Make security authentication in Government and Public services more secure.
At the Moment, I'm fighting with a monolithic, untouched Java 8 / JavaEE6 service which has lots of old dependencies and that uses old cryptographic ciphers, some of them classified as unsafe (e.g. brainpool512p1).
None knows how to make a reproducible build, since everyone gets a different and working or not-working package and some modules are not even released (using the infamous -SNAPSHOT) in maven and there's no documentation. Unfortunately, there's little testing, so everything can be broken easily and none can know it.
Some developers are also really undisciplined, touching code but not running end-to-end (manual) testing, not even running the installer.
If I had the decision power, I would throw this thing away and start from scratch, probably without Java too or, if Java, at least the latest one and maybe Spring, not JavaEE: Wildfly moves too fast and each release breaks compatibility with the previous one, concerning settings (RedHat: why do you do this??)
At the Moment, I'm fighting with a monolithic, untouched Java 8 / JavaEE6 service which has lots of old dependencies and that uses old cryptographic ciphers, some of them classified as unsafe (e.g. brainpool512p1).
None knows how to make a reproducible build, since everyone gets a different and working or not-working package and some modules are not even released (using the infamous -SNAPSHOT) in maven and there's no documentation. Unfortunately, there's little testing, so everything can be broken easily and none can know it.
Some developers are also really undisciplined, touching code but not running end-to-end (manual) testing, not even running the installer.
If I had the decision power, I would throw this thing away and start from scratch, probably without Java too or, if Java, at least the latest one and maybe Spring, not JavaEE: Wildfly moves too fast and each release breaks compatibility with the previous one, concerning settings (RedHat: why do you do this??)