Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ditto-dev] Project vserver changes
Hello infrastructure team.

The "Eclipse Ditto" still uses the vserver, however maybe we can find an alternative which does not cause so much effort for both you and us Ditto maintainers (we don't really have the resources to properly provide the vserver with security patches).

We use the sandbox for 2 purposes:
  • As a "sandbox" to try out a public available Ditto, with no guarantees regarding availability, etc
  • To host our WoT (Web of Things) context extension ontology
The first point we can stop supporting, we do not see much benefit any longer in that.
The second point however is important.

Let me explain:
At https://ditto.eclipseprojects.io/wot/ditto-extension# we host an nginx managed endpoint which:
Would we be able to do this in a different way (e.g. via the project website or via GitHub pages), we could "move" this endpoint to somewhere else.
Then we would be able to shut down the vserver.

In nginx we configured it like this:

http section:
map $http_accept $ld_suffix {
  default                 ".html";
  "~application/html"     ".html";
  "~application/ld\+json" ".jsonld";
  "~text/turtle"          ".ttl";
  "~application/rdf\+xml" ".rdf";
}
Those files we serve at "/wot" path:
https://github.com/eclipse-ditto/ditto/tree/master/documentation/src/main/resources/wot

server section:
location /wot {
  try_files $uri $uri$ld_suffix =404;
}

Do you see an option serving those files via "content negotiation" at the same resource?
It would also be good if we can "keep" the current endpoint at https://ditto.eclipseprojects.io/wot/ditto-extension# - maybe with a redirect.

Thanks in advance.
And best regards from the Ditto project lead
Thomas Jäckle

On Wed, 6 Nov 2024 at 22:51, Eclipse Webmaster <webmaster@xxxxxxxxxxxxxxxxxxxxxx> wrote:

Hello,


  As part of our ongoing work to improve security there is an upcoming change in how we handle project virtual servers, and how they are expected to be managed by your team you need to be aware of.


By way of background, the Eclipse Foundation discontinued project virtual servers from its offering many years ago. All currently operating virtual servers are part of a grandfathered offering.


Starting in Q1 2025, we are requiring that all projects that have a virtual server hosted by or sponsored by the Foundation submit and maintain an update schedule.  This schedule should indicate who on the project team is responsible for managing the server, and establish a consistent update cadence for both software and the OS that your project will follow.


Members of the project that are identified as responsible will also be added to our GDPR notices if they do not already receive them, so they can action any GDPR requests the Foundation receives.


If the project doesn’t have anyone that is willing to take on such responsibilities, we should begin discussing the graceful shutdown of your project virtual server.

Please submit your schedule to security@xxxxxxxxxxxxxxxxxxxxxx by February 17, 2025 or engage with the Security or Infra(infrastructure@xxxxxxxxxxxxxxxxxxxxxx) teams via email by that time.  If we don’t hear from you by the due date, we’ll file an issue to schedule the shutdown, after which your data will be held briefly before it is removed.


-Matt.

Back to the top