On Tue, Nov 28, 2017 at 10:40 AM, Brian Fox <bri...@infinity.nu> wrote:
> Hi Gary, this was an issue in 2014 that Ryan Berg helped get fixed: > https://issues.apache.org/jira/browse/XALANJ-2435 (It looks like you were > working with him on the threads when I searched my archives) > The important part is that we released the fix in 2.7.2 :-) Gary > > On Tue, Nov 28, 2017 at 10:28 AM, Gary Gregory <garydgreg...@gmail.com> > wrote: > > > On Tue, Nov 28, 2017 at 10:22 AM, Brian Fox <bri...@infinity.nu> wrote: > > > > > > > > > > > Not so long ago Sonatype as a commercial entity was openly hostile > to > > > > > this project. > > > > Reference? > > > > > I am sorry if that sounds harsh, but personally I am not going to > do > > > > > anything to advance commercial interests of an unfriendly company. > > > > That's your prerogative, of course, but Peter doesn't necessarily > > > > represent his company nor the other way round. > > > > Peter, any committer can call for a release of any version/branch of > > any > > > > project at any time. You can help by providing (non-binding) voting > > > > feedback for any release proposed. If this community has a cold > > attitude > > > > toward your employer, you can suggest to your employer that they > > attempt > > > > to reach-out to this community in order to repair that relationship. > > > > > > > > > Hi Oleg, I was really caught off guard by your assertion and am sorry > you > > > feel that way. I'm one of the co-founders and CTO at Sonatype and I > can't > > > ever recall a time where anyone was hostile towards http client. > > > > > > I am still actively involved at Apache, through the Maven PMC, Creadur > > and > > > RAT PMCs and at Infra. We have many other developers who are > contributors > > > and PMC members of various Apache projects. Sonatype the company > sponsors > > > Apache through Infra donations and still provides the Central > repository > > > for everyone to use. We've also helped report vulnerabilities that are > > > uncovered in our research and our CSO even fixed a Xalan vulnerability > > > since there were no devs left on the project. > > > > > > > Is there a JIRA for that Xalan issue? I am on the Xalan PMC and while my > > FOSS TODO list is long, I might be able to help at some point. > > > > Gary > > > > > > > In short, I believe Sonatype and our developers have a healthy and > happy > > > relationship with Apache in general. If you believe otherwise, I'd be > > happy > > > to chat with you off list to understand your concerns. > > > > > > --Brian > > > > > >