+1 Oddly enough, I work remotely, and it seems things are busier than pre-pandemic.
Thankfully, healthy so far. Happy hermit life. Dan > On May 7, 2020, at 11:27 AM, dev-digest-h...@river.apache.org wrote: > > From: Peter Firmstone <peter.firmst...@zeus.net.au > <mailto:peter.firmst...@zeus.net.au>> > Subject: Draft Report River - May 2020 > Date: May 7, 2020 at 3:31:09 AM EDT > To: dev@river.apache.org <mailto:dev@river.apache.org> > > > Hello River Folk, > > Please review the May report draft below. With work starting to slow down, > I should have some time to complete the modular build soon. > > How are you being impacted by Covid-19? > > Regards, > > Peter Firmstone. > > ## Description: > > - Apache River provides a platform for dynamic discovery and lookup > search of network services. Services may be implemented in a number > of languages, while clients are required to be jvm based (presently at > least), to allow proxy jvm byte code to be provisioned dynamically. > > ## Issues: > - There are no issues requiring board attention at this time. > > ## Activity: > > - Minimal activity at present, initial work on the modular build structure > has commenced. The current monolithic build is complex, with it's own build > tool classdepandjar, it adds complexity for new developers. In recent months > I have had work commitments that have limited my ability to integrate the > modular build. The other committers are waiting for the modular build and I > have done a lot of work on this locally, this work has been a significant > undertaking integrating the works of Dennis Reedy, Dan Rollo and myself. > This is also a mature codebase, having been in development since the late > 1990's. > > - The monolithic code has been svn moved into modules into an initial maven > build structure, next step is to move junit tests to each module. > > - Until the monolithic build has been broken up into maven modules, we are > likely to have difficulty attracting new contributors due to the appearance > of complexity. > > Release roadmap: > > River 3.1 - Modular build restructure (& binary release) > River 3.2 - Input validation 4 Serialization, delayed unmarshalling& > safe ServiceRegistrar lookup service.River 3.3 - OSGi support > > ## Health report: > > - River is a mature codebase with existing deployments, it was primarily > designed for dynamic discovery of services on private networks. IPv4 NAT > limitations historically prevented the use of River on public networks, > however the use of IPv6 on public networks removes these limitations. Web > services evolved with the publish subscribe model of today's internet, River > has the potential to dynamically discover services on IPv6 networks, peer to > peer, blurring current distinctions between client and server, it has the > potential to address many of the security issues currently experienced with > IoT and avoid any dependency on the proprietary cloud for "things". > > - Future Direction: > > * Target IOT space with support for OSGi and IPv6 (security fixes > required prior to announcement) > * Input validation for java deserialization - prevents DOS and > Gadget attacks. > * IPv6 Multicast Service Discovery (River currently only supports > IPv4 multicast discovery). > * Delayed unmarshalling for Service Lookup and Discovery (includes > SafeServiceRegistrar mentioned in release roadmap), so > authentication can occur prior to downloading service proxy's, > this addresses a long standing security issue with service lookup > while significantly improving performance under some use cases. > * Security fixes for SSL endpoints, updated to TLS v1.2 with removal > of support for insecure cypher's. > * Secure TLS SocketFactory's for RMI Registry, uses > the currently logged in Subject for authentication. > The RMI Registry still plays a minor role in service activation, > this allows those who still use the Registry to secure it. > * Maven build to replace existing ant built that uses > classdepandjar, a bytecode dependency analysis build tool. > * Updating the Jini specifications. > > ## Project Composition: > > There are currently 16 committers and 12 PMC members in this project. > The Committer-to-PMC ratio is 4:3. > > ## Community changes, past quarter: > > No new PMC members. Last addition was Dan Rollo on 2017-12-01. > No new committers. Last addition was Dan Rollo on 2017-11-02. > > ## Project Release Activity: > - Recent releases: > > River-3.0.0 was released on 2016-10-06. > river-jtsk-2.2.3 was released on 2016-02-21. > river-examples-1.0 was released on 2015-08-10. >
