoking a key<a class="headerlink" href="#delete-vs-revoke" title="Permanent link">¶</a></h3>
+
<p>When you <em>delete</em> a key from a keyring, it is simply removed. You can add it again later.</p>
<p>When you <em>revoke</em> a key, it is marked in the key ring. Whenever a message signed by this key is verified in the future, the user will get a warning that the key has been revoked.</p>
-<p>For example, when you verify a revoked key, <a href="https://www.gnupg.org" target="_blank">GNU Privacy Guard</a> issues the following comment:</p>
-<pre><code>$ gpg --verify message.asc.message
-gpg: Signature made Sat Apr 8 09:28:31 2006 BST using DSA key ID 4A03679A
-gpg: Good signature from "Some User <someuser@example.org>"
-gpg: checking the trustdb
-gpg: checking at depth 0 signed=0 ot(-/q/n/m/f/u)=0/0/0/0/0/1
-gpg: WARNING: This key has been revoked by its owner!
-gpg: This could mean that the signature is forgery.
-gpg: reason for revocation: Key has been compromised
-gpg: revocation comment:
-gpg: WARNING: This key is not certified with a trusted signature!
-gpg: There is no indication that the signature belongs to the
+<p>For example, when you verify a revoked key, <a href="https://www.gnupg.org" target="_blank" target="_blank">GNU Privacy Guard</a> issues the following comment:</p>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--verify<span class="w"> </span>message.asc.message<span class="w"> </span>
+gpg:<span class="w"> </span>Signature<span class="w"> </span>made<span class="w"> </span>Sat<span class="w"> </span>Apr<span class="w"> </span><span class="m">8</span><span class="w"> </span><span class="m">09</span>:28:31<span class="w"> </span><span class="m">2006</span><span class="w"> </span>BST<span class="w"> </span>using<span class="w"> </span>DSA<span class="w"> </span>key<span class="w"> </span>ID<span class="w"> </span>4A03679A
+gpg:<span class="w"> </span>Good<span class="w"> </span>signature<span class="w"> </span>from<span class="w"> </span><span class="s2">"Some User <someuser@example.org>"</span>
+gpg:<span class="w"> </span>checking<span class="w"> </span>the<span class="w"> </span>trustdb
+gpg:<span class="w"> </span>checking<span class="w"> </span>at<span class="w"> </span>depth<span class="w"> </span><span class="m">0</span><span class="w"> </span><span class="nv">signed</span><span class="o">=</span><span class="m">0</span><span class="w"> </span>ot<span class="o">(</span>-/q/n/m/f/u<span class="o">)=</span><span class="m">0</span>/0/0/0/0/1
+gpg:<span class="w"> </span>WARNING:<span class="w"> </span>This<span class="w"> </span>key<span class="w"> </span>has<span class="w"> </span>been<span class="w"> </span>revoked<span class="w"> </span>by<span class="w"> </span>its<span class="w"> </span>owner!
+gpg:<span class="w"> </span>This<span class="w"> </span>could<span class="w"> </span>mean<span class="w"> </span>that<span class="w"> </span>the<span class="w"> </span>signature<span class="w"> </span>is<span class="w"> </span>forgery.
+gpg:<span class="w"> </span>reason<span class="w"> </span><span class="k">for</span><span class="w"> </span>revocation:<span class="w"> </span>Key<span class="w"> </span>has<span class="w"> </span>been<span class="w"> </span>compromised
+gpg:<span class="w"> </span>revocation<span class="w"> </span>comment:<span class="w"> </span>
+gpg:<span class="w"> </span>WARNING:<span class="w"> </span>This<span class="w"> </span>key<span class="w"> </span>is<span class="w"> </span>not<span class="w"> </span>certified<span class="w"> </span>with<span class="w"> </span>a<span class="w"> </span>trusted<span class="w"> </span>signature!
+gpg:<span class="w"> </span>There<span class="w"> </span>is<span class="w"> </span>no<span class="w"> </span>indication<span class="w"> </span>that<span class="w"> </span>the<span class="w"> </span>signature<span class="w"> </span>belongs<span class="w"> </span>to<span class="w"> </span>the
owner.
-Primary key fingerprint: 82D1 169B E6F1 9D14 DA76 A5DD 968E 66E4 4A03 679A
-</code></pre>
+Primary<span class="w"> </span>key<span class="w"> </span>fingerprint:<span class="w"> </span>82D1<span class="w"> </span>169B<span class="w"> </span>E6F1<span class="w"> </span>9D14<span class="w"> </span>DA76<span class="w"> </span>A5DD<span class="w"> </span>968E<span class="w"> </span>66E4<span class="w"> </span>4A03<span class="w"> </span>679A
+</code></pre></div>
+
<h2>FAQs from those downloading releases</h2>
+
<h3 id="verifying-signature">What does verifying a signature mean?<a class="headerlink" href="#verifying-signature" title="Permanent link">¶</a></h3>
+
<p>You can use <a href="#pke">public key cryptography</a> to test whether a particular file is identical in content to an original by verifying a <a href="#detach-sig">signature</a>. The signature file is a <a href="#message-digest">digest</a> of the original file signed by a private key which attests to the digest's authenticity.</p>
<p>For example, when using <a href="https://www.gnupg.org/" target="_blank">GNU Privacy Guard</a> you verify the signature <code>foo-1.0.tar.gz.asc</code> for release <code>foo-1.0.tar.gz</code> using the following command:</p>
-<pre><code>$ gpg --verify foo-1.0.tar.gz.asc foo-1.0.tar.gz
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--verify<span class="w"> </span>foo-1.0.tar.gz.asc<span class="w"> </span>foo-1.0.tar.gz
+</code></pre></div>
+
<p>A signature is valid, if <code>gpg</code> verifies the <code>.asc</code> as a <em>good signature</em>, and doesn't complain about expired
or revoked keys. Technically :</p>
-<pre><code>$ gpg --verify --status-fd 1 foo-1.0.tar.gz.asc foo-1.0.tar.gz
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--verify<span class="w"> </span>--status-fd<span class="w"> </span><span class="m">1</span><span class="w"> </span>foo-1.0.tar.gz.asc<span class="w"> </span>foo-1.0.tar.gz
+</code></pre></div>
+
<p>should classify the <code>.asc</code> as a <code>GOODSIG</code>.</p>
<p>Trust is required in the identity of the public key that made the signature and that the signature is for the original file and not some other file. When verifying a release from an untrusted source (for example, over P2P file sharing or from a mirror) it is important to download the signature from a trusted source. Signatures for all Apache releases are available directly for download from <code>www.apache.org</code>.</p>
<h3 id="check-integrity">How can I check the integrity of a release?<a class="headerlink" href="#check-integrity" title="Permanent link">¶</a></h3>
-<p><a href="#md5">MD5</a> and <a href="#sha-checksum">SHA</a> checksums provide a simple way to verify the integrity of a download. You can simply create a checksum (in the same way as the release manager) after download, and compare the result to the checksum downloaded from the main Apache site. However, this process does not provide for authentication and non-repudiation as anybody can create the same checksum.</p>
+
+<p><a href="#md5">MD5</a> and <a href="#sha-checksum">SHA</a> checksums provide a simple way to verify the integrity of a download. You can simply create a checksum (in the same way as the release manager) after download, and compare the result to the checksum downloaded from the main Apache site. However, this process does not provide for authentication and non-repudiation</a> as anybody can create the same checksum.</p>
<p>You can also check the integrity of a release by <a href="#verifying-signature">verifying the signature</a>. You need more knowledge to correctly interpret the result, but it does provide authentication and non-repudiation. If you are connected to the Apache <a href="#web-of-trust">web of trust</a>, this also offers superior security.</p>
<h3 id="public-key-not-found">What does 'Public key not found' mean when I try to verify a signature?<a class="headerlink" href="#public-key-not-found" title="Permanent link">¶</a></h3>
-To verify a signature, you need the release's public key. For example, when using <a href="https://www.gnupg.org/" target="_blank">GNU Privacy Guard</a>, if you have never imported the appropriate public key, you will see a message like this:
-<pre><code>$ gpg --verify foo-1.0.tar.gz.asc foo-1.0.tar.gz
-gpg: Signature made Mon Sep 26 22:26:18 2005 BST using RSA key ID 00000000
-gpg: Can't check signature: public key not found
-</code></pre>
+<p>To verify a signature, you need the release's public key. For example, when using <a href="https://www.gnupg.org/" target="_blank">GNU Privacy Guard</a>, if you have never imported the appropriate public key, you will see a message like this:</p>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--verify<span class="w"> </span>foo-1.0.tar.gz.asc<span class="w"> </span>foo-1.0.tar.gz
+gpg:<span class="w"> </span>Signature<span class="w"> </span>made<span class="w"> </span>Mon<span class="w"> </span>Sep<span class="w"> </span><span class="m">26</span><span class="w"> </span><span class="m">22</span>:26:18<span class="w"> </span><span class="m">2005</span><span class="w"> </span>BST<span class="w"> </span>using<span class="w"> </span>RSA<span class="w"> </span>key<span class="w"> </span>ID<span class="w"> </span><span class="m">00000000</span>
+gpg:<span class="w"> </span>Can<span class="err">'</span>t<span class="w"> </span>check<span class="w"> </span>signature:<span class="w"> </span>public<span class="w"> </span>key<span class="w"> </span>not<span class="w"> </span>found
+</code></pre></div>
+
<p>You can often download unknown keys from a <a href="#keyserver">public key servers</a>. However, only rely on these if you can confirm them through your <a href="#web-of-trust">web of trust</a>.</p>
<p>Apache projects normally keep the developers' public keys in a file called <code>KEYS</code>. You may be able to find that file on the project's website, or in their code repository. Use</p>
-<pre><code> $ gpg --import KEYS
-</code></pre>
-<p>to import the public keys.</p>
+<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">gpg</span><span class="w"> </span><span class="o">--</span><span class="kn">import</span><span class="w"> </span><span class="nn">KEYS</span>
+</code></pre></div>
+
+<p>to import the public keys.</p></p>
<h3 id="trust">What is a trusted key?<a class="headerlink" href="#trust" title="Permanent link">¶</a></h3>
+
<p><a href="#openpgp">OpenPGP</a> uses a <a href="#web-of-trust">web of trust</a>. The owner of a public key who trusts the identity of a second key may mark this key as trusted by signing it. This has several major effects:</p>
<ul>
<li>In future, no <a href="#valid-untrusted-vs-invalid-trusted">untrusted key warning</a> appears when a valid signature for
@@ -485,36 +568,43 @@
<p>For more information read the <a href="https://www.gnupg.org/(en)/documentation/guides.html" target="_blank">GNU Privacy Guard User
Guide</a>.</p>
<h3 id="valid-untrusted-vs-invalid-trusted">What is the difference between a valid signature from an untrusted key an invalid signature from a trusted key?<a class="headerlink" href="#valid-untrusted-vs-invalid-trusted" title="Permanent link">¶</a></h3>
+
<p>Trustfulness and validity are different concepts. You may elect to trust the identity of a key to various degrees (or not at all). For a particular key, a particular signature for a particular file may be valid (created by the private key from an identical file) or invalid
(either corrupt or created from a different file).</p>
<p>Do not trust a file with an invalid signature. You can trust a file with a valid signature as much as you trust the identity of the key that was used to verify the signature.</p>
<p>For example, when you use <a href="https://www.gnupg.org/" target="_blank">GNU Privacy Guard</a>, a message similar to the following indicates that the signature is invalid:</p>
-<pre><code>$ gpg --verify foo-1.0.tar.gz.asc foo-1.0.tar.gz
-gpg: Signature made Mon Sep 26 22:26:18 2005 BST using RSA key ID 00000000
-gpg: BAD signature from "someone@example.org"
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--verify<span class="w"> </span>foo-1.0.tar.gz.asc<span class="w"> </span>foo-1.0.tar.gz
+gpg:<span class="w"> </span>Signature<span class="w"> </span>made<span class="w"> </span>Mon<span class="w"> </span>Sep<span class="w"> </span><span class="m">26</span><span class="w"> </span><span class="m">22</span>:26:18<span class="w"> </span><span class="m">2005</span><span class="w"> </span>BST<span class="w"> </span>using<span class="w"> </span>RSA<span class="w"> </span>key<span class="w"> </span>ID<span class="w"> </span><span class="m">00000000</span>
+gpg:<span class="w"> </span>BAD<span class="w"> </span>signature<span class="w"> </span>from<span class="w"> </span><span class="s2">"someone@example.org"</span>
+</code></pre></div>
+
<p>A message similar to the following indicates that the signature is valid but for an untrusted key:</p>
-<pre><code>$ gpg --verify foo-1.0.tar.gz.asc foo-1.0.tar.gz
-gpg: Signature made Mon Sep 26 22:05:28 2005 BST using RSA key ID 00000000
-gpg: Good signature from "someone@example.org"
-gpg: aka "someone@anotherdomain.org"
-gpg: checking the trustdb
-gpg: checking at depth 0 signed=1 ot(-/q/n/m/f/u)=0/0/0/0/0/1
-gpg: checking at depth 1 signed=0 ot(-/q/n/m/f/u)=1/0/0/0/0/0
-gpg: WARNING: This key is not certified with a trusted signature!
-gpg: There is no indication that the signature belongs to the
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--verify<span class="w"> </span>foo-1.0.tar.gz.asc<span class="w"> </span>foo-1.0.tar.gz
+gpg:<span class="w"> </span>Signature<span class="w"> </span>made<span class="w"> </span>Mon<span class="w"> </span>Sep<span class="w"> </span><span class="m">26</span><span class="w"> </span><span class="m">22</span>:05:28<span class="w"> </span><span class="m">2005</span><span class="w"> </span>BST<span class="w"> </span>using<span class="w"> </span>RSA<span class="w"> </span>key<span class="w"> </span>ID<span class="w"> </span><span class="m">00000000</span>
+gpg:<span class="w"> </span>Good<span class="w"> </span>signature<span class="w"> </span>from<span class="w"> </span><span class="s2">"someone@example.org"</span>
+gpg:<span class="w"> </span>aka<span class="w"> </span><span class="s2">"someone@anotherdomain.org"</span>
+gpg:<span class="w"> </span>checking<span class="w"> </span>the<span class="w"> </span>trustdb
+gpg:<span class="w"> </span>checking<span class="w"> </span>at<span class="w"> </span>depth<span class="w"> </span><span class="m">0</span><span class="w"> </span><span class="nv">signed</span><span class="o">=</span><span class="m">1</span><span class="w"> </span>ot<span class="o">(</span>-/q/n/m/f/u<span class="o">)=</span><span class="m">0</span>/0/0/0/0/1
+gpg:<span class="w"> </span>checking<span class="w"> </span>at<span class="w"> </span>depth<span class="w"> </span><span class="m">1</span><span class="w"> </span><span class="nv">signed</span><span class="o">=</span><span class="m">0</span><span class="w"> </span>ot<span class="o">(</span>-/q/n/m/f/u<span class="o">)=</span><span class="m">1</span>/0/0/0/0/0
+gpg:<span class="w"> </span>WARNING:<span class="w"> </span>This<span class="w"> </span>key<span class="w"> </span>is<span class="w"> </span>not<span class="w"> </span>certified<span class="w"> </span>with<span class="w"> </span>a<span class="w"> </span>trusted<span class="w"> </span>signature!
+gpg:<span class="w"> </span>There<span class="w"> </span>is<span class="w"> </span>no<span class="w"> </span>indication<span class="w"> </span>that<span class="w"> </span>the<span class="w"> </span>signature<span class="w"> </span>belongs<span class="w"> </span>to<span class="w"> </span>the
owner.
-Primary key fingerprint: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-</code></pre>
+Primary<span class="w"> </span>key<span class="w"> </span>fingerprint:<span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span><span class="w"> </span><span class="m">00</span>
+</code></pre></div>
+
<p>You can use the <a href="#fingerprint">fingerprint</a> to decide how much trust to assign to the key.</p>
<h3 id="fingerprint">What is a public key fingerprint?<a class="headerlink" href="#fingerprint" title="Permanent link">¶</a></h3>
+
<p>Public keys are long and even when <a href="#ascii">ASCII armored</a> are not very easy for humans to understand or compare. A fingerprint is a short <a href="#message-digest">digest</a> of the key formatted in a way that makes it easier for humans to read and compare.</p>
<h3 id="local-sig">Can I mark a key as locally trusted?<a class="headerlink" href="#local-sig" title="Permanent link">¶</a></h3>
+
<p>On occasion, the user (who understands the risks) may trust a key but not consider it trustworthy enough to exported to the <a href="#web-of-trust">web of trust</a>. <a href="#openpgp">OpenPGP</a> lets you sign keys as local only. These trust relationships will not be exported to the public web of trust but are treated as trusted when you use the key ring locally.</p>
<p>For example, with <a href="https://www.gnupg.org" target="_blank">GNU Privacy Guard</a> use:</p>
-<pre><code>$ gpg --lsign-key someuser
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gpg<span class="w"> </span>--lsign-key<span class="w"> </span>someuser
+</code></pre></div>
+
<h3 id="automated-release-signing">Automated Release Signing<a class="headerlink" href="#automated-release-signing" title="Permanent link">¶</a></h3>
+
<p>Projects may make use of automated signing for artifacts built by a CI system such as GitHub Actions, provided that:</p>
<ul>
<li>All artifacts being signed can be built <a href="https://reproducible-builds.org" target="_blank">reproducibly</a></li>
@@ -532,6 +622,7 @@
<p>The Apache Security Team should be notified of any pending requests for CI signing keys, and should approve the workflow before it is being put into use.
See <a href="https://issues.apache.org/jira/browse/INFRA-23996" target="_blank">INFRA-23996</a> for background on this.</p>
<h2 id="reading">Further reading<a class="headerlink" href="#reading" title="Permanent link">¶</a></h2>
+
<p>There are many other excellent resources on signing releases, but these make a good start:</p>
<ul>
<li>The <a href="openpgp.html#gnupg">Guide to using GnuPG</a> at Apache</li>
@@ -541,9 +632,8 @@
<li>The GNU Privacy Guard project <a href="https://www.gnupg.org/documentation/" target="_blank">documentation</a></li>
<li>An introduction to <a href="https://www.pgpi.org/doc/pgpintro/" target="_blank">PGP public key cryptography</a></li>
<li><a href="https://www.schneier.com/book-applied.html" target="_blank">Applied Cryptography</a> by Bruce Schneier</li>
-<li>Windows-centric <a href="http://www.mccune.cc/PGPpage2.htm" target="_blank">PGP FAQ</a> by Tom McCune</li>
+<li>Windows-centric <a href="http://www.mccune.cc/PGPpage2.htm" target="_blank">PGP FAQ</a> by Tom McCune</p></li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/repository-faq.html b/output/repository-faq.html
index 46bc8dd..b689348 100644
--- a/output/repository-faq.html
+++ b/output/repository-faq.html
@@ -74,8 +74,9 @@
Apache Maven repositories
</h1>
<h2 id="basic">Basic information<a class="headerlink" href="#basic" title="Permanent link">¶</a></h2>
+
<p><strong>Reminder</strong>: Apache projects <strong>must</strong> release all software packages through the ASF distribution system. See <a href="release-distribution.html">Release distribution policy</a> for more details.</p>
-<p>The ASF maintains internal snapshot and release Maven repositories at <a href="https://repository.apache.org" target="_blank"><a href="https://repository.apache.org">https://repository.apache.org</a></a>. The repository also proxies Apache's legacy repositories.</p>
+<p>The ASF maintains internal snapshot and release Maven repositories at <a href="https://repository.apache.org" target="_blank">https://repository.apache.org</a>. The repository also proxies Apache's legacy repositories. </p>
<p><strong>Note</strong>: these repos are intended for internal ASF project use, not for public distribution of artifacts. Except in the rare situation when a project needs external testing of preproduction artifacts, <strong>do not</strong> provide download links to 'repository.apache.org' assets to users external to The ASF.</p>
<p>If your Apache project would like to use <code>repository.apache.org</code>, see <a href="publishing-maven-artifacts.html">Publishing Maven Releases</a>.</p>
<ul>
@@ -83,15 +84,18 @@
<li>Subscribe to the repository mailing list via <code>repository-subscribe@apache.org</code> for questions, complaints and ideas.</li>
</ul>
<p>If you're a user looking for Apache artifacts from a Maven repository, all releases are synced to <a href="https://repo1.maven.org/maven2" target="_blank">Maven Central</a> and snapshots are available here:
-<a href="https://repository.apache.org/snapshots/" target="_blank"><a href="http://repository.apache.org/snapshots/">http://repository.apache.org/snapshots/</a></a>.</p>
+<a href="https://repository.apache.org/snapshots/" target="_blank">http://repository.apache.org/snapshots/</a>.</p>
<h2 id="faq">FAQs about the ASF Jar repositories<a class="headerlink" href="#faq" title="Permanent link">¶</a></h2>
+
<h4 id="thirdparty">Can we put third party files in the repositories?<a class="headerlink" href="#thirdparty" title="Permanent link">¶</a></h4>
+
<p>You can with the <em>snapshot</em> repositories, but you cannot with the <em>release</em> repositories. When putting third party files in the snapshot repositories, please email the repository mailing list to explain what you are doing. Ideally, you should upload third party files to the 'central' Maven repository via the <a href="https://maven.apache.org/guides/mini/guide-central-repository-upload.html" target="_blank">Maven upload process</a>.</p>
<h4 id="revolutioncode">Can I release a research branch to the repositories?<a class="headerlink" href="#revolutioncode" title="Permanent link">¶</a></h4>
+
<p>As long as your project's PMC is happy with the release, you can release a research branch to the snapshot repository; otherwise you should just release in your <code>home.apache.org</code> personal space.</p>
<h4 id="rsyncs">How do rsyncs happen?<a class="headerlink" href="#rsyncs" title="Permanent link">¶</a></h4>
-<p>All official repositories rsync automatically.</p>
+<p>All official repositories rsync automatically.</p>
</div>
</div>
</div>
diff --git a/output/request-bug-tracker.html b/output/request-bug-tracker.html
index 2d17963..a4860a9 100644
--- a/output/request-bug-tracker.html
+++ b/output/request-bug-tracker.html
@@ -89,16 +89,17 @@
<h3>Response</h3>
<p>Infra will respond within a couple of days, either with a request for clarification of some point or to let you know that the instance is set up and ready for your project to use.</p>
<h3>Using GitHub Issue tracking</h3>
-<p>Enabling GitHub Issue tracking for your project is self-serve. In the .asf.yaml file for your repository, locate the <code>github</code> section and set the <code>issues</code> option to true, as in the example below.</p>
-<pre><code>github:
- features:
- # Enable wiki for documentation
- wiki: true
- # Enable issue management
- issues: true
- # Enable projects for project management boards
- projects: true
-</code></pre>
+<p>Enabling GitHub Issue tracking for your project is self-serve. In the .asf.yaml file for your repository, locate the <code>github</code> section and set the <code>issues</code> option to true, as in the example below. </p>
+<div class="highlight"><pre><span></span><code><span class="n">github</span><span class="o">:</span>
+<span class="w"> </span><span class="n">features</span><span class="o">:</span>
+<span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">Enable</span><span class="w"> </span><span class="n">wiki</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">documentation</span>
+<span class="w"> </span><span class="n">wiki</span><span class="o">:</span><span class="w"> </span><span class="kc">true</span>
+<span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">Enable</span><span class="w"> </span><span class="n">issue</span><span class="w"> </span><span class="n">management</span>
+<span class="w"> </span><span class="n">issues</span><span class="o">:</span><span class="w"> </span><span class="kc">true</span>
+<span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="n">Enable</span><span class="w"> </span><span class="n">projects</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">project</span><span class="w"> </span><span class="n">management</span><span class="w"> </span><span class="n">boards</span>
+<span class="w"> </span><span class="n">projects</span><span class="o">:</span><span class="w"> </span><span class="kc">true</span>
+</code></pre></div>
+
<p>You can review your .asf.yaml settings for Git at <a href="https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features" target="_blank">Git .asf.yaml features</a>.</p>
<h3>Switching from Jira to GitHub Issue tracking</h3>
<p>If your project switches from Jira to GitHub for receiving issue reports and feature requests, you will want to change the existing Jira tickets to read-only, and prevent people from trying to open new tickets. This will eliminate time and effort you will otherwise have to spend on rejecting new tickets and explaining the change.</p>
@@ -109,7 +110,6 @@
</ul>
<p>Infra will let you know when this has been completed.</p>
<p>We recommend that you inform your dev and user communities of the change.</p>
-
</div>
</div>
</div>
diff --git a/output/responsetime.html b/output/responsetime.html
index f4f33a5..9b66f8d 100644
--- a/output/responsetime.html
+++ b/output/responsetime.html
@@ -97,8 +97,7 @@
<p>This is the default Jira issue priority. It fits a large issue that Infra should resolve quickly, but is not time-sensitive or related to basic project functions. This includes requesting new resources.</p>
<ul>
<li><strong>Goal</strong>: 2 days (48h) to respond, 5 days (120h) to resolve. Weekends do not count against this goal.</li>
-<li><strong>Examples</strong>:
-<ul>
+<li><strong>Examples</strong>:<ul>
<li>Set up a new podling.</li>
<li>Add a git repository.</li>
<li>Set up py/svn/git-pubsub.</li>
@@ -109,8 +108,7 @@
<p>An issue that Infra should resolve within a reasonable time, is not time-sensitive and is not critical to a project's basic functionas or ongoing daily business.</p>
<ul>
<li><strong>Goal</strong>: 3 days (72h) to respond, 2 weeks (336h) to resolve. Weekends do not count against this goal.</li>
-<li><strong>Examples</strong>:
-<ul>
+<li><strong>Examples</strong>:<ul>
<li>Retire a project's resources.</li>
<li>Fix a JavaScript error on a web site.</li>
<li>Add GitHub integration for a repository.</li>
@@ -133,7 +131,6 @@
<li>Tickets only appear in response statistics once resolved or if exceeding the goal for their category.</li>
<li>Ticket velocity (user engagement and interaction) is important.</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/roadmap.html b/output/roadmap.html
index ca4796e..a058fc8 100644
--- a/output/roadmap.html
+++ b/output/roadmap.html
@@ -74,297 +74,7 @@
Roadmap for Apache Infrastructure
</h1>
<p>This roadmap is not yet operational, we are testing things out.</p>
-<p><!DOCTYPE html>
-
-<html lang="en-GB">
-<head>
-<title>Log In - Apache Software Foundation</title>
-<meta content="IE=EDGE,chrome=IE7" http-equiv="X-UA-Compatible"/>
-<meta charset="utf-8"/>
-<meta content="/confluence" id="confluence-context-path" name="confluence-context-path"/>
-<meta content="https://cwiki.apache.org/confluence" id="confluence-base-url" name="confluence-base-url"/>
-<meta content="ce07070bcf98098c45b11f1144bb1fd56eebbf24" id="atlassian-token" name="atlassian-token"/>
-<script type="text/javascript">
- var contextPath = '/confluence';
-</script>
-<meta content="noindex,nofollow" name="robots"/>
-<meta content="noarchive" name="robots"/>
-<meta content="1716223797501" name="confluence-request-time"/>
-<meta content="true" name="ajs-use-keyboard-shortcuts"/>
-<meta content="sr-rep" name="ajs-com.comalatech.checklists-stats-friendApps"><meta content="QoTOo/IJD4Xm/Ivmh2qnfFFuLD/CykxlyKvkouQkFIePKkRguVpRJ52O+YTZSn25iIDQGZ1PdX5bxRdG9QpmuE5+WE23gTbSlPKh20TJpx+nCfVedqdwlZ57JM63cX11IuE+mrQnQ8gxSgPQe5XifKTw8ib2RZDoxMQP28gTOLuYQxhBtpMJWLmhZuwWyoGSl/fOTzZckcMqduk6xBG+i66c//EpnA2drFlsxR+8vb4BBB3QrN9NHNreK2lj+UyIVnBuJCeCRuvrsOXmDAVc8KKCUQgzMAY6V+MjcMep6bZSph86yP6IS/1lKdUzUsdTk2bnb0XGb/fYl+RFmxX7fw==" name="ajs-com.comalatech.checklists-stats-comalatechToken"><meta content="PAID" name="ajs-com.comalatech.checklists-stats-pluginLicenseType"><meta content="OPEN_SOURCE" name="ajs-com.comalatech.checklists-stats-licenseType"><meta content="0" name="ajs-com.comalatech.checklists-stats-checklistExcerptMacroTotal"><meta content="1716170400022" name="ajs-com.comalatech.checklists-stats-timestamp"><meta content="0" name="ajs-com.comalatech.checklists-stats-checklistAttributeMacroTotal"><meta content="false" name="ajs-com.comalatech.checklists-dev-mode"><meta content="false" name="ajs-com.comalatech.checklists-trace"><meta content="0" name="ajs-com.comalatech.checklists-stats-checklistLogMacroTotal"/><meta content="0" name="ajs-com.comalatech.checklists-stats-checklistWikiinputMacroTotal"/><meta content="0" name="ajs-com.comalatech.checklists-stats-checklistLabelMacroTotal"/><meta content="10000" name="ajs-com.comalatech.checklists-stats-licenseSize"/><meta content="0" name="ajs-com.comalatech.checklists-stats-checklistWikiMacroTotal"/><meta content="782e50b8e4252e986d61834beb7b94ab" name="ajs-com.comalatech.checklists-stats-instanceId"/><meta content="0" name="ajs-com.comalatech.checklists-stats-checklistMetadataMacroTotal"/><meta content="0" name="ajs-com.comalatech.checklists-stats-checklistPagelinkMacroTotal"/><meta content="0" name="ajs-com.comalatech.checklists-stats-checklistSelectMacroTotal"/><meta content="1" name="ajs-com.comalatech.checklists-stats-checklistMacroTotal"/><meta content="437" name="ajs-com.comalatech.checklists-stats-totalSpaces"/><meta content="chks" name="ajs-com.comalatech.checklists-stats-app"/><meta content="0" name="ajs-com.comalatech.checklists-stats-checklistInputMacroTotal"/><meta content="0" name="ajs-com.comalatech.checklists-stats-checklistIncludeMacroTotal"/><meta content="7.19.20" name="ajs-com.comalatech.checklists-stats-hostVersion"/><meta content="977562" name="ajs-com.comalatech.checklists-stats-totalVersions"/><meta content="247842" name="ajs-com.comalatech.checklists-stats-totalPages"/><meta content="2.6.13" name="ajs-com.comalatech.checklists-stats-version"/><meta content="0" name="ajs-com.comalatech.checklists-stats-pluginLicenseSize"/>
-<meta content="false" name="ajs-is-confluence-admin"/>
-<meta content="10000" name="ajs-connection-timeout"/>
-<script title="gliffy-webpanel-footer" type="text/x-template">
- <div class="gliffy-webpanel-footer"><span>This Confluence installation runs a Free Gliffy License - Evaluate the <a href="http://www.gliffy.com/products/confluence-plugin/">Gliffy Confluence Plugin</a> for your Wiki!</span></div>
-</script>
-<meta content="$discoveredList" name="ajs-discovered-plugin-features"/>
-<meta content="9bf38078f9a51e0becf060f217097c91" name="ajs-keyboardshortcut-hash"/>
-<meta content="/confluence" name="ajs-context-path"/>
-<meta content="https://cwiki.apache.org/confluence" name="ajs-base-url"/>
-<meta content="7.19.20" name="ajs-version-number"/>
-<meta content="8804" name="ajs-build-number"/>
-<meta content="" name="ajs-remote-user"/>
-<meta content="" name="ajs-remote-user-key"/>
-<meta content="false" name="ajs-remote-user-has-licensed-access"/>
-<meta content="false" name="ajs-remote-user-has-browse-users-permission"/>
-<meta content="" name="ajs-current-user-fullname"/>
-<meta content="" name="ajs-current-user-avatar-url"/>
-<meta content="/confluence/images/icons/profilepics/anonymous.svg" name="ajs-current-user-avatar-uri-reference"/>
-<meta content="/confluence/s/3bdr34/8804/10mvnxf/_" name="ajs-static-resource-url-prefix"/>
-<meta content="20971520" name="ajs-global-settings-attachment-max-size"/>
-<meta content="true" name="ajs-global-settings-quick-search-enabled"/>
-<meta content="en_GB" name="ajs-user-locale"/>
-<meta content="0" name="ajs-user-timezone-offset"/>
-<meta content="site-wide.shared-drafts,site-wide.synchrony,migration-assistant.enable.assess-l1-cloud-tooling.feature,clc.quick.create,confluence.view.edit.transition,cql.search.screen,confluence-inline-comments-resolved,frontend.editor.v4,http.session.registrar,nps.survey.inline.dialog,confluence.efi.onboarding.new.templates,frontend.editor.v4.compatibility,atlassian.cdn.static.assets,pdf-preview,previews.sharing,previews.versions,file-annotations,confluence.efi.onboarding.rich.space.content,collaborative-audit-log,confluence.reindex.improvements,previews.conversion-service,editor.ajax.save,read.only.mode,graphql,previews.trigger-all-file-types,attachment.extracted.text.extractor,lucene.caching.filter,confluence.table.resizable,notification.batch,previews.sharing.pushstate,confluence-inline-comments-rich-editor,tc.tacca.dacca,site-wide.synchrony.opt-in,atlassian.webresource.twophase.js.i18n.disabled,confluence.denormalisedpermissions,file-annotations.likes,gatekeeper-ui-v2,v2.content.name.searcher,mobile.supported.version,confluence.editor.tinymce.tables,pulp,confluence-inline-comments,confluence-inline-comments-dangling-comment,quick-reload-inline-comments-flags,confluence.retention.rules" name="ajs-enabled-dark-features"/>
-<meta content="ce07070bcf98098c45b11f1144bb1fd56eebbf24" name="ajs-atl-token"/>
-<meta content="VANILLA" name="ajs-confluence-flavour"/>
-<meta content="dd MMM yyyy" name="ajs-user-date-pattern"/>
-<meta content="READ_WRITE" name="ajs-access-mode"/>
-<meta content="READ_WRITE" name="ajs-render-mode"/>
-<meta content="MMM dd, yyyy" name="ajs-date.format"/>
-<link href="/confluence/s/3bdr34/8804/10mvnxf/1/_/favicon.ico" rel="shortcut icon"/>
-<link href="/confluence/s/3bdr34/8804/10mvnxf/1/_/favicon.ico" rel="icon" type="image/x-icon"/>
-<link href="/confluence/opensearch/osd.action" rel="search" title="Apache Software Foundation" type="application/opensearchdescription+xml">
-<script>
-window.WRM=window.WRM||{};window.WRM._unparsedData=window.WRM._unparsedData||{};window.WRM._unparsedErrors=window.WRM._unparsedErrors||{};
-WRM._unparsedData["com.atlassian.applinks.applinks-plugin:applinks-common-exported.entity-types"]="{\u0022singular\u0022:{\u0022refapp.charlie\u0022:\u0022Charlie\u0022,\u0022fecru.project\u0022:\u0022Crucible Project\u0022,\u0022fecru.repository\u0022:\u0022FishEye Repository\u0022,\u0022stash.project\u0022:\u0022Stash Project\u0022,\u0022generic.entity\u0022:\u0022Generic Project\u0022,\u0022confluence.space\u0022:\u0022Confluence Space\u0022,\u0022bamboo.project\u0022:\u0022Bamboo Project\u0022,\u0022jira.project\u0022:\u0022Jira Project\u0022},\u0022plural\u0022:{\u0022refapp.charlie\u0022:\u0022Charlies\u0022,\u0022fecru.project\u0022:\u0022Crucible Projects\u0022,\u0022fecru.repository\u0022:\u0022FishEye Repositories\u0022,\u0022stash.project\u0022:\u0022Stash Projects\u0022,\u0022generic.entity\u0022:\u0022Generic Projects\u0022,\u0022confluence.space\u0022:\u0022Confluence Spaces\u0022,\u0022bamboo.project\u0022:\u0022Bamboo Projects\u0022,\u0022jira.project\u0022:\u0022Jira Projects\u0022}}";
-WRM._unparsedData["com.atlassian.analytics.analytics-client:programmatic-analytics-init.programmatic-analytics-data-provider"]="false";
-WRM._unparsedData["com.atlassian.confluence.plugins.confluence-license-banner:confluence-license-banner-resources.license-details"]="{\u0022daysBeforeLicenseExpiry\u0022:0,\u0022daysBeforeMaintenanceExpiry\u0022:0,\u0022showLicenseExpiryBanner\u0022:false,\u0022showMaintenanceExpiryBanner\u0022:false,\u0022renewUrl\u0022:null,\u0022salesUrl\u0022:null}";
-WRM._unparsedData["com.atlassian.plugins.atlassian-plugins-webresource-plugin:context-path.context-path"]="\u0022/confluence\u0022";
-WRM._unparsedData["com.atlassian.analytics.analytics-client:policy-update-init.policy-update-data-provider"]="false";
-WRM._unparsedData["com.atlassian.applinks.applinks-plugin:applinks-common-exported.authentication-types"]="{\u0022com.atlassian.applinks.api.auth.types.BasicAuthenticationProvider\u0022:\u0022Basic Access\u0022,\u0022com.atlassian.applinks.api.auth.types.TrustedAppsAuthenticationProvider\u0022:\u0022Trusted Applications\u0022,\u0022com.atlassian.applinks.api.auth.types.CorsAuthenticationProvider\u0022:\u0022CORS\u0022,\u0022com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider\u0022:\u0022OAuth\u0022,\u0022com.atlassian.applinks.api.auth.types.TwoLeggedOAuthAuthenticationProvider\u0022:\u0022OAuth\u0022,\u0022com.atlassian.applinks.api.auth.types.TwoLeggedOAuthWithImpersonationAuthenticationProvider\u0022:\u0022OAuth\u0022}";
-WRM._unparsedData["com.atlassian.confluence.plugins.confluence-search-ui-plugin:confluence-search-ui-plugin-resources.i18n-data"]="{\u0022search.ui.recent.link.text\u0022:\u0022View more recently visited\u0022,\u0022search.ui.search.results.empty\u0022:\u0022We couldn\u0027\u0027t find anything matching \u005C\u0022{0}\u005C\u0022.\u0022,\u0022search.ui.filter.clear.selected\u0022:\u0022Clear selected items\u0022,\u0022search.ui.content.name.search.items.panel.load.all.top.items.button.text\u0022:\u0022Show more app results...\u0022,\u0022search.ui.filter.contributor.button.text\u0022:\u0022Contributor\u0022,\u0022search.ui.filter.space.current.label\u0022:\u0022CURRENT\u0022,\u0022search.ui.clear.input.button.text\u0022:\u0022Clear text\u0022,\u0022search.ui.search.results.clear.button\u0022:\u0022clear your filters.\u0022,\u0022help.search.ui.link.title\u0022:\u0022Search tips\u0022,\u0022search.ui.container.close.text\u0022:\u0022Close\u0022,\u0022search.ui.filter.date.month.text\u0022:\u0022The past month\u0022,\u0022search.ui.infinite.scroll.button.text\u0022:\u0022More results\u0022,\u0022search.ui.filter.date.button.text\u0022:\u0022Date\u0022,\u0022search.ui.filter.date.week.text\u0022:\u0022The past week\u0022,\u0022search.ui.result.subtitle.calendar\u0022:\u0022Team calendar\u0022,\u0022search.ui.filter.date.heading\u0022:\u0022Last modified within\u0022,\u0022search.ui.filter.space.input.label\u0022:\u0022Find spaces...\u0022,\u0022search.ui.generic.error\u0022:\u0022Something went wrong. Refresh the page, or contact your admin if this keeps happening.\u0022,\u0022search.ui.recent.spaces\u0022:\u0022Recent Spaces\u0022,\u0022search.ui.result.subtitle.space\u0022:\u0022Space\u0022,\u0022search.ui.filter.space.category.input.label\u0022:\u0022Find space categories...\u0022,\u0022search.ui.filter.space.archive.label\u0022:\u0022Search archived spaces\u0022,\u0022search.ui.filter.label\u0022:\u0022filter\u0022,\u0022search.ui.filter.date.all.text\u0022:\u0022Any time\u0022,\u0022search.ui.filter.date.hour.text\u0022:\u0022The past day\u0022,\u0022search.ui.filters.heading\u0022:\u0022Filter by\u0022,\u0022search.ui.filter.label.input.label\u0022:\u0022Find labels...\u0022,\u0022search.ui.recent.items.anonymous\u0022:\u0022Start exploring. Your search results will appear here.\u0022,\u0022search.ui.input.label\u0022:\u0022Search\u0022,\u0022search.ui.input.aria.label\u0022:\u0022Search, when you type, your results will be displayed below.\u0022,\u0022search.ui.search.result\u0022:\u0022{0,choice,1#{0} search result|1\u003c{0} search results}\u0022,\u0022search.ui.filter.label.button.text\u0022:\u0022Label\u0022,\u0022search.ui.container.clear.ariaLabel\u0022:\u0022Clear\u0022,\u0022search.ui.input.alert\u0022:\u0022Hit enter to search\u0022,\u0022search.ui.filter.no.result.text\u0022:\u0022We can\u0027\u0027t find anything matching your search\u0022,\u0022search.ui.result.subtitle.user\u0022:\u0022User profile\u0022,\u0022search.ui.filter.contributor.input.label\u0022:\u0022Find people...\u0022,\u0022search.ui.filter.content.type.button.text\u0022:\u0022Type\u0022,\u0022search.ui.filter.date.year.text\u0022:\u0022The past year\u0022,\u0022search.ui.advanced.search.link.text\u0022:\u0022Advanced search\u0022,\u0022search.ui.filter.space.button.text\u0022:\u0022Space\u0022,\u0022search.ui.search.results.clear.line2\u0022:\u0022Try a different search term or\u0022,\u0022search.ui.filter.space.category.button.text\u0022:\u0022Space category\u0022,\u0022search.ui.search.results.clear.line1\u0022:\u0022We couldn\u0027\u0027t find anything matching your search.\u0022,\u0022search.ui.content.name.search.items.panel.load.all.top.items.admin.button.text\u0022:\u0022Show more settings and app results...\u0022,\u0022search.ui.recent.pages\u0022:\u0022Recently visited\u0022,\u0022search.ui.search.result.anonymous\u0022:\u0022{0,choice,1#{0} search result|1\u003c{0} search results}. Have an account? {1}Log in{2} to expand your search.\u0022,\u0022search.ui.recent.items.empty\u0022:\u0022Start exploring. Pages and spaces you\u0027\u0027ve visited recently will appear here.\u0022,\u0022search.ui.filter.space.init.heading\u0022:\u0022recent spaces\u0022}";
-WRM._unparsedData["com.atlassian.applinks.applinks-plugin:applinks-common-exported.applinks-types"]="{\u0022crowd\u0022:\u0022Crowd\u0022,\u0022confluence\u0022:\u0022Confluence\u0022,\u0022fecru\u0022:\u0022FishEye / Crucible\u0022,\u0022stash\u0022:\u0022Stash\u0022,\u0022jira\u0022:\u0022Jira\u0022,\u0022refapp\u0022:\u0022Reference Application\u0022,\u0022bamboo\u0022:\u0022Bamboo\u0022,\u0022generic\u0022:\u0022Generic Application\u0022}";
-WRM._unparsedData["com.atlassian.confluence.plugins.synchrony-interop:synchrony-status-banner-loader.synchrony-status"]="false";
-WRM._unparsedData["com.atlassian.applinks.applinks-plugin:applinks-common-exported.applinks-help-paths"]="{\u0022entries\u0022:{\u0022applinks.docs.root\u0022:\u0022https://confluence.atlassian.com/display/APPLINKS-082/\u0022,\u0022applinks.docs.diagnostics.troubleshoot.sslunmatched\u0022:\u0022SSL+and+application+link+troubleshooting+guide\u0022,\u0022applinks.docs.diagnostics.troubleshoot.oauthsignatureinvalid\u0022:\u0022OAuth+troubleshooting+guide\u0022,\u0022applinks.docs.diagnostics.troubleshoot.oauthtimestamprefused\u0022:\u0022OAuth+troubleshooting+guide\u0022,\u0022applinks.docs.delete.entity.link\u0022:\u0022Create+links+between+projects\u0022,\u0022applinks.docs.adding.application.link\u0022:\u0022Link+Atlassian+applications+to+work+together\u0022,\u0022applinks.docs.administration.guide\u0022:\u0022Application+Links+Documentation\u0022,\u0022applinks.docs.oauth.security\u0022:\u0022OAuth+security+for+application+links\u0022,\u0022applinks.docs.troubleshoot.application.links\u0022:\u0022Troubleshoot+application+links\u0022,\u0022applinks.docs.diagnostics.troubleshoot.unknownerror\u0022:\u0022Network+and+connectivity+troubleshooting+guide\u0022,\u0022applinks.docs.configuring.auth.trusted.apps\u0022:\u0022Configuring+Trusted+Applications+authentication+for+an+application+link\u0022,\u0022applinks.docs.diagnostics.troubleshoot.authlevelunsupported\u0022:\u0022OAuth+troubleshooting+guide\u0022,\u0022applinks.docs.diagnostics.troubleshoot.ssluntrusted\u0022:\u0022SSL+and+application+link+troubleshooting+guide\u0022,\u0022applinks.docs.diagnostics.troubleshoot.unknownhost\u0022:\u0022Network+and+connectivity+troubleshooting+guide\u0022,\u0022applinks.docs.delete.application.link\u0022:\u0022Link+Atlassian+applications+to+work+together\u0022,\u0022applinks.docs.adding.project.link\u0022:\u0022Configuring+Project+links+across+Applications\u0022,\u0022applinks.docs.link.applications\u0022:\u0022Link+Atlassian+applications+to+work+together\u0022,\u0022applinks.docs.diagnostics.troubleshoot.oauthproblem\u0022:\u0022OAuth+troubleshooting+guide\u0022,\u0022applinks.docs.diagnostics.troubleshoot.migration\u0022:\u0022Update+application+links+to+use+OAuth\u0022,\u0022applinks.docs.relocate.application.link\u0022:\u0022Link+Atlassian+applications+to+work+together\u0022,\u0022applinks.docs.administering.entity.links\u0022:\u0022Create+links+between+projects\u0022,\u0022applinks.docs.upgrade.application.link\u0022:\u0022OAuth+security+for+application+links\u0022,\u0022applinks.docs.diagnostics.troubleshoot.connectionrefused\u0022:\u0022Network+and+connectivity+troubleshooting+guide\u0022,\u0022applinks.docs.configuring.auth.oauth\u0022:\u0022OAuth+security+for+application+links\u0022,\u0022applinks.docs.insufficient.remote.permission\u0022:\u0022OAuth+security+for+application+links\u0022,\u0022applinks.docs.configuring.application.link.auth\u0022:\u0022OAuth+security+for+application+links\u0022,\u0022applinks.docs.diagnostics\u0022:\u0022Application+links+diagnostics\u0022,\u0022applinks.docs.configured.authentication.types\u0022:\u0022OAuth+security+for+application+links\u0022,\u0022applinks.docs.adding.entity.link\u0022:\u0022Create+links+between+projects\u0022,\u0022applinks.docs.diagnostics.troubleshoot.unexpectedresponse\u0022:\u0022Network+and+connectivity+troubleshooting+guide\u0022,\u0022applinks.docs.configuring.auth.basic\u0022:\u0022Configuring+Basic+HTTP+Authentication+for+an+Application+Link\u0022,\u0022applinks.docs.diagnostics.troubleshoot.authlevelmismatch\u0022:\u0022OAuth+troubleshooting+guide\u0022}}";
-WRM._unparsedData["com.atlassian.confluence.plugins.confluence-feature-discovery-plugin:confluence-feature-discovery-plugin-resources.test-mode"]="false";
-if(window.WRM._dataArrived)window.WRM._dataArrived();</script>
-<link data-wrm-batch-type="context" data-wrm-key="_super,-com.atlassian.plugins.atlassian-plugins-webresource-rest:data-collector-perf-observer" href="/confluence/s/f73bfa50f953946ad8f2ff5ddd873018-CDN/3bdr34/8804/10mvnxf/05c4c3bf613cdcaf0feabf252aa9ae95/_/download/contextbatch/css/_super,-com.atlassian.plugins.atlassian-plugins-webresource-rest:data-collector-perf-observer/batch.css" media="all" rel="stylesheet"/>
-<link data-wrm-batch-type="context" data-wrm-key="main,-_super" href="/confluence/s/d41d8cd98f00b204e9800998ecf8427e-CDN/3bdr34/8804/10mvnxf/18cc85acaddb1452ba5b822a59d47099/_/download/contextbatch/css/main,-_super/batch.css" media="all" rel="stylesheet"/>
-<link data-wrm-batch-type="context" data-wrm-key="atl.general,-_super" href="/confluence/s/d41d8cd98f00b204e9800998ecf8427e-CDN/3bdr34/8804/10mvnxf/a2993594984d50396b246aa5f1f34738/_/download/contextbatch/css/atl.general,-_super/batch.css?hostenabled=true" media="all" rel="stylesheet"/>
-<link data-wrm-batch-type="context" data-wrm-key="login,-_super" href="/confluence/s/170c988473de547067498a74797010f4-CDN/3bdr34/8804/10mvnxf/0255671cb00c4cfddda9ba328f5b6797/_/download/contextbatch/css/login,-_super/batch.css" media="all" rel="stylesheet"/>
-<script data-initially-rendered="" data-wrm-batch-type="resource" data-wrm-key="com.atlassian.plugins.atlassian-plugins-webresource-rest:data-collector-perf-observer">
-!function(){"use strict";if("PerformanceObserver"in window){const e=[];window.__observedResources=e;const r=e=>"script"===e?"script":"css";new PerformanceObserver((n=>{n.getEntries().filter((({initiatorType:e,name:r})=>{const n="script"===e||((e,r)=>"link"===e&&"css"===new URL(r).pathname.split(".").pop())(e,r),i=new URL(location.href).origin===new URL(r).origin;return n&&i})).forEach((({name:n,transferSize:i,encodedBodySize:s,initiatorType:o})=>{e.push([i,s,n,r(o)])}))})).observe({type:"resource"})}}();
-
-</script>
-<script data-initially-rendered="" data-wrm-batch-type="context" data-wrm-key="_super,-com.atlassian.plugins.atlassian-plugins-webresource-rest:data-collector-perf-observer" src="/confluence/s/7a8abb4db8eef65bfd0bf39a4b6be5b4-CDN/3bdr34/8804/10mvnxf/05c4c3bf613cdcaf0feabf252aa9ae95/_/download/contextbatch/js/_super,-com.atlassian.plugins.atlassian-plugins-webresource-rest:data-collector-perf-observer/batch.js?locale=en-GB"></script>
-<script data-initially-rendered="" data-wrm-batch-type="context" data-wrm-key="main,-_super" src="/confluence/s/15ba25ff6daa6e3d53e4938313d55978-CDN/3bdr34/8804/10mvnxf/18cc85acaddb1452ba5b822a59d47099/_/download/contextbatch/js/main,-_super/batch.js?locale=en-GB"></script>
-<script data-initially-rendered="" data-wrm-batch-type="context" data-wrm-key="atl.general,-_super" src="/confluence/s/fbaa9928efb8437456c42d591780365a-CDN/3bdr34/8804/10mvnxf/a2993594984d50396b246aa5f1f34738/_/download/contextbatch/js/atl.general,-_super/batch.js?hostenabled=true&locale=en-GB"></script>
-<script data-initially-rendered="" data-wrm-batch-type="resource" data-wrm-key="confluence.web.resources:login" src="/confluence/s/8f0542c81c586bf64def60d791753f68-CDN/3bdr34/8804/10mvnxf/1.0/_/download/batch/confluence.web.resources:login/confluence.web.resources:login.js?locale=en-GB"></script>
-<script type="module">WRM.requireLazily(["wr!com.atlassian.plugins.atlassian-plugins-webresource-rest:data-collector-async"])</script>
-<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport"/>
-</link></meta></meta></meta></meta></meta></meta></meta></meta></meta></head>
-<body class="theme-default login aui-layout aui-theme-default" id="com-atlassian-confluence">
-<div id="stp-licenseStatus-banner"></div>
-<div id="page">
-<div id="full-height-container">
-<div id="header-precursor">
-<div class="cell">
-</div>
-</div>
-<header id="header" role="banner">
-<nav aria-label="Site" class="aui-header aui-dropdown2-trigger-group"><div class="aui-header-inner"><div class="aui-header-before"><button aria-controls="app-switcher" aria-haspopup="true" class="aui-dropdown2-trigger app-switcher-trigger aui-dropdown2-trigger-arrowless" data-aui-trigger="" href="#app-switcher" role="button"><span class="aui-icon aui-icon-small aui-iconfont-appswitcher">Linked Applications</span></button><div class="aui-dropdown2 aui-style-default" data-is-switcher="true" data-is-user-admin="false" hidden="" id="app-switcher" role="menu"><div class="app-switcher-loading">Loading…</div></div></div><div class="aui-header-primary"><span class="aui-header-logo aui-header-logo-confluence" id="logo"><a aria-label="Go to home page" href="/confluence/"><span class="aui-header-logo-device">Apache Software Foundation</span></a></span><ul class="aui-nav">
-<li>
-<a class="aui-nav-imagelink" href="/confluence/spacedirectory/view.action" id="space-directory-link" title="Spaces">
-<span>Spaces</span>
-</a>
-</li>
-<li class="aui-buttons">
-</li>
-</ul>
-</div><div class="aui-header-secondary"><ul class="aui-nav">
-<li>
-<div class="aui-quicksearch dont-default-focus header-quicksearch" id="search-ui"><button aria-controls="search_drawer" aria-haspopup="dialog" aria-label="Search" id="quick-search-query-button"></button><input aria-controls="search_drawer" aria-haspopup="dialog" aria-label="Search" id="quick-search-query" placeholder="Search" type="text"/><div id="quick-search-alert" role="alert">Hit enter to search</div><aui-spinner size="small"></aui-spinner></div>
-</li>
-<li>
-<a aria-haspopup="true" aria-owns="help-menu-link-content" class="aui-nav-link aui-dropdown2-trigger aui-dropdown2-trigger-arrowless" href="#" id="help-menu-link" title="Help">
-<span class="aui-icon aui-icon-small aui-iconfont-question-filled">Help</span>
-</a>
-<nav class="aui-dropdown2 aui-style-default" id="help-menu-link-content">
-<div class="aui-dropdown2-section">
-<ul class="aui-list-truncate section-leading first" id="help-menu-link-leading">
-<li>
-<a class="" href="https://docs.atlassian.com/confluence/docs-719/" id="confluence-help-link" target="_blank" title="Visit the Confluence documentation home">
- Online Help
-</a>
-</li>
-<li>
-<a class="" href="/confluence" id="keyboard-shortcuts-link" title="View available keyboard shortcuts">
- Keyboard Shortcuts
-</a>
-</li>
-<li>
-<a class="" href="/confluence/dashboard/configurerssfeed.action" id="feed-builder-link" title="Create your custom RSS feed.">
- Feed Builder
-</a>
-</li>
-<li>
-<a class="" href="https://docs.atlassian.com/confluence/docs-719/help.whats.new.iframe.link" id="whats-new-menu-link" title="">
- What’s new
-</a>
-</li>
-<li>
-<a class="" href="https://confluence.atlassian.com/display/DOC/Confluence+7.19+Release+Notes" id="whats-new-menu-link" title="">
- What’s new
-</a>
-</li>
-<li>
-<a class="user-item administration-link" href="/confluence" id="gadget-directory-link" title="Browse gadgets provided by Confluence">
- Available Gadgets
-</a>
-</li>
-<li>
-<a class="" href="/confluence/aboutconfluencepage.action" id="confluence-about-link" title="Get more information about Confluence">
- About Confluence
-</a>
-</li>
-</ul>
-</div>
-</nav>
-</li>
-<li>
-</li>
-<li>
-</li>
-<li>
-<li>
-<a class="user-item login-link" href="/confluence/login.action" id="login-link" title="">
- Log in
-</a>
-</li>
-</li>
-</ul>
-</div></div><!-- .aui-header-inner--></nav><!-- .aui-header -->
-<br class="clear"/>
-</header>
-<!-- \#header -->
-<main class="aui-page-panel" id="main" role="main">
-<div id="sidebar-container">
-</div><!-- \#sidebar-container -->
-<div id="login-container">
-<div class="login-section">
-<form action="/confluence/dologin.action" class="aui login-form-container" method="POST" name="loginform">
-<h2>Log in</h2>
-<div id="action-messages">
-</div>
-<fieldset class="compact-form-fields">
-<legend class="assistive"><span>Log in to Confluence</span></legend>
-<div class="field-group">
-<label for="os_username" id="os_username-label">
- Username
- </label>
-<input class="text" data-focus="0" id="os_username" name="os_username" placeholder="Username" type="text"/>
-</div>
-<div class="field-group">
-<label for="os_password" id="os_password-label">
- Password
- </label>
-<input class="password" id="os_password" name="os_password" placeholder="Password" type="password"/>
-</div>
-<div class="group">
-<div class="checkbox">
-<input class="checkbox" id="os_cookie" name="os_cookie" type="checkbox" value="true"/>
-<label for="os_cookie">Remember me</label>
-</div>
-</div> <div class="field-group form-buttons compact-form-buttons">
-<input class="aui-button aui-style aui-button-primary" id="loginButton" name="login" type="submit" value="Log in">
-<a class="aui-button aui-style aui-button-link" href="/confluence/forgotuserpassword.action" id="forgot-password">Forgot your password?</a>
-</input></div>
-<input name="os_destination" type="hidden" value="/plugins/viewsource/viewpagesrc.action?pageId=231116197"/>
-</fieldset>
-</form> </div>
-</div>
-</main><!-- \#main -->
-<div id="footer" role="contentinfo">
-<section class="footer-body">
-<p class="license license-opensource">
- Powered by a free <b>Atlassian Confluence Open Source Project License</b> granted to Apache Software Foundation. <a href="https://www.atlassian.com/software/views/opensource-community-additional-license-offer">Evaluate Confluence today</a>.<br/>
-</p>
-<ul id="login-language">
-<li lang="cs-CZ">
-<a href="/confluence/login.action?language=cs_CZ">Čeština</a>
-</li>
-<li lang="da-DK">
-<a href="/confluence/login.action?language=da_DK">Dansk</a>
-</li>
-<li lang="de-DE">
-<a href="/confluence/login.action?language=de_DE">Deutsch</a>
-</li>
-<li lang="et-EE">
-<a href="/confluence/login.action?language=et_EE">Eesti</a>
-</li>
-<li lang="en-GB">
-<a href="/confluence/login.action?language=en_GB">English (UK)</a>
-</li>
-<li lang="en-US">
-<a href="/confluence/login.action?language=en_US">English (US)</a>
-</li>
-<li lang="es-ES">
-<a href="/confluence/login.action?language=es_ES">Español</a>
-</li>
-<li lang="fr-FR">
-<a href="/confluence/login.action?language=fr_FR">Français</a>
-</li>
-<li lang="is-IS">
-<a href="/confluence/login.action?language=is_IS">Íslenska</a>
-</li>
-<li lang="it-IT">
-<a href="/confluence/login.action?language=it_IT">Italiano</a>
-</li>
-<li lang="hu-HU">
-<a href="/confluence/login.action?language=hu_HU">Magyar</a>
-</li>
-<li lang="nl-NL">
-<a href="/confluence/login.action?language=nl_NL">Nederlands</a>
-</li>
-<li lang="nn">
-<a href="/confluence/login.action?language=no_NO">Norsk</a>
-</li>
-<li lang="pl-PL">
-<a href="/confluence/login.action?language=pl_PL">Polski</a>
-</li>
-<li lang="pt-BR">
-<a href="/confluence/login.action?language=pt_BR">Português</a>
-</li>
-<li lang="ro-RO">
-<a href="/confluence/login.action?language=ro_RO">Română</a>
-</li>
-<li lang="sk-SK">
-<a href="/confluence/login.action?language=sk_SK">Slovenčina</a>
-</li>
-<li lang="fi-FI">
-<a href="/confluence/login.action?language=fi_FI">Suomi</a>
-</li>
-<li lang="sv-SE">
-<a href="/confluence/login.action?language=sv_SE">Svenska</a>
-</li>
-<li lang="ru-RU">
-<a href="/confluence/login.action?language=ru_RU">Русский</a>
-</li>
-<li lang="zh-CN">
-<a href="/confluence/login.action?language=zh_CN">ä¸æ–‡</a>
-</li>
-<li lang="ja-JP">
-<a href="/confluence/login.action?language=ja_JP">日本語</a>
-</li>
-<li lang="ko-KR">
-<a href="/confluence/login.action?language=ko_KR">í•œêµì–´</a>
-</li>
-</ul>
-<ul id="poweredby">
-<li class="noprint">Powered by <a class="hover-footer-link" href="https://www.atlassian.com/software/confluence" rel="nofollow">Atlassian Confluence</a> <span id="footer-build-information">7.19.20</span></li>
-<li class="print-only">Printed by Atlassian Confluence 7.19.20</li>
-<li class="noprint"><a class="hover-footer-link" href="https://support.atlassian.com/confluence-server/" rel="nofollow">Report a bug</a></li>
-<li class="noprint"><a class="hover-footer-link" href="https://www.atlassian.com/company" rel="nofollow">Atlassian News</a></li>
-</ul>
-<div id="footer-logo"><a href="https://www.atlassian.com/" rel="nofollow">Atlassian</a></div>
-</section>
-</div>
-</div><!-- \#full-height-container -->
-</div><!-- \#page -->
-</body>
-</html>
-</p>
+<p><code>spu:fetch('https://cwiki.apache.org/confluence/plugins/viewsource/viewpagesrc.action?pageId=231116197')</code></p>
<script type="text/ecmascript">
// Change from local to external sources (fetched from cwiki)
// Browsers will automatically insert "file://" into the src when testing locally,
@@ -372,15 +82,15 @@
const baseurl = location.protocol + "//" + location.hostname;
for (let element of document.querySelectorAll("link, img")) {
if (element.href && element.href.match("/confluence/")) {
- element.href = "https://cwiki.apache.org" + element.href.replace(baseurl, "");
+ element.href = "https://cwiki.apache.org" + element.href.replace(baseurl, "");
}
if (element.src && element.src.match("/confluence/")) {
- element.src = "https://cwiki.apache.org" + element.src.replace(baseurl, "");
+ element.src = "https://cwiki.apache.org" + element.src.replace(baseurl, "");
}
}
</script>
-<p>(This roadmap is fetched from our <a href="https://cwiki.apache.org/confluence/display/INFRA/ASF+Infrastructure+Services+Roadmap">cwiki roadmap page</a>.)</p>
+<p>(This roadmap is fetched from our <a href="https://cwiki.apache.org/confluence/display/INFRA/ASF+Infrastructure+Services+Roadmap">cwiki roadmap page</a>.)</p>
</div>
</div>
</div>
diff --git a/output/roundtable.html b/output/roundtable.html
index 5c92772..7b0574f 100644
--- a/output/roundtable.html
+++ b/output/roundtable.html
@@ -88,7 +88,7 @@
<p>When you are in the channel, you can share messages with others as a sort of pre-meeting. At some point an infra staffer will post a message inviting people to join the channel <strong>huddle</strong>. Click the link to join the huddle, an icon that looks like the outline of a headset.</p>
<h3>What happens in the roundtable</h3>
<ul>
-<li>An Infra team member normally opens the meeting with a short presentation related to the advertised topic, and then throws the floor open to discussion.</li>
+<li>An Infra team member normally opens the meeting with a short presentation related to the advertised topic, and then throws the floor open to discussion. </li>
<li>If you are using a microphone, please mute your mic when not speaking, to cut down on ambient noise.</li>
<li>To contribute to the discussion, either type your message in the huddle thread (not the main channel thread) or unmute and start speaking. We will all try to practice good meeting manners, which include not talking over others.</li>
<li>If time permits, we can discuss any other urgent, Infra-related topic that is on your mind.</li>
@@ -97,8 +97,7 @@
<p>When you want to leave, click the <strong>Leave</strong> button. The app returns you to the main Roundtable channel.</p>
<h3>After the roundtable</h3>
<p>Infra posts a summary of each roundtable's discussion <a href="https://cwiki.apache.org/confluence/display/INFRA/Infra+Roundtable" target="_blank">here</a>.</p>
-<p>If the meeting does not get to discuss a question you submitted, feel free to ask it in the <code>asfinfra</code> Slack channel, or bring it up again at the next roundtable.</p>
-
+<p>If the meeting does not get to discuss a question you submitted, feel free to ask it in the <code>asfinfra</code> Slack channel, or bring it up again at the next roundtable. </p>
</div>
</div>
</div>
diff --git a/output/self-hosted-runners.html b/output/self-hosted-runners.html
index 78c49c4..0465968 100644
--- a/output/self-hosted-runners.html
+++ b/output/self-hosted-runners.html
@@ -81,7 +81,6 @@
<p>Read the GitHub <a href="https://help.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories" target="_blank">documentation</a> about self-hosted runners if you are evaluating this option.</p>
<p>Apache permits projects to use self-hosted runners, but does <strong>not recommend</strong> them because of significant security issues they introduce.</p>
<p>If your project, after careful consideration, wants to use a self-hosted runner, open an Infra Jira ticket to ask Infra to do the required configuration work to enable your project's runner.</p>
-
</div>
</div>
</div>
diff --git a/output/services.html b/output/services.html
index 2f1484f..d5743ff 100644
--- a/output/services.html
+++ b/output/services.html
@@ -75,8 +75,7 @@
</h1>
<p>Infra maintains a wide range of tools for PMCs, project committers, and the Apache Board to use. Parts of our toolkit are only available to people who have specific duties or roles. Others, like the monitoring tools that show the status of various parts of the Apache infrastructure, are available to everyone.</p>
<ul>
-<li><a href="#tlps">Services for Top-Level Projects (TLPs)</a>
-<ul>
+<li><a href="#tlps">Services for Top-Level Projects (TLPs)</a><ul>
<li><a href="#web-sites">Websites</a></li>
<li><a href="#email">Email</a></li>
<li><a href="#self-serve">ASF self-service platform</a></li>
@@ -86,8 +85,7 @@
</ul>
</li>
<li><a href="#podlings">Services for incubating projects (podlings)</a></li>
-<li><a href="#tools">Tools for ASF projects</a>
-<ul>
+<li><a href="#tools">Tools for ASF projects</a><ul>
<li><a href="#source-repository">Version control</a></li>
<li><a href="#issue-tracking">Issue tracking and feature requests</a></li>
<li><a href="#repository-to-issue-tracker-integrations">Integrating your repository with Jira tickets</a></li>
@@ -101,8 +99,7 @@
<li><a href="#voting">Online voting</a></li>
</ul>
</li>
-<li><a href="#other">Other tools</a>
-<ul>
+<li><a href="#other">Other tools</a><ul>
<li><a href="#dns">DNS</a></li>
<li><a href="#url-shortener">URL shortener</a></li>
<li><a href="#sharing">Sharing snippets</a></li>
@@ -113,7 +110,9 @@
</li>
</ul>
<h2 id="tlps">Services for Top-Level Projects (TLPs)<a class="headerlink" href="#tlps" title="Permanent link">¶</a></h2>
+
<h3 id="web-sites">Websites<a class="headerlink" href="#web-sites" title="Permanent link">¶</a></h3>
+
<ul>
<li><a href="https://apache.org"><code>www.apache.org</code></a> is the main ASF website.</li>
<li><a href="https://apache.org/dev/#web" targety="_blank">ASF project websites</a>.</li>
@@ -125,6 +124,7 @@
<li>The <a href="https://whimsy.apache.org/site/" target="_blank">Apache Project Website Checker</a> periodically reviews all TLP websites and reports whether they comply with Apache's <a href="https://www.apache.org/foundation/marks/pmcs#navigation" target="_blank">policies for TLP websites</a>.</li>
</ul>
<h3 id="email">Email<a class="headerlink" href="#email" title="Permanent link">¶</a></h3>
+
<ul>
<li>All requests for new email lists should go through the <a href="https://selfserve.apache.org/mailinglist-new.html" target="_blank">self-serve system</a>. Remember not to mark a list as private if you want it publicly archived.</li>
<li>Email server - QMail/QSMTPD</li>
@@ -136,6 +136,7 @@
<li>Infra maintains and uses a series of <a href="https://infra.apache.org/infra-mail.html" target="_blank">email lists</a>, some of which are open to committers.</li>
</ul>
<h3 id="self-serve">ASF self-service platform<a class="headerlink" href="#self-serve" title="Permanent link">¶</a></h3>
+
<p>One of Infra's goals is to empower ASF members, PMCs, and committers to do much of what they need to do without having to request help from Infra. The <a href="https://selfserve.apache.org" target="_blank">Self-Service Platform</a>, for example, provides a number of handy tools that <strong>people who have an Apache email address</strong> (basically, project committers, PMC members, and ASF Members) can use to:</p>
<ul>
<li>Create a Jira or Confluence project, Git repository, or email list (PMC Chairs and Infra members).</li>
@@ -146,26 +147,27 @@
</ul>
<p>People who are not part of the ASF community but wish to file a Jira ticket about an ASF project's product can use the platform to <a href="https://infra.apache.org/jira-guidelines.html#who" target="_blank">request a Jira account</a>.</p>
<h3 id="account-mgmt">ASF account management<a class="headerlink" href="#account-mgmt" title="Permanent link">¶</a></h3>
+
<p><a href="account-mgmt.html">ASF account management</a> provides guidance if you want to update your account details, or have lost access to your account.</p>
<h3 id="notices">Getting notices of infrastructure events<a class="headerlink" href="#notices" title="Permanent link">¶</a></h3>
-You can subscribe to notices of infrastructure events that you want to know about, ranging from Subversion commits to emails to specific lists. [Learn more here](pypubsub.html).
+<p>You can subscribe to notices of infrastructure events that you want to know about, ranging from Subversion commits to emails to specific lists. <a href="pypubsub.html">Learn more here</a>.</p>
<h3 id="ldap">LDAP-enabled services<a class="headerlink" href="#ldap" title="Permanent link">¶</a></h3>
-<p>Infra supports many ASF <a href="https://cwiki.apache.org/confluence/display/INFRA/LDAP+enabled+services+at+the+ASF" target="_blank">LDAP-enabled services</a>. You can log in to them with your LDAP credentials.</p>
+
+<p>Infra supports many ASF <a href="https://cwiki.apache.org/confluence/display/INFRA/LDAP+enabled+services+at+the+ASF" target="_blank">LDAP-enabled services</a>. You can log in to them with your LDAP credentials. </p>
<h2 id="podlings">Services for incubating projects (podlings)<a class="headerlink" href="#podlings" title="Permanent link">¶</a></h2>
-<p>Infra supports incubating projects, or podlings.</p>
+
+<p>Infra supports incubating projects, or podlings. </p>
<ul>
<li>An introduction to <a href="infra-incubator.html">Infra and the Incubator</a>, showing the steps for setting up a new podling.</li>
<li>Guidance for <a href="project-names.html">selecting a project or product name</a></li>
</ul>
<h2 id="tools">Tools for ASF projects<a class="headerlink" href="#tools" title="Permanent link">¶</a></h2>
+
<p>Infra supports an array of tools and services to help projects develop and support both their applications and their community, including:</p>
<ul>
-<li>Every project can use a dedicated space on the <a href="cwiki.html">Confluence wiki</a>.
-<ul>
+<li>Every project can use a dedicated space on the <a href="cwiki.html">Confluence wiki</a>.</li>
<li>How to <a href="https://cwiki.apache.org/confluence/display/INFRA/Managing+permissions+on+your+project%27s+Confluence+Space" target="_blank">manage user permissions</a> in your project's wiki space.</li>
<li>How to <a href="https://cwiki.apache.org/confluence/display/INFRA/Giving+a+user+edit+access+to+Confluence" target="_blank">give a user edit access</a> to the wiki space.</li>
-</ul>
-</li>
<li><a href="https://reporter.apache.org/" target="_blank">Reporter</a> provides actvitity statistics and other information about your project, and editing tools to help you write and submit your project's quarterly Board reports.</li>
<li>You can create and run a <a href="project-blogs.html">project blog</a>.</li>
<li>You can establish a <a href="slack.html">Slack channel</a> for real-time team discussions. Once you have your Slack channel, Infra can set up a <em>Slack-Jira bridge</em> so that you get notices in your channel of new or updated Jira tickets. open a Jira ticket for INFRA to get this feature for your TLP's Slack channel.</li>
@@ -175,6 +177,7 @@
<li>The ASF <a href="https://oauth.apache.org/api.html" target="_blank">OAuth</a> system provides a focal point for services wishing to make use of authentication without security implications around storing sensitive user data. Many Apache services use it to validate that the user requesting access is a committer within the project and has lawful access to the systems in question. <a href="https://cwiki.apache.org/confluence/display/INFRA/ASF+OAuth+Service" target="_blank">Read more about Apache OAuth</a>.</li>
</ul>
<h3 id="source-repository">Version control<a class="headerlink" href="#source-repository" title="Permanent link">¶</a></h3>
+
<p>Apache provides, and Infra maintains, <a href="version-control.html">code repositories</a> that Apache projects can use to keep their project code safe, accessible to team members, and under version control.</p>
<ul>
<li>
@@ -195,6 +198,7 @@
</li>
</ul>
<h3 id="issue-tracking">Issue tracking and feature requests<a class="headerlink" href="#issue-tracking" title="Permanent link">¶</a></h3>
+
<p>The ASF supports these options for tracking issues and feature requests:</p>
<ul>
<li><a href="https://issues.apache.org/jira" target="_blank">Jira</a></li>
@@ -206,13 +210,16 @@
<p>Here is how to <a href="request-bug-tracker.html">request a bug and issue tracker for your project</a>.</p>
<p>Here are some guidelines for <a href="bug-writing-guide.html">writing a good bug report</a>.</p>
<h3 id="repository-to-issue-tracker-integrations">Integrating your repository with Jira tickets<a class="headerlink" href="#repository-to-issue-tracker-integrations" title="Permanent link">¶</a></h3>
+
<p>Infra can activate a <a href="svngit2jira.html">Subversion and Git integration with Jira tickets</a> for your project.</p>
<h3 id="source-repository-publishersubscriber-services">Source repository publisher/subscriber services<a class="headerlink" href="#source-repository-publishersubscriber-services" title="Permanent link">¶</a></h3>
+
<ul>
<li>SvnPubSub</li>
<li><a href="pypubsub.html">PyPubSub</a></li>
</ul>
<h3 id="build">Build services<a class="headerlink" href="#build" title="Permanent link">¶</a></h3>
+
<p>Apache supports and models continuous integration and continuous deployment, or <em>CI/CD</em>. The <a href="build-supported-services.html">ASF build and supported services</a> page provides information about, and links to, the CI services the ASF provides and/or supports.</p>
<p>Other tools to consider:</p>
<ul>
@@ -220,11 +227,12 @@
<li><a href="https://www.appveyor.com" target="_blank">AppVeyor</a></li>
</ul>
<h3 id="product-naming">Product naming<a class="headerlink" href="#product-naming" title="Permanent link">¶</a></h3>
+
<p>See <a href="project-names.html">guidance for choosing a product name</a></p>
<h3 id="code-signing">Code signing<a class="headerlink" href="#code-signing" title="Permanent link">¶</a></h3>
+
<ul>
-<li>Digicert
-<ul>
+<li>Digicert<ul>
<li>Requesting access to the <a href="digicert-access.html">Digicert code signing service</a></li>
<li><a href="digicert-use.html">Using Digicert</a></li>
</ul>
@@ -233,12 +241,15 @@
<li>More information on <a href="https://cwiki.apache.org/confluence/display/INFRA/Code+Signing+and+Publishing" target="_blank">code signing and publishing</a></li>
</ul>
<h3 id="qa">Code quality<a class="headerlink" href="#qa" title="Permanent link">¶</a></h3>
+
<p><a href="https://sonarcloud.io/" target="_blank"><strong>SonarCloud</strong></a> is a code quality and security tool that is free to open-source projects. It permits continuous inspection of code quality so your project can perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities in 20+ programming languages.</p>
<p>You can <a href="https://sonarcloud.io/organizations/apache/projects" target="_blank">check the status of many Apache project repositories</a>.</p>
<p>Guidance for using SonarCloud with an ASF project is <a href="https://cwiki.apache.org/confluence/display/INFRA/SonarCloud+for+ASF+projects" target="_blank">here</a>.</p>
<h3 id="code-dist">Code distribution<a class="headerlink" href="#code-dist" title="Permanent link">¶</a></h3>
+
<p>Use the ASF <a href="https://repository.apache.org/" target="_blank">Nexus Repository Manager</a> to browse for and review code distributions by ASF projects.</p>
<h4 id="distributions">Distributions<a class="headerlink" href="#distributions" title="Permanent link">¶</a></h4>
+
<ul>
<li><a href="https://www.apache.org/dyn/closer.lua" target="_blank">Current distributions</a></li>
<li><a href="https://archive.apache.org" target="_blank">Historical distribution archives</a></li>
@@ -246,28 +257,36 @@
<li><a href="https://repository.apache.org" target="_blank">Nexus</a></li>
</ul>
<h3 id="virtual-servers">Virtual servers<a class="headerlink" href="#virtual-servers" title="Permanent link">¶</a></h3>
+
<p>Infra can provide Ubuntu virtual machines for projects. See:</p>
<ul>
<li><a href="vm-policy.html">Virtual machine policy</a></li>
<li><a href="vm-for-project.html">Process for requesting a vm</a></li>
</ul>
<h3>Use of nightlies.a.o</h3>
+
<p>nightlies, as implied by its name, is designed as a 'short term' storage solution. See the <a href="nightlies.html">nightlies use policy</a>.</p>
<h3 id="voting">Online voting<a class="headerlink" href="#voting" title="Permanent link">¶</a></h3>
+
<p>Projects can use the <a href="https://steve.apache.org" target="_blank">Apache STeVe</a> voting system instance (offline when not in use). The tool name refers to the <a href="https://en.wikipedia.org/wiki/Single_transferable_vote" target="_blank">single transferable vote</a> system that is one of its voting options. Open a Jira ticket for Infra to provide assistance in preparing STeVe for your project's use.</p>
<h2 id="other">Other tools<a class="headerlink" href="#other" title="Permanent link">¶</a></h2>
+
<h3 id="dns">DNS<a class="headerlink" href="#dns" title="Permanent link">¶</a></h3>
+
<p>Infra manages the ASF DNS, which is registered with Namecheap.</p>
<h3 id="url-shortener">URL shortener<a class="headerlink" href="#url-shortener" title="Permanent link">¶</a></h3>
+
<p><a href="https://s.apache.org" target="_blank">URL shortener</a></p>
<h3 id="sharing">Infra Reporting Dashboard<a class="headerlink" href="#infra-reports" title="Permanent link">¶</a></h3>
+
<p>The <a href="https://infra.apache.org/infra-reports.html" target="_blank">ASF Infrastructure Reporting Dashboard</a> contains a collection of reports on the overall health and activity of the infrastructure at the ASF. Some reports are available only for ASF Members and Infra team members.</p>
<h3 id="machines">Machine list<a class="headerlink" href="#machines" title="Permanent link">¶</a></h3>
+
<p><a href="/machines.html" target="_blank">Host Keys and Fingerprints</a></p>
<h3 id="whimsy">Whimsy<a class="headerlink" href="#whimsy" title="Permanent link">¶</a></h3>
+
<p><a href="https://whimsy.apache.org/" target="_blank">Apache Whimsy</a> describes itself as "providing organizational information about the ASF and our projects in easy to consume ways, and to help automate corporate processes at the ASF to make the paperwork behind the scenes easier for our many volunteers."</p>
<p>There are many Whimsy tools useful for PMCs and individual committers, such as <a href="https://whimsy.apache.org/roster/committer/" target="_blank">Committer search</a>.</p>
-
</div>
</div>
</div>
diff --git a/output/slack.html b/output/slack.html
index 6a0ca77..98d1ef6 100644
--- a/output/slack.html
+++ b/output/slack.html
@@ -92,13 +92,11 @@
</ol>
<p>Infra has disabled the option that would let you provide a link to the workspace to anyone who wanted it, as spammers were taking advantage of it. Projects can invite interested parties (via their <code>@dev</code> or <code>@users</code> lists or a note on their website) to send a request to join the channel either to the <code>@dev</code> list or to an email address the project specifies. The PMC can then extend an invitation to that person, if they choose.</p>
<h3>Slack Account Types</h3>
-<p>Slack has three account types:</p>
-<ul>
-<li><strong>Member</strong>: has full access to all Slack's features, including inviting others to join the workspace.</li>
-<li><strong>Multi-Channel Guest</strong>: has limited access inside Slack, but can join as many open channels as they wish.</li>
-<li><strong>Single-Channel Guest</strong>: can only access the channel they are invited to join.</li>
-</ul>
-<p>Slack has a list of <a href="https://slack.com/help/articles/201314026-Permissions-on-a-Slack-workspace" target="_blank">permissions</a> for these account types.</p>
+<p>Slack has three account types:
+ - <strong>Member</strong>: has full access to all Slack's features, including inviting others to join the workspace.
+ - <strong>Multi-Channel Guest</strong>: has limited access inside Slack, but can join as many open channels as they wish.
+ - <strong>Single-Channel Guest</strong>: can only access the channel they are invited to join.</p>
+<p>Slack has a list of <a href="https://slack.com/help/articles/201314026-Permissions-on-a-Slack-workspace" target="_blank">permissions</a> for these account types. </p>
<h4>ASF and Slack 'members'</h4>
<p>Both the ASF and Slack use the term 'member', but in different ways. The Slack use of "member" is above.</p>
<p>For the Apache Software Foundation:</p>
@@ -107,7 +105,7 @@
<li>A <a href="https://www.apache.org/foundation/how-it-works.html#pmc-members" target="_blank">PMC member</a> is a "developer or a committer that was elected" to the PMC.</li>
</ul>
<h2>Joining project channels</h2>
-<p>Once you are part of the ASF workspace as a member or a multi-channel guest, you can join any public channels you wish to.</p>
+<p>Once you are part of the ASF workspace as a member or a multi-channel guest, you can join any public channels you wish to. </p>
<ul>
<li>At the top of your list of channels in the Slack app, click the <strong>+</strong> icon.</li>
<li>Use the <em>Browse channels</em> option to display a list of open channels in the workspace; or enter text in the search field.</li>
@@ -135,9 +133,8 @@
<li>Save the summary document to your project wiki or some other accessible space and use the "add a bookmark" tool at the top of the public channel display to provide a link to the document so readers can find it easily.</li>
</ol>
<h2>Expectations</h2>
-<p>As with all ASF activities, we expect ASF Members and project participants to conduct themselves according to the ASF <a href="https://www.apache.org/foundation/policies/conduct.html" target="_blank">Code of Conduct</a>.</p>
+<p>As with all ASF activities, we expect ASF Members and project participants to conduct themselves according to the ASF <a href="https://www.apache.org/foundation/policies/conduct.html" target="_blank">Code of Conduct</a>. </p>
<p>We expect channel participants to be respectful and supportive of other participants, and to make contributions that add to the conversation, rather than blurring it. If a participant makes contributions that are disrespectful, offensive, or contrary in other ways to The Apache Way, please report them to Infra.</p>
-
</div>
</div>
</div>
diff --git a/output/spam-reporting.html b/output/spam-reporting.html
index 8857405..a4f3846 100644
--- a/output/spam-reporting.html
+++ b/output/spam-reporting.html
@@ -75,10 +75,9 @@
</h1>
<p>The ASF acts as a forwarding service for @apache.org committer email addresses, passing email delivered to your @apache.org address to your personal designated account. Due to this process, mail your personal account receives via your @apache.org email address has a header that indicates it comes from the ASF's mail servers.</p>
<p>Marking such email as spam in tools like Outlook's "Report as Junk" feature causes those tools to flag the Foundation's mail servers as spammers. This results in the Foundation's mail servers being banned from mailing to Outlook/O365 and other major email services.</p>
-<p>To avoid disrupting the flow of email for everyone connected to the ASF, <strong>do not</strong> flag any mail sent to your @apache.org address as spam (even if it <em>seems to be</em> spam). Simply delete it instead. If there is a particularly persistent spam issue, report it via an Infra Jira ticket, or via email to <a href="mailto:root@apache.org">root@apache.org</a>.</p>
+<p>To avoid disrupting the flow of email for everyone connected to the ASF, <strong>do not</strong> flag any mail sent to your @apache.org address as spam (even if it <em>seems to be</em> spam). Simply delete it instead. If there is a particularly persistent spam issue, report it via an Infra Jira ticket, or via email to root@apache.org.</p>
<h3>Do not flag legitimate ASF mail as spam</h3>
<p>Infra is seeing ongoing instances of people flagging legitimate project/mailing list email as spam. Due to the negative email reputation this causes, Infra is taking a <strong>zero tolerance policy</strong> with subscribers who flag legitimate list email as spam. Upon receipt of such a report, Infra will <strong>unsubscribe</strong> the reporting address from all ASF email lists.</p>
-
</div>
</div>
</div>
diff --git a/output/stats.html b/output/stats.html
index 10fa080..2b8732c 100644
--- a/output/stats.html
+++ b/output/stats.html
@@ -90,7 +90,6 @@
<p>The <a href="https://reporter.apache.org/wizard/" target="_blank">Reporter wizard</a> provides a wide range of interesting information about Apache projects, and can help PMCs assemble their quarterly Board reports.</p>
</li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/surveys/survey-1.html b/output/surveys/survey-1.html
index df33206..1c54899 100644
--- a/output/surveys/survey-1.html
+++ b/output/surveys/survey-1.html
@@ -73,8 +73,7 @@
<h1>
2022: A Year in Review
</h1>
- <iframe frameborder="0" height="1000" marginheight="0" marginwidth="0" src="https://docs.google.com/forms/d/e/1FAIpQLScxZkZZvafCSA9s9nxwWGm6jQ4ftINId_5LW3EmJyyIHXxM0Q/viewform?embedded=true" width="100%">Loading…</iframe>
-
+ <iframe src="https://docs.google.com/forms/d/e/1FAIpQLScxZkZZvafCSA9s9nxwWGm6jQ4ftINId_5LW3EmJyyIHXxM0Q/viewform?embedded=true" width="100%" height="1000" frameborder="0" marginheight="0" marginwidth="0">Loading…</iframe>
</div>
</div>
</div>
diff --git a/output/svn-basics.html b/output/svn-basics.html
index fb998c8..0367156 100644
--- a/output/svn-basics.html
+++ b/output/svn-basics.html
@@ -83,11 +83,12 @@
<li><a href="#faq">Frequently asked questions</a></li>
</ul>
<h3 id="accessing">Accessing the Subversion repository<a class="headerlink" href="#accessing" title="Permanent link">¶</a></h3>
+
<p>There are several ways to access the Subversion repository:</p>
<p><strong>Web Access</strong></p>
<p>If you just wish to browse around or download a few individual files, the best tool is the web-based <a href="http://svn.apache.org/viewvc/" target="_blank">ViewVC interface for Subversion</a>. You can also go straight to the <a href="http://svn.apache.org/repos/asf/" target="_blank">public repository</a>.</p>
<p><strong>Anonymous Subversion</strong></p>
-<p>To access the Subversion repository anonymously, you need a Subversion client.</p>
+<p>To access the Subversion repository anonymously, you need a Subversion client. </p>
<p><strong>Finding the project you want</strong></p>
<p>You can <a href="http://svn.apache.org/repos/asf/" target="_blank">browse</a> for the project that interests you and check it out. For example, to get the Spamassassin module, use:</p>
<p><code>$ svn checkout http://svn.apache.org/repos/asf/spamassassin/trunk spamassassin</code></p>
@@ -96,32 +97,38 @@
<p>We currently use HTTPS basic authentication for logging in to Subversion (certificate info below). To change your password, visit <a href="https://svn.apache.org/change-password" target="_blank">svn.apache.org/change-password</a>.</p>
<p>This will prompt you to enter a svn password of your choice. If you cannot log in, or have lost your password, visit the <a href="https://id.apache.org" target="_blank">Apache Account Utility</a> to reset it.</p>
<p>When you make changes to the repository, you can commit them with your username/password combination, i.e.</p>
-<pre><code>$ svn co https://svn.apache.org/repos/asf/excalibur/trunk/ excalibur-trunk
-$ cd excalibur-trunk
-$ echo "test" > test.txt
-$ svn add test.txt
-$ svn commit --username your-name --password your-password \
- --message "Trying out svn"
-</code></pre>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>svn<span class="w"> </span>co<span class="w"> </span>https://svn.apache.org/repos/asf/excalibur/trunk/<span class="w"> </span>excalibur-trunk
+$<span class="w"> </span><span class="nb">cd</span><span class="w"> </span>excalibur-trunk
+$<span class="w"> </span><span class="nb">echo</span><span class="w"> </span><span class="s2">"test"</span><span class="w"> </span>><span class="w"> </span>test.txt
+$<span class="w"> </span>svn<span class="w"> </span>add<span class="w"> </span>test.txt
+$<span class="w"> </span>svn<span class="w"> </span>commit<span class="w"> </span>--username<span class="w"> </span>your-name<span class="w"> </span>--password<span class="w"> </span>your-password<span class="w"> </span><span class="se">\</span>
+<span class="w"> </span>--message<span class="w"> </span><span class="s2">"Trying out svn"</span>
+</code></pre></div>
+
<p><code>svnserve</code> is not supported, nor is <code>svn+ssh</code>.</p>
<h3 id="configuring">Configuring the Subversion client<a class="headerlink" href="#configuring" title="Permanent link">¶</a></h3>
+
<p>Committers need to configure their svn client properly. One particular issue is OS-specific line endings for text files. When you add a new text file, especially when applying patches from Bugzilla, first ensure that the line-endings are appropriate for your system, then do:</p>
-<pre><code>svn add test.txt svn propset svn:eol-style native test.txt
-</code></pre>
+<div class="highlight"><pre><span></span><code>svn add test.txt svn propset svn:eol-style native test.txt
+</code></pre></div>
+
<p>Your svn client can be configured to do that automatically for some common file types.</p>
<p>Add the contents of the file <code>http://www.apache.org/dev/svn-eol-style.txt</code> to the bottom of your <code>~/.subversion/config</code> file. For Windows this is normally found at <code>C:\\Documents and Settings\\{username}\\Application Data\\Subversion\\config</code>.</p>
<p>You may need to set additional properties for some files. For example, apply <code>svn:executable=*</code> to script files (.bat, .cgi, .cmd, .sh) that are intended to be executed. Since not all such files are necessarily intended to be executed, do not make the executable property an automatic default.</p>
<p>Pay attention to the messages from your svn client when you do <code>svn commit</code>.</p>
<p><strong>Tip</strong>: If you use TortiseSVN, a popular Windows GUI client that integrates with Windows Explorer, you can right-click in Explorer, select <code>TortiseSVN - Settings</code>, and select "Edit" to update your Subversion configuration file. Copy the above <code>svn-eol-style.txt</code> file's contents into the end of the configuration file that appears, and save the file.</p>
<h3 id="ssl">SSL server certificate<a class="headerlink" href="#ssl" title="Permanent link">¶</a></h3>
+
<p>The server certificate for <code>https://svn.apache.org/</code> is a real SSL certificate. However, Subversion, by default, does not currently ship with a list of trusted CAs. So, here's some information to help you verify the validity of our certificate:</p>
-<pre><code> - Hostname: *.apache.org
- - Valid: from Jul 1 00:00:00 2019 GMT until Jun 30 23:59:59 2021 GMT
- - Issuer: Sectigo RSA Domain Validation Secure Server CA, Sectigo Limited, Salford, Greater Manchester, GB
- - Fingerprint: 88:A1:77:AC:CE:5E:6C:0D:22:BC:1F:E4:4E:AA:D4:2A:A4:C0:71:4F
-</code></pre>
+<div class="highlight"><pre><span></span><code> <span class="k">-</span> Hostname: *.apache.org
+ <span class="k">-</span> Valid: from Jul 1 00:00:00 2019 GMT until Jun 30 23:59:59 2021 GMT
+ <span class="k">-</span> Issuer: Sectigo RSA Domain Validation Secure Server CA, Sectigo Limited, Salford, Greater Manchester, GB
+ <span class="k">-</span> Fingerprint: 88:A1:77:AC:CE:5E:6C:0D:22:BC:1F:E4:4E:AA:D4:2A:A4:C0:71:4F
+</code></pre></div>
+
<p>Note that the SSL certificate for our Subversion repository is different from certificates used when logging into Apache infrastructure. See the <a href="new-committers-guide.html">New Committer's guide</a> for more information.</p>
<h3 id="faq">Frequently asked questions<a class="headerlink" href="#faq" title="Permanent link">¶</a></h3>
+
<p><strong>When should I use 'svn lock'?</strong></p>
<p>Very rarely. Commits in subversion are transactional. This means that locks are almost always unnecessary.</p>
<p>An oft-quoted use case is to prevent concurrent editing of a large unmergeable binary document. However, for open development, good communication is preferable to locking even in this use case. A clear, timely post to the list to let your fellow developers know that you're going to start editing that huge PDF is better than locking the file.</p>
@@ -132,10 +139,10 @@
<p>If you really do want the entire ASF repository, <em>don't</em> use <code>svnsync</code>. Instead, start by looking here: <code>http://svn-master.apache.org/dump/</code>. Use that to bootstrap your repo.</p>
<p><strong>Why do I get a 403 error when I try to commit?</strong></p>
<p>Run <code>svn info</code> and check that the URL starts with <code>https://</code>. If it starts with <code>http://</code>, run:</p>
-<pre><code>$ svn switch --relocate http://svn.apache.org https://svn.apache.org
-</code></pre>
-<p>If you still get 403 Forbidden errors, ask your PMC to double-check the authz file and LDAP/Unix group membership.</p>
+<div class="highlight"><pre><span></span><code>$<span class="w"> </span>svn<span class="w"> </span>switch<span class="w"> </span>--relocate<span class="w"> </span>http://svn.apache.org<span class="w"> </span>https://svn.apache.org
+</code></pre></div>
+<p>If you still get 403 Forbidden errors, ask your PMC to double-check the authz file and LDAP/Unix group membership.</p>
</div>
</div>
</div>
diff --git a/output/svn-to-git-migration.html b/output/svn-to-git-migration.html
index 1956e40..0da8b20 100644
--- a/output/svn-to-git-migration.html
+++ b/output/svn-to-git-migration.html
@@ -78,12 +78,11 @@
<p>If you do not have an existing GitHub mirror, you can self-serve your migration using the following steps:</p>
<ol>
<li>Request a bare (empty) Git repository via <a href="https://selfserve.apache.org/" target="_blank">selfserve</a>.</li>
-<li>Use <a href="https://github.com/nirvdrum/svn2git">svn2git</a> to convert your SVN repository to Git.</li>
+<li>Use <a href="https://github.com/nirvdrum/svn2git">svn2git</a> to convert your SVN repository to Git. </li>
<li>When the conversion is complete, push the new repository to <code>gitbox.apache.org</code> (or GitHub).</li>
<li>Ask Infra (using a Jira ticket) to set the old SVN repository to read-only.</li>
</ol>
-<p>The SVN authors' list (required by svn2git for cloning) is at <a href="https://gitbox.apache.org/authors.txt" target="_blank"><a href="https://gitbox.apache.org/authors.txt">https://gitbox.apache.org/authors.txt</a></a>.</p>
-
+<p>The SVN authors' list (required by svn2git for cloning) is at <a href="https://gitbox.apache.org/authors.txt" target="_blank">https://gitbox.apache.org/authors.txt</a>.</p>
</div>
</div>
</div>
diff --git a/output/svngit2jira.html b/output/svngit2jira.html
index 5010ded..7fd3262 100644
--- a/output/svngit2jira.html
+++ b/output/svngit2jira.html
@@ -76,13 +76,16 @@
<p>Many projects use Jira for managing tracking bugs, milestones, feature requests and so on, and many of these projects keep track of which commit affects which ticket. To make things even easier, we have a service called <code>svngit2jira</code>, which integrates
Subversion and Git commits with Jira tickets.</p>
<h2 id="how-it-works">How it works<a class="headerlink" href="#how-it-works" title="Permanent link">¶</a></h2>
+
<p>Simply mention a Jira ticket in a commit, and the specific ticket receives an update indicating that the commit has been made in reference it. For example, scroll down in <a href="https://issues.apache.org/jira/browse/CLOUDSTACK-1638" target="_blank">this CloudStack ticket</a> to see the commit mentioned.</p>
-<p>This service also plugs into the <a href="https://reviews.apache.org/r/" target="_blank">ReviewBoard</a> instance if you use Jira ticket names there, as the CloudStack project does.</p>
+<p>This service also plugs into the <a href="https://reviews.apache.org/r/" target="_blank">ReviewBoard</a> instance if you use Jira ticket names there, as the CloudStack project does.</p></p>
<h2 id="general-use-of-the-service">General use<a class="headerlink" href="#general-use-of-the-service" title="Permanent link">¶</a></h2>
-<p>The most common scenario is to mention a Jira ticket in your commit, and the service updates the ticket to reflect your new commit. Some
+
+<p>The most common scenario is to mention a Jira ticket in your commit, and the service updates the ticket to reflect your new commit. Some
projects have a trigger set so that it only updates a ticket if the first sentence is the Jira ticket number, but we can tailor this to suit your project's needs.</p>
<h2 id="getting-set-up-for-svngit2jira">Setting up svngit2jira<a class="headerlink" href="#getting-set-up-for-svngit2jira" title="Permanent link">¶</a></h2>
-<p>To enable the service for your project, create an
+
+<p>To enable the service for your project, create an
<a href="https://issues.apache.org/jira/browse/INFRA" target="_blank">Infra Jira ticket</a>. Include this information:</p>
<ul>
<li>The name of the project.</li>
@@ -93,8 +96,8 @@
<li>If you are using Git, are there any specific branches you'd like the service to ignore?</li>
</ul>
<h2 id="source-code">Source code<a class="headerlink" href="#source-code" title="Permanent link">¶</a></h2>
-<p>The source for this feature is <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/projects/svngit2jira/" target="_blank">freely available</a>.</p>
+<p>The source for this feature is <a href="https://svn.apache.org/repos/infra/infrastructure/trunk/projects/svngit2jira/" target="_blank">freely available</a>.</p>
</div>
</div>
</div>
diff --git a/output/team.html b/output/team.html
index 2cb2ed0..60e96b4 100644
--- a/output/team.html
+++ b/output/team.html
@@ -79,10 +79,9 @@
<p>Infra has a core team made up of an administrator and a number of paid contractors, most of whom are system administrators; and volunteers who are generally also committers to ASF projects. The core team collaborates to respond to issues and assign development and maintenance tasks for the best benefit of the entire ASF community. The volunteers bring their skills to bear on their areas of interest, reducing the load on the core team.</p>
<p>in 2020 the main ASF blog published a series of interviews with Infra team members. Links to the interviews are available at <a href="https://cwiki.apache.org/confluence/display/INFRA/The+Infrastructure+team" target="_blank">cwiki.apache.org/confluence/display/INFRA/The+Infrastructure+team</a>.</p>
<h2>How we help</h2>
-<p>Infra is responsible for ASF system administration and security, and supports existing projects at The ASF. Infra works hard to provide services and setup for each new project that joins the Foundation via the Apache Incubator. If you have questions about or require support regarding email, code repositories, web sites, issue trackers and so forth, we are here to <a href="contact.html">help</a>.</p>
+<p>Infra is responsible for ASF system administration and security, and supports existing projects at The ASF. Infra works hard to provide services and setup for each new project that joins the Foundation via the Apache Incubator. If you have questions about or require support regarding email, code repositories, web sites, issue trackers and so forth, we are here to <a href="contact.html">help</a>. </p>
<h2>How you can help</h2>
<p>Volunteers are the driving force of the ASF. The Infrastructure team is always looking for people willing to help out at whatever effort level suits you. If you're interested, visit our <a href="infra-volunteer.html">volunteer information</a> page.</p>
-
</div>
</div>
</div>
diff --git a/output/understanding-opensource.html b/output/understanding-opensource.html
index e5df589..26ab331 100644
--- a/output/understanding-opensource.html
+++ b/output/understanding-opensource.html
@@ -80,7 +80,6 @@
<p>As a rule marketers count bodies lol. With a proprietary product, if I like it, the only way I am allowed to participate in its improvement is by buying it. The more I buy, the more likely it is to be successful and provide me with something stable and persistent in the future to develop and deploy with. The more users who buy the proprietary product, the more the company providing it can improve that product. This includes not only the cost of the development but all the other stuff that goes with it, like profit, marketing, etc. So my buying dollars don't directly go to the improvement of that product. Even so, having lots of users is good for a proprietary product's future.</p>
<p>Using <a href="https://turbine.apache.org/" target="_blank">Apache Turbine</a> as an opensource example, its continued improvement and success is directly proportional to the <em>participation</em> of its user community. If I contribute something to Turbine, 100% of my "something" has gone to improve Turbine, rather than a tiny percentage of the purchase price I paid for a proprietary product. One contributing user in an opensource project is worth 10,000 sold units of a proprietary product, in terms of the amount and value of improvements that would result.</p>
<p>For the above reason, "more users" isn't important in opensource. In our example, every Turbine user has their own reasons for using it. But contributing and participating are definitely important for the improvement of any opensource project.</p>
-
</div>
</div>
</div>
diff --git a/output/user-doc.html b/output/user-doc.html
index 0f9521d..505fac6 100644
--- a/output/user-doc.html
+++ b/output/user-doc.html
@@ -74,7 +74,6 @@
User documentation for project releases
</h1>
<p><em>work in progress, mainly to provide info on how to use gitbook</em></p>
-
</div>
</div>
</div>
diff --git a/output/user-ssh.html b/output/user-ssh.html
index c18c39b..3438af1 100644
--- a/output/user-ssh.html
+++ b/output/user-ssh.html
@@ -73,8 +73,8 @@
<h1>
Committer SSH Access
</h1>
- <p>Apache uses SSH (a cryptographic protocol for operating services securely over an unsecured network) to let committers access their project VMs (if configured).</p>
-<p>Remember to keep your client up to date with security patches. Pay close attention to any <a href="#known-host">known host warnings</a>.</p>
+ <p>Apache uses SSH (a cryptographic protocol for operating services securely over an unsecured network) to let committers access their project VMs (if configured). </p>
+<p>Remember to keep your client up to date with security patches. Pay close attention to any <a href="#known-host">known host warnings</a>. </p>
<h2>Contents</h2>
<ul>
<li><a href="#openssh">Using OpenSSH to connect to Apache</a></li>
@@ -85,76 +85,95 @@
<li><a href="#elsewhere">More information</a></li>
</ul>
<h2 id="openssh">Using OpenSSH to connect to Apache<a class="headerlink" href="#openssh" title="Permanent link">¶</a></h2>
+
<p><a href="https://www.openssh.org" target="_blank">OpenSSH</a> is a widely used and trusted suite of software using the SSH family of protocols.</p>
<h2 id="openssh-ssh2">Configuring OpenSSH to use SSH2 (*nix)<a class="headerlink" href="#openssh-ssh2" title="Permanent link">¶</a></h2>
+
<p>The OpenSSH client uses by default configuration files in the <code>~/.ssh</code> directory. The main configuration file is <code>~/.ssh/config</code> and is optional. It may exist already. If it does not, you can create it in a simple text format. Group together instructions for a particular host (or group of hosts). Here is a suggested basic configuration:</p>
-<pre><code><pre>
-# Apply to all hosts
+<div class="highlight"><pre><span></span><code><span class="nt"><pre></span>
+#<span class="w"> </span>Apply<span class="w"> </span>to<span class="w"> </span>all<span class="w"> </span>hosts
-# Alternatively replace with:
+#<span class="w"> </span>Alternatively<span class="w"> </span>replace<span class="w"> </span>with:<span class="w"> </span>
-#Host \*.apache.org
-Host \*
- FallBackToRsh no
- Protocol 2,1
-</pre>
-</code></pre>
+#Host<span class="w"> </span>\*.apache.org
+Host<span class="w"> </span>\*
+<span class="w"> </span>FallBackToRsh<span class="w"> </span>no
+<span class="w"> </span>Protocol<span class="w"> </span>2,1
+<span class="nt"></pre></span>
+</code></pre></div>
+
<p>Many other options are available.</p>
<h2 id="debug-ssh">Debugging an OpenSSH client connection<a class="headerlink" href="#debug-ssh" title="Permanent link">¶</a></h2>
+
<p>To diagnose what's going wrong with an OpenSSH connection, run the client in verbose mode. To do this just add <code>-v</code>:</p>
-<pre><code>ssh -v -l yourApacheID some-project-server.apache.org
-</code></pre>
+<div class="highlight"><pre><span></span><code>ssh -v -l yourApacheID some-project-server.apache.org
+</code></pre></div>
+
<h2 id="troubleshooting">Troubleshooting<a class="headerlink" href="#troubleshooting" title="Permanent link">¶</a></h2>
+
<ul>
<li>If you encounter a problem with SSH and you are not running the most modern stable release of the client software you are connecting with, upgrade and retry.</li>
<li>Configure the client to use <a href="#ssh2-configuration"> SSH2</a> where possible so the connection to Apache uses the SSH2 protocol. This protocol is more secure and lets you use an interactive keyboard (type in password) or <a href="#pki">PKI</a>. If you must use SSH1, you will need to use PKI.</li>
<li>Read <a href="#ssh-debug">the section on debugging SSH</a> and try to diagnose the problem.</li>
</ul>
<h3 id="common-problems">Some common problems<a class="headerlink" href="#common-problems" title="Permanent link">¶</a></h3>
-<h4 id="exposed">Do not expose your private key<a class="headerlink" href="#exposed" title="Permanent link">¶</a></h4>. Generate your key on a computer that is in your control, then upload only the public part to id.apache.org (use your ApacheID on the site). Do not make the mistake of generating the key on the an ASF server.
+
+<h4 id="exposed">Do not expose your private key<a class="headerlink" href="#exposed" title="Permanent link">¶</a></h4>
+<p>. Generate your key on a computer that is in your control, then upload only the public part to id.apache.org (use your ApacheID on the site). Do not make the mistake of generating the key on the an ASF server.</p></p>
<h4 id="too-many-groups">Too Many Groups<a class="headerlink" href="#too-many-groups" title="Permanent link">¶</a></h4>
-FreeBSD only allows a user to be in 16 groups. A user who is too popular will not be allowed to log on. It is easy to mistake this for an ssh problem. If `Authentication succeeded` is present in the <a href="#ssh-debug">debug logs</a>, this indicates that the issue lies on your machine's login rather than with ssh.
+<p>FreeBSD only allows a user to be in 16 groups. A user who is too popular will not be allowed to log on. It is easy to mistake this for an ssh problem. If <code>Authentication succeeded</code> is present in the <a href="#ssh-debug">debug logs</a>, this indicates that the issue lies on your machine's login rather than with ssh.</p>
<h4 id="batch-mode">Batch Mode<a class="headerlink" href="#batch-mode" title="Permanent link">¶</a></h4>
+
<p>Only use batch mode in automated scripts. You will not be able to log in if ssh is configured to use batch mode.</p>
<h2 id="FAQ">FAQ<a class="headerlink" href="#FAQ" title="Permanent link">¶</a></h2>
+
<h4 id="ssh2">What is SSH2?<a class="headerlink" href="#ssh2" title="Permanent link">¶</a></h4>
+
<p>The second generation in the ssh family of protocols. It is believed to be more secure than the first generation and the implementations are now mature. Certain flaws exist in the first generation protocols which do not exist in the second generation, so we recommend <a href="#ssh2-configuration">using SSH2</a> where possible.</p>
<h4 id="ssh-debug">How can I debug my connection?<a class="headerlink" href="#ssh-debug" title="Permanent link">¶</a></h4>
+
<p>The easiest way to diagnose a failing connection is to run your client in verbose mode. This will print up descriptions of the actions that the client is taking. <a href="#debug-ssh">Here</a> is how to do this using <a href="https://www.openssh.org" target="_blank">OpenSSH</a>.</p>
<p>If <code>Authentication succeeded</code> is present then this indicates that the issue
lies in your machine login rather than in ssh.</p>
<h4 id="ssh2-configuration">How do I configure my client to use SSH2?<a class="headerlink" href="#ssh2-configuration" title="Permanent link">¶</a></h4>
+
<p>If you are using OpenSSH, <a href="#openssh-ssh2">some instructions</a> are available. Otherwise, please consult the manual.</p>
<h4 id="what-client">What client can I use?<a class="headerlink" href="#what-client" title="Permanent link">¶</a></h4>
+
<p>You can use any client that supports <a href="#ssh2">SSH2</a>. (It is possible to use older
clients that support only SSH1 but that requires more knowledge.)</p>
<p><a href="http://www.openssh.org">OpenSSH</a> is a well known and trusted client that
is available for most *nixes. Some notes on how to use OpenSSH to connect
to Apache are <a href="#openssh">here</a>.</p>
<h4 id="pki">What is PKI?<a class="headerlink" href="#pki" title="Permanent link">¶</a></h4>
+
<p>Public key infrastructure (PKI) enables the ssh family of protocols to operate without passing a password to the server. You use a passphrase to unlock a private key on the client machine, and a corresponding public key on the server for authentication the during the handshake. We recommend this as the most secure method of connection.</p>
<h4 id="no-connection">Why can't I connect using SSH1?<a class="headerlink" href="#no-connection" title="Permanent link">¶</a></h4>
+
<p>Because it has been deprecated in OpenSSH.</p>
<h4 id="known-host">What is a known host?<a class="headerlink" href="#known-host" title="Permanent link">¶</a></h4>
+
<p>SSH employs the <em>known hosts</em> mechanism to prevent <a href="#middle-man-attacks">man in the
middle</a> attacks. The first time that the client connects to a server, the fingerprint of the key used by that server is
displayed to the user, who may to asked to confirm the identity of that server. For example:</p>
-<pre><code>The authenticity of host 'home.apache.org (209.237.237.194)' can't be established.
-RSA key fingerprint is 1c:5d:3f:a2:89:97:2e:39:eb:b0:09:9e:cf:c6:8d:f3.
-Are you sure you want to continue connecting (yes/no)?
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="nv">The</span><span class="w"> </span><span class="nv">authenticity</span><span class="w"> </span><span class="nv">of</span><span class="w"> </span><span class="nv">host</span><span class="w"> </span><span class="s1">'home.apache.org (209.237.237.194)'</span><span class="w"> </span><span class="nv">can</span><span class="err">'t be established.</span>
+<span class="err">RSA key fingerprint is 1c:5d:3f:a2:89:97:2e:39:eb:b0:09:9e:cf:c6:8d:f3.</span>
+<span class="err">Are you sure you want to continue connecting (yes/no)? </span>
+</code></pre></div>
+
<p>The fingerprints for <code>home.apache.org</code> can be found
<a href="/new-committers-guide.html#identity-theft">here</a>. If the user elects to continue,
this value is written to a <code>known_hosts</code> file. In future, when the user connects to the same server, the system checks this value and alerts the user if it has changed. <strong>Do not continue the connection</strong> after such an alert: contact infrastructure. This is of crucial importance when using keyboard interactive authentication.</p>
<p><strong>Note</strong>: The fingerprint for the key used for ssh is different from the fingerprint of the certificate used to securely serve the
website.</p>
<h4 id="middle-man-attacks">What Is a Man-in-the-Middle attack?<a class="headerlink" href="#middle-man-attacks" title="Permanent link">¶</a></h4>
+
<p>A class of attacks where the attacker masquerades as the server to the client and as the client to the server.</p>
<h2 id="elsewhere">More information<a class="headerlink" href="#elsewhere" title="Permanent link">¶</a></h2>
+
<ul>
<li><a href="/new-committers-guide.html#identity-theft" target="_blank">Identity theft</a></li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/version-control.html b/output/version-control.html
index 0b73963..161cf51 100644
--- a/output/version-control.html
+++ b/output/version-control.html
@@ -73,18 +73,16 @@
<h1>
Source Code Repositories at Apache
</h1>
- <p>Apache project contributors are in countries all around the world. To help them work together, projects keep their source code in an Internet-accessible revision control system, either <a href="https://subversion.apache.org/" target="_blank">Subversion (SVN)</a> or <a href="https://git-scm.com/" target="_blank">Git</a>. Apache committers have <em>write access</em> to the repositories for their projects, so they can edit existing code and add new files.</p>
+ <p>Apache project contributors are in countries all around the world. To help them work together, projects keep their source code in an Internet-accessible revision control system, either <a href="https://subversion.apache.org/" target="_blank">Subversion (SVN)</a> or <a href="https://git-scm.com/" target="_blank">Git</a>. Apache committers have <em>write access</em> to the repositories for their projects, so they can edit existing code and add new files. </p>
<h2>Contents</h2>
<ul>
<li><a href="#general">In general</a></li>
-<li><a href="#git">Git repositories</a>
-<ul>
+<li><a href="#git">Git repositories</a><ul>
<li><a href="#create">Creating repositories</a></li>
<li><a href="#asfyaml">.asf.yaml for Git repositories</a></li>
</ul>
</li>
-<li><a href="#svn">SVN repositories</a>
-<ul>
+<li><a href="#svn">SVN repositories</a><ul>
<li><a href="#commandline">Command-line SVN access</a></li>
<li><a href="#commandlinecommit">Committing code through the command line</a></li>
<li><a href="#configuring">Configuring the SVN client</a></li>
@@ -96,14 +94,16 @@
<li><a href="#migrating">Migrating an SVN code repository to Git</a></li>
</ul>
<h2 id="general">In general<a class="headerlink" href="#general" title="Permanent link">¶</a></h2>
+
<p><strong>Note</strong>: please review the <a href="project-repo-policy.html">Project Code Repository Policy</a>.</p>
-<p>Everyone has <em>read access</em> to the repositories and can download the most up-to-date development version of any project's software to review or compile.</p>
+<p>Everyone has <em>read access</em> to the repositories and can download the most up-to-date development version of any project's software to review or compile. </p>
<ul>
-<li>If you want a stable release of the source code, download it from the <a href="https://www.apache.org/dyn/closer.lua/" target="_blank">distribution directory</a>.</li>
+<li>If you want a stable release of the source code, download it from the <a href="https://www.apache.org/dyn/closer.lua/" target="_blank">distribution directory</a>. </li>
<li>Only download the code directly from your project's code repository if you are participating in the development effort. The latest version of the code is what your colleagues have most recently checked in, and they may or may not have confirmed that it compiles correctly and does what they want it to do.</li>
<li>If you want a release version of the project's compiled application, visit the project's website and find its download page. It may offer both stable releases and "bleeding-edge" or "nightly" builds that compile properly but include the latest, possibly-unstable, features.</li>
</ul>
<h2 id="git">Git repositories<a class="headerlink" href="#git" title="Permanent link">¶</a></h2>
+
<p>How-to guides, documentation, and a list of projects using Git for revision control are at <a href="https://git.apache.org/" target="_blank">git.apache.org</a>.</p>
<p>Many Git users manage their source code through one of these tools:</p>
<ul>
@@ -112,6 +112,7 @@
</ul>
<p>Some projects began using <a href="git.html">read-only-mirrors</a> of SVN repositories when Apache's support for Git was limited. This is no longer necessary. <a href="project-repo-policy.html">Writable Git</a> repositories are available to all projects.</p>
<h3 id="create">Creating repositories<a class="headerlink" href="#create" title="Permanent link">¶</a></h3>
+
<p>Apache projects can have as many <strong>public</strong> Git repositories as their product development work requires. Use the <a href="http://selfserve.apache.org/" target="_blank">Self Serve tool</a> to create an additional repository.</p>
<p>Some projects require a <strong>private</strong> Git repository, for reasons like:</p>
<ul>
@@ -122,6 +123,7 @@
</ul>
<p>Each PMC can have <strong>one</strong> private Git repository. Open a Jira ticket for Infra to request one, explaining the reasons the project needs it.</p>
<h3 id="asfyaml">.asf.yaml for Git repositories<a class="headerlink" href="#asfyaml" title="Permanent link">¶</a></h3>
+
<p><code>.asf.yaml</code> is a branch-specific file. Projects hosting their websites in a Git repository must use <code>.asf.yaml</code> to build and update their sites. Review <a href="asf-yaml.html">this documentation</a> before working with your <code>.asf.yaml</code> files.</p>
<p>Projects can also place <code>.asf.yaml</code> in the root of a repository to control:</p>
<ul>
@@ -131,6 +133,7 @@
</ul>
<p>Read <a href="asf-yaml.html">the .asf.yaml primer</a> to learn more.</p>
<h2 id="svn">SVN repositories<a class="headerlink" href="#svn" title="Permanent link">¶</a></h2>
+
<p>Information about SVN is at <a href="https://subversion.apache.org/" target="_blank">the Apache SVN site</a> and <a href="http://svnbook.red-bean.com/" target="_blank">Version Control with Subversion</a>. The website provides links for <em>SVN clients</em> you can download and install to make it easier to work with SVN.</p>
<p>To browse the repositories or download a few individual files, you can</p>
<ul>
@@ -138,47 +141,64 @@
<li>find a project repository at <a href="https://svn.apache.org/repos/asf/" target="_blank">the list of SVN repos</a></li>
</ul>
<h3 id="commandline">Command-line SVN access<a class="headerlink" href="#commandline" title="Permanent link">¶</a></h3>
+
<p>You can check out a project repository anonymously once you have installed a SVN client. For example, to get the Spamassassin module, use:</p>
-<pre><code> $ svn checkout http://svn.apache.org/repos/asf/spamassassin/trunk spamassassin
-</code></pre>
+<div class="highlight"><pre><span></span><code> $ svn checkout http://svn.apache.org/repos/asf/spamassassin/trunk spamassassin
+</code></pre></div>
+
<h3 id="commandlinecommit">Committing code through the command line<a class="headerlink" href="#commandlinecommit" title="Permanent link">¶</a></h3>
+
<p>If you are a project committer and don't want to use a SVN client like Tortoise, you can commit your new and updated files using the command line. We use HTTPS basic authentication, so you need to specify your user name and password as part of the check-in command.</p>
<p>For example, if you wanted to add the file 'test.txt', you might follow these steps:</p>
-<pre><code class="language-$">$ cd excalibur-trunk
+<p>``` $ svn co https://svn.apache.org/repos/asf/excalibur/trunk/ excalibur-trunk
+$ cd excalibur-trunk
$ echo "test" > test.txt
$ svn add test.txt
$ svn commit --username your-name --password your-password \
- --message "Trying out svn"
-</code></pre>
-<p>Apache does not support <code>svnserve</code> or <code>svn+ssh</code>.</p>
-<h3 id="configuring">Configuring the SVN client<a class="headerlink" href="#configuring" title="Permanent link">¶</a></h3>
-<p>Committers need to properly configure their svn client. One particular issue is OS-specific line-endings for text files. When you add a new text file, especially when applying patches from Bugzilla, make sure that the line-endings are appropriate for your system, then do (for test.txt)</p>
-<p><code>svn add test.txt svn propset svn:eol-style native test.txt</code></p>
-<p>You can configure your svn client to do that automatically for some common file types. Add the contents of <a href="https://www.apache.org/dev/svn-eol-style.txt" target="_blank">this file</a> to the bottom of your ~/.subversion/config file, normally found at:</p>
-<ul>
-<li>Windows: C:\Documents and Settings{username}\Application Data\Subversion\config</li>
-<li>Windows 7: C:\Users{username}\AppData\Roaming\Subversion\config]</li>
-<li>Linux & Mac OSX: ~/.subversion/config or /etc/subversion/config</li>
-</ul>
-<p>You may need to set additional properties for some files. For example, apply <code>svn:executable=*</code> to script files (e.g. .bat, .cgi, .cmd, .sh) that are intended to be executed. Since not all such files are intended to be executed, do not make the executable property an automatic default.</p>
-<p>Pay attention to the messages from your svn client when you do 'svn commit'.</p>
-<p><strong>Tip</strong>: If you use TortoiseSVN, a popular Windows GUI client that integrates with Windows Explorer, you can right click in Explorer and select TortoiseSVN - Settings, and then press the "Edit" button to update your "Subversion configuration file:". If you do not see</p>
-<pre><code> *.c = svn:eol-style=native
-</code></pre>
-<p>copy the above svn-eol-style.txt file's contents into the end of the config editor that appears, and save the file.</p>
-<h3 id="svnssl">SVN SSL server certificate<a class="headerlink" href="#svnssl" title="Permanent link">¶</a></h3>
-<p>You can check the validity of the server certificate on the <a href="/machines.html" target="_blank">Apache host keys listing</a>.</p>
-<h3 id="errormessages">Typical SVN error messages<a class="headerlink" href="#errormessages" title="Permanent link">¶</a></h3>
-<p><strong>Error validating server certificate</strong></p>
-<pre><code class="language-Error"> - The certificate is not issued by a trusted authority. Use the
- fingerprint to validate the certificate manually!
-Certificate information:
- - Hostname: *.apache.org
- - Valid: from Apr 20 00:00:00 2017 GMT until July 20 23:59:59 2019 GMT
- - Issuer: SSL.com
- - SHA-1 Fingerprint 2D:97:67:D9:2E:20:EE:07:3D:26:DA:97:A6:43:36:5F:71:8E:94:19
-(R)eject, accept (t)emporarily or accept (p)ermanently?
-</code></pre>
+ --message "Trying out svn"</p>
+<div class="highlight"><pre><span></span><code><span class="n">Apache</span><span class="w"> </span><span class="n">does</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="n">support</span><span class="w"> </span><span class="n n-Quoted">`svnserve`</span><span class="w"> </span><span class="k">or</span><span class="w"> </span><span class="n n-Quoted">`svn+ssh`</span><span class="p">.</span>
+
+<span class="o"><</span><span class="n">h3</span><span class="w"> </span><span class="n">id</span><span class="o">=</span><span class="s2">"configuring"</span><span class="o">></span><span class="n">Configuring</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">SVN</span><span class="w"> </span><span class="k">client</span><span class="o"><</span><span class="n">a</span><span class="w"> </span><span class="n">class</span><span class="o">=</span><span class="s2">"headerlink"</span><span class="w"> </span><span class="n">href</span><span class="o">=</span><span class="s2">"#configuring"</span><span class="w"> </span><span class="n">title</span><span class="o">=</span><span class="s2">"Permanent link"</span><span class="o">>&</span><span class="n">para</span><span class="p">;</span><span class="o"></</span><span class="n">a</span><span class="o">></</span><span class="n">h3</span><span class="o">></span>
+
+<span class="n">Committers</span><span class="w"> </span><span class="n">need</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">properly</span><span class="w"> </span><span class="n">configure</span><span class="w"> </span><span class="n">their</span><span class="w"> </span><span class="n">svn</span><span class="w"> </span><span class="k">client</span><span class="p">.</span><span class="w"> </span><span class="k">One</span><span class="w"> </span><span class="n">particular</span><span class="w"> </span><span class="n">issue</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">OS</span><span class="o">-</span><span class="k">specific</span><span class="w"> </span><span class="n">line</span><span class="o">-</span><span class="n">endings</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="kt">text</span><span class="w"> </span><span class="n">files</span><span class="p">.</span><span class="w"> </span><span class="k">When</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="k">add</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="kt">text</span><span class="w"> </span><span class="k">file</span><span class="p">,</span><span class="w"> </span><span class="n">especially</span><span class="w"> </span><span class="k">when</span><span class="w"> </span><span class="n">applying</span><span class="w"> </span><span class="n">patches</span><span class="w"> </span><span class="k">from</span><span class="w"> </span><span class="n">Bugzilla</span><span class="p">,</span><span class="w"> </span><span class="n">make</span><span class="w"> </span><span class="n">sure</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">line</span><span class="o">-</span><span class="n">endings</span><span class="w"> </span><span class="n">are</span><span class="w"> </span><span class="n">appropriate</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="k">system</span><span class="p">,</span><span class="w"> </span><span class="k">then</span><span class="w"> </span><span class="k">do</span><span class="w"> </span><span class="p">(</span><span class="k">for</span><span class="w"> </span><span class="n">test</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span>
+
+<span class="n n-Quoted">`svn add test.txt svn propset svn:eol-style native test.txt`</span><span class="w"> </span>
+
+<span class="n">You</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="n">configure</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="n">svn</span><span class="w"> </span><span class="k">client</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">do</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">automatically</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="k">some</span><span class="w"> </span><span class="n">common</span><span class="w"> </span><span class="k">file</span><span class="w"> </span><span class="k">types</span><span class="p">.</span><span class="w"> </span><span class="k">Add</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">contents</span><span class="w"> </span><span class="k">of</span><span class="w"> </span><span class="o"><</span><span class="n">a</span><span class="w"> </span><span class="n">href</span><span class="o">=</span><span class="s2">"https://www.apache.org/dev/svn-eol-style.txt"</span><span class="w"> </span><span class="n">target</span><span class="o">=</span><span class="s2">"_blank"</span><span class="o">></span><span class="n">this</span><span class="w"> </span><span class="k">file</span><span class="o"></</span><span class="n">a</span><span class="o">></span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">bottom</span><span class="w"> </span><span class="k">of</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="o">~/</span><span class="p">.</span><span class="n">subversion</span><span class="o">/</span><span class="n">config</span><span class="w"> </span><span class="k">file</span><span class="p">,</span><span class="w"> </span><span class="n">normally</span><span class="w"> </span><span class="k">found</span><span class="w"> </span><span class="k">at</span><span class="o">:</span>
+
+<span class="o">-</span><span class="w"> </span><span class="n">Windows</span><span class="o">:</span><span class="w"> </span><span class="n">C</span><span class="o">:</span><span class="err">\</span><span class="n">Documents</span><span class="w"> </span><span class="k">and</span><span class="w"> </span><span class="k">Set</span><span class="n">tings</span><span class="err">\{</span><span class="n">username</span><span class="err">}\</span><span class="n">Application</span><span class="w"> </span><span class="k">Data</span><span class="err">\</span><span class="n">Subversion</span><span class="err">\</span><span class="n">config</span>
+<span class="o">-</span><span class="w"> </span><span class="n">Windows</span><span class="w"> </span><span class="mi">7</span><span class="o">:</span><span class="w"> </span><span class="n">C</span><span class="o">:</span><span class="err">\</span><span class="n">Users</span><span class="err">\{</span><span class="n">username</span><span class="err">}\</span><span class="n">AppData</span><span class="err">\</span><span class="n">Roaming</span><span class="err">\</span><span class="n">Subversion</span><span class="err">\</span><span class="n">config</span><span class="err">]</span>
+<span class="o">-</span><span class="w"> </span><span class="n">Linux</span><span class="w"> </span><span class="o">&</span><span class="w"> </span><span class="n">Mac</span><span class="w"> </span><span class="n">OSX</span><span class="o">:</span><span class="w"> </span><span class="o">~/</span><span class="p">.</span><span class="n">subversion</span><span class="o">/</span><span class="n">config</span><span class="w"> </span><span class="k">or</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">subversion</span><span class="o">/</span><span class="n">config</span>
+
+<span class="n">You</span><span class="w"> </span><span class="n">may</span><span class="w"> </span><span class="n">need</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">additional</span><span class="w"> </span><span class="n">properties</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="k">some</span><span class="w"> </span><span class="n">files</span><span class="p">.</span><span class="w"> </span><span class="k">For</span><span class="w"> </span><span class="n">example</span><span class="p">,</span><span class="w"> </span><span class="n">apply</span><span class="w"> </span><span class="n n-Quoted">`svn:executable=*`</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">script</span><span class="w"> </span><span class="n">files</span><span class="w"> </span><span class="p">(</span><span class="n">e</span><span class="p">.</span><span class="n">g</span><span class="p">.</span><span class="w"> </span><span class="p">.</span><span class="n">bat</span><span class="p">,</span><span class="w"> </span><span class="p">.</span><span class="n">cgi</span><span class="p">,</span><span class="w"> </span><span class="p">.</span><span class="n">cmd</span><span class="p">,</span><span class="w"> </span><span class="p">.</span><span class="n">sh</span><span class="p">)</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">are</span><span class="w"> </span><span class="n">intended</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">executed</span><span class="p">.</span><span class="w"> </span><span class="n">Since</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="k">all</span><span class="w"> </span><span class="n">such</span><span class="w"> </span><span class="n">files</span><span class="w"> </span><span class="n">are</span><span class="w"> </span><span class="n">intended</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">executed</span><span class="p">,</span><span class="w"> </span><span class="k">do</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="n">make</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">executable</span><span class="w"> </span><span class="n">property</span><span class="w"> </span><span class="n">an</span><span class="w"> </span><span class="n">automatic</span><span class="w"> </span><span class="k">default</span><span class="p">.</span>
+
+<span class="n">Pay</span><span class="w"> </span><span class="n">attention</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">messages</span><span class="w"> </span><span class="k">from</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="n">svn</span><span class="w"> </span><span class="k">client</span><span class="w"> </span><span class="k">when</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="k">do</span><span class="w"> </span><span class="s1">'svn commit'</span><span class="p">.</span>
+
+<span class="o">**</span><span class="n">Tip</span><span class="o">**:</span><span class="w"> </span><span class="k">If</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="k">use</span><span class="w"> </span><span class="n">TortoiseSVN</span><span class="p">,</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">popular</span><span class="w"> </span><span class="n">Windows</span><span class="w"> </span><span class="n">GUI</span><span class="w"> </span><span class="k">client</span><span class="w"> </span><span class="n">that</span><span class="w"> </span><span class="n">integrates</span><span class="w"> </span><span class="k">with</span><span class="w"> </span><span class="n">Windows</span><span class="w"> </span><span class="n">Explorer</span><span class="p">,</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">can</span><span class="w"> </span><span class="k">right</span><span class="w"> </span><span class="n">click</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="n">Explorer</span><span class="w"> </span><span class="k">and</span><span class="w"> </span><span class="k">select</span><span class="w"> </span><span class="n">TortoiseSVN</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="k">Set</span><span class="n">tings</span><span class="p">,</span><span class="w"> </span><span class="k">and</span><span class="w"> </span><span class="k">then</span><span class="w"> </span><span class="n">press</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="s2">"Edit"</span><span class="w"> </span><span class="n">button</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">update</span><span class="w"> </span><span class="n">your</span><span class="w"> </span><span class="s2">"Subversion configuration file:"</span><span class="p">.</span><span class="w"> </span><span class="k">If</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="k">do</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="n">see</span><span class="w"> </span>
+
+<span class="w"> </span><span class="o">*</span><span class="p">.</span><span class="n">c</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">svn</span><span class="o">:</span><span class="n">eol</span><span class="o">-</span><span class="n">style</span><span class="o">=</span><span class="n">native</span>
+
+<span class="n">copy</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">above</span><span class="w"> </span><span class="n">svn</span><span class="o">-</span><span class="n">eol</span><span class="o">-</span><span class="n">style</span><span class="p">.</span><span class="n">txt</span><span class="w"> </span><span class="k">file</span><span class="s1">'s contents into the end of the config editor that appears, and save the file.</span>
+
+<span class="s1"><h3 id="svnssl">SVN SSL server certificate<a class="headerlink" href="#svnssl" title="Permanent link">&para;</a></h3></span>
+
+<span class="s1">You can check the validity of the server certificate on the <a href="/machines.html" target="_blank">Apache host keys listing</a>.</span>
+
+<span class="s1"><h3 id="errormessages">Typical SVN error messages<a class="headerlink" href="#errormessages" title="Permanent link">&para;</a></h3></span>
+
+<span class="s1">**Error validating server certificate**</span>
+
+<span class="s1">```Error validating server certificate for '</span><span class="n">https</span><span class="o">://</span><span class="n">svn</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span><span class="o">:</span><span class="mi">443</span><span class="s1">':</span>
+<span class="s1"> - The certificate is not issued by a trusted authority. Use the</span>
+<span class="s1"> fingerprint to validate the certificate manually!</span>
+<span class="s1">Certificate information:</span>
+<span class="s1"> - Hostname: *.apache.org</span>
+<span class="s1"> - Valid: from Apr 20 00:00:00 2017 GMT until July 20 23:59:59 2019 GMT</span>
+<span class="s1"> - Issuer: SSL.com</span>
+<span class="s1"> - SHA-1 Fingerprint 2D:97:67:D9:2E:20:EE:07:3D:26:DA:97:A6:43:36:5F:71:8E:94:19</span>
+<span class="s1">(R)eject, accept (t)emporarily or accept (p)ermanently?</span>
+</code></pre></div>
+
<p>Check the fingerprint against the list at the link above for server certificates.</p>
<p><strong>No such revision</strong></p>
<p>If you get an error like</p>
@@ -188,36 +208,41 @@
<p><em>Note</em> that this error can also occur when running <code>mvn release:prepare</code>. The mvn release plugin has a special property to handle this situation: <a href="http://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#waitBeforeTagging" target="_blank">waitBeforeTagging</a>.</p>
<p><strong>Not the latest baseline</strong></p>
<p>If you get an error like this:</p>
-<pre><code class="language-svn:">svn: The specified baseline is not the latest baseline, so it may not be
-checked out.
-</code></pre>
-<p>This may be because of a short lag in the synchronization between Subversion mirrors, and can occur if multiple commits run in quick succession. This error usually happens if you are located in Europe, or are explicitly using the European mirror.</p>
-<p>Wait for 10 seconds and repeat the command, and you should have success.</p>
-<p><strong>Problems using date revisions</strong></p>
-<p>If you are using a date revision such as <code>-r{2004-09-12}:{2004-08-12}</code> and not getting any or all of the revisions you expected, this is a known problem specific to the ASF repository.</p>
-<p>Unfortunately, there is nothing that can be done to improve this situation, so you must use a workaround. You can use <code>svn log</code> or ViewVC to locate the actual revision number that is first after the date you desire, and substitute that into your <code>-r</code> argument to the svn command.</p>
-<p>For example, consider the desired command:</p>
-<p><code>$ svn diff -rHEAD:{2005-01-01}</code></p>
-<p>While this produces no results, running <code>svn log</code> alone produces a result like this:</p>
-<pre><code>------------------------------------------------------------------------
-r124032 | aheritier | 2005-01-04 09:58:16 +1100 (Tue, 04 Jan 2005) | 1 line
+<p>```svn: Commit failed (details follow):
+svn: The specified baseline is not the latest baseline, so it may not be
+checked out.</p>
+<div class="highlight"><pre><span></span><code>This may be because of a short lag in the synchronization between Subversion mirrors, and can occur if multiple commits run in quick succession. This error usually happens if you are located in Europe, or are explicitly using the European mirror.
-Switch to subversion
-------------------------------------------------------------------------
-r123911 | brett | 2005-01-03 09:48:57 +1100 (Mon, 03 Jan 2005) | 1 line
+Wait for 10 seconds and repeat the command, and you should have success.
-remove nagoya references
-------------------------------------------------------------------------
-r116173 | brett | 2004-10-23 22:11:51 +1000 (Sat, 23 Oct 2004) | 2 lines
+**Problems using date revisions**
-remove old requires descriptions
-</code></pre>
+If you are using a date revision such as <span class="sb">`-r{2004-09-12}:{2004-08-12}`</span> and not getting any or all of the revisions you expected, this is a known problem specific to the ASF repository.
+
+Unfortunately, there is nothing that can be done to improve this situation, so you must use a workaround. You can use <span class="sb">`svn log`</span> or ViewVC to locate the actual revision number that is first after the date you desire, and substitute that into your <span class="sb">`-r`</span> argument to the svn command.
+
+For example, consider the desired command:
+
+<span class="sb">`$ svn diff -rHEAD:{2005-01-01}`</span>
+
+While this produces no results, running <span class="sb">`svn log`</span> alone produces a result like this:
+</code></pre></div>
+
+<hr>
+<p>r124032 | aheritier | 2005-01-04 09:58:16 +1100 (Tue, 04 Jan 2005) | 1 line</p>
+<h2>Switch to subversion</h2>
+<p>r123911 | brett | 2005-01-03 09:48:57 +1100 (Mon, 03 Jan 2005) | 1 line</p>
+<h2>remove nagoya references</h2>
+<p>r116173 | brett | 2004-10-23 22:11:51 +1000 (Sat, 23 Oct 2004) | 2 lines</p>
+<p>remove old requires descriptions
+```</p>
<p>So try the command:</p>
<p><code>$ svn diff -rHEAD:123911</code></p>
<p>This problem crops up because the order of the revisions is not identical to the order of dates in the repository. This is a side effect of loading CVS repositories with history including dates prior to the earliest date in the Subversion repository.</p>
<h3 id="svnfaqs">SVN FAQs<a class="headerlink" href="#svnfaqs" title="Permanent link">¶</a></h3>
+
<ul>
-<li><strong>When should I use svn lock?</strong> Very rarely. Commits in subversion are transactional. This means that locks are almost always unnecessary. An oft-quoted use case is to prevent concurrent editing of a large, unmergeable binary document. However, for open development, good communication is preferable to locking even in this use case. A good, timely post to the list to let your fellow developers know that you're going to start editing that huge PDF is better than locking the file.</li>
+<li><strong>When should I use svn lock?</strong> Very rarely. Commits in subversion are transactional. This means that locks are almost always unnecessary. An oft-quoted use case is to prevent concurrent editing of a large, unmergeable binary document. However, for open development, good communication is preferable to locking even in this use case. A good, timely post to the list to let your fellow developers know that you're going to start editing that huge PDF is better than locking the file. </li>
<li><strong>How often can I run a cron job that connects to the repository?</strong> Hourly is fine. Please do not use programs that poll the repository more frequently than hourly. People who run automated scripts that continuously poll the repository wind up getting their access denied, and that may impact other folks connecting through the same host. If you need to stay more in-sync than an hourly cron allows, subscribe your script to the relevant commit mailing list.</li>
<li><strong>How do I mirror the whole SVN repository for an experiment?</strong> First, ask yourself whether you really want the entire ASF repository Most people really want only a single project. In that case, just check out that source directory from the repo. If you really do want the entire ASF repository, don't use svnsync. Instead, start by looking <a href="httpa://svn-master.apache.org/dump/" target="_blank">here</a>. Use that to bootstrap your repo.</li>
<li><strong>Why do I get a 403 error when I try to commit code?</strong> Run <code>svn info</code> and check that the URL starts with <code>https://</code>. If it starts with <code>http://</code>, run:</li>
@@ -225,8 +250,8 @@
<p><code>$ svn switch --relocate http://svn.apache.org https://svn.apache.org</code></p>
<p>If you still get 403 Forbidden errors, ask your PMC to double-check the authz file and LDAP/Unix group membership.</p>
<h2 id="migrating">Migrating an SVN code repository to Git<a class="headerlink" href="#migrating" title="Permanent link">¶</a></h2>
-<p>Instructions are <a href="svn-to-git-migration.html">here</a>.</p>
+<p>Instructions are <a href="svn-to-git-migration.html">here</a>.</p>
</div>
</div>
</div>
diff --git a/output/vm-for-project.html b/output/vm-for-project.html
index c7ecc35..d01c737 100644
--- a/output/vm-for-project.html
+++ b/output/vm-for-project.html
@@ -85,17 +85,16 @@
<li><a href="#cautions">Cautions</a></li>
</ul>
<h3 id="request">Requesting a virtual machine<a class="headerlink" href="#request" title="Permanent link">¶</a></h3>
+
<p>To request a virtual machine, open a <a href="https://issues.apache.org/jira/browse/INFRA" target="_blank">Jira</a> ticket with at least the following information:</p>
<ol>
-<li>The project's plans for the virtual machine:
-<ul>
+<li>The project's plans for the virtual machine:<ul>
<li>Why the project needs a dedicated vm</li>
<li>Is logging in used in the project's application (HTTPS is mandatory for use of login)?</li>
<li>Do any special ports need to be opened?</li>
</ul>
</li>
-<li>VM resources requested (the operating system will be the latest Ubuntu LTS release):
-<ul>
+<li>VM resources requested (the operating system will be the latest Ubuntu LTS release):<ul>
<li>CPU cores (default is 1)</li>
<li>RAM (default is 1Gb)</li>
<li>Disk capacity (default is 40Gb)</li>
@@ -103,8 +102,7 @@
<li>Apache ID of project administrator (one of the maintainers you specify below)</li>
</ul>
</li>
-<li>Application resources:
-<ul>
+<li>Application resources:<ul>
<li>Database (Infra recommends SQLite, given the small size, but can configure an on-box mySQL or PostgreSQL database for the vm.)</li>
<li>Httpd (installed pr default, configuration is to be agreed upon)</li>
<li>Non-standard packages (will be maintained by infra-p6)</li>
@@ -112,13 +110,11 @@
<li>Backup needed (default is <strong>no</strong> backups other than what is in Infra-p6)</li>
</ul>
</li>
-<li>Maintainers:
-<ul>
+<li>Maintainers:<ul>
<li>Provide the name, Apache ID, and contact info for at least three PMC members who will maintain the vm.</li>
</ul>
</li>
-<li>Acknowledgement:
-<ul>
+<li>Acknowledgement:<ul>
<li>Name of a PMC member who acknowledges this request on behalf of the project.</li>
</ul>
</li>
@@ -127,40 +123,45 @@
<p>The operating system needs to be supported by our standard applications, therefore we currently only offer Ubuntu.</p>
<p><strong>Important</strong>: a PMC member must acknowledge the request ticket.</p>
<h3 id="deploy">Deploying the virtual machine<a class="headerlink" href="#deploy" title="Permanent link">¶</a></h3>
+
<p>Infra may ask questions to clarify the request. When all is clear, we will create the vm according to specifications, install the OS and the mandatory standard (Infra) applications. The mandatory application guarantee a level of security and provide ssh access common to all vms.</p>
<p>Once we have tested the vm, we will ask a project maintainer to do ssh to the vm.</p>
<h3 id="maintain">Project maintainers<a class="headerlink" href="#maintain" title="Permanent link">¶</a></h3>
+
<p>The project maintainers are responsible for maintaining the vm. Infra will normally not maintain the vm, but will check on security from time to time.</p>
<p>Each project maintainer needs to have ssh keys uploaded to <code>id.a.o</code> before requesting the vm. Maintainers use the ssh keys stored in LDAP to log in to the vm.</p>
<p>When the vm is created, each maintainer gets karma to access the vm (ldap add host to userid). Once that has been tested, it is time to get sudo karma if it is required.</p>
<p>To prepare for sudo karma follow the <a href="https://reference.apache.org/committer/opie" target="_blank">OPIE guidelines</a>.</p>
<p>When OPIE works, contact us on #asfinfra, or by commenting on the issue, and sudo karma will be granted (ldap add userid to sudoer group).</p>
<h3 id="ssh-keys">Obtaining SSH keys<a class="headerlink" href="#ssh-keys" title="Permanent link">¶</a></h3>
+
<p>To use key-based login, you need to generate a key on your local desktop (do not use a publicly accessible server for this) and then add your public key to LDAP using the self-service app at <code>https://id.apache.org</code>.</p>
<p>Once you have done this, wait at least 10 mins. You should then be able to log in as follows:</p>
-<pre><code>:::shell $ ssh [username]@$project-vm.apache.org
-</code></pre>
+<div class="highlight"><pre><span></span><code><span class="o">::</span><span class="err">:</span><span class="n">shell</span><span class="w"> </span><span class="err">$</span><span class="w"> </span><span class="n">ssh</span><span class="w"> </span><span class="o">[</span><span class="n">username</span><span class="o">]</span><span class="err">@$</span><span class="n">project</span><span class="o">-</span><span class="n">vm</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span>
+</code></pre></div>
+
<p>Depending on your client setup, you may need to run the following command to ensure the key(s) are made available to the SSH client on your system:</p>
-<pre><code>:::shell $ ssh-add
-</code></pre>
+<div class="highlight"><pre><span></span><code>:::shell $ ssh-add
+</code></pre></div>
+
<p>If you use PuTTY, make sure it is configured to force SSH v2 protocol. And use keyboard-interactive.</p>
<p>Once you have logged in, there are few tasks best performed right away. Please take care when using your shell account.</p>
<p>Check that your umask is set in a group-friendly fashion. This ensures that the documents you create are editable by your fellow committers. To do this, (depending on which shell you use) edit the <code>.cshrc</code> file or <code>.profile</code> (sh derivatives) so the umask is set as follows:</p>
-<pre><code>umask 002
-</code></pre>
+<div class="highlight"><pre><span></span><code>umask 002
+</code></pre></div>
+
<p>If a umask line already exists, modify it. Otherwise, add a new line. You will need to use a <code>*nix</code> command-line editor such as <code>vi</code>.</p>
<p>Tip: You can review the files of some other committer: <code>ls -al ~mymentor; cat ~mymentor/.cshrc</code>.</p>
<h3 id="maintenance">General maintenance<a class="headerlink" href="#maintenance" title="Permanent link">¶</a></h3>
+
<p>There are no mandatory rules, but here are some suggestions:</p>
<ul>
-<li>Keep all changes in Git/Puppet. See: <code>https://github.com/apache/infrastructure-p6</code>
-<ul>
+<li>Keep all changes in Git/Puppet. See: <code>https://github.com/apache/infrastructure-p6</code><ul>
<li>If you do not have karma, please create PRs in a branch against our GitHub repository.</li>
<li>Keep all application data in <code>/x1</code> if possible.</li>
</ul>
</li>
-<li>Update Puppet with all extra installed packages.
-<ul>
+<li>Update Puppet with all extra installed packages.<ul>
<li>See <code>https://github.com/apache/infrastructure-p6/tree/production/modules/<vmname>/manifests/init.pp</code></li>
<li>See also the <a href="https://cwiki.apache.org/confluence/display/INFRA/Git+workflow+for+infrastructure-puppet+repo" target="_blank">Git workflow for an Infrastructure Puppet repository</a>.</li>
</ul>
@@ -168,9 +169,9 @@
</ul>
<p>See also <a href="vm-management.html">Managing virtual machines</a></p>
<h3 id="cautions">Cautions<a class="headerlink" href="#cautions" title="Permanent link">¶</a></h3>
+
<ul>
-<li>Do not try to change items controlled by puppet, such as:
-<ul>
+<li>Do not try to change items controlled by puppet, such as:<ul>
<li>iptables</li>
<li>sshd</li>
<li>ldap</li>
@@ -181,7 +182,6 @@
<li>As sudoer you are expected to know what you do, and are expected to clear any problems you create.</li>
</ul>
<p>Before doing something, you are always welcome to join #asfinfra on Slack and ask about it.</p>
-
</div>
</div>
</div>
diff --git a/output/vm-management.html b/output/vm-management.html
index fc87b42..9c6f35e 100644
--- a/output/vm-management.html
+++ b/output/vm-management.html
@@ -77,6 +77,7 @@
<blockquote>
A virtual machine (VM) is a digital version of a physical computer. Virtual machine software can run programs and operating systems, store data, connect to networks, and do other computing functions, and <b>requires maintenance</b> such as updates and system monitoring.
</blockquote>
+
<p>When an Apache project requests a VM, it identifies three project committers who will be responsible for the tasks related to maintaining the VM in a good state. Infra is there to help when complex problems arrive, but is not the first line of support for your VM.</p>
<h2>Managing your VM</h2>
<p>Infra is responsible for most VM high-level management tasks:</p>
@@ -115,7 +116,6 @@
</ul>
<h2>When you get stuck</h2>
<p>Open a Jira ticket for Infra with the details of the problem you are running into with your VM. We will help to resolve it.</p>
-
</div>
</div>
</div>
diff --git a/output/vm-policy.html b/output/vm-policy.html
index bb093ae..d619eb4 100644
--- a/output/vm-policy.html
+++ b/output/vm-policy.html
@@ -86,7 +86,6 @@
<li>the process to <a href="vm-for-project.html">request a VM for your project</a></li>
<li><a href="vm-management.html">Managing virtual machines</a></li>
</ul>
-
</div>
</div>
</div>
diff --git a/output/website-guidelines.html b/output/website-guidelines.html
index c63625f..68cae0c 100644
--- a/output/website-guidelines.html
+++ b/output/website-guidelines.html
@@ -88,9 +88,8 @@
<li>All web sites must be available on ASF's git or svn servers, and published using git- or pypubsub.</li>
<li>Do not host source releases or convenience binaries directly on the web site. See <a href="release-download-pages.html">Release download pages for projects</a>.</li>
</ul>
-<p><strong>Note</strong>: Any ASF project can use the <a href="asf-pelican.html">ASF-Pelican template</a> as the basis for their project website.</p>
-<p>Should you have any questions, feel free to contact us at <a href="mailto:infrastructure@apache.org" target="_blank"><a href="mailto:infrastructure@apache.org">infrastructure@apache.org</a></a> or on our <a href="https://the-asf.slack.com" target="_blank">Slack channel</a>.</p>
-
+<p><strong>Note</strong>: Any ASF project can use the <a href="asf-pelican.html">ASF-Pelican template</a> as the basis for their project website. </p>
+<p>Should you have any questions, feel free to contact us at <a href="mailto:infrastructure@apache.org" target="_blank">infrastructure@apache.org</a> or on our <a href="https://the-asf.slack.com" target="_blank">Slack channel</a>.</p>
</div>
</div>
</div>
