+1
On 5/5/2017 12:55 AM, Peter wrote:
Hi River folks,
Draft board report for May, please make suggestions, remember this is
only my point of view, if yours differs please say so. It's probably a
bit wordy, so could use improvement, but I want to be honest with the
board about the current state of development.
Regards,
Peter.
<===========================================================>
## Description:
- Apache River provides a platform for dynamic discovery and lookup
search of network services. Services may be implemented in a number of
languages, while clients are required to be jvm based, to allow proxy
jvm byte code to be provisioned dynamically.
## Issues:
No significant issues requiring board attention at this time.
## Activity:
- Significant drop in activity since February (205 emails on dev), down
to 6 in March and 8 in April.
- Proposed Release roadmap received positive responses:
Proposed Release roadmap:
River 3.0.1 - thread leak fix
River 3.1 - Modular build restructure (& binary release)
River 3.2 - Input validation 4 Serialization, delayed unmarshalling&
safe ServiceRegistrar lookup service.
River 3.3 - OSGi support
## Health report:
- Minimal activity at present on dev.
- Plan to update website with more recent success stories of River
deployment, in one large scale deployment example maintenance costs are
low to non existance while reliability is reportedly very solid in the
face of external system failures. There seem to be at least four recent
examples that need to be added to our success stories.
- No recent commit activity, but there are plans for more work in near
future.
- Future Direction:
* Target IOT space with support for OSGi and IPv6 (security fixes
required prior to announcement)
* Input validation for java deserialization - prevents DOS and
Gadget attacks.
* IPv6 Multicast Service Discovery (River currently only support
IPv4 multicast discovery).
* Delayed unmarshalling for Service Lookup and Discovery (includes
SafeServiceRegistrar mentioned in release roadmap), so
authentication can occur prior to downloading service proxy's,
this addresses a long standing security issue with service lookup
while significantly improving performance under some use cases.
* Security fixes for SSL endpoints, updated to TLS v1.2 with removal
of support for insecure cyphers.
* Maven build to replace existing ant built that uses
classdepandjar, a bytecode dependency analysis build tool.
## PMC changes:
- Currently 11 PMC members.
- No new PMC members added in the last 3 months
- Last PMC addition was Bryan Thompson on Sun Aug 30 2015
## Committer base changes:
- Currently 15 committers.
- Zsolt Kúti was added as a committer on Wed Dec 07 2016
- Bharath Kumar was added as a committer on the 23th March 2017
## Releases:
- River-3.0.0 was released on Wed Oct 05 2016
## Mailing list activity:
- Relatively quiet in comparison to recent months, however this appears
as a result of reaching concensus after a period of discussion.
## JIRA activity:
- Nil Activity this period.
