Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
On 10/7/21 11:17, ste...@eissing.org wrote: > Then I close the vote and start pushing the release. > > Thanks for everyone to participate here on such a short notice! > Well gee ... that was far too fast for me to catch! I guess I will just go get the production release. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
+1 on Slackware64 -current Alex > On Oct 7, 2021, at 09:17, ste...@eissing.org wrote: > > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [ ] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz > sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 > *httpd-2.4.51-rc1.tar.gz > sha512: > 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 > *httpd-2.4.51-rc1.tar.gz > > The SVN candidate source is found at tags/candidate-2.4.51-rc1. > > Kind Regards, > Stefan
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
Then I close the vote and start pushing the release. Thanks for everyone to participate here on such a short notice! Kind Regards, Stefan > Am 07.10.2021 um 17:06 schrieb Joe Orton : > > ASF release policy [1] suggests that we have a >=72 hour voting period > for releases, but this is a "SHOULD" not a hard rule. Due to: > > a) the severity of the issue being fixed, and > > b) the extensive review and testing which the patch has received both > here and off-list, and > > c) the fact we already have sufficient binding votes on the release, > with no negative feedback either from PMC members or the community > > my recommendation as PMC Chair is that we close the vote now and ship > the update. Normal 72+ hour release votes must be resumed after this. > > Regards, Joe > > [1] https://www.apache.org/legal/release-policy.html >
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
+1 Cent6/7/8 Ubuntu 20.04 Thanks, Cory McIntire PO – cPanel Security Team Release Manager – EasyApache cPanel / WebPros From: ste...@eissing.org Date: Thursday, October 7, 2021 at 8:17 AM To: dev@httpd.apache.org Subject: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51 Hi all, due to found security weaknesses in our 2.4.50 release, the security team feels it is necessary to do a new release on very short notice. We will skip the usual 3 day voting period and close the vote once we feel comfortable with our testing. Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days^h^h^h^hhours to release this candidate tarball httpd-2.4.51-rc1 as 2.4.51: [ ] +1: It's not just good, it's hopefully good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 *httpd-2.4.51-rc1.tar.gz sha512: 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 *httpd-2.4.51-rc1.tar.gz The SVN candidate source is found at tags/candidate-2.4.51-rc1. Kind Regards, Stefan
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
ASF release policy [1] suggests that we have a >=72 hour voting period for releases, but this is a "SHOULD" not a hard rule. Due to: a) the severity of the issue being fixed, and b) the extensive review and testing which the patch has received both here and off-list, and c) the fact we already have sufficient binding votes on the release, with no negative feedback either from PMC members or the community my recommendation as PMC Chair is that we close the vote now and ship the update. Normal 72+ hour release votes must be resumed after this. Regards, Joe [1] https://www.apache.org/legal/release-policy.html
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
On Thu, Oct 7, 2021 at 3:17 PM ste...@eissing.org wrote: > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: +1 on Debian 10 and 11. Thanks Stefan!
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
+1 looks ok on Windows On Thursday 07/10/2021 at 15:17, ste...@eissing.org wrote: Hi all, due to found security weaknesses in our 2.4.50 release, the security team feels it is necessary to do a new release on very short notice. We will skip the usual 3 day voting period and close the vote once we feel comfortable with our testing. Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days^h^h^h^hhours to release this candidate tarball httpd-2.4.51-rc1 as 2.4.51: [ ] +1: It's not just good, it's hopefully good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 *httpd-2.4.51-rc1.tar.gz sha512: 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 *httpd-2.4.51-rc1.tar.gz The SVN candidate source is found at tags/candidate-2.4.51-rc1. Kind Regards, Stefan
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
On Thu, Oct 7, 2021 at 9:17 AM ste...@eissing.org wrote: > > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [ ] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. +1 AIX/xlc/ppc64
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
On Thu, Oct 07, 2021 at 03:17:36PM +0200, ste...@eissing.org wrote: > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [X] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz > sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 > *httpd-2.4.51-rc1.tar.gz > sha512: > 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 > *httpd-2.4.51-rc1.tar.gz +1 for release, tested on Fedora 34 and RHEL8. Regards, Joe
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
On 10/7/21 3:17 PM, ste...@eissing.org wrote: > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [ ] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz > sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 > *httpd-2.4.51-rc1.tar.gz > sha512: > 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 > *httpd-2.4.51-rc1.tar.gz > > The SVN candidate source is found at tags/candidate-2.4.51-rc1. > +1 on RedHat 8 Regards Rüdiger
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
> Am 07.10.2021 um 15:17 schrieb ste...@eissing.org: > > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [ ] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz > sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 > *httpd-2.4.51-rc1.tar.gz > sha512: > 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 > *httpd-2.4.51-rc1.tar.gz > > The SVN candidate source is found at tags/candidate-2.4.51-rc1. > > Kind Regards, > Stefan +1 on macOS.
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
+1 on Fedora 34 On 2021/10/07 13:17:36, "ste...@eissing.org" wrote: > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [ ] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz > sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 > *httpd-2.4.51-rc1.tar.gz > sha512: > 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 > *httpd-2.4.51-rc1.tar.gz > > The SVN candidate source is found at tags/candidate-2.4.51-rc1. > > Kind Regards, > Stefan
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
+1 on Debian 11 ste...@eissing.org schrieb am Do., 7. Okt. 2021, 15:17: > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will > skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [ ] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz > sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 > *httpd-2.4.51-rc1.tar.gz > sha512: > 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 > *httpd-2.4.51-rc1.tar.gz > > The SVN candidate source is found at tags/candidate-2.4.51-rc1. > > Kind Regards, > Stefan
[VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
Hi all, due to found security weaknesses in our 2.4.50 release, the security team feels it is necessary to do a new release on very short notice. We will skip the usual 3 day voting period and close the vote once we feel comfortable with our testing. Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days^h^h^h^hhours to release this candidate tarball httpd-2.4.51-rc1 as 2.4.51: [ ] +1: It's not just good, it's hopefully good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 *httpd-2.4.51-rc1.tar.gz sha512: 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 *httpd-2.4.51-rc1.tar.gz The SVN candidate source is found at tags/candidate-2.4.51-rc1. Kind Regards, Stefan
