river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter <j...@zeus.net.au>
Subject [Report] Apache River - Draft
Date Fri, 05 May 2017 07:55:36 GMT
Hi River folks,

Draft board report for May, please make suggestions, remember this is 
only my point of view, if yours differs please say so.  It's probably a 
bit wordy, so could use improvement, but I want to be honest with the 
board about the current state of development.




## Description:

  - Apache River provides a platform for dynamic discovery and lookup 
search of network services.  Services may be implemented in a number of 
languages, while clients are required to be jvm based, to allow proxy 
jvm byte code to be provisioned dynamically.

## Issues:

  No significant issues requiring board attention at this time.

## Activity:

  - Significant drop in activity since February (205 emails on dev), 
down to 6 in March and 8 in April.

- Proposed Release roadmap received positive responses:

Proposed Release roadmap:
>  River 3.0.1 - thread leak fix
>  River 3.1 - Modular build restructure (&  binary release)
>  River 3.2 - Input validation 4 Serialization, delayed unmarshalling&  safe ServiceRegistrar
 lookup service.
>  River 3.3 - OSGi support

## Health report:

  - Minimal activity at present on dev.
  - Plan to update website with more recent success stories of River 
deployment, in one large scale deployment example maintenance costs are 
low to non existance while reliability is reportedly very solid in the 
face of external system failures.  There seem to be at least four recent 
examples that need to be added to our success stories.
  - No recent commit activity, but there are plans for more work in near 
  - Future Direction:

    * Target IOT space with support for OSGi and IPv6 (security fixes 
required prior to announcement)
    * Input validation for java deserialization - prevents DOS and
      Gadget attacks.
    * IPv6 Multicast Service Discovery (River currently only support
      IPv4 multicast discovery).
    * Delayed unmarshalling for Service Lookup and Discovery (includes
      SafeServiceRegistrar mentioned in release roadmap), so
      authentication can occur prior to downloading service proxy's,
      this addresses a long standing security issue with service lookup
      while significantly improving performance under some use cases.
    * Security fixes for SSL endpoints, updated to TLS v1.2 with removal
      of support for insecure cyphers.
    * Maven build to replace existing ant built that uses
      classdepandjar, a bytecode dependency analysis build tool.

## PMC changes:

  - Currently 11 PMC members.
  - No new PMC members added in the last 3 months
  - Last PMC addition was Bryan Thompson on Sun Aug 30 2015

## Committer base changes:

  - Currently 15 committers.
  - Zsolt Kúti was added as a committer on Wed Dec 07 2016
  - Bharath Kumar was added as a committer on the 23th March 2017

## Releases:

  - River-3.0.0 was released on Wed Oct 05 2016

## Mailing list activity:

  - Relatively quiet in comparison to recent months, however this 
appears as a result of reaching concensus after a period of discussion.

## JIRA activity:

- Nil Activity this period.

View raw message