Attendees: Michael Bouschen, Tilmann Zäschke, Craig Russell Next meeting: Tuesday December 10 1100 PST 2000 CET
Agenda: 0. Dependabot suggests an update of SpringBeans. This would require abandoning JDK8 and JDK11 which is not planned for now. We use SpringBeans to set up test data for the TCK. There is a vulnerability in the version that we use but it does not affect us. Reject (close) for now. AI Volunteer file a JIRA to replace SpringBeans with some other serializer. This may allow us to continue to support JDK8 with new version of serializer. 1. JIRA JDO-846 "Check upgrade references from javax to jakarta" https://issues.apache.org/jira/browse/JDO-846 2. JIRA JDO-847 "Create sbom files for JDO 3.2.1 release" https://issues.apache.org/jira/browse/JDO-847 PR #99: https://github.com/apache/db-jdo/pull/99 see https://cwiki.apache.org/confluence/display/SECURITY/SBOM+Software+Bill+of+Materials Note that Infra is planning on creating tools that will make it easier to generate SBOMs as part of a new release process that will create sboms as well as checksums and signatures for artifacts. This will reduce the future work for making releases, since once the release has been voted on, infra will take over and publish the release. AI Michael: look into generating spdx as well as cyclonedx. 3. JIRA JDO-842 "Q class specification of candidate() method" https://issues.apache.org/jira/browse/JDO-842 Look at testquery05f. Look at unbound variables that iterate over an extent of persistent objects. 4. JIRA JDO-812 "Move to JDK 11 as the lowest supported version" https://issues.apache.org/jira/browse/JDO-812 5. sonarcloud issues * JIRA JDO-819 "Code quality analysis" https://issues.apache.org/jira/browse/JDO-819 * JIRA JDO-823 "Fix sonarcloud issues of type Code Smells" https://issues.apache.org/jira/browse/JDO-823 * Sonarcloud link: https://sonarcloud.io/summary/overall?id=db-jdo * Cognitive Complexity of methods should not be too high: https://sonarcloud.io/project/issues?resolved=false&rules=java%3AS3776&severities=CRITICAL&types=CODE_SMELL&id=db-jdo * Raw types should not be used: https://sonarcloud.io/project/issues?resolved=false&rules=java%3AS3740&severities=MAJOR&id=db-jdo 6. Other issues Action Items from weeks past: [Nov 26 2024] AI Volunteer Ask Security team whether it is possible to calculate the SBOM for an existing read-only shipped artifact. [Nov 26 2024] AI Tilmann look into JDO-846. Also, what is the use for the Portable Remote Object interface (removed in JDK 11). [Nov 12 2024] AI Michael see if it makes sense to add Map.contains(Entry e) to the JDO API. This would be useful to have queries where e.g. the user is interested in finding all Employees where the phone number is of key "home" and value "+16508617767". [Nov 05 2024] AI Michael create a JIRA for containsEntry, include the current test case and we can continue from here. [Jul 13 2023] AI All Open a new JIRA for Android since having JNDI in the API disallows use with Android [Jun 08 2023] AI All make a JIRA: JDO support for Java Records https://openjdk.org/jeps/395 [Dec 09 2021] AI Craig: Try to contact all current/former participants in JDO development and see if and how they want to be recognized on the JDO and DB web sites.https://db.apache.org/whoweare.html [Oct 07 2021] AI Craig send a private message to all JSR-243 Expert Group members asking if they wish to continue. [Mar 25 2021] AI Craig: investigate "merging" papajdo and apache.clr accounts [Oct 17 2014] AI Matthew any updates for "Modify specification to address NoSQL datastores "https://issues.apache.org/jira/browse/JDO-651 Craig L Russell c...@apache.org
