
The rise of the Apache Foundation - jimjag
http://www.infoworld.com/article/3079813/open-source-tools/the-apache-foundations-incredible-rise.html
======
geodel
IMO large number of apache projects are in 2 categories:

1) First try out in open source. If it gets popular, develop commercial
package around open version + extra/proprietary feature or support while open
source version is relegated to experiment or lab evaluation in companies.

2) First offer a commercial offering. Once it is proven to be failed or non-
strategic or both, donate to Apache foundation.

None of that is bad per se but it makes me feel very many apache projects are
of middling quality and riding on vendor driven hype.

~~~
teddyh
I had that feeling about the Apache Foundation, but I also saw that they had a
lot of projects which seemed to be important, even if most of them seemed to
be heavily oriented towards large enterprise-style Java-based things, which I
haven't had much use for myself. Then they took on OpenOffice, and lost what
little of my respect they still had.

Background: OpenOffice used to be the go-to Microsoft Office compatible free
software suite for Linux and other Unix-based systems. Then some politics
happened and it forked to LibreOffice, and essentially all the developers left
for LibreOffice, which is where the development happens today. However, the
company still legally owning the OpenOffice code, and the name, still try
their darnedest to get people to still use the rapidly-failing OpenOffice, to
convince new developers that this is the same OpenOffice that they once knew,
etc. (They have had a booth with staff at every FOSDEM for many years now,
often conveniently located right beside the LibreOffice booth.) For the Apache
Foundation to accept OpenOffice as a project _in this situation_ is
unacceptable. Predictably, the aforementioned company tries to play up the
Apache Foundation connection at every opportunity, trying to imply that since
it's an Apache Foundation project, it is therefore a serious and still active
software project.

~~~
jimjag
So much incorrect in the above I don't know where to start... what
"aforementioned company" are you talking about? You imply it's a company that
"own(s) the OpenOffice code, and the name", but it's the ASF that "owns these"
not whatever company you seem to be implying.

I would suggest getting your facts right before posting things... it makes one
look kinda foolish.

~~~
teddyh
Maybe they don't own the name (i.e. trademark); it’s not very important to
overall accuracy of the summary. It’s also very odd of you to _ask_ what
company it is – shouldn’t you, of all people, _know_? I left the name out
because it’s _not important_ what company it is.

------
davidgerard
Conspicuously not mentioned: OpenOffice.

~~~
dublinben
Or Apache Wave.

~~~
davidgerard
The important point for a report on 2015 is that OpenOffice's six-month
security hole was a huge embarrassment, and it had been deliberately kept out
of project reports to the board.

Jim Jagielski, who was interviewed for this article, was one of the people
pushing super-hard for Apache to take OpenOffice in 2011, insisting Apache
could maintain a desktop application, then having nothing to say when they
utterly failed to.

And Matt Asay knows all this! And that's why its absence in a report on Apache
in 2015 is conspicuous.

~~~
jimjag
The success, or failure, of OpenOffice itself says little-to-nothing about the
success of the ASF itself. Why OpenOffice was not as successful as hoped is a
long and drawn out story, and Apache suffered from the ill-will that the
OpenOffice community accumulated over the years, due to mismanagement by
Oracle. By the time it was donated to the ASF, maybe it was unwise to think
that those dynamics could be changed, but it was worth it to try. Even so, the
donation of OpenOffice to Apache, and the subsequent relicensing of that
codebase to ALv2 was a MAJOR benefit for the entire OpenOffice eco-system,
especially LibreOffice which, as soon as the ASF did the relicensing, consumed
those changes to their benefit. Which is one benefit of permissive licenses in
general.

I would encourage people to look at the (open and public) discussions when the
incubation of OpenOffice was debated; I would also encourage people to read
the tons of other communications about it as it progressed. Instead of having
"nothing to say", as this clueless poster suggests, there is/was a LOT to say,
which WAS said, and done so in an open, public, and transparent fashion. Maybe
all that is uncomfortable for people to admit, since it goes against their
misleading and incorrect narrative to paint the ASF and OpenOffice so
negatively, and for this reason it is good when _real_ journalists keep the
facts straight.

~~~
davidgerard
During the discussion of the security hole last year, you conspicuously had
plenty of time to comment at length on how unfair it was for people to note
Apache's utter inability to maintain a secure desktop application, as did
several of Apache OpenOffice's alleged developers.

However, neither you nor they apparently had any time to fix the security
hole. The fix being, literally: _remove one file from the download_. Well
done.

~~~
jimjag
The below link as well as the (public) dev@ list clearly show you to be
mistaken:

[https://whimsy.apache.org/board/minutes/OpenOffice.html](https://whimsy.apache.org/board/minutes/OpenOffice.html)

~~~
davidgerard
That's a mention from October 2015 and April 2016. The absence from board
reports was brought to public attention in July 2015, and the October 2015
mention you cite is a direct response to that:
[https://lwn.net/Articles/650411/](https://lwn.net/Articles/650411/)

~~~
jimjag
Please read the thread:

[http://thread.gmane.org/gmane.comp.apache.openoffice.devel/2...](http://thread.gmane.org/gmane.comp.apache.openoffice.devel/23907)

~~~
davidgerard
That supplies the background to the LWN piece, and doesn't in any way
contradict its assertions that this was a serious problem that should not have
been suppressed. That public attention is why it was mentioned at all in the
October report.

~~~
jimjag
Your point was that discussion was suppressed. The links show clearly that it
was not, and when the CVE was published (and therefore public), there was open
discussion and a suggested work-around. You may not agree w/ the method used
to "fix" the CVE or the speed in which 4.2.1 was released (for myself, I don't
either), but your claims of suppression and stuff being "deliberately" hidden
is obvious FUD.

~~~
davidgerard
That's literally the thread demonstrating the accuracy of my claim above that
"it had been deliberately kept out of project reports to the board." That's
literally the thread where they're doing that. You have literally cited
something completely supporting my claim and saying "see, this cite proves you
wrong!!"

~~~
rectang
That conversation took place on a publicly archived list with hundreds of
subscribers. Any one of them could have escalated the issue to the Board.

~~~
davidgerard
My claim (as the cited conversation is the smoking gun for) is that the
project excluded it from their report to the board, not that it was never
reported to the board.

In any case, the board were fully aware for a long time of what a disaster the
AOO project was; are you claiming they didn't know about the security
ineptitude or something? What, precisely, is your claim here?

------
cdetrio
One of the ASF founders, Brian Behlendorf, was recently appointed E.D. at
hyperledger.org (a project of the Linux Foundation). Perhaps Hyperledger is
aiming to become the Apache of blockchains.

------
cm3
As an open source contributor and developer myself I never feel good about
releasing stuff under GPL or Apache (yes, both) because they're long and some
parts like the liability section kinda contradict what a liability disclaimer
is about, and most importantly, it's impossible for a developer to understand
it. That's why most projects initiated by developers (without a company) are
MIT or ISC or a BSD variant. Also see the OpenBSD project's (which I don't use
and am not affiliated with) views on the Apache 2 license. All I can
understand is that both GPL and Apache licenses are that long and hard to
understand for non-lawyers because they wanted to have a water-proof legal
document. Which means as a developer you have to trust what others think the
text means if you were to release code under it. I use the ISC license because
I understand it and can explain if someone asks me about the conditions. I
couldn't do the same with eith GPL or Apache. ISC/MIT with a patent clause
might be useful addition for those of use who need that.

~~~
toyg
_> That's why most projects initiated by developers (without a company) are
MIT or ISC or a BSD variant_

[Citation Needed]

A lot of Linux software of all sorts is GPL. A lot.

~~~
cm3
I said "initiated by developers", particularly with the post-Github ecosystem
in mind. In Linux, obviously, there are many GPL projects, that's not a
surprise. I'm talking about what license most developers choose who aren't
working on the linux userland (or kernel). There are whole communities where
liberal is the default license choice (Haskell, Erlang, Apache, BSDs, Golang).

~~~
toyg
Sure, there are a lot of communities out there, but before you can say "most
developers", you'd have to give me some numbers.

My "anecdata" is exactly the opposite. Until a few years ago, most software
I'd use or release was GPL, or bastardized versions like MPL. BSD was seen as
legacy and MIT was fairly rare; APL was just used by the ASF.

Things have changed a bit, mostly because GPL is a bit messy when applied to
stuff like JS libraries (Wordpress themes were probably a turning point for
many). But the GPL is still _massive_.

~~~
ghaff
Black Duck's data says that GPL (2 + 3) is the most common followed by MIT
followed by APL.

[https://www.blackducksoftware.com/top-open-source-
licenses](https://www.blackducksoftware.com/top-open-source-licenses)

~~~
cm3
I've archived the link to be sure, and from what I see, MIT is first, followed
by GPL2, followed by Apache. Here's the snapshot right now:
[http://archive.is/L4hLm](http://archive.is/L4hLm)
([http://archive.is/L4hLm/image](http://archive.is/L4hLm/image)).

~~~
dublinben
Combining versions 2 and 3 of the GPL makes it larger than MIT, at 30%.

~~~
cm3
That's one way to look at it, so if you combine MIT and Apache => 42 (add BSD
and ISC => 50).

~~~
toyg
Still not "most" in the absolute terms that prompted my response. "More" could
be argued, "most" implies a dominance that is simply not there. I know it
sounds like I'm nitpicking, but I'm just trying to explain the point.

~~~
cm3
I didn't check all the other licenses on that page for copyleft/liberal, but
assuming it's just GPL2,GPL3,LGPL2,LGPL3, it didn't look like the absolute sum
would dominate, but these statistics are necessarily precise anyway because
many projects are not under a consistent single license, so...

