Jakarta Security Restructuring Review

PMI link: Jakarta Security™ Restructuring Review

There are 3 specification projects related to security in Jakarta:

• https://projects.eclipse.org/projects/ee4j.authentication
• https://projects.eclipse.org/projects/ee4j.authorization
• https://projects.eclipse.org/projects/ee4j.es

There has been discussion that these should be three specifications under a single specification project under Jakarta Security. This restructuring review covers the relevant aspects to implement these changes.

Restructuring To-Do list

In order to implement the proposed changes, we need to complete the following:

• EMO (ED) approval
• EE4J PMC +1
• Spec committee approval
• Infrastructure changes

changed due date to November 16, 2022

assigned to @mdelgado624

/cc @sstark88g

marked the checklist item EE4J PMC +1 as completed

@mmilinkovich we need your approval for this restructuring review:

There are 3 specification projects related to security in Jakarta:

• https://projects.eclipse.org/projects/ee4j.authentication
• https://projects.eclipse.org/projects/ee4j.authorization
• https://projects.eclipse.org/projects/ee4j.es

There has been discussion that these should be three specifications under a single specification project under Jakarta Security. This restructuring review covers the relevant aspects to implement these changes.

approved

The specification committee approved this merge in today's meeting. The decision is captured in the meeting notes: https://docs.google.com/document/d/1wulckg85DQPGy7vGVlsWhw4H041q-ju5RD-HoYaoqMw/edit#bookmark=id.lfscku27g2oc.

Several questions came up about what happens under the infrastructure step:

1. Is the resulting specification project committee list the union of the 3 projects existing committers? This is the desired outcome according to the specification committee.
2. Are the Jenkins CICD jobs of the existing 3 projects going to be merged into the existing security project pipeline, or do the others need to be merged manually?

@sstark88g I'm sure webmaster will be ale to assist with these requests and provide some answers for your questions.

@webmaster please work with the project team to implement the requested infrastructure changes.

marked the checklist item EMO (ED) approval as completed

marked the checklist item Spec committee approval as completed

assigned to @webmaster

changed due date to November 30, 2022

changed the description

added Successful restructuring labels

Just to clarify: the goal of this is to merge the ee4j.authentication and ee4j.authorization projects into ee4j.es, with the final list of committers on ee4j.es being the union of all 3 projects committers?

Collecting the committers should be fine from a technical perspective, but it seems odd to be 'forcing' committers onto a project as that seems like it violates the EDP, but perhaps that doesn't apply to restructures.

@wbeaton, should ee4j.authorization and ee4j.authentication be archived or 'deleted' as part of this?

Which leaves us with infrastructure questions:

1. What should happen to the mailing lists/forums for these projects? Normally we'd close them with an 'over there now' message.
2. Are there any downloads/archives that will need to be moved?
3. For project websites(if any) can they be redirected to the PMI, should they point at the 'archived' projects page or should they point at the ee4j.es project website?

For CI instances our normal process would be to simply shutdown the 'unwanted' instances, as we don't typically move things(that's mostly up the the projects). We can certainly hold off on that for a period of time to give the projects time to complete the moves(our RelEng team should be able to provide guidance for this)

Archived.

@sstark88g please engage with @webmaster so he can complete the implementation if the requested infrastructure changes.

@sstark88g please create a HelpDesk issue for that => https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/new

Does the helpdesk issue do much more than reference this issue?

Ideally it would be limited to the exact changes required(this issue has some of that but is perhaps more procedural/permissive), or at least discussion about the actual changes in a location that is more frequently patrolled by the IT team.

changed due date to December 21, 2022

changed the description

As we're preparing to close this ticket I see that there are still some open points here. @sstark88g can you please provide some feedback to questions posed by @webmaster in the previous comments:

• merging the ee4j.authentication and ee4j.authorization projects into ee4j.es will result in the final list of committers on ee4j.es being the union of all 3 projects committers?

Are you ready to archive the authorization and authentication projects (and their related resources)?

• What should happen to the mailing lists/forums for these projects? Normally we'd close them with an 'over there now' message.
• Are there any downloads/archives that will need to be moved?
• For project websites(if any) can they be redirected to the PMI, should they point at the 'archived' projects page or should they point at the ee4j.es project website?

changed due date to January 18, 2023

changed due date to February 08, 2023

changed due date to February 15, 2023

changed due date to March 15, 2023

changed due date to April 05, 2023

mentioned in issue eclipsefdn/helpdesk#2965

assigned to @jmazanek4ep

closed

reopened

marked the checklist item Infrastructure changes as completed

Closing. Please re-open if something was missed.

closed