Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Shibboleth Developer's Meeting, 2019-01-18

Call Administrivia

10:00 Central US / 11:00 Eastern US / 16:00 UK

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2019-02-01. Any reason to deviate from this?

60 to 90 minute call window.


Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.


AGENDA

  1. LDAPocalypse Now


Attendees:


Brent


Daniel


Ian


Marvin


Phil


Rod

  • 3.4.3
  • Some rationalization in JIRA
  • Keeping track with changes
  • NOTE
    • I'll be travelling during the call and on a train.  I'll connect in as much as I can but even if I'm in the meeting I'll be silent.  Apologies.


Scott


Tom

  • JPAR-102 - Getting issue details... STATUS
    • New plan for "pin/key map" : fingerprint|checksum artifact-coordinate-pattern
      • Use checksum rather than PGP fingerprint when unsigned or bad signature
      • Use fingerprint rather than key ID because there could be collisions
      • Should we use wildcards/patterns in the artifact-coordinate-pattern ?
        • Yes for our artifacts
        • Maybe for other artifacts (like Spring)
      • Append to "pin" list or remove no longer used map entries ?
    • IdP 3.4.3 has 1150 artifact dependencies in the stack (including Maven plugins)
      • 250 are unsigned (22 %)
      • 3 have bad signatures (org.apache.struts:struts-taglib|core|tiles:pom:1.3.8)
      • no weak (as defined by the pgpverify plugin) signatures
      • The count of 1150 includes POMs
    • Need Jenkins to sign SNAPSHOTs (since checksums will change)
    • INFRA-196 - Getting issue details... STATUS  Initial install of Nexus NXRM 3 to take a look at capabilities
      • Should we proxy Maven Central ? (probably, so we can discontinue use of it directly)
    • Some links :


Other




  • No labels