@Matt Sicker Like what I said before, there be no current active commons committers who interested in developing bean-utils.
For example, commons-math have sebb, commons-lang & text & vfs have gary, commons-compress have peterAL, but seems nobody is interested in commons-beanutils Currently Gary maintains it, but he is busy, he maintains all commons-lib. There be no enough time for him one person to maintain such a lib, especially a lib who lack lots of refines(considering comparing with same utility in other libs, like what in Spring) So I really think it be good to have 1 or 2 new committers for maintaining commons-beanutils Melloware Inc <melloware...@gmail.com> 于2022年4月21日周四 09:57写道: > Matt, > > I totally agree. I asked over and over for almost a year for a release. > > I understand the contributors are busy. I was submitting PRs that were > not getting reviewed and merged. I have a client that had 2 concerns…the > security findings and the fact it still used commons collections 3 instead > of 4. > > I literally tried everything to get this Jar released you can look back > through the mailing list. So I finally resorted to “I have no choice but > to release this myself”. > > I absolutely did NOT want to. But what else is the community to do when > an open source library goes 5+ years between releases??? > > Melloware > @melloware on GitHub > > > On Apr 20, 2022, at 8:09 PM, Matt Sicker <boa...@gmail.com> wrote: > > > > I don’t see why that couldn’t have been done here. There’s no need to > fork Commons projects when they’re fairly open to contributors. > > > > — > > Matt Sicker > > > >> On Apr 20, 2022, at 16:19, Melloware Inc <melloware...@gmail.com> > wrote: > >> > >> It was supposed to be temporary until Apache released 2.0. It’s been > over 5 years since last beanutils release so it’s a good thing I did in my > opinion. > >> > >> Melloware > >> @melloware on GitHub > >> > >>>> On Apr 20, 2022, at 3:31 PM, Gary Gregory <garydgreg...@gmail.com> > wrote: > >>> > >>> You are crearting jar hell by reusing the Apache package names under > >>> different Maven coordinates. Not a good idea IMO. > >>> > >>> Gary > >>> > >>>>> On Wed, Apr 20, 2022, 15:27 Melloware <melloware...@gmail.com> > wrote: > >>>> > >>>> I did not the package names are the same I did this because I had > >>>> multiple clients complaining about Commons Beantutils 1.9.4 security > >>>> vulnerabilities and needed a public version of the code so it could be > >>>> scanned. Whenever the REAL BeanUtils2 is ever released to Maven > Central > >>>> my clients can simply change their pom.xml back to org.apache versions > >>>> and they are a drop in. > >>>> > >>>> > >>>>> On 4/20/2022 2:26 PM, sebb wrote: > >>>>> On Wed, 20 Apr 2022 at 18:54, Melloware <melloware...@gmail.com> > wrote: > >>>>>> And and I have forked it and deployed to Maven Central > >>>>>> > >>>>>> <dependency> > >>>>>> <groupId>com.melloware</groupId> > >>>>>> <artifactId>commons-beanutils2</artifactId> > >>>>>> <version>2.0.0</version> > >>>>>> </dependency> > >>>>>> > >>>>> Did you change the package names? > >>>>> > >>>>> If not, there will be problems in the future if a project depends on > >>>>> both via different dependencies. > >>>>> > >>>>>> On 4/20/2022 10:12 AM, Xeno Amess wrote: > >>>>>>> Well I wonder should we give melloware ( > https://github.com/melloware) > >>>> a > >>>>>>> committer permission. > >>>>>>> > >>>>>>> Since: > >>>>>>> > >>>>>>> 1. he has quite some experience here, not a fresh hand. > >>>>>>> > >>>>>>> 2. he has ability to write/review good codes.(already several > thousands > >>>>>>> lines in common-beanutils). > >>>>>>> > >>>>>>> 3. he has enough time and interest to refine beanutils. (This is > the > >>>> most > >>>>>>> important, as it seems no committers want to develop beanutils...) > >>>>>>> > >>>>>>> Any thoughts? > >>>>>>> > >>>>>>> Gary Gregory <garydgreg...@gmail.com> 于2022年4月20日周三 21:00写道: > >>>>>>> > >>>>>>>> There isn't one; we are all volunteers here ;-) > >>>>>>>> > >>>>>>>> There is probably clean up to do, PRs, Jiras, releasing and > synching > >>>> with > >>>>>>>> Commons Collections 4.5 first (probably). > >>>>>>>> > >>>>>>>> Gary > >>>>>>>> > >>>>>>>> On Wed, Apr 20, 2022, 07:21 Martin Aldrin > >>>>>>>> <martin.ald...@ericsson.com.invalid> wrote: > >>>>>>>> > >>>>>>>>> Hi, > >>>>>>>>> > >>>>>>>>> I wonder what the time plan for release of beanutils2 is. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> /Martin > >>>>>>>>> > >>>>>> > --------------------------------------------------------------------- > >>>>>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >>>>>> For additional commands, e-mail: dev-h...@commons.apache.org > >>>>>> > >>>>> --------------------------------------------------------------------- > >>>>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >>>>> For additional commands, e-mail: dev-h...@commons.apache.org > >>>>> > >>>> > >>>> --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >>>> For additional commands, e-mail: dev-h...@commons.apache.org > >>>> > >>>> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >> For additional commands, e-mail: dev-h...@commons.apache.org > >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
