Re: build hangs at mdb tests

[Romain Manni-Bucau]

Mea culpa, here is a patch fixing it:
https://gist.github.com/rmannibucau/dcbb36349364f45ede42 (can't commit
it now but feel free to do it for me)



Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau


2014-05-13 2:31 GMT+02:00 Thiago Veronezi :
> Hi Romain,
>
> It looks like the build is hanging at CustomMdbContainerTest after the
> changes listed here...
> http://ci.apache.org/builders/tomee-trunk-ubuntu/builds/61
>
> Any idea?
>
> []s,
> Thiago

Re: Apache TomEE 1.6.0.2

[Jean-Louis Monteiro]

Thanks so much Andy

--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com


On Mon, May 12, 2014 at 9:22 AM, Andy Gumbrecht wrote:

>
>  Apache TomEE 1.6.0.2 Released!
>
> Apache TomEE is happy to announce the security related release of Apache
> TomEE 1.6.0.2  which is still
> based on Apache Tomcat 7.0.53  tomcat-7.0-doc/index.html> - The principal focus of this release is to
> provide an update to CXF version 2.6.14, which fixes several security
> issues.
>
> Complete details of the issues that have been fixed can be found at the
> following link:
>
> http://cxf.apache.org/security-advisories.html
>
> The stability of the continuous integration (CI) build can be seen here:
> http://ci.apache.org/builders/tomee-1.6.0.2-ubuntu
>
> The Apache TomEE Release 1.6.0.2 files can be found here:
>
> http://tomee.apache.org/downloads.html
>
> A complete Changelog  html> can be viewed here:
>
> tomee-1.6.0.2-release-notes.html  tomee-1.6.0.2-release-notes.html>
>
> Please inform anyone you think may interested in this news by email,
> twitter, facebook, google+, pinterest
> Your support is very much appreciated!
>
> Andy.
>
> --
>   Andy Gumbrecht
>
>   http://www.tomitribe.com
>   agumbre...@tomitribe.com
>   https://twitter.com/AndyGeeDe
>
>   TomEE treibt Tomitribe! | http://tomee.apache.org
>
>

Re: default tomee credentials (WAS: [VOTE] TomEE 1.6.0.2...)

[Romain Manni-Bucau]

In TomcatWebAppBuilder (pointer in my first answer)

See
http://mail-archives.apache.org/mod_mbox/openejb-commits/201210.mbox/%3c20121008162359.ddb492388...@eris.apache.org%3Eand
all is detailed here
https://issues.apache.org/jira/plugins/servlet/mobile#issue/TOMEE-450
Le 13 mai 2014 02:14, "David Blevins"  a écrit :

> I don't recall discussing adding users outside of those configured in the
> tomee-users.xml.  Where in code do we do this?
>
>
> -David
>
> On May 12, 2014, at 1:15 PM, Romain Manni-Bucau 
> wrote:
>
> > yep since default profile is development. You can find details back on
> > the list but basically default are dev and tools friendly. Security is
> > only on when you are no more in profile dev.
> >
> > Actually having tomee/tomee user in memory db is less dangerous than
> > having openejb internal app deployed. Both are deactivated in not dev
> > profile normally.
> >
> >
> > Romain Manni-Bucau
> > Twitter: @rmannibucau
> > Blog: http://rmannibucau.wordpress.com/
> > LinkedIn: http://fr.linkedin.com/in/rmannibucau
> > Github: https://github.com/rmannibucau
> >
> >
> > 2014-05-12 22:06 GMT+02:00 David Blevins :
> >> So if an administrator wanted to disable all users and did so by
> commenting them out from the tomcat-users.xml file, would we then add users
> and open access back up? (speaking of course of our default actions)
> >>
> >>
> >> -David
> >>
> >> On May 12, 2014, at 9:58 AM, Romain Manni-Bucau 
> wrote:
> >>
> >>> the point was if we don't do it by default some tools would have been
> >>> broken by default like the webapp.
> >>>
> >>> BTW if you remove the memorydatabase of server.xml or if you define
> >>> any user we don't do it (see public void start(final StandardServer
> >>> server) in TomcatWebAppBuilder)
> >>>
> >>>
> >>> Romain Manni-Bucau
> >>> Twitter: @rmannibucau
> >>> Blog: http://rmannibucau.wordpress.com/
> >>> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> >>> Github: https://github.com/rmannibucau
> >>>
> >>>
> >>> 2014-05-12 18:25 GMT+02:00 Thiago Veronezi :
>  Oh... I didn't know about that. I probably missed that discussion.
> 
>  imo, it looks dangerous. It means that commenting out all the
> credentials
>  from "tomee-users.xml" changes the default tomcat behavior one
> expects to
>  see.
> 
>  []s,
>  Thiago.
> 
> 
> 
> 
> 
> 
>  On Mon, May 12, 2014 at 11:16 AM, Romain Manni-Bucau
>  wrote:
> 
> > Hi
> >
> > since some times (think it is 1.6.0 but not sure) tomee:tomee user is
> > added automatically by default. -Dopenejb.profile=prod to get rid of
> > it
> >
> >
> > Romain Manni-Bucau
> > Twitter: @rmannibucau
> > Blog: http://rmannibucau.wordpress.com/
> > LinkedIn: http://fr.linkedin.com/in/rmannibucau
> > Github: https://github.com/rmannibucau
> >
> >
> > 2014-05-12 16:25 GMT+02:00 Thiago Veronezi :
> >> Guys,
> >>
> >> Sorry for the late notice, but can you verify this? It looks like
> the
> >> server completely ignores the fact that the default "tomee"
> credentials
> > are
> >> commented out in "tomcat-users.xml".
> >>
> >> How to test?
> >>
> >
> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/apache-tomee-1.6.0.2-plus.tar.gz
> >>
> >
> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/tomee-webaccess-1.6.0.2.war
> >>
> >> * Install webaccess
> >> * try to access it with tomee/tomee. You should not be able because
> the
> >> credentials are commented out.
> >> * Now remove it completely and let the "tomcat-users" list empty.
> You are
> >> again able to access it with tomee/tomee
> >> * Now set...
> >>
> >> 
> >> 
> >> 
> >> 
> >>
> >> ... and try to access it with "tomee/tomee". It finally blocks the
> > access.
> >> It will only with with "tomee/tomis".
> >>
> >> I'm not able to check or fix this right now. Feel free to
> investigate it.
> >>
> >> []s,
> >> Thiago.
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Mon, May 12, 2014 at 9:31 AM, David Blevins <
> david.blev...@gmail.com
> >> wrote:
> >>
> >>> My +1.
> >>>
> >>>
> >>> --
> >>> David Blevins
> >>> http://twitter.com/dblevins
> >>> http://www.tomitribe.com
> >>>
> >>> On May 6, 2014, at 2:29 PM, Andy Gumbrecht <
> agumbre...@tomitribe.com>
> >>> wrote:
> >>>
>  Hi Everyone,
> 
>  I have rolled out the 1.6.0.2 security release for a vote.
> 
>  The *only *difference to 1.6.0.1 is an upgrade to CXF 2.6.14 to
> fix
> > the
> >>> 2014 (that's the year not the count) security issues found here:
>  http://cxf.apache.org/security-advisories.html
> 
>  SVN Tag:
> 
>  https://svn.apache.org/repos/asf/tomee/tomee/tags/tomee-1.6.0.2/
> >>>

Re: 1.6.0.2-plus

[Jean-Louis Monteiro]

It should not be synchronized again.
Apache mirror and all stuff takes a bit of time to get synchronized.

Apologize for that.

JLouis

--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com


On Mon, May 12, 2014 at 4:30 PM, Chuck Davis  wrote:

> Click on the link and get a "Not Found" reply.
>

build hangs at mdb tests

[Thiago Veronezi]

Hi Romain,

It looks like the build is hanging at CustomMdbContainerTest after the
changes listed here...
http://ci.apache.org/builders/tomee-trunk-ubuntu/builds/61

Any idea?

[]s,
Thiago

Re: default tomee credentials (WAS: [VOTE] TomEE 1.6.0.2...)

[Romain Manni-Bucau]

yep since default profile is development. You can find details back on
the list but basically default are dev and tools friendly. Security is
only on when you are no more in profile dev.

Actually having tomee/tomee user in memory db is less dangerous than
having openejb internal app deployed. Both are deactivated in not dev
profile normally.


Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau


2014-05-12 22:06 GMT+02:00 David Blevins :
> So if an administrator wanted to disable all users and did so by commenting 
> them out from the tomcat-users.xml file, would we then add users and open 
> access back up? (speaking of course of our default actions)
>
>
> -David
>
> On May 12, 2014, at 9:58 AM, Romain Manni-Bucau  wrote:
>
>> the point was if we don't do it by default some tools would have been
>> broken by default like the webapp.
>>
>> BTW if you remove the memorydatabase of server.xml or if you define
>> any user we don't do it (see public void start(final StandardServer
>> server) in TomcatWebAppBuilder)
>>
>>
>> Romain Manni-Bucau
>> Twitter: @rmannibucau
>> Blog: http://rmannibucau.wordpress.com/
>> LinkedIn: http://fr.linkedin.com/in/rmannibucau
>> Github: https://github.com/rmannibucau
>>
>>
>> 2014-05-12 18:25 GMT+02:00 Thiago Veronezi :
>>> Oh... I didn't know about that. I probably missed that discussion.
>>>
>>> imo, it looks dangerous. It means that commenting out all the credentials
>>> from "tomee-users.xml" changes the default tomcat behavior one expects to
>>> see.
>>>
>>> []s,
>>> Thiago.
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Mon, May 12, 2014 at 11:16 AM, Romain Manni-Bucau
>>> wrote:
>>>
 Hi

 since some times (think it is 1.6.0 but not sure) tomee:tomee user is
 added automatically by default. -Dopenejb.profile=prod to get rid of
 it


 Romain Manni-Bucau
 Twitter: @rmannibucau
 Blog: http://rmannibucau.wordpress.com/
 LinkedIn: http://fr.linkedin.com/in/rmannibucau
 Github: https://github.com/rmannibucau


 2014-05-12 16:25 GMT+02:00 Thiago Veronezi :
> Guys,
>
> Sorry for the late notice, but can you verify this? It looks like the
> server completely ignores the fact that the default "tomee" credentials
 are
> commented out in "tomcat-users.xml".
>
> How to test?
>
 https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/apache-tomee-1.6.0.2-plus.tar.gz
>
 https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/tomee-webaccess-1.6.0.2.war
>
> * Install webaccess
> * try to access it with tomee/tomee. You should not be able because the
> credentials are commented out.
> * Now remove it completely and let the "tomcat-users" list empty. You are
> again able to access it with tomee/tomee
> * Now set...
>
> 
>  
>  
> 
>
> ... and try to access it with "tomee/tomee". It finally blocks the
 access.
> It will only with with "tomee/tomis".
>
> I'm not able to check or fix this right now. Feel free to investigate it.
>
> []s,
> Thiago.
>
>
>
>
>
>
> On Mon, May 12, 2014 at 9:31 AM, David Blevins  wrote:
>
>> My +1.
>>
>>
>> --
>> David Blevins
>> http://twitter.com/dblevins
>> http://www.tomitribe.com
>>
>> On May 6, 2014, at 2:29 PM, Andy Gumbrecht 
>> wrote:
>>
>>> Hi Everyone,
>>>
>>> I have rolled out the 1.6.0.2 security release for a vote.
>>>
>>> The *only *difference to 1.6.0.1 is an upgrade to CXF 2.6.14 to fix
 the
>> 2014 (that's the year not the count) security issues found here:
>>> http://cxf.apache.org/security-advisories.html
>>>
>>> SVN Tag:
>>>
>>> https://svn.apache.org/repos/asf/tomee/tomee/tags/tomee-1.6.0.2/
>>>
>>> Maven Repo:
>>>
>>>
 https://repository.apache.org/content/repositories/orgapachetomee-1016
>>>
>>> Binaries & Source:
>>>
>>>
 https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/
>>>
>>> The vote will be open for 72 hours or as needed.
>>>
>>> Thanks for your time,
>>>
>>> Andy.
>>>
>>> --
>>> Andy Gumbrecht
>>>
>>> http://www.tomitribe.com
>>> agumbre...@tomitribe.com
>>> https://twitter.com/AndyGeeDe
>>>
>>> TomEE treibt Tomitribe! |http://tomee.apache.org
>>>
>>
>>

>

Re: default tomee credentials (WAS: [VOTE] TomEE 1.6.0.2...)

[David Blevins]

I don't recall discussing adding users outside of those configured in the 
tomee-users.xml.  Where in code do we do this?


-David

On May 12, 2014, at 1:15 PM, Romain Manni-Bucau  wrote:

> yep since default profile is development. You can find details back on
> the list but basically default are dev and tools friendly. Security is
> only on when you are no more in profile dev.
> 
> Actually having tomee/tomee user in memory db is less dangerous than
> having openejb internal app deployed. Both are deactivated in not dev
> profile normally.
> 
> 
> Romain Manni-Bucau
> Twitter: @rmannibucau
> Blog: http://rmannibucau.wordpress.com/
> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> Github: https://github.com/rmannibucau
> 
> 
> 2014-05-12 22:06 GMT+02:00 David Blevins :
>> So if an administrator wanted to disable all users and did so by commenting 
>> them out from the tomcat-users.xml file, would we then add users and open 
>> access back up? (speaking of course of our default actions)
>> 
>> 
>> -David
>> 
>> On May 12, 2014, at 9:58 AM, Romain Manni-Bucau  
>> wrote:
>> 
>>> the point was if we don't do it by default some tools would have been
>>> broken by default like the webapp.
>>> 
>>> BTW if you remove the memorydatabase of server.xml or if you define
>>> any user we don't do it (see public void start(final StandardServer
>>> server) in TomcatWebAppBuilder)
>>> 
>>> 
>>> Romain Manni-Bucau
>>> Twitter: @rmannibucau
>>> Blog: http://rmannibucau.wordpress.com/
>>> LinkedIn: http://fr.linkedin.com/in/rmannibucau
>>> Github: https://github.com/rmannibucau
>>> 
>>> 
>>> 2014-05-12 18:25 GMT+02:00 Thiago Veronezi :
 Oh... I didn't know about that. I probably missed that discussion.
 
 imo, it looks dangerous. It means that commenting out all the credentials
 from "tomee-users.xml" changes the default tomcat behavior one expects to
 see.
 
 []s,
 Thiago.
 
 
 
 
 
 
 On Mon, May 12, 2014 at 11:16 AM, Romain Manni-Bucau
 wrote:
 
> Hi
> 
> since some times (think it is 1.6.0 but not sure) tomee:tomee user is
> added automatically by default. -Dopenejb.profile=prod to get rid of
> it
> 
> 
> Romain Manni-Bucau
> Twitter: @rmannibucau
> Blog: http://rmannibucau.wordpress.com/
> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> Github: https://github.com/rmannibucau
> 
> 
> 2014-05-12 16:25 GMT+02:00 Thiago Veronezi :
>> Guys,
>> 
>> Sorry for the late notice, but can you verify this? It looks like the
>> server completely ignores the fact that the default "tomee" credentials
> are
>> commented out in "tomcat-users.xml".
>> 
>> How to test?
>> 
> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/apache-tomee-1.6.0.2-plus.tar.gz
>> 
> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/tomee-webaccess-1.6.0.2.war
>> 
>> * Install webaccess
>> * try to access it with tomee/tomee. You should not be able because the
>> credentials are commented out.
>> * Now remove it completely and let the "tomcat-users" list empty. You are
>> again able to access it with tomee/tomee
>> * Now set...
>> 
>> 
>> 
>> 
>> 
>> 
>> ... and try to access it with "tomee/tomee". It finally blocks the
> access.
>> It will only with with "tomee/tomis".
>> 
>> I'm not able to check or fix this right now. Feel free to investigate it.
>> 
>> []s,
>> Thiago.
>> 
>> 
>> 
>> 
>> 
>> 
>> On Mon, May 12, 2014 at 9:31 AM, David Blevins > wrote:
>> 
>>> My +1.
>>> 
>>> 
>>> --
>>> David Blevins
>>> http://twitter.com/dblevins
>>> http://www.tomitribe.com
>>> 
>>> On May 6, 2014, at 2:29 PM, Andy Gumbrecht 
>>> wrote:
>>> 
 Hi Everyone,
 
 I have rolled out the 1.6.0.2 security release for a vote.
 
 The *only *difference to 1.6.0.1 is an upgrade to CXF 2.6.14 to fix
> the
>>> 2014 (that's the year not the count) security issues found here:
 http://cxf.apache.org/security-advisories.html
 
 SVN Tag:
 
 https://svn.apache.org/repos/asf/tomee/tomee/tags/tomee-1.6.0.2/
 
 Maven Repo:
 
 
> https://repository.apache.org/content/repositories/orgapachetomee-1016
 
 Binaries & Source:
 
 
> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/
 
 The vote will be open for 72 hours or as needed.
 
 Thanks for your time,
 
 Andy.
 
 --
 Andy Gumbrecht
 
 http://www.tomitribe.com
 agumbre...@tomitribe.com
 https://twitter.com/AndyGeeDe
 
 TomEE treibt Tomitribe! |http://tomee.apache.org
>>

Re: 1.6.0.2-plus

[Chuck Davis]

Click on the link and get a "Not Found" reply.

Re: default tomee credentials (WAS: [VOTE] TomEE 1.6.0.2...)

[David Blevins]

So if an administrator wanted to disable all users and did so by commenting 
them out from the tomcat-users.xml file, would we then add users and open 
access back up? (speaking of course of our default actions)


-David

On May 12, 2014, at 9:58 AM, Romain Manni-Bucau  wrote:

> the point was if we don't do it by default some tools would have been
> broken by default like the webapp.
> 
> BTW if you remove the memorydatabase of server.xml or if you define
> any user we don't do it (see public void start(final StandardServer
> server) in TomcatWebAppBuilder)
> 
> 
> Romain Manni-Bucau
> Twitter: @rmannibucau
> Blog: http://rmannibucau.wordpress.com/
> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> Github: https://github.com/rmannibucau
> 
> 
> 2014-05-12 18:25 GMT+02:00 Thiago Veronezi :
>> Oh... I didn't know about that. I probably missed that discussion.
>> 
>> imo, it looks dangerous. It means that commenting out all the credentials
>> from "tomee-users.xml" changes the default tomcat behavior one expects to
>> see.
>> 
>> []s,
>> Thiago.
>> 
>> 
>> 
>> 
>> 
>> 
>> On Mon, May 12, 2014 at 11:16 AM, Romain Manni-Bucau
>> wrote:
>> 
>>> Hi
>>> 
>>> since some times (think it is 1.6.0 but not sure) tomee:tomee user is
>>> added automatically by default. -Dopenejb.profile=prod to get rid of
>>> it
>>> 
>>> 
>>> Romain Manni-Bucau
>>> Twitter: @rmannibucau
>>> Blog: http://rmannibucau.wordpress.com/
>>> LinkedIn: http://fr.linkedin.com/in/rmannibucau
>>> Github: https://github.com/rmannibucau
>>> 
>>> 
>>> 2014-05-12 16:25 GMT+02:00 Thiago Veronezi :
 Guys,
 
 Sorry for the late notice, but can you verify this? It looks like the
 server completely ignores the fact that the default "tomee" credentials
>>> are
 commented out in "tomcat-users.xml".
 
 How to test?
 
>>> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/apache-tomee-1.6.0.2-plus.tar.gz
 
>>> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/tomee-webaccess-1.6.0.2.war
 
 * Install webaccess
 * try to access it with tomee/tomee. You should not be able because the
 credentials are commented out.
 * Now remove it completely and let the "tomcat-users" list empty. You are
 again able to access it with tomee/tomee
 * Now set...
 
 
  
  
 
 
 ... and try to access it with "tomee/tomee". It finally blocks the
>>> access.
 It will only with with "tomee/tomis".
 
 I'm not able to check or fix this right now. Feel free to investigate it.
 
 []s,
 Thiago.
 
 
 
 
 
 
 On Mon, May 12, 2014 at 9:31 AM, David Blevins >>> wrote:
 
> My +1.
> 
> 
> --
> David Blevins
> http://twitter.com/dblevins
> http://www.tomitribe.com
> 
> On May 6, 2014, at 2:29 PM, Andy Gumbrecht 
> wrote:
> 
>> Hi Everyone,
>> 
>> I have rolled out the 1.6.0.2 security release for a vote.
>> 
>> The *only *difference to 1.6.0.1 is an upgrade to CXF 2.6.14 to fix
>>> the
> 2014 (that's the year not the count) security issues found here:
>> http://cxf.apache.org/security-advisories.html
>> 
>> SVN Tag:
>> 
>> https://svn.apache.org/repos/asf/tomee/tomee/tags/tomee-1.6.0.2/
>> 
>> Maven Repo:
>> 
>> 
>>> https://repository.apache.org/content/repositories/orgapachetomee-1016
>> 
>> Binaries & Source:
>> 
>> 
>>> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/
>> 
>> The vote will be open for 72 hours or as needed.
>> 
>> Thanks for your time,
>> 
>> Andy.
>> 
>> --
>> Andy Gumbrecht
>> 
>> http://www.tomitribe.com
>> agumbre...@tomitribe.com
>> https://twitter.com/AndyGeeDe
>> 
>> TomEE treibt Tomitribe! |http://tomee.apache.org
>> 
> 
> 
>>> 

Re: [VOTE] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[Jean-Louis Monteiro]

Thanks Andy.
Build and tck all green.
All other legal stuff as well.

So here is my +1

--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com


On Wed, May 7, 2014 at 1:08 AM, helio frota <00h...@gmail.com> wrote:

> +1
>
> ---
> http://eprogramming.github.io
>
>
>
> On Tue, May 6, 2014 at 6:42 PM, Jeff Genender 
> wrote:
>
> > +1
> >
> > Jeff
> >
> >
> > On May 6, 2014, at 3:29 PM, Andy Gumbrecht 
> > wrote:
> >
> > > Hi Everyone,
> > >
> > > I have rolled out the 1.6.0.2 security release for a vote.
> > >
> > > The *only *difference to 1.6.0.1 is an upgrade to CXF 2.6.14 to fix the
> > 2014 (that's the year not the count) security issues found here:
> > > http://cxf.apache.org/security-advisories.html
> > >
> > > SVN Tag:
> > >
> > > https://svn.apache.org/repos/asf/tomee/tomee/tags/tomee-1.6.0.2/
> > >
> > > Maven Repo:
> > >
> > > https://repository.apache.org/content/repositories/orgapachetomee-1016
> > >
> > > Binaries & Source:
> > >
> > >
> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/
> > >
> > > The vote will be open for 72 hours or as needed.
> > >
> > > Thanks for your time,
> > >
> > > Andy.
> > >
> > > --
> > >  Andy Gumbrecht
> > >
> > >  http://www.tomitribe.com
> > >  agumbre...@tomitribe.com
> > >  https://twitter.com/AndyGeeDe
> > >
> > >  TomEE treibt Tomitribe! |http://tomee.apache.org
> > >
> >
> >
>

Apache TomEE 1.6.0.2

[Andy Gumbrecht]

 Apache TomEE 1.6.0.2 Released!

Apache TomEE is happy to announce the security related release of Apache 
TomEE 1.6.0.2  which is still 
based on Apache Tomcat 7.0.53 
 - The principal 
focus of this release is to provide an update to CXF version 2.6.14, 
which fixes several security issues.


Complete details of the issues that have been fixed can be found at the 
following link:


http://cxf.apache.org/security-advisories.html

The stability of the continuous integration (CI) build can be seen here: 
http://ci.apache.org/builders/tomee-1.6.0.2-ubuntu


The Apache TomEE Release 1.6.0.2 files can be found here:

http://tomee.apache.org/downloads.html

A complete Changelog 
 can be viewed 
here:


tomee-1.6.0.2-release-notes.html 



Please inform anyone you think may interested in this news by email, 
twitter, facebook, google+, pinterest

Your support is very much appreciated!

Andy.

--
  Andy Gumbrecht

  http://www.tomitribe.com
  agumbre...@tomitribe.com
  https://twitter.com/AndyGeeDe

  TomEE treibt Tomitribe! | http://tomee.apache.org

Re: default tomee credentials (WAS: [VOTE] TomEE 1.6.0.2...)

[Romain Manni-Bucau]

the point was if we don't do it by default some tools would have been
broken by default like the webapp.

BTW if you remove the memorydatabase of server.xml or if you define
any user we don't do it (see public void start(final StandardServer
server) in TomcatWebAppBuilder)


Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau


2014-05-12 18:25 GMT+02:00 Thiago Veronezi :
> Oh... I didn't know about that. I probably missed that discussion.
>
> imo, it looks dangerous. It means that commenting out all the credentials
> from "tomee-users.xml" changes the default tomcat behavior one expects to
> see.
>
> []s,
> Thiago.
>
>
>
>
>
>
> On Mon, May 12, 2014 at 11:16 AM, Romain Manni-Bucau
> wrote:
>
>> Hi
>>
>> since some times (think it is 1.6.0 but not sure) tomee:tomee user is
>> added automatically by default. -Dopenejb.profile=prod to get rid of
>> it
>>
>>
>> Romain Manni-Bucau
>> Twitter: @rmannibucau
>> Blog: http://rmannibucau.wordpress.com/
>> LinkedIn: http://fr.linkedin.com/in/rmannibucau
>> Github: https://github.com/rmannibucau
>>
>>
>> 2014-05-12 16:25 GMT+02:00 Thiago Veronezi :
>> > Guys,
>> >
>> > Sorry for the late notice, but can you verify this? It looks like the
>> > server completely ignores the fact that the default "tomee" credentials
>> are
>> > commented out in "tomcat-users.xml".
>> >
>> > How to test?
>> >
>> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/apache-tomee-1.6.0.2-plus.tar.gz
>> >
>> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/tomee-webaccess-1.6.0.2.war
>> >
>> > * Install webaccess
>> > * try to access it with tomee/tomee. You should not be able because the
>> > credentials are commented out.
>> > * Now remove it completely and let the "tomcat-users" list empty. You are
>> > again able to access it with tomee/tomee
>> > * Now set...
>> >
>> > 
>> >   
>> >   
>> > 
>> >
>> > ... and try to access it with "tomee/tomee". It finally blocks the
>> access.
>> > It will only with with "tomee/tomis".
>> >
>> > I'm not able to check or fix this right now. Feel free to investigate it.
>> >
>> > []s,
>> > Thiago.
>> >
>> >
>> >
>> >
>> >
>> >
>> > On Mon, May 12, 2014 at 9:31 AM, David Blevins > >wrote:
>> >
>> >> My +1.
>> >>
>> >>
>> >> --
>> >> David Blevins
>> >> http://twitter.com/dblevins
>> >> http://www.tomitribe.com
>> >>
>> >> On May 6, 2014, at 2:29 PM, Andy Gumbrecht 
>> >> wrote:
>> >>
>> >> > Hi Everyone,
>> >> >
>> >> > I have rolled out the 1.6.0.2 security release for a vote.
>> >> >
>> >> > The *only *difference to 1.6.0.1 is an upgrade to CXF 2.6.14 to fix
>> the
>> >> 2014 (that's the year not the count) security issues found here:
>> >> > http://cxf.apache.org/security-advisories.html
>> >> >
>> >> > SVN Tag:
>> >> >
>> >> > https://svn.apache.org/repos/asf/tomee/tomee/tags/tomee-1.6.0.2/
>> >> >
>> >> > Maven Repo:
>> >> >
>> >> >
>> https://repository.apache.org/content/repositories/orgapachetomee-1016
>> >> >
>> >> > Binaries & Source:
>> >> >
>> >> >
>> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/
>> >> >
>> >> > The vote will be open for 72 hours or as needed.
>> >> >
>> >> > Thanks for your time,
>> >> >
>> >> > Andy.
>> >> >
>> >> > --
>> >> >  Andy Gumbrecht
>> >> >
>> >> >  http://www.tomitribe.com
>> >> >  agumbre...@tomitribe.com
>> >> >  https://twitter.com/AndyGeeDe
>> >> >
>> >> >  TomEE treibt Tomitribe! |http://tomee.apache.org
>> >> >
>> >>
>> >>
>>

default tomee credentials (WAS: [VOTE] TomEE 1.6.0.2...)

[Thiago Veronezi]

Oh... I didn't know about that. I probably missed that discussion.

imo, it looks dangerous. It means that commenting out all the credentials
from "tomee-users.xml" changes the default tomcat behavior one expects to
see.

[]s,
Thiago.






On Mon, May 12, 2014 at 11:16 AM, Romain Manni-Bucau
wrote:

> Hi
>
> since some times (think it is 1.6.0 but not sure) tomee:tomee user is
> added automatically by default. -Dopenejb.profile=prod to get rid of
> it
>
>
> Romain Manni-Bucau
> Twitter: @rmannibucau
> Blog: http://rmannibucau.wordpress.com/
> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> Github: https://github.com/rmannibucau
>
>
> 2014-05-12 16:25 GMT+02:00 Thiago Veronezi :
> > Guys,
> >
> > Sorry for the late notice, but can you verify this? It looks like the
> > server completely ignores the fact that the default "tomee" credentials
> are
> > commented out in "tomcat-users.xml".
> >
> > How to test?
> >
> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/apache-tomee-1.6.0.2-plus.tar.gz
> >
> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/tomee-webaccess-1.6.0.2.war
> >
> > * Install webaccess
> > * try to access it with tomee/tomee. You should not be able because the
> > credentials are commented out.
> > * Now remove it completely and let the "tomcat-users" list empty. You are
> > again able to access it with tomee/tomee
> > * Now set...
> >
> > 
> >   
> >   
> > 
> >
> > ... and try to access it with "tomee/tomee". It finally blocks the
> access.
> > It will only with with "tomee/tomis".
> >
> > I'm not able to check or fix this right now. Feel free to investigate it.
> >
> > []s,
> > Thiago.
> >
> >
> >
> >
> >
> >
> > On Mon, May 12, 2014 at 9:31 AM, David Blevins  >wrote:
> >
> >> My +1.
> >>
> >>
> >> --
> >> David Blevins
> >> http://twitter.com/dblevins
> >> http://www.tomitribe.com
> >>
> >> On May 6, 2014, at 2:29 PM, Andy Gumbrecht 
> >> wrote:
> >>
> >> > Hi Everyone,
> >> >
> >> > I have rolled out the 1.6.0.2 security release for a vote.
> >> >
> >> > The *only *difference to 1.6.0.1 is an upgrade to CXF 2.6.14 to fix
> the
> >> 2014 (that's the year not the count) security issues found here:
> >> > http://cxf.apache.org/security-advisories.html
> >> >
> >> > SVN Tag:
> >> >
> >> > https://svn.apache.org/repos/asf/tomee/tomee/tags/tomee-1.6.0.2/
> >> >
> >> > Maven Repo:
> >> >
> >> >
> https://repository.apache.org/content/repositories/orgapachetomee-1016
> >> >
> >> > Binaries & Source:
> >> >
> >> >
> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/
> >> >
> >> > The vote will be open for 72 hours or as needed.
> >> >
> >> > Thanks for your time,
> >> >
> >> > Andy.
> >> >
> >> > --
> >> >  Andy Gumbrecht
> >> >
> >> >  http://www.tomitribe.com
> >> >  agumbre...@tomitribe.com
> >> >  https://twitter.com/AndyGeeDe
> >> >
> >> >  TomEE treibt Tomitribe! |http://tomee.apache.org
> >> >
> >>
> >>
>

PMC and voting

[David Blevins]

Some basic information on PMCs and voting:

 - http://tomee.apache.org/management-and-voting.html

Short answer, being on the PMC brings more work and no additional authority.  
That work is primarily scanning the legal files every single release before you 
vote.  Scanning them means you need to fully understand what they are and how 
they work, when they need updating and how to do that.  You become part of 
Apache's legal shield against legal trouble.  Being on the PMC and not 
understanding or performing all the above and still voting, significantly 
weakens Apache should any legal issue arise.

Here's also a list of all our committers:

 - http://people.apache.org/committers-by-project.html#tomee

Looking at our PMC list, it needs to be updated.  Kevan actually resigned as he 
no longer has time to do any of the work.

We should probably add a couple more people.


-David

Re: default tomee credentials (WAS: [VOTE] TomEE 1.6.0.2...)

[Thiago Veronezi]

Please read "tomcat-users.xml" where I write "tomee-users.xml".


On Mon, May 12, 2014 at 12:25 PM, Thiago Veronezi wrote:

>
> Oh... I didn't know about that. I probably missed that discussion.
>
> imo, it looks dangerous. It means that commenting out all the credentials
> from "tomee-users.xml" changes the default tomcat behavior one expects to
> see.
>
> []s,
> Thiago.
>
>
>
>
>
>
> On Mon, May 12, 2014 at 11:16 AM, Romain Manni-Bucau <
> rmannibu...@gmail.com> wrote:
>
>> Hi
>>
>> since some times (think it is 1.6.0 but not sure) tomee:tomee user is
>> added automatically by default. -Dopenejb.profile=prod to get rid of
>> it
>>
>>
>> Romain Manni-Bucau
>> Twitter: @rmannibucau
>> Blog: http://rmannibucau.wordpress.com/
>> LinkedIn: http://fr.linkedin.com/in/rmannibucau
>> Github: https://github.com/rmannibucau
>>
>>
>> 2014-05-12 16:25 GMT+02:00 Thiago Veronezi :
>> > Guys,
>> >
>> > Sorry for the late notice, but can you verify this? It looks like the
>> > server completely ignores the fact that the default "tomee" credentials
>> are
>> > commented out in "tomcat-users.xml".
>> >
>> > How to test?
>> >
>> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/apache-tomee-1.6.0.2-plus.tar.gz
>> >
>> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/tomee-webaccess-1.6.0.2.war
>> >
>> > * Install webaccess
>> > * try to access it with tomee/tomee. You should not be able because the
>> > credentials are commented out.
>> > * Now remove it completely and let the "tomcat-users" list empty. You
>> are
>> > again able to access it with tomee/tomee
>> > * Now set...
>> >
>> > 
>> >   
>> >   
>> > 
>> >
>> > ... and try to access it with "tomee/tomee". It finally blocks the
>> access.
>> > It will only with with "tomee/tomis".
>> >
>> > I'm not able to check or fix this right now. Feel free to investigate
>> it.
>> >
>> > []s,
>> > Thiago.
>> >
>> >
>> >
>> >
>> >
>> >
>> > On Mon, May 12, 2014 at 9:31 AM, David Blevins > >wrote:
>> >
>> >> My +1.
>> >>
>> >>
>> >> --
>> >> David Blevins
>> >> http://twitter.com/dblevins
>> >> http://www.tomitribe.com
>> >>
>> >> On May 6, 2014, at 2:29 PM, Andy Gumbrecht 
>> >> wrote:
>> >>
>> >> > Hi Everyone,
>> >> >
>> >> > I have rolled out the 1.6.0.2 security release for a vote.
>> >> >
>> >> > The *only *difference to 1.6.0.1 is an upgrade to CXF 2.6.14 to fix
>> the
>> >> 2014 (that's the year not the count) security issues found here:
>> >> > http://cxf.apache.org/security-advisories.html
>> >> >
>> >> > SVN Tag:
>> >> >
>> >> > https://svn.apache.org/repos/asf/tomee/tomee/tags/tomee-1.6.0.2/
>> >> >
>> >> > Maven Repo:
>> >> >
>> >> >
>> https://repository.apache.org/content/repositories/orgapachetomee-1016
>> >> >
>> >> > Binaries & Source:
>> >> >
>> >> >
>> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/
>> >> >
>> >> > The vote will be open for 72 hours or as needed.
>> >> >
>> >> > Thanks for your time,
>> >> >
>> >> > Andy.
>> >> >
>> >> > --
>> >> >  Andy Gumbrecht
>> >> >
>> >> >  http://www.tomitribe.com
>> >> >  agumbre...@tomitribe.com
>> >> >  https://twitter.com/AndyGeeDe
>> >> >
>> >> >  TomEE treibt Tomitribe! |http://tomee.apache.org
>> >> >
>> >>
>> >>
>>
>
>

Re: [VOTE] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[Romain Manni-Bucau]

Hi

since some times (think it is 1.6.0 but not sure) tomee:tomee user is
added automatically by default. -Dopenejb.profile=prod to get rid of
it


Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau


2014-05-12 16:25 GMT+02:00 Thiago Veronezi :
> Guys,
>
> Sorry for the late notice, but can you verify this? It looks like the
> server completely ignores the fact that the default "tomee" credentials are
> commented out in "tomcat-users.xml".
>
> How to test?
> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/apache-tomee-1.6.0.2-plus.tar.gz
> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/tomee-webaccess-1.6.0.2.war
>
> * Install webaccess
> * try to access it with tomee/tomee. You should not be able because the
> credentials are commented out.
> * Now remove it completely and let the "tomcat-users" list empty. You are
> again able to access it with tomee/tomee
> * Now set...
>
> 
>   
>   
> 
>
> ... and try to access it with "tomee/tomee". It finally blocks the access.
> It will only with with "tomee/tomis".
>
> I'm not able to check or fix this right now. Feel free to investigate it.
>
> []s,
> Thiago.
>
>
>
>
>
>
> On Mon, May 12, 2014 at 9:31 AM, David Blevins wrote:
>
>> My +1.
>>
>>
>> --
>> David Blevins
>> http://twitter.com/dblevins
>> http://www.tomitribe.com
>>
>> On May 6, 2014, at 2:29 PM, Andy Gumbrecht 
>> wrote:
>>
>> > Hi Everyone,
>> >
>> > I have rolled out the 1.6.0.2 security release for a vote.
>> >
>> > The *only *difference to 1.6.0.1 is an upgrade to CXF 2.6.14 to fix the
>> 2014 (that's the year not the count) security issues found here:
>> > http://cxf.apache.org/security-advisories.html
>> >
>> > SVN Tag:
>> >
>> > https://svn.apache.org/repos/asf/tomee/tomee/tags/tomee-1.6.0.2/
>> >
>> > Maven Repo:
>> >
>> > https://repository.apache.org/content/repositories/orgapachetomee-1016
>> >
>> > Binaries & Source:
>> >
>> > https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/
>> >
>> > The vote will be open for 72 hours or as needed.
>> >
>> > Thanks for your time,
>> >
>> > Andy.
>> >
>> > --
>> >  Andy Gumbrecht
>> >
>> >  http://www.tomitribe.com
>> >  agumbre...@tomitribe.com
>> >  https://twitter.com/AndyGeeDe
>> >
>> >  TomEE treibt Tomitribe! |http://tomee.apache.org
>> >
>>
>>

Re: [RESULT] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[David Blevins]

Release voting is the only "abnormal" voting.  It requires a minimum vote: 3 
+1s from PMC members to ensure legal oversight.

-David

On May 12, 2014, at 5:21 AM, agumbrecht  wrote:

> Thanks Daniel,
> 
> Was kind of leaning on the 'Commit-Then-Review, Consensus Gauging through
> Silence' to get this out, but now we're happy!
> 
> That brings us to:
> 
> +1's
> Jean-Louis Monteiro (PMC)
> Romain Manni-Bucau
> Andy Gumbrecht
> Jeff Genender
> Helio Frota
> Karan Malhi
> Jonathan Gallimore (PMC) 
> Daniel Stefan Haischt (PMC)
> 
> So it's a done deal.
> 
> Andy.
> 
> 
> 
> -
>  -- 
>  Andy Gumbrecht
> 
>  http://www.tomitribe.com
>  agumbre...@tomitribe.com
>  https://twitter.com/AndyGeeDe
> 
>  TomEE treibt Tomitribe ! | http://tomee.apache.org
> --
> View this message in context: 
> http://openejb.979440.n4.nabble.com/RESULT-TomEE-1-6-0-2-OpenEJB-4-6-0-2-staging-1016-tp4669245p4669249.html
> Sent from the OpenEJB Dev mailing list archive at Nabble.com.
> 

Re: [VOTE] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[Thiago Veronezi]

Guys,

Sorry for the late notice, but can you verify this? It looks like the
server completely ignores the fact that the default "tomee" credentials are
commented out in "tomcat-users.xml".

How to test?
https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/apache-tomee-1.6.0.2-plus.tar.gz
https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/tomee-webaccess-1.6.0.2.war

* Install webaccess
* try to access it with tomee/tomee. You should not be able because the
credentials are commented out.
* Now remove it completely and let the "tomcat-users" list empty. You are
again able to access it with tomee/tomee
* Now set...


  
  


... and try to access it with "tomee/tomee". It finally blocks the access.
It will only with with "tomee/tomis".

I'm not able to check or fix this right now. Feel free to investigate it.

[]s,
Thiago.






On Mon, May 12, 2014 at 9:31 AM, David Blevins wrote:

> My +1.
>
>
> --
> David Blevins
> http://twitter.com/dblevins
> http://www.tomitribe.com
>
> On May 6, 2014, at 2:29 PM, Andy Gumbrecht 
> wrote:
>
> > Hi Everyone,
> >
> > I have rolled out the 1.6.0.2 security release for a vote.
> >
> > The *only *difference to 1.6.0.1 is an upgrade to CXF 2.6.14 to fix the
> 2014 (that's the year not the count) security issues found here:
> > http://cxf.apache.org/security-advisories.html
> >
> > SVN Tag:
> >
> > https://svn.apache.org/repos/asf/tomee/tomee/tags/tomee-1.6.0.2/
> >
> > Maven Repo:
> >
> > https://repository.apache.org/content/repositories/orgapachetomee-1016
> >
> > Binaries & Source:
> >
> > https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/
> >
> > The vote will be open for 72 hours or as needed.
> >
> > Thanks for your time,
> >
> > Andy.
> >
> > --
> >  Andy Gumbrecht
> >
> >  http://www.tomitribe.com
> >  agumbre...@tomitribe.com
> >  https://twitter.com/AndyGeeDe
> >
> >  TomEE treibt Tomitribe! |http://tomee.apache.org
> >
>
>

Re: [RESULT] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[Andy Gumbrecht]

David just cam on and gave a +1, so rolling now for sure ;-)

Thank you everyone!

On 12/05/2014 15:33, dsh wrote:

Not sure I am on the PMC maybe one day in the future ;)

Cheers
Daniel


On Mon, May 12, 2014 at 2:21 PM, agumbrecht wrote:


Thanks Daniel,

Was kind of leaning on the 'Commit-Then-Review, Consensus Gauging through
Silence' to get this out, but now we're happy!

That brings us to:

+1's
Jean-Louis Monteiro (PMC)
Romain Manni-Bucau
Andy Gumbrecht
Jeff Genender
Helio Frota
Karan Malhi
Jonathan Gallimore (PMC)
Daniel Stefan Haischt (PMC)

So it's a done deal.

Andy.



-
 --
 Andy Gumbrecht

 http://www.tomitribe.com
 agumbre...@tomitribe.com
 https://twitter.com/AndyGeeDe

 TomEE treibt Tomitribe ! | http://tomee.apache.org
--
View this message in context:
http://openejb.979440.n4.nabble.com/RESULT-TomEE-1-6-0-2-OpenEJB-4-6-0-2-staging-1016-tp4669245p4669249.html
Sent from the OpenEJB Dev mailing list archive at Nabble.com.



--
  Andy Gumbrecht

  http://www.tomitribe.com
  agumbre...@tomitribe.com
  https://twitter.com/AndyGeeDe

  TomEE treibt Tomitribe! | http://tomee.apache.org

Re: [RESULT] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[dsh]

Not sure I am on the PMC maybe one day in the future ;)

Cheers
Daniel


On Mon, May 12, 2014 at 2:21 PM, agumbrecht wrote:

> Thanks Daniel,
>
> Was kind of leaning on the 'Commit-Then-Review, Consensus Gauging through
> Silence' to get this out, but now we're happy!
>
> That brings us to:
>
> +1's
> Jean-Louis Monteiro (PMC)
> Romain Manni-Bucau
> Andy Gumbrecht
> Jeff Genender
> Helio Frota
> Karan Malhi
> Jonathan Gallimore (PMC)
> Daniel Stefan Haischt (PMC)
>
> So it's a done deal.
>
> Andy.
>
>
>
> -
> --
> Andy Gumbrecht
>
> http://www.tomitribe.com
> agumbre...@tomitribe.com
> https://twitter.com/AndyGeeDe
>
> TomEE treibt Tomitribe ! | http://tomee.apache.org
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/RESULT-TomEE-1-6-0-2-OpenEJB-4-6-0-2-staging-1016-tp4669245p4669249.html
> Sent from the OpenEJB Dev mailing list archive at Nabble.com.
>

Re: [VOTE] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[David Blevins]

My +1.


-- 
David Blevins
http://twitter.com/dblevins
http://www.tomitribe.com

On May 6, 2014, at 2:29 PM, Andy Gumbrecht  wrote:

> Hi Everyone,
> 
> I have rolled out the 1.6.0.2 security release for a vote.
> 
> The *only *difference to 1.6.0.1 is an upgrade to CXF 2.6.14 to fix the 2014 
> (that's the year not the count) security issues found here:
> http://cxf.apache.org/security-advisories.html
> 
> SVN Tag:
> 
> https://svn.apache.org/repos/asf/tomee/tomee/tags/tomee-1.6.0.2/
> 
> Maven Repo:
> 
> https://repository.apache.org/content/repositories/orgapachetomee-1016
> 
> Binaries & Source:
> 
> https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/
> 
> The vote will be open for 72 hours or as needed.
> 
> Thanks for your time,
> 
> Andy.
> 
> -- 
>  Andy Gumbrecht
> 
>  http://www.tomitribe.com
>  agumbre...@tomitribe.com
>  https://twitter.com/AndyGeeDe
> 
>  TomEE treibt Tomitribe! |http://tomee.apache.org
> 

Re: [RESULT] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[dsh]

I just voted on the vote thread in case you need another +1.

Cheers
Daniel


On Mon, May 12, 2014 at 1:39 PM, Romain Manni-Bucau
wrote:

> seems one binding vote is missing no?
>
>
> Romain Manni-Bucau
> Twitter: @rmannibucau
> Blog: http://rmannibucau.wordpress.com/
> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> Github: https://github.com/rmannibucau
>
>
> 2014-05-12 13:27 GMT+02:00 Andy Gumbrecht :
> > Unless anyone has serious issues with this vote I will release the
> binaries
> > for TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016) based on the following
> > result:
> >
> > +1's
> > Jean-Louis Monteiro
> > Romain Manni-Bucau
> > Andy Gumbrecht
> > Jeff Genender
> > Helio Frota
> > Karan Malhi
> > Jonathan Gallimore
> >
> > No other recorded votes.
> >
> > I know the Apache mails may have been down for maintenance, but this has
> run
> > for long enough and due to the relatively minor change is deemed as
> passed.
> >
> > Andy Gumbrecht.
> >
> > --
> >   Andy Gumbrecht
> >
> >   http://www.tomitribe.com
> >   agumbre...@tomitribe.com
> >   https://twitter.com/AndyGeeDe
> >
> >   TomEE treibt Tomitribe! | http://tomee.apache.org
> >
>

Re: [RESULT] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[Jean-Louis Monteiro]

Thanks
Le 12 mai 2014 05:29, "agumbrecht"  a écrit :

> Thanks Daniel,
>
> Was kind of leaning on the 'Commit-Then-Review, Consensus Gauging through
> Silence' to get this out, but now we're happy!
>
> That brings us to:
>
> +1's
> Jean-Louis Monteiro (PMC)
> Romain Manni-Bucau
> Andy Gumbrecht
> Jeff Genender
> Helio Frota
> Karan Malhi
> Jonathan Gallimore (PMC)
> Daniel Stefan Haischt (PMC)
>
> So it's a done deal.
>
> Andy.
>
>
>
> -
> --
> Andy Gumbrecht
>
> http://www.tomitribe.com
> agumbre...@tomitribe.com
> https://twitter.com/AndyGeeDe
>
> TomEE treibt Tomitribe ! | http://tomee.apache.org
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/RESULT-TomEE-1-6-0-2-OpenEJB-4-6-0-2-staging-1016-tp4669245p4669249.html
> Sent from the OpenEJB Dev mailing list archive at Nabble.com.
>

Re: [RESULT] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[agumbrecht]

Thanks Daniel,

Was kind of leaning on the 'Commit-Then-Review, Consensus Gauging through
Silence' to get this out, but now we're happy!

That brings us to:

+1's
Jean-Louis Monteiro (PMC)
Romain Manni-Bucau
Andy Gumbrecht
Jeff Genender
Helio Frota
Karan Malhi
Jonathan Gallimore (PMC) 
Daniel Stefan Haischt (PMC)

So it's a done deal.

Andy.



-
-- 
Andy Gumbrecht

http://www.tomitribe.com
agumbre...@tomitribe.com
https://twitter.com/AndyGeeDe

TomEE treibt Tomitribe ! | http://tomee.apache.org
--
View this message in context: 
http://openejb.979440.n4.nabble.com/RESULT-TomEE-1-6-0-2-OpenEJB-4-6-0-2-staging-1016-tp4669245p4669249.html
Sent from the OpenEJB Dev mailing list archive at Nabble.com.

Re: [VOTE] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[dsh]

+1

Cheers
Daniel


On Tue, May 6, 2014 at 10:10 PM, Andy Gumbrecht wrote:

> Hi Everyone,
>
> I have rolled out the 1.6.0.2 security release for a vote.
>
> The *only *difference to 1.6.0.1 is an upgrade to CXF 2.6.14 to fix the
> 2014 (that's the year not the count) security issues found here:
> http://cxf.apache.org/security-advisories.html
>
> SVN Tag:
>
>  https://svn.apache.org/repos/asf/tomee/tomee/tags/tomee-1.6.0.2/
>
> Maven Repo:
>
>  https://repository.apache.org/content/repositories/orgapachetomee-1016
>
> Binaries & Source:
>
>  https://dist.apache.org/repos/dist/dev/tomee/staging-1016/tomee-1.6.0.2/
>
> The vote will be open for 72 hours or as needed.
>
> Thanks for your time,
>
> Andy.
>
> --
>   Andy Gumbrecht
>
>   http://www.tomitribe.com
>   agumbre...@tomitribe.com
>   https://twitter.com/AndyGeeDe
>
>   TomEE treibt Tomitribe! | http://tomee.apache.org
>
>

Re: [RESULT] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[Romain Manni-Bucau]

seems one binding vote is missing no?


Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau


2014-05-12 13:27 GMT+02:00 Andy Gumbrecht :
> Unless anyone has serious issues with this vote I will release the binaries
> for TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016) based on the following
> result:
>
> +1's
> Jean-Louis Monteiro
> Romain Manni-Bucau
> Andy Gumbrecht
> Jeff Genender
> Helio Frota
> Karan Malhi
> Jonathan Gallimore
>
> No other recorded votes.
>
> I know the Apache mails may have been down for maintenance, but this has run
> for long enough and due to the relatively minor change is deemed as passed.
>
> Andy Gumbrecht.
>
> --
>   Andy Gumbrecht
>
>   http://www.tomitribe.com
>   agumbre...@tomitribe.com
>   https://twitter.com/AndyGeeDe
>
>   TomEE treibt Tomitribe! | http://tomee.apache.org
>

[RESULT] TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016)

[Andy Gumbrecht]

Unless anyone has serious issues with this vote I will release the 
binaries for TomEE 1.6.0.2/OpenEJB 4.6.0.2 (staging-1016) based on the 
following result:


+1's
Jean-Louis Monteiro
Romain Manni-Bucau
Andy Gumbrecht
Jeff Genender
Helio Frota
Karan Malhi
Jonathan Gallimore

No other recorded votes.

I know the Apache mails may have been down for maintenance, but this has 
run for long enough and due to the relatively minor change is deemed as 
passed.


Andy Gumbrecht.

--
  Andy Gumbrecht

  http://www.tomitribe.com
  agumbre...@tomitribe.com
  https://twitter.com/AndyGeeDe

  TomEE treibt Tomitribe! | http://tomee.apache.org

Re: Maven / tomEE

[agumbrecht]

When faced with this challenge in the past I used the following to regularly
create a directory listing of all jars.

http://maven.apache.org/plugins/maven-dependency-plugin/examples/copying-project-dependencies.html

I could usually see at a glance if duplicate libraries were sneaking in, but
also had a small program to check for duplicates.

I regularly try and pull up all deps into the TomEE top parent pom, so it's
easy to search that file before pulling in a dep in your project.

Andy.



-
-- 
Andy Gumbrecht

http://www.tomitribe.com
agumbre...@tomitribe.com
https://twitter.com/AndyGeeDe

TomEE treibt Tomitribe ! | http://tomee.apache.org
--
View this message in context: 
http://openejb.979440.n4.nabble.com/Maven-tomEE-tp4669168p4669208.html
Sent from the OpenEJB Dev mailing list archive at Nabble.com.

Re: [VOTE] org.apache.openejb.patch:openjpa-parent:2.4.0-nonfinal-1591689

[Romain Manni-Bucau]

Hi

just do the two releases at the same time and push a single vote on
them. No link between poms. If one of both fails both fails then.


Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau


2014-05-12 11:09 GMT+02:00 Andy Gumbrecht :
> OK, so I guess I just add the repo to the parent pom for now, but how do we
> release it then?
>
> If we vote on TomEE, and then release the library and change the TomEE pom
> to point to the release then this would mean we have to vote again because
> technically it is a change to TomEE post vote - Seems like a catch 22
> situation to me.
>
> That's why I put the vote out on this library, because it needs to be stable
> 'before' we add it to TomEE, so that TomEE 'then' becomes stable.
>
> Andy.
>
>
>
> On 11/05/2014 15:12, Jean-Louis Monteiro wrote:
>>
>> yep I think so we never vote single deps.
>>
>> JLouis
>>
>> --
>> Jean-Louis Monteiro
>> http://twitter.com/jlouismonteiro
>> http://www.tomitribe.com
>>
>>
>> On Sun, May 11, 2014 at 12:56 AM, Romain Manni-Bucau
>> wrote:
>>
>>> Hi Andy,
>>>
>>> Dont we vote it with tomee 1.7.0? Different scm info but same vote?
>>> Le 11 mai 2014 07:09, "Andy Gumbrecht"  a écrit
>>> :
>>>
 Hi Everyone,

 Please take the time to vote on the org.apache.openejb.patch:
 openjpa-parent:2.4.0-nonfinal-1591689 binaries.

 These binaries are taken off the OpenJPA trunk revision 1591689.
 The tag is to stabilize OpenJPA  for Java 6/7/8 and the forthcoming
 TomEE
 1.7.x release.

 SVN Tag:

 https://svn.apache.org/repos/asf/tomee/deps/tags/openjpa-2.4.0-1591689

 Maven Repo:

 https://repository.apache.org/content/repositories/orgapachetomee-1022

 The vote will be open for 72 hours or as needed.

 Thanks for your time,

 Andy.

 --
Andy Gumbrecht

http://www.tomitribe.com
agumbre...@tomitribe.com
https://twitter.com/AndyGeeDe

TomEE treibt Tomitribe! | http://tomee.apache.org


>
> --
>   Andy Gumbrecht
>
>   http://www.tomitribe.com
>   agumbre...@tomitribe.com
>   https://twitter.com/AndyGeeDe
>
>   TomEE treibt Tomitribe! | http://tomee.apache.org
>

Re: [VOTE] org.apache.openejb.patch:openjpa-parent:2.4.0-nonfinal-1591689

[Andy Gumbrecht]

OK, so I guess I just add the repo to the parent pom for now, but how do 
we release it then?


If we vote on TomEE, and then release the library and change the TomEE 
pom to point to the release then this would mean we have to vote again 
because technically it is a change to TomEE post vote - Seems like a 
catch 22 situation to me.


That's why I put the vote out on this library, because it needs to be 
stable 'before' we add it to TomEE, so that TomEE 'then' becomes stable.


Andy.


On 11/05/2014 15:12, Jean-Louis Monteiro wrote:

yep I think so we never vote single deps.

JLouis

--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com


On Sun, May 11, 2014 at 12:56 AM, Romain Manni-Bucau
wrote:


Hi Andy,

Dont we vote it with tomee 1.7.0? Different scm info but same vote?
Le 11 mai 2014 07:09, "Andy Gumbrecht"  a écrit
:


Hi Everyone,

Please take the time to vote on the org.apache.openejb.patch:
openjpa-parent:2.4.0-nonfinal-1591689 binaries.

These binaries are taken off the OpenJPA trunk revision 1591689.
The tag is to stabilize OpenJPA  for Java 6/7/8 and the forthcoming TomEE
1.7.x release.

SVN Tag:

https://svn.apache.org/repos/asf/tomee/deps/tags/openjpa-2.4.0-1591689

Maven Repo:

https://repository.apache.org/content/repositories/orgapachetomee-1022

The vote will be open for 72 hours or as needed.

Thanks for your time,

Andy.

--
   Andy Gumbrecht

   http://www.tomitribe.com
   agumbre...@tomitribe.com
   https://twitter.com/AndyGeeDe

   TomEE treibt Tomitribe! | http://tomee.apache.org




--
  Andy Gumbrecht

  http://www.tomitribe.com
  agumbre...@tomitribe.com
  https://twitter.com/AndyGeeDe

  TomEE treibt Tomitribe! | http://tomee.apache.org

Re: Too Many Open Files

[Thiago Veronezi]

Hi guys,
I did some changes in the debian manipulation. It's faster now...

[INFO] Installing
/home/tveronezi/dev/ws/tomee/trunk/tomee/tomee-deb/target/work-dir/apache-libtomee-plus-java.deb
to
/home/tveronezi/.m2/repository/org/apache/openejb/tomee-deb/1.6.1-SNAPSHOT/tomee-deb-1.6.1-SNAPSHOT-lib-plus.deb
[INFO] Installing
/home/tveronezi/dev/ws/tomee/trunk/tomee/tomee-deb/target/work-dir/apache-libtomee-webprofile-java.deb
to
/home/tveronezi/.m2/repository/org/apache/openejb/tomee-deb/1.6.1-SNAPSHOT/tomee-deb-1.6.1-SNAPSHOT-lib-webprofile.deb
[INFO]

[INFO] BUILD SUCCESS
[INFO]

[INFO] Total time: 37.860 s
[INFO] Finished at: 2014-05-07T22:00:30-05:00
[INFO] Final Memory: 34M/247M
[INFO]

tveronezi@debianboto:~/dev/ws/tomee/trunk/tomee/tomee-deb$

I noticed an issue on windows tough. I will take a look at it tomorrow.
[]s,
Thiago.






On Sun, May 4, 2014 at 10:40 AM, Romain Manni-Bucau
wrote:

> well, we talked about it several times IIRC. The main point was
> community - while we are not enough splitting would add work for
> everyone + inconsistency in releases. Only things we could extract
> would be related to no more developed modules.
>
> If we look we have more or less:
> - openejb container
> - openejb server
> - tomee
> - maven
> - arquillian
>
> (other modules are more or less directly related to these one)
>
> All these modules have got develoment between last release and next one.
>
> The easiest to split would be server part where several modules are
> not touched anymore but they are small enough to be kept.
>
> So globally not sure we and users would benefit from it.
>
>
>
> Romain Manni-Bucau
> Twitter: @rmannibucau
> Blog: http://rmannibucau.wordpress.com/
> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> Github: https://github.com/rmannibucau
>
>
> 2014-05-04 16:33 GMT+02:00 Andy Gumbrecht :
> > I think we're getting to a point where we should be thinking about how we
> > can split things down a bit. There are several areas that are really
> stable
> > and others that are really eating time. Wdyt?
> >
> > --
> > Andy Gumbrecht http://www.tomitribe.com
> > TomEE treibt Tomitribe!
> > Sent from my mobile device. Please excuse my brevity.
> >
> > On May 4, 2014 3:04:05 PM CEST, Romain Manni-Bucau <
> rmannibu...@gmail.com>
> > wrote:
> >>
> >> PS: we test plum distro too now which had a bunch of time too
> >>
> >>
> >> Romain Manni-Bucau
> >> Twitter: @rmannibucau
> >> Blog: http://rmannibucau.wordpress.com/
> >> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> >> Github: https://github.com/rmannibucau
> >>
> >>
> >> 2014-05-04 13:50 GMT+02:00 Romain Manni-Bucau :
> >>>
> >>>  we were at about 3h10 IIRC, buildbot is surely more used than before
> >>>  it breaks so maybe nothing important
> >>>
> >>>
> >>>  Romain Manni-Bucau
> >>>  Twitter: @rmannibucau
> >>>  Blog: http://rmannibucau.wordpress.com/
> >>>  LinkedIn: http://fr.linkedin.com/in/rmannibucau
> >>>  Github: https://github.com/rmannibucau
> >>>
> >>>
> >>>  2014-05-04 12:58 GMT+02:00 Andy Gumbrecht :
> 
>   Just looking at the logs it looks like a runaway process, but also no
>   definitive point. Just lots of IO on files, and that's usually a
>  culprit if
>   they're not getting closed. Also sockets on linux. Also, that last
>  build
>   took 4hrs?
> 
>   --
>   Andy Gumbrecht http://www.tomitribe.com
>   TomEE treibt Tomitribe!
>   Sent from my mobile device. Please excuse my brevity.
> 
> 
>   On May 4, 2014 12:33:39 PM CEST, Romain Manni-Bucau
>  
>   wrote:
> >
> >
> >  what i never found was if it was debian or previous processes, any
> > idea?
> >
> >
> >  Romain Manni-Bucau
> >  Twitter: @rmannibucau
> >  Blog: http://rmannibucau.wordpress.com/
> >  LinkedIn: http://fr.linkedin.com/in/rmannibucau
> >  Github: https://github.com/rmannibucau
> >
> >
> >  2014-05-04 11:33 GMT+02:00 agumbrecht :
> >>
> >>
> >>   It seems the Debian packaging is thrashing the file system.
> >>
> >>   Something in there is not closing streams properly and also the
> >> logging
> >>  is
> >>   consuming a lot of bandwidth.
> >>
> >>   Andy.
> >>
> >>
> >>
> >>   -
> >>   --
> >>   Andy
> >> Gumbrecht
> >>
> >>   http://www.tomitribe.com
> >>   agumbre...@tomitribe.com
> >>   https://twitter.com/AndyGeeDe
> >>
> >>   TomEE treibt Tomitribe ! | http://tomee.apache.org
> >>   --
> >>   View this message in context:
> >>
> >>
> http://openejb.979440.n4.nabble.com/Too-Many-Open-Files-tp4669130.html
> >>   Sent from the OpenEJB Dev mailing list archive at Nabble.com.
>