VOTE: Take Security seriously or my resignation.

2016-01-06 Thread Peter Firmstone
Option 1.  I propose that we take security seriously, no security patches are to be rejected prior to review, that we review and analyse them properly based on merit. That discussions about security issues be taken seriously. Option 2.  Alternatively I resign my River committer status Please

Re: VOTE: Take Security seriously or my resignation.

2016-01-06 Thread Patricia Shanahan
Please, please cancel this. We do need to have a serious discussion of River future direction. I expect that discussion to take a lot longer than a week, and hope it will involve as many users and potential users of River as possible. For example, we may need to canvas other project mailing

Re: VOTE: Take Security seriously or my resignation.

2016-01-06 Thread James Hurley
+1 -Jim On Jan 06, 2016, at 10:13 AM, Patricia Shanahan wrote: Please, please cancel this. We do need to have a serious discussion of River future direction. I expect that discussion to take a lot longer than a week, and hope it will involve as many users and potential users of

Re: Release 3.0, package rename and ServiceProxyAccessor

2016-01-06 Thread Simon IJskes - QCG
On 06-01-16 18:49, Simon IJskes - QCG wrote: On 06-01-16 13:38, Peter wrote: Your security analysis is too narrow, your thinking like a user, not an attacker. An attacker is not going to send you a proxy to load into a standalone Classloader. She has the choice of the entire classpath, not

Re: Release 3.0, package rename and ServiceProxyAccessor

2016-01-06 Thread Simon IJskes - QCG
On 06-01-16 13:38, Peter wrote: Your security analysis is too narrow, your thinking like a user, not an attacker. An attacker is not going to send you a proxy to load into a standalone Classloader. She has the choice of the entire classpath, not you and not River, that's right it's the

Re: VOTE: Take Security seriously or my resignation.

2016-01-06 Thread Greg Trasuk
Hi Jim: Good to see you back here! Cheers, Greg Trasuk > On Jan 6, 2016, at 10:31 AM, James Hurley wrote: > > +1 > > -Jim > > On Jan 06, 2016, at 10:13 AM, Patricia Shanahan wrote: >> Please, please cancel this. >> >> We do need to have a serious

Re: VOTE: Take Security seriously or my resignation.

2016-01-06 Thread Bryan Thompson
Peter, I think that there might be a consensus for publishing 3.0 and then considering security patches against it. Bryan Bryan Thompson Chief Scientist & Founder SYSTAP, LLC 4501 Tower Road Greensboro, NC 27410 br...@systap.com http://blazegraph.com http://blog.blazegraph.com Blazegraph™

Cancelled. Re: VOTE: Take Security seriously or my resignation.

2016-01-06 Thread Peter
Vote withdrawn. Peter. Sent from my Samsung device.     Include original message Original message From: Patricia Shanahan Sent: 07/01/2016 01:13:23 am To: dev@river.apache.org Subject: Re: VOTE: Take Security seriously or my resignation. Please, please cancel this. We