[mapguide-internals] MapGuide Open Source 2.1

[Jason Birch]

Tom, 

there are a considerable number of external libraries that are out of
date:

- GEOS 3.0 and 3.0.1 have been released (not sure on officiality of
3.0.1)

- PHP 5.2.6 has been released and includes one nasty security fix and a
bunch of bug fixes

- Apache 2.2.10 has been released with many, many fixes (our distributed
version is 2.2.4)

- All of the libraries under GD are at least three years old, and
several have had serious security issues resolved in this timeframe.

- Others?

I understand that it's unlikely that we'll be able to address these for
2.1 given the timeframe, but I'm worried that 
storing the OEM components in our repository is institutionalizing these
versions in our project.  This causes several problems:
  - users (especially Linux users) that have more modern versions
installed on their systems run into problems
  - it becomes harder and harder for us to contribute fixes upstream and
take advantage of upstream fixes in return
  - our users become more and more vulnerable to security issues in the
components that we are not keeping up with

I'm not sure what the solution is, but this is a considerable pain
point.

As an aside, I just noticed that SQLite is included in MapGuide.  Out of
curiosity, what uses this?

Jason

-----Original Message-----
From: Tom Fukushima
Subject: [mapguide-internals] MapGuide Open Source 2.1

I would like to post a MGOS 2.1 beta the week of Oct 20th.  This is of
course contingent on me getting resources from our Autodesk internal
build team (they are very overloaded right now) to get some builds
together.