river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patricia Shanahan <p...@acm.org>
Subject Re: River Board Report
Date Thu, 06 Jun 2019 03:04:48 GMT
+1

Patricia

On 6/5/2019 2:04 PM, Peter Firmstone wrote:
> Hello River folk, please review / comment / suggest / changes for the 
> draft board report for June below.
> 
> Regards,
> 
> Peter.
> 
> ## Description:
>   - Apache River provides a platform for dynamic discovery and lookup
>      search of network services.  Services may be implemented in a number
>      of languages, while clients are required to be jvm based (presently 
> at least), to allow proxy jvm byte code to be provisioned dynamically.
> 
> ## Issues:
> 
> - No significant issues requiring board attention at this time.
> 
> ## Activity:
> 
>   -  Minimal activity at present, initial work on the modular build 
> structure has commenced.  The current monolithic build is complex, with 
> it's own build tool classdepandjar, it adds complexity for new 
> developers. In recent months I have had work committments that have 
> limited my ability to integrate the modular build.  The other committers 
> are waiting for the modular build and I have done a lot of work on this 
> locally, this work has been a significant undertaking integrating the 
> works of Dennis Reedy, Dan Rollo and myself.  This is also a mature 
> codebase, having been in development since the late 1990's.
> 
> Release roadmap:
> 
> River 3.1 - Modular build restructure (&   binary release)
> River 3.2 - Input validation for Serialization, delayed unmarshalling&
> safe ServiceRegistrar  lookup service.River 3.3 - OSGi support
> 
> ## Health report:
> 
>   - River is a mature codebase with existing deployments, it was 
> primarily designed for dynamic discovery of services on private 
> networks.  IPv4 NAT limitations historically prevented the use of River 
> on public networks, however the use of IPv6 on public networks removes 
> these limitations.  Web services evolved with the publish subscribe 
> model of todays internet, River has the potential to dynamically 
> discover services on IPv6 networks, peer to peer, blurring current 
> destinctions between client and server, it has the potential to address 
> many of the security issues currently experienced with IoT and avoid any 
> dependency on the proprietary cloud for "things".
> 
> - Future Direction:
> 
>     * Target IOT space with support for OSGi and IPv6 (security fixes
>       required prior to announcement)
>     * Input validation for java deserialization - prevents DOS and
>       Gadget attacks.
>     * IPv6 Multicast Service Discovery (River currently only supports
>       IPv4 multicast discovery).
>     * Delayed unmarshalling for Service Lookup and Discovery (includes
>       SafeServiceRegistrar mentioned in release roadmap), so
>       authentication can occur prior to downloading service proxy's,
>       this addresses a long standing security issue with service lookup
>       while significantly improving performance under some use cases.
>     * Security fixes for SSL endpoints, updated to TLS v1.2 with removal
>       of support for insecure cyphers.
>     * Secure TLS SocketFactory's for RMI Registry, uses
>       the currently logged in Subject for authentication.
>       The RMI Registry still plays a minor role in service activation,
>       this allows those who still use the Registry to secure it.
>     * Maven build to replace existing ant built that uses
>       classdepandjar, a bytecode dependency analysis build tool.
>     * Updating the Jini specifications.
> 
> ## PMC changes:
> 
>   - Currently 12 PMC members.
>   - No new PMC members added in the last 3 months
>   - Last PMC addition was Dan Rollo on Fri Dec 01 2017
> 
> ## Committer base changes:
> 
>   - Currently 16 committers.
>   - No new committers added in the last 3 months
>   - Last committer addition was Dan Rollo at Thu Nov 02 2017
> 
> ## Releases:
> 
>   - Last release was River-3.0.0 on Thu Oct 06 2016
> 
> ## Mailing list activity:
> 
>   - dev@river.apache.org:
>      - 90 subscribers (up 1 in the last 3 months):
>      - 4 emails sent to list (5 in previous quarter)
> 
>   - user@river.apache.org:
>      - 90 subscribers (down -2 in the last 3 months):
>      - 1 emails sent to list (0 in previous quarter)
> 
> 

Mime
View raw message