fwiw I would also be -1 due to the known CVE addressed in 3.6 but not here: https://github.com/apache/zookeeper/pull/1246
Norbert as RM can you pull this in to branch-3.5 and the next RC? Patrick On Fri, Feb 7, 2020 at 10:14 AM Norbert Kalmar <[email protected]> wrote: > Thanks Damien! > > -1 from me for this rc1. > > I'll start working on rc2! Damien already fixed the mentioned issue, I'll > review and test. > I tested my modification for the missing files (ZOOKEEPER-3718), my main > issue is to use apache-release profile just like in master, or fix up the > assembly for source tarball. I lean toward adding apache-release profile to > 3.5 as well. Only difference I've noticed is NOTICE and LICENSE file > getting duplicated (both with file extension and without in filename). > Anyone has any preference for this? Fix assembly descriptor for 3.5 source > tarball or add apache-release profile (which will generate the source > tarball to parent's target folder). > I'll go with adding apache-release unless someone disagrees. > > Regards, > Norbert > > > On Fri, Feb 7, 2020 at 5:43 PM Damien Diederen <[email protected]> > wrote: > > > > > Hi Norbert, all, > > > > Norbert wrote: > > > p.s.: These are pretty easy fixes to include/exclude the files Eniroc > > > mentioned, so on second thought probably worth fixing and do an rc2. > > > I'll create a jira and start to work on it. We'll see if anything else > > > comes up or how the vote goes. > > > > I'm afraid something else came up! (Sorry about that…) > > > > I don't know if the C client is supposed to block 3.5.7, but I have > > noticed (and, hopefully, fixed) a few compilation issues: > > > > https://issues.apache.org/jira/browse/ZOOKEEPER-3719 > > https://github.com/apache/zookeeper/pull/1249 > > > > With these in, the C client builds and passes tests. > > > > Cheers, -D > > >
