Just a quick reply on the easiest topics (I will look it more details
the security topic tomorrow):
Le 2024-12-04 à 19 h 09, Nicholas Knize a écrit :
My comment was more around the fact that, transitive or not, some
sensitive environments make it more difficult to bring in a "new"
project when it has so many dependencies that require special security
scanning (a concept we put into practice when working on Lucene core).
I sometime wondered if "sis-utility" and "sis-metata" modules should be
merged into "sis-referencing", because I think that the two former are
rarely used alone. Would it help?
I tried that method and the derby database does get shutdown but the
EPSGFactory thread does not.
Then it is a bug. I will investigate. Depending on when you would need
the fix, it could be in a 1.4.1 release or a 1.5 one.
This is where I'm looking at creating my own jar'd up Lucene index and
using simple Lucene APIs to query the EPSG database instead.
It would be great and it is technically possible since the referencing
engine can work with custom AuthorityFactory. But creating a complete
authority factory, including the transformations between pairs of CRS
and all the metadata (domain of validity + accuracy), would be a
significant effort. Maybe Derby could be used in short term, and a
Lucene-backed authority factory be a medium term goal?
The concern is that we have a "plugin" framework that enables users to
write extension points. I have to look at limiting this permission to
just the codebase needing it so users don't write nefarious shutdown
hooks in their plugin that could kill the process.
I will think to a replacement. Would a static method in
`org.apache.sis.setup.Configuration` be okay?
If I'm not mistaken, SIS has the ability to support the OGC dynamic
CRS spec as well?
This is work in progress and will be available in SIS 1.5. Note that it
requires version 10 or later of EPSG database, which has some
significant changes compared to previous versions (which is why this
upgrade takes more times than usual). It may be one reason for not doing
the Lucene-embeded EPSG data now, since the schema will change a bit.
Martin
