From dev-return-12439-archive-asf-public=cust-asf.ponee.io@river.apache.org Wed Mar 20 00:26:29 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 0B319180789 for ; Wed, 20 Mar 2019 01:26:28 +0100 (CET) Received: (qmail 56762 invoked by uid 500); 20 Mar 2019 00:26:28 -0000 Mailing-List: contact dev-help@river.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@river.apache.org Delivered-To: mailing list dev@river.apache.org Received: (qmail 56689 invoked by uid 99); 20 Mar 2019 00:26:27 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Mar 2019 00:26:27 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id ED45C180D5C for ; Wed, 20 Mar 2019 00:26:26 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.002 X-Spam-Level: *** X-Spam-Status: No, score=3.002 tagged_above=-999 required=6.31 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id cnRzE9vVAGk1 for ; Wed, 20 Mar 2019 00:26:24 +0000 (UTC) Received: from mail-ot1-f49.google.com (mail-ot1-f49.google.com [209.85.210.49]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 20DB45FB35 for ; Wed, 20 Mar 2019 00:26:24 +0000 (UTC) Received: by mail-ot1-f49.google.com with SMTP id 103so532327otd.9 for ; Tue, 19 Mar 2019 17:26:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=1aASHD4+xe1g4LlZr/+YNRM1rXxxmshmu0pU9OKxIOY=; b=gXkxDIKSiYhk5R48rAHyZOE8WYCHwZ5zXJcZ5IAqAmxpD8G0OGmbXPVSzbYEfgZBFj QB1ceCpgBuO3cYfoF6JRP8fdzb2UPnEHK10Ltg26dM1zxutaCdpn/5F4L5Dc9pY6hiYx LB1JikTp1pUJQSgkriCg1P5YyUYBIYnFlOWYfM0GC234mCUaD0lJvunIFC3hfZ3+/bSh 273r58d53/kmC7nAp/xw1qiNXZpDrUHoXsOYOGy0ZiUXxAet/wW5XX3nYTXpG4r2/CJD tzQFzvSaWQQOx1oTST2tUghZ881FZUrZ54tmqQyi/VF1QBGmVwpaTND1H/WWyLAxff0M 0o6w== X-Gm-Message-State: APjAAAUJdua6iVX2ZCDqj4IkrYVoZS0346Y9yQZ4c4yRsEXbec8/yvVL wEFSY0sIs0sP7nPRJBAY+XaR5oVwHi1oGmljKD0oTdu9cbo= X-Google-Smtp-Source: APXvYqzI4hEdM++fynwHukoUpdLxmc3DF+quavxtGJlkeNWELr1/XvUXWIrATdIrGDXueyIwnIkFaHroUk68ECpat8c= X-Received: by 2002:a9d:645a:: with SMTP id m26mr3824740otl.304.1553041582266; Tue, 19 Mar 2019 17:26:22 -0700 (PDT) MIME-Version: 1.0 References: <39B3424A-F3FE-4593-BF80-8C8E28E72FDA@gmail.com> In-Reply-To: <39B3424A-F3FE-4593-BF80-8C8E28E72FDA@gmail.com> From: Bryan Thompson Date: Tue, 19 Mar 2019 17:26:10 -0700 Message-ID: Subject: Re: River Board Report To: dev@river.apache.org Content-Type: multipart/alternative; boundary="000000000000d52eba05847bab3e" --000000000000d52eba05847bab3e Content-Type: text/plain; charset="UTF-8" +1 Bryan On Tue, Mar 19, 2019 at 17:10 Dan Rollo wrote: > > +1 > > Dan > > > From: Peter Firmstone peter.firmstone@zeus.net.au>> > Subject: River Board Report > Date: March 19, 2019 at 7:58:14 PM EDT > To: ">" < > dev@river.apache.org > > > > Hello River folk, please review / comment / suggest / changes for the > draft board report for March below. > > Regards, > > Peter. > > ## Description: > - Apache River provides a platform for dynamic discovery and lookup > search of network services. Services may be implemented in a number > of languages, while clients are required to be jvm based (presently at > least), to allow proxy jvm byte code to be provisioned dynamically. > > ## Issues: > - Answers to board questions: > idf: It's been a year since the last committer addition. Are there a > new prospects? > - Not at present, due to low activity and the complexity of the unique > monolithic build system. We are working to resolve this with a Maven > modular build structure. > > rs: given 12 vs 16 members of PMC and committership roster, is there > anything preventing the remaining 4 committers to consider > joining the PMC? > - There are no blockers, I will ask them to join the PMC. > > ## Activity: > > - Minimal activity at present, initial work on the modular build > structure has commenced. The current monolithic build is complex, with > it's own build tool classdepandjar, it adds complexity for new developers. > In recent months I have had work committments that have limited my ability > to integrate the modular build. The other committers are waiting for the > modular build and I have done a lot of work on this locally, this work has > been a significant undertaking integrating the works of Dennis Reedy, Dan > Rollo and myself. This is also a mature codebase, having been in > development since the late 1990's. > > Release roadmap: > > River 3.1 - Modular build restructure (& binary release) > River 3.2 - Input validation 4 Serialization, delayed unmarshalling& > safe ServiceRegistrar lookup service.River 3.3 - OSGi support > > ## Health report: > > - River is a mature codebase with existing deployments, it was primarily > designed for dynamic discovery of services on private networks. IPv4 NAT > limitations historically prevented the use of River on public networks, > however the use of IPv6 on public networks removes these limitations. Web > services evolved with the publish subscribe model of todays internet, River > has the potential to dynamically discover services on IPv6 networks, peer > to peer, blurring current destinctions between client and server, it has > the potential to address many of the security issues currently experienced > with IoT and avoid any dependency on the proprietary cloud for "things". > > - Future Direction: > > * Target IOT space with support for OSGi and IPv6 (security fixes > required prior to announcement) > * Input validation for java deserialization - prevents DOS and > Gadget attacks. > * IPv6 Multicast Service Discovery (River currently only supports > IPv4 multicast discovery). > * Delayed unmarshalling for Service Lookup and Discovery (includes > SafeServiceRegistrar mentioned in release roadmap), so > authentication can occur prior to downloading service proxy's, > this addresses a long standing security issue with service lookup > while significantly improving performance under some use cases. > * Security fixes for SSL endpoints, updated to TLS v1.2 with removal > of support for insecure cyphers. > * Secure TLS SocketFactory's for RMI Registry, uses > the currently logged in Subject for authentication. > The RMI Registry still plays a minor role in service activation, > this allows those who still use the Registry to secure it. > * Maven build to replace existing ant built that uses > classdepandjar, a bytecode dependency analysis build tool. > * Updating the Jini specifications. > > ## PMC changes: > > - Currently 12 PMC members. > - No new PMC members added in the last 3 months > - Last PMC addition was Dan Rollo on Fri Dec 01 2017 > > ## Committer base changes: > > - Currently 16 committers. > - No new committers added in the last 3 months > - Last committer addition was Dan Rollo at Thu Nov 02 2017 > > ## Releases: > > - Last release was River-3.0.0 on Thu Oct 06 2016 > > ## /dist/ errors: 4 > - TODO - Developer certificates expired, investigate solution. I created > new certificates, prior to the expiry of my old certificates, should I > resign the release artifacts with the new certificates? > > ## Mailing list activity: > > - Relatively quiet > > - dev@river.apache.org : > - 89 subscribers (down -1 in the last 3 months): > - 5 emails sent to list (9 in previous quarter) > > - user@river.apache.org : > - 92 subscribers (up 0 in the last 3 months): > - 1 emails sent to list (0 in previous quarter) --000000000000d52eba05847bab3e--