[mapserver-dev] Summary of 6.0 Release meeting at FOSS4G 2010

Daniel Morissette dmorissette at mapgears.com
Fri Sep 10 12:00:10 EDT 2010 

Hi everyone,

We are being pushed out of the FOSS4G Code sprint room... here are the 
notes I took during our afternoon meeting about the 6.0 release... sorry 
for the rough notes, I didn't have time to polish them. the full log is 
available online at 
http://logs.qgis.org/mapserver/%23mapserver.2010-09-10.log

2010-09-10 - FOSS4G Code Sprint - MapServer 6.0 release meeting
===============================================================

Agenda

- Rendering overhaul - review status/migration issues and merge with trunk?

- Expression overhaul - review status/migration issues and merge with trunk?

- Static buffer/sprintf cleanup

- 6.0 Release feature list

- 6.0 Release schedule

- 6.0 Release Manager



Meeting Summary
---------------

** Rendering overhaul - review status/migration issues and merge with trunk?

  - aboudreault: fix PHP/SWIG MapScript in mapserver6 sandbox (vs rendering)

  - dmorissette/aboudreault: static buffer/sprintf cleanup

  - assefa: Ask on -users list about dropping Flash support
  - dmorissette: Ask CMM about Flash support

  - Everybody agrees to merge mapserver6 sandbox in trunk in ~2 weeks 
and tbonfort will try to be available to help everyone fix their part of 
the code


** Expression overhaul - review status/migration issues and merge with 
trunk?

  - SteveL not here... Assefa still has work to do for OGC Filters once 
Steve's geometry expressions are working... deferred to -dev list

  - ... SteveL joined later and confirmed he should be able to 
complete/merge RFC-59 by the feature freeze date

** Static buffer/sprintf cleanup

  - aboudreault: to review all files looking for those patterns, and 
where bad code is found, propose a patch to the maintainer of the file 
for perusal and approval

  - FrankW said that banning sprintf() and replacing it with snprintf 
systematically may be a bit much... we should fix only places that have 
potential for exploitation... for instance, the MapServer version string 
built using sprintf is not unsaafe since it's not exploitable using 
outside inputs

  - dmorissette: share relevant part of report with other devs

  - aboudreault: develop security auditing skills and proactively work 
on improving mapserver's code security.

  - frankW, aboudreault: Look into using http://coverity.com  ... Frank 
has been using it for libtiff before

  - Summary (voted +1): aboudreault will review mapserver source looking 
for static buffer patterns, propose patches to module maintainer when 
bad code found, FrankW and aboudreault to look into coverity for 
proactive security code auditing... and finally aboudreault to develop 
security auditing skills and lead that effort for the project

** 6.0 Release Manager

  - dmorissette volunteers as release manager, frankw will make formal 
motion to the -dev list

** 6.0 Release schedule

  - Plan for a feature freeze on Nov 15th, with a little over 2 months 
for betas, aiming for final release between Jan 15th and 31st


** 6.0 Release feature list

  - See: http://trac.osgeo.org/mapserver/wiki/60ReleasePlan

  ... meeting interrupted before end of review of feature list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20100910/4fcb6f3b/attachment.html

More information about the mapserver-dev mailing list