river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Rollo <danro...@gmail.com>
Subject Re: November Board Report
Date Sun, 18 Nov 2018 04:08:13 GMT
+ 1

Dan

> From: Peter Firmstone <peter.firmstone@zeus.net.au>
> Subject: November Board Report
> Date: November 17, 2018 at 5:03:05 AM EST
> To: "<dev@river.apache.org>" <dev@river.apache.org>
> 
> 
> Hello River folk, please review / comment / suggest / changes for the draft board report
for November below.
> 
> Regards,
> 
> Peter.
> 
> ## Description:
> 
> - Apache River provides a platform for dynamic discovery and lookup
>    search of network services.  Services may be implemented in a number
>    of languages, while clients are required to be jvm based (presently at
>    least), to allow proxy jvm byte code to be provisioned dynamically.
> 
> ## Issues:
> 
> - No significant issues requiring board attention at this time.
> 
> ## Activity:
> 
> -  Minimal activity at present, initial work modular build structure has commenced, awaiting
to be populated with River 3.0 code.
> 
> Release roadmap:
> 
> River 3.1 - Modular build restructure (&   binary release)
> River 3.2 - Input validation 4 Serialization, delayed unmarshalling&
> safe ServiceRegistrar  lookup service.River 3.3 - OSGi support
> 
> ## Health report:
> 
> - River is a mature codebase with existing deployments, it was primarily designed for
dynamic discovery of services on private networks.  IPv4 NAT limitations historically prevented
the use of River on public networks, however the use of IPv6 on public networks removes these
limitations.  Web services evolved with the publish subscribe model of todays internet, River
has the potential to dynamically discover services on IPv6 networks, peer to peer, blurring
current destinctions between client and server, it has the potential to address many of the
security issues currently experienced with IoT and avoid any dependency on the proprietary
cloud for "things".
> 
> - Future Direction:
> 
>   * Target IOT space with support for OSGi and IPv6 (security fixes
>     required prior to announcement)
>   * Input validation for java deserialization - prevents DOS and
>     Gadget attacks.
>   * IPv6 Multicast Service Discovery (River currently only supports
>     IPv4 multicast discovery).
>   * Delayed unmarshalling for Service Lookup and Discovery (includes
>     SafeServiceRegistrar mentioned in release roadmap), so
>     authentication can occur prior to downloading service proxy's,
>     this addresses a long standing security issue with service lookup
>     while significantly improving performance under some use cases.
>   * Security fixes for SSL endpoints, updated to TLS v1.2 with removal
>     of support for insecure cyphers.
>   * Secure TLS SocketFactory's for RMI Registry, uses
>     the currently logged in Subject for authentication.
>     The RMI Registry still plays a minor role in service activation,
>     this allows those who still use the Registry to secure it.
>   * Maven build to replace existing ant built that uses
>     classdepandjar, a bytecode dependency analysis build tool.
>   * Updating the Jini specifications.
> 
> 
> 
> ## PMC changes:
> 
> - Currently 12 PMC members.
> - No new PMC members added in the last 3 months
> - Last PMC addition was Dan Rollo on Fri Dec 01 2017
> 
> ## Committer base changes:
> 
> - Currently 16 committers.
> - No new committers added in the last 3 months
> - Last committer addition was Dan Rollo at Thu Nov 02 2017
> 
> ## Releases:
> 
> - Last release was River-3.0.0 on Thu Oct 06 2016
> 
> ## Mailing list activity:
> 
> - Relatively quiet.
> 
>  - dev@river.apache.org:
>    - 91 subscribers (down -3 in the last 3 months):
>    - 7 emails sent to list (6 in previous quarter)
> 
> - user@river.apache.org:
>    - 92 subscribers (up 0 in the last 3 months):
>    - 1 emails sent to list (3 in previous quarter)
> 
> 
> ## JIRA activity:
> 
> - 1 JIRA tickets created in the last 3 months
> - 0 JIRA tickets closed/resolved in the last 3 months
> 
> 
> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message