Contribute to the DSpace Development Fund

The newly established DSpace Development Fund supports the development of new features prioritized by DSpace Governance. For a list of planned features see the fund wiki page.

Date

 from 14:00-15:00 UTC

Location: https://lyrasis.zoom.us/my/dspace (Meeting ID: 502 527 3040).  Passcode: dspace

Beta 5 Sprint : Ongoing

Agenda

Attendees

7.0 Release Goals

These resources define the prioritization and general schedule we are working towards

Current Work

Project Board

DSpace 7.0 Beta 5 Project Board: https://github.com/orgs/DSpace/projects/4

To quickly find PRs assigned to you for review, visit https://github.com/pulls/review-requested  (This is also available in the GitHub header under "Pull Requests → Review Requests"

Security / Performance Tests

Brainstorming options for security testing & performance testing.  How do we want to handle both of these prior to 7.0 final?

  1. Security Review/Scanning of pre-7.0
    1. Is Testathon an opportunity to have a third-party do a security review and/or scan of the codebase?  If so, any ideas of who could do this work?
    2. Ideally, we build security tests into Integration Test framework to ensure we are checking permissions at all times
      1. In March 2020, 4Science did an analysis of existing IT security coverage (as part of DS-4411)  here: https://docs.google.com/document/d/13DMZ1iYE04D_6_8lrnHrI0uqKkz5RqMU6tWJMrHv88Y/edit
      2. An update to this analysis could be performed, concentrating on any new gaps.
    3. Other ideas?
  2. Performance testing of pre-7.0
    1. Again, is this an opportunity for Testathon? How/Where do we find someone with a large scale DSpace to test pre-7.0 with?  (There's also Chris Wilper's JMeter scripts from 2019 which might be able to provide some basic feedback here)
    2. Ideally, again it'd be nice if we could perform this sort of analysis in a more automated/regular basis (perhaps via Integration Tests which load a lot of dummy data?).
    3. Other ideas?

Delayed / Needs Discussion

  1. Finalize / approve the initial list of all authorization features which we should implement for the /api/authz/features REST endpoint.  This list of features should be limited to only features which are required to enable/disable User Interface functionality. (In other words, we can always add more features in the future.  We just need to approve the list necessary for 7.0)
      1. Review current spreadsheet (from Andrea Bollini (4Science) ) : https://docs.google.com/spreadsheets/d/1182LcD_WqIZRbUGWpLtBw0aOMR9jhbOVB7GZqtTpR9A/edit?usp=sharing 
        1. Art Lowel (Atmire) : I don't see any immediate issues with the current set of features, but I would prefer a consistent naming scheme. I'd use canDoSomething for everything
        2. Tim Donohue added possible renames of these features based on Art's idea (see cell comments in spreadsheet).  I like the "can[DoSomething]" naming scheme as well.
  2. (REST Contract) Edit Homepage News: https://github.com/DSpace/Rest7Contract/pull/45
    1. Delayed. General agreement (in meeting on March 21, 2019) that storing HTML in metadata fields is not really ideal behavior.  Metadata (from a librarian standpoint) tends to be free of format-related markup (as that allows for easier sharing, understanding of metadata.  Currently Community & Collection homepage information is HTML-based and is stored in metadata that is appropriate for a minor subset of information (like the title) but it is better to move large/rich text to bitstreams.  
    2. Proposal here is to consider storing HTML-based markup (for Site, Community & Collection homepages) in Bitstream(s) associated with the object in question.  May allow for more CMS-lite behavior in the future
    3. Timeline for this is uncertain.  Possibly in 7 or 8. May depend on how/whether it can be scoped.

Notes


All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.