Re: [OSGeo-Discuss] Is there a place to post local chapter meeting announcements on the OSGeo site?

[Jody Garnett via Discuss]

You can always make an event for an upcoming meeting:
https://www.osgeo.org/events/


--
Jody Garnett


On Fri, Feb 9, 2024 at 7:48 AM Bob Basques via Discuss <
discuss@lists.osgeo.org> wrote:

> All,
>
>
>
> I think I’ve asked this before, but is there a place on OSGeo to announce
> local chapter meetings that are coming up?
>
>
>
> Thanks
>
>
>
> Bobb
>
>
>
>
>
>
>
> Get me in Teams
> 
>
> *PW19-S295-C024*
>
>
>
>
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Fw: Re: Change in mailing list configuration

[Jody Garnett via Discuss]

Thanks folks, and thanks to Sandro and system admin team for managing all
this stuff.

I know from my own experience (website reboot) that by the time a change is
shared with disc...@osgoe.org list that the topic is already well underway;
and it is hard to slow down and introduce the change to the wider community.

When working on a lot of tickets it is difficult to predict which ones will
be noticed, let alone desire wider discussion.

suggestion: Perhaps the sysadmin committee could a send an email of planned
infrastructure changes each month. Then the community could notice any
items of interest for discussion. We would have to keep system admin
committee communication channels in mind and comment via the trac tickets.

aside: I was surprised that my own email filters navigated the change which
was set to filter [osgeo-discuss] ... but then I noticed I have a catch-all
filtering any osgeo lists server email to this folder.
--
Jody Garnett


On Fri, Jan 12, 2024 at 8:21 AM Sandro Santilli  wrote:

> On Fri, Jan 12, 2024 at 02:37:26PM +, Luís Moreira de Sousa wrote:
> > Please read below, in addition to my questions, I note that with the new
> setup my e-mail application no longer replies automatically to the list.
>
> I went looking at the mails before the change also had Reply-To: real
> author, so should have been the same. Please give it a try.
>
> Meanwhile I'm going to revert the change.
>
> --strk;
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Mailing lists to discourse migration

[Jody Garnett via Discuss]

Vicky is just the messenger, and may of caused some confusion when
describing a new service the system admin committee has brought online.
There no move planned; just some new software has just been installed and
is available for any groups wishing to make use of discourse.

Folks have requested a forum for a while now - part of lowering the barrier
of entry for a new generation etc…
I hope the groups that have been waiting for this could help explain to the
discussion list.

I am afraid I am just unfamiliar with this particular forum software which
is why I have been asking questions.
--
Jody Garnett


On Dec 29, 2023 at 3:43:03 AM, Cannata Massimiliano via Discuss <
discuss@lists.osgeo.org> wrote:

> Dear all,
> My 2cents...
>
> Discourse seems an appealing solution for query and answer but I agree
> with Bruce that before we move we should have a nice open discussion, since
> it's not gonna be the magic stick...
> I've seen the platform used at some universities and seeing last post
> dated one year ago didn't attract people to use it..
>
> I also believe we have a low engagement rate in the latest year and deep
> open reflections should be done in my opinion to revamp it... Since our
> community have been highly relevant and has more to say in my opinion..
>
>
> Il 28 dic 2023 23:53, Bruce Bannerman via Discuss 
> ha scritto:
>
> Apart from these few emails telling me that a move to something called
> Discourse is happening, I have not seen any discussion on our lists
> explaining the pros and cons of such a move.
>
> I find this lack of community engagement on this issue to be troubling.
>
> This does not seem to be a very open source community way of making such a
> significant move.
>
> Personally, what we have now has been working nicely for me for close on
> 20 years.
>
> The lists have been very quiet for quite a while now, but that is a
> community engagement issue. It is not something that technology will
> magically fix.
>
> It seems to me that we have a case of the tail wagging the dog.
>
> Kind regards,
>
> Bruce
>
>
> On 29 Dec 2023, at 05:15, Jody Garnett via Discuss <
> discuss@lists.osgeo.org> wrote:
>
> 
> Reading online it appears there is:
>
> 1. A mailing list mode so notifications are sent out each time a post is
> made (this is a user preference)
>
> 2. A reply via email mode
>
> So experimentation is needed.
>
> Reference:
> -
> https://meta.discourse.org/t/what-is-mailing-list-mode/46008/8
> -
> https://meta.discourse.org/t/set-up-reply-by-email-with-pop3-polling/14003
>
>
> --
> Jody Garnett
>
>
> On Thu, Dec 28, 2023 at 10:09 AM Jody Garnett 
> wrote:
>
> I think we need someone who understand how discourse works to make an
> informed decision.
>
> If the forum fills up with questions; and the developers are minding the
> email list - it will not work out so well :) At least as described.
> --
> Jody Garnett
>
>
> On Thu, Dec 28, 2023 at 6:58 AM Vicky Vergara  wrote:
>
>
>
> On Wed, Dec 27, 2023 at 11:43 AM Jody Garnett 
> wrote:
>
> Q: So if a mailing list is mirrored to discourse it operates similar to
> nabble used to? Is searchable etc …
>
> I don't know the details of how discourse works,
>
>
> But replies done via discourse are not sent to mailing list subscribers -
> so it is one way communication.
>
> https://meta.discourse.org/t/create-a-read-only-mailing-list-mirror/77990
>
>
> And the thinking here is that discourse is easier for people who want to
> ask a specific question without subscribing to a mailing list (and getting
> yet more email).
>
> Yes, so you can have the mirror in one category and another catergory for
> Q
>
> --
> Jody Garnett
>
>
> On Wed, Dec 27, 2023 at 9:07 AM Vicky Vergara  wrote:
>
> Hi Jody
>
> We are offering options
>
> Before:
> Use mailing list
>
> After:
> * Use mailing list and see the archives only on https://lists.osgeo.org/
> * Use mailing list and see the archives also on discourse
> * Use discourse without a mailing list
>
>
> This are the possibilities regarding migration of mailing list
> * Have the mailing list migrated completely to discourse example [1]  (Use
> discourse without a mailing list, but get previous conversations from
> mailing list)
> * Have a mirror of the mailing in discourse example [2] (Use mailing list
> and see the archives also on discourse)
> * Have a category on discourse and not have a mailing list example [3] was
> created by Jody (Use discourse without a mailing list)
> * Opt to not migrate or mirror the mailing list example [4] (Use mailing
> list and see the archives only on https://lists.osgeo.org

Re: [OSGeo-Discuss] Mailing lists to discourse migration

[Jody Garnett via Discuss]

Reading online it appears there is:

1. A mailing list mode so notifications are sent out each time a post is
made (this is a user preference)

2. A reply via email mode

So experimentation is needed.

Reference:
-
https://meta.discourse.org/t/what-is-mailing-list-mode/46008/8
-
https://meta.discourse.org/t/set-up-reply-by-email-with-pop3-polling/14003


--
Jody Garnett


On Thu, Dec 28, 2023 at 10:09 AM Jody Garnett 
wrote:

> I think we need someone who understand how discourse works to make an
> informed decision.
>
> If the forum fills up with questions; and the developers are minding the
> email list - it will not work out so well :) At least as described.
> --
> Jody Garnett
>
>
> On Thu, Dec 28, 2023 at 6:58 AM Vicky Vergara  wrote:
>
>>
>>
>> On Wed, Dec 27, 2023 at 11:43 AM Jody Garnett 
>> wrote:
>>
>>> Q: So if a mailing list is mirrored to discourse it operates similar to
>>> nabble used to? Is searchable etc …
>>>
>>> I don't know the details of how discourse works,
>>
>>
>>> But replies done via discourse are not sent to mailing list subscribers
>>> - so it is one way communication.
>>>
>> https://meta.discourse.org/t/create-a-read-only-mailing-list-mirror/77990
>>
>>
>>> And the thinking here is that discourse is easier for people who want to
>>> ask a specific question without subscribing to a mailing list (and getting
>>> yet more email).
>>>
>> Yes, so you can have the mirror in one category and another catergory for
>> Q
>>
>>> --
>>> Jody Garnett
>>>
>>>
>>> On Wed, Dec 27, 2023 at 9:07 AM Vicky Vergara  wrote:
>>>
 Hi Jody

 We are offering options

 Before:
 Use mailing list

 After:
 * Use mailing list and see the archives only on
 https://lists.osgeo.org/
 * Use mailing list and see the archives also on discourse
 * Use discourse without a mailing list


 This are the possibilities regarding migration of mailing list
 * Have the mailing list migrated completely to discourse example [1]
 (Use discourse without a mailing list, but get previous conversations from
 mailing list)
 * Have a mirror of the mailing in discourse example [2] (Use mailing
 list and see the archives also on discourse)
 * Have a category on discourse and not have a mailing list example [3]
 was created by Jody (Use discourse without a mailing list)
 * Opt to not migrate or mirror the mailing list example [4] (Use
 mailing list and see the archives only on https://lists.osgeo.org/)

 [1] https://discourse.osgeo.org/c/qgis/qgis-fr-user/5
 [2] https://discourse.osgeo.org/c/sac-global-category/sac/13
 [3]
 https://discourse.osgeo.org/t/about-the-osgeo-site-feedback-category/1
 [4] https://lists.osgeo.org/pipermail/foss4g2008loc/

 Regards
 Vicky

 On Wed, Dec 27, 2023 at 10:16 AM Jody Garnett 
 wrote:

> I was lurking in the sys admin chat as I was working on the osgeo sign
> up form. Mailing lists are not going away, but I am unclear at what is
> being offered.
> --
> Jody Garnett
>
>
> On Wed, Dec 27, 2023 at 8:01 AM Eli Adam 
> wrote:
>
>> Hi,
>>
>> I'm also unclear on what is going on.  It looks like discourse
>> options are being added.  This raises questions about mailing lists.  1.
>> Are mailing lists going away?  2. Can projects choose to keep just the
>> mailing list and not add dicourse?
>>
>> Thanks, Eli
>> --
>> *From:* Discuss  on behalf of Vicky
>> Vergara via Discuss 
>> *Sent:* Tuesday, December 26, 2023 9:52 PM
>> *To:* OSGeo Discussions 
>> *Subject:* Re: [OSGeo-Discuss] Mailing lists to discourse migration
>>
>> Hi Jody,
>>
>> On Tue, Dec 26, 2023 at 9:31 PM Jody Garnett 
>> wrote:
>>
>> Vicky,
>>
>> Is there any more information on what is being offered here?
>>
>> I have not used discourse very much. What do you mean by having a
>> category Can you be more clear about migrate and mirror.
>>
>>
>> Category, is like the one you created about the discourse site
>> feedback.
>> Mirror, is a category that mirrors the mailing list, so the mails
>> received on the mailing list are also shown on discourse.
>> If you "reply" to those mails using discourse, they will not be shown
>> on the mailing list, as the mirror does not send mails to the mailing 
>> list.
>> The reply that will be shown is the one done using mail.
>>
>>
>> Will the existing list of email subscribers be part of migrating a
>> mailing list
>>
>>
>> When migrating subscribers are also migrated and are "staged users",
>> and they can log in using ldap, or github account.
>> If the mail of their log in matches, the staged users get assigned to
>> the person that logged in.
>>
>> Regards
>> Vicky
>>
>>
>> --
>> Jody 

Re: [OSGeo-Discuss] Mailing lists to discourse migration

[Jody Garnett via Discuss]

I think we need someone who understand how discourse works to make an
informed decision.

If the forum fills up with questions; and the developers are minding the
email list - it will not work out so well :) At least as described.
--
Jody Garnett


On Thu, Dec 28, 2023 at 6:58 AM Vicky Vergara  wrote:

>
>
> On Wed, Dec 27, 2023 at 11:43 AM Jody Garnett 
> wrote:
>
>> Q: So if a mailing list is mirrored to discourse it operates similar to
>> nabble used to? Is searchable etc …
>>
>> I don't know the details of how discourse works,
>
>
>> But replies done via discourse are not sent to mailing list subscribers -
>> so it is one way communication.
>>
> https://meta.discourse.org/t/create-a-read-only-mailing-list-mirror/77990
>
>
>> And the thinking here is that discourse is easier for people who want to
>> ask a specific question without subscribing to a mailing list (and getting
>> yet more email).
>>
> Yes, so you can have the mirror in one category and another catergory for
> Q
>
>> --
>> Jody Garnett
>>
>>
>> On Wed, Dec 27, 2023 at 9:07 AM Vicky Vergara  wrote:
>>
>>> Hi Jody
>>>
>>> We are offering options
>>>
>>> Before:
>>> Use mailing list
>>>
>>> After:
>>> * Use mailing list and see the archives only on https://lists.osgeo.org/
>>> * Use mailing list and see the archives also on discourse
>>> * Use discourse without a mailing list
>>>
>>>
>>> This are the possibilities regarding migration of mailing list
>>> * Have the mailing list migrated completely to discourse example [1]
>>> (Use discourse without a mailing list, but get previous conversations from
>>> mailing list)
>>> * Have a mirror of the mailing in discourse example [2] (Use mailing
>>> list and see the archives also on discourse)
>>> * Have a category on discourse and not have a mailing list example [3]
>>> was created by Jody (Use discourse without a mailing list)
>>> * Opt to not migrate or mirror the mailing list example [4] (Use mailing
>>> list and see the archives only on https://lists.osgeo.org/)
>>>
>>> [1] https://discourse.osgeo.org/c/qgis/qgis-fr-user/5
>>> [2] https://discourse.osgeo.org/c/sac-global-category/sac/13
>>> [3]
>>> https://discourse.osgeo.org/t/about-the-osgeo-site-feedback-category/1
>>> [4] https://lists.osgeo.org/pipermail/foss4g2008loc/
>>>
>>> Regards
>>> Vicky
>>>
>>> On Wed, Dec 27, 2023 at 10:16 AM Jody Garnett 
>>> wrote:
>>>
 I was lurking in the sys admin chat as I was working on the osgeo sign
 up form. Mailing lists are not going away, but I am unclear at what is
 being offered.
 --
 Jody Garnett


 On Wed, Dec 27, 2023 at 8:01 AM Eli Adam 
 wrote:

> Hi,
>
> I'm also unclear on what is going on.  It looks like discourse options
> are being added.  This raises questions about mailing lists.  1. Are
> mailing lists going away?  2. Can projects choose to keep just the mailing
> list and not add dicourse?
>
> Thanks, Eli
> --
> *From:* Discuss  on behalf of Vicky
> Vergara via Discuss 
> *Sent:* Tuesday, December 26, 2023 9:52 PM
> *To:* OSGeo Discussions 
> *Subject:* Re: [OSGeo-Discuss] Mailing lists to discourse migration
>
> Hi Jody,
>
> On Tue, Dec 26, 2023 at 9:31 PM Jody Garnett 
> wrote:
>
> Vicky,
>
> Is there any more information on what is being offered here?
>
> I have not used discourse very much. What do you mean by having a
> category Can you be more clear about migrate and mirror.
>
>
> Category, is like the one you created about the discourse site
> feedback.
> Mirror, is a category that mirrors the mailing list, so the mails
> received on the mailing list are also shown on discourse.
> If you "reply" to those mails using discourse, they will not be shown
> on the mailing list, as the mirror does not send mails to the mailing 
> list.
> The reply that will be shown is the one done using mail.
>
>
> Will the existing list of email subscribers be part of migrating a
> mailing list
>
>
> When migrating subscribers are also migrated and are "staged users",
> and they can log in using ldap, or github account.
> If the mail of their log in matches, the staged users get assigned to
> the person that logged in.
>
> Regards
> Vicky
>
>
> --
> Jody Garnett
>
>
> On Tue, Dec 26, 2023 at 1:07 PM Vicky Vergara via Discuss <
> discuss@lists.osgeo.org> wrote:
>
> Hello all
>
> We are ready to migrate mailing lists to discourse,
> * Have the mailing list migrated completely to discourse
> * Have a mirror of the mailing in discourse
> * Have a category on discourse and not have a mailing list
> * Opt to not migrate or mirror the mailing list
>
> A comprehensive list of mailing lists can be found here (not including
> private mailing lists):
> 

Re: [OSGeo-Discuss] Mailing lists to discourse migration

[Jody Garnett via Discuss]

Q: So if a mailing list is mirrored to discourse it operates similar to
nabble used to? Is searchable etc …

But replies done via discourse are not sent to mailing list subscribers -
so it is one way communication.

And the thinking here is that discourse is easier for people who want to
ask a specific question without subscribing to a mailing list (and getting
yet more email).
--
Jody Garnett


On Wed, Dec 27, 2023 at 9:07 AM Vicky Vergara  wrote:

> Hi Jody
>
> We are offering options
>
> Before:
> Use mailing list
>
> After:
> * Use mailing list and see the archives only on https://lists.osgeo.org/
> * Use mailing list and see the archives also on discourse
> * Use discourse without a mailing list
>
>
> This are the possibilities regarding migration of mailing list
> * Have the mailing list migrated completely to discourse example [1]  (Use
> discourse without a mailing list, but get previous conversations from
> mailing list)
> * Have a mirror of the mailing in discourse example [2] (Use mailing list
> and see the archives also on discourse)
> * Have a category on discourse and not have a mailing list example [3] was
> created by Jody (Use discourse without a mailing list)
> * Opt to not migrate or mirror the mailing list example [4] (Use mailing
> list and see the archives only on https://lists.osgeo.org/)
>
> [1] https://discourse.osgeo.org/c/qgis/qgis-fr-user/5
> [2] https://discourse.osgeo.org/c/sac-global-category/sac/13
> [3] https://discourse.osgeo.org/t/about-the-osgeo-site-feedback-category/1
> [4] https://lists.osgeo.org/pipermail/foss4g2008loc/
>
> Regards
> Vicky
>
> On Wed, Dec 27, 2023 at 10:16 AM Jody Garnett 
> wrote:
>
>> I was lurking in the sys admin chat as I was working on the osgeo sign up
>> form. Mailing lists are not going away, but I am unclear at what is being
>> offered.
>> --
>> Jody Garnett
>>
>>
>> On Wed, Dec 27, 2023 at 8:01 AM Eli Adam  wrote:
>>
>>> Hi,
>>>
>>> I'm also unclear on what is going on.  It looks like discourse options
>>> are being added.  This raises questions about mailing lists.  1. Are
>>> mailing lists going away?  2. Can projects choose to keep just the mailing
>>> list and not add dicourse?
>>>
>>> Thanks, Eli
>>> --
>>> *From:* Discuss  on behalf of Vicky
>>> Vergara via Discuss 
>>> *Sent:* Tuesday, December 26, 2023 9:52 PM
>>> *To:* OSGeo Discussions 
>>> *Subject:* Re: [OSGeo-Discuss] Mailing lists to discourse migration
>>>
>>> Hi Jody,
>>>
>>> On Tue, Dec 26, 2023 at 9:31 PM Jody Garnett 
>>> wrote:
>>>
>>> Vicky,
>>>
>>> Is there any more information on what is being offered here?
>>>
>>> I have not used discourse very much. What do you mean by having a
>>> category Can you be more clear about migrate and mirror.
>>>
>>>
>>> Category, is like the one you created about the discourse site feedback.
>>> Mirror, is a category that mirrors the mailing list, so the mails
>>> received on the mailing list are also shown on discourse.
>>> If you "reply" to those mails using discourse, they will not be shown on
>>> the mailing list, as the mirror does not send mails to the mailing list.
>>> The reply that will be shown is the one done using mail.
>>>
>>>
>>> Will the existing list of email subscribers be part of migrating a
>>> mailing list
>>>
>>>
>>> When migrating subscribers are also migrated and are "staged users", and
>>> they can log in using ldap, or github account.
>>> If the mail of their log in matches, the staged users get assigned to
>>> the person that logged in.
>>>
>>> Regards
>>> Vicky
>>>
>>>
>>> --
>>> Jody Garnett
>>>
>>>
>>> On Tue, Dec 26, 2023 at 1:07 PM Vicky Vergara via Discuss <
>>> discuss@lists.osgeo.org> wrote:
>>>
>>> Hello all
>>>
>>> We are ready to migrate mailing lists to discourse,
>>> * Have the mailing list migrated completely to discourse
>>> * Have a mirror of the mailing in discourse
>>> * Have a category on discourse and not have a mailing list
>>> * Opt to not migrate or mirror the mailing list
>>>
>>> A comprehensive list of mailing lists can be found here (not including
>>> private mailing lists):
>>> https://lists.osgeo.org/mailman/listinfo
>>>
>>> You need to open a ticket to have the work done.
>>> Follow the ticket examples below for the first 3 cases
>>>
>>> Regards
>>> Vicky Vergara
>>>
>>> Example: Have the mailing list migrated completely to discourse:
>>>
>>> Ticket: https://trac.osgeo.org/osgeo/ticket/3064 (has link to ticket
>>> 3063)
>>> +
>>> Comment in Ticket: https://trac.osgeo.org/osgeo/ticket/3063
>>>
>>> Created the following discourse category
>>> https://discourse.osgeo.org/c/qgis/qgis-fr-user/5
>>> And the archives of the mailing list will not be removed:
>>> https://lists.osgeo.org/pipermail/qgis-fr-user/
>>> Migration has finished so any new message to the list will not be
>>> received on discourse, but the list will be disabled for before the end of
>>> january.
>>> Mail on discourse: qgis-fr-user/@discourse.osgeo.org
>>>
>>> Example: Have a mirror of the 

[OSGeo-Discuss] osgeo sponsorship opportunities requires input from projects / events / committees

[Jody Garnett via Discuss]

Dear all,

Reaching out as a counter point to the osgeo budget 2024
 call (which committees and
projects have responded to right?)

OSGeo budget is always intended to be part of the picture, with financial
support also being gathered from the community. With that in mind we like
to highlight community sponsorship opportunities. Specifically seeking to
present ideas and suggestions in January as organizations put together
their marketing budget for 2024.

Here are some prior years:

   -
   https://www.osgeo.org/foundation-news/osgeo-sponsorship-opportunities-2021/

   -
   https://www.osgeo.org/foundation-news/osgeo-sponsorship-opportunities-2020/



I know many projects have standing pages describing sponsorship or donation:

   - http://www.zoo-project.org/new/Get%20involved/Sponsorship
   -
   
https://www.qgis.org/en/site/getinvolved/governance/sustaining_members/sustaining_members.html#qgis-sustaining-memberships
   - When looking at these pages I would ideally like to see a reminder for
   your patrons to be cross listed to osgeo sponsorship page
   


While I can hunt some of these links down; I do not wish to miss anyone!

Please reply to this email with a link to share:

   - I will share a draft of the news item before publishing
   - Anyone with an OSGeo UserID should be able to make news items; so if
   your committee / project / event has not setup sponsorship yet you can
   announce later when such information is available.

--
Jody Garnett
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Cyber Resilience Act staying informed on updates

[Jody Garnett via Discuss]

Even,

I think we will need to let this rest for a bit. As I understand it each
bullet point on this topic has been shared; and they wrote some
clarifications elsewhere about what they intended.

I now saw a photo online and those two quotes are actually all there is to
work with.

> the provision of free and open-source software products with digital
elements that are not monetised by their manufacturers is not considered a
commercial activity

The first bullet point appears to acknowledge that going after
organizations like osgeo with no income is not going to be effective.

However it opens the door to abuse, using open source to disrupt -
commoditize a market that supports a competitor for example.

> The mere circumstances under which the product has been developed, or how
the development has been financed should therefore not be taken into
account when determining the commercial or non-commercial nature of

This seems to be a response to the tension between closed source being
developed in private and open source being developed in public. Think
focusing on releases rather than a public repository or release candidates.


--
Jody Garnett


On Wed, Dec 6, 2023 at 9:49 AM Even Rouault 
wrote:

> Hi Jody,
>
> thanks for the update.
>
> The clarification of point 3 is still fuzzy to me. What do they actually
> mean by "monetised by manufacturers". Is monetizing only when the software
> is open source but people have to pay to use it on SaaS or similar models ?
> Otherwise if it is about money being involved in the making of the open
> source software, then that contradicts the second point that how the
> development was financed shouldn't be taken into account to determine
> commercial activity... Is consulting about open source software
> "monetizing" it ... ?
>
> Even
> Le 06/12/2023 à 16:09, Jody Garnett via Discuss a écrit :
>
> Follow up to November discussion and blog post
> <https://www.osgeo.org/foundation-news/eu-cyber-resilience-act/> asking
> OSGeo community to be informed.
>
>
>1. At the end November Europe lawmakers agreed on something:
>
> https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/
>
>
>Free and open source was so far down the priority list that the press
>release does not even mention it.
>
>
>
>1. Next there were assurances that free and open-source community
>concerns were addressed:
>
> https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security
>
>
>The quote did indicate how our concerns were addressed:
>
>> We have ensured support for micro and small enterprises and better
>involvement of stakeholders, and addressed the concerns of the open-source
>community, while keeping an ambitious European dimension.
>
>
>
>1. This week I can find a articles providing clarifications that have
>been added:
>https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/
>
>
>Two clarifications:
>
>> the provision of free and open-source software products with digital
>elements that are not monetised by their manufacturers is not considered a
>commercial activity
>
>> The mere circumstances under which the product has been developed,
>or how the development has been financed should therefore not be taken into
>account when determining the commercial or non-commercial nature of [making
>free and open-source software available on the market].
>
>
> —
> Jody
>
> ___
> Discuss mailing 
> listDiscuss@lists.osgeo.orghttps://lists.osgeo.org/mailman/listinfo/discuss
>
> -- http://www.spatialys.com
> My software is free, but my time generally not.
>
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Cyber Resilience Act staying informed on updates

[Jody Garnett via Discuss]

 Thanks for the context and setting expectations.
--
Jody Garnett


On Dec 8, 2023 at 12:57:53 AM, Luí­s Moreira de Sousa <
luis.de.so...@protonmail.ch> wrote:

> Dear Jody,
>
> thank you for the update. The last "trilogue" took place on the 30th of
> November and OSS was finally considered. A final document is now closed and
> will proceed through the successive steps towards approval. The CRA will
> come into two force stepwise as discussed before, but now on different
> dates: first tier in January of 2026 and fully in January of 2027.
>
> Various rumours have emmanated out of the last "trilogue", sometimes
> conflicting. In truth the final document is not public, a clear
> understanding of its implications will not emerge before then. There are
> claims that Microsoft's concerns regarding distribution via code forges
> were addressed, but in parallel software stewards such as OSGeo will still
> be required to some form of compliance.
>
> This situation is certainly frustrating, but there is no point in
> speculating before the complete Act is made fully public.
>
> Best regards.
>
> --
> Luís
> On Wednesday, December 6th, 2023 at 4:09 PM, Jody Garnett via Discuss <
> discuss@lists.osgeo.org> wrote:
>
> Follow up to November discussion and blog post
> <https://www.osgeo.org/foundation-news/eu-cyber-resilience-act/> asking
> OSGeo community to be informed.
>
>
>1. At the end November Europe lawmakers agreed on something:
>
> https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/
>
>Free and open source was so far down the priority list that the press
>release does not even mention it.
>
>
>
>1. Next there were assurances that free and open-source community
>concerns were addressed:
>
> https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security
>
>The quote did indicate how our concerns were addressed:
>
>> We have ensured support for micro and small enterprises and better
>involvement of stakeholders, and addressed the concerns of the open-source
>community, while keeping an ambitious European dimension.
>
>
>
>1. This week I can find a articles providing clarifications that have
>been added:
>https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/
>
>Two clarifications:
>
>> the provision of free and open-source software products with digital
>elements that are not monetised by their manufacturers is not considered a
>commercial activity
>
>> The mere circumstances under which the product has been developed,
>or how the development has been financed should therefore not be taken into
>account when determining the commercial or non-commercial nature of [making
>free and open-source software available on the market].
>
>
> —
> Jody
>
>
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

[OSGeo-Discuss] Cyber Resilience Act staying informed on updates

[Jody Garnett via Discuss]

Follow up to November discussion and blog post
 asking
OSGeo community to be informed.


   1. At the end November Europe lawmakers agreed on something:
   
https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/


   Free and open source was so far down the priority list that the press
   release does not even mention it.



   1. Next there were assurances that free and open-source community
   concerns were addressed:
   
https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security


   The quote did indicate how our concerns were addressed:

   > We have ensured support for micro and small enterprises and better
   involvement of stakeholders, and addressed the concerns of the open-source
   community, while keeping an ambitious European dimension.



   1. This week I can find a articles providing clarifications that have
   been added:
   https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/


   Two clarifications:

   > the provision of free and open-source software products with digital
   elements that are not monetised by their manufacturers is not considered a
   commercial activity

   > The mere circumstances under which the product has been developed, or
   how the development has been financed should therefore not be taken into
   account when determining the commercial or non-commercial nature of [making
   free and open-source software available on the market].


—
Jody
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] proposed security initiative seeking service providers for 2024

[Jody Garnett via Discuss]

 I am going to need a few interested parties before annoying the board with
a budget request 

Anybody interested? I know planning ahead is tough ...
--
Jody Garnett


On Nov 22, 2023 at 2:21:10 AM, Jody Garnett  wrote:

> Last year I proposed a "security initiative
> " as I was
> encountering security agencies and researchers who were ... increasingly
> demanding.
>
> With the forthcoming "cyber resilience act" (and other regulations world
> wide) I anticipate this topic will be of renewed interest in 2024.
>
> I am seeking other service providers to work on this topic. Emphasis on
> providing a functional response for OSGeo projects (rather than lobby /
> politics).
> --
> Jody Garnett
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Release of mago 3DTiler, an open source OGC 3D Tiles converter!

[Jody Garnett via Discuss]

 Congrats!

I look forward to seeing this listed on the  http://osgeo.org/projects/ list
soon!
--
Jody Garnett


On Dec 1, 2023 at 3:09:02 PM, 신상희(Sanghee Shin) via Discuss <
discuss@lists.osgeo.org> wrote:

> Dear All,
>
>
>
> I’m very happy to announce this great news that my company Gaia3D, Inc.(
> www.gaia3d.com) has released mago 3DTiler, an open source OGC 3D Tiles
> converter, to celebrate FOSS4G-Asia 2023 Seoul!
>
>
>
> Github: https://github.com/Gaia3D/mago-3d-tiler
>
> Sample Page: https://seoul.gaia3d.com:10903
>
>
>
> mago 3DTiler isn’t just a converter; developed with Java, this open-source
> marvel stands as a beacon for flexibility and performance in the world of
> 3D data conversion.
>
>
>
> *Key Features:​*
>
> * Multi-Format Mastery: Effortlessly convert an array of 3D formats,
> including 3DS, OBJ, FBX, Collada DAE, glTF , IFC and more. ​
>
> * Point Cloud Precision: Bring your detailed point cloud data (LAS, LAZ)
> into the fold with pinpoint accuracy.​
>
> * 2D to 3D Extrusion: Turn 2D geospatial data (ESRI SHP, GeoJSON) into
> detailed 3D extrusion models, breathing life into flat representations.​
>
> * On-The-Fly CRS Conversion: Leverage the power of multi-threading and
> on-the-fly coordinate conversion with comprehensive PCS and GCS support via
> the Proj4 library.​
>
>
>
> We expect many contributions and participations from our community.
>
>
>
> Kind regards,
>
> 감사합니다.
>
> 신상희
> ---
> Shin, Sanghee
> Gaia3D, Inc. - The GeoSpatial Company
> www.gaia3d.com
>
>
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

[OSGeo-Discuss] proposed security initiative seeking service providers for 2024

[Jody Garnett via Discuss]

Last year I proposed a "security initiative
" as I was
encountering security agencies and researchers who were ... increasingly
demanding.

With the forthcoming "cyber resilience act" (and other regulations world
wide) I anticipate this topic will be of renewed interest in 2024.

I am seeking other service providers to work on this topic. Emphasis on
providing a functional response for OSGeo projects (rather than lobby /
politics).
--
Jody Garnett
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] OSGeo Cyber Resilience Act statement

[Jody Garnett via Discuss]

My understand is that the time to influence has largely passed (but at
least some good feedback is now going to be included).

We will be in a better position to plan after November 8th, and then again
when the law goes into effect.

Some personal notes and observations:

* The public feedback understandably focuses on liability for individuals
and organizations that contribute to free and open source. It is my hope
that projects can be sheltered by OSGeo, with the foundation allowing risk
to be shared, rather than simply excluding contributors from Europe (or
having contributors from Europe exclude themselves).

* I am curious if this will be like GPDR and have a world wide impact on
service providers, software and websites (just because they can be accessed
from Europe and are thus "published" into the european market and subject
to regulation).

* To be successful in helping projects face CRA requirements OSGeo will
have revise our project incubation requirements. It is rare for OSGeo to
play such an active role. The last time this was done was done to implement
code-of-conduct policies (which was also a response to liability risk).

* I expect OSGeo benefit from better funding/participation to help projects
meet CRA requirements. As a community, for whatever reason, we struggle to
talk plainly about money.

* It is awkward that service providers / organizations / companies do not
have great representation in our community. Collaborating on topics like
the CRA may be an opportunity for OSGeo to strengthen these relationships
(and to strengthen relationships between service providers).

* It is interesting that the CRA is strongly aligned with one of OSGeo's
cherished beliefs: that project governance is best shared.  The revised
text appears to acknowledge projects with a decentralized decision making,
while projects managed by a single developer or company require full
compliance. Having shared governance is also a requirement for OSGeo
projects (part of our history of being adverse to vendor lock-in).

* Many FOSS4G projects are managed by a single individual or organization.
Seeking out partnerships to avoid being governed by a single entity, or
joining the OSGeo foundation as a project to take advantage of reduced
requirements, may be a sensible response.

* OSGeo community projects are endorsed by OSGeo, but do not have a formal
leadership relationship with OSGeo. We may need to revisit this program in
2024 strictly from a liability perspective.

* I feel that this regulation is what success looks like for free and
open-source. Regulation in Europe is not isolated, as there is also
regulation taking shape in the US and other markets.

* It looks like some of the more annoying regulations may be required only
for vulnerabilities that are actively under attack.  Security experts are
already speaking up on why ideas like informing the government within 24
hours is a terrible idea.

We will learn more next week,
Jody


On Fri, Nov 3, 2023 at 12:35 AM Luí­s Moreira de Sousa <
luis.de.so...@protonmail.ch> wrote:

> Hi there,
>
> thank you to the board for going through with this initiative. While it
> may seem there is little time left to influence the process, it is still
> very important to let your MEPs know of your concerns. We all benefit if
> the open source community at large makes it clear it is sentient of
> legislative initiatives and willing to engage.
>
> Regards.
>
>
> --
> Luís
>
>
> Sent with Proton Mail <https://proton.me/> secure email.
>
> --- Original Message ---
> On Thursday, November 2nd, 2023 at 8:17 PM, Jody Garnett via Discuss <
> discuss@lists.osgeo.org> wrote:
>
> Dear All,
>
> A short statement from OSGeo is now available to share:
> https://www.osgeo.org/foundation-news/eu-cyber-resilience-act/
>
> Thanks to OSGeo board and Simone Giannecchini for working on this
> statement.
> --
> Jody Garnett
>
>
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

[OSGeo-Discuss] OSGeo Cyber Resilience Act statement

[Jody Garnett via Discuss]

Dear All,

A short statement from OSGeo is now available to share:
https://www.osgeo.org/foundation-news/eu-cyber-resilience-act/

Thanks to OSGeo board and Simone Giannecchini for working on this
statement.
--
Jody Garnett
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

[OSGeo-Discuss] GeoTools 30.0 released

[Jody Garnett via Discuss]

GeoTools 30.0 has been released  - more details (and a fun diagram) in
the release
announcement
.  The
release is available for download and directly from maven.

This update features an api-break due to the refactor of the org.opengis
package to org.geotools.api package (along with associated cleanup).
The upgrade
instructions
 include a
well-tested script you may use on your codebase.  We would like to thank
Ian Turton, Andrea Aime and Jody Garnett for completing this activity, and
everyone who helped test the release candidate.

Thanks to Peter Smith and Jody Garnett for making this release.
--
Project Management Committee
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] repo.osgeo.org contains empty files

[Jody Garnett via Discuss]

would field requests
>>>for all manner of content as we have seen. This is one case where gradle
>>>    offers better control ...
>>>- I will reach out to the core-geonetwork project and determine how
>>>their build can be restored also.
>>>
>>>
>>> --
>>> Jody Garnett
>>> --
>>> Jody Garnett
>>>
>>>
>>> On Sep 7, 2023 at 7:39:38 AM, Frank Gasdorf 
>>> wrote:
>>>
>>> Hi folks,
>>>
>>> I recently stumble about this problem to and my investigation is as
>>> follows:
>>>
>>> * you a company uses a repository manager and has osger repo as a proxy
>>> repo configured AND
>>> * and internal artefact has been request but is not avaliable in
>>> internal repositories, that a http get is set to osgeo repo as well
>>> * this leads to enties like that with size 0 for each artefact
>>>
>>>
>>> IMHO it seems to be an issue in nexus configuration and I investigate
>>> how to configure filter for proxe repositories in Nexus.
>>>
>>> Once you have a trac issue id, let us know
>>> --
>>> Frank
>>>
>>> Am Do., 7. Sept. 2023 um 15:22 Uhr schrieb Jody Garnett via Discuss <
>>> discuss@lists.osgeo.org>:
>>>
>>> This should be reported to the trac issues tracker, for the system admin
>>> committee.
>>>
>>> I help manage the repo a bit, I wonder where the size zero files come
>>> from? We may be able to check if they were uploaded or fetched from a cache
>>> of an external repo.
>>>
>>> On Thu, Sep 7, 2023 at 5:54 AM Brogli, Alexander via Discuss <
>>> discuss@lists.osgeo.org> wrote:
>>>
>>> Hi all
>>>
>>> We're thankful consumers of osgeo's maven repository, though this
>>> morning we noticed that empty files are pulled. Inspecting certain cases,
>>> we saw that since this morning files with size 0 seem to be in the repo,
>>> e.g. the files here
>>> https://repo.osgeo.org/service/rest/repository/browse/release/org/jboss/jboss-parent/36/
>>> .
>>>
>>> Do you know if there's a better place / mailing list to post this
>>> inquiry, or if the responsible persons are aware of the issue?
>>>
>>> Thanks & regards
>>> Alex
>>>
>>> ___
>>> Discuss mailing list
>>> Discuss@lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/discuss
>>>
>>> ___
>>> Discuss mailing list
>>> Discuss@lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/discuss
>>>
>>>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] repo.osgeo.org contains empty files

[Jody Garnett via Discuss]

I was only asking as if you have a mirror it would of been filled up with
junk and need to have its cache of jars cleaned up.

When building directlt it is best to have the fewest number of maven
repositories listed (as each one is checked in turn).

I am not sure why maven pom.xml does not allow an include/exclude filter on
repositories…

Jody

On Mon, Sep 11, 2023 at 2:08 AM Brogli, Alexander 
wrote:

> Answer:
>
> We do build it directly and dont mirror it (so far, maybe we should, at
> least to reduce some traffic for osgeo). So for us the fix indeed worked.
>
> Thanks & Regards
> Alex
>
> --
> *Von:* Jody Garnett 
> *Gesendet:* Freitag, 8. September 2023 00:59
> *An:* Brogli, Alexander 
> *Cc:* discuss@lists.osgeo.org ;
> fg...@users.sourceforge.net 
>
> *Betreff:* Re: [OSGeo-Discuss] repo.osgeo.org contains empty files
>
>
> *[EXTERNE E-MAIL]* Klicke nicht auf Links und öffne keine angehängten
> Dateien, wenn du die Absenderin oder den Absender nicht kennst.
> Question:
>
> Are you building against repo osgeo "release" directly in your maven build?
> If so you should indeed be fixed 
>
> Or have you setup a mirror or nexus repository of your own that caches
> repo osgeo "releases"?
> In this case you may need to clear your cache (to get rid of any zero
> sized jars).
>
> I am curious how many folks are running downstream caches or mirrors and
> may be affected ...
> --
> Jody Garnett
>
>
> On Sep 7, 2023 at 12:42:09 PM, "Brogli, Alexander" <
> alexander.bro...@ebp.ch> wrote:
>
> Hello
>
> Thanks for creating the ticket. I haven't created one, since I don't have
> a osgeo ID and am still waiting for a reply to my mantra request. I've
> checked, it seems we can regularly pull from repo.osgeo.org again, so I
> can confirm the problem seems to be resolved for us, thanks a lot!
>
> Regards, Alex
>
> --
> *Von:* Jody Garnett 
> *Gesendet:* Donnerstag, 7. September 2023 21:04
> *An:* fg...@users.sourceforge.net 
> *Cc:* Brogli, Alexander ; discuss@lists.osgeo.org
> 
> *Betreff:* Re: [OSGeo-Discuss] repo.osgeo.org contains empty files
>
>
> *[EXTERNE E-MAIL]* Klicke nicht auf Links und öffne keine angehängten
> Dateien, wenn du die Absenderin oder den Absender nicht kennst.
> I have gone ahead and created a ticket there:
> https://trac.osgeo.org/osgeo/ticket/2978
>
> I did not see you report the ticket yet, and it is capturing feedback on
> multiple channels.
>
> I have found the problem with geonetwork-cache being setup to cache files
> stored in a GitHub repository by geonetwork 2.x series.
> GitHub must of turned off access in this manner yesterday, resulting in a
> lot of time-outs and zero sized files being saved.
>
> The geonetwork-cache has been removed from release configuration; and I
> hope normal service has been restored? Please CONFIRM 
>
> Notes:
>
>- There is a risk that other repositories have saved these zero sized
>files and will need to clear their cache of OSGeo, and lazily rebuild it
>again.
>- Normal maven builds do not have any way to select what jar to
>retrieve from different repositories. Indeed they attempt to contact each
>repository in turn, checking for every jar.
>So it is expect that repo.osgeo.org releases would field requests for
>all manner of content as we have seen. This is one case where gradle offers
>better control ...
>- I will reach out to the core-geonetwork project and determine how
>their build can be restored also.
>
>
> --
> Jody Garnett
> --
> Jody Garnett
>
>
> On Sep 7, 2023 at 7:39:38 AM, Frank Gasdorf 
> wrote:
>
> Hi folks,
>
> I recently stumble about this problem to and my investigation is as
> follows:
>
> * you a company uses a repository manager and has osger repo as a proxy
> repo configured AND
> * and internal artefact has been request but is not avaliable in internal
> repositories, that a http get is set to osgeo repo as well
> * this leads to enties like that with size 0 for each artefact
>
>
> IMHO it seems to be an issue in nexus configuration and I investigate how
> to configure filter for proxe repositories in Nexus.
>
> Once you have a trac issue id, let us know
> --
> Frank
>
> Am Do., 7. Sept. 2023 um 15:22 Uhr schrieb Jody Garnett via Discuss <
> discuss@lists.osgeo.org>:
>
> This should be reported to the trac issues tracker, for the system admin
> committee.
>
> I help manage the repo a bit, I wonder where the size zero files come
> from? We may be able to check if they were uploaded or fetched from a cache
> of an exte

Re: [OSGeo-Discuss] repo.osgeo.org contains empty files

[Jody Garnett via Discuss]

 Question:

Are you building against repo osgeo "release" directly in your maven build?
If so you should indeed be fixed 

Or have you setup a mirror or nexus repository of your own that caches repo
osgeo "releases"?
In this case you may need to clear your cache (to get rid of any zero sized
jars).

I am curious how many folks are running downstream caches or mirrors and
may be affected ...
--
Jody Garnett


On Sep 7, 2023 at 12:42:09 PM, "Brogli, Alexander" 
wrote:

> Hello
>
> Thanks for creating the ticket. I haven't created one, since I don't have
> a osgeo ID and am still waiting for a reply to my mantra request. I've
> checked, it seems we can regularly pull from repo.osgeo.org again, so I
> can confirm the problem seems to be resolved for us, thanks a lot!
>
> Regards, Alex
>
> --
> *Von:* Jody Garnett 
> *Gesendet:* Donnerstag, 7. September 2023 21:04
> *An:* fg...@users.sourceforge.net 
> *Cc:* Brogli, Alexander ; discuss@lists.osgeo.org
> 
> *Betreff:* Re: [OSGeo-Discuss] repo.osgeo.org contains empty files
>
>
> *[EXTERNE E-MAIL]* Klicke nicht auf Links und öffne keine angehängten
> Dateien, wenn du die Absenderin oder den Absender nicht kennst.
> I have gone ahead and created a ticket there:
> https://trac.osgeo.org/osgeo/ticket/2978
>
> I did not see you report the ticket yet, and it is capturing feedback on
> multiple channels.
>
> I have found the problem with geonetwork-cache being setup to cache files
> stored in a GitHub repository by geonetwork 2.x series.
> GitHub must of turned off access in this manner yesterday, resulting in a
> lot of time-outs and zero sized files being saved.
>
> The geonetwork-cache has been removed from release configuration; and I
> hope normal service has been restored? Please CONFIRM 
>
> Notes:
>
>- There is a risk that other repositories have saved these zero sized
>files and will need to clear their cache of OSGeo, and lazily rebuild it
>again.
>- Normal maven builds do not have any way to select what jar to
>retrieve from different repositories. Indeed they attempt to contact each
>repository in turn, checking for every jar.
>So it is expect that repo.osgeo.org releases would field requests for
>all manner of content as we have seen. This is one case where gradle offers
>better control ...
>- I will reach out to the core-geonetwork project and determine how
>their build can be restored also.
>
>
> --
> Jody Garnett
> --
> Jody Garnett
>
>
> On Sep 7, 2023 at 7:39:38 AM, Frank Gasdorf 
> wrote:
>
> Hi folks,
>
> I recently stumble about this problem to and my investigation is as
> follows:
>
> * you a company uses a repository manager and has osger repo as a proxy
> repo configured AND
> * and internal artefact has been request but is not avaliable in internal
> repositories, that a http get is set to osgeo repo as well
> * this leads to enties like that with size 0 for each artefact
>
>
> IMHO it seems to be an issue in nexus configuration and I investigate how
> to configure filter for proxe repositories in Nexus.
>
> Once you have a trac issue id, let us know
> --
> Frank
>
> Am Do., 7. Sept. 2023 um 15:22 Uhr schrieb Jody Garnett via Discuss <
> discuss@lists.osgeo.org>:
>
> This should be reported to the trac issues tracker, for the system admin
> committee.
>
> I help manage the repo a bit, I wonder where the size zero files come
> from? We may be able to check if they were uploaded or fetched from a cache
> of an external repo.
>
> On Thu, Sep 7, 2023 at 5:54 AM Brogli, Alexander via Discuss <
> discuss@lists.osgeo.org> wrote:
>
> Hi all
>
> We're thankful consumers of osgeo's maven repository, though this morning
> we noticed that empty files are pulled. Inspecting certain cases, we saw
> that since this morning files with size 0 seem to be in the repo, e.g. the
> files here
> https://repo.osgeo.org/service/rest/repository/browse/release/org/jboss/jboss-parent/36/
> .
>
> Do you know if there's a better place / mailing list to post this inquiry,
> or if the responsible persons are aware of the issue?
>
> Thanks & regards
> Alex
>
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] repo.osgeo.org contains empty files

[Jody Garnett via Discuss]

 I have gone ahead and created a ticket there:
https://trac.osgeo.org/osgeo/ticket/2978

I did not see you report the ticket yet, and it is capturing feedback on
multiple channels.

I have found the problem with geonetwork-cache being setup to cache files
stored in a GitHub repository by geonetwork 2.x series.
GitHub must of turned off access in this manner yesterday, resulting in a
lot of time-outs and zero sized files being saved.

The geonetwork-cache has been removed from release configuration; and I
hope normal service has been restored? Please CONFIRM 

Notes:

   - There is a risk that other repositories have saved these zero sized
   files and will need to clear their cache of OSGeo, and lazily rebuild it
   again.
   - Normal maven builds do not have any way to select what jar to retrieve
   from different repositories. Indeed they attempt to contact each repository
   in turn, checking for every jar.
   So it is expect that repo.osgeo.org releases would field requests for
   all manner of content as we have seen. This is one case where gradle offers
   better control ...
   - I will reach out to the core-geonetwork project and determine how
   their build can be restored also.


--
Jody Garnett
--
Jody Garnett


On Sep 7, 2023 at 7:39:38 AM, Frank Gasdorf 
wrote:

> Hi folks,
>
> I recently stumble about this problem to and my investigation is as
> follows:
>
> * you a company uses a repository manager and has osger repo as a proxy
> repo configured AND
> * and internal artefact has been request but is not avaliable in internal
> repositories, that a http get is set to osgeo repo as well
> * this leads to enties like that with size 0 for each artefact
>
>
> IMHO it seems to be an issue in nexus configuration and I investigate how
> to configure filter for proxe repositories in Nexus.
>
> Once you have a trac issue id, let us know
> --
> Frank
>
> Am Do., 7. Sept. 2023 um 15:22 Uhr schrieb Jody Garnett via Discuss <
> discuss@lists.osgeo.org>:
>
>> This should be reported to the trac issues tracker, for the system admin
>> committee.
>>
>> I help manage the repo a bit, I wonder where the size zero files come
>> from? We may be able to check if they were uploaded or fetched from a cache
>> of an external repo.
>>
>> On Thu, Sep 7, 2023 at 5:54 AM Brogli, Alexander via Discuss <
>> discuss@lists.osgeo.org> wrote:
>>
>>> Hi all
>>>
>>> We're thankful consumers of osgeo's maven repository, though this
>>> morning we noticed that empty files are pulled. Inspecting certain cases,
>>> we saw that since this morning files with size 0 seem to be in the repo,
>>> e.g. the files here
>>> https://repo.osgeo.org/service/rest/repository/browse/release/org/jboss/jboss-parent/36/
>>> .
>>>
>>> Do you know if there's a better place / mailing list to post this
>>> inquiry, or if the responsible persons are aware of the issue?
>>>
>>> Thanks & regards
>>> Alex
>>>
>>> ___
>>> Discuss mailing list
>>> Discuss@lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/discuss
>>>
>> ___
>> Discuss mailing list
>> Discuss@lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/discuss
>>
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

[OSGeo-Discuss] The best / shortest CRA response

[Jody Garnett via Discuss]

OSI has provided one of the best / shortest responses to the CRA here:
https://blog.opensource.org/diverse-open-source-uses-highlight-need-for-precision-in-cyber-resilience-act/

If you have not yet read a response, this is the one to read.

Jody
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] repo.osgeo.org contains empty files

[Jody Garnett via Discuss]

This should be reported to the trac issues tracker, for the system admin
committee.

I help manage the repo a bit, I wonder where the size zero files come from?
We may be able to check if they were uploaded or fetched from a cache of an
external repo.

On Thu, Sep 7, 2023 at 5:54 AM Brogli, Alexander via Discuss <
discuss@lists.osgeo.org> wrote:

> Hi all
>
> We're thankful consumers of osgeo's maven repository, though this morning
> we noticed that empty files are pulled. Inspecting certain cases, we saw
> that since this morning files with size 0 seem to be in the repo, e.g. the
> files here
> https://repo.osgeo.org/service/rest/repository/browse/release/org/jboss/jboss-parent/36/
> .
>
> Do you know if there's a better place / mailing list to post this inquiry,
> or if the responsible persons are aware of the issue?
>
> Thanks & regards
> Alex
>
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] [Board] EU Cyber Resilience Act - potential impacts on open geospatial software?

[Jody Garnett via Discuss]

>
> Indeed this is just one way to respond,

That's a major issue. Members of steering committees are unpaid
> volunteers. They are more or less active. With our current organization,
> they are not in a capacity to face regulation requirements. Basically
> that would mean that projects should have salaried members, at least
> part-time, to do that.


Good idea.

Or rotate through PSC members with a small contract to monitor
communication - say three months at a stretch.

So we would be expecting some kind of sustaining sponsorship from business
such as yours. In trade you get vacations :)

By pooling resources we cover for each other. And by acting I behalf of
OSGeo we are not indirect line of fire as individuals.

Advocacy rant mode on

Pretty much the whole reason to setup a software foundation folks. I love
that OSGeo allows us to set up one software foundation (rather than each
project having to do this work themselves.

OSGeo has a *extremely* low “bronze” sponsorship threshold of $500 USD
(which goes down to $375 for reciting sponsors). I have a non active
company how2map which has been sponsoring at this level for some years. So
I am doing my best to put my money (and volunteer capacity) where my speech
is.

Advocacy rant mode off.

I am going to go back to being quiet. Thank you for your response Even.

Jody

>
> --
> http://www.spatialys.com
> My software is free, but my time generally not.
>
> --
--
Jody Garnett
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] [Board] EU Cyber Resilience Act - potential impacts on open geospatial software?

[Jody Garnett via Discuss]

Even:

Thank you very much for responding - I want to make the case that you are
not alone (and will get vacations). Even with regulations …

If you are charging for an enhancement - it is development work one and
done.  It is probably in your contract to meet the requirements (docs and
QA) to get the change into the open source codebase.

If you wish to offer (or if the customer requires) support for a period of
time they can negotiate that with you.

However you do not have to be the distributor - the customer self-serves
from the open-source distribution. In this case the project - specifically
the steering committee (acting on behalf of osgeo) are on the hook for a
lot of these reg requirements.

This could be good for osgeo (for this specific case) in terms of
encouraging code contributions (rather than forks and customizations).
OSGeo as a software foundation should be able to shelter small and medium
business (perhaps negotiating some participation to make the story work).

Jody

On Fri, Aug 18, 2023 at 12:09 PM Even Rouault via Discuss <
discuss@lists.osgeo.org> wrote:

>
> Le 18/08/2023 à 20:50, Jody Garnett via Discuss a écrit :
> > Thanks for setting that up, can we add it to the website ad an event
> > or news item? That way it can be shared on social media and email lists.
> >
> > The missing voice on this discussion (and osgeo in general) is the
> > small and medium business owners.
> >
> > A whole bunch of the concern is the impact on small and medium
> > business owners. We have not yet heard from our service providers and
> > sponsors on this subject.
>
> I count as a small business owner, actually a one man company, and
> service provider and I'm indeed really concerned by the CRA.
>
> Seeing obligations of reporting security events within a 24h delay makes
> me believe that I will have no right for any vacations The whole
> text seems to have being written with quite large software companies in
> mind with sufficiently big teams so they can organize on-call teams.
>
> It is also completely inadequate to make a service provider responsible
> for the whole codebase: if I charge a customer for an enhancement in a
> part of the software, is it legitimate to make bear what happens in
> other places of the code base I may possibly not have written ? The text
> possibly doesn't imply this (but then it becomes fun to determine who is
> responsible to respond to a given security event), but such scenarios
> specific to open source decentralized model are not detailed, so we are
> in the legal uncertainty domain...
>
> Also the obligations linked to the lifetime of a version are written
> with companies that have regular income from licensing fees and can
> actually take a part of them to organize security monitoring and
> response. Service providers don't necessarily have recurring income
> sources linked to a software, given that they charge for the labor (one
> time event) but not usage (long-term event).  What happens if I'm no
> longer involved with a software: am I still liable for what I wrote in
> the past, and people still use for free, but I should still bear the
> costs while no longer getting any related revenue ?
>
> Even
>
> --
> http://www.spatialys.com
> My software is free, but my time generally not.
>
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
-- 
--
Jody Garnett
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] [Board] EU Cyber Resilience Act - potential impacts on open geospatial software?

[Jody Garnett via Discuss]

Thanks for setting that up, can we add it to the website ad an event or
news item? That way it can be shared on social media and email lists.

The missing voice on this discussion (and osgeo in general) is the small
and medium business owners.

A whole bunch of the concern is the impact on small and medium business
owners. We have not yet heard from our service providers and sponsors on
this subject.

As a North American I have concern(s) and care - but am not sure how to
support this process.

Jody

On Fri, Aug 18, 2023 at 3:39 AM Angelos Tzotsos via Board <
bo...@lists.osgeo.org> wrote:

> Hi all,
>
> We are planning to make a community meeting about the EU CRA, so we can
> discuss our action plan forward.
>
> The meeting is planned for Tuesday 22 Aug 13:00 UTC in our Jitsi room:
> https://meet.jit.si/OSGeo
>
> Best,
> Angelos
>
> On 7/22/23 00:20, Adam Steer via Discuss wrote:
> > Hi OSGeo
> >
> > The European Union's proposed Cyber Resilience Act has just come to the
> > attention of many non-EU folks as a potential dampener on open source
> > geospatial software development and usage. A summary from GitHub is here
> > (thanks Marco Bernasocchi for pointing it out):
> >
> >
> https://github.blog/2023-07-12-no-cyber-resilience-without-open-source-sustainability/
> >
> >   It's being discussed in the OSGeo board, and some responses from other
> > open source organisations have already been made, for example:
> >
> https://newsroom.eclipse.org/news/announcements/open-letter-european-commission-cyber-resilience-act
> >
> > It would be great to hear your thoughts on the impact of the proposed
> > legislation on open source geospatial software development across the
> > globe  - so we can form an appropriate community response as soon as
> > possible. What are your thoughts?
> >
> > Yes, we're late in gettung our attention on to this. Hopefully not too
> > late.
> >
> > Thanks,
> >
> > Adam
> >
> > --
> > Dr. Adam Steer
> > OSGeo director
> >
> >
> > ___
> > Discuss mailing list
> > Discuss@lists.osgeo.org
> > https://lists.osgeo.org/mailman/listinfo/discuss
>
> --
> Angelos Tzotsos, PhD
> President
> Open Source Geospatial Foundation
> http://users.ntua.gr/tzotsos
>
> ___
> Board mailing list
> bo...@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/board
>
-- 
--
Jody Garnett
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] EU Cyber Resilience Act - potential impacts on open geospatial software?

[Jody Garnett via Discuss]

 Dear all,

A lot of very good thoughts on this thread (and online).

I have been thinking a bit more on this. As Luís highlights while there are
steps to take to be clear with our license the result would end up not
being useful / legal in Europe (which defeats OSGeo vision of empowering
everyone with free and open source geospatial goodness).

a) The CRA treating everything as a supplier arrangement is a problem. It
is disrespectful to be treated as a supplied rather than a respected
commons (or even labour.)

If we borrow a tool from labour - what would adopting a work-to-rule
practice for Europe?

   - Delay downloads by two weeks (simulation of anticipated certification
   overhead)
   - Release source code to Europe but not the digital downloads (respect
   Free and Open Source license and provide a taste of VPN future)


Aside: I use the word disrespectful to help indicated the violation of the
social norms asserted with our community. We should be offended that after
creating so much value for Europe regulation is being setup to require more
from our community.

b) The proposed CRA certification SME to declare technology used. This
technically sets up a "dependency list" showing the open-source used by
each organization.

Could this be used in a Robbin Hood manner to direct funding where needed:

   - Use such insight to support projects that are underfunded for their
   level of importance to European Economy
   - Use tax dollars, or certification fees from industry, to scale funding
   to match use of free and open source technologies


Aside: This is what I mean about seeking economic solutions for the root
cause (underfunded open-source projects used in critical or economically
important systems).

--
Jody Garnett


On Aug 3, 2023 at 12:43:59 AM, Luí­s Moreira de Sousa via Discuss <
discuss@lists.osgeo.org> wrote:

> Dear all,
>
> hours ago, Wordpress, Joomla, Drupal and TYPO3 published an open letter on
> the CRA painting a scenario similar to the worst case I put forth here last
> week. Not only are FOSS projects threatened, thousands of European SMEs
> will either perish or move on to wholesale commercial software in the wake
> of this legislation. Essentially, we are speaking of the companies that
> contribute to fund OSGeo and sponsor the FOSS4G.
>
>
> https://wordpress.org/news/files/2023/08/Open_Letter_on_the_Significance_of_Free_and_Open_Source_Software_in_the_EU_s_Proposed_Cyber_Resilience_Act.pdf
>
> I am becoming increasingly concerned by this. I would exhort every charter
> member in Europe to get thoroughly informed and seek advice from trade
> guilds or unions and enterprise associations or federations.
>
> Regards,
>
> Luís
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] EU Cyber Resilience Act - potential impacts on open geospatial software?

[Jody Garnett via Discuss]

I have some sympathy for regulators on this one. Software ate the world,
and open source ate the software. Now the consequence are that there are
disruptions to society when there is a problem with our open source
software.

There is a good Apache Article (
https://news.apache.org/foundation/entry/save-open-source-the-impending-tragedy-of-the-cyber-resilience-act)
for those who wish to read rather than watch the eclipse video.

One critical ask the articles makes makes is about open-source being
treaded as a "commons". Many folks, including the regulators apparently,
are not sure how to participate in a commons and respect both the grass and
others enjoying it.

To that point I am not sure where the impression that companies being
willing to "pay what ever it takes" comes from. The actual lived experience
of security vulnerability reporting ... comes across as very entitled at
best, and harassment/demanding at worst.

Do not be distracted by "software provider" - we are a community with the
mandate to empower everyone with free and open source geospatial software.
The apache article makes it very clear that society expects us as "software
providers" to do much better (these regulations are intentionally aimed at
open source). What is quiet is that we as "software providers" expect
society to do better also (if stability, safety and security matter then it
is a place the wider society can invest time).

The other interesting aspect is the economics of this proposed regulation.
The regulators are hoping the european small and medium sized businesses
will only have to pay to certify the code they are responsible for; and
rely on others upstream to certify the rest.

But with free and open source the license is use at your own risk - and the
source code is provided so that you can mitigate your own risk.  The social
contract invites these businesses onto the grass. It is a shared pasture,
and if your country wants to mandate organic seed start planting.

I fear this will place a very large strain on our European friends. Not
only only the small and medium business; but anyone participating.

It is worth noting that OSGeo as an organization is not against having
standards and regulations.
- OSGeo very much thrives with open-standards (indeed history shows GRASS
community bootstrapped some of this with the formation of OGC.)
- OSGeo directly has "regulations" with an incubation checklist capturing
what we viewed as valuable 15 years ago. While it is time to update that
list, the important thing is we have a list. We made that checklist to
ensure our software was trustworthy for our community; in part to combat
the open source FUD at the time (so that open source could reach a wider
audience).

I started saying that software at the world, and open source ate the
software. But in our specific industry that is not true. OSGeo has not
followed through on the disruptive part of the formula (due to a lack of
marketing/advocacy  I expect). The effect is that GIS / Mapping software
has not transitioned from an advantage, to a  commodity, from a commodity
to a foss4g commons we can all benefit from.  It would be good to have a
larger foss4g community to draw on when adapting to these changing
expectations.

The value of having a software foundation as a neutral  ground remains. We
do have a commons under the OSGeo umbrella, and it is a sensible response
for European small and medium buisness to pool resources to address any
regulation requirements. We will learn how realistic this is, and if OSGeo
has  role to play in the coming years. OSGeo may need to figure out how
much liability it is prepared to take on; or if it is smarter to have
distinct foundations like qgis.org and gvSig Assoication.

Random thoughts:

- Large buisness may choose to meet these requirements on their own (which
makes RHEL actions recently more understandable).

- Apache article also hints that open source just may not operate in Europe
(as happened with US encryption regulations). I do not think that is a long
term solution, as I expect we will get more regulation over time in other
locations.

- The economics of this are where I would like to know more. I hope we get
a Paul Ramsey keynote on this topic as his thoughtfulness and clarity has
served our community well.

I am going to stop writing, this is probably a topic for geobeers.
--
Jody

On Fri, Jul 21, 2023 at 5:36 PM Seth G via Discuss 
wrote:

> Hi all,
>
> My initial thoughts were that it is ridiculous to expect open source
> projects that require no payment for use place responsibility on the
> project developers and maintainers to be responsible for security issues.
>
> However the current reality is that based on recent examples OSGeo
> projects that become aware of a critical vulnerability result in it being
> fixed by maintainers within hours/days. These fixes are nearly always
> unpaid work carried out during weekends and evenings due to the
> conscientiousness of those involved 

[OSGeo-Discuss] Construction ahead: refactoring to org.geotools.api

[Jody Garnett via Discuss]

I do not often post on the discussion list - but this activity
 affects many projects:

https://geotoolsnews.blogspot.com/2023/07/construction-ahead-refactoring.html

Long story short *org.opengis* packages are being refactored to
*org.geotools.api*, and a few areas of the code-base can now be simplified.
Dropping unused interfaces, etc...

While this sounds simple, it is not without risk, especially for projects
that have not yet setup a Java 11 build system.

In the open-source tradition the best way to control risk is to help out!
Please plan for:

   - Upcoming Bolsena Code Sprint
    (lots of fun
   and also good food).
   - Testing the GeoTools 30-RC release candidate when it is made available
   at the end of the Sprint.


If you are not in a position to help out directly, OSGeo offers a sponsorship
program , that will
assist both the GeoTools library and other projects in addressing this
change.
--
Jody Garnett
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] OSGeo Slides

[Jody Garnett via Discuss]

I have some slides

you can grab history / diagrams from; it is nice to see how GRASS
bootstrapped many of these organizations that are working together today.

Thank you for promoting OSGeo :)
--
Jody Garnett


On Mon, Apr 10, 2023 at 4:51 PM Michele M Tobias via Discuss <
discuss@lists.osgeo.org> wrote:

> Hi everyone!
>
> I got asked to give a talk at the Monterey Bay Marine GIS Users Group
> meeting about the open source geospatial organizations – OSGeo, FOSS4G,
> OGC, etc. – and how they fit together. Has anyone got some slides or
> previous talks I could use as a reference to get started?  I feel like the
> board might have some useful stuff, but I’m not finding it. Any help would
> be appreciated.
>
>
>
> Thanks!
>
>
>
> Michele
>
>
>
> *Michele Tobias, PhD*
>
> Geospatial Data Specialist
>
> DataLab: Data Science & Informatics
>
> UC Davis Library
>
>
>
> 370 Shields Library
>
> (530)752-7532
>
> mmtob...@ucdavis.edu
>
> ORCID: -0002-2954-8710 
>
>
>
> Pronouns: she, her, hers
>
>
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

[OSGeo-Discuss] GeoServer 2.23.0 released

[Jody Garnett via Discuss]

The GeoServer team is pleased to share the release of GeoServer 2.23.0
.

Check out the announcement

for
details:

   - Security Considerations
   - Java 11 Minimum
   - CSS Cleanup
   - Spring Upgrade
   - Windows installer Java 11 Update
   - Feature Type Description
   - OGC CITE Fixes

This is a stable release recommended for production systems.

Thanks to everyone who helped produce and test the release candidate: Gabriel
Roldan, Andrea Aimie, Jody Garnett, Peter Rushforth, Mark Prins, and Juan
Luis Rodríguez.
--
GeoServer Project Steering Committee
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Preparing annual report on the AGM slides

[Jody Garnett via Discuss]

I am confused. Do you mean 2023? The email says 2022, but the slides say
2023?

I guess foss4g really is happening soon - are we having the AGM at foss4g
so early in the year?
--
Jody Garnett


On Tue, Mar 28, 2023 at 12:42 PM Vicky Vergara via Discuss <
discuss@lists.osgeo.org> wrote:

> Hello everyone,
> The slides for the AGM are ready to be uploaded with the 2022 report.
> Link to media upload is WIP.
>
>
> https://docs.google.com/presentation/d/1Ev7RrX_L4fmsRPcu36Z1aMgvoRyLdOpY8dH6Pf4FTxE
>
> If you are:
> * An OSGeo project, community project
> * An OSGeo committee
> * An OSGeo initiative
> * An OSGeo local chapter
> * Did you organized an event on 2022
>
> Please:
> * Go to the presentation link
> * Ask for editor rights
> * Find your slide or create one in the appropriate section
>
> Regards
> Vicky Vergara
>
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

[OSGeo-Discuss] GeoServer OGC Filter SQL Injection Vulnerabilities (CVE-2023-25158)

[Jody Garnett via Discuss]

The GeoServer team has released a statement: OGC Filter Injection
Vulnerability Statement


A vulnerability has been located in the GeoTools Library that allows SQL
Injection using OGC Filter and Function expressions.

   - CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities
   

(GeoServer)
   - CVE-2023-25158 OGC Filter SQL Injection Vulnerabilities
   

(GeoTools)

Patched releases:

   - GeoServer 2.22.2
   

stable release
   - GeoServer 2.21.4
   

maintenance
   - GeoServer 2.20.7
   

   - GeoServer 2.19.7
   

   - GeoServer 2.18.7
   


--
GeoServer Project Steering Committee
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Board meeting summary - 12 December 2022

[Jody Garnett via Discuss]

Thanks for your service Michele!

The issue of trademarks is interesting; presently our incubation process
does not require participating projects to transfer any existing trademarks
to OSGeo.
Other foundations (eclipse/apache) make this a requirement of
participation; part of setting up a level playing field for everyone
participating.

I assume from the meeting notes that the board was discussing how to
support project's in obtaining a trademark for their own name / logo /
brand.
--
Jody Garnett


On Tue, Dec 20, 2022 at 3:15 AM Adam Steer via Discuss <
discuss@lists.osgeo.org> wrote:

> Hi OSGeo people, friends, neighbors
>
> The OSGeo board of directors met on 12 December 2022, making an
> out-of-schedule meeting to catch up on our agenda. Minutes are here:
> https://wiki.osgeo.org/wiki/Board_Meeting_2022-12-12
>
> This was the last meeting as a director for Michele Tobias - please
> join us in thanking Michele for her wisdom and insight for the past
> two years (insert applause and cheering here). And we look forward to
> her ongoing engagement in the OSGeo community!
>
> To the meeting itself - almost half of the allocated hour was taken up
> in discussion about trademarks. As an outcome, we are generating some
> guidelines for projects about the process, and how to get support from
> OSGeo if it is something they want to do. We also discussed trademarks
> for OSGeo and FOSS4G, those are ongoing - needing careful thought and
> input from the community.
>
> Codrina has developed a template for organisations wishing to form an
> MoU with OSGeo. This will be placed on the OSGeo wiki, after which the
> board will make a motion to formally adopt it. Related to this, we are
> revising our MoU with UCGIS [1], which will be reformatted into the
> new MoU template. The GISwater organisation [2] has also requested an
> MoU, however we felt that as GISwater is now an OSGeo community
> project [3], a separate MoU is not needed.
>
> The board ratified the conference committee’s decision to fund the
> 2022 OSGeo Oceania travel grant program, after a request from the
> committee chair to do so [4]. This has been paid already.
>
> The final discussion in the allotted time was about reviving or
> creating a new OSGeo organisation in Europe. This will assist with
> funding from European organisations, and create a local focus for the
> European community.
>
> Discussion about sponsorship opportunities, and curating the to-do
> list, was pushed to the next meeting - scheduled for 29 December 2022,
> 16:00 UTC. You’re welcome to attend here:
> https://meet.jit.si/OsgeoBoard, and the agenda proposal is here:
> https://wiki.osgeo.org/wiki/Board_Meeting_2022-12-29
>
> Regards,
>
> Adam Steer, on behalf of the OSGeo Board
>
>
> [1] https://wiki.osgeo.org/wiki/MOU_UCGIS
> [2] https://giswater.org/
> [3] https://www.osgeo.org/projects/giswater/
> [4]
> https://lists.osgeo.org/pipermail/conference_dev/2022-December/005885.html
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Canadian Chocolate

[Jody Garnett via Discuss]

Okay, figured it out!

David Vick (geoserver contributor) confirms that his partner Tara loves the
canadian classic "cadbury crunchie" (cite 1

or 2

lists).
If you are interested in a regional chocolat exchange visit the geocat
booth at foss4g :)
--
Jody Garnett


On Wed, 29 Jun 2022 at 19:28, Jody Garnett  wrote:

> It is a real challenge around here, how many people do I know as wonderful
> as Iam that have a partner that likes chocolate?
> Actually I have another idea, I will report back if it is correct.
> --
> Jody Garnett
>
>
> On Thu, 23 Jun 2022 at 04:08, Margherita Di Leo via Discuss <
> discuss@lists.osgeo.org> wrote:
>
>> Your karma must have been very good and the universe is acknowledging it,
>> Ian. Good for you
>>
>> On Thu, Jun 23, 2022 at 12:42 PM Ian Turton via Discuss <
>> discuss@lists.osgeo.org> wrote:
>>
>>> Did you or your spouse have a conversation with Jody Garnet at a recent
>>> FOSS4G about a type of Canadian chocolate bar you really liked but couldn't
>>> get where you live - if so can you remind Jody of the type and who you are.
>>> Meanwhile my wife and I will eat the Canadian Crunchy bar he brought to
>>> Italy thinking it was us who he spoke to about it.
>>>
>>> Ian
>>>
>>> --
>>> Ian Turton
>>> ___
>>> Discuss mailing list
>>> Discuss@lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/discuss
>>>
>>
>>
>> --
>> Margherita Di Leo
>> ___
>> Discuss mailing list
>> Discuss@lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/discuss
>>
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Canadian Chocolate

[Jody Garnett via Discuss]

It is a real challenge around here, how many people do I know as wonderful
as Iam that have a partner that likes chocolate?
Actually I have another idea, I will report back if it is correct.
--
Jody Garnett


On Thu, 23 Jun 2022 at 04:08, Margherita Di Leo via Discuss <
discuss@lists.osgeo.org> wrote:

> Your karma must have been very good and the universe is acknowledging it,
> Ian. Good for you
>
> On Thu, Jun 23, 2022 at 12:42 PM Ian Turton via Discuss <
> discuss@lists.osgeo.org> wrote:
>
>> Did you or your spouse have a conversation with Jody Garnet at a recent
>> FOSS4G about a type of Canadian chocolate bar you really liked but couldn't
>> get where you live - if so can you remind Jody of the type and who you are.
>> Meanwhile my wife and I will eat the Canadian Crunchy bar he brought to
>> Italy thinking it was us who he spoke to about it.
>>
>> Ian
>>
>> --
>> Ian Turton
>> ___
>> Discuss mailing list
>> Discuss@lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/discuss
>>
>
>
> --
> Margherita Di Leo
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Weird Chapter page editing results (I think)

[Jody Garnett via Discuss]

The following two pages are different:
- https://www.osgeo.org/local-chapters/twin-cities-mn-usa-chapter/
- https://staging.www.osgeo.org/local-chapters/twin-cities-mn-usa-chapter/

Do you have the link from the osgeo main website that took you to the wrong
location?
--
Jody Garnett


On Wed, 9 Feb 2022 at 18:15, Basques, Bob (CI-StPaul) via Discuss <
discuss@lists.osgeo.org> wrote:

> Earlier this week I discovered that I lost about 6 month’s worth of edits
> to our local Chapter page on OSGeo.
>
>
>
> I’ve since went in and repaired the links (and updated it with tonights
> meeting links.) and noticed the Chapter pages URL looks a little different.
>
>
>
> Should they look like this (I don’t recall seeing that “staging.” part in
> front before).  Could this somehow be related to me losing my edits? :
>
>
>
> https://staging.www.osgeo.org/local-chapters/twin-cities-mn-usa-chapter/
>
>
>
> I got to this link from the OSGEO Main page to make sure it wasn’t
> something I was handing out by mistake.
>
>
>
> Thanks
>
>
>
> Bobb
>
>
>
>
>
>
>
>
>
> Get me in Teams
> 
>
> *PW19-S295-C024*
>
>
>
>
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] [Projects] OSGeo Budget 2022 - please send your budget requests for approval

[Jody Garnett via Discuss]

One thing to keep in mind is this is "just" a budget, a chance for projects
to predict upcoming activities and expenses and communicate with the board
so that the organisation can be run responsibly. OSGeo is also set up to
collect sponsorship on behalf of your project [1].

If a project runs into unexpected expenses please reach [2] out to OSGeo
for assistance, one reason we have a foundation is to take care of each
other.

[1] https://github.com/geoserver/geoserver/wiki/Sponsor
[2]
https://github.com/OSGeo/osgeo/blob/master/board/documents/osgeo_financial_guidance.pdf

--
Jody Garnett
--
Jody Garnett


On Thu, 30 Dec 2021 at 03:19, Angelos Tzotsos  wrote:

>
>
>
>
>
>
>
>
>
>
>
>
>
> * Dear OSGeo project members and committees, OSGeo has been a proud
> supporter of project events, code sprints, developer meetings and user
> conferences.  Given the COVID-19 pandemic, 2020 and 2021 have seen a shift
> to virtual events (for example, the OSGeo/OGC/Apache joint sprint in
> February 2021, as well as the global FOSS4G event).  It has been
> encouraging to see our energy, commitment and perseverance during this
> exceptional time. OSGeo continues to execute the annual budget, and is
> reaching out to all committees (including Project Steering Committees), to
> help plan our budget for 2022. In 2021, the Board assigned an initial
> amount of 2000 USD to all graduated projects who have reported to the Board
> the last 12 months (e.g. during the AGM or directly to a Board meeting) and
> have sent a budget request. For 2022, the Board is planning to continue to
> offer a budget to all graduated projects with the exact amount to be
> determined. Due to the successful FOSS4G 2021 and less money spent in 2021
> we are in the position to support our projects again as before.  To help
> navigate the uncertainties ahead in 2022, the Board is planning to have a
> budget meeting within January 2022 to review 2021
> expenditures, sponsorship, and make financial decisions for the 2022
> budget. Please send your detailed requests for approval (see detailed
> budget requests from 2021 e.g.
> https://wiki.osgeo.org/wiki/GeoServer_Budget_2021
> 
>  >) We would like to ask
> you to help us with budget proposals to assist your project. This will help
> us set aside a realistic amount of funding. Please add your project info to
> the budget draft at: https://wiki.osgeo.org/wiki/OSGeo_Budget_2022
> 
>  > ideally by 20 January 2022
> in advance of our next Board meeting. When making a budget request please
> keep in mind the vision and goals of our Foundation, along with any
> obligations you wish to meet. Thank you and Happy New Year! On behalf of
> the OSGeo Board, Angelos *
>
> --
> Angelos Tzotsos, PhD
> President
> Open Source Geospatial Foundationhttp://users.ntua.gr/tzotsos
>
> ___
> Projects mailing list
> proje...@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/projects
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Index for FOSS4G video recordings

[Jody Garnett via Discuss]

It is also an option to make resource pages https://www.osgeo.org/resources/
for any content presenters wish to share.
--
Jody Garnett


On Tue, 26 Oct 2021 at 09:28, Astrid Emde (OSGeo) via Discuss <
discuss@lists.osgeo.org> wrote:

> Hello Ivan,
>
> good point.
>
> The code is on gitea.
>
> https://git.osgeo.org/gitea/foss4g/video.foss4g.org
>
> I can make a pull request and update the content.
>
> Thanks for the info
>
> Astrid
>
>
> Am 26.10.2021 17:33 schrieb Iván Sánchez Ortega via Discuss:
> > Hi y'all,
> >
> > I've noticed that the video recordings for the FOSS4G 2021 are up.
> >
> > However, the http://video.foss4g.org/ webpage is not updated (and
> > hasn't been
> > updated for a couple of years already).
> >
> > I don't know who maintains (or who can edit) video.foss4g.org . What's
> > the
> > best way to ping them in order to add links to the 2019 & 2021
> > playlists?
> >
> >
> > Best,
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] [OSGeo-Standards] Version parameter missing in WMS 1.3 GetMap request

[Jody Garnett via Discuss]

GeoServer has a strict configuration option to follow the specification
exactly (raising exceptions for incomplete requests such as this one). With
strict turned off GeoServer does its best to be somewhat forgiving of
requests (when a sensible assumption can be made).

The WMS version negotiation is intended to happen with GetCapabilities via
"version number negotiation", it would be sensible to follow the same
pattern if version is neglected from a GetMap request.

> 6.2.4 Version number negotiation
> ...
> If the server does not support the requested version, the server shall
respond with output that conforms to a version it does support, as
determined by the following rules:
>
> ⎯ If a version unknown to the server and higher than the lowest supported
version is requested, the server shall send the highest version it supports
that is less than the requested version.
> ⎯ If a version lower than any of those known to the server is requested,
then the server shall send the lowest version it supports.
> ⎯ If the client does not support the version sent by the server, it may
either cease communicating with the server or send a new request with a
different version number that the client does support.

--
Jody Garnett


On Thu, 7 Oct 2021 at 03:29, Dirk Stenger  wrote:

> Hi all,
>
> We have following problem and are interested in the opinion of other 
> implementers of the WMS 1.3 specification.
>
> For example, a GetMap request is sent to a deegree service:
> * 
> https://inspire.brandenburg.de/services/ef_sem_wms?BBOX=228152.%2C5690412.%2C493382.%2C5939023.=EPSG%3A25833=image%2Fpng=500=EF.EnvironmentalMonitoringProgrammes=GetMap=WMS=EF.EnvironmentalMonitoringProgrammes.Default.Point=500
>
> A map is returned instead of an exception.
> Reading the specification (OGC® 06-042) this is a bug in the software 
> implementation as version is a mandatory parameter.
>
> However, it is not 100% clear what exception type shall be thrown as the 
> service does not know what WMS version is requested (WMS 1.3 has its own 
> exception schema).
>
> In addition, we should be aware that some clients may omit the version 
> parameter in a GetMap request.
> So, a fix of this behavior might break the compatibility with some clients.
> As far as we see, GeoServer also ignores a missing version.
>
> How do you handle such cases?
> How do you determine what exception shall be thrown if, for example, the 
> version parameter is missing?
> Is the compatibility to the specification or to actual implementations of 
> clients more important?
>
> We are looking forward to your thoughts about this issue and appreciate any 
> help.
>
> Kind regards,
> Dirk Stenger
>
> ___
> Standards mailing list
> standa...@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/standards
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] Open Position: Research Software Engineer

[Jody Garnett via Discuss]

Ann:

There is an osgeo jobs board which you may wish to make use of (there are
some details here https://wiki.osgeo.org/wiki/Jobs_Board). It is a good
resource for those seeking to work in our industry, and organizations such
as 52°North seeking to grow our industry :)

If you like (since this is the discussion list) we can talk about how
rewarding it is to work with an open source company.
--
Jody Garnett


On Tue, 15 Jun 2021 at 00:45, Ann Hitchcock via Discuss <
discuss@lists.osgeo.org> wrote:

> Dear colleagues,
>
>
> 52°North GmbH is looking for a Research Software Engineer (m/f/d) to
> support our innovative team. The RSE will be working on two European
> Horizon 2020 projects. The projects focus on exploring approaches to
> managing, processing and visualizing spatio-temporal data (both typical
> geospatial data and geosensor data). The research contexts are marine and
> meteorological applications as well as climate change impacts.
>
> More information is available at:
> https://52north.org/about-us/career-opportunities/#jobs
>
> Best regards,
>
> Ann Hitchcock
>
> --
> Ann Hitchcock
> 52°North Initiative for Geospatial Open Source Software GmbH
> Martin-Luther-King-Weg 24
> 48155 Münster, Germany
> Fon: +49-(0)-251–396371-0
> Fax: +49-(0)-251–396371-11http://52north.org/
> Twitter: @FiveTwoN
> General Managers:
> Prof. Dr. Albert Remke, Prof. Dr. Andreas Wytzisk-Arens
> Local Court Muenster HRB 10849
>
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

Re: [OSGeo-Discuss] OSGeo Statement on Community Standards

[Jody Garnett via Discuss]

Astrid:

The page  links to the code of
conduct for several communities, but we no longer have a single code of
conduct as an organization. Indeed projects / events / local chapters are
able to choose an appropriate code of conduct - just like we ask free and
open source projects to choose an appropriate license for their community.

Personally I recommend adopting one of the community managed code of
conducts (Berlin Code of Conduct  or
Contributor
Covenant ) since it is not a lot of
fun to write one of these things and keep it up to date. Or keep it simple,
as the bards once said: *Be excellent to each other*
--
Jody Garnett


On Sun, 30 May 2021 at 23:18, Astrid Emde (OSGeo) via Discuss <
discuss@lists.osgeo.org> wrote:

> 2021-05-31
> News Item:
>
> https://www.osgeo.org/foundation-news/osgeo-statement-on-community-standards/
>
> The OSGeo Board of Directors issues this statement in response to recent
> events in the tech and global communities in relation to issues of
> inclusion, equity, and justice:
>
> OSGeo strives to be an open, welcoming, and safe community and, to that
> end, we continue to work to improve how we treat all members of our
> community.  We believe our community is built on the collective of all
> of our actions and that each individual has an impact on whether people
> feel welcome.
>
> OSGeo values the contributions of each and every member in all aspects
> of the organization, including (but not limited to) using and promoting
> open source geospatial software, contributing code, documentation, event
> speakers, participating in joint events with other organizations, or
> within  various committees.
>
> All participants, regardless of how or where they participate in OSGeo
> activities, are expected to behave with integrity and respect for all
> people.  We encourage all members to review the Code of Conduct, make
> necessary adjustments to their behaviors as needed, and to discuss the
> Code of Conduct within committees and projects.
> Code of conduct: https://www.osgeo.org/code_of_conduct/
>
> OSGeo Board of Directors
> ___
> Discuss mailing list
> Discuss@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss