GeoTools / GeoServer PMC meeting - 2023-09-12### Attending- Torben Barsballe
-
Jody Garnett
-
Andrea Aime
-
Kevin Smith
Actions from prior meetings:- [DONE] Code Sprint: Merge styling changes, prepare for RC
Agenda- Build-server care and feeding
-
Translation Question
-
Security vulnerability proposal
-
Release candidate
-
Oddments and questions
Actions- action: Discuss with Alexandre Gacon on the geoserver-devel list about translation
- action: Ask on the geoserver-devel list for assistance setting up new branches and jobs
Build-server care and feeding- Gabe for Java 17?
-
This is easy enough to add through the Jenkins interface
-
Jody fixed a few jobs that now require Java 11
-
I think it is happy?
Translation Question
Q: Regina asks if we need help on weblate.osgeo.org ?
A: Alex had an experiment going, they are now in communication
action: Let’s discuss with Alexandre Gacon on the geoserver-devel list about translation
Security vulnerability proposal
We have been successful with the “private vulnerability report”, and this allows us to make our own CVE numbers which we control.
But there are lots we do not control: https://github.com/advisories?query=geoserver
Here is a policy change with this in mind:
https://github.com/geoserver/geoserver/wiki/GSIP-220
How to handle GHSA-cqpc-x2c6-2gmfGHSA-cqpc-x2c6-2gmf:
-
The number https://cve.report/CVE-2023-41339 shows up as not-yet-published
-
This is patched in GeoServer 2.23.2 and 2.22.4 already
-
Update old announcements with the CVE number when announced?
Release candidate
We need capacity Any takers …
-
Jody is going to have to be on hand to release mapfish-print-v2:
-
Also confirmed he has permission to release geofence to osgeo releases
(tested with SNAPSHOT jars) -
release candidate requires a bit more than a normal release:
-
new branches, new build.geoserver.org jobs, etc …
-
anyone else we can ask?
Feedback:
-
Nice feedback on the geotools-devel list from Roar
-
Andrea fixed some SERVICE-INF/ interfaces - nice
-
Jody noticed Point2D can be removed
-
The docs need some love (and diagrams)
action: ask on the geoserver-devel list for assistance setting up new branches and jobs
Oddments and questions
Jody was looking at displacementMode tests, they have:
ogc:PropertyNamelabel</ogc:PropertyName>
Bitstream Vera Sans
14
0.5
0.5
50
E
conflictResolution
Huh? I guess the parser is ignoring … lol
That is a vendorOption, but why is it free text
false