The 1.3.6 branch should be in pretty good shape now, except for that NetSSL leak I mentioned in a previous post. Before officially releasing 1.3.6, I’d like to have it tested a bit more. So if you are currently using 1.3.5 and can donate some time, please get 1.3.6 from SVN and test it with your application.
I hope to have some time to look at the SSL issue later this week. If all goes well, 1.3.6 will be released before end of November.
Update 2009-11-16: I found and fixed the NetSSL issue. Also committed some minor features and bugfixes to the 1.3.6 branch today. Everything looks great now for a release next week!
This week I fixed a few more issues for the upcoming 1.3.6 release. Everything is in the 1.3.6 branch in SVN. There are a few more bugs that need to be fixed before we can release. One that’s particulary nasty is #2864380. The memory leak only occurs if client or server certificate validation is performed (Context::VERIFY_RELAXED or Context::VERIFY_STRICT). Now the strange thing is that the NetSSL code does nothing special in this case, it just affects the call to SSL_CTX_set_verify() in the Context constructor. So either the leak is in OpenSSL (which I don’t really believe), or we’re using OpenSSL in an inappropriate way. If anyone could take a look at this issue, this would be highly appreciated.
Update 2009-11-16: I found and fixed the NetSSL memory issue.
These days in September 2004, five years ago, I started working on a set of C++ libraries that would reflect my idea of how to write proper C++ programs. What I wanted was a set of C++ libraries for the internet age. Easy to use and quick to learn for those already familiar with things like the Java Class Library or the .NET framework. And yet something that was true C++, combining the best of classic and modern C++. With source code that’s a joy, not a pain, to look at. After a few months of work (beside the consulting/contracting work I was doing at the time), the first public release of the C++ Portable Components, as it was called back then, was on February 21, 2005. Only a few months later, Alex joined the project as first contributor. Fast forward five years. POCO has become one of the more popular C++ class libraries. Lots of people have been building amazing applications with POCO. For a small sample, just look at the Wiki.
Now we would like to take POCO to the next level. As you probably have noticed, development work on new features has slowed down quite a bit in the recent months. While we have (had) a few people contributing significant amounts of work to the project, most of the work is still being done by Alex and myself. And this is where the main problem lies. While we both really enjoy working on POCO, we have to do other jobs as well — mostly because, for the most part, it’s these other jobs that pay our bills and nurture our families. In my case it’s work on consulting jobs, as well as my company’s commercial product offerings; in Alex’s case its his day job. This does not leave enough time to bring POCO to where we’d like it to be (more on that in an upcoming post). What the project would really need right now is the equivalent of one software developer working full time on POCO. Now, here in Europe, a full time software developer costs a minimum of around EUR 60.000 a year. That’s a lot of money. The original plan was to eventually make enough money from commercial support contracts to fund the ongoing development of POCO. That was a great plan, only it did not work out. Most people simply don’t need support (which, ironic as it may sound, is actually the goal of any good product) or, for various reasons, don’t want to pay for it. Now, my company does have valued customers paying a good amount of money for support and licenses. But this is almost all for my company’s commercial products, so development of these products is what the revenues are used for.
To make a long story short, what I want to introduce is a donation and sponsorship program for the POCO project. Similar to what other open source projects do, various sponsorship levels are planned. Sponsors will be acknowledged on the website, as well as in source code releases. The ultimate goal is to have a new organization — the POCO Foundation — oversee management of donations. Donations will, of course, be exclusively used for the ongoing development of POCO. The exact details of how all this will work haven’t been set in stone yet, so any input is welcome. Of course, anyone wanting to contribute significant amounts of work time instead of money is very welcome as well.
Issam Lahlali, lead developer of the CppDepend static analyzer, was nice enough to tell me about a source code analysis of POCO, done with CppDepend. You can find the detailed analysis in his blog. In summary, POCO is well designed and implemented, according to his analysis. Not that I would have expected anything else ;-), but nevertheless it feels good to get an independent opinion.
I have added JSONParser & friends to the sandbox. The code was ported from JSON Parser. At first, I intended to wrap the library, but things got really messy, so I decided to pull out what I need and tweak it into a more tidy codebase. Experience was a nice reminder of why I have evolved from C to C++ (flames welcome ;-). At any rate, I’m quite satisfied with the outcome and if anyone has use for this, please do some testing and give feedback. This is just an initial approach and I have only compiled it on Windows w/ VS 2008.
I have created a branch for the 1.3.6 release today. This is a bugfix release that fixes the bugs introduced with 1.3.4/1.3.5, plus some other open issues. 1.3.6 will be released in the coming weeks.
If you like POCO, nominate it for the 2009 Community Choice Award.
Happy Easter to everyone! I’ll take off until Tuesday, then finish the 1.3.4 release so that it goes out next week. A few last-minute additions have unfortunately delayed the release quite a bit. But it’s worth the wait. Some of the new goodies in 1.3.4 include a fully writable XMLConfiguration, a new Poco::Util::Timer class that allows for multiple timers handled by one thread, automatic retry in Poco::Data::SQLite if the database is locked, and lots of bug fixes and other enchancements.
I have just added Sockets library with local (aka UNIX) sockets support to SVN sandbox. The code was extracted from Net library and slightly modified to accommodate for UNIX sockets. For the time being, tested only on Linux. I’ll do Solaris testing as well, whoever can run it on other platforms, please do and report back any modifications. As for the final destiny of this code, the jury (aka Günter) is still out, but the idea behind this madness is to provide a contribution to IPC and IO efforts. Comments welcome.