...
- Ralph O'Flinn
- Kitio Fofack
- Tim Worrall
- Marijane White
- Benjamin Gross
- Andrew Woods
- Martin Barber
- Don Elsborg
- Qazi Asim Ijaz Ahmad
- Paul Albert
- Huda Khan
Agenda
- Huda Khan: Security concerns for VIVO (based on issues raised at an institution looking at making its instance based on Vitro public)
- April Sprint
- Where did things land?
- Lessons to take forward?
- 1.10 Release
- Product Production Evolution updates?
- Sprint 2 planning
- VIVO Slack... approaching 10k message threshold (at 9.3k)
- Java versions planning
- For reference: Fedora Policy - Supported JVM
Notes
- Sprint Reflections
- Javed: main goal was to have a 1.10 release candidate. Tasks are completed, though some are still under review.
- Jim: Data Distribution API “still up in the air”.
- Ralph: might still be something to tweak after the reviews are completed.
- Andrew to help out with reviews later this week.*
- Andrew: Would it be possible to target a release candidate by the end of the week? Javed isn’t sure the documentation can be done in that time frame.
- Jim and Benjamin to suggest reviewers for their code changes*
- We need to ensure that any general documentation that’s needed for the release is also done.
- Asim needs to make a pull request on his issue (1478?)
- Kitio: how do we improve the process from defining issues through the final review? Identify reviewers sooner. Is one review sufficient for documentation and language issues? (Christian H.)
- Data Distribution API
- General consensus that the functionality is needed
- Issues on how to incorporate the code into a release
- Does the code need to be officially supported by VIVO committers (isn’t it now?)
- Some dependency management issues that need to be addressed/resolved
- For 1.10, just provide doc so that people can use the DDA but not “baked into” the release (Andrew).
- Two different ways to incorporate the code into VIVO/Vitro: as part of the source tree or as a module (a maven dependency). How to resolve this remains open.
- Security concerns for VIVO
- A group at Harvard was prevented from making a VIVO instance public because of security concerns, mostly at the template level and at the login page. Login credentials are unencrypted. Cross-site scripting issues, etc.
- Ralph can provide some feedback at what’s been done at UAB.
- Huda: should we have a Jira issue to track this concern?* More than just an ssl issue.
- 1.10 Release candidate
- Target for this Friday so people can have something to test.
- Release team: Andrew, Ralph, Kitio
- Product Evolution
- Goal: high-performing UI (defined how?)
Actions
- Andrew to help out with reviews later this week
- Jim and Benjamin to suggest reviewers for their code changes
- Huda to create a Jira issue to track the security concerns