[Geoserver-devel] GeoServer/GeoTools PMC Meeting Notes 2023-09-12

GeoTools / GeoServer PMC meeting - 2023-09-12### Attending- Torben Barsballe

  • Jody Garnett

  • Andrea Aime

  • Kevin Smith

Actions from prior meetings:- [DONE] Code Sprint: Merge styling changes, prepare for RC

Agenda- Build-server care and feeding

  • Translation Question

  • Security vulnerability proposal

  • Release candidate

  • Oddments and questions

Actions- action: Discuss with Alexandre Gacon on the geoserver-devel list about translation

  • action: Ask on the geoserver-devel list for assistance setting up new branches and jobs

Build-server care and feeding- Gabe for Java 17?

  • This is easy enough to add through the Jenkins interface

  • Jody fixed a few jobs that now require Java 11

  • I think it is happy?

Translation Question

Q: Regina asks if we need help on weblate.osgeo.org ?

A: Alex had an experiment going, they are now in communication

action: Let’s discuss with Alexandre Gacon on the geoserver-devel list about translation :slight_smile:

Security vulnerability proposal

We have been successful with the “private vulnerability report”, and this allows us to make our own CVE numbers which we control.

But there are lots we do not control: https://github.com/advisories?query=geoserver

Here is a policy change with this in mind:
https://github.com/geoserver/geoserver/wiki/GSIP-220

How to handle GHSA-cqpc-x2c6-2gmfGHSA-cqpc-x2c6-2gmf:

  • The number https://cve.report/CVE-2023-41339 shows up as not-yet-published

  • This is patched in GeoServer 2.23.2 and 2.22.4 already

  • Update old announcements with the CVE number when announced?

Release candidate

We need capacity :slight_smile: Any takers …

  • Jody is going to have to be on hand to release mapfish-print-v2:

  • Also confirmed he has permission to release geofence to osgeo releases
    (tested with SNAPSHOT jars)

  • release candidate requires a bit more than a normal release:

  • new branches, new build.geoserver.org jobs, etc …

  • anyone else we can ask?

Feedback:

  • Nice feedback on the geotools-devel list from Roar

  • Andrea fixed some SERVICE-INF/ interfaces - nice :slightly_smiling_face:

  • Jody noticed Point2D can be removed

  • The docs need some love (and diagrams)

action: ask on the geoserver-devel list for assistance setting up new branches and jobs

Oddments and questions

Jody was looking at displacementMode tests, they have:

ogc:PropertyNamelabel</ogc:PropertyName>

Bitstream Vera Sans

14

0.5

0.5

50

E

conflictResolution

Huh? I guess the parser is ignoring … lol :slight_smile:

That is a vendorOption, but why is it free text :slight_smile:

false