GSIP 129

GSIP 129 - Dev Guide Refresh

Overview

Proposed By

Jody Garnett

Assigned to Release

The live developers guide is based off master, so the sooner we can correct the better :)

State

• Under Discussion
• In Progress
• Completed
• Rejected
• Deferred

Motivation

In reviewing the developers guide a few sections are out of date:

Community Process

• we have changed from roadmap planning to a time boxed release cycle
• cross link to to Release Cycle

Quickstart

• Update to quickstart to modern branches

Eclipse Guide

• Correct GEOSERVER_DATA_DIR VM argument example

Policies and Procedures

• We can use a section on "responsible disclosure" of security issues

Proposal

Updating the build instructions and quickstart are a casual activity that should be able to proceed without formal change proposal.

Changing the following procedures are subject to review and approval by the PSC:

• Removing the section on roadmap planning

• Adding a section on responsible disclosure

  • keep exploit details out of issue report
  • send to developer/PSC privately (just like we do for sample data)
  • be prepared to work with PSC members on a solution
  • if you are unable to communicate in public/issue tracker please contact PSC members privately, or contact OSGeo at info@osgeogeo.org
  • keep in mind PSC members are volunteers and an extensive fix may require fundraising / resources

• We can also take the opportunity to refresh our PSC list based on activity

Feedback

Discussion on reasonable disclosure:

• Handling of GEOS-7032: Remote File Disclosure - concerning XML External Entity XXE Processing and GEOS-7032
• Handling of a security flaw - concerning cross site scripting flaw

Backwards Compatibility

Voting

Project Steering Committee:

• Alessio Fabiani
• Andrea Aime
• Ben Caradoc-Davies
• Christian Mueller
• Gabriel Roldán
• Jody Garnett
• Jukka Rahkonen
• Justin Deoliveira
• Phil Scadden
• Simone Giannecchini

Committers:

Links

• GEOS-7054