Engineering and Communication - Dana Robinson on Call the Doctor, May 2, 2023
Dana Robinson (@derobins) will be hosting Call the Doctor on Tuesday, May 2. Dana is the Director of Software Engineering, and will be using this time to talk about some changes he’s making to the way The HDF Group interacts with our community members.
If you would like to communicate directly with Dana, you can email him at derobins -at- hdfgroup.org.
HDF5 WORKING GROUPThere will be a 1-hour weekly meeting on Thursday at 10 am CDT where we will go over more complicated pull requests, new issues, and discuss library development. This meeting is open to the public. For right now, this will require a Teams invite, which I will be happy to hand out to anyone who wants to join.
We should probably emphasize that this is NOT a replacement for the Call the Doctor session. It’s not for people to ask technical questions. It’s only for developers or people who care about a PR or issue.
HDF5 INTERNALS SEMINARS
These will be informal seminars about library internals on the 4th Friday of every month at 10 am CDT. These will be open to the public, but will also require a Teams invite for now. These will be VERY low level and targeted at library engineers.
BETTER GITHUB ENGAGEMENT
We will be dedicating a rotating engineer to keep an eye on GitHub, so issues should be tagged and triaged within a day of being created. This person will also be responsible for helping to get simpler PRs merged (more complicated PRs will have to wait for the working group meeting, above). The tagging system we have adopted in HDF5 will be exported to HDF4, HDFView, and hsds and I’ll demonstrate that. Product-specific project management on GitHub is being investigated, but is still a work in progress.
HDF5 1.10 RELEASE CHANGES
HDF5 1.10.11 will be released in the fall. This will be the last release of the 1.10 line.
HARDENED FILE I/O AND THE CVE REPOSITORY
We’ve made a pass over the library to harden the layer that reads HDF5 metadata from the disk. It’s now more careful about checking for invalid files and cleaning up resources when mis-parsed files are encountered. This was a frequent source of CVE and oss-fuzz issues. We are also putting together a repository that will consolidate CVE proof-of-concept files and a test script that can be run against any version of the library to see which CVE issues are unfixed (and to ensure we don’t regress).
CHANGE COMMUNICATION
I’ll introduce our scheme for communicating changes to our products via the forums and other modes of communication.
To join, just jump on the zoom: https://us06web.zoom.us/s/9828688008
May 2, 2023 12:20 p.m. central time US/Canada
’