GeoTools / GeoServer PMC meeting - 2022-02-15Attending
-
Jody Garnet
-
Kevin Smith
-
Andrea Aime
-
Jukka Rahkonnen
-
Torben Barsballe
Actions from prior meetings:
-
Jody: Ask email list on release manager availability for 2.19.5 and
2.21-RC [done, Ian on 2.19.5, Jody reluctantly volunteer with 2.21-RC]
-
Andrea: Check with geonode developers about disabling 2.18.x / 2.18.x
nightly builds [2.18.x needed for another month, 2.19.x for another 6]
Agenda
-
Jira users limit update
-
Build Server Release Jobs
-
ImageIO-EXT update
-
Log4J status update and tentative release date
-
handling of security vulnerabilities
-
ML archives
-
Java 11
Actions
-
action: jody: update communication page to change from nabble to
mailarchive
-
action: take github advisory discussion to geoserver-devel list
-
action: aaime: Make a proposal to make 2.22.x Java 11 only
Jira users limit update
250 more users (so users can now create new accounts) and indication of how
to use REST API to clean more users
Ideas
-
can we make an "anonymous" read-only user to access release notes?
-
problem will go away as prior release notes available in github
To try navigate to:
https://osgeo-org.atlassian.net/jira/software/c/projects/GEOS/issues/?filter=allissues,
click back to project, login is required.
Jukka reports direct link to release notes is okay (2.12-RC1):
https://osgeo-org.atlassian.net/jira/secure/ReleaseNote.jspa?projectId=10000&version=16600
New releases (2.20.3)
https://osgeo-org.atlassian.net/jira/secure/ReleaseNote.jspa?projectId=10000&version=16838
Build Server Release Jobs
-
having some trouble deploying to nexus (grr)
[INFO] Security UI JDBC Module ............................ SUCCESS [01:35
min]
[INFO] Security UI LDAP Module ............................ SUCCESS [
49.735 s]
[INFO] REST UI Module ..................................... SUCCESS [
42.090 s]
[INFO] GeoServer Web Application .......................... FAILURE [10:51
min]
…
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on
project gs-web-app: Failed to deploy artifacts: Could not transfer artifact
org.geoserver.web:gs-web-app:jar:2.20.3 from/to nexus (
https://repo.osgeo.org/repository/Geoserver-releases/): Transfer failed for
https://repo.osgeo.org/repository/Geoserver-releases/org/geoserver/web/gs-web-app/2.20.3/gs-web-app-2.20.3.jar:
Connection reset -> [Help 1]
-
windows installer permissions remain an a trouble (the exe is copied)
Release status notes:
-
2.20.3 is being tested, blog post written
<https://github.com/geoserver/geoserver.github.io/pull/120> (with
security vulnerabilities noted)
-
include in announcement if fixes in all stable branches (see 2.19.5
below)
-
2.19.5 ian waiting feedback, will merge security fixes above?
-
published
<https://sourceforge.net/projects/geoserver/files/GeoServer/2.19.5/>
just not announced (Andrea pinged Ian)
-
https://github.com/geoserver/geoserver/pull/5695
ImageIO-EXT update
Benchmarking of GDAL: here
<https://docs.google.com/spreadsheets/d/1nPUtXkrbelUPM8XuLuXsr3oYe19lw8Z9faEGGD-9fnY/edit?usp=sharing>
A number of PRs:
-
https://github.com/geosolutions-it/imageio-ext/pull/253
-
https://github.com/geotools/geotools/pull/3808
-
https://github.com/geoserver/geoserver/pull/5704
Log4J status update and tentative release date
Status update: jody working on it this week
-
goal to have geotools updated and documented this week
Tentative release date: it will take 1-2 weeks to do
Expect 2.21-RC mid month, see imageIO-EXT update also
handling of security vulnerabilities
Some email discussion:
-
email discussion clarifies current practice
-
We may wish to add this to the developers guide? Can hand out link …
-
Could enable, geoserver would get actually CVE
-
Alerts community once patch is released…
-
May take place of current procedure
-
Review outstanding issues, several are already closed/resolved - just
not announced as they were waiting for prior releases to age out
-
Consider tagging, will need to remember when making new RC to check
-
action: take github advisory discussion to geoserver-devel list
ML archives
Notes:
-
nabble is gone still mentioned here http://geoserver.org/comm/
-
sourceforge archive got stuck, and is now unstuck …
action: update communication page to change from nabble to mailarchive :
-
users
<https://www.mail-archive.com/geoserver-users@lists.sourceforge.net/>
-
devel
<https://www.mail-archive.com/geoserver-devel@lists.sourceforge.net/>
Java 11?
More and more dependencies are Java 11 only …
-
some "updated" by accident (did not notice)
Why now?
-
2 years of Java 11 support if we update for 2.22.x timeframe?
Can we skip Java 11 and go to Java 17 LTS?
-
Would requite ImageIO → ImageN (not ready yet, no tests)
-
no spring framework yet
-
library issues: ASAM and Mockito
action: aaime: Make a proposal to make 2.22.x Java 11 only.