Thanks Rick. Recently, following a suggestion by Craig R, I've been using the project dev lists (derby-dev, jdo-dev, torque-dev) instead, for two reasons: firstly, there's generally nothing sensitive in our reports to the board, so it's nice to use the broader and more inclusive development lists to incorporate feedback from the entire community; second, each development team has their own project-specific activities which is nice to capture on the development lists.
Do you think this is an improper approach? bryan On Fri, Oct 1, 2021 at 7:30 AM Rick Hillegas <rick.hille...@gmail.com> wrote: > > I have nothing to add. Did you want to send this message to the DB pmc > mailing list also? I didn't receive a copy addressed to that list. > > Thanks, > -Rick > > On 9/30/21 11:46 AM, Bryan Pendleton wrote: > > Hi all, I am preparing the October report for the Board. > > > > Can you please send me any updates that I should include? > > > > Here is what I currently have. > > > > The DB project received a report of a CWE-502 vulnerability in the > > retired DdlUtils source code. Although the DdlUtils subproject is > > retired and no longer actively developed, the DB project decided > > to address the vulnerability, which is now tracked as CVE-2021-41616, > > and removed the insecure source code from the source repository. > > The DB project also removed the DdlUtils-1.0 release from > > distribution via the Apache mirrors, and updated the DdlUtils web > > site to make it more clear that DdlUtils is retired and no longer > > actively developed. > > > > The JDO team have published the JDO 3.2 spec (or is it still in review?) > > > > The JDO team have been making changes suggested by the Apache > > Diversity Conscious Language Checker, including changing the > > name of the git branch from master to main, and investigating > > language changes in the source code and specification. > > > > The Derby team have validated Derby behavior with Java 17. This > > involved significant work to address changes due to JEP411. > >
