Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Discussion of  7.0 Release Schedule from Leadership & Steering
    • As of last Weds (Nov 27), Leadership approved a tentative release schedule.  However, it's based on the assumption of 4FTE developers, and Leadership is now looking to secure funding to ensure we can guarantee development at that effort for the next 6months (roughly speaking that's when 7.0 may be out, but only if we have 4FTEs starting on Jan 1)
      • Leadership & Steering will be looking to align paid development resources to help with these Beta sprints (to help ensure we have consistent development resources).  That said, volunteer-based development will continue to be welcome, as it will help us move even faster.  More info will be coming.
    • Working to ramp down DSpace 7 Entities Working Group by Jan 1.  Seems likely that most of the Entities / OpenAIRE work (if not all) will be completed or "in code review" by end of December anyhow.
      • Andrea Bollini (4Science) noted that this don't seem inline with the direction of a managed schedule of dspace 7 where Entities eventually are in lowest priority for DSpace 7.  He notes that speedup this work in December mean subtract time to other task in higher priority and require other to review work not in the immediate todo list or give up to other. He point out to a coming PR that seems too large to be reviewed properly:
      • Tim noted that this one PR (#531) is not representative of the normal development process of the Entities WG. Agrees it's a large PR that will take more effort to review.  All other PRs out of Entities WG are much smaller (generally in 1-2K range, as we've previously strived for)
      • Tim noted that this ramp down idea was also mentioned in Leadership Group meeting on Weds.  There were no questions or concerns expressed, so Tim is moving this forward
      • As of Jan 1, the Entities Group will shut down regardless of whether work is completed.  If it's completed, great.  If not, then any still open PRs will need to be addressed at a later time (depending on available volunteers, as all paid developers will be concentrating on higher priority tasks as of Jan 1)
      • Tim also notes that obviously he cannot control exactly where volunteers choose to put their effort. That is why Leadership & Steering is looking for paid developer resources – those developers we can require to work on specific tasks (in order to get paid).  However, there will always be the ability for volunteers to choose other tasks to work on – even if those tasks are lower on the priority list...but, that said, low priority PRs will also be low priority to code review/merge.
    • As of Jan 1, we'll be one working group (this one).  Working Group will start to work more in a "sprint-like" fashion.
    • Goal is to work together to release a new updated "beta" per month (starting in Feb).  These Betas will be layering on new features each month, until we hit 7.0 Final.  Releases will be simple (like was done for "7.0 Preview") – just cut a tag, and push release via Docker. (I.e. this will NOT be a full Maven release process, as these Betas are simply for early community testing & feedback.)
      • Tim will post more info on each "Beta" soon (by next week).  First Beta though will concentrate more on updating our dependencies – getting REST API on latest Java & Spring Boot, getting UI on latest Angular.
  • Discussion of REST Authorization efforts
  • Discussion of Shibboleth CORS Headers and "withCredentials" issue: 
    serverDuraSpace JIRA
    • Giuseppe summarized the issues on what we need to get Shibboleth working right
    • On Angular side, we need the "withCredentials=true" property to be sent on the Request
    • On REST side, because the "withCredentials" must be set, we must set the following CORS headers:
      • Access-Control-Allow-Origin: [full-url-of-Angular-UI-or-client]
      • Access-Control-Allow-Credentials: true
    • Unfortunately, this means we can no longer set "Access-Control-Allow-Origin: *" (which allows any clients to access the REST API)
    • The recommended approach is discussed in the JIRA ticket
      • Namely, we are looking at ways to handle the "Access-Control-Allow-Origin" header in the REST API, and perhaps configure a white list  of allowed URLs that can contact the REST API.
      • In the meantime, as a quick fix / temporary workaround, there is a way to configure Apache to handle these "Access-Control-Allow-Origin" headers.... 4Science will use this approach for now on the REST API demo site, until we find a way to build this into our REST API directly.
    • Tim notes that approach seems reasonable. No other comments.  Others are encouraged to look at this as well (where time allows) and add feedback to the ticket as needed.