Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

Shibboleth Developer's Meeting, 2021-08-20

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-09-03. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

Add items for discussion here

Attendees:

Brent

Daniel

Henri

Ian

John

Marvin

Phil

  • Nothing really (holidays)

  • Started back on https://shibboleth.atlassian.net/browse/JCOMOIDC-23 yesterday.

  • Realised I was not on the Users mailing list, and a few questions had gone by about the DuoOIDC plugin. Not sure I can respond retrospectively. I could add some input to two of them via a new mail to the list?

Rod

  • JavaScript

  • Supply Chain attack. Hibernate and JBOSS worry me

    • Dependency on a 8 year old and 3 major versions out of date parser (ANTLR)

    • Recent, required jars are unsigned.

    • Do we shake their tree or suck it up? If the latter can someone sign these jars and pop the asc files into our repository)

      • NOTE that this trick only works for as long as build.shibboleth.net remains definitive for our builds. If we move to a site we don’t own we are back being open to attack at any time. (Modulo hard wired overrides for insecure jars)

  • Wiki Conversion as a background activity.

Scott

Tom

  • Deploy artifacts to Maven Central ?

    • Confirmed changes to artifacts currently in Central (removal of our <repo>s from POMs)

      • (wrote script to download artifacts from Central under org/opensaml and net/shibboleth and diff with Nexus)

    • Us or someone else ?

    • Move <repo> to profile ?

      • Scheduling ?

    • https://issues.sonatype.org/browse/OSSRH-72201

Other

  • No labels