+1
On Mon, Mar 2, 2020 at 2:29 PM Patricia Shanahan <p...@acm.org> wrote: > > +1 > > On 2/26/2020 10:26 PM, Peter Firmstone wrote: > > I didn't make the February deadline, so I'll post the report in time for > > March. > > > > +1 Peter. > > > > Please vote at your convenience. > > > > Regards, > > > > Peter. > > > > > > On 2/20/2020 6:29 AM, Dan Rollo wrote: > >> Looks good to me. +1 > >> > >> Dan Rollo > >> > >> > >> From: Peter Firmstone <peter.firmst...@zeus.net.au> > >> Subject: February Board Report Draft > >> Date: February 18, 2020 at 10:10:04 PM EST > >> To: dev@river.apache.org > >> > >> > >> Hello River folk, please review / comment / suggest / changes for the > >> draft board report for February below. > >> > >> Regards, > >> > >> Peter. > >> > >> ## Description: > >> - Apache River provides a platform for dynamic discovery and lookup > >> search of network services. Services may be implemented in a number > >> of languages, while clients are required to be jvm based > >> (presently at > >> least), to allow proxy jvm byte code to be provisioned dynamically. > >> > >> ## Issues: > >> - There are no issues requiring board attention at this time. > >> > >> ## Activity: > >> > >> - Minimal activity at present, initial work on the modular build > >> structure has commenced. The current monolithic build is complex, > >> with it's own build tool classdepandjar, it adds complexity for new > >> developers. In recent months I have had work committments that have > >> limited my ability to integrate the modular build. The other > >> committers are waiting for the modular build and I have done a lot of > >> work on this locally, this work has been a significant undertaking > >> integrating the works of Dennis Reedy, Dan Rollo and myself. This is > >> also a mature codebase, having been in development since the late 1990's. > >> > >> - The monolithic code has been svn moved into modules into an initial > >> maven build structure, next step is to move junit tests to each module. > >> > >> - Until the monolithic build has been broken up into maven modules, we > >> are likely to have difficulty attracting new contributors due to the > >> appearance of complexity. > >> > >> Release roadmap: > >> > >> River 3.1 - Modular build restructure (& binary release) > >> River 3.2 - Input validation 4 Serialization, delayed unmarshalling& > >> safe ServiceRegistrar lookup service.River 3.3 - OSGi support > >> > >> ## Health report: > >> > >> - River is a mature codebase with existing deployments, it was > >> primarily designed for dynamic discovery of services on private > >> networks. IPv4 NAT limitations historically prevented the use of > >> River on public networks, however the use of IPv6 on public networks > >> removes these limitations. Web services evolved with the publish > >> subscribe model of todays internet, River has the potential to > >> dynamically discover services on IPv6 networks, peer to peer, blurring > >> current destinctions between client and server, it has the potential > >> to address many of the security issues currently experienced with IoT > >> and avoid any dependency on the proprietary cloud for "things". > >> > >> - Future Direction: > >> > >> * Target IOT space with support for OSGi and IPv6 (security fixes > >> required prior to announcement) > >> * Input validation for java deserialization - prevents DOS and > >> Gadget attacks. > >> * IPv6 Multicast Service Discovery (River currently only supports > >> IPv4 multicast discovery). > >> * Delayed unmarshalling for Service Lookup and Discovery (includes > >> SafeServiceRegistrar mentioned in release roadmap), so > >> authentication can occur prior to downloading service proxy's, > >> this addresses a long standing security issue with service lookup > >> while significantly improving performance under some use cases. > >> * Security fixes for SSL endpoints, updated to TLS v1.2 with removal > >> of support for insecure cyphers. > >> * Secure TLS SocketFactory's for RMI Registry, uses > >> the currently logged in Subject for authentication. > >> The RMI Registry still plays a minor role in service activation, > >> this allows those who still use the Registry to secure it. > >> * Maven build to replace existing ant built that uses > >> classdepandjar, a bytecode dependency analysis build tool. > >> * Updating the Jini specifications. > >> > >> ## Project Composition: > >> > >> There are currently 16 committers and 12 PMC members in this > >> project. > >> The Committer-to-PMC ratio is 4:3. > >> > >> ## Community changes, past quarter: > >> > >> No new PMC members. Last addition was Dan Rollo on 2017-12-01. > >> No new committers. Last addition was Dan Rollo on 2017-11-02. > >> > >> ## Project Release Activity: > >> - Recent releases: > >> > >> River-3.0.0 was released on 2016-10-06. > >> river-jtsk-2.2.3 was released on 2016-02-21. > >> river-examples-1.0 was released on 2015-08-10. > > -- > This email has been checked for viruses by AVG. > https://www.avg.com >
