Is there anyway to test the keys before we deploy? We have issues in the past with new keys and verifying the packages when the docker images are built.
Thanks, Rod. > > On Oct 24, 2023, at 9:06 AM, Richard Zowalla <r...@apache.org> wrote: > > Added to https://dist.apache.org/repos/dist/release/tomee/KEYS > >> Am Dienstag, dem 24.10.2023 um 08:54 -0500 schrieb Jonathan S. Fisher: >> pasted here: >> >> -----BEGIN PGP PUBLIC KEY BLOCK----- >> >> mJMEV5tUvhMFK4EEACMEIwQBDFKWRWNFys17LQRo18NBQ0cJk9HitooLx1k3dGTA >> G2By4TUnNYaR/ranOPJ47IRVr/1E0DBy9RKayUDNFElly6kAfhn/ALMmdv68cet9 >> GWkNjV/DwEGmtdXnhuGxXioxN1XkoJJNbjDCBEzx/mDDIna7w3jE2v28bXYP9kfv >> aLgvUdK0J0pvbmF0aGFuIFMuIEZpc2hlciA8ZXhhYnJpYWxAZ21haWwuY29tPoja >> BBMTCgA+AhsBBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEEhxY4ohp/LDgGZHFC >> AwajVDNrTw0FAloq3hgFCQWj6loACgkQAwajVDNrTw2uBwIJASDBvmAQDW59SVMf >> HZ27HF6CeH1OQM6fdKxfSGZmwZXBp45MsZjzO5cXh1cuJgA1jm72Wblh7PNjAxzl >> 9lD4Q2o0AgkBJYXTSjXnH395kY//RPzsuibRj4Xzdx2Riwa22h6Nl/TFf1xoFDDZ >> /9CBP7sNvBpSh4ZohSwr5aYCLxObxvsF/B+I2gQTEwoAPgULCQgHAgYVCAkKCwIE >> FgIDAQIeAQIXgAUJDxWK5RYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJi12J8AhsD >> AAoJEAMGo1Qza08N2hoCCQGJD79oA4k1FDY+cStkLQS8QkvTpS8xZScNRKwIW1lv >> uBKrHpfzYa7RHFh6rdbW5D+07+pNvNBg8o03+h+vr4ezqQIJAUwYTOJZlBIXeujf >> 4LngH6C0Hc6bb0FtdMh9bHC82Iv7KSIlXcq8PZgrkWMADUu0yeJhLPXQXBzvnejC >> z6dlmR9uiNgEExMKAD4CGwEFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQSHFjii >> Gn8sOAZkcUIDBqNUM2tPDQUCYtdhegUJDxWK5QAKCRADBqNUM2tPDXbsAgjQhVzd >> OuT6ZSo+3wXUQjl3scKnSPrzFDimknaZw6Zo0MYpnClY8wSTiYKrmgyUgQ8aQVlB >> +A3R1NUa/BfhRWyB3QIIjd1IFc8MosTtO3odKhbfmBWsLjKPjupRm6buZWBVNmtE >> mkY86nmp+vbrjFFYR5gQYa5pY045gXikw86aGUSpv3iI2AQTEwoAPgIbAQULCQgH >> AgYVCAkKCwIEFgIDAQIeAQIXgBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJhC/Oj >> BQkNMwXlAAoJEAMGo1Qza08N994CB1IAohe6KsGMKJx6ucfvv7bKfqU+BUaS0m6c >> CsSDea7wNFFuqK7+21QcJqTyAgIcIsgtkizDqTWQRr5az/l98Q2AAgifl3v+6sJH >> zisMQffJ9S7C0BKN7vbkmyg+2PxW0Mnvsvr2s34NOmdOTav+jdK4RFrH9bO4UI2H >> uqb5oBWOCmaf2IjZBBMTCgA+BQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQkJZTvo >> FiEEhxY4ohp/LDgGZHFCAwajVDNrTw0FAl1eDRACGwMACgkQAwajVDNrTw10zQII >> yVoClrNxQ/D4szu3XhJ9PXPyVelg3TPWpngxPLSvtPcBTrmM88nYCjsYr2YkZm7F >> KVn0TfxpafDCp3+c0vmXrdwCCQEA3lZ0TMbS6g1qVjr8tP/LcclUl9EcTQBhwrMz >> ptaKpK5KbwIGqCH/8osk1xBA3sTCCZidQ1DDWR8PDtLtkyv5mYjZBBMTCgA+AhsB >> BQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEEhxY4ohp/LDgGZHFCAwajVDNrTw0F >> Al0+b/YFCQllO+gACgkQAwajVDNrTw03OwIJAetmR3/nyb7FGWX9a47CgH/4itKa >> J3wET5QXNBT0G9oJYMBLMpbfchaSaodc2B2ZoGJLE8193CVDjWpVQTpX1Q+aAgjn >> gqkOqPGRSGBbf4oJjsCCxNd1BQDptepfIxLPnJr9n9LWXhFQJ6m1dX0TYhXqwF+c >> InjN/G8QtQ6K5M09dg0T44jZBBMTCgAnBQJXm1S+AhsBBQkDwmcABQsJCAcCBhUI >> CQoLAgQWAgMBAh4BAheAACEJEAMGo1Qza08NFiEEhxY4ohp/LDgGZHFCAwajVDNr >> Tw1yfwIGMWuJgOMUPEsOMpKowBo5H0hZ+7FXB9pSJO4tw2JR2lmCNlS7dL8BSUg6 >> 8iuUFNLuACPYv3yREYwtWgPHMI/9M/ICCQGLN09dQYTesY5Ivd1YGDdY7WQSoYwo >> wQm0ggBKH6myPOa/SLizr5o1glhYEfusgLaOYDa9v8FPIIiW0vOWHp6RIYjcBBMT >> CgBBBQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQkPFYrlAhkBFiEEhxY4ohp/LDgG >> ZHFCAwajVDNrTw0FAmU1ZXcCGwEACgkQAwajVDNrTw1kSAIIiTKmmWLKGT6/pEFe >> A+4Nrfm9O7KRRGB7xThijjOKXjHYi2n38fYjod/1oWHFI9h2YRsCiBKF6LDQ6f6L >> i0cCpbQCCQE9u7C6xrf/139K+KrN31c9BoMx+L/jDcMErzk+lT1O3HbeoXtiKWX6 >> WD6t/AvqHfvEkg34h1dd8I+2/MzfQ+Ml0oihBBATCgAGBQJadScvAAoJEFdOlh1P >> 9inBYDwCCQGMrDpimY/uwGoixIwHeca14nCWtCatfyuqX67pMUhNSGGDVmoSEAdS >> mJ6OhGM2jzqG2qzdAuOxH9tMu8WswAetkQIIhd02g0k2h8fPAQb0G7DSJyUCogQS >> PC8ZP1KrHFJ4gbt+8EJRDC2K7GnEn0MoMnlQCJflc6bB0qgYkdceTq28kQmIuAQQ >> EwoAHRYhBKiwEqxbUFuB2WVeFek/s8oe5jeGBQJbY9mZAAoJEOk/s8oe5jeGpFYC >> COHHPH2dYN7UgbSjo10XQUbZmnCWYLbVUp85QpX4SfcELJiWpTDeIA+yx/l1oA5q >> YOxrnUVoqU7DqlX8q+axXXVCAgkBXjEWxhj7U1dX09WdLjMt0IacphezlXyatDXs >> HQfAgkA7vvP+rYlhA0Wj0ZFSGX6ITUZ33vtElf9YZBN1RtMFmdKI3AQTEwoAQQUL >> CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAIZAQUJEPa+ZRYhBIcWOKIafyw4BmRxQgMG >> o1Qza08NBQJlNX/GAhsBAAoJEAMGo1Qza08NpvkCCIEyKQ4n6erY/9g10YKXZwEK >> UjDXr2EsCCcXSGHjoU14xyMtAYA+mfhF4xv6KnubHGQOQn2EfCvsagnYCJJXX0Kc >> AgkBeGP8Js90a1BvZ7cFV6JL8vMsp7HYhsjSZSy/y2HxpFtsnBTi4WJ1PbViN8aK >> KpABSPhR4u4ACNBYfDjPzhKUjOGI3QQTEwoAQQULCQgHAgYVCAkKCwIEFgIDAQIe >> AQIXgAUJDxWK5QIbAxYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJkrYWJAhkBAAoJ >> EAMGo1Qza08N6wsCCQHyd3RKJE4X2HyY2fx6tmRkBtj9eMiupsMZMa2brctqQ/zX >> j+lKxC21H99mfoVS6VFpyM7ipIaSmzc+Xa9ZwLIM0QIJARNw2zzOe7Pdmkkvsrxv >> 5Dyp3qsX40tGuok3S2R/xPQ2npvs1SpHQUX6VYqqFwPtsxDssgfq9U3xHAj3mDct >> el5ziN0EExMKAEEFCwkIBwIGFQgJCgsCBBYCAwECHgECF4ACGQEFCRD2vmUWIQSH >> FjiiGn8sOAZkcUIDBqNUM2tPDQUCZTV+DgIbAwAKCRADBqNUM2tPDRNJAgkBA2dX >> HkNTZ+XLKLTdVwcTTV9YUbN0xvjTdAE2ioxIpF9PolZ8xjKFTIHSuOjn65O9NBZi >> hYFD3mPDTwoIZY5xLKMCCQHDFKa1G5SXndrTA3ZYF99m/38Py4x7WpQdLwosJIe3 >> EsHkbRShpOxOJ8tSTCgl/fbQbXySUTZ4dtRDQd+PamJ5HrQvSm9uYXRoYW4gUy4g >> RmlzaGVyIDxleGFicmlhbCtlY2xpcHNlQGdtYWlsLmNvbT6I2QQTEwoAPhYhBIcW >> OKIafyw4BmRxQgMGo1Qza08NBQJkrYWJAhsDBQkPFYrlBQsJCAcCBhUKCQgLAgQW >> AgMBAh4BAheAAAoJEAMGo1Qza08NzA0CCLZ3s9y1hMPWSSEuuqPtvU8s4+MLuI+t >> aVGCq3Oe7fOrM9C9SkIK5gYLNSgm2ucM/Qz0UmMRQMt7yFPbbpj5CiTEAgkBg7GS >> 565j0SQYMJD2A8xJLy68K70TN8J4dE6DOFTbEH++z7UcdSbTJdaEh7nhhNnQS9px >> /yPw+gQZz3NUFCOJW8aI2QQTEwoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX >> gBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNWvGBQkQ9r5lAAoJEAMGo1Qza08N >> QhECCQFmodrh64RuDR2t4H1ne+zLQUOxlkM6JO8BC8s/nSS8CGJdPi0rpRQCliiM >> RgCkbIUdbmBFzx28r7KIabwKBTE+HAIHfeUtjs1wzN6r4qKLscAIDr/p75FvaOYi >> u7AQYLTIamdSbOBXd731koJro7t9q3JVZPiL2s3KAXCjxHAfYz9w7E20J0pvbmF0 >> aGFuIFMuIEZpc2hlciA8amZpc2hlckBhcGFjaGUub3JnPojaBBMTCgA+FiEEhxY4 >> ohp/LDgGZHFCAwajVDNrTw0FAmU1V3QCGwMFCQ8ViuUFCwkIBwIGFQoJCAsCBBYC >> AwECHgECF4AACgkQAwajVDNrTw30jwIJASdHa+NzU2uObSBwFvNE2ee9ybppHyz4 >> UUjnlJPFlIq96jTH+F5CaLDNdLWVTjqxFwKioxqyzV5M/j3WwacOaJ4pAgkB2kPI >> lc+TYMtxSiCxOEvdv1N9K81U0gopOhaKCUOR2zijh5Oor9PWT6JGRBb+soYsJN65 >> rsfRiWyhMgwwiPlxbQmI2QQTEwoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX >> gBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNWvGBQkQ9r5lAAoJEAMGo1Qza08N >> fYQCBRdnOvBBhop8FuZxv2h3i2J7dxSaIXi5mt82EpHIVnElENuA0n9eJfYE6AyX >> go39MnHRb3mWaFMsbrwEk4R63nwSAgkBsOP9gMNn43p85xCvPfvqaMeUcFCtRrgb >> 7MSEDDQBdhF1eMGTttfujwpz/sKwc9YR6K8LUvpDrv4E7eIbIQwxzvi4bwRXm1Uv >> EwUrgQQAIgMDBEgqj2iDPClSIPOk6iARFYD7hMsdZG8rto1sKz0Y4bed1ushUqQO >> MKs2EB4owrTZNCCjwWc/73UIC2GF9MsDfrlvWhbXflqmNlBuyjDbvEQJqcjOassV >> 8CTuypP8A58j44kBQQQYEwoAJgIbAhYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJd >> Xg7CBQkFy63CAIoJEAMGo1Qza08NfyAEGRMJAAYFAlebVS8ACgkQNBblQhq5rGBm >> FQGAlQdk/wWnQBH9Ngbw5sF/NLc+AoAXH0sEfeKCQEQlbpyeyY8gjyXxxGPgQWQV >> YykjAYCtoKc2mwj65XHI1HSpokNSpD/0si5WefHsrwg1HfAiNJ6bRwjYx2G8C5Ye >> +qRlzq26UQIJATPSxwz7kP4mBp3ktX/nSj1VaZNO//Wz03ij/Hbgy+ctD1bF/cLg >> IJ9YQlqUPY6XR5ZRxbps30A9BrfFeryEekruAgjU7o53MPXjNPQQICqjTg6C5Pq8 >> A6HnGt4GKg59GwtWj+w7FFnDBxkxTUGsu9jTaipOn5Rz2pONPGXu7N25VEDb+7hz >> BFebVZYSBSuBBAAiAwMEtxtCjT1dG+sKZCq1YrL/RCjiGngEC53EoWSKtV8xOV3/ >> J0F0R2w5MI+MxovpHcKYNIF6gtr8LMrACbaNK/be3Pmg6Sji/cbtNzNdQO2XF0EW >> OOGfl3nUzCtnl7jyHCo1AwEJCYjABBgTCgAmAhsMFiEEhxY4ohp/LDgGZHFCAwaj >> VDNrTw0FAmU1XjEFCRDtsYsACgkQAwajVDNrTw3cegIHfrcTHHTeVKY/8D/tRJyQ >> fApIKz77u54996bgZBvcnzX/bXoA/FR26nBhMptw3PjCAYDOgPIPITAgVDSmkxmg >> JmMCCMrXtr98Ol7mKJfRDoWmGE++m/XlU5mz5J/XX1e0mhq/WXOMI3apE/fJ+FTF >> +/4s646I0MrlcIruMiFmpi2oxoH7uG8EV5tVzRMFK4EEACIDAwQjHqSreOLWs/FW >> O5Rpb1W5nJrfv5bXbeV5UfTzw+A6fq9rIorVMhchGApxRfSMIOcXLXuhk0yoUPlh >> TRwEGZveBTXkoSYSWWIDllQBNZ/a91f0QyTIxcR312ppCewzPyiIwQQYEwoAJgIb >> IBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNV5JBQkQ7YLiAAoJEAMGo1Qza08N >> xJYCCOpTXah+2r20hsQCHYhwpgGkRzT0KWyO6NeTzFZvUFTiAWbqYg7CyXztsVBn >> 0cCqjRtFATS2QeJL1sUcjwxhN3BBAgkBB3qOlUuVC9skeUEus4QzM07uSTTiicUZ >> /i9ifDuYt1ujM/QtV4CsICKpyWs4NDdEsssLJ8SzqM9eFAlqnocatI+4bwRlNWUI >> EwUrgQQAIgMDBLP99mJt/J4jBP4CjORKeKpjxRN6sj02/8IS8LeLRYbUJzSkubqh >> SQ19rQBxu6vBOVgVCTpLLfY/31cw5RsLa5On0wuhEn3KtXTtEJZ4kLHsD+dJX4Ux >> imVW5vaQ8skA24kBVwQYEwoAJhYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNWUI >> AhsCBQkDwmcAAKEJEAMGo1Qza08NliAEGRMJAB0WIQS11zr9EsR/oJTH1IT5dcJ7 >> sXr2sQUCZTVlCAAKCRD5dcJ7sXr2sRO0AX9+nni0M/NhMLCvkwyyO6au+0wBXtRk >> sav2zdLMHUJnGhzW7IebTZHBdLYV8bH/WpIBfinshcGugAErswVDg40rGp39hUFG >> 17Ayi5P9hSLc4JNwQqFppoRr40+tPKyDUOVyuCKuAgiwtGUSRYNccVnGrwvy9Qff >> +XIkQXpWrpHbNIxkmWLxh2p3ZhBJBFTyXzfiHXySquFF427JfmBZ6j4N2fBykpON >> CQIHRxmTg3wOCOoM0HVhvEG5lsjHWGCHW12P7UzY5dkLExG+lGLvK9TSEKupGuNQ >> Ecwv7rh7ke+e7+0UC6B0mY7yJtSJAVcEGBMKACYCGwIWIQSHFjiiGn8sOAZkcUID >> BqNUM2tPDQUCZTVr4gUJA1OpAAChCRADBqNUM2tPDZYgBBkTCQAdFiEEtdc6/RLE >> f6CUx9SE+XXCe7F69rEFAmU1ZQgACgkQ+XXCe7F69rETtAF/fp54tDPzYTCwr5MM >> sjumrvtMAV7UZLGr9s3SzB1CZxoc1uyHm02RwXS2FfGx/1qSAX4p7IXBroABK7MF >> Q4ONKxqd/YVBRtewMouT/YUi3OCTcEKhaaaEa+NPrTysg1DlcrhkeAIHSX0cWOGH >> EHDY4/lDeQUT6CzdkrK4EoLv5GtwbqTIG8knGjX+jWsIA3c11vtuq5nCl30+tTPY >> 3F74/CTdimP0+c4CCPfukMGeA1iwD/7oqRVzs+ULbXdZjqiNFl6fR6j0uvs99r6l >> 9T3ugXY9lBQhvQ3zoYvTzJoX4P2i1P1L2CS6HwiG >> =AdHB >> -----END PGP PUBLIC KEY BLOCK----- >> >> >>> On Sun, Oct 22, 2023 at 11:35 PM Richard Zowalla >>> <rich...@zowalla.com> wrote: >>> >>> The list doesn't allow attachments, so maybe add it as plain text >>> (or put it into a gist) >>> >>> Gruß >>> Richard >>> >>> >>> Am 22. Oktober 2023 21:48:22 MESZ schrieb "Jonathan S. Fisher" >>> <jfis...@apache.org>: >>>> Attached! Thank you! >>>> >>>> On Sat, Oct 21, 2023 at 7:42 PM Richard Zowalla >>>> <rich...@zowalla.com> wrote: >>>>> >>>>> Just send it in the required ascii armored format via your >>>>> apache mail (or via die web ui on lists.apache.org after login. >>>>> >>>>> I can take care of it. >>>>> >>>>> >>>>> Am 22. Oktober 2023 01:05:53 MESZ schrieb "Jonathan S. Fisher" >>>>> <exabr...@gmail.com>: >>>>>> Richard thanks. Anyone on this thread able to add me to the >>>>>> KEYS file? >>>>>> I'd like to give this a roll :) >>>>>> >>>>>> cheers, >>>>>> >>>>>> >>>>>> On Thu, Oct 19, 2023 at 7:12 AM Jamie Johnson >>>>>> <jej2...@gmail.com> wrote: >>>>>>> >>>>>>> Just checking in on this. Anything the community can do to >>>>>>> facilitate the >>>>>>> release? >>>>>>> >>>>>>> On Tue, Oct 17, 2023 at 9:58 AM Richard Zowalla >>>>>>> <rich...@zowalla.com> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> see https://tomee.apache.org/dev/release-tomee.html >>>>>>>> >>>>>>>> Might be beneficial to join the ASF slack with your >>>>>>>> apache.org mail. >>>>>>>> >>>>>>>> Starting the VOTE, moving artifacts to release area as >>>>>>>> well as updating >>>>>>>> https://downloads.apache.org/tomee/KEYS needs to be done >>>>>>>> by a PMC member. >>>>>>>> >>>>>>>> Gruß >>>>>>>> Richard >>>>>>>> >>>>>>>> Am 17. Oktober 2023 15:50:33 MESZ schrieb "Jonathan S. >>>>>>>> Fisher" < >>>>>>>> exabr...@gmail.com>: >>>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>>>> Hash: SHA512 >>>>>>>>> >>>>>>>>> ello other TomEE committers :) >>>>>>>>> >>>>>>>>> If I wanted to cut 8.0.16, how do I do that? My >>>>>>>>> personal GPG key is >>>>>>>>> 871638A21A7F2C38066471420306A354336B4F0D. I'll sign >>>>>>>>> this text block to >>>>>>>>> prove I have control of my key. >>>>>>>>> >>>>>>>>> Thank you! >>>>>>>>> -----BEGIN PGP SIGNATURE----- >>>>>>>>> >>>>>>>>> iLkEARMKAB0WIQSHFjiiGn8sOAZkcUIDBqNUM2tPDQUCZS6RIAAKCRA >>>>>>>>> DBqNUM2tP >>>>>>>>> DYahAgkBNYn+LlIdFttvNW6KAJXHgNEQxmjJ6ALb7VaaEdqAXjMNxwg >>>>>>>>> lLQQQVOVY >>>>>>>>> NtRxRj5nHDOXUVqwLjftisxyNnAkx50CCQHYbqySGYuWOxMdS8jsDGA >>>>>>>>> 2/UjTp0ib >>>>>>>>> RkLoChrMvppzIK5GOvd0UyBKmrvG3dkzJwQllPZ3EYvNZfLyl+/K5oO >>>>>>>>> shg== >>>>>>>>> =d0gl >>>>>>>>> -----END PGP SIGNATURE----- >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Sat, Oct 14, 2023 at 6:12 AM Jamie Johnson >>>>>>>>> <jej2...@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>> Looks like tomcat 9.0.82 was released! >>>>>>>>>> >>>>>>>>>> On Wed, Oct 11, 2023 at 12:54 PM Jamie Johnson >>>>>>>>>> <jej2...@gmail.com> >>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Looks right to me as well. Thanks Richard! >>>>>>>>>>> >>>>>>>>>>> On Wed, Oct 11, 2023 at 12:45 PM Richard Zowalla >>>>>>>>>>> <rich...@zowalla.com >>>>>>>>> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> I think we are running into >>>>>>>>>>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=67664 >>>>>>>>>>>> >>>>>>>>>>>> This requires 9.0.82 to become available. >>>>>>>>>>>> >>>>>>>>>>>> They are already voting: >>>>>>>>>>>> >>>>>>>>>>>> https://lists.apache.org/thread/qro48x3xnvhvvxxv3h >>>>>>>>>>>> wnqnnsrrry773j >>>>>>>>>>>> >>>>>>>>>>>> After 9.0.82 becomes available, we are most >>>>>>>>>>>> likely in a good shape to >>>>>>>>>>>> start a release >>>>>>>>>>>> >>>>>>>>>>>> Gruß >>>>>>>>>>>> Richard >>>>>>>>>>>> >>>>>>>>>>>> Am 11. Oktober 2023 18:14:09 MESZ schrieb Richard >>>>>>>>>>>> Zowalla < >>>>>>>>>>>> rich...@zowalla.com>: >>>>>>>>>>>>> It seems the Tomcat upgrade breaks some >>>>>>>>>>>>> connection pool related >>>>>>>> tests. >>>>>>>>>>>>> >>>>>>>>>>>>> I guess we need to check our integration code >>>>>>>>>>>>> to fix it: >>>>>>>>>>>> >>>>>>>> https://ci-builds.apache.org/job/Tomee/job/tomee-8.x-build-full-java8/lastCompletedBuild/testReport/ >>>>>>>>>>>>> >>>>>>>>>>>>> So if anyone wants to dig, feel free. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Am 11. Oktober 2023 16:56:27 MESZ schrieb Jamie >>>>>>>>>>>>> Johnson < >>>>>>>>>>>> jej2...@gmail.com>: >>>>>>>>>>>>>> There are other vulnerabilities (pulled from >>>>>>>>>>>>>> https://osv.dev/) >>>>>>>> that >>>>>>>>>>>> can be >>>>>>>>>>>>>> addressed, but need to be reviewed. The >>>>>>>>>>>>>> format below is dependency >>>>>>>>>>>>>> current_version (fix_version). >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.httpcomponents:httpclient 4.2.2 >>>>>>>>>>>>>> (>= 4.5.13) >>>>>>>>>>>>>> GHSA-2x83-r56g-cv47 (4.2.3), GHSA-7r82-7xv7- >>>>>>>>>>>>>> xcpj >>>>>>>>>>>>>> (4.5.13), GHSA-fmj5-wv96-r2ch (4.3.6), GHSA- >>>>>>>>>>>>>> cfh5-3ghh-wfjx (4.3.5) >>>>>>>>>>>>>> >>>>>>>>>>>>>> xalan:xalan 2.7.2 (2.7.3) >>>>>>>>>>>>>> GHSA-9339-86wc-4qgf (2.7.3) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.commons:commons-compress 1.14 >>>>>>>>>>>>>> (>=1.24.0) >>>>>>>>>>>>>> GHSA-hrmr-f5m6-m9pq (1.18), GHSA-xqfj-vm6h- >>>>>>>>>>>>>> 2x34 (1.22), >>>>>>>>>>>> GHSA-h436-432x-8fvx >>>>>>>>>>>>>> (1.16), GHSA-crv7-7245-f45f (1.21), GHSA- >>>>>>>>>>>>>> mc84-pj99-q6hh >>>>>>>>>>>>>> (1.21), GHSA-7hfm-57qf-j43q (1.21), GHSA- >>>>>>>>>>>>>> cgwf-w82q-5jrr (1.24.0) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.eclipse.jetty:jetty-server >>>>>>>>>>>>>> 9.4.49.v20220914 (9.4.51.v20230217) >>>>>>>>>>>>>> GHSA-qw69-rqj8-6qw8 (9.4.51.v20230217), GHSA- >>>>>>>>>>>>>> p26g-97m4-6q7c >>>>>>>>>>>>>> (9.4.51.v20230217) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.eclipse.jetty:jetty-http 9.4.49.v20220914 >>>>>>>>>>>>>> (>=9.4.53) >>>>>>>>>>>>>> GHSA-hmr7-m48g-48f6 (9.4.52), GHSA-wgh7-54f2- >>>>>>>>>>>>>> x98r (9.4.53) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.eclipse.jetty:jetty-servlets >>>>>>>>>>>>>> 9.4.49.v20220914 (9.4.53) >>>>>>>>>>>>>> GHSA-3gh6-v5v9-6v9j (9.4.53) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.sshd:sshd-core 2.1.0 (>=2.10.0) >>>>>>>>>>>>>> GHSA-9279-7hph-r3xw (2.7.0), GHSA-fhw8-8j55- >>>>>>>>>>>>>> vwgq >>>>>>>>>>>>>> (2.9.2), GHSA-mjmq-gwgm-5qhm (2.10.0) >>>>>>>>>>>>>> >>>>>>>>>>>>>> com.google.code.gson:gson 2.2.4 (2.8.9) >>>>>>>>>>>>>> GHSA-4jrv-ppp4-jm57 (2.8.9) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.webjars:handlebars 1.2.1 (4.7.7) >>>>>>>>>>>>>> GHSA-f2jv-r9rf-7988 (4.7.7) >>>>>>>>>>>>>> >>>>>>>>>>>>>> org.apache.ivy:ivy 2.3.0 (>= 2.5.2) >>>>>>>>>>>>>> GHSA-wv7w-rj2x-556x (2.5.1), GHSA-2jc4-r94c- >>>>>>>>>>>>>> rp7h (2.5.2) >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, Oct 11, 2023 at 6:49 AM Jamie Johnson >>>>>>>>>>>>>> <jej2...@gmail.com> >>>>>>>>>>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> How deep down the rabbit hole should the >>>>>>>>>>>>>>> dependency checks >>>>>>>> normally >>>>>>>>>>>> go? >>>>>>>>>>>>>>> Looks like the big ones I was tracking with >>>>>>>>>>>>>>> security updates were >>>>>>>>>>>> done. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> johnzon 1.2.21 >>>>>>>>>>>>>>> tomcat 9.0.81 >>>>>>>>>>>>>>> bouncy castle 1.76 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Still poking around a bit but there’s >>>>>>>>>>>>>>> obviously a lot. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Wed, Oct 11, 2023 at 2:09 AM Richard >>>>>>>>>>>>>>> Zowalla <r...@apache.org >>>>>>>>> >>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> In theory, every committer can act as >>>>>>>>>>>>>>>> release manager. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> There are some steps in the process, >>>>>>>>>>>>>>>> which requires PMC karma, >>>>>>>> though >>>>>>>>>>>>>>>> (such as adding a key to the KEYS file, >>>>>>>>>>>>>>>> moving stuff to the >>>>>>>> release >>>>>>>>>>>> are >>>>>>>>>>>>>>>> on SVN, start the VOTE, etc.). >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> The process is documented here: [1] >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> That being said: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I am currently planning to start the >>>>>>>>>>>>>>>> release process for TomEE >>>>>>>> 9.1.1 >>>>>>>>>>>>>>>> within this week. Due to the Tomcat >>>>>>>>>>>>>>>> security issues released >>>>>>>>>>>> yesterday, >>>>>>>>>>>>>>>> we need to do some backporting, which >>>>>>>>>>>>>>>> will consume additional >>>>>>>> time. >>>>>>>>>>>> (It >>>>>>>>>>>>>>>> just interrupted my preparations, so it >>>>>>>>>>>>>>>> needs additional CI / >>>>>>>> TCK >>>>>>>>>>>>>>>> cycles) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> A release usally consumes around 1-3 >>>>>>>>>>>>>>>> hours of work. Mostly >>>>>>>> because >>>>>>>>>>>> you >>>>>>>>>>>>>>>> have to wait for stuff being build or to >>>>>>>>>>>>>>>> run some basic sanity >>>>>>>> checks >>>>>>>>>>>>>>>> before starting and to not forget any >>>>>>>>>>>>>>>> step. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> What would really help for a TomEE 8.0.16 >>>>>>>>>>>>>>>> is to carefully >>>>>>>> re-check >>>>>>>>>>>> the >>>>>>>>>>>>>>>> current dependencies for important 3rd >>>>>>>>>>>>>>>> party dependencies (and >>>>>>>> update >>>>>>>>>>>>>>>> if needed. Note: Each update or bunch of >>>>>>>>>>>>>>>> updates shouldn't >>>>>>>> break the >>>>>>>>>>>>>>>> build. A full build on CI takes around 4- >>>>>>>>>>>>>>>> 8 hours) on that >>>>>>>> branch, >>>>>>>>>>>> build >>>>>>>>>>>>>>>> it locally and conduct some sanity checks >>>>>>>>>>>>>>>> (for example: same >>>>>>>> lib in >>>>>>>>>>>>>>>> different versions in /lib -> check and >>>>>>>>>>>>>>>> fix) with the created >>>>>>>>>>>>>>>> tar.gz/zip files. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> This is one of the steps, which usually >>>>>>>>>>>>>>>> consumes a lot of time. >>>>>>>> If >>>>>>>>>>>> you >>>>>>>>>>>>>>>> want to give it a try, I am happy to help >>>>>>>>>>>>>>>> out for the steps >>>>>>>> which >>>>>>>>>>>>>>>> require PMC involvement. Otherwise, I >>>>>>>>>>>>>>>> might find some time in >>>>>>>> the >>>>>>>>>>>> next >>>>>>>>>>>>>>>> week to start a release of 8.0.16 - just >>>>>>>>>>>>>>>> let me know and I can >>>>>>>> plan >>>>>>>>>>>> my >>>>>>>>>>>>>>>> time accordingly ;-) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Gruß >>>>>>>>>>>>>>>> Richard >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> [1] >>>>>>>>>>>>>>>> https://tomee.apache.org/dev/release-tomee.html >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Am Dienstag, dem 10.10.2023 um 17:56 - >>>>>>>>>>>>>>>> 0500 schrieb Jonathan S. >>>>>>>>>>>> Fisher: >>>>>>>>>>>>>>>>> Jean-Louis, are there directions >>>>>>>>>>>>>>>>> anywhere? Not promising >>>>>>>> anything >>>>>>>>>>>> :) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Tue, Oct 10, 2023 at 5:22 PM Jean- >>>>>>>>>>>>>>>>> Louis Monteiro >>>>>>>>>>>>>>>>> <jlmonte...@tomitribe.com> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Whomever is committer can do it. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I was just trying to give you an >>>>>>>>>>>>>>>>>> honest reply regarding my >>>>>>>>>>>>>>>>>> availabilities >>>>>>>>>>>>>>>>>> and give visibility to the rest of >>>>>>>>>>>>>>>>>> the community and the >>>>>>>> other >>>>>>>>>>>>>>>>>> committers >>>>>>>>>>>>>>>>>> at the same time. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hope it helps. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Le mar. 10 oct. 2023, 23:27, Jamie >>>>>>>>>>>>>>>>>> Johnson < >>>>>>>> jej2...@gmail.com> a >>>>>>>>>>>>>>>>>> écrit : >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I’m not sure what that entails or >>>>>>>>>>>>>>>>>>> who would go about >>>>>>>> doing it. >>>>>>>>>>>> Is >>>>>>>>>>>>>>>>>>> it a >>>>>>>>>>>>>>>>>>> community or contributor driven >>>>>>>>>>>>>>>>>>> thing? >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Tue, Oct 10, 2023 at 3:25 PM >>>>>>>>>>>>>>>>>>> Jean-Louis Monteiro < >>>>>>>>>>>>>>>>>>> jlmonte...@tomitribe.com> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> I think most of the energy is >>>>>>>>>>>>>>>>>>>> currently on TomEE 9 and >>>>>>>> the >>>>>>>>>>>> new >>>>>>>>>>>>>>>>>>>> TomEE 10. >>>>>>>>>>>>>>>>>>>> I've also noticed some Tomcat CVE >>>>>>>>>>>>>>>>>>>> today if I remember >>>>>>>>>>>>>>>>>>>> correctly. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> I'm all hands on TomEE 10 >>>>>>>>>>>>>>>>>>>> currently because we need to >>>>>>>> fill >>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>> feature >>>>>>>>>>>>>>>>>>>> gaps on all implementations. So >>>>>>>>>>>>>>>>>>>> speaking about myself, >>>>>>>> not >>>>>>>>>>>> sure >>>>>>>>>>>>>>>>>>>> I can >>>>>>>>>>>>>>>>>>>> trigger a build and deliver the >>>>>>>>>>>>>>>>>>>> whole process in the >>>>>>>> next >>>>>>>>>>>>>>>>>>>> couple of days >>>>>>>>>>>>>>>>>>> or >>>>>>>>>>>>>>>>>>>> weeks. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> If someone can do it, I'm happy >>>>>>>>>>>>>>>>>>>> to review, test and >>>>>>>> vote on >>>>>>>>>>>> the >>>>>>>>>>>>>>>>>>>> release. >>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>> Jean-Louis Monteiro >>>>>>>>>>>>>>>>>>>> http://twitter.com/jlouismonteiro >>>>>>>>>>>>>>>>>>>> http://www.tomitribe.com >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Tue, Oct 10, 2023 at 5:48 PM >>>>>>>>>>>>>>>>>>>> Jamie Johnson >>>>>>>>>>>>>>>>>>>> <jej2...@gmail.com> wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Is there a timeline for the >>>>>>>>>>>>>>>>>>>>> release of 8.0.16? There >>>>>>>> are a >>>>>>>>>>>>>>>>>>>>> few >>>>>>>>>>>>>>>>>>> security >>>>>>>>>>>>>>>>>>>>> issues associated with johnzon >>>>>>>>>>>>>>>>>>>>> that we’d like to >>>>>>>> leverage >>>>>>>>>>>>>>>>>>>>> while we >>>>>>>>>>>>>>>>>>>> migrate >>>>>>>>>>>>>>>>>>>>> to a newer version of TomEE. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Jonathan | exabr...@gmail.com >>>>>>>>> Pessimists, see a jar as half empty. Optimists, in >>>>>>>>> contrast, see it as >>>>>>>>> half full. >>>>>>>>> Engineers, of course, understand the glass is twice as >>>>>>>>> big as it needs to >>>>>>>> be. >>>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Jonathan | exabr...@gmail.com >>>>>> Pessimists, see a jar as half empty. Optimists, in contrast, >>>>>> see it as >>>>>> half full. >>>>>> Engineers, of course, understand the glass is twice as big as >>>>>> it needs to be. >
