Looks fine.
+1
bryan
On Sat, Nov 17, 2018 at 2:03 AM Peter Firmstone
<peter.firmst...@zeus.net.au> wrote:
>
> Hello River folk, please review / comment / suggest / changes for the
> draft board report for November below.
>
> Regards,
>
> Peter.
>
> ## Description:
>
> - Apache River provides a platform for dynamic discovery and lookup
> search of network services. Services may be implemented in a number
> of languages, while clients are required to be jvm based (presently at
> least), to allow proxy jvm byte code to be provisioned dynamically.
>
> ## Issues:
>
> - No significant issues requiring board attention at this time.
>
> ## Activity:
>
> - Minimal activity at present, initial work modular build structure
> has commenced, awaiting to be populated with River 3.0 code.
>
> Release roadmap:
>
> River 3.1 - Modular build restructure (& binary release)
> River 3.2 - Input validation 4 Serialization, delayed unmarshalling&
> safe ServiceRegistrar lookup service.River 3.3 - OSGi support
>
> ## Health report:
>
> - River is a mature codebase with existing deployments, it was
> primarily designed for dynamic discovery of services on private
> networks. IPv4 NAT limitations historically prevented the use of River
> on public networks, however the use of IPv6 on public networks removes
> these limitations. Web services evolved with the publish subscribe
> model of todays internet, River has the potential to dynamically
> discover services on IPv6 networks, peer to peer, blurring current
> destinctions between client and server, it has the potential to address
> many of the security issues currently experienced with IoT and avoid any
> dependency on the proprietary cloud for "things".
>
> - Future Direction:
>
> * Target IOT space with support for OSGi and IPv6 (security fixes
> required prior to announcement)
> * Input validation for java deserialization - prevents DOS and
> Gadget attacks.
> * IPv6 Multicast Service Discovery (River currently only supports
> IPv4 multicast discovery).
> * Delayed unmarshalling for Service Lookup and Discovery (includes
> SafeServiceRegistrar mentioned in release roadmap), so
> authentication can occur prior to downloading service proxy's,
> this addresses a long standing security issue with service lookup
> while significantly improving performance under some use cases.
> * Security fixes for SSL endpoints, updated to TLS v1.2 with removal
> of support for insecure cyphers.
> * Secure TLS SocketFactory's for RMI Registry, uses
> the currently logged in Subject for authentication.
> The RMI Registry still plays a minor role in service activation,
> this allows those who still use the Registry to secure it.
> * Maven build to replace existing ant built that uses
> classdepandjar, a bytecode dependency analysis build tool.
> * Updating the Jini specifications.
>
>
>
> ## PMC changes:
>
> - Currently 12 PMC members.
> - No new PMC members added in the last 3 months
> - Last PMC addition was Dan Rollo on Fri Dec 01 2017
>
> ## Committer base changes:
>
> - Currently 16 committers.
> - No new committers added in the last 3 months
> - Last committer addition was Dan Rollo at Thu Nov 02 2017
>
> ## Releases:
>
> - Last release was River-3.0.0 on Thu Oct 06 2016
>
> ## Mailing list activity:
>
> - Relatively quiet.
>
> - dev@river.apache.org:
> - 91 subscribers (down -3 in the last 3 months):
> - 7 emails sent to list (6 in previous quarter)
>
> - u...@river.apache.org:
> - 92 subscribers (up 0 in the last 3 months):
> - 1 emails sent to list (3 in previous quarter)
>
>
> ## JIRA activity:
>
> - 1 JIRA tickets created in the last 3 months
> - 0 JIRA tickets closed/resolved in the last 3 months
