Well, what do you think Jacques? Are each of these appropriate things
to put in a release branch? Are any of them things that you'd like
done but that aren't really bug fixes (IMO a security hole is a bug
fix of sorts)?
-David
On Apr 15, 2009, at 12:32 AM, Jacques Le Roux wrote:
Before voting I'd like to clarify some points. As we previously
agreed we should not put anything but bugs fixes in a freezed
branches.
But I think that we need to finish the secured URLs job. For me this
means to :
* Fix the URL calling services in FTL files (I will open a Jira
issue for this as soons as I will come with a tool to make all
references clear, we can't rely on chance here)
* Treat the secured URLs exception
https://issues.apache.org/jira/browse/OFBIZ-2272
* I suggested to process targets with params in forms : look for
<<form(.*)target=(.*)\?(.*)=(.*)>> and <<form.(*)\R(.*)target=(.*)\?
(.*)=(.*)>>, what about this ?
* Not related to securing URL but as we already discussed, I'd like
to test, and if OK, replace location="org.ofbiz. by
location="component:// in controllers
That's all I see for the moment. So my opinion is that we need to
commit this changes in the new branche, before or after its
creation. Then I will vote.
Jacques
From: "David E Jones" <david.jo...@hotwaxmedia.com>
Today is the day we have discussed for a while! A lot of
improvements and fixes have gone in over the last few weeks, but
it is important to remember that the release branch is primarily
time-based and is a "line in the sand" as it were to begin the
effort of stabilizing a specific code base so that end-users who
want stability over features have that option. Some things make it
in, and other things don't make it, and that is true no matter
when we draw the line (but we don't want to delay it forever).
What we have in place it a HUGE improvement over the release4.0
branch, and that is the most important point to keep in mind.
Along with that there is a planned press release coordinated with
the Apache Software Foundation Public Relations Committee (that's
a mouthful! no wonder we use acronyms like: ASF PRC) for tomorrow
morning (Wed 15 April).
That said, the target date/time for the release branch is later
tonight (and when I say tonight I mean according to USA time, just
to clarify). To follow the date pattern we have discussed and make
it clearly a date I'm thinking of the actual name for the branch
directory to be "release200904" (and please feel free to comment
on that if you think something else is better).
However, that I will only do that IFF we have a positive vote for
the release, hence this message!
Please vote:
[+1] Create the release branch tonight, April 14th (it will be
April 15th for GMT-0)
[+0] Abstain
[-1] Do not create the release branch tonight
Please remember that everyone is free to (and encouraged to!)
vote, but only the PMC votes are binding.
Thanks to everyone who has made this possible with amazing
contributions over the last 2 years, and a heightened activity in
recent weeks and months to make this a spectacular release.
-David