I think, that the topic would deserve a few more replies.
Jochen
On Fri, Dec 15, 2017 at 6:07 PM, sebb wrote:
> On 15 December 2017 at 16:12, Matt Sicker wrote:
>> There certainly are several ASF projects that have dedicated security@
>> mailing lists (e.g., Tomcat has one). Would bug reporter
On 15/12/2017 11:13, Jochen Wiedmann wrote:
> Hi,
>
> over the last months we have definitely seen our share of security
> related issues. However, I also noticed that we had a tendency to
> loose these threads in the overall noise, resulting in mails like "Did
> anyone reply to the reporter?"
>
+1
Le 17 déc. 2017 12:14, "Mark Thomas" a écrit :
> On 15/12/2017 11:13, Jochen Wiedmann wrote:
> > Hi,
> >
> > over the last months we have definitely seen our share of security
> > related issues. However, I also noticed that we had a tendency to
> > loose these threads in the overall noise, r
+1
Jacques
Le 17/12/2017 à 12:22, Romain Manni-Bucau a écrit :
+1
Le 17 déc. 2017 12:14, "Mark Thomas" a écrit :
On 15/12/2017 11:13, Jochen Wiedmann wrote:
Hi,
over the last months we have definitely seen our share of security
related issues. However, I also noticed that we had a tenden
Whoops. Closing the jiras slipped my mind. Thanks a ton for cleaning those up.
-Rob
> On Dec 17, 2017, at 5:01 AM, Pascal Schumacher (JIRA) wrote:
>
>
> [
> https://issues.apache.org/jira/browse/TEXT-107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
> ]
>
> Pascal S
+0 or +1. Seems ok.
> On Dec 17, 2017, at 7:21 AM, Jacques Le Roux
> wrote:
>
> +1
>
> Jacques
>
>
>> Le 17/12/2017 à 12:22, Romain Manni-Bucau a écrit :
>> +1
>>
>> Le 17 déc. 2017 12:14, "Mark Thomas" a écrit :
>>
>>> On 15/12/2017 11:13, Jochen Wiedmann wrote:
Hi,
over
You are welcome. :-)
Cheers,
Pascal
Am 17.12.2017 um 13:30 schrieb Rob Tompkins:
Whoops. Closing the jiras slipped my mind. Thanks a ton for cleaning those up.
-Rob
On Dec 17, 2017, at 5:01 AM, Pascal Schumacher (JIRA) wrote:
[
https://issues.apache.org/jira/browse/TEXT-107?page=com
Do we really need the JIRA [Closed] messages that are generated when
tidying up after a release?
I suspect not, so I suggest we disable the messages when doing a bulk close.
[I think we used to do this.]
-
To unsubscribe, e-mail:
> On Dec 17, 2017, at 8:17 AM, sebb wrote:
>
> Do we really need the JIRA [Closed] messages that are generated when
> tidying up after a release?
>
> I suspect not, so I suggest we disable the messages when doing a bulk close.
> [I think we used to do this.]
+1 to that. What’s the mechanism h
On 17 December 2017 at 13:26, Rob Tompkins wrote:
>
>
>> On Dec 17, 2017, at 8:17 AM, sebb wrote:
>>
>> Do we really need the JIRA [Closed] messages that are generated when
>> tidying up after a release?
>>
>> I suspect not, so I suggest we disable the messages when doing a bulk close.
>> [I thin
> On Dec 17, 2017, at 8:29 AM, sebb wrote:
>
>> On 17 December 2017 at 13:26, Rob Tompkins wrote:
>>
>>
>>> On Dec 17, 2017, at 8:17 AM, sebb wrote:
>>>
>>> Do we really need the JIRA [Closed] messages that are generated when
>>> tidying up after a release?
>>>
>>> I suspect not, so I sug
FTR, here is the email I sent previously:
On 27 November 2015 at 22:51, sebb wrote:
> I'm not sure we really want all the JIRA Close mails when a component
> has been released.
>
> Too late for Collections, but for future releases:
>
> To avoid sending emails, use a query to select the relevant i
On 17 December 2017 at 14:04, Rob Tompkins wrote:
>
>
>> On Dec 17, 2017, at 8:29 AM, sebb wrote:
>>
>>> On 17 December 2017 at 13:26, Rob Tompkins wrote:
>>>
>>>
On Dec 17, 2017, at 8:17 AM, sebb wrote:
Do we really need the JIRA [Closed] messages that are generated when
ti
I there a requirement to double post to s@a.o? If not switching from s@a.o
to s@c.a.o seems ok.
Gary
On Dec 17, 2017 03:31, "Jochen Wiedmann" wrote:
> I think, that the topic would deserve a few more replies.
>
> Jochen
>
>
> On Fri, Dec 15, 2017 at 6:07 PM, sebb wrote:
> > On 15 December 2017
That needs to be documented on our release page...
Gary
On Dec 17, 2017 07:23, "sebb" wrote:
> FTR, here is the email I sent previously:
>
> On 27 November 2015 at 22:51, sebb wrote:
> > I'm not sure we really want all the JIRA Close mails when a component
> > has been released.
> >
> > Too la
On 17 December 2017 at 15:07, Gary Gregory wrote:
> I there a requirement to double post to s@a.o? If not switching from s@a.o
> to s@c.a.o seems ok.
Huh?
Not sure where the double post ref comes from.
All security issues must be copied to s@a.o.
This is done automatically if users post to s@c.a
+1 (non-binding)
So far I've check:
* Source release matches with source repository.
* Signatures and digests.
* Checked headers, LICENSE and NOTICE files.
* Build (OpenJDK 1.8.0_144 with Maven 3.5.0)
On Dec 16, 2017 14:35, "Gary Gregory" wrote:
> We have fixed quite a few bugs and added some
I'd like to kindly ask other Commons PMC members to check this release
candidate, which VOTE is open for 10 days now. Thanks.
On Dec 14, 2017 17:32, "Sergio Fernández" wrote:
> Thanks Gary and Bruno; I'll register those things to be fixed for upcoming
> releases.
>
> On Thu, Dec 14, 2017 at 8:42
On Dec 17, 2017 08:39, "sebb" wrote:
On 17 December 2017 at 15:07, Gary Gregory wrote:
> I there a requirement to double post to s@a.o? If not switching from s@a.o
> to s@c.a.o seems ok.
Huh?
Not sure where the double post ref comes from.
All security issues must be copied to s@a.o.
This is do
On 15.12.17 14:05, Romain Manni-Bucau wrote:
> Here what I tested:
>
> 1. svn co
> 2. mvn clean install
> 3. mvn source:jar
>
> => the same trash is here
>
> 4. mvn clean source:jar
>
> => same happens
>
> so I guess something more fishy happens :(
What is wrong with
mvn -Preleas
On Sun, Dec 17, 2017 at 6:47 PM, Gary Gregory wrote:
> If they only post to s@a.o, then they will forward to s@c.a.o
>
>
> Who will do this forwarding?
The same persons, or mechanisms, which are forwarding to private @c.a.o now.
Jochen
--
The next time you hear: "Don't reinvent the wheel!"
On 2017-12-17 16:07, Gary Gregory wrote:
> I there a requirement to double post to s@a.o? If not switching from s@a.o
> to s@c.a.o seems ok.
I understand, that s@a.o can be subscribed to s@c.a.o, so there would be no
need for double posting.
[1]
Jochen
1: https://issues.apache.org/jira/brow
Le 17 déc. 2017 19:35, "Thomas Vandahl" a écrit :
On 15.12.17 14:05, Romain Manni-Bucau wrote:
> Here what I tested:
>
> 1. svn co
> 2. mvn clean install
> 3. mvn source:jar
>
> => the same trash is here
>
> 4. mvn clean source:jar
>
> => same happens
>
> so I guess something more fishy happ
Hi
first of all I'm +0.
On 2017-12-15, Jochen Wiedmann wrote:
> As a consequence, I'd like to question how others are handling this.
> Could we have a mailing list, like secur...@commons.apache.org,
> preferrably with subscription limited to private@ members, and
> secur...@apache.org subscribed
24 matches
Mail list logo
