Page History
...
(BEFORE MEETING IN #dev-sprint) Developer Stand Up - Developers give brief updates on their effort (or their team's effort).
- Update/see "Current Work" section below based on your status. Please feel free to update prior to meeting.
- Please highlight any new work (needing reviews/testing), any blockers (for you), and any discussion topics you may have.
- (15 20 mins) General Discussion Topics
- Security issues in Processes REST endpoint: Some CLI flags should never be usable via the REST API (e.g. `--eperson`). We should find a way to either disable these flags automatically via the REST API, or perhaps a way to configure (per script) which flags are "CLI-only".
- This same issue has already appeared in multiple scripts (see links below) and for multiple CLI flags. Unfortunately, some CLI flags become a security issue when available on REST, but they are not a security issue via CLI.
- See this initial issue around `metadata-import`: https://github.com/DSpace/DSpace/issues/2822
- The Curation Tasks PR has the same security issue, as it also allows the `--eperson` flag: https://github.com/DSpace/DSpace/pull/2820
- Another problematic flag is the ability to specify an output file location, e.g. in `metadata-export`: https://github.com/DSpace/DSpace/issues/2821
- Additional topics welcome. Please add by Tues, July 28th.
- Security issues in Processes REST endpoint: Some CLI flags should never be usable via the REST API (e.g. `--eperson`). We should find a way to either disable these flags automatically via the REST API, or perhaps a way to configure (per script) which flags are "CLI-only".
- (40 (45 mins) Planning for next week
- Review of our Beta 4 Project Board
...
Overview
Content Tools