Re: Items for our quarterly update to the board?
Thanks, Bryan. I don't have anything to add. Cheers On 4/4/22 4:31 AM, Bryan Pendleton wrote: Hi all, I am preparing the April 2022 report for the Board. Can you please send me any updates that I should include? So far, the only Derby-related topics I have are: - the Derby community contributed to the efforts to migrate the DB websites to the new Apache system - the Derby community are working on a 10.16 release to address compatibility with JDK 17+. thanks, bryan
Re: Items for our quarterly update to the Board?
Thanks for that explanation, Bryan. No, I don't see anything improper. I just wanted to make sure that feedback from the other projects was being collected. Thanks. On 10/2/21 7:17 AM, Bryan Pendleton wrote: Thanks Rick. Recently, following a suggestion by Craig R, I've been using the project dev lists (derby-dev, jdo-dev, torque-dev) instead, for two reasons: firstly, there's generally nothing sensitive in our reports to the board, so it's nice to use the broader and more inclusive development lists to incorporate feedback from the entire community; second, each development team has their own project-specific activities which is nice to capture on the development lists. Do you think this is an improper approach? bryan On Fri, Oct 1, 2021 at 7:30 AM Rick Hillegas wrote: I have nothing to add. Did you want to send this message to the DB pmc mailing list also? I didn't receive a copy addressed to that list. Thanks, -Rick On 9/30/21 11:46 AM, Bryan Pendleton wrote: Hi all, I am preparing the October report for the Board. Can you please send me any updates that I should include? Here is what I currently have. The DB project received a report of a CWE-502 vulnerability in the retired DdlUtils source code. Although the DdlUtils subproject is retired and no longer actively developed, the DB project decided to address the vulnerability, which is now tracked as CVE-2021-41616, and removed the insecure source code from the source repository. The DB project also removed the DdlUtils-1.0 release from distribution via the Apache mirrors, and updated the DdlUtils web site to make it more clear that DdlUtils is retired and no longer actively developed. The JDO team have published the JDO 3.2 spec (or is it still in review?) The JDO team have been making changes suggested by the Apache Diversity Conscious Language Checker, including changing the name of the git branch from master to main, and investigating language changes in the source code and specification. The Derby team have validated Derby behavior with Java 17. This involved significant work to address changes due to JEP411.
Re: Items for our quarterly update to the Board?
Thanks Rick. Recently, following a suggestion by Craig R, I've been using the project dev lists (derby-dev, jdo-dev, torque-dev) instead, for two reasons: firstly, there's generally nothing sensitive in our reports to the board, so it's nice to use the broader and more inclusive development lists to incorporate feedback from the entire community; second, each development team has their own project-specific activities which is nice to capture on the development lists. Do you think this is an improper approach? bryan On Fri, Oct 1, 2021 at 7:30 AM Rick Hillegas wrote: > > I have nothing to add. Did you want to send this message to the DB pmc > mailing list also? I didn't receive a copy addressed to that list. > > Thanks, > -Rick > > On 9/30/21 11:46 AM, Bryan Pendleton wrote: > > Hi all, I am preparing the October report for the Board. > > > > Can you please send me any updates that I should include? > > > > Here is what I currently have. > > > > The DB project received a report of a CWE-502 vulnerability in the > > retired DdlUtils source code. Although the DdlUtils subproject is > > retired and no longer actively developed, the DB project decided > > to address the vulnerability, which is now tracked as CVE-2021-41616, > > and removed the insecure source code from the source repository. > > The DB project also removed the DdlUtils-1.0 release from > > distribution via the Apache mirrors, and updated the DdlUtils web > > site to make it more clear that DdlUtils is retired and no longer > > actively developed. > > > > The JDO team have published the JDO 3.2 spec (or is it still in review?) > > > > The JDO team have been making changes suggested by the Apache > > Diversity Conscious Language Checker, including changing the > > name of the git branch from master to main, and investigating > > language changes in the source code and specification. > > > > The Derby team have validated Derby behavior with Java 17. This > > involved significant work to address changes due to JEP411. > >
Re: Items for our quarterly update to the Board?
I have nothing to add. Did you want to send this message to the DB pmc mailing list also? I didn't receive a copy addressed to that list. Thanks, -Rick On 9/30/21 11:46 AM, Bryan Pendleton wrote: Hi all, I am preparing the October report for the Board. Can you please send me any updates that I should include? Here is what I currently have. The DB project received a report of a CWE-502 vulnerability in the retired DdlUtils source code. Although the DdlUtils subproject is retired and no longer actively developed, the DB project decided to address the vulnerability, which is now tracked as CVE-2021-41616, and removed the insecure source code from the source repository. The DB project also removed the DdlUtils-1.0 release from distribution via the Apache mirrors, and updated the DdlUtils web site to make it more clear that DdlUtils is retired and no longer actively developed. The JDO team have published the JDO 3.2 spec (or is it still in review?) The JDO team have been making changes suggested by the Apache Diversity Conscious Language Checker, including changing the name of the git branch from master to main, and investigating language changes in the source code and specification. The Derby team have validated Derby behavior with Java 17. This involved significant work to address changes due to JEP411.
