Attendees: Michael Bouschen, Tilmann Zäschke, Tobias Bouschen, Craig Russell
Next meeting: Wednesday May 25 12 noon PDT 2100 CEDT Agenda: 1. JDO 3.2.1 staged release RC1 https://repository.apache.org/content/repositories/orgapachejdo-1007/ <https://repository.apache.org/content/repositories/orgapachejdo-1007/> Craig checked the 3.2.1-RC1 and... checksums (sha512) ok signatures (asc) ok Looked at the unzipped directory for source-release that becomes jdo-3.2.1-RC1. The NOTICE seems a bit off. It refers to the JDO pom with a copyright. But the NOTICE.txt is fine, except for the Copyright date which should be 2005-2022. Craig pushed a change to main. I don't think we need LICENSE since we have LICENSE.txt which is fine. AI Michael: try to figure out where the LICENSE and NOTICE are coming from. Perhaps the mvn-notice-plugin? We added some feature for the Apache Felix bundle plug-in... I'm not sure what PuppyCrawl is and why we have the jdo_checks.xml in there. This is for the check style plugin that we used to use. OK to keep this one. The rest of the source release looks ok. So, the intent of the javax/jdo/ is just for the maven repository, and the org/apahe/jdo is for the source release. AI Everyone review https://github.com/apache/db-jdo/blob/main/HowToReleaseJDO.md <https://github.com/apache/db-jdo/blob/main/HowToReleaseJDO.md> for details on where the release artifacts go. 2. Derby's removal of the security manager (see email from Tilmann) Derby's thoughts on removing the security manager: https://issues.apache.org/jira/secure/attachment/13043591/releaseNote.html <https://issues.apache.org/jira/secure/attachment/13043591/releaseNote.html> from issue https://issues.apache.org/jira/browse/DERBY-7138 <https://issues.apache.org/jira/browse/DERBY-7138> There is a related issue that enforces use of Java 17+ for this version of Derby: https://issues.apache.org/jira/browse/DERBY-7137 <https://issues.apache.org/jira/browse/DERBY-7137> Note that these changes have not been officially released yet. One interesting point is the suggested mitigation "Run Derby from the module path" to prevent access to internals. - Does JDO work with --module-path do we need to do anything to (better) support this, i.e. allow others using it? - Should me modularize the JDO API? 3. New JIRA JDO-812 "Move to JDK 11 as the lowest supported version" https://issues.apache.org/jira/browse/JDO-812 This would be a major "breaking" change. So it would be a 3.3 release item. This may prevent users from upgrading to 3.3 if they are still on JDK 8. But the benefits may be to mitigate some security issues. Any feedback from others? 4. Other issues Action Items from weeks past: [May 4 2022] AI Tilmann prepare the 3.2.1 release. [Dec 09 2021] AI Craig: Try to contact all current/former participants in JDO development and see if and how they want to be recognized on the JDO and DB web sites. https://db.apache.org/whoweare.html [Oct 07 2021] AI Craig send a private message to all JSR-243 Expert Group members asking if they wish to continue. [Mar 25 2021] AI Craig: investigate "merging" papajdo and apache.clr accounts [Oct 17 2014] AI Matthew any updates for "Modify specification to address NoSQL datastores":https://issues.apache.org/jira/browse/JDO-651? Regards Michael
