Hibernate organization membership on GitHub
by Yoann Rodiere
Hello,
As part of the move to Commonhaus, I'm currently going through our GitHub
setup, and I'm noticing we have a lot of users with extensive (and I mean
*extensive*, sometimes admin or even owner) access to our
organization/repositories, but who are no longer regular contributors.
Additionally, we also have organization members on GitHub who are not
technically Hibernate members: they have never actually contributed to
Hibernate, but are there for technical reasons, for example because they're
coworkers who helped out with some infrastructure issue.
While it's fine in principle, because we trust these people, it's very,
very far from security best practices. Account hacking happens, email
addresses get stolen, and the people using these GitHub accounts might one
day be an attacker instead of the person we trust.
According to Commonhaus' automated report, we're currently at 32 people
having admin rights on one Hibernate repository or another. Which I think
we can all agree is much more than necessary.
For that reason, I'd like to propose that:
1. *We create an "Alumni" team in our GitHub organization*, moving to that
team anyone who is actually a member, but hasn't contributed for... let's
say 2 years? Of course this isn't a permanent thing, and we can simply move
alumni back to the relevant team if they become active again.
2. *We move non-members out of our GitHub organization*, or to "external
collaborators" (that's a GitHub feature) if still necessary.
3. *We schedule yearly audits of our GitHub configuration* to review access
rights again in the future, and move people to the Alumni team as necessary.
Note moving people in and out of teams will get them notified, so I would
send another email directly to impacted people before/during the move, to
avoid this being seen as personal/insulting. It's really not.
*Thoughts, opinions, +1s?*
Yoann Rodière
Hibernate team
1 month, 3 weeks
New CI machine preview
by Sanne Grinovero
You're all welcome to play with http://54.225.162.168/
however please keep these in mind:
- it's not the final machine: don't put too much effort in creating
nice build scripts as we'll reset it to clean state soon. We *might*
be able to store jobs defined so far, but we might choose not to.
- domain name should be coming: ci.hibernate.org ..not sure when, got
no replies so far from.
- authentication: just click on login, it will use OAuth2 to request
your identity via your GitHub account. Permissions to create new jobs,
edit existing jobs, run a build manually depend on your github account
be part of the Hibernate organization (or not, in which case you have
read only status)
At this stage I'd like to get a feeling if the hardware is powerful
enough, and also we need to select which other plugins we want to use,
I'm looking especially to:
- static analysis reports
- pull requests integration
both are relatively undefined, we can of course start simple and
improve later.. just checking this fits basic needs now.
Sanne
2 months
Hibernate Search 8.1.0.Alpha1 released
by Marko Bekhta
Hello,
We are pleased to announce the first alpha release of Hibernate Search in
the new 8.1 series: 8.1.0.Alpha1.
This version brings improvements to aggregations, in particular, it is now
possible to create composite aggregations as well as define what the
aggregated values of terms/range aggregations are. Hibernate Search now
also provides several platform POM files that manage
the versions of Hibernate Search artifacts, their transitive dependencies,
and related artifacts that must be aligned. And as usual, a new version
brings compatibility with the latest Elasticsearch/OpenSearch versions,
dependency updates and other improvements.
See our blog for more information:
https://in.relation.to/2025/07/29/hibernate-search-8-1-0-Alpha1
See our website for more information about the 8.1 series in general:
https://hibernate.org/search/releases/8.1/
Have a nice day,
Marko Bekhta
Hibernate Team
marko(a)hibernate.org
5 months
Foundation and funding
by Yoann Rodiere
Hello,
As we're settling at Commonhaus, the topic of funding the foundation
becomes increasingly relevant.
Thankfully Hibernate projects are sponsored directly by several very
invested companies, so resources (devs) are not a problem for us, and
neither is infrastructure (CI).
But Commonhaus itself obviously has admin/infrastructure costs and will
need money.
Without going as far as actively looking for funding, we could at least
start by establishing revenue streams. Commonhaus happens to have a few
things set up already for funnelling sponsorship from GitHub [1], we'd just
need to enable it and direct the money to Commonhaus. I created a pull
request [2] to do just that.
Enabling sponsoring will require a separate change of settings on relevant
repositories (which I think would be those of the major projects displayed
on our websites).
Of course there's no guarantee this will bring any money, but it's better
than the 0% chance if we don't set this up.
We could also set up dedicated "accounts" for Hibernate, so that
contributions to Hibernate are clearly identified and can be used for
Hibernate purposes. But:
1. We don't have an immediate need for that.
2. We can't do that independently from Commonhaus, which is the legal
entity owning Hibernate.
3. I know Erin (in CC) has something planned for precisely this, something
like delegated accounts in OpenCollective. We'd just need to spend some
time figuring it out.
WDYT? If you agree, please go to the PR [2] and approve. If not, please
explain here or on the PR.
Apart from that, I think we should document how to fund Hibernate in
various places. I'm thinking of doing that on the website (one entry in
each per-project menu + one page in the community section) and also in each
project's README (a short subsection with one sentence + a link to the
website). I'll try to send PRs for that at some point in the future, but
please voice any concerns now.
[1]
https://docs.github.com/en/repositories/managing-your-repositorys-setting...
[2] https://github.com/hibernate/.github/pull/5
Yoann Rodière
Hibernate team
5 months, 1 week
