+1 (non-binding) if we clearly state it is not usable in production (the bval security issue the fork didnt fix), -1 (still not binding) otherwise
Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://rmannibucau.metawerx.net/> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book <https://www.packtpub.com/application-development/java-ee-8-high-performance> Le mar. 16 oct. 2018 à 08:22, Jean-Louis Monteiro <jlmonte...@tomitribe.com> a écrit : > Yes totally agree on the approach. > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com > > > On Tue, Oct 16, 2018 at 1:17 AM David Blevins <david.blev...@gmail.com> > wrote: > > > > On Oct 14, 2018, at 5:13 PM, Roberto Cortez > <radcor...@yahoo.com.INVALID> > > wrote: > > > > > > Unfortunately, I was not able to add my key to the KEYS files. I > believe > > someone on the PMC needs to do it, but I did upload it to > > http://pgp.mit.edu/ <http://pgp.mit.edu/>, where Nexus checks for the > > keys when closing the repo. Here is the direct url: > > http://pgp.mit.edu/pks/lookup?op=vindex&search=0x3D4683C24EDC64D1< > > http://pgp.mit.edu/pks/lookup?op=vindex&search=0x3D4683C24EDC64D1> > > > > Your key should be in there now. > > > > Thanks for the release, Roberto! > > > > I think the key thing for us is to verify that the legal files are > correct. > > > > As long as that checks out, it's totally ok and smart to publish a > release > > for the purposes of getting feedback and flushing out performance issues > > like the one Thomas found. I actually think attempting to go for a final > > as the first release of a major version is an anti-pattern. Not because > it > > doesn't sound awesome, just because in 18+ years I've never seen it be > > faster or more stable than releasing milestones or betas at first > > opportunity. > > > > > > -David > > > > >