-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 s/Deepal/Dims/ ? :)
Glen Daniels wrote: | | Deepal, what are you so worried about, exactly? That it will take | forever to get the release out? | | IMHO, a point release is for fixing critical issues, and should not | necessarily be limited to one particular issue. I think we should run | this basically just like a regular release but with a much shorter | timeframe. My suggestion: | | - Let's aim to get 1.4.1 out the door at the end of next week, i.e. July | 18th (is that enough time, Nandana?). | | - As always it's good to go through at least one RC so people can kick | the tires, check the artifacts, etc. So let's aim to get the RC out by | Tuesday the 15th. | | - Backing up, this allows a week (from today through next Monday) for | development work, during which time I think people should be able to fix | anything they consider critical (of course, with no new functionality). | | - As RM, Nandana gets the final say as to what gets checked in to the | branch and what does not. | | Thoughts? | | --Glen | | Davanum Srinivas wrote: | Exactly what i was afraid of :( Sigh! this is a *very* slippery slope. | | -- dims | | Amila Suriarachchi wrote: | | On Mon, Jul 7, 2008 at 6:03 PM, Davanum Srinivas <[EMAIL PROTECTED]> | wrote: | | | |> Nandana, | |> | |> +1 from me for you to be the Release Manager for 1.4.1 | | | | | | + 1 from me. | | | |> | |> IMHO, we should use 1.4 branch. The *ONLY* change should be the | |> security change. Nothing more. | | | | I think we need to fix any possible other critical issues as well. | | eg. https://issues.apache.org/jira/browse/AXIS2-3870 | | This is a memory leak and we need to fix this. | | | | thanks, | | Amila. | | | | | | | |> | |> thanks, | |> dims | |> | |> On Mon, Jul 7, 2008 at 6:50 AM, Nandana Mihindukulasooriya | |> <[EMAIL PROTECTED]> wrote: | |>> I would like to volunteer to be the release manager for Axis2 1.4.1. | |>> | |>> I think we can fix the critical issues in the 1.4 branch (or a 1.4.1 | |> branch | |>> ) and do the 1.4.1 release. I don't think doing 1.4.1 from the | trunk is | |> the | |>> appropriate way as trunk is now java 1.5 and has lot of major changes | |> after | |>> Axis2 1.4 . However we can fix any issues that are not already | fixed in | |> the | |>> trunk at the same time when we fix those in the branch. | |>> | |>> Hope this is oky with Axis2 release guidelines. | |>> | |>> thanks, | |>> nandana | |>> | |>> On Tue, Jul 1, 2008 at 6:39 PM, Davanum Srinivas <[EMAIL PROTECTED]> | |> wrote: | |>>> IMHO, The logic is the same as for blockers. If there is a work | |>>> around, it's not a blocker. So i am +0 on a 1.4.1 since there is a | |>>> work around that can be documented. | |>>> | |>>> That said, If someone is willing to drive a 1.4.1 as the release | |>>> manager, please do go ahead. | |>>> | |>>> thanks, | |>>> dims | |>>> | |>>> On Tue, Jul 1, 2008 at 2:48 AM, Sanka Samaranayake | <[EMAIL PROTECTED]> | |>>> wrote: | |>>>> Hi, | |>>>> | |>>>> For the users who is already using 1.4 version, the workaround | would | |> be | |>>>> to | |>>>> define policies in services.xml without using | <wsa:PolicyAttachment>. | |>>>> Then | |>>>> the problem is that those policies will appear in <wsdl:PortType> | |> which | |>>>> is | |>>>> not correct but security will apply for both format of service | URLs. | |>>>> | |>>>> Hence +1 for fixing that issue and do 1.4.1 release. | |>>>> | |>>>> Thanks, | |>>>> Sanka | |>>>> | |>>>> | |>>>> On Mon, Jun 30, 2008 at 8:59 PM, Nandana Mihindukulasooriya | |>>>> <[EMAIL PROTECTED]> wrote: | |>>>>> Hi, | |>>>>> There are few issues with Axis2 1.4 / Rampart 1.4 with the new | |>>>>> policy | |>>>>> configuration. The new policy configuration which allows us to | apply | |>>>>> policies to binding hierarchy is a great feature when in comes | to ws | |>>>>> security policy configuration. It allows security policies to be | |>>>>> attached to | |>>>>> the correct attachment points. But there are few issues that | need to | |> be | |>>>>> fixed in Axis2 1.4. I will list them below. | |>>>>> 1.) If we configure security using new configuration, | service can | |>>>>> be | |>>>>> accessed without security. | |>>>>> In Axis2 1.4, a service is exposed in two EPRs (consider | |> SOAP | |>>>>> 1.1 | |>>>>> binding). | |>>>>> eg. | |>>>>> | |>>>>> | |>>>>> | |> | http://localhost:8080/axis2/services/SecureService.SecureServiceHttpSoap11Endpoint | | |>>>>> http://localhost:8080/axis2/services/SecureService | |>>>>> But if we you set the policies using the new | configuration, | |>>>>> if | |>>>>> you do a web service call to the older EPR, you can access the | |> service | |>>>>> without any security even though it is secured using the binding | |>>>>> hierarchy. | |>>>>> This happens because if we call the old EPR, it is not | dispatched to | |> a | |>>>>> binding. But this leaves the service vulnerable. I think we should | |>>>>> dispatch | |>>>>> to one of the bindings may be using soap envelope version if we | have | |>>>>> only | |>>>>> one binding with that soap version. We should have a way to | dispatch | |>>>>> messages which comes to old EPR to one of the bindings else we | should | |>>>>> have | |>>>>> an option to disable that EPR. | |>>>>> | |>>>>> 2.) In the out flow, policies are not set correctly in the | |> binding | |>>>>> message. | |>>>>> This is fixed in the trunk but this bug is there in | Axis2 | |>>>>> 1.4. | |>>>>> | |>>>>> So the option we have is to configure security using the old | |>>>>> configuration. But then the problem is policies are attached to | the | |>>>>> port | |>>>>> type which is the correct way to do if we have policies using | |>>>>> <service>,<operation><message> tags. But this makes Axis2 not | |>>>>> interoperable | |>>>>> as security policies should be attached to binding hierarchy | |> according | |>>>>> WS | |>>>>> Security policy specification. Ideally we should always use the | new | |>>>>> configuration to apply security. And code generation also doesn't | |> work | |>>>>> correctly when the policies attached to the port type (polices are | |> not | |>>>>> correctly attached to the stub). | |>>>>> | |>>>>> So I think it would be great if can consider a Axis2 1.4.1 with | |>>>>> these | |>>>>> things fixed. | |>>>>> | |>>>>> thanks, | |>>>>> nandana | |>>>> | |>>>> -- | |>>>> Sanka Samaranayake | |>>>> WSO2 Inc. | |>>>> | |>>>> http://sankas.blogspot.com/ | |>>>> http://www.wso2.org/ | |>>> | |>>> | |>>> -- | |>>> Davanum Srinivas :: http://davanum.wordpress.com | |>>> | |>>> | --------------------------------------------------------------------- | |>>> To unsubscribe, e-mail: [EMAIL PROTECTED] | |>>> For additional commands, e-mail: [EMAIL PROTECTED] | |>>> | |> | |> | |> -- | |> Davanum Srinivas :: http://davanum.wordpress.com | |> | |> --------------------------------------------------------------------- | |> To unsubscribe, e-mail: [EMAIL PROTECTED] | |> For additional commands, e-mail: [EMAIL PROTECTED] | |> | |> | | | | |> - --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] |> | --------------------------------------------------------------------- | To unsubscribe, e-mail: [EMAIL PROTECTED] | For additional commands, e-mail: [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIchy5gNg6eWEDv1kRArXsAJ9t/jdFfrF8Qo1JvKnTxy3WOTqg8ACfe1oU 6AKiSfz+p+IVoG4O/Arno18= =xFf/ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
