I have noticed a bunch of security jiras recently, we should take care of at least some of these. I think historically we haven't been super good with the security stuff, and it'd be great if we could change it.
-Flavio > On 03 Mar 2016, at 18:28, Chris Nauroth <[email protected]> wrote: > > I forgot to mention that one issue I consider an absolute must is > ZOOKEEPER-2342: ZooKeeper cannot write logs, because there is no SLF4J > binding available on the runtime classpath. It won't be acceptable to > produce a release where the server side doesn't produce any logging out of > the box unless an admin deploys an extra SLF4J binding jar. The path > forward is to migrate to Log4J 2, but I have not yet found a solution that > perfectly replicates the behavior we had with Log4J 1. If this gets stuck > too much longer, then I'm going to suggest reverting ZOOKEEPER-1371, which > introduced the regression. > > ZOOKEEPER-2024 is in my review queue too for consideration of whether or > not to include in 3.5.2-alpha. > > --Chris Nauroth > > > > > On 3/3/16, 10:18 AM, "Patrick Hunt" <[email protected]> wrote: > >> We have 5 PA blockers and 8 PA critical issues. Perhaps we can whittle >> down all/most of these? >> https://issues.apache.org/jira/issues/?filter=12334684 >> Any in particular that folks feel strongly about? >> >> On the flip side it would be good to get a new release out into folks >> hands. Unless we have a regression from 3.5.1 perhaps we should do >> 3.5.2 sooner rather than later? >> >> Alex also made a proposal recently around ZOOKEEPER-2024 that we >> should make a call on. It would be good if the RM (and the rest of the >> community) provided direction. >> >> Patrick >> >> On Thu, Mar 3, 2016 at 10:12 AM, Chris Nauroth <[email protected]> >> wrote: >>> This link shows issues currently fixed for 3.5.2: >>> >>> https://s.apache.org/n2C6 >>> >>> This link shows issues still open targeted to 3.5.2: >>> >>> https://s.apache.org/nORc >>> >>> I had been planning to kick off the release process for a 3.5.2-alpha >>> candidate right around now, but after reviewing these lists, I'm >>> inclined >>> to defer it a few more weeks while we work down more blockers. What do >>> others think? >>> >>> On a related note, thank you to Patrick for the recent JIRA clean-up. >>> >>> --Chris Nauroth >>> >> >
