Re: Update on 4.5.4 release?
On Tue, Nov 28, 2017 at 4:22 PM, Brian Foxwrote: > Not so long ago Sonatype as a commercial entity was openly hostile to > this project. Reference? > I am sorry if that sounds harsh, but personally I am not going to do > anything to advance commercial interests of an unfriendly company. That's your prerogative, of course, but Peter doesn't necessarily represent his company nor the other way round. Peter, any committer can call for a release of any version/branch of any project at any time. You can help by providing (non-binding) voting feedback for any release proposed. If this community has a cold attitude toward your employer, you can suggest to your employer that they attempt to reach-out to this community in order to repair that relationship. Hi Oleg, I was really caught off guard by your assertion and am sorry you feel that way. I'm one of the co-founders and CTO at Sonatype and I can't ever recall a time where anyone was hostile towards http client. I am still actively involved at Apache, through the Maven PMC, Creadur and RAT PMCs and at Infra. We have many other developers who are contributors and PMC members of various Apache projects. Sonatype the company sponsors Apache through Infra donations and still provides the Central repository for everyone to use. We've also helped report vulnerabilities that are uncovered in our research and our CSO even fixed a Xalan vulnerability since there were no devs left on the project. In short, I believe Sonatype and our developers have a healthy and happy relationship with Apache in general. If you believe otherwise, I'd be happy to chat with you off list to understand your concerns. Hi Brian I have no concerns of what so ever. All is well. It is amazing how quickly things get forgotten, though. HC 4.5.4 release is in progress. Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: Update on 4.5.4 release?
On Tue, Nov 28, 2017 at 10:40 AM, Brian Foxwrote: > Hi Gary, this was an issue in 2014 that Ryan Berg helped get fixed: > https://issues.apache.org/jira/browse/XALANJ-2435 (It looks like you were > working with him on the threads when I searched my archives) > The important part is that we released the fix in 2.7.2 :-) Gary > > On Tue, Nov 28, 2017 at 10:28 AM, Gary Gregory > wrote: > > > On Tue, Nov 28, 2017 at 10:22 AM, Brian Fox wrote: > > > > > > > > > > > Not so long ago Sonatype as a commercial entity was openly hostile > to > > > > > this project. > > > > Reference? > > > > > I am sorry if that sounds harsh, but personally I am not going to > do > > > > > anything to advance commercial interests of an unfriendly company. > > > > That's your prerogative, of course, but Peter doesn't necessarily > > > > represent his company nor the other way round. > > > > Peter, any committer can call for a release of any version/branch of > > any > > > > project at any time. You can help by providing (non-binding) voting > > > > feedback for any release proposed. If this community has a cold > > attitude > > > > toward your employer, you can suggest to your employer that they > > attempt > > > > to reach-out to this community in order to repair that relationship. > > > > > > > > > Hi Oleg, I was really caught off guard by your assertion and am sorry > you > > > feel that way. I'm one of the co-founders and CTO at Sonatype and I > can't > > > ever recall a time where anyone was hostile towards http client. > > > > > > I am still actively involved at Apache, through the Maven PMC, Creadur > > and > > > RAT PMCs and at Infra. We have many other developers who are > contributors > > > and PMC members of various Apache projects. Sonatype the company > sponsors > > > Apache through Infra donations and still provides the Central > repository > > > for everyone to use. We've also helped report vulnerabilities that are > > > uncovered in our research and our CSO even fixed a Xalan vulnerability > > > since there were no devs left on the project. > > > > > > > Is there a JIRA for that Xalan issue? I am on the Xalan PMC and while my > > FOSS TODO list is long, I might be able to help at some point. > > > > Gary > > > > > > > In short, I believe Sonatype and our developers have a healthy and > happy > > > relationship with Apache in general. If you believe otherwise, I'd be > > happy > > > to chat with you off list to understand your concerns. > > > > > > --Brian > > > > > >
Re: Update on 4.5.4 release?
Hi Gary, this was an issue in 2014 that Ryan Berg helped get fixed: https://issues.apache.org/jira/browse/XALANJ-2435 (It looks like you were working with him on the threads when I searched my archives) On Tue, Nov 28, 2017 at 10:28 AM, Gary Gregorywrote: > On Tue, Nov 28, 2017 at 10:22 AM, Brian Fox wrote: > > > > > > > > Not so long ago Sonatype as a commercial entity was openly hostile to > > > > this project. > > > Reference? > > > > I am sorry if that sounds harsh, but personally I am not going to do > > > > anything to advance commercial interests of an unfriendly company. > > > That's your prerogative, of course, but Peter doesn't necessarily > > > represent his company nor the other way round. > > > Peter, any committer can call for a release of any version/branch of > any > > > project at any time. You can help by providing (non-binding) voting > > > feedback for any release proposed. If this community has a cold > attitude > > > toward your employer, you can suggest to your employer that they > attempt > > > to reach-out to this community in order to repair that relationship. > > > > > > Hi Oleg, I was really caught off guard by your assertion and am sorry you > > feel that way. I'm one of the co-founders and CTO at Sonatype and I can't > > ever recall a time where anyone was hostile towards http client. > > > > I am still actively involved at Apache, through the Maven PMC, Creadur > and > > RAT PMCs and at Infra. We have many other developers who are contributors > > and PMC members of various Apache projects. Sonatype the company sponsors > > Apache through Infra donations and still provides the Central repository > > for everyone to use. We've also helped report vulnerabilities that are > > uncovered in our research and our CSO even fixed a Xalan vulnerability > > since there were no devs left on the project. > > > > Is there a JIRA for that Xalan issue? I am on the Xalan PMC and while my > FOSS TODO list is long, I might be able to help at some point. > > Gary > > > > In short, I believe Sonatype and our developers have a healthy and happy > > relationship with Apache in general. If you believe otherwise, I'd be > happy > > to chat with you off list to understand your concerns. > > > > --Brian > > >
Re: Update on 4.5.4 release?
On Tue, Nov 28, 2017 at 10:22 AM, Brian Foxwrote: > > > > > Not so long ago Sonatype as a commercial entity was openly hostile to > > > this project. > > Reference? > > > I am sorry if that sounds harsh, but personally I am not going to do > > > anything to advance commercial interests of an unfriendly company. > > That's your prerogative, of course, but Peter doesn't necessarily > > represent his company nor the other way round. > > Peter, any committer can call for a release of any version/branch of any > > project at any time. You can help by providing (non-binding) voting > > feedback for any release proposed. If this community has a cold attitude > > toward your employer, you can suggest to your employer that they attempt > > to reach-out to this community in order to repair that relationship. > > > Hi Oleg, I was really caught off guard by your assertion and am sorry you > feel that way. I'm one of the co-founders and CTO at Sonatype and I can't > ever recall a time where anyone was hostile towards http client. > > I am still actively involved at Apache, through the Maven PMC, Creadur and > RAT PMCs and at Infra. We have many other developers who are contributors > and PMC members of various Apache projects. Sonatype the company sponsors > Apache through Infra donations and still provides the Central repository > for everyone to use. We've also helped report vulnerabilities that are > uncovered in our research and our CSO even fixed a Xalan vulnerability > since there were no devs left on the project. > Is there a JIRA for that Xalan issue? I am on the Xalan PMC and while my FOSS TODO list is long, I might be able to help at some point. Gary > In short, I believe Sonatype and our developers have a healthy and happy > relationship with Apache in general. If you believe otherwise, I'd be happy > to chat with you off list to understand your concerns. > > --Brian >
Re: Update on 4.5.4 release?
> > > Not so long ago Sonatype as a commercial entity was openly hostile to > > this project. > Reference? > > I am sorry if that sounds harsh, but personally I am not going to do > > anything to advance commercial interests of an unfriendly company. > That's your prerogative, of course, but Peter doesn't necessarily > represent his company nor the other way round. > Peter, any committer can call for a release of any version/branch of any > project at any time. You can help by providing (non-binding) voting > feedback for any release proposed. If this community has a cold attitude > toward your employer, you can suggest to your employer that they attempt > to reach-out to this community in order to repair that relationship. Hi Oleg, I was really caught off guard by your assertion and am sorry you feel that way. I'm one of the co-founders and CTO at Sonatype and I can't ever recall a time where anyone was hostile towards http client. I am still actively involved at Apache, through the Maven PMC, Creadur and RAT PMCs and at Infra. We have many other developers who are contributors and PMC members of various Apache projects. Sonatype the company sponsors Apache through Infra donations and still provides the Central repository for everyone to use. We've also helped report vulnerabilities that are uncovered in our research and our CSO even fixed a Xalan vulnerability since there were no devs left on the project. In short, I believe Sonatype and our developers have a healthy and happy relationship with Apache in general. If you believe otherwise, I'd be happy to chat with you off list to understand your concerns. --Brian
Re: Update on 4.5.4 release?
Oleg, On 11/25/17 5:25 AM, Oleg Kalnichevski wrote: > > On Fri, Nov 24, 2017 at 3:06 PM, Peter Lynchwrote: >> Hi Oleg, >> >> I've seen the message a while back where version 5a3 release had higher >> priority over releasing 4.5.4. >> >> http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/201710.mbox/%3C1507798428.15620.5.camel%40apache.org%3E >> >> >> We are using 4.5.2 in Nexus Repository Manager. 4.5.3 has some nice SSL >> related fixes we wanted to pick up, but it also had a regression >> introduced >> https://issues.apache.org/jira/browse/HTTPCLIENT-1831 that is fixed in >> 4.5.4 . The regression breaks a lot of of our integration tests. >> >> It seems a bit odd a minor fix release with regressions is not released >> before an alpha major version is released, but I am not the one doing the >> releasing - easy for me to say. :) >> >> Are you still taking the same release approach this day? Anything I >> can do >> to convince that 4.5.4 be released soon so we can roll more value out to >> our customers? > > Hi Peter > > Not so long ago Sonatype as a commercial entity was openly hostile to > this project. Reference? > I am sorry if that sounds harsh, but personally I am not going to do > anything to advance commercial interests of an unfriendly company. That's your prerogative, of course, but Peter doesn't necessarily represent his company nor the other way round. Peter, any committer can call for a release of any version/branch of any project at any time. You can help by providing (non-binding) voting feedback for any release proposed. If this community has a cold attitude toward your employer, you can suggest to your employer that they attempt to reach-out to this community in order to repair that relationship. You are also free to use a manually-patched version of ASF-released code. *shrug* -chris signature.asc Description: OpenPGP digital signature
Re: Update on 4.5.4 release?
On Fri, Nov 24, 2017 at 3:06 PM, Peter Lynchwrote: Hi Oleg, I've seen the message a while back where version 5a3 release had higher priority over releasing 4.5.4. http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/201710.mbox/%3C1507798428.15620.5.camel%40apache.org%3E We are using 4.5.2 in Nexus Repository Manager. 4.5.3 has some nice SSL related fixes we wanted to pick up, but it also had a regression introduced https://issues.apache.org/jira/browse/HTTPCLIENT-1831 that is fixed in 4.5.4 . The regression breaks a lot of of our integration tests. It seems a bit odd a minor fix release with regressions is not released before an alpha major version is released, but I am not the one doing the releasing - easy for me to say. :) Are you still taking the same release approach this day? Anything I can do to convince that 4.5.4 be released soon so we can roll more value out to our customers? Hi Peter Not so long ago Sonatype as a commercial entity was openly hostile to this project. I am sorry if that sounds harsh, but personally I am not going to do anything to advance commercial interests of an unfriendly company. Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org