Versions Compared

Old Version 3

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version Current

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • (BEFORE MEETING IN #dev-sprint) Developer Stand Up - Developers give brief updates on their effort (or their team's effort).

    • Update/see "Current Work" section below based on your status. Please feel free to update prior to meeting.
    • Please highlight any new work (needing reviews/testing), any blockers (for you), and any discussion topics you may have.
  • (30 mins) General Discussion Topics
    1. (15mins) Discussion: "Workflow Actions refresh entire MyDSpace page instead of just WorkflowItem" https://github.com/DSpace/dspace-angular/issues/721
      1. Giuseppe Digilio (4Science) will add notes to the ticket describing where he feels the problem is.  Entire team will brainstorm possible solutions
      2. As discussed last week, if this turns out to be a major effort, we may need to discuss whether to delay for 7.1. If it needs to be delayed, a possible "quick fix" (just for the "Claim Task" button) is to consider implementing a preview page https://github.com/DSpace/dspace-angular/issues/772
    2. (15mins) Security & Performance Testing prior to 7.0 Final
      1. What tasks would we like to see prior to 7.0 final?  Tim will have an opportunity to present these to DSpace Leadership to see if we can find volunteers to help with these tasks
      2. Tasks for Security Review
        1. Third party to run a security analysis/scan (e.g. see OWASP list of vulnerability scanning tools or list of free security tools) against REST API
        2. Third party to run a security analysis/scan against Angular UI
        3. Create a Wiki page on DSpace 7 Security Analysis of what work we've already done. (Reviewed by someone in Leadership)
      3. Tasks for Performance Testing
        1. Third party to install/upgrade to DSpace 7 in a dev environment with...
          1. Large site overall (in terms of number of Items)
          2. Large Community/Collection hierarchy
          3. Thousands of Items in one Collection
          4. One item with 100s of Bitstreams
          5. Lots of Authors on a single Item
      4. See also brainstorms below
  • (30 mins) Planning for next week

...

  1. Security Review/Scanning of pre-7.0
    1. Is Testathon an opportunity to have a third-party do a security review and/or scan of the codebase?  If so, any ideas of who could do this work?
    2. Ideally, we build security tests into Integration Test framework to ensure we are checking permissions at all times
      1. In March 2020, 4Science did an analysis of existing IT security coverage (as part of DS-4411)  here: https://docs.google.com/document/d/13DMZ1iYE04D_6_8lrnHrI0uqKkz5RqMU6tWJMrHv88Y/edit
      2. An update to this analysis could be performed, concentrating on any new gaps.
    3. Better document expected permissions for all endpoints in the REST API.
    4. Create a Wiki page on DSpace 7 Security Analysis of what work we've already done.
    5. Other ideas?
  2. Performance testing of pre-7.0
    1. Again, is this an opportunity for Testathon? How/Where do we find someone with a large scale DSpace to test pre-7.0 with?  (There's also Chris Wilper's JMeter scripts from 2019 which might be able to provide some basic feedback here)
    2. Ideally, again it'd be nice if we could perform this sort of analysis in a more automated/regular basis (perhaps via Integration Tests which load a lot of dummy data?).
    3. Other ideas?

...