river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Thompson <br...@blazegraph.com>
Subject Re: Draft August Board Report
Date Thu, 09 Aug 2018 01:43:38 GMT
+1 Bryan

On Wed, Aug 8, 2018 at 4:44 PM, Peter Firmstone
<peter.firmstone@zeus.net.au> wrote:
> Hello River folk, please review / comment / suggest / changes for the draft
> board report for August below.
>
> Regards,
>
> Peter.
>
> ## Description:
>
>  - Apache River provides a platform for dynamic discovery and lookup
>     search of network services.  Services may be implemented in a number
>     of languages, while clients are required to be jvm based (presently at
>     least), to allow proxy jvm byte code to be provisioned dynamically.
>
> ## Issues:
>
> - No significant issues requiring board attention at this time.
>
> ## Activity:
>
>  -  Minimal activity at present, initial work modular build structure has
> commenced, awaiting to be populated with River 3.0 code.
>
> Release roadmap:
>
> River 3.1 - Modular build restructure (&   binary release)
> River 3.2 - Input validation 4 Serialization, delayed unmarshalling&
> safe ServiceRegistrar  lookup service.River 3.3 - OSGi support
>
> ## Health report:
>
>  - River is a mature codebase with existing deployments, it was primarily
> designed for dynamic discovery of services on private networks.  IPv4 NAT
> limitations historically prevented the use of River on public networks,
> however the use of IPv6 on public networks removes these limitations.  Web
> services evolved with the publish subscribe model of todays internet, River
> has the potential to dynamically discover services on IPv6 networks, peer to
> peer, blurring current destinctions between client and server, it has the
> potential to address many of the security issues currently experienced with
> IoT and avoid any dependency on the proprietary cloud for "things".
>
> - Future Direction:
>
>    * Target IOT space with support for OSGi and IPv6 (security fixes
>      required prior to announcement)
>    * Input validation for java deserialization - prevents DOS and
>      Gadget attacks.
>    * IPv6 Multicast Service Discovery (River currently only supports
>      IPv4 multicast discovery).
>    * Delayed unmarshalling for Service Lookup and Discovery (includes
>      SafeServiceRegistrar mentioned in release roadmap), so
>      authentication can occur prior to downloading service proxy's,
>      this addresses a long standing security issue with service lookup
>      while significantly improving performance under some use cases.
>    * Security fixes for SSL endpoints, updated to TLS v1.2 with removal
>      of support for insecure cyphers.
>    * Secure TLS SocketFactory's for RMI Registry, uses
>      the currently logged in Subject for authentication.
>      The RMI Registry still plays a minor role in service activation,
>      this allows those who still use the Registry to secure it.
>    * Maven build to replace existing ant built that uses
>      classdepandjar, a bytecode dependency analysis build tool.
>    * Updating the Jini specifications.
>
>
>
> ## PMC changes:
>
>  - Currently 12 PMC members.
>  - No new PMC members added in the last 3 months
>  - Last PMC addition was Dan Rollo on Fri Dec 01 2017
>
> ## Committer base changes:
>
>  - Currently 16 committers.
>  - No new committers added in the last 3 months
>  - Last committer addition was Dan Rollo at Thu Nov 02 2017
>
> ## Releases:
>
>  - Last release was River-3.0.0 on Thu Oct 06 2016
>
> ## Mailing list activity:
>
> - Relatively quiet.
>
>  - dev@river.apache.org:
>     - 94 subscribers (up 0 in the last 3 months):
>     - 10 emails sent to list (39 in previous quarter)
>
>  - user@river.apache.org:
>     - 92 subscribers (up 0 in the last 3 months):
>     - 3 emails sent to list (3 in previous quarter)
>
>
> ## JIRA activity:
>
>  - 1 JIRA tickets created in the last 3 months
>  - 0 JIRA tickets closed/resolved in the last 3 months
>

Mime
View raw message