The PSC gathered to discuss the following agenda:
Via conference call:
Sami described the findings on the security audit. We strongly advise everyone to update to the latest version as soon as possible.
Sami described the problem of merging more and more of new functionalities and how it affects the ability to ensure they actually work with a new release. One solution would be that we keep doing what we have done and release new functionalities with “it works if not proven otherwise” mentality and the other option is to make an effort to truly keep the core as bug free as possible and introduce new functionalities that might or might not work with the latest release as “community modules”.
It was decided that a community modules repository will be added to oskariorg repositories for server as well as frontend. Functionalities such as the download basket, analysis and any application specific code that we currently have in the codebase will be moved to community modules. When a new functionality is introduced it should only be added to the core if we can assure that it will be updated for each release.
NLS Finland has been thinking of doing proof of concepts with Webpack, TypeScript/ES6+ based version of Oskari frontend with React or Vue.js as the view library. This will probably mean backwards compatibility being broken in one way or another, but it was agreed that upgrading to a new technology stack is something we want to do for keeping up with the tech and attract more developers. The first steps are taken in 2018 and great care is needed to ensure that communication of the change is properly done (migration guide should be provided and old version probably maintained side-by-side for some time). RPC will also be reflected mostly by changing request/event names that are easy to find/replace in existing applications. The discussion will be continued when we have more concrete information about this, but initial ok has been given by the PSC.
The spring SAML-module (https://projects.spring.io/spring-security-saml/) isn’t actively maintained and is currently blocking some of the library updates that would otherwise improve Oskari. Tampere is heavily invested in using the SAML integration, but support for SAML-based login could be lifted from Oskari to Apache/loadbalancer level. It was agreed that SAML-support can be removed from Oskari in order to update the other libraries.
Layer selector OIP approved (https://github.com/oskariorg/oskari-docs/issues/61) and tagged as roadmap item so it can be found through roadmap listing as new development. The actual change to current code is that layer groups (themes/data providers can have multiple levels) and layers can belong to multiple groups. The OIP also covers new optional user interface for layer listing and layer administration. Old admin and layer listing bundles will be updated to support layers belonging to multiple groups, but will not support the tree structure for groups.