A more reasonable and measured article that appeared in JavaWorld: http://www.javaworld.com/article/3003197/security/library-misuse-exposes-leading-java-platforms-to-attack.html
On Fri, Nov 13, 2015 at 8:19 AM, Donald Freeman <dbfre...@yahoo.com.invalid> wrote: > > I wanted to forward this on. I found this article this morning talking > about the issue on itworld. > > http://www.itworld.com/article/3004632/thousands-of-java-applications-vulnerable-to-nine-month-old-remote-code-execution-exploit.html > > Thanks,Don Freeman > > > On Thu, Nov 12, 2015 at 10:11 AM, Gary Gregory<garydgreg...@gmail.com> > wrote: On Nov 11, 2015 11:45 PM, "Emmanuel Bourg" <ebo...@apache.org> > wrote: > > > > Le 12/11/2015 04:39, Phil Steitz a écrit : > > > > > That is frankly ridiculous. To -1 a release based on false positive > report about files not included in the release is absurd. > > > > I agree with Phil. We are releasing code, not reports. > > Keep in mind that we release sources and provide binaries as a convenience. > I consider it cleaner and proper to have all files in the source package > cleanly licensed and producing a clean build. > > Gary > > > > > Emmanuel > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > >