+1 On Mon, Jul 26, 2021 at 7:38 PM Dongxu 王东旭 <echo...@gmail.com> wrote:
> +1 > > ccing Manolo, thank you. > > On Mon, Jul 26, 2021 at 10:16 AM Rene Cordier <rcord...@apache.org> wrote: > >> +1, >> >> Rene. >> >> On 23/07/2021 16:00, btell...@apache.org wrote: >> > Hello all, >> > >> > Following a first email on the topic [1] I would like to call for a >> > formal vote on Apache James Hupa retirement. >> > >> > [1] >> https://www.mail-archive.com/server-dev@james.apache.org/msg70575.html >> > >> > Rationnals: >> > - The latest release (0.3.0) dates from 2012 which is an eternity in >> > computing. >> > - The latest tag on Github is 0.0.3 >> > - The pom references 0.0.5-SNAPSHOT suggesting that 0.0.4 release is >> > lost :-( >> > - This repository is crippled by multiple CVEs (quick dependabot >> review): >> > - CVE-2021-29425 (commons-io) >> > - GHSA-m6cp-vxjx-65j6 CVE-2017-7656 CVE-2015-2080 CVE-2017-7657 >> > CVE-2019-10241 CVE-2019-10247 (Jetty server) >> > - CVE-2020-9447 (gwtupload) >> > - GHSA-g3wg-6mcf-8jj6 (jetty-webapp) >> > - CVE-2019-17571 (log4j) >> > - CVE-2016-1000031 CVE-2016-3092 (commons-fileupload) >> > - Sporadic activity since 2012 >> > - Zero to no exchanges for several years on the mailing lists. >> > >> > Given that alternatives exists, given that the project is >> > likely not mature, unmaintained and unsecure, I propose to retire this >> > Apache James subproject. >> > >> > |Voting rules: - This is a majority vote as stated in [2] for procedural >> > issues. - The vote starts at Friday 23rd of July 2021, 4pm UTC+7 - The >> > vote ends at Friday 30th of July 2021, 4pm UTC+7 [2] >> > https://www.apache.org/foundation/voting.html Following this >> retirement, >> > follow up steps are to be taken as described in [3] [3] >> > https://www.mail-archive.com/server-dev@james.apache.org/msg70585.html >> | - 1. Get a formal vote on server-dev mailing list >> > - 2. Place a RETIRED_PROJECT file marker in the git >> > - 3. Add a note in the project README >> > - 4. Retire the ISSUE trackers (Project names HUPA and POSTAGE) >> > - 5. Announce it on gene...@james.apache.org and announce@apache >> > - 6. Add a notice to the Apache website, if present >> > - 7. Remove releases from downloads.apache.org >> > - 8. Add notices on the Apache release archives (example >> > https://archive.apache.org/dist/ant/antidote/ < >> https://archive.apache.org/dist/ant/antidote/>) >> > >> > Best regards, >> > >> > Benoit Tellier >> > || >> > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org >> > For additional commands, e-mail: server-dev-h...@james.apache.org >> > >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org >> For additional commands, e-mail: server-dev-h...@james.apache.org >> >>
