On Nov 10, 2013, at 11:47 AM, Rainer Jung <[email protected]> wrote:
> On 10.11.2013 00:56, Jeremy Boynes wrote: >> I'd like to release Apache Tomcat Standard Taglib 1.2.0. >> >> This would be the first release in many years, and the first release of an >> implementation of JSTL 1.2. >> >> Maven Staging Repository: >> https://repository.apache.org/content/repositories/orgapachetomcat-110 >> >> Source Distribution: >> https://repository.apache.org/content/repositories/orgapachetomcat-110/org/apache/taglibs/taglibs-standard/1.2.0/ >> >> SVN tag: >> https://svn.apache.org/repos/asf/tomcat/taglibs/standard/tags/taglibs-standard-1.2.0 >> @ r1540426 >> >> KEYS: https://svn.apache.org/repos/asf/tomcat/trunk/KEYS >> >> The proposed 1.2.0 release is" >> [X] Broken - do not release >> [] OK - release as 1.2.0 > > Don't panic, the only show stopper I saw was that likely your javadoc is > vulnerable for CVE-2013-1571. This should be trivially fixable by > building/releasing with a more current JDK 7 (anything newer than > 1.7.0_21, which is exactly the one your were using). Or update to maven > javadoc plugin 2.9.1. The current tag of the Apache parent pom still > references 2.9, only trunk is at 2.9.1. > > See: > > http://jira.codehaus.org/browse/MJAVADOC-370 > https://issues.apache.org/jira/browse/MPOM-46 > > I have a couple of additional remarks though, all based on a very formal > test of the release. Most should be trivial to fix, so if you start > another release cycle, it would be nice to get rid of some of them. I > haven't actually used the artifacts. I have taken a go at addressing these in trunk and have deployed a SNAPSHOT of that here: https://repository.apache.org/content/repositories/snapshots/org/apache/taglibs/taglibs-standard/1.2.1-SNAPSHOT/ Could you take a look and see if there is anything else? I did update the README files related to building, including use of the apache-release profile: $ mvn -Papache-release install to build a local copy of the artifacts. Thanks Jeremy
signature.asc
Description: Message signed with OpenPGP using GPGMail
