 
Use of JCP site is subject to the
JCP Terms of Use and the
Oracle Privacy Policy
 |
|
Executive Committee Meeting Minutes |
Tuesday, April 13, 2021 |
PMO |
|
Executive Committee |
Total Attendance: 18 of 18 voting members
|
Since 75% of the EC's voting members were present, the EC was quorate for this session. |
The EC Standing Rules state the following penalties for non-attendance at EC meetings (note that those who participate in face-to-face meetings by phone are officially counted as absent):
Missing two meetings in a row results in a loss of voting privileges until two consecutive meetings have been attended.
Missing five meetings in a row, or missing two-thirds of the meetings in any consecutive 12-month period results in loss of the EC seat.
There are no changes in voting privileges as a result of this meeting.
There are no personnel changes to report.
Heather presented the usual EC stats (see the presentation for details).
Heather presented JCP Membership stats and 2020 Year End Summary (see the presentation for details). Chandra asked about JUG members using an alias for the primary or alternate contact. Amelia asked if Java in Education could be added to the summary.
Heather introduced the inquiry from Stephen Michell from the ISO/IEC JTC1/SC 22 WG: Programming languages, their environments and system software interfaces. Don Deutsch gave a summary of the ISO/IEC WD TR 24772-11 Information technology - Programming languages - Guidance to avoiding vulnerabilities in programming languages - Part 11: Guidance for programming language Java. Don noted that of the 10-15 ISO languages, some but not of those languages have a similar vulnerabilities report. Don also provided a summary of the process typically used in ISO. Heather briefly reviewed the Secure Coding Guidelines document that is delivered and updated for (at least) each Java SE platform release and the OpenJDK Vulnerabilities Group to address immediate security issues. Aleksei expressed that there is a risk to have a report published that is incorrect, and that static reports are problematic. The target audience of the paper and the access to the report is also unclear. Amelia pointed out that it could be dangerous for the EC to be a part of something that is incorrect. Anish pointed out that since Java is overseen by the JCP, a report by ISO could create confusion in the community. Ken added that it is clear the JCP is the place to standardize Java. Gotz shared a link with published drafts. Tim made the distinction that in the OpenJDK Vulnerabilities Group, it is focused on implementations, not the language. He also made the observation that in the Java community, books are published on security topics. Heather summarized the concerns expressed by the EC as follows: Given the current six-month cadence of Java releases, the time and expectations of the community for updates does not match with the ISO timeframes, there is concern about the access, format and content, and the potential for confusion to the developer community. Heather invited interested EC Members to attend a follow up meeting with Stephen Michell to discus, and agreed to provide an update at the next EC Meeting.
Heather reviewed the summary of discussions in the Java in Education. We reviewed that EC Members can use a the social media template to promote the importance and need for Java developers, and to spread the word about Java in Education for JUG leaders. We will be working on materials for JUG leaders focused on how developers are utilizing Java in industry, to be published on the GitHub wiki.
Doug Locke presented an update on JSR 302 (see the presentation for details).
Heather reviewed the remaining dates for the 2021 calendar. We will plan to meet virtual through 2021. We then adjourned the meeting.
