Thanks Patricia,
I'm not sure we're going to see a significant number of developers
contributing in the near future.
Unfortunately the technical matters, which are complex and difficult
have caused a lot of argument in the past and have been the cause of a
high barrier to entry for new developers. At least that's what I
think, feel free to provide your perspective.
I have been working on solutions to address some of the complexity.
I noticed that the board thought we hadn't had any commits for 3+ years,
I'll be sure to add some commit statistics to the next board report. I
counted 191 commits over the last three years, not big, but not nothing
either.
I think it's fair to say that we need Apache's infrastructure, our web
site, Jira bug reporting system, repository and mailing lists.
The old 2.2 series code suffered from fragility due to race conditions
and other bugs, understandably this made some existing developers very
fearful of change (who had probably suffered from this fragility in the
past) and the pace at which development was occurring had some
frightened, which impacted our ability to work on the code, for this
reason I don't talk too much about the code, as I fear the return of
arguments of old, you might say I'm a bit shy. In fact I am hoping
that slowing down the pace of development as was requested has given
people time to accept and adapt to the 3.0 release series.
I have been pinning my hopes on the Modular build to allow new
developers to focus on smaller components without having to understand
the whole project.
Also I think that River is constrained by the limitations of IPv4, I
mean who only codes for the intranet these days? Once we integrate
multicast IPv6 support (I have been using this for at least two years
now), we can communicate easily over the internet.
Another concern I have is security, we should have fixed security issues
a long time ago, however the mood of development at the time didn't
foster that, I think it was 2010 when I first flagged security issues
with Serialization. That's another reason why I've been hesitant to
create bug fix releases, I don't think the code is good enough for a
release without addressing some significant security issues first.
But clearly people are using the security features of River like SSL/
TLS, which indicates people are using River over the internet already,
in spite of limitations with IPv4 NAT. I have other fixes that address
TLS security issues in River and bring cyphers and constraints into
2020, rather than 2004 era cyphers.
Regards,
Peter.
On 5/21/2020 10:54 AM, Patricia Shanahan wrote:
The board tends to be more concerned about an active community than
technical matters. We need to discuss whether there is a pool of
potential contributors who are likely to become active.
On 5/20/2020 5:51 PM, Peter Firmstone wrote:
Hello River Folk,
I've received feedback from the Board this morning, they are
requesting that we discuss the Attic for River.
Personally I think the project still has a lot of potential to pick
up again once the modular build is complete, and it is a useful place
to send patches and discuss changes.
A very important patch was sent in June last year by Shawn Ellis for
Java 11.0.3 and later for services using SSL/TLS.
Another important change to the JERI protocol was discussed in
September last year.
http://mail-archives.apache.org/mod_mbox/river-dev/201909.mbox/browser
What are your thoughts?
I don't think the board is asking that we send River to the attic,
just that we discuss it.
Regards,
Peter.
