Versions Compared

Old Version 3

changes.mady.by.user Dominik Feldschnieders

Saved on

compared with

New Version 4

changes.mady.by.user Georgy Litvinov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added notes, corrected attendees list

...

  1. Brian Lowe 
  2. Dragan Ivanovic  
  3. Georgy Litvinov (star)
  4. William Welling  
  5. Huda Khan  
  6. Benjamin Kampe 
  7. Matthias Lühr 
  8. Andreas CzerniakRalph O'Flinn 
  9. Veljko Maksimovic 
  10. Dominik Feldschnieders 
  11. Serbajit Dutta
  12. Florian Kotschka

Agenda

  1. Questions/Issues/Pull requests
    1. Log4j  severe vulnerability 
      1. VIVO
      2. Solr
        1. Ralph's fix at slack - https://vivo-project.slack.com/archives/C8RL9L98A/p1639198280115200
        2. Any other
      3. Tomcat
      4. Docker instances
      5. How to disseminate
        1. Slack - done
        2. Mailing list
        3. Web site
  2. The preparation for the February sprint
    1. Wiki page
      1. 2022 - VIVO Sprints
        1. https://forms.gle/GKBCDznBF2KtsEQR7
    2. Date for the sprint
      1. February 21st - March 11th
    3. Georgy's document - https://docs.google.com/document/d/1vtNIVEYWdBgV11N-wiPk_UNKpiFQ4sKetJ8elJ6xy2E/edit#heading=h.k389x4cotzuw

Notes


Dragan: Welcome to the meeting. I would like to share a message about log4j issue. VIVO core code is not influenced by this issue. Only Solr is affected. It can be fixed with the approach Ralph provided in the Slack channel. Some Tomcat instances may be affected by the issue if they use log4j2.

Dragan:  We can send messages with different channels. Maybe I can copy some of messages to General slack channel. I will communicate with people responsible for OpenVIVO to check if it is affected, fix and run it again. 

Solr also might be affected by forwarded requests from VIVO. 

Dragan: I created some wiki pages. Topic is Dynamic API. I also created forms for registration. Please fill out the forms and register to participate in the sprint.

Michel: It is not fixed what we are doing in this sprint? 

Dragan: If you have some other ideas we can discuss it. You can find the basic plan here https://docs.google.com/document/d/1hJSWAa3ENoFOYyp0GyvDqBdehra3AmFBAD9X2dX3cSo/edit#

Dragan: My idea is to use Tuesday’s meeting for that. The first Tuesday after the sprint to have a retrospective meeting. During the sprint we should use Slack to exchange messages about the progress. We can arrange additional meetings if that would be necessary.

We also will have standup reports. There is Slack standup template Michel posted last time.

I also prepared google form for self registration and corrected sprint dates to 21 of February. I noticed some comments from Christian and Mattias. That can be useful to better specify requirements. 

Any other opinions from your sides are welcome!

I also started reviewing VIVO tasks and assigning reviewers that will be on our Thursday’s agenda.

Next Tuesday should be the last meeting in this group this year.

Georgy: Should we use jena4 ? Should we use Java 11 for this?

Michel: From Jena 4 is based on Java 11.

Michel: My opinion of moving to Jena 4. It is too soon to move to Java 11 right now. TDB works well.

William Welling: I usually like to upgrade as soon as possible. What is wrong with VIVO causing an upgrade poorly? You don’t want to wait until it is too late.

Brian: Are we aware of that particular issues?

William: Michel what problems have you faced with Java 11?

Michel: It works with Java 11. Sometimes when you mix with something from Java 8 it can become problematic. I try to stay with Java 8 as long as we can and move to Java 11 later, now it is too soon.

William: Only concern I have is that it is inconvenient to support old versions. I think it is mostly a development concern to stick to the java version.

Brian: There was some library that changed dependency so we switched on java 8. To me the most interesting piece is fixing performance issues. If we could do that as a fairly low effort thing, that could be a really big push to Java 11. 

Michel: Structure of the package is different from Java 8. So a lot is different, so it is not just integrations we did before. It is a big step. Maven works not the same. We should test to know the implications of that kind of switching. 

William: There are a lot of opportunities to think about that upgrade. At some point we will need dependency that would require new java.

Michel: We can include evaluation of Java 11 as a topic for the next sprint? Take some time to do this evaluation to have an idea should we move to Java 11. One person can be assigned to work on that and make an evaluation of this. 

Dragan: We should focus on the main task of the sprint. If we would have some space one person could allocate on that problem that could be evaluated. But my suggestion is to be focused on dynamic api. We should have the result at the end of the sprint.

William: We can fail-fast try to use Java 11 without spending much time on this, if it works then we just use it, otherwise switch back to Java 8.

Serbajit Dutta: We use VIVO instance containerized with Solr. There is still no docker image to fix it. How can we fix it? According to their release it is 11.0 is vulnerable but there is no 11.1 solr docker container yet. There are other options to modify the solr.sh file but I look for other ways to solve that.

Michel: I tried to find 11.1 but didn’t find it. 

Serbajit: We pulled solr.sh. Another way to remove jndi file from jar file. But we haven’t tried this yet.

Georgy: I think so far there are no other ways to solve this.

Serbajit: Thanks everyone.

Dragan: Thanks everyone for coming. See you next time.

Draft notes on Google Drive

...