Date

04 Sep 2018

Call-in Information

Time: 11:00 am, Eastern Time (New York, GMT-04:00)

To join the online meeting:

• Go to: https://duraspace.zoom.us/j/823948749
• Or iPhone one-tap :
  • US: +14086380968,,823948749#  or +16468769923,,823948749#
• Or Telephone:
  • Dial(for higher quality, dial a number based on your current location):
  • US: +1 408 638 0968  or +1 646 876 9923  or +1 669 900 6833
  • Meeting ID: 823 948 749
• International numbers available: https://duraspace.zoom.us/zoomconference?m=Qy8de-kt6W4fMMDQCAV_3qfH1W-lxAo5

Slack

• https://vivo-project.slack.com
  • Self-register at:  https://goo.gl/forms/JxQFkut4TYj4Ehww1 
    

Development Process

• See https://github.com/vivo-project/VIVO/wiki/Development-Processes

Attendees

 Indicating note-taker

1. Ralph O'Flinn
2. Huda Khan
3. Tim Worrall
4. Mike Conlon 
5. Benjamin Gross
6. Don Elsborg

Agenda

1. Active tickets and pull requests:
   1. Unable to locate Jira server for this macro. It may be due to Application Link configuration.  (pending response - Benjamin Gross )
   2. Unable to locate Jira server for this macro. It may be due to Application Link configuration.  (Muhammad Javed - to review)
   3. Unable to locate Jira server for this macro. It may be due to Application Link configuration.  (Kitio Fofack - where does this stand?)
   4. Bugs
2. Planning for a demo and walk-through of:  Unable to locate Jira server for this macro. It may be due to Application Link configuration.
3. DWR/Struts dependency issues
4. Security issues Unable to locate Jira server for this macro. It may be due to Application Link configuration.

Notes

Draft notes in Google-Doc

For reference, action items from previous meeting:

1. Simple 1501.  Benjamin and Jim.

2. What is the process for getting the language files built?  TIB will need help us. Pull request will wait until we understand how to build it.  Assigned to Christian. Mike can document for the tech docs once there is a process we can replicate.

3. VIVO-1451 - Making Capability Map i18n Compliant.  Waiting for review? No fall back mechanism, but never has had a fall back mechanism.  Currently shows the property name. In general, VIVO has fall back for information displayed from the data.   But capability map does not appear to handle the fall back for data. If the data does not have the needed language it should fall back on an available label.  May not be ready for review.

1. https://github.com/vivo-project/VIVO/pull/67#issuecomment-3899315

4. Two bugs for discussion

1. https://jira.duraspace.org/browse/VIVO-1548?filter=13109

2. Serious bug?  Coauthors as vcards throw a template exception when viewing in Significant bug with co-authors as vcards. Modified SPARQL in a listView.  Confirm by putting 1.9.3. Mike has data that fails to display.

1. Benjamin has data that displays correctly in 1.10 -- possible that issue is avoided because we upgraded, didn’t do a fresh install

Example: https://connect.unavco.org/display/pub130811

https://connect.unavco.org/individual/pub130811/pub130811.ttl

Authorship: https://connect.unavco.org/individual/n573628/n573628.ttl

Vcard: https://connect.unavco.org/individual/per244582/per244582.ttl

1. Go to developers’ console and see the actual sparql query.

2. Put data in 1.9.3 to confirm the bug is in 1.10

3. Might need a 10.1

4. Might need better test processes.  What might they be? Sample data does not have vcard co-authors.

1. Graham can demo advanced role management after the German workshop.

2. Struts security dependency issue

1. Update: Ted has resolved this for our project by building DWR without Struts. It’s not actually used. Solr 4 doesn’t actually import Struts despite being listed as a dependency it turns out.

2. https://jira.duraspace.org/browse/VIVO-1550

3. The right way (an opinion) -- don’t use DWR.  Remove the entire dependency. Is the functionality even desirable?

4. Benjamin: Issue that came up in one of our projects.  Had someone run a security scan; don’t know the software.  Uses some whitelist and flags things.

5. Process discussion -- how to deprecate Can we have a “DEPRECATED” process?  We think something should go away, but how do we let people know? We might want to get rid of vulnerabilities.

6. Get rid of the feature?  How to decide?

7. How to keep the feature and get rid of the dependency

3. Security vulnerabilities

1. Security scan on Vitro.  Bunch of issues discovered by a Harvard review.  Still some issues after put behind a firewall. Search and authentication.

2. A limited access Google Doc to contain security findings.

3. Very important to consider having the data behind a firewall and the web front.  Understand the front-end and back-end. Understand the conversation between the two.  Understand authentication. Understand the APIs used to access data.

4. Begin to address the findings.

4. How do we resolve SDB/TDB issue?

1. SDB is deprecated

2. All recent maintenance has been done by Graham?

3. How to go to TDB?  Particularly the single app constraint and ingest.

Previous Actions

• Alex Viggio will bring news of Elasticsearch instead of Solr up with Product Evolution.  Might there be consequences for the September sprint.