[Geoserver-devel] GSIP 185 - Promote Resource-GUI to Extension

Based on November meeting, here is a proposal for discussion:
GSIP 185 - Promote Web-Resource to Extension

···


Jody Garnett

+1, glad you included those specific doc examples in the proposal.

Regarding blacklisting certain files, such as security - I think that’s a good idea (although not critical), especially since you shouldn’t be editing those unless you really know what you are doing. Although if we do include such a blacklist, its probably also worthwhile to blacklist all the regular xml config files so people don’t accidentally break the catalog.

Torben

On Thu, Jan 2, 2020 at 10:17 PM Jody Garnett <jody.garnett@anonymised.com> wrote:

Based on November meeting, here is a proposal for discussion:
GSIP 185 - Promote Web-Resource to Extension


Jody Garnett


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Hi Jody,
generally speaking I’m good with the direction, but the proposal does not mention the minimum
requirements for graduation, as such, it cannot receive a positive vote (yet!). See here:
https://docs.geoserver.org/latest/en/developer/policies/community-modules.html#id2

Cheers
Andrea

···

Regards, Andrea Aime == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.

Thanks for pointing that out Andrea, I think I need to turn that checklist into a proposal template.

  1. handful of users

It was include in Boundless Suite, not sure how many users?
I am in a catch-22 for GeoCat customers as would like to focus on supporting extensions and not work in a gray area of support extensions that are not subject to community review and build server testing.

  1. designated and active maintainer

I am willing to act in this capacity, not sure if anyone else is interested.

  1. Considered stable

It is certainly stable in that it has been unchanged and working for sometime.

  1. 40% stet coverage

Not sure about test coverage

  1. No IP violations

As far as I know it was written by Niels under contract to Boundless. We will need to double check the headers.

  1. User manual

Requirement noted in proposal plan. Intend to have reference material and a couple of examples.

  1. Signed CLA

aside: We should up this item in the user manual as we no longer use “GeoServer Contributor Agreement” and now use OSGeo CLA.

To this list I would add:

  1. User interface review

I find the user interface inconsistent with the style editor.

  1. REST API review

The Resource REST API is already part of GeoServer. This user interface should offer

  1. Security considerations

By its nature this module allows some visibility to administrators confident with accessing the data directory file system directly. The contents of the security folder, and workspace folders are available. Any credentials stored in data store configurations would be visible for example.

···


Jody Garnett

On 06/01/2020 22:48, Jody Garnett wrote:

Thanks for pointing tha

5. No IP violations

As far as I know it was written by Niels under contract to Boundless. We will need to double check the headers.

I remember making sure that the icons used were IP proof.

Kind Regards

Niels

Thanks for pointing that out Andrea, I think I need to turn that checklist into a proposal template.

  1. handful of users

It was include in Boundless Suite, not sure how many users?
I am in a catch-22 for GeoCat customers as would like to focus on supporting extensions and not work in a gray area of support extensions that are not subject to community review and build server testing.

I guess it would do… anyone else here has used this extension? It would help make the case,
but personally I’m willing to believe the suite provided enough exposure.

  1. 40% stet coverage

Not sure about test coverage

This is a requirement, you cannot be unsure about it. I believe Gabriel setup a jacoco profile that
can be used in a maven build, but not 100% sure… yeah, “mvn test -Pjacoco” seems to do the job:

image.png

So, looking good, could you please add this to the proposal?

To this list I would add:

  1. User interface review

I find the user interface inconsistent with the style editor.

With the style editor… and yet functionality is pretty different.
Can you elaborate on the differences, and how you intend to address them?

  1. REST API review

The Resource REST API is already part of GeoServer. This user interface should offer

  1. Security considerations

By its nature this module allows some visibility to administrators confident with accessing the data directory file system directly. The contents of the security folder, and workspace folders are available. Any credentials stored in data store configurations would be visible for example.

This might be a serious issue. How does this play with the notion of workspace administrator?
Is the workspace admin able to access this page? If so, will they see only what they are allowed to?
If not, there should be at least a giant red flag in the documentation about it, thought a real solution is preferred.

Cheers
Andrea

···

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.