About Features Downloads Getting Started Documentation Events Support GitHub

Site Tools


developers_call:minutes20120821

VuFind Developers Call Minutes: August 21, 2012

Attending: Filipe Bento, Oliver Goldschmidt, Demian Katz, David Maus, Benjamin Mosior, Tod Olson, Sean Purcell, June Rayner, Al Rykhus

Agenda

1. New/Updated JIRA Tickets

Demian has fixed JIRA so that it finally sends out notification emails correctly.

Here's the most recent JIRA activity:

  • VUFIND-316 - Ronan has posted a patch here to ping shards in order to allow sharded searches to tolerate errors more robustly.
  • VUFIND-340 - Mark Triggs has made his work-in-progress improved security code available in Git, though he does not currently have time to complete it.
  • VUFIND-423 - Filipe has posted an updated archive of the EBSCO EIT code here; it has been successfully tested with VuFind 1.3. Because of recent EBSCO activity regarding the EDS API, the ticket has been renamed to differentiate it (see also VUFIND-636 below).
  • VUFIND-513 - The source of the “slashes in IDs cause problems” bug has been identified: it is an Apache security feature. Some possible workarounds have been documented on this ticket.
  • VUFIND-615 - The incorrect logging table definition in the config.ini comments has been corrected; ticket closed.
  • VUFIND-625 - Some additional Shibboleth improvements have been posted here.
  • VUFIND-633 - Luke has posted a patch for language sniffing here to auto-detect user language preferences.
  • VUFIND-634 - This ticket was opened to document a problem in Zend Framework 2, but it was fixed faster than expected; ticket closed, please ignore.
  • VUFIND-635 - This ticket includes a patch to add Clickatell SMS support to VuFind.
  • VUFIND-636 - This new ticket differentiates the EBSCO Discovery Service (EDS) API from the EBSCO Integration Toolkit (EIT) API (covered by VUFIND-423). It mentions the fact that EBSCO has released some code for incorporating EDS into VuFind. Tod mentioned his willingness to discuss license terms with EBSCO if their existing code is not already licensed in a way that allows inclusion in the trunk.

2. VuFind 2.0 Update

Demian is making good progress converting remaining controllers and adding missing features.

One significant recent change: the return format of the record driver's getURLs() method has been changed to offer greater flexibility (you can specify internal routes as well as external URLs, and you can include the same URL multiple times if you really want to).

The Zend\Db component has been missing delete capabilities for a while, which has prevented a few features from being implemented properly; the latest release (RC4) solves this problem, so Demian will be able to finish up some key VuFind modules soon. There is still a problem with multi-part keys that needs to be resolved, but Demian has submitted a pull request that he hopes will be accepted in a future release candidate.

ZF2 is less flexible than ZF1 in terms of handling exceptions thrown by view templates. ZF1 redirects to an error controller when a template throws an exception, but ZF2 just dies. A better approach to this problem will be considered for ZF 2.1, but we may need to figure out a VuFind-specific workaround in the meantime. (Since some of the objects sent to the view feature lazy-loading, view rendering can trigger ILS accesses and Solr lookups, and if these services are offline, exceptions can occur).

Demian also needs to spend some time looking at how caching works in ZF2; it is quite different from ZF1, and all cache-related code is still commented out in the VF2beta code at the moment.

David Maus has been working on refactoring the \VuFind\Connection\Solr class from one monolithic class into a set of interworking components.

Chris should be returning soon, so Demian will have a bit more support to finish up remaining issues.

3. VuFind Developers Summit 2012

A preliminary schedule is being drafted and should be posted soon on the VuFind Summit 2012 wiki page. Presentation slots are filling up, so please submit your presentations soon. Also on the wiki page are a couple of new areas for user input:

1.) There is a “lightning round” signup section for people interested in giving 5-minute presentations about specific features/enhancements of VuFind.

2.) There is a “breakout session idea” section where people can post ideas for small-group discussions during the conference's breakout sessions.

4. Open Data / Shared Central Index

Filipe has added an entry for SpringerOpen. He next plans to investigate settings for importing from InTech Open, an eBook provider.

5. Other Topics?

Al brought up the subject of LibX causing COinS to display awkwardly. Demian has adjusted the trunk to give COinS spans a display:none property – this should prevent them from appearing when LibX is installed without breaking Zotero, etc. It's an easy fix to apply to an existing install (just add a couple lines to CSS) if necessary.

Filipe has been brainstorming a “remember me” solution for VuFind's login system. He would like to find a way to uniquely identify a remote machine without using cookies for cross-browser memory. However, this would seem to require generation of a key on the client, which would require extra components (i.e. a Java element) and could still be spoofed. It would also be very dangerous in combination with public terminals. There was also discussion of multi-level authentication (i.e. remember the user for “safe” actions but require reauthentication for “dangerous” actions… with configuration for defining what is safe and what is dangerous).

Demian's recommendation: implement with cookies for now (the most common practice in this area) but make the long-term authentication mechanism configurable so the cookie check can be replaced with something else if we devise a more clever mechanism for identifying users.

Everyone agrees that this system should be optional – not everyone will want it, and in some cases it will cause problems (i.e. in combination with single sign-on).

David pointed out the Cross-Site Request Forgery as something that should be watched for.

Next Call

The next call will be Tuesday, September 4, 2012 at 10am Eastern Daylight Time (14:00 GMT).

developers_call/minutes20120821.txt · Last modified: 2015/12/21 17:23 by demiankatz