On 1/15/18, 5:47 PM, "Will Herrmann" wrote:
> Alright, in that case, how do I go about getting an Apache CLA on file with
> my employer being involved?
Well, the CLA files are split into the two types.
http://apache.org/dev/new-committers-guide#cla
The Corporate one is the one that would hand
Alright, in that case, how do I go about getting an Apache CLA on file with my
employer being involved?
-Will
> On Jan 15, 2018, at 4:45 PM, Cantor, Scott wrote:
>
> On 1/15/18, 5:41 PM, "Will Herrmann" wrote:
>
>> It’s necessary to get my employer on file even if I’m not doing it on
>> com
On 1/15/18, 5:41 PM, "Will Herrmann" wrote:
> It’s necessary to get my employer on file even if I’m not doing it on company
> time?
That depends on the jurisdiction, I couldn't answer that for you. Most US
states are, I think, work for hire, meaning your employer owns anything you do
that is
It’s necessary to get my employer on file even if I’m not doing it on company
time? Also, in my case, I both have an employer and am self-employed (side
job). How does that work?
-Will
> On Jan 15, 2018, at 4:39 PM, Cantor, Scott wrote:
>
> On 1/14/18, 10:30 PM, "Will Herrmann" wrote:
>
>>
On 1/14/18, 10:30 PM, "Will Herrmann" wrote:
> I’m interested in becoming a committer, although admittedly, I’m only
> interested in building a new release that fixes
> this bug (which was previously stated to already be in the code). What do I
> need to do to make that happen?
Probably the b
Eric J. Schwarzenbach"
> To: j-users@xerces.apache.org
> Date: 01/11/2018 02:05 PM
> Subject: Re: Any Xerces-J 2.12.0 release date
to address CVE-2012-0881?
>
> One might expect "commiter" to imply a coder, but could
someone who
> is not going to actually work o
;Eric J. Schwarzenbach"
> > To: j-users@xerces.apache.org
> > Date: 01/11/2018 02:05 PM
> > Subject: Re: Any Xerces-J 2.12.0 release date to address CVE-2012-0881?
> >
> > One might expect "commiter" to imply a coder, but could someone who
> > is n
chwarzenbach"
> To: j-users@xerces.apache.org
> Date: 01/11/2018 02:05 PM
> Subject: Re: Any Xerces-J 2.12.0 release date to address CVE-2012-0881?
>
> One might expect "commiter" to imply a coder, but could someone who
> is not going to actually work on xerces code be made
One might expect "commiter" to imply a coder, but could someone who is
not going to actually work on xerces code be made a committer? If so,
what skills would such a person need in order to help get the release out?
On 01/11/2018 01:42 PM, Michael Glavassevich wrote:
A lot of what needs to get
A lot of what needs to get done requires write-access and that can only be
done by committers [1]. That's where this project has been hurting for a
long time and where we definitely need help. Of course there are
activities such as testing or doing a build that anyone could do, but
someone with
I too work with an organization that is a bit concerned about using a library
with a 5-year old security issue. If the issue is a lack of volunteers, what
can we do to help, especially given that the fix is already done? Do you need
testers? People to build from source? Something else?
-Will He
As has been the case for a long time, Xerces-J 2.12.0 needs volunteers to
actually make this release happen.
Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org
Gary Gregory wrote on 12/22/2017 01:46:28 PM:
> Good q
Good question. Xerces has been rather... inactive :-(
Gary
On Fri, Dec 22, 2017 at 7:15 AM, Yves Geissbühler <
yves.geissbueh...@incentage.com> wrote:
> Hi all,
> my problem is that Xerces-J 2.11.0 pops up on the OWASP Dependency Check
> [1] having the vulnerability CVE-2012-0881.
>
> After some
Hi all,
my problem is that Xerces-J 2.11.0 pops up on the OWASP Dependency Check [1]
having the vulnerability CVE-2012-0881.
After some investigation I found that CVE-2012-0881 has been indeed fixed and
is scheduled to be released for Xerces-J 2.12.0 [2].
However, no specific release date is
14 matches
Mail list logo
