<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#ffffff">
<big><tt><font size="-1"><big>Hi everyone,<br>
<br>
We are being pushed out of the FOSS4G Code sprint room... here are the
notes I took during our afternoon meeting about the 6.0 release...
sorry for the rough notes, I didn't have time to polish them. the full
log is available online at
<a class="moz-txt-link-freetext" href="http://logs.qgis.org/mapserver/%23mapserver.2010-09-10.log">http://logs.qgis.org/mapserver/%23mapserver.2010-09-10.log</a><br>
<br>
2010-09-10 - FOSS4G Code Sprint - MapServer 6.0 release meeting<br>
===============================================================<br>
<br>
Agenda<br>
<br>
- Rendering overhaul - review status/migration issues and merge with
trunk?<br>
<br>
- Expression overhaul - review status/migration issues and merge with
trunk?<br>
<br>
- Static buffer/sprintf cleanup<br>
<br>
- 6.0 Release feature list<br>
<br>
- 6.0 Release schedule<br>
<br>
- 6.0 Release Manager<br>
<br>
<br>
<br>
Meeting Summary<br>
---------------<br>
<br>
** Rendering overhaul - review status/migration issues and merge with
trunk?<br>
<br>
- aboudreault: fix PHP/SWIG MapScript in mapserver6 sandbox (vs
rendering)<br>
<br>
- dmorissette/aboudreault: static buffer/sprintf cleanup<br>
<br>
- assefa: Ask on -users list about dropping Flash support<br>
- dmorissette: Ask CMM about Flash support<br>
<br>
- Everybody agrees to merge mapserver6 sandbox in trunk in ~2 weeks
and tbonfort will try to be available to help everyone fix their part
of the code<br>
<br>
<br>
** Expression overhaul - review status/migration issues and merge with
trunk?<br>
<br>
- SteveL not here... Assefa still has work to do for OGC Filters once
Steve's geometry expressions are working... deferred to -dev list<br>
<br>
- ... SteveL joined later and confirmed he should be able to
complete/merge RFC-59 by the feature freeze date<br>
<br>
** Static buffer/sprintf cleanup<br>
<br>
- aboudreault: to review all files looking for those patterns, and
where bad code is found, propose a patch to the maintainer of the file
for perusal and approval<br>
<br>
- FrankW said that banning sprintf() and replacing it with snprintf
systematically may be a bit much... we should fix only places that have
potential for exploitation... for instance, the MapServer version
string built using sprintf is not unsaafe since it's not exploitable
using outside inputs<br>
<br>
- dmorissette: share relevant part of report with other devs<br>
<br>
- aboudreault: develop security auditing skills and proactively work
on improving mapserver's code security.<br>
<br>
- frankW, aboudreault: Look into using <a class="moz-txt-link-freetext" href="http://coverity.com">http://coverity.com</a> ... Frank
has been using it for libtiff before<br>
<br>
- Summary (voted +1): aboudreault will review mapserver source looking
for static buffer patterns, propose patches to module maintainer when
bad code found, FrankW and aboudreault to look into coverity for
proactive security code auditing... and finally aboudreault to develop
security auditing skills and lead that effort for the project<br>
<br>
** 6.0 Release Manager<br>
<br>
- dmorissette volunteers as release manager, frankw will make formal
motion to the -dev list<br>
<br>
** 6.0 Release schedule<br>
<br>
- Plan for a feature freeze on Nov 15th, with a little over 2 months
for betas, aiming for final release between Jan 15th and 31st<br>
<br>
<br>
** 6.0 Release feature list<br>
<br>
- See: <a class="moz-txt-link-freetext" href="http://trac.osgeo.org/mapserver/wiki/60ReleasePlan">http://trac.osgeo.org/mapserver/wiki/60ReleasePlan</a><br>
<br>
... meeting interrupted before end of review of feature list<br>
</big></font></tt></big>
</body>
</html>