Samvera Tech Call 2022-07-13

Meeting Logistics:

Time: 9:00am PDT / Noon EDT
Zoom Meeting URL: https://princeton.zoom.us/j/7739591625
(link will launch Zoom client – if you do not have Zoom, expand the instructions below)

Meeting ID: 773 959 1625

One tap mobile

+13017158592,,7739591625# US (Washington DC)
+13126266799,,7739591625# US (Chicago)

Dial by your location

+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
+1 646 558 8656 US (New York)
+1 253 215 8782 US (Tacoma)
+1 346 248 7799 US (Houston)
+1 669 900 6833 US (San Jose)
888 788 0099 US Toll-free
877 853 5247 US Toll-free

Meeting ID: 773 959 1625

Find your local number: https://princeton.zoom.us/u/abfeKpHD7T

Join by SIP 7739591625@zoomcrc.com

Join by H.323

162.255.37.11 (US West)
162.255.36.11 (US East)
115.114.131.7 (India Mumbai)
115.114.115.7 (India Hyderabad)
213.19.144.110 (Amsterdam Netherlands)
213.244.140.110 (Germany)
103.122.166.55 (Australia Sydney)
103.122.167.55 (Australia Melbourne)
64.211.144.160 (Brazil)
69.174.57.160 (Canada Toronto)
65.39.152.160 (Canada Vancouver)
207.226.132.110 (Japan Tokyo)
149.137.24.110 (Japan Osaka)

Meeting ID: 773 959 1625

Agenda (meeting notes below)

https://github.com/samvera/maintenance/issues/37
- https://samvera.atlassian.net/wiki/spaces/~70121ae51e90989be4f3fbc710d6c1602e1fe/pages/2003042307
Datacite documentation request (Heather)
- Questions from Datacite:
- I think the work to add DOI registration features to Hyku done by Ubiquity has been incorporate into the main codebase (since there’s some code that can hold DataCite creds), but we’re not completely sure how it works. Where could we find documentation?
  Is there are support in Hyrax for DOI registration? From these pull requests it seems like maybe? . If so, we’d love to know more and get links to docs, if possible, so we can share that info with our community.
Reorganizing Hyrax Github repo documentation (.md files) (Julie)
Rails CVE

Moderator: @Bradley Watson (Emory University)

Notetaker: @James Griffin (Princeton University Library)

Attendees:

@Collin Brittle (Emory)
@Juliet Hardesty (Indiana University)
@Heather Greer Klein (Samvera Community)
@Daniel Pierce (Indiana University)
@Thomas Scherz (University of Cincinnati)
@Brendan Quinn (Northwestern University)
@Rob Kaufman (Scientist)

Meeting Process

Standing pre-agenda items (moderator)
1. Welcome
  - "Welcome everyone, please add your name to the Attendees list. If you are unable to do so, please let us know, and someone will add you. To any newcomers, Welcome, and please feel free to ask questions. Likewise for all attendees. We strive for an open and accessible conversation around Samvera technology."
2. Call for new agenda items
Follow Agenda from above (facilitated by moderator) and record notes in Notes section below (note taker)
Standing post-agenda items (moderator)
1. call for next moderator and note taker (moderator)
  1. Moderator:
  2. Notetaker:
2. Samvera help follow-up (moderator)
3. Pull request review (moderator)
Post-meeting action (note taker)
1. After call, this week's notetaker should create the agenda for the next call:
  1. Open template agenda titled "Samvera Tech Call 2022-xx-xx"
  2. Click on ... in the top right corner, and select copy.
  3. Popup will open for location. It should contain:
    1. Space: Samvera
    2. Parent page: 2022
  4. Select copy. New page should be created.
  5. Modify the title to remove "copy of", update it with the next date, add moderator, notetaker, and any carry-over agenda info. Click Publish.

Notes

Community Projects
- Docker Hub and GitHub releases
  - fcrepo is maintained by mbklein on Docker Hub
  - Otherwise there are Docker images on GitHub
- Desire to publish NPM packages is there for Samvera contributors
Deprecate the Hierarchy of Promises
- This can be archived
DataCite Documentation Request
- Heather had outreach from DataCite folks
- Interested in documentation for Samvera/DataCite integration support by community members who are actively using DataCite
- Is there any existing DataCite documentation?
  - Hyku integration is offered by Scientist.com contributors
- Not many attending the call are experienced in using DataCite integration
- - Chris Colvard may have more significant experience
- - Same code, just ported into different branches
Hyrax Documentation Reorganization
- /.github directory has some duplicate Markdown files
- Documentation as Markdown or text files should be moved to the root (/) of the repository
- GitHub has an updated workflow for creating workflow templates
  - Addressing this just requires that the ISSUE_TEMPLATE.md be moved to a different directory (/.github)
- /documentation directory also exists, but GitHub does not parse this as a supported documentation directory
  - No opposition to retaining this, but GitHub does support /docs
  - Changing /documentation to /docs might still be desirable
Rails CVE
- Vulnerability for Rails 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1
- This was discussed within the Hyrax IG
  - If you use #serialize in ActiveRecord, there is the possibility of a RCE attack
  - This is not used in Hyrax, but it is invoked within Blacklight
- Solution is to upgrade Rails, and this also breaks YAML serialization for Blacklight upstream
- Rails community should offer new patch versions fairly soon
  - In turn, Blacklight patch releases should also be released in the near future
- bulkrax and allison_flex also call the afflicted method
- A volunteer shall create issues on Hyrax, bulkrax, and allison_flex addressing these issues
- Please also monitor the #blacklight Channel in the Code4Lib Slack
valkyrie-shrine 1.0 release
- Thank you from Brendan Quinn!
Next Scheduled Samvera Tech Call (07/20/22)
- Moderator: @Daniel Pierce
- Notetaker: @Bradley Watson
Support Requests (Slack)
- None unresolved
Pull Request Review
- No reviews were requested for any existing pull requests

Call concluded at 09:33 PDT/12:33 EDT