+1 Dan
Sent from my iPad > On Aug 8, 2018, at 9:43 PM, Bryan Thompson <br...@blazegraph.com> wrote: > > +1 Bryan > > On Wed, Aug 8, 2018 at 4:44 PM, Peter Firmstone > <peter.firmst...@zeus.net.au> wrote: >> Hello River folk, please review / comment / suggest / changes for the draft >> board report for August below. >> >> Regards, >> >> Peter. >> >> ## Description: >> >> - Apache River provides a platform for dynamic discovery and lookup >> search of network services. Services may be implemented in a number >> of languages, while clients are required to be jvm based (presently at >> least), to allow proxy jvm byte code to be provisioned dynamically. >> >> ## Issues: >> >> - No significant issues requiring board attention at this time. >> >> ## Activity: >> >> - Minimal activity at present, initial work modular build structure has >> commenced, awaiting to be populated with River 3.0 code. >> >> Release roadmap: >> >> River 3.1 - Modular build restructure (& binary release) >> River 3.2 - Input validation 4 Serialization, delayed unmarshalling& >> safe ServiceRegistrar lookup service.River 3.3 - OSGi support >> >> ## Health report: >> >> - River is a mature codebase with existing deployments, it was primarily >> designed for dynamic discovery of services on private networks. IPv4 NAT >> limitations historically prevented the use of River on public networks, >> however the use of IPv6 on public networks removes these limitations. Web >> services evolved with the publish subscribe model of todays internet, River >> has the potential to dynamically discover services on IPv6 networks, peer to >> peer, blurring current destinctions between client and server, it has the >> potential to address many of the security issues currently experienced with >> IoT and avoid any dependency on the proprietary cloud for "things". >> >> - Future Direction: >> >> * Target IOT space with support for OSGi and IPv6 (security fixes >> required prior to announcement) >> * Input validation for java deserialization - prevents DOS and >> Gadget attacks. >> * IPv6 Multicast Service Discovery (River currently only supports >> IPv4 multicast discovery). >> * Delayed unmarshalling for Service Lookup and Discovery (includes >> SafeServiceRegistrar mentioned in release roadmap), so >> authentication can occur prior to downloading service proxy's, >> this addresses a long standing security issue with service lookup >> while significantly improving performance under some use cases. >> * Security fixes for SSL endpoints, updated to TLS v1.2 with removal >> of support for insecure cyphers. >> * Secure TLS SocketFactory's for RMI Registry, uses >> the currently logged in Subject for authentication. >> The RMI Registry still plays a minor role in service activation, >> this allows those who still use the Registry to secure it. >> * Maven build to replace existing ant built that uses >> classdepandjar, a bytecode dependency analysis build tool. >> * Updating the Jini specifications. >> >> >> >> ## PMC changes: >> >> - Currently 12 PMC members. >> - No new PMC members added in the last 3 months >> - Last PMC addition was Dan Rollo on Fri Dec 01 2017 >> >> ## Committer base changes: >> >> - Currently 16 committers. >> - No new committers added in the last 3 months >> - Last committer addition was Dan Rollo at Thu Nov 02 2017 >> >> ## Releases: >> >> - Last release was River-3.0.0 on Thu Oct 06 2016 >> >> ## Mailing list activity: >> >> - Relatively quiet. >> >> - dev@river.apache.org: >> - 94 subscribers (up 0 in the last 3 months): >> - 10 emails sent to list (39 in previous quarter) >> >> - u...@river.apache.org: >> - 92 subscribers (up 0 in the last 3 months): >> - 3 emails sent to list (3 in previous quarter) >> >> >> ## JIRA activity: >> >> - 1 JIRA tickets created in the last 3 months >> - 0 JIRA tickets closed/resolved in the last 3 months >> >
