On Thu, Jul 23, 2009 at 10:19 PM, Dennis Sosnoski <[email protected]> wrote:
> Glen Daniels wrote: > >> Hi Dennis: >> >> Dennis Sosnoski wrote: >> >> >>> Whether officially led by WSO2 or not, certainly most of the direction >>> of the project has come from people associated with WSO2 and/or the Sri >>> Lanka university... >>> >>> >> >> I agree re: most of the committership having historically been from WSO2, >> but >> also IBM. You may not be aware that I'm no longer associated with WSO2 as >> of >> January; these days I'm an independent consultant. >> >> > > Ah, I didn't realized this had changed. The WSO2 site had still listed you > (and dims) as part of the team as of recently, but no longer does so. > > >> >>> As to Axis2 status, you don't see a problem in pointing people at a >>> latest Axis2 release which only supports HTTP transport and does not >>> have any corresponding Rampart release?... >>> >>> >> >> (Note - all the transports are usable with Axis2 1.5, there just hasn't >> been >> an official release. It's not as if Axis2 1.5 "only" supports HTTP.) >> >> > > I can't even find the transports project on the web site, so it seems to be > asking a bit much of users that they track this down on their own, build, > and use a snapshot version of the code in their projects. > > Although of course this is a team effort, I'll step up to take this one >> since >> as release manager I should have at least been pushing harder to get the >> transports release happening in parallel. I did ping the Rampart guys, >> but >> everyone has been pretty busy (including me). >> >> I'm going to try and get 1.5.1 out the door ASAP, and will commit to at >> least >> the transports happening along with that. >> >> > > Sounds great, Glen! But Axis2 really requires compatible Rampart and > probably Sandesha releases since these implement functionally which is > crucial to Axis2's intended usage. The lagging releases of these other > projects have been problems with past Axis2 releases, too. Is there anything > we can do to assure that users get a fully-functioning web services stack > based on Axis2 as part of a release? > > Perhaps in the future there should be a single release manager for at least > Axis2, transports, and Rampart, with no official release of Axis2 until the > other essential components are also ready for release? > We were waiting for WSS4J and XMLSEC releases to spin the Rampart release as we wanted to include the fixed versions for for XML signature HMAC truncation authentication bypass vulnerability [1]. Sean released XML Security 1.4.3 on 22nd July and Clom will call a vote for WSS4J 1.5.8 soon. We can release Rampart 1.5 just after that. thanks, Nandana [1] - http://www.kb.cert.org/vuls/id/466161
