>Since there are apparently diverging opinions on the subject >(and also since >I didn't get any +1s for a possible 4.0.3 b1, or a 4.0.2a >release), here's a >formal request for vote. > >On the security problem reported yesterday, affecting the >security manager >sandboxing. We should: ><ballot> >A [ ] Make a full 4.0.3 (or 4.0.2a) release which would only >include the >security fix >B [ ] Make the security fix available as a binary patch for >4.0.2 (it would >take the form of an archive to extract in $CATALINA_HOME, and would be >*small*) >C [ ] Accelerate the release schedule of 4.0.3, which would include the >security fix, as well as fixes for other issues with 4.0.2 >(with Beta 1 on >03/01 and Final on 03/08) ></ballot>
A or B for RPM people are the same works ;) But to be coherent with what we do for 3.3, 4.0.2a seems better, ie 4.0.2 + security fix => 4.0.2a (nothing more nothing less). 4.0.3b1 will be a different story since it involve new code, and it should be also provided. 4.0.2a + 4.0.3b1 :) >In parallel, I'd like to release a first beta of 4.0.3 on >03/01 (depending >on the vote on item 'C' above, the release cycle may be >shorter or longer): ><ballot> >+1 [X] I support the release, and I will help >+0 [ ] I support the release >-0 [ ] I don't support the release >-1 [ ] I'm against the release because: -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
