I compiled a list of all the changes and added them as a pull request.
Please feel free to comment what you think is important to expand upon for
the release notes.
https://github.com/apache/accumulo-website/pull/164
I'm well aware of the policies you linked and quoted: I directly
participated in the discussions which led up to the most recent change
last year.
Since I'm worried about repeating myself and producing another wall of
text in another unsuccessful attempt to clarify all the details, I'll
try to summ
Thanks for the clarification. That was a much longer response than I
anticipated, so I think I am having trouble communicating over email.
I was referencing "https://www.apache.org/dev/release-distribution.html";
which says
For every artifact distributed to the public through Apache channels,
On Tue, Apr 2, 2019 at 9:32 AM Michael Wall wrote:
>
> If I understand this correctly, you are saying the sha1 and md5 are created
> by nexus? I do recall the discussion about moving to the stronger hashes,
> so I was surprised to see sha1 and md5 still listed in the VOTE thread.
They are actual
I doubt there's any more leaks of this, but it's possible it leaks
transitively, via one of those dependencies in our "allow" ruleset for
apilyzer-maven-plugin:
https://github.com/apache/accumulo/blob/master/core/pom.xml#L191-L212
However, users can avoid issues with the older version by simply
de
Yeah there was a lot of thought put into this since it was the whole reason
we went to a 1.9 release line.
My branch that reverts the change:
https://github.com/apache/accumulo/pull/1068
On Tue, Apr 2, 2019 at 9:38 AM Sean Busbey
wrote:
> reviewing my notes from the time period, it looks like I
reviewing my notes from the time period, it looks like I was
attempting to make sure we didn't pull in a commons-collections
version with open CVEs.
have we already confirmed that no part of commons-configuration leaks
into the public API for 2.0?
On Mon, Apr 1, 2019 at 11:22 AM Mike Miller wrot
If I understand this correctly, you are saying the sha1 and md5 are created
by nexus? I do recall the discussion about moving to the stronger hashes,
so I was surprised to see sha1 and md5 still listed in the VOTE thread.
When verifying a release, I want to verify the signatures are correct and I
Thanks Christopher. I just added a comment on
https://github.com/apache/accumulo/issues/1069 and would like to get this
included in the next RC.
On Mon, Apr 1, 2019 at 10:34 PM Christopher wrote:
> This vote fails with {-1, -1, -1, -0, +1}.
> I'll prep an RC3 once the issues identified in the t