+1 Peter. I've uploaded the report. Sent from my Samsung device. Include original message ---- Original message ---- From: Patricia Shanahan <p...@acm.org> Sent: 06/05/2017 10:40:19 am To: dev@river.apache.org Subject: Re: [Report] Apache River - Draft
+1 On 5/5/2017 12:55 AM, Peter wrote: > Hi River folks, > > Draft board report for May, please make suggestions, remember this is > only my point of view, if yours differs please say so. It's probably a > bit wordy, so could use improvement, but I want to be honest with the > board about the current state of development. > > Regards, > > Peter. > > <===========================================================> > > ## Description: > > - Apache River provides a platform for dynamic discovery and lookup > search of network services. Services may be implemented in a number of > languages, while clients are required to be jvm based, to allow proxy > jvm byte code to be provisioned dynamically. > > ## Issues: > > No significant issues requiring board attention at this time. > > ## Activity: > > - Significant drop in activity since February (205 emails on dev), down > to 6 in March and 8 in April. > > - Proposed Release roadmap received positive responses: > > Proposed Release roadmap: >> >> River 3.0.1 - thread leak fix >> River 3.1 - Modular build restructure (& binary release) >> River 3.2 - Input validation 4 Serialization, delayed unmarshalling& >> safe ServiceRegistrar lookup service. >> River 3.3 - OSGi support > > ## Health report: > > - Minimal activity at present on dev. > - Plan to update website with more recent success stories of River > deployment, in one large scale deployment example maintenance costs are > low to non existance while reliability is reportedly very solid in the > face of external system failures. There seem to be at least four recent > examples that need to be added to our success stories. > - No recent commit activity, but there are plans for more work in near > future. > - Future Direction: > > * Target IOT space with support for OSGi and IPv6 (security fixes > required prior to announcement) > * Input validation for java deserialization - prevents DOS and > Gadget attacks. > * IPv6 Multicast Service Discovery (River currently only support > IPv4 multicast discovery). > * Delayed unmarshalling for Service Lookup and Discovery (includes > SafeServiceRegistrar mentioned in release roadmap), so > authentication can occur prior to downloading service proxy's, > this addresses a long standing security issue with service lookup > while significantly improving performance under some use cases. > * Security fixes for SSL endpoints, updated to TLS v1.2 with removal > of support for insecure cyphers. > * Maven build to replace existing ant built that uses > classdepandjar, a bytecode dependency analysis build tool. > > ## PMC changes: > > - Currently 11 PMC members. > - No new PMC members added in the last 3 months > - Last PMC addition was Bryan Thompson on Sun Aug 30 2015 > > ## Committer base changes: > > - Currently 15 committers. > - Zsolt Kúti was added as a committer on Wed Dec 07 2016 > - Bharath Kumar was added as a committer on the 23th March 2017 > > ## Releases: > > - River-3.0.0 was released on Wed Oct 05 2016 > > ## Mailing list activity: > > - Relatively quiet in comparison to recent months, however this appears > as a result of reaching concensus after a period of discussion. > > ## JIRA activity: > > - Nil Activity this period. > >