Versions Compared

Old Version 4

changes.mady.by.user Huda Khan

Saved on

compared with

New Version 5

changes.mady.by.user Mike Conlon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

(star) Indicating note-taker

  1. Ralph O'Flinn
  2. Jim Blake
  3. Huda Khan
  4. Tim Worrall
  5. Mike Conlon 
  6. Brian Lowe 
  7. Christian Hauschke (star)
  8. Alex Viggio(star)
  9. Benjamin Gross
  10. Don Elsborg

...

Draft notes in Google-Doc

For reference, action items from previous meeting:

  1. Simple 1501.  Benjamin and Jim.

  2. What is the process for getting the language files built?  TIB will need help us. Pull request will wait until we understand how to build it.  Assigned to Christian. Mike can document for the tech docs once there is a process we can replicate.

  3. VIVO-1451 - Making Capability Map i18n Compliant.  Waiting for review? No fall back mechanism, but never has had a fall back mechanism.  Currently shows the property name. In general, VIVO has fall back for information displayed from the data.   But capability map does not appear to handle the fall back for data. If the data does not have the needed language it should fall back on an available label.  May not be ready for review.

    1. https://github.com/vivo-project/VIVO/pull/67#issuecomment-3899315

  4. Two bugs for discussion

    1. https://jira.duraspace.org/browse/VIVO-1548?filter=13109

    2. Serious bug?  Coauthors as vcards throw a template exception when viewing in Significant bug with co-authors as vcards. Modified SPARQL in a listView.  Confirm by putting 1.9.3. Mike has data that fails to display.

      1. Benjamin has data that displays correctly in 1.10 -- possible that issue is avoided because we upgraded, didn’t do a fresh install

Example: https://connect.unavco.org/display/pub130811

https://connect.unavco.org/individual/pub130811/pub130811.ttl

Authorship: https://connect.unavco.org/individual/n573628/n573628.ttl

Vcard: https://connect.unavco.org/individual/per244582/per244582.ttl

    1. Go to developers’ console and see the actual sparql query.

    2. Put data in 1.9.3 to confirm the bug is in 1.10

    3. Might need a 10.1

    4. Might need better test processes.  What might they be? Sample data does not have vcard co-authors.

  1. Graham can demo advanced role management after the German workshop.

  2. Struts security dependency issue

    1. Update: Ted has resolved this for our project by building DWR without Struts. It’s not actually used. Solr 4 doesn’t actually import Struts despite being listed as a dependency it turns out.

    2. https://jira.duraspace.org/browse/VIVO-1550

    3. The right way (an opinion) -- don’t use DWR.  Remove the entire dependency. Is the functionality even desirable?

    4. Benjamin: Issue that came up in one of our projects.  Had someone run a security scan; don’t know the software.  Uses some whitelist and flags things.

    5. Process discussion -- how to deprecate Can we have a “DEPRECATED” process?  We think something should go away, but how do we let people know? We might want to get rid of vulnerabilities.

    6. Get rid of the feature?  How to decide?

    7. How to keep the feature and get rid of the dependency

  3. Security vulnerabilities

    1. Security scan on Vitro.  Bunch of issues discovered by a Harvard review.  Still some issues after put behind a firewall. Search and authentication.

    2. A limited access Google Doc to contain security findings.

    3. Very important to consider having the data behind a firewall and the web front.  Understand the front-end and back-end. Understand the conversation between the two.  Understand authentication. Understand the APIs used to access data.

    4. Begin to address the findings.

  4. How do we resolve SDB/TDB issue?

    1. SDB is deprecated

    2. All recent maintenance has been done by Graham?

    3. How to go to TDB?  Particularly the single app constraint and ingest.


Previous Actions

  •  Alex Viggio will bring news of Elasticsearch instead of Solr up with Product Evolution.  Might there be consequences for the September sprint.

Actions

  •  ...