Attendees: Michael Bouschen, Tilmann Zäschke, Craig Russell Next meeting: Tuesday May 26 1100 PDT 2000 CEST
Agenda: 1. Possibility of running JDO project through Glasswing security scan See email from Jarek Potiuk May 12 Since the announcement by Anthropic many open source projects report multiple duplicate reports and some projects have decided to make all Mythos reports public to avoid duplication. The DB PMC will sign up for running external checks against JDO API release. The TCK likely will have many issues that are not particularly important since it is an end user tool not intended for distribution or production. It might be worthwhile for DataNucleus to be scanned for possible issues but that's not the decision of the JDO project. AI Craig notify security that db-jdo is ready to take responsibility for reports. Trivy is a similar tool. https://github.com/aquasecurity/trivy 2. Trusted Release project In progress. 3. JIRA JDO-812 "Move to JDK 11 as the lowest supported version" https://issues.apache.org/jira/browse/JDO-812 4. JDO-847 "Create SBOM files" https://issues.apache.org/jira/browse/JDO-847 AI Claude take a look at cyclonedx warnings AI Michael (existing action item) look at support for older versions of spdx. 5. sonarcloud issues * JIRA JDO-819 "Code quality analysis" https://issues.apache.org/jira/browse/JDO-819 * JIRA JDO-823 "Fix sonarcloud issues of type Code Smells" https://issues.apache.org/jira/browse/JDO-823 * Sonarcloud link: https://sonarcloud.io/summary/overall?id=db-jdo * Cognitive Complexity of methods should not be too high: https://sonarcloud.io/project/issues?resolved=false&rules=java%3AS3776&severities=CRITICAL&types=CODE_SMELL&id=db-jdo * Raw types should not be used: https://sonarcloud.io/project/issues?resolved=false&rules=java%3AS3740&severities=MAJOR&id=db-jdo 6. Other issues Action Items from weeks past: [May 12 2026] AI Michael see if the spdx warnung with Java11 can be bypassed not just ignored. [Mar 17 2026] AI Everyone look at the Sonarcloud items. [Jan 13 2026] AI Craig report trusted release issues to atr team. [Aug 05 2025] AI everyone write to trusted release with errors in https://release-test.apache.org/projects/db-jdo + AI everyone take a look and tell the trusted release team what you find. [Jul 01 2025] AI everyone take a look at the process for alpha testing. May require a file in the dist directory to get started. [Nov 12 2024] AI Michael see if it makes sense to add Map.contains(Entry e) to the JDO API. This would be useful to have queries where e.g. the user is interested in finding all Employees where the phone number is of key "home" and value "+16508617767". [Nov 05 2024] AI Michael create a JIRA for containsEntry, include the current test case and we can continue from here. [Jul 13 2023] AI All Open a new JIRA for Android since having JNDI in the API disallows use with Android [Jun 08 2023] AI All make a JIRA: JDO support for Java Records https://openjdk.org/jeps/395 [Dec 09 2021] AI Craig: Try to contact all current/former participants in JDO development and see if and how they want to be recognized on the JDO and DB web sites.https://db.apache.org/whoweare.html [Oct 07 2021] AI Craig send a private message to all JSR-243 Expert Group members asking if they wish to continue. [Mar 25 2021] AI Craig: investigate "merging" papajdo and apache.clr accounts [Oct 17 2014] AI Matthew any updates for "Modify specification to address NoSQL datastores "https://issues.apache.org/jira/browse/JDO-651 Craig L Russell [email protected]
