You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@poi.apache.org by Andreas Beeker <ki...@apache.org> on 2018/08/18 00:14:03 UTC
POI 4.0.0 - also release / use XMLBeans 3.0.1?
Hi,
the subject says it all ... should I use the new XMLBeans version?
To have a reproducible POI release, I would need to reference the XMLBeans jars
from our dist area or the maven repo ... and of course we need to vote for
the XMLBeans release. So in this case, I need to postpone the POI RC.
Andi
Re: [RESULT] [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by Andreas Beeker <ki...@apache.org>.
Hi PJ,
On 8/27/18 12:00 PM, pj.fanning wrote:
> Hi Andi,
>
> I'm not sure how to sign an announce email. It also doesn't seem to be
> common on https://lists.apache.org/list.html?announce@apache.org to have
> signed emails.
You are right ... I couldn't find a reference noting that a release announcement should be signed.
I simply configured it once in my mailer and probably assumed it's a common habit.
So please continue without signing the email.
Andi
Re: [RESULT] [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by "pj.fanning" <fa...@yahoo.com>.
Hi Andi,
I'm not sure how to sign an announce email. It also doesn't seem to be
common on https://lists.apache.org/list.html?announce@apache.org to have
signed emails.
--
Sent from: http://apache-poi.1045710.n5.nabble.com/POI-Dev-f2312866.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
Re: [RESULT] [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by Andreas Beeker <ki...@apache.org>.
Hi PJ,
I've regenerated the website - basically you need to set the FORREST_HOME environment variable
and call $FORREST_HOME/bin/forrest. I've adapted the ant script to the POI version.
Find an example for the announcement mail under ...
http://apache-poi.1045710.n5.nabble.com/ANNOUNCE-Apache-XMLBeans-3-0-0-released-td5731061.html
To: announce@apache.org
cc: dev@poi.apache.org, user@poi.apache.org
And its needs to be signed by your Apache pgp key.
Thanks for caring for the release,
Andi
Re: [RESULT] [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by "pj.fanning" <fa...@yahoo.com>.
Hi Andi,
I've done most of the pieces for the release.
The items that are incomplete are:
* Regenerating the xmlbeans site html using Forrest
* Announcing the release
I'm not sure of the exact command to use Forrest in the xmlbeans setup.
I'm also not sure what `Announcing the release` entails.
--
Sent from: http://apache-poi.1045710.n5.nabble.com/POI-Dev-f2312866.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
Re: [RESULT] [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by "pj.fanning" <fa...@yahoo.com>.
I have a look at doing all the items on the release list at the weekend.
--
Sent from: http://apache-poi.1045710.n5.nabble.com/POI-Dev-f2312866.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
Re: [RESULT] [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by Andreas Beeker <ki...@apache.org>.
Hi PJ,
> I'd prefer not to wait for INFRA-14923. Even Sonatype's Nexus only adds md5
> and sha1 digests.
ACK to not wait for INFRA, but for nexus, I thought you have to provide the hashes in the upload?! -
at least that's what the POI release script is doing.
So you haven't generated the *.asc.md5, *.asc.sha1 files? If you had, please prepare the nexus
repo without those.
> We have complete control over what gets added to
> https://archive.apache.org/dist/poi/release/ ...
ACK.
So what's left for the release to be finished is:
a) replace the old (3.0.0) dist files with the new one in https://dist.apache.org/repos/dist/release/poi/xmlbeans/release/
b) register the new version - you'll receive an automatic mail, when committing to the release directory
c) release the nexus staging repo
d) update the doap file
e) update the website
f) announce the release
which part will you do?
Andi
Re: [RESULT] [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by "pj.fanning" <fa...@yahoo.com>.
I'd prefer not to wait for INFRA-14923. Even Sonatype's Nexus only adds md5
and sha1 digests.
These are generated by Nexus, as opposed to publisher's adding their own
digest files.
I have done some checking on maven central and in the cross section I
checked, no jars had sha256 or sha512 digests.
We have complete control over what gets added to
https://archive.apache.org/dist/poi/release/ and we can definitely use
sha256 and sha512 digests there.
--
Sent from: http://apache-poi.1045710.n5.nabble.com/POI-Dev-f2312866.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[RESULT] [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by Andreas Beeker <ki...@apache.org>.
The vote has passed with 3x +1 from POI / XmlBeans PMCs.
Before we release the nexus staging repo, we might check if SHA-256/SHA-512 now works -
probably not because of INFRA-14923.
And maybe we should remove the *.md5, *.asc.md5, *.asc.sha1 files to keep the
maven repo tidy.
... and for the signing the release ... most of us have weak web-of-trusts, eventually
we should connect more ...
I'll check with PJ, who is releasing/announcing which part within the next days.
Andi.
Re: [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by "pj.fanning" <fa...@yahoo.com>.
+1 for the release
--
Sent from: http://apache-poi.1045710.n5.nabble.com/POI-Dev-f2312866.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
Re: [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by Alain FAGOT BÉAREZ <ab...@for-scala.it>.
+1 for release
Gesendet mit BlueMail
-------- Originale Nachricht --------
Von: "pj.fanning" <fa...@yahoo.com>
Gesendet: Mon Aug 20 07:12:54 GMT-03:00 2018
An: dev@poi.apache.org
Betreff: Re: [VOTE] Apache XMLBeans 3.0.1 release (RC1)
I've updated the staged artifacts for xmlbeans 3.0.1.
https://repository.apache.org/content/repositories/staging/org/apache/xmlbeans/xmlbeans/3.0.1/
and https://dist.apache.org/repos/dist/dev/poi/xmlbeans/
--
Sent from: http://apache-poi.1045710.n5.nabble.com/POI-Dev-f2312866.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
Re: [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by Andreas Beeker <ki...@apache.org>.
+1 from me
... based on the successful POI tests since the update.
We still have a lot of forbidden-apis-check errors, but I think it is ( good enough ;) ) ready for release.
Andi
On 8/20/18 12:12 PM, pj.fanning wrote:
> I've updated the staged artifacts for xmlbeans 3.0.1.
>
> https://repository.apache.org/content/repositories/staging/org/apache/xmlbeans/xmlbeans/3.0.1/
> and https://dist.apache.org/repos/dist/dev/poi/xmlbeans/
Re: [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by "pj.fanning" <fa...@yahoo.com>.
I've updated the staged artifacts for xmlbeans 3.0.1.
https://repository.apache.org/content/repositories/staging/org/apache/xmlbeans/xmlbeans/3.0.1/
and https://dist.apache.org/repos/dist/dev/poi/xmlbeans/
--
Sent from: http://apache-poi.1045710.n5.nabble.com/POI-Dev-f2312866.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
Re: [VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by Andreas Beeker <ki...@apache.org>.
The rat-check (without further excludes) was erroneous ... I guess this means -1
We should also try the forbidden-apis-check ...
Andi
Files with unapproved licenses:
src/tools/org/apache/xmlbeans/impl/xpathgen/XPathGenerationException.java
src/tools/org/apache/xmlbeans/impl/xpathgen/XPathGenerator.java
src/typeimpl/org/apache/xmlbeans/impl/regex/message.properties
src/typeimpl/org/apache/xmlbeans/impl/regex/message_fr.properties
src/typeimpl/org/apache/xmlbeans/impl/regex/message_ja.properties
src/xmlconfig/org/apache/xmlbeans/impl/config/UserTypeImpl.java
src/xmlpublic/org/apache/xmlbeans/UserType.java
src/xmlpublic/org/apache/xmlbeans/XmlOptionsBean.java
src/xmlschema/schema/XML.xsd
src/xpath_xquery/QueryInterface.g
src/xpath_xquery/SelectPathInterface.g
src/xsdschema/schema/XMLSchema.xsd
[VOTE] Apache XMLBeans 3.0.1 release (RC1)
Posted by Andreas Beeker <ki...@apache.org>.
Hi,
PJ prepared artifacts for the release of Apache XMLBeans 3.0.1 (RC1).
The most notable changes in this release are:
- the smaller default entity expansion limit
- API changes to specify the entity expansion limit
https://dist.apache.org/repos/dist/dev/poi/xmlbeans/
Please vote to release the artifacts.
The vote keeps open for 72hrs, 2018-08-22, 23:59 UTC,
planned release announcement date is Friday, 2018-08-24.
I still have to do some verification myself (e.g. rat-check), so I'll vote later.
Andi
-------- Forwarded Message --------
Subject: Re: POI 4.0.0 - also release / use XMLBeans 3.0.1?
Date: Sun, 19 Aug 2018 02:06:28 -0700 (MST)
From: pj.fanning <fa...@yahoo.com>
Reply-To: POI Developers List <de...@poi.apache.org>
To: dev@poi.apache.org
PS xmlbeans 3.0.1 is staged at
https://repository.apache.org/content/repositories/staging/org/apache/xmlbeans/xmlbeans/3.0.1/
and https://dist.apache.org/repos/dist/dev/poi/xmlbeans/
--
Sent from: http://apache-poi.1045710.n5.nabble.com/POI-Dev-f2312866.html
Re: POI 4.0.0 - also release / use XMLBeans 3.0.1?
Posted by "pj.fanning" <fa...@yahoo.com>.
PS xmlbeans 3.0.1 is staged at
https://repository.apache.org/content/repositories/staging/org/apache/xmlbeans/xmlbeans/3.0.1/
and https://dist.apache.org/repos/dist/dev/poi/xmlbeans/
--
Sent from: http://apache-poi.1045710.n5.nabble.com/POI-Dev-f2312866.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
Re: POI 4.0.0 - also release / use XMLBeans 3.0.1?
Posted by "pj.fanning" <fa...@yahoo.com>.
I'm +1 for an xmlbeans 3.0.1 release.
I changed tack a little and am now using new XmlOptions instead of system
properties to control the xmlbeans xml parser setup.
I had to undo the decrease in the default entity expansion limit due to
failing xmlbeans tests. The hardcoded limit was 4096 and the default is now
2048.
I can modify POIXMLTypeLoader [1] to set it so that when POI uses XMLBeans,
the entity expansion limit will be 1.
I can look after the xmlbeans 3.0.1 release. When I get enough +1s, I'll
proceed.
[1]
https://github.com/apache/poi/blob/trunk/src/ooxml/java/org/apache/poi/ooxml/POIXMLTypeLoader.java
--
Sent from: http://apache-poi.1045710.n5.nabble.com/POI-Dev-f2312866.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
Re: POI 4.0.0 - also release / use XMLBeans 3.0.1?
Posted by Andreas Beeker <ki...@apache.org>.
Hi PJ,
On 8/18/18 11:20 AM, pj.fanning wrote:
> I can do an xmlbeans 3.0.1 release in the coming days if there is PMC
> approval.
>
+1, if there are any security related issues, we should postpone the POI release and
get the XMLBeans dependency fixed. I like the idea of the new options and we should
use them
Will you do the complete release (see the POI release guide) or may I support you?
I'm currently doing some cosmetics on the Javadocs, but that is not release blocking.
Andi
Re: POI 4.0.0 - also release / use XMLBeans 3.0.1?
Posted by "pj.fanning" <fa...@yahoo.com>.
I can do an xmlbeans 3.0.1 release in the coming days if there is PMC
approval.
With xmlbeans 3.0.0, I copied over the XML parser code from Apache POI and
the aim with 3.0.1 is to add the recent POI changes to XMLBeans.
XMLBeans is intended for broader use - ie to continue to facilitate non-POI
usage. With this in mind, I have disabled DTD loading and Entity Expansion
by default but do support 3 new system properties that allow users to
re-enable these features.
"xmlbeans.entity.expansion.limit" (default of 1)
"xmlbeans.load.dtd.grammar" (default of false)
"xmlbeans.load.external.dtd" (default of false)
Latest Parser code can be found at (if anyone would like to review my
changes):
http://svn.apache.org/viewvc/xmlbeans/trunk/src/common/org/apache/xmlbeans/impl/common/
--
Sent from: http://apache-poi.1045710.n5.nabble.com/POI-Dev-f2312866.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org