Date
Call-in Information
Time: 11:00 am, Eastern Time (New York, GMT-04:00)
To join the online meeting:
- Go to: https://duraspace.zoom.us/j/823948749
- Or iPhone one-tap :
- US: +14086380968,,823948749# or +16468769923,,823948749#
- Or Telephone:
- Dial(for higher quality, dial a number based on your current location):
- US: +1 408 638 0968 or +1 646 876 9923 or +1 669 900 6833
- Meeting ID: 823 948 749
- International numbers available: https://duraspace.zoom.us/zoomconference?m=Qy8de-kt6W4fMMDQCAV_3qfH1W-lxAo5
Slack
- https://vivo-project.slack.com
- Self-register at: https://goo.gl/forms/JxQFkut4TYj4Ehww1
- Self-register at: https://goo.gl/forms/JxQFkut4TYj4Ehww1
Development Process
Attendees
Indicating note-taker
Agenda
- Active tickets and pull requests:
- Benjamin Gross ) (pending response -
- Muhammad Javed - to review) (
- Kitio Fofack - where does this stand?) (
- Bugs
- Planning for a demo and walk-through of:
- DWR/Struts dependency issues
- Security issues
Notes
For reference, action items from previous meeting:
Simple 1501. Benjamin and Jim.
What is the process for getting the language files built? TIB will need help us. Pull request will wait until we understand how to build it. Assigned to Christian. Mike can document for the tech docs once there is a process we can replicate.
VIVO-1451 - Making Capability Map i18n Compliant. Waiting for review? No fall back mechanism, but never has had a fall back mechanism. Currently shows the property name. In general, VIVO has fall back for information displayed from the data. But capability map does not appear to handle the fall back for data. If the data does not have the needed language it should fall back on an available label. May not be ready for review.
Two bugs for discussion
Serious bug? Coauthors as vcards throw a template exception when viewing in Significant bug with co-authors as vcards. Modified SPARQL in a listView. Confirm by putting 1.9.3. Mike has data that fails to display.
Benjamin has data that displays correctly in 1.10 -- possible that issue is avoided because we upgraded, didn’t do a fresh install
Example: https://connect.unavco.org/display/pub130811
https://connect.unavco.org/individual/pub130811/pub130811.ttl
Authorship: https://connect.unavco.org/individual/n573628/n573628.ttl
Vcard: https://connect.unavco.org/individual/per244582/per244582.ttl
Go to developers’ console and see the actual sparql query.
Put data in 1.9.3 to confirm the bug is in 1.10
Might need a 10.1
Might need better test processes. What might they be? Sample data does not have vcard co-authors.
Graham can demo advanced role management after the German workshop.
Struts security dependency issue
Update: Ted has resolved this for our project by building DWR without Struts. It’s not actually used. Solr 4 doesn’t actually import Struts despite being listed as a dependency it turns out.
The right way (an opinion) -- don’t use DWR. Remove the entire dependency. Is the functionality even desirable?
Benjamin: Issue that came up in one of our projects. Had someone run a security scan; don’t know the software. Uses some whitelist and flags things.
Process discussion -- how to deprecate Can we have a “DEPRECATED” process? We think something should go away, but how do we let people know? We might want to get rid of vulnerabilities.
Get rid of the feature? How to decide?
How to keep the feature and get rid of the dependency
Security vulnerabilities
Security scan on Vitro. Bunch of issues discovered by a Harvard review. Still some issues after put behind a firewall. Search and authentication.
A limited access Google Doc to contain security findings.
Very important to consider having the data behind a firewall and the web front. Understand the front-end and back-end. Understand the conversation between the two. Understand authentication. Understand the APIs used to access data.
Begin to address the findings.
How do we resolve SDB/TDB issue?
SDB is deprecated
All recent maintenance has been done by Graham?
How to go to TDB? Particularly the single app constraint and ingest.
Previous Actions
- Alex Viggio will bring news of Elasticsearch instead of Solr up with Product Evolution. Might there be consequences for the September sprint.