GeoTools / GeoServer Meeting 2015-08-04

Attending
---------

Ben Caradoc-Davies
Jukka Rahkonen
Andrea Aime
Kevin Smith
Jody Garnett
Torben Barsballe

Agenda
------

- Release managers
- Code Freeze
- Proposals
- WCS 1.1 DescribeCoverage/GetCapabilities Question
- CITE
- Remote execution vulneraability follow-up

Actions
-------

- Jody: release GeoServer 2.8-beta (et al)
- Jody / Victoria Office: release GeoServer 2.6.5 (et al)

Actions from last meeting
-------------------------

- Torben: merge GEOS-7095 fix backports to 2.7.x, 2.6.x, and 2.5.x [DONE]
- Kevin: submit port-scan fix and backport [DONE]
- Create Jira components Security (Authentication) and Security
(Authorization) to replace Security [DONE]

General Discussion
------------------

- source forge is back - yay
- CITE - take to email
- gsconfig is "open", if you need commit access ask
- state of geoserver, round up from proposals (nodata, curves, build service, windows build servie, java 8, etc...)

Release managers
----------------

https://github.com/geoserver/geoserver/wiki/Release-Schedule

Volunteers:

- 2.8 beta - Jody
- 2.6.5 last - Jody / Victoria Office

Email discussion about "bonus" releases with other projects.

GeoNode will want to release a 2.7.x sometime in the beginning september. Use a bit of common sense, don't release too close to an official release of the same version.

Code Freeze
-----------

August 18th.

Jody will remind the GeoTools email list.
Andrea will remind the GeoTools email list.

Anything else we are desprately waiting for something to get in?
- AA: shapefile thing that broken? DBF filter pull request ...
- KS: LayerGroup proposal (if there is time ...). Could we do the API change now? And do the implementation later ...

Proposals
---------

Which ones are are trying to make the code freeze? Assume all of them ...

GeoTools:
- Constrast enhancement: some feedback on API breakage, see email discussion.
- z-ordering: Q: FeatureType.getSortBy() vs. vendor option? A: keep consistent, non SLD options go in vendor options.
- SourceForge exit strategy: keep this around if needed later
- Resolve GeoAPI 3.0.0 Incompatibilities: no interested sponsor for this work
- Views Management removal: was this implemented?
- Maven Central: think this is stuck on JAI dependency
- Add delete support on StructuredGridCoverage2DReader: has this been implemented?
- ComplexFeature Parsing and Building Support by Adam Brown. This is used in wfs-ng. Rini worked on it last year. Niels completed work on it this year, and Ben merged the final PR in May (should announce for GeoTools master 14-M1; was in 14-M0 but unannounced). Jira issue is resolved. Just need to update the proposal page [DONE].
https://github.com/geotools/geotools/wiki/complexfeature-parsing-and-building-support
https://github.com/geotools/geotools/pull/841
https://osgeo-org.atlassian.net/browse/GEOT-4147

GeoServer:

https://github.com/geoserver/geoserver/wiki/Proposals

- dev guide cleanup: approved, in progress
- layergroup: approved, kevin is busy

New community modules created, rest are in progressed.

WCS 1.1 DescribeCoverage/GetCapabilities Question
-------------------------------------------------

Jody volunteered to test (was hoping to test gsconfig).

https://osgeo-org.atlassian.net/browse/GEOS-7039
    * Ask about this for bart.
    * Q: If we include the prefix will we break everything? A: Check the naming rules in the spec. Perhaps use

https://osgeo-org.atlassian.net/browse/GEOS-6984
    * monitoring is a bit orphaned
    * Q: Should this go to community? A: the monitoring api is in active so we keep it in the mix. Audit mode generates files ...
    * The hibernate module is more a proof of concept - so it could go to community.

CITE
----

Thanks for the email Andrea, look at setting up jobs on ares.
Yes we do not expect things to pass yet.

Check back after the code freeze

Remote execution vulnerability follow-up
----------------------------------------

Merged. Kevin reports that the nightly is not building cleanly so we cannot test a nightly.

Action:
- Jody is going to test gsconfig, and will reach out to gsconfig community.
- Kevin wants to backport to 2.7 - and will get a bunch of QA from boundless.
- GEOS-7139 JBoss security fix conflict: Torben has a potential fix incoming. Q: Does Commons VFS also respond to this protocol? Q: gs-importer includes Commons VFS. Does this open up a tomcat server to vfs URLs?

--
Ben Caradoc-Davies <ben@anonymised.com>
Director
Transient Software Limited <http://transient.nz/&gt;
New Zealand

• GEOS-7139 JBoss security fix conflict: Torben has a potential fix incoming.

Q: Does Commons VFS also respond to this protocol?

Q: gs-importer includes Commons VFS. Does this open up a tomcat server to vfs URLs?

More details added to as a comment on GEOS-7139.

Torben

On Tue, Aug 4, 2015, at 01:31 PM, Ben Caradoc-Davies wrote:

Remote execution vulnerability follow-up
----------------------------------------

Merged. Kevin reports that the nightly is not building cleanly so we
cannot test a nightly.

Fixed this and re-ran the GWC and GS master nightly jobs on ares so the
master nightly builds should have these fixes.

--
  Kevin Michael Smith
  smithkm@anonymised.com

Thanks Kevin,

I will pass on the note to gsconfig project. Let’s hear back from testing and then back port to stable.

On Tue, Aug 4, 2015 at 11:00 PM, Torben Barsballe <
tbarsballe@anonymised.com> wrote:

- GEOS-7139 JBoss security fix conflict: Torben has a potential fix

incoming.

Q: Does Commons VFS also respond to this protocol?

*A: *No. The vfs:// protocol is unique to JBOSS. Commons VFS uses
conventional URLs/protocols with its own resolvers etc.

Q: gs-importer includes Commons VFS. Does this open up a tomcat server to
vfs URLs?

*A: *No, see above

Thanks for testing Torben!

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

-------------------------------------------------------

On Wed, Aug 5, 2015 at 12:16 AM, Kevin Smith <smithkm@anonymised.com> wrote:

On Tue, Aug 4, 2015, at 01:31 PM, Ben Caradoc-Davies wrote:

> Remote execution vulnerability follow-up
> ----------------------------------------
>
> Merged. Kevin reports that the nightly is not building cleanly so we
> cannot test a nightly.
>

Fixed this and re-ran the GWC and GS master nightly jobs on ares so the
master nightly builds should have these fixes.

Excellent

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

-------------------------------------------------------