Attendees: Michael Bouschen, Tilmann Zäschke, Tobias Bouschen, Craig Russell
Next meeting: Tuesday November 12 1100 PST 2000 CET Agenda: 1. New JIRA JDO-844 "Add SampleReadQuery test methods with variables of type String" https://issues.apache.org/jira/projects/JDO/issues/JDO-844 New PR #97 https://github.com/apache/db-jdo/pull/97 The tests pass except for a new test case that attempts to test the containsEntry method that is not currently part of the JDO specification but apparently is implemented in DataNucleus. MapExpression.containsEntry(key, value). More discussion is needed: should JDO provide an implementation class for the Entry interface? Should containsEntry be part of the JDO API? AI everyone review the PR and JIRA for completeness. AI Michael create a JIRA for containsEntry, include the current test case and we can continue from here. 2. JIRA JDO-842 "Q class specification of candidate() method" https://issues.apache.org/jira/browse/JDO-842 We started thinking that the JDOQLTypedQuery method variable was not needed. But JDO-844 does need a way to create a parameter of type String so deprecating the variable method is not appropriate. Need to look into parameter methods of JDOQLTypedQuery and the corresponding method of Qclass. 3. JIRA JDO-812 "Move to JDK 11 as the lowest supported version" https://issues.apache.org/jira/browse/JDO-812 Resolved AI: DataNucleus 6 versions all pass with all supported JDK versions. 4. sonarcloud issues * JIRA JDO-819 "Code quality analysis" https://issues.apache.org/jira/browse/JDO-819 * JIRA JDO-823 "Fix sonarcloud issues of type Code Smells" https://issues.apache.org/jira/browse/JDO-823 * Sonarcloud link: https://sonarcloud.io/summary/overall?id=db-jdo * Cognitive Complexity of methods should not be too high: https://sonarcloud.io/project/issues?resolved=false&rules=java%3AS3776&severities=CRITICAL&types=CODE_SMELL&id=db-jdo * Raw types should not be used: https://sonarcloud.io/project/issues?resolved=false&rules=java%3AS3740&severities=MAJOR&id=db-jdo 5. Other issues SBOM: Software Bill of Materials allows users to more easily find dependencies of open source components. This is especially useful to understand if a program in use is affected by documented vulnerabilities. ASF Security team is working on defining SBOM for projects and have started documenting some projects' SBOMs. There are several potential SBOM tools that might be used. Some are plugins for Maven builds; some use Gradle as sources for dependencies. The OWASP tool can be used to check a release for dependencies that have vulnerabilities. https://owasp.org/www-project-dependency-check/ CycloneDX plugin? AI Craig look at security-disc...@apache.org: Where is the archive for this mail list? https://lists.apache.org/list.html?security-disc...@community.apache.org Which SBOM tools are recommended? How are SBOMs intended to be used by end users? Some additional reference information: https://github.com/apache/security-site/tree/sboms https://sbom.security.apache.org https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/472 More discussion needed. Security is looking for more projects that use SBOM and now is an appropriate time to look into the requirements. Action Items from weeks past: [Jan 02 2024] AI everyone: see if anyone can see a problem with the parallel execution of tests Cast.java and SupportedOptionalMethods.java [Jul 13 2023] AI All Open a new JIRA for Android since having JNDI in the API disallows use with Android [Jun 08 2023] AI All make a JIRA: JDO support for Java Records https://openjdk.org/jeps/395 [Dec 09 2021] AI Craig: Try to contact all current/former participants in JDO development and see if and how they want to be recognized on the JDO and DB web sites.https://db.apache.org/whoweare.html [Oct 07 2021] AI Craig send a private message to all JSR-243 Expert Group members asking if they wish to continue. [Mar 25 2021] AI Craig: investigate "merging" papajdo and apache.clr accounts [Oct 17 2014] AI Matthew any updates for "Modify specification to address NoSQL datastores "https://issues.apache.org/jira/browse/JDO-651 Craig L Russell c...@apache.org
