Re: Update on 4.5.4 release?

[Oleg Kalnichevski]

On Tue, Nov 28, 2017 at 4:22 PM, Brian Fox  wrote:


 > Not so long ago Sonatype as a commercial entity was openly 
hostile to

 > this project.
 Reference?
 > I am sorry if that sounds harsh, but personally I am not going to 
do

 > anything to advance commercial interests of an unfriendly company.
 That's your prerogative, of course, but Peter doesn't necessarily
 represent his company nor the other way round.
 Peter, any committer can call for a release of any version/branch 
of any

 project at any time. You can help by providing (non-binding) voting
 feedback for any release proposed. If this community has a cold 
attitude
 toward your employer, you can suggest to your employer that they 
attempt

 to reach-out to this community in order to repair that relationship.



Hi Oleg, I was really caught off guard by your assertion and am sorry 
you
feel that way. I'm one of the co-founders and CTO at Sonatype and I 
can't

ever recall a time where anyone was hostile towards http client.

I am still actively involved at Apache, through the Maven PMC, 
Creadur and
RAT PMCs and at Infra. We have many other developers who are 
contributors
and PMC members of various Apache projects. Sonatype the company 
sponsors
Apache through Infra donations and still provides the Central 
repository

for everyone to use. We've also helped report vulnerabilities that are
uncovered in our research and our CSO even fixed a Xalan vulnerability
since there were no devs left on the project.

In short, I believe Sonatype and our developers have a healthy and 
happy
relationship with Apache in general. If you believe otherwise, I'd be 
happy

to chat with you off list to understand your concerns.



Hi Brian

I have no concerns of what so ever. All is well. It is amazing how 
quickly things get forgotten, though.


HC 4.5.4 release is in progress.

Oleg


-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: Update on 4.5.4 release?

[Gary Gregory]

On Tue, Nov 28, 2017 at 10:40 AM, Brian Fox  wrote:

> Hi Gary, this was an issue in 2014 that Ryan Berg helped get fixed:
> https://issues.apache.org/jira/browse/XALANJ-2435  (It looks like you were
> working with him on the threads when I searched my archives)
>

The important part is that we released the fix in 2.7.2 :-)

Gary


>
> On Tue, Nov 28, 2017 at 10:28 AM, Gary Gregory 
> wrote:
>
> > On Tue, Nov 28, 2017 at 10:22 AM, Brian Fox  wrote:
> >
> > > >
> > > > > Not so long ago Sonatype as a commercial entity was openly hostile
> to
> > > > > this project.
> > > > Reference?
> > > > > I am sorry if that sounds harsh, but personally I am not going to
> do
> > > > > anything to advance commercial interests of an unfriendly company.
> > > > That's your prerogative, of course, but Peter doesn't necessarily
> > > > represent his company nor the other way round.
> > > > Peter, any committer can call for a release of any version/branch of
> > any
> > > > project at any time. You can help by providing (non-binding) voting
> > > > feedback for any release proposed. If this community has a cold
> > attitude
> > > > toward your employer, you can suggest to your employer that they
> > attempt
> > > > to reach-out to this community in order to repair that relationship.
> > >
> > >
> > > Hi Oleg, I was really caught off guard by your assertion and am sorry
> you
> > > feel that way. I'm one of the co-founders and CTO at Sonatype and I
> can't
> > > ever recall a time where anyone was hostile towards http client.
> > >
> > > I am still actively involved at Apache, through the Maven PMC, Creadur
> > and
> > > RAT PMCs and at Infra. We have many other developers who are
> contributors
> > > and PMC members of various Apache projects. Sonatype the company
> sponsors
> > > Apache through Infra donations and still provides the Central
> repository
> > > for everyone to use. We've also helped report vulnerabilities that are
> > > uncovered in our research and our CSO even fixed a Xalan vulnerability
> > > since there were no devs left on the project.
> > >
> >
> > Is there a JIRA for that Xalan issue? I am on the Xalan PMC and while my
> > FOSS TODO list is long, I might be able to help at some point.
> >
> > Gary
> >
> >
> > > In short, I believe Sonatype and our developers have a healthy and
> happy
> > > relationship with Apache in general. If you believe otherwise, I'd be
> > happy
> > > to chat with you off list to understand your concerns.
> > >
> > > --Brian
> > >
> >
>

Re: Update on 4.5.4 release?

[Brian Fox]

Hi Gary, this was an issue in 2014 that Ryan Berg helped get fixed:
https://issues.apache.org/jira/browse/XALANJ-2435  (It looks like you were
working with him on the threads when I searched my archives)

On Tue, Nov 28, 2017 at 10:28 AM, Gary Gregory 
wrote:

> On Tue, Nov 28, 2017 at 10:22 AM, Brian Fox  wrote:
>
> > >
> > > > Not so long ago Sonatype as a commercial entity was openly hostile to
> > > > this project.
> > > Reference?
> > > > I am sorry if that sounds harsh, but personally I am not going to do
> > > > anything to advance commercial interests of an unfriendly company.
> > > That's your prerogative, of course, but Peter doesn't necessarily
> > > represent his company nor the other way round.
> > > Peter, any committer can call for a release of any version/branch of
> any
> > > project at any time. You can help by providing (non-binding) voting
> > > feedback for any release proposed. If this community has a cold
> attitude
> > > toward your employer, you can suggest to your employer that they
> attempt
> > > to reach-out to this community in order to repair that relationship.
> >
> >
> > Hi Oleg, I was really caught off guard by your assertion and am sorry you
> > feel that way. I'm one of the co-founders and CTO at Sonatype and I can't
> > ever recall a time where anyone was hostile towards http client.
> >
> > I am still actively involved at Apache, through the Maven PMC, Creadur
> and
> > RAT PMCs and at Infra. We have many other developers who are contributors
> > and PMC members of various Apache projects. Sonatype the company sponsors
> > Apache through Infra donations and still provides the Central repository
> > for everyone to use. We've also helped report vulnerabilities that are
> > uncovered in our research and our CSO even fixed a Xalan vulnerability
> > since there were no devs left on the project.
> >
>
> Is there a JIRA for that Xalan issue? I am on the Xalan PMC and while my
> FOSS TODO list is long, I might be able to help at some point.
>
> Gary
>
>
> > In short, I believe Sonatype and our developers have a healthy and happy
> > relationship with Apache in general. If you believe otherwise, I'd be
> happy
> > to chat with you off list to understand your concerns.
> >
> > --Brian
> >
>

Re: Update on 4.5.4 release?

[Gary Gregory]

On Tue, Nov 28, 2017 at 10:22 AM, Brian Fox  wrote:

> >
> > > Not so long ago Sonatype as a commercial entity was openly hostile to
> > > this project.
> > Reference?
> > > I am sorry if that sounds harsh, but personally I am not going to do
> > > anything to advance commercial interests of an unfriendly company.
> > That's your prerogative, of course, but Peter doesn't necessarily
> > represent his company nor the other way round.
> > Peter, any committer can call for a release of any version/branch of any
> > project at any time. You can help by providing (non-binding) voting
> > feedback for any release proposed. If this community has a cold attitude
> > toward your employer, you can suggest to your employer that they attempt
> > to reach-out to this community in order to repair that relationship.
>
>
> Hi Oleg, I was really caught off guard by your assertion and am sorry you
> feel that way. I'm one of the co-founders and CTO at Sonatype and I can't
> ever recall a time where anyone was hostile towards http client.
>
> I am still actively involved at Apache, through the Maven PMC, Creadur and
> RAT PMCs and at Infra. We have many other developers who are contributors
> and PMC members of various Apache projects. Sonatype the company sponsors
> Apache through Infra donations and still provides the Central repository
> for everyone to use. We've also helped report vulnerabilities that are
> uncovered in our research and our CSO even fixed a Xalan vulnerability
> since there were no devs left on the project.
>

Is there a JIRA for that Xalan issue? I am on the Xalan PMC and while my
FOSS TODO list is long, I might be able to help at some point.

Gary


> In short, I believe Sonatype and our developers have a healthy and happy
> relationship with Apache in general. If you believe otherwise, I'd be happy
> to chat with you off list to understand your concerns.
>
> --Brian
>

Re: Update on 4.5.4 release?

[Brian Fox]

>
> > Not so long ago Sonatype as a commercial entity was openly hostile to
> > this project.
> Reference?
> > I am sorry if that sounds harsh, but personally I am not going to do
> > anything to advance commercial interests of an unfriendly company.
> That's your prerogative, of course, but Peter doesn't necessarily
> represent his company nor the other way round.
> Peter, any committer can call for a release of any version/branch of any
> project at any time. You can help by providing (non-binding) voting
> feedback for any release proposed. If this community has a cold attitude
> toward your employer, you can suggest to your employer that they attempt
> to reach-out to this community in order to repair that relationship.


Hi Oleg, I was really caught off guard by your assertion and am sorry you
feel that way. I'm one of the co-founders and CTO at Sonatype and I can't
ever recall a time where anyone was hostile towards http client.

I am still actively involved at Apache, through the Maven PMC, Creadur and
RAT PMCs and at Infra. We have many other developers who are contributors
and PMC members of various Apache projects. Sonatype the company sponsors
Apache through Infra donations and still provides the Central repository
for everyone to use. We've also helped report vulnerabilities that are
uncovered in our research and our CSO even fixed a Xalan vulnerability
since there were no devs left on the project.

In short, I believe Sonatype and our developers have a healthy and happy
relationship with Apache in general. If you believe otherwise, I'd be happy
to chat with you off list to understand your concerns.

--Brian

Re: Update on 4.5.4 release?

[Christopher Schultz]

Oleg,

On 11/25/17 5:25 AM, Oleg Kalnichevski wrote:
> 
> On Fri, Nov 24, 2017 at 3:06 PM, Peter Lynch  wrote:
>> Hi Oleg,
>>
>> I've seen the message a while back where version 5a3 release had higher
>> priority over releasing 4.5.4.
>>
>> http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/201710.mbox/%3C1507798428.15620.5.camel%40apache.org%3E
>>
>>
>> We are using 4.5.2 in Nexus Repository Manager. 4.5.3 has some nice SSL
>> related fixes we wanted to pick up, but it also had a regression
>> introduced
>> https://issues.apache.org/jira/browse/HTTPCLIENT-1831 that is fixed in
>> 4.5.4 . The regression breaks a lot of of our integration tests.
>>
>> It seems a bit odd a minor fix release with regressions is not released
>> before an alpha major version is released, but I am not the one doing the
>> releasing - easy for me to say. :)
>>
>> Are you still taking the same release approach this day? Anything I
>> can do
>> to convince that 4.5.4 be released soon so we can roll more value out to
>> our customers?
> 
> Hi Peter
> 
> Not so long ago Sonatype as a commercial entity was openly hostile to
> this project.

Reference?

> I am sorry if that sounds harsh, but personally I am not going to do
> anything to advance commercial interests of an unfriendly company.

That's your prerogative, of course, but Peter doesn't necessarily
represent his company nor the other way round.

Peter, any committer can call for a release of any version/branch of any
project at any time. You can help by providing (non-binding) voting
feedback for any release proposed. If this community has a cold attitude
toward your employer, you can suggest to your employer that they attempt
to reach-out to this community in order to repair that relationship.

You are also free to use a manually-patched version of ASF-released
code. *shrug*

-chris



signature.asc
Description: OpenPGP digital signature

Re: Update on 4.5.4 release?

[Oleg Kalnichevski]

On Fri, Nov 24, 2017 at 3:06 PM, Peter Lynch  
wrote:

Hi Oleg,

I've seen the message a while back where version 5a3 release had 
higher

priority over releasing 4.5.4.

http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/201710.mbox/%3C1507798428.15620.5.camel%40apache.org%3E

We are using 4.5.2 in Nexus Repository Manager. 4.5.3 has some nice 
SSL
related fixes we wanted to pick up, but it also had a regression 
introduced

https://issues.apache.org/jira/browse/HTTPCLIENT-1831 that is fixed in
4.5.4 . The regression breaks a lot of of our integration tests.

It seems a bit odd a minor fix release with regressions is not 
released
before an alpha major version is released, but I am not the one doing 
the

releasing - easy for me to say. :)

Are you still taking the same release approach this day? Anything I 
can do
to convince that 4.5.4 be released soon so we can roll more value out 
to

our customers?


Hi Peter

Not so long ago Sonatype as a commercial entity was openly hostile to 
this project. I am sorry if that sounds harsh, but personally I am not 
going to do anything to advance commercial interests of an unfriendly 
company.


Oleg


-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org