I wanted to forward this on. I found this article this morning talking about the issue on itworld. http://www.itworld.com/article/3004632/thousands-of-java-applications-vulnerable-to-nine-month-old-remote-code-execution-exploit.html
Thanks,Don Freeman On Thu, Nov 12, 2015 at 10:11 AM, Gary Gregory<garydgreg...@gmail.com> wrote: On Nov 11, 2015 11:45 PM, "Emmanuel Bourg" <ebo...@apache.org> wrote: > > Le 12/11/2015 04:39, Phil Steitz a écrit : > > > That is frankly ridiculous. To -1 a release based on false positive report about files not included in the release is absurd. > > I agree with Phil. We are releasing code, not reports. Keep in mind that we release sources and provide binaries as a convenience. I consider it cleaner and proper to have all files in the source package cleanly licensed and producing a clean build. Gary > > Emmanuel > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org >