GeoTools / GeoServer PMC meeting - 2022-03-29Attending
-
Andrea Aime
-
Jukka Rahkonnen
-
Torben Barsballe
-
Jody Garnett
Actions from prior meetings:
-
AA: ask Steve about joining security team [TODO]
-
JG: ask the PSC about Steve joining security team [DONE]
Agenda
-
Log4J2 update
-
Discuss admin access checks in processes
-
kml-ppio graduation
Actions
-
Log4J2 update
-
Jody working on GWC
-
respond to feedback today, thanks for review Ian and Andrea
-
GS updates incoming
-
So far working with “no change” (ie just using reload4j for log4j 1.2
API)
-
Performance of logging wrappers may be improved later
-
gt-metadata splitting? hard to do, maybe later
geoserver data directory:
-
data directory format, how does migration work?
-
test cases read legacy data directory, issue events, which are saved
in format
-
do we need to look at this for logging config
-
PRODUCTION_LOGGING.properties → PRODUCTION_LOGGING.xml
-
discussion on handling customizations
Discuss admin access checks in processes
Reference PR: https://github.com/geoserver/geoserver/pull/5735
-
checks security during writing a process
-
shows a gap in our security model, and is extra work for process writers
-
REST API used to allow fine grain control with “ant process”?
Discussion
-
Direct admin checks in wicket admin? there is one in geoserver base
page..
-
workspace admin, and base admin, ..
-
Q: Can we provide processes with a “SecureCatalogue” which performs
security checks on data access?
-
May do more damage than good, …
-
Lots of danger of regressions, …
-
allowing admin access is “x” (not “r/w” granularity)
-
Go ahead with current approach, the “proper” way is not worth the
side-effects
kml-ppio graduation
KML read/write for WPS
1.
Alternative one, merge into wps-core → wps becomes dependent on wms,
nope!
2.
Alternative two, merge into wps-downlaod → what if I just need kml
though?
3.
Then upgrade as-is, even if small
Compromise (thanks Torben): graduate and package in the wps zip, but do not
make wps-core depend on it.
Chit Chat
-
Hey jody had a small documentation proposal here:
-
https://github.com/geotools/geotools/wiki/Change-tutorial-and-example-code-from-public-domain-to-CC0
-
https://github.com/geotools/geotools/pull/3823
-
Discussion on duplicating boilerplate QA profile code into many small
tutorials
-
Also perhaps for integration tests (see log4j upgrade branch)
-
Updating pmd version number in many places etc…
-
Idea:
-
Can use dependency scope import to “include” some common QA stuff
(rather than copy and paste).