GeoTools / GeoServer PMC meeting - 2024-02-13Attending -
Peter Smythe - Gabriel Roldan - Jody Garnett - Torben Barsballe - Andrea Aime - Jukka Rahkonen - Kevin Smith Actions from prior meetings: - [DONE] Peter: Make a PR to update the PSC list (in the developers guide) gabe: Please help with review of #7156 - [DONE] Peter: Check-in with Brad to see how we can help/plan 🙂 - Peter: Share new wiki pages with the community - [WIP] gabe: Will make a PR for parallel loader - andrea: add peter to the security vulnerabilities issues Agenda - Release schedule - mkdocs update - Discourse update - github security advisory graph question - Worldwide installations of GeoServers - Firefox redirection - GEOS-11284 Promote community module "datadir catalog loader" to core - GEOT-7411 App-schema performance improvement in setting attribute values - SLD Arrow Regression - JNDI documentation critical fix - “www” no longer serving JS apps Actions - Peter: create a sed script to fix email addresses in sourceforge lists export - Jody: setup a github workflow to use dependency submission API <https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api> - Release schedule GeoTools 29.5 / GeoServer 2.23.5 this month Need a volunteer - Andrea will ask around GeoSolutions but no promises. Fallback: Peter Next RC cycle (2.25) is also approaching. Adjusting release schedule to avoid extra 2.24 stable release… https://github.com/geoserver/geoserver/wiki/Release-Schedule Several potentially large changes outstanding: - Wicket 9 <https://github.com/geoserver/geoserver/pull/7154> (postpone to 2.26) - Resources and Paths API <https://github.com/geoserver/geoserver/pull/7156> - one legit bug on windows - Firefox redirectionand stuck on difference of opinion on API meaning (need to clarify javadoc) - action: gabe: volunteer to check in on this later in the month (breakout meeting) - startup enhancements (should be good) - mkdocs (branch <https://github.com/geoserver/geoserver/tree/mkdocs>) (timing would be good) sidebar: Handling of WPS results with respect of ResourceStore and multiple containers - there is some other way to handle that, can check system property - ideally a blob storage would be good for shared WPS output - Configure in WPS administration panel, where to share output mkdocs update Download directives now work: https://jodygarnett.github.io/geoserver/introduction/license/ - docs/introduciton/download/download.txt - lists “external” files - docs/introduction/download/.gitignore - to avoid storing duplicate files - mkdocs.yml has a hook to code to read download.txt above Example of using {{ version }} and {{ release }}: - https://jodygarnett.github.io/geoserver/installation/docker/ - Short term {{ release }} - Jody would like to grab these from pom.xml (this would be a change to release procedure) - Or can we determine from git history - I cannot determine with git because our tags are not on our branch, ours are not :) Can we convert the chinese docs: - yes we could, there is a language chooser - can convert chinese docs later, run the script, need a native speaker to review - jody has a script to convert language, but need a native speaker to review results Discourse update https://trac.osgeo.org/osgeo/ticket/3104#comment:7 Migration broken by SF anonymization… Action: Peter to create a sed script to fix email addresses github security advisory graph question A change to a published vulnerability came in from Mark: - https://github.com/github/advisory-database/pull/3483 - Q: why is this not being made to our geoserver one? Fundamental questions: - For a vulnerability in gs-web-core … - Do we also record gs-web-app? For the war overlay use? - Do we also record against the war for download use - Do we also record against the windows installer … - Would this change for wps extension? Jody’s expectation is to write down the most specific thing … and trust the tools The answer provided by dependabot is a github action, that would run for each tag, that would publish the “graph” based on the pom.xml file relationships. - https://github.com/dependabot/dependabot-core/issues/2640 - No it does not handle maven pom.xml directly, there is an action that processes the dependency:tree into the “graph” used by the tools - would it be smart enough for profiles? action: setup a github workflow to use dependency submission API <https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api> Worldwide installations of GeoServers Nope: https://www.geoseer.net/ (also https://www.geoseer.net/blog/?p=2020-06-04_geospatial_server_software ) SourceForge downloads used to give some view GeoServer - Browse /GeoServer at SourceForge.net <https://sourceforge.net/projects/geoserver/files/GeoServer/> but people are installing by other means as well. Note docker is downloading extensions from SF on each startup (almost like a phone home) Firefox redirection Not quite sure where the problem is, Jody uses firefox for testing and has not noticed anything. Jukka made a test. Works for him with GS 2.24.2 and Firefox version 115.7.0esr GEOS-11284 Promote community module "datadir catalog loader" to core Gabe is working, and has three things left (app-schema, sld-service, metadata …) - Has been adding tests, and finding glitches - The update process was setting up info’s with reference to the “old” (non updated) catalog GEOT-7411 App-schema performance improvement in setting attribute values Same failures as without the changes. Gabriel to look into fixing some of the existing failures too! SLD Arrow Regression It looks like this was not noticed during release-candidate testing (which is when we allocate some time to fix regressions), Checking around everyone is indeed using; resource time/funding would be required to make this more general again. JNDI documentation critical fix Critical? JNDI tomcat documentation properties was incorrect: - Our docs indicate Tomcat JNDI setting uses maxActive - Tomcat 8 now uses maxTotal - …. quiet about ignoring the old maxActive setting, defaulting to 8 connections Docs are now fixed: - https://github.com/geoserver/geoserver/pull/7417 - https://docs.geoserver.org/latest/en/user/tutorials/tomcat-jndi/tomcat-jndi.html#tomcat-setup Action: Highlight in release notes “www” no longer serving JS apps https://github.com/geoserver/geoserver/pull/7420 That is probably a consequence of recent header changes Discussion: - Feedback is to have a setting to disable FilePublisher (www folder), rather than force all content there to text/html (which defeats the reason to have a www folder). - Discussion will continue on PR
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel