Reminder: Please copy/paste the Zoom chat into the notes. If you miss it, this is saved along with the meeting recording, but having it here has benefits.
Call for Ramsons BugFest testers, need to recruit more people to help with upcoming BugFest.
Claiming app: Presentation on new app to support workflows to claim missing serials, will entail a new UI module using existing backend. New functionality brought to PC while still in design phase! More detail in the presentation linked in the 2024-10-31 Product Council Meeting Notes
Craig McNally made progress on a couple things here...
Spoke to Christopher Spalding and got access to Election Runner - Setup was very easy, and free for < 20 voters.
Reached out to Boaz Nadav Manes wrt the google form used in the last election for nominations - Still need to see how much of this can be reused.
It's also come to light that Taras Spashchenko will be leaving the project soon, so we have 2 seats to fill.
Timing
Two weeks for nominations + One week to vote
Assuming we can get the word out (and nomination form) by (Next Monday), we should have results by the end of the month.
Does this timing work?
Communication/Announcement
Since it wasn't clearly captured in previous notes - the plan is to post to #tech-council, right? Also maybe to the other council channels?
Maccabee Levine should post to wider channels, probably developers or implementers
Do we need to be concerned that we may not get enough nominees, or that not posting this to a wider audience may be viewed negatively?
Craig McNally we did not have too much candidates recently
1 min
Backport fix to Morning Glory?
All
From Julian Ladisch in #tech-council... Do we need to discuss?
There's a request to get a fix being back-ported to Morning Glory (R2 2022):https://github.com/folio-org/mod-authtoken/pull/164 Does FOLIO support this, or should we suggest that people (upgrade to a supported flower release or) fork the repository, do the changes in their fork, and use their own docker hub space to publish the fixed container?
This is mostly an FYI, but also raising this here in hopes of finding a volunteer to help with this...
mod-graphql is unmaintained. Charlotte Whitt indicates that the Thor team does not have bandwidth for this.
There are several security-related issues here, dating back to 2021. Most of this is regarding outdated, unsupported versions of 3rd party dependencies, but there are also at least one known vulnerability too.
It seems the project needs to find a new owner for this module.
Sought advice from the folio chairs. It was suggested that we engage Khalilah Gambrell (Lead PO).
Khalilah indicated that there aren't any teams with capacity to take this on, especially while hardening for a release. She also notes that EBSCO + EPAM teams have already taken on a significant number of modules previously maintained by the now defunct Prokopovych team.
Noteworthy considerations:
This module is written in node.js
the z39.50 module depends on mod-graphql, so removing it from future releases may be problematic
Jakub Skoczen probably dependency on z3950 could be removed, so we could get rid of mod-graphql at all
Marc Johnson ask z3950 responsibles if they think removal is possible
Maccabee Levine announce a note in slack too the planned removal of mod-graphql in case someone else uses it
Jakub Skoczen Does not depend only on programming language. Most time the teams lack resources and not knowledge.
Marc Johnson Not only the programming language, but also central tooling has to be considered. Not central policy for new languages. Need guidelines for new languages
Jenn Colt When should a module be considered to be abandoned?
Craig McNally mod-graphql most security vulnerabilities raise from outdated dependencies. Unclear if this is exploitable. Upgrading dependencies is not easy.
Julian Ladisch At least one security issue known, but does not directly affect Folio.
Marc Johnson No policies for new languages regarding tooling exist
Jakub Skoczen As we proposed go, we figured out tooling, devops and so on. Discussion seems to be endless, we had 2 topics: CI/CD and developing of a demonstration module. Either formulate clear questions about topics in question or take a vote now or soon.
Craig McNally Most of questions have been raised in the RFC. Concerns about managing multiple languages have all been discussed
Jakub Skoczen Can invite developers from the team if there are more questions.
Marc Johnson Static code analysis group will look at it
Craig McNally Remaining questions should be answered at Wednesday and we plan to take a vote them
NA
Zoom Chat
17:04:39 From Maccabee Levine To Everyone: What dev team is doing that Claiming app? 17:05:01 From Maccabee Levine To Everyone: Replying to "What dev team is doi..."
Thanks! 17:07:39 From Tod Olson To Everyone: Replying to "What dev team is doi..."
For the notes: the work is being done by Thunderjet, Joseph Reimers is the PO. 17:07:49 From Maccabee Levine To Everyone: Reacted to "For the notes: the w..." with 👍🏻 17:17:05 From Tod Olson To Everyone: Unfortunate to lose Taras. : ( I hope you have an interesting next project! 17:30:55 From Jenn Colt To Everyone: I think. That’s a good chairs topic 17:32:53 From Julian Ladisch To Everyone: The required two years support are for Spring Ways modules. For a completely new language this must be much longer. 17:36:35 From Marc Johnson To Everyone: Replying to "The required two yea…" Does the MoU refer to specific tools?
If so, that’s probably inappropriate 17:37:41 From Julian Ladisch To Everyone: Replying to "The required two yea..."
The MoU doesn't refer to specific tools, but currently for back-end modules we only have Spring Way as officially supported language. 17:39:35 From Marc Johnson To Everyone: AFAIK FOLIO currently supports Perl, node.js and Java
And tooling wise, vert.x and grails are also supported 17:41:08 From Julian Ladisch To Everyone: https://folio-org.atlassian.net/browse/MODGQL-160 "Upgrade apollo-server-express" - raised November 2022. 17:48:30 From Maccabee Levine To Everyone: Side note re: security team, I think the TC charter makes it clear: "Maintain oversight of the FOLIO project's security group and other working groups to which the Technical Council delegates specific responsib ilities." 17:49:17 From Marc Johnson To Everyone: Replying to "Side note re: securi…" We probably need to decide if the security tooling falls into the officially supported technologies 17:53:06 From Marc Johnson To Everyone: We should include the static analysis question into that discussion 17:53:13 From Maccabee Levine To Everyone: Reacted to "We should include th..." with 👍🏻 17:55:56 From Marc Johnson To Everyone: And lastly, document the expectations for new languages for the next time this happens 17:56:07 From Tod Olson To Everyone: Reacted to "And lastly, document..." with 17:56:08 From Julian Ladisch To Everyone: FOLIO already has a centralized go linting GitHub workflow: https://github.com/folio-org/.github/blob/master/README-go-lint.md 17:56:49 From Julian Ladisch To Everyone: I don't think that we need any input from the static code analysis group.