Re: [draft] Board report is due Dec 20.

2017-12-15 Thread Gary Gregory
The report has been sent to the board for the December 20th meeting. Gary On Wed, Dec 13, 2017 at 1:38 PM, Gary Gregory wrote: > Please advise if you think something should be changed: > -- > > ## Description: > - The Apache Commons project focuses on all aspects of

Re: Security mailing list

2017-12-15 Thread sebb
On 15 December 2017 at 16:12, Matt Sicker wrote: > There certainly are several ASF projects that have dedicated security@ > mailing lists (e.g., Tomcat has one). Would bug reporters still just email > secur...@apache.org and then security@ would forward to the appropriate >

Re: Security mailing list

2017-12-15 Thread Matt Sicker
There certainly are several ASF projects that have dedicated security@ mailing lists (e.g., Tomcat has one). Would bug reporters still just email secur...@apache.org and then security@ would forward to the appropriate commons list? On 15 December 2017 at 08:03, Gilles

Re: [All] Finer-grained MLs

2017-12-15 Thread Gilles
On Fri, 15 Dec 2017 15:17:43 +, sebb wrote: On 15 December 2017 at 14:08, Gilles wrote: On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote: [...] Could we have a mailing list, like secur...@commons.apache.org, [...] I'd like to expand the

Re: [All] Finer-grained MLs (Was: Security mailing list)

2017-12-15 Thread sebb
On 15 December 2017 at 14:08, Gilles wrote: > On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote: >> >> [...] >> Could we have a mailing list, like secur...@commons.apache.org, >> [...] > > > I'd like to expand the suggestion: make component-specific MLs for >

[All] Finer-grained MLs (Was: Security mailing list)

2017-12-15 Thread Gilles
On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote: [...] Could we have a mailing list, like secur...@commons.apache.org, [...] I'd like to expand the suggestion: make component-specific MLs for automatically generated messages (GitHub, JIRA, Nexus) so that people not actively involved

Re: Security mailing list

2017-12-15 Thread Gilles
On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote: Hi, over the last months we have definitely seen our share of security related issues. However, I also noticed that we had a tendency to loose these threads in the overall noise, resulting in mails like "Did anyone reply to the

Re: [VOTE] Release Commons JCS 2.2.1 based on RC3

2017-12-15 Thread Romain Manni-Bucau
Here what I tested: 1. svn co 2. mvn clean install 3. mvn source:jar => the same trash is here 4. mvn clean source:jar => same happens so I guess something more fishy happens :( Romain Manni-Bucau @rmannibucau | Blog

Re: [VOTE] Release Commons JCS 2.2.1 based on RC3

2017-12-15 Thread sebb
The other possible cause is a bad unit test that does not clear up properly. I have seen that in other releases where test output ended up in the main source archives. Try a clean checkout followed by a test and see if the files are created. On 15 December 2017 at 05:58, Romain Manni-Bucau

Security mailing list

2017-12-15 Thread Jochen Wiedmann
Hi, over the last months we have definitely seen our share of security related issues. However, I also noticed that we had a tendency to loose these threads in the overall noise, resulting in mails like "Did anyone reply to the reporter?" No, according to Linus Torvalds, that is perfectly fine,