10.17.2022 TT Agenda - QualitativeDataRepository/TechnicalTeam GitHub Wiki

People

@nniicc @adam3smith @stahs @qqmyers

Discussion Topics

Admin

  • None

Seba & Jim Coordination

Seba

  • Updates on how we should approach CBA for encrypt at rest on AWS

Jim

  • Report
  • CKEditor - v5 is on develop and can be tested
  • With community interest (ASU, JHU, others), I've updated the sort by tag/folder PR that was initially closed when Dataverse was planning other dataset page changes.
  • Sebastian has been active adding/updating IQSS issues related to metadata/DataCite, etc. It would be good to review which ones are ready for QDR development - I've tried to follow but not sure I've caught everything.
  • Discovered that there's a reported issue related to datasetversion not being recorded in the guestbook. I've had a background note to check into that and this issue provides a repeatable use case to look into.

Notes

Seba

  • AWS S3
  • ROI on encryption on S3 - this uses KMS from Amazon. High quality encryption standards. However, in order for it to work in the applications - it has to be managed automatically. If a bucket is misconfigured, it can have public access. (which is the same way we have it set up now)
  • Encryption by default on all objects - when this is flagged - it encrypts any object moving forward, trick is to reiteratre over existing data with a script to encrypt holdings
  • Key management is still through Amazon
  • If we want to encrypt backups at ICT @ SYR - thats a lot more work - so we would have to pull the bucket, encrypt the bucket, and then send to ICT (And then we would have to manage those keys)
  • On amazon side - default is to bounce off of a key server - but there is an alternative to encrypt the entire bucket and not have to manage multiple keys
  • We could take this approach to SYR ICT - by depositing in an encrypted disk storage there (lock the front door vs locking the safe in the house behind the door)

Decision - Move forward with encryption

  • Dataverse production buckets

JVM profiler

  • Was using some libraries from guava
  • Jim had to fix broken calls - created a new jar that is running on dev and stage (nothing should be broken :) )
  • Should be sending stats to grafana

Jim discussion

  • CKeditor is turned on for Drupal
  • Will be required for D10 - supposed to be in December
  • Three big issues around JSON-LD that SK has flagged in IQSS repositories - we should contribute / take up to make sure these are fixing issues for QDR (two are trivial, third is not terribly hard and may already be implemented with OpenAIRE)
  • Missing dataset version in guestbook entries - not a large priority but some clue as to why this is happening ...

Assigned Tasks / Decisions