[mapguide-internals] MapGuide Open Source 2.1

Bruce Dechant bruce.dechant at autodesk.com
Thu Oct 16 15:14:02 EDT 2008


The plan going forward with Oem would be to transition to grabbing the required/compatible 3rd party libraries from where they are hosted and building with them instead of including them as part of the MapGuide source.

The reason it is the way it is now is simply that it was easy to do and guaranteed that MapGuide was building with the versions that it was compatible with.

Thanks,
Bruce

-----Original Message-----
From: mapguide-internals-bounces at lists.osgeo.org [mailto:mapguide-internals-bounces at lists.osgeo.org] On Behalf Of Tom Fukushima
Sent: Thursday, October 16, 2008 12:54 PM
To: MapGuide Internals Mail List
Subject: RE: [mapguide-internals] MapGuide Open Source 2.1

This has been bothering me a bit as well.

Can someone explain why we have taken the approach we did and what the plans are for OEM going forward? I don't know the history of this.  Bruce and Trevor?

SQLite is used for the web tier unit tests.

Tom

-----Original Message-----
From: mapguide-internals-bounces at lists.osgeo.org [mailto:mapguide-internals-bounces at lists.osgeo.org] On Behalf Of Jason Birch
Sent: Thursday, October 16, 2008 12:49 PM
To: MapGuide Internals Mail List
Subject: RE: [mapguide-internals] MapGuide Open Source 2.1

Tom,

there are a considerable number of external libraries that are out of
date:

- GEOS 3.0 and 3.0.1 have been released (not sure on officiality of
3.0.1)

- PHP 5.2.6 has been released and includes one nasty security fix and a
bunch of bug fixes

- Apache 2.2.10 has been released with many, many fixes (our distributed
version is 2.2.4)

- All of the libraries under GD are at least three years old, and
several have had serious security issues resolved in this timeframe.

- Others?

I understand that it's unlikely that we'll be able to address these for
2.1 given the timeframe, but I'm worried that
storing the OEM components in our repository is institutionalizing these
versions in our project.  This causes several problems:
  - users (especially Linux users) that have more modern versions
installed on their systems run into problems
  - it becomes harder and harder for us to contribute fixes upstream and
take advantage of upstream fixes in return
  - our users become more and more vulnerable to security issues in the
components that we are not keeping up with

I'm not sure what the solution is, but this is a considerable pain
point.

As an aside, I just noticed that SQLite is included in MapGuide.  Out of
curiosity, what uses this?

Jason

-----Original Message-----
From: Tom Fukushima
Subject: [mapguide-internals] MapGuide Open Source 2.1

I would like to post a MGOS 2.1 beta the week of Oct 20th.  This is of
course contingent on me getting resources from our Autodesk internal
build team (they are very overloaded right now) to get some builds
together.
_______________________________________________
mapguide-internals mailing list
mapguide-internals at lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapguide-internals
_______________________________________________
mapguide-internals mailing list
mapguide-internals at lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapguide-internals


More information about the mapguide-internals mailing list