I agree, there is no such interest in using and maintaining that piece of software, let's retire it.
My vote is +1 Thanks - Manolo On Mon, Jul 26, 2021 at 1:39 PM Dongxu Wang <don...@apache.org> wrote: > +1 > > On Mon, Jul 26, 2021 at 7:38 PM Dongxu 王东旭 <echo...@gmail.com> wrote: > > > +1 > > > > ccing Manolo, thank you. > > > > On Mon, Jul 26, 2021 at 10:16 AM Rene Cordier <rcord...@apache.org> > wrote: > > > >> +1, > >> > >> Rene. > >> > >> On 23/07/2021 16:00, btell...@apache.org wrote: > >> > Hello all, > >> > > >> > Following a first email on the topic [1] I would like to call for a > >> > formal vote on Apache James Hupa retirement. > >> > > >> > [1] > >> https://www.mail-archive.com/server-dev@james.apache.org/msg70575.html > >> > > >> > Rationnals: > >> > - The latest release (0.3.0) dates from 2012 which is an eternity in > >> > computing. > >> > - The latest tag on Github is 0.0.3 > >> > - The pom references 0.0.5-SNAPSHOT suggesting that 0.0.4 release is > >> > lost :-( > >> > - This repository is crippled by multiple CVEs (quick dependabot > >> review): > >> > - CVE-2021-29425 (commons-io) > >> > - GHSA-m6cp-vxjx-65j6 CVE-2017-7656 CVE-2015-2080 CVE-2017-7657 > >> > CVE-2019-10241 CVE-2019-10247 (Jetty server) > >> > - CVE-2020-9447 (gwtupload) > >> > - GHSA-g3wg-6mcf-8jj6 (jetty-webapp) > >> > - CVE-2019-17571 (log4j) > >> > - CVE-2016-1000031 CVE-2016-3092 (commons-fileupload) > >> > - Sporadic activity since 2012 > >> > - Zero to no exchanges for several years on the mailing lists. > >> > > >> > Given that alternatives exists, given that the project is > >> > likely not mature, unmaintained and unsecure, I propose to retire this > >> > Apache James subproject. > >> > > >> > |Voting rules: - This is a majority vote as stated in [2] for > procedural > >> > issues. - The vote starts at Friday 23rd of July 2021, 4pm UTC+7 - The > >> > vote ends at Friday 30th of July 2021, 4pm UTC+7 [2] > >> > https://www.apache.org/foundation/voting.html Following this > >> retirement, > >> > follow up steps are to be taken as described in [3] [3] > >> > > https://www.mail-archive.com/server-dev@james.apache.org/msg70585.html > >> | - 1. Get a formal vote on server-dev mailing list > >> > - 2. Place a RETIRED_PROJECT file marker in the git > >> > - 3. Add a note in the project README > >> > - 4. Retire the ISSUE trackers (Project names HUPA and POSTAGE) > >> > - 5. Announce it on gene...@james.apache.org and announce@apache > >> > - 6. Add a notice to the Apache website, if present > >> > - 7. Remove releases from downloads.apache.org > >> > - 8. Add notices on the Apache release archives (example > >> > https://archive.apache.org/dist/ant/antidote/ < > >> https://archive.apache.org/dist/ant/antidote/>) > >> > > >> > Best regards, > >> > > >> > Benoit Tellier > >> > || > >> > > >> > > >> > --------------------------------------------------------------------- > >> > To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org > >> > For additional commands, e-mail: server-dev-h...@james.apache.org > >> > > >> > > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org > >> For additional commands, e-mail: server-dev-h...@james.apache.org > >> > >> >
