You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@stanbol.apache.org by Reto Gmür <re...@apache.org> on 2014/06/02 00:16:48 UTC
[VOTE] Apache Stanbol Partial Security Release 0.99
Hi community,
Given that the 1.0.0 release might take some more discussion I've tailored
a mini-release of two modules. The 0.12 security.core module doesn't work
with jersey >= 2.0 because of what I believe to be a bug in Jersey
(JERSEY-1926) but a work-around working with all Jersey versions is
straight forward and has been in trunk for almost exactly one year. Apart
from the patch to work around JERSEY-1926 affecting security.core and
authentication.basic the new release also incorporates the code
simplification patch provided by Furkan Kamaci (STANBOL-1317).
Solved issues:
- STANBOL-1094
- STANBOL-1317
SVN-Tag:
https://svn.apache.org/repos/asf/stanbol/tags/org.apache.stanbol.commons.security-0.99/
Staging repos
https://repository.apache.org/content/repositories/orgapachestanbol-1006/
Source tarball:
http://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz
Detached signature:
https://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz.asc
PGP release keys
https://dist.apache.org/repos/dist/release/stanbol/KEYS
The vote will be open for at least 48 hours.
Thanks for reviewing this release and for voting!
Cheers,
Reto
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Sergio Fernández <se...@salzburgresearch.at>.
Hi Reto,
On 02/06/14 11:42, Reto Gmür wrote:
> We had discussions when the code was originally added. And yes some
> problems where reported and fixed. IIRC those problems where all not
> actually related to the Stanbol security features but in the components not
> working correctly in a secure environment, i.e. they would alsohave
> appeared when integrating the components in any application server with an
> active Java security manager. Anyone could have vetoed the addition of the
> code, but nobody did. Also two relases containg the code where unanimously
> accepted.
Well, the word "unanimously" can be applied to the release itself, I do
agree. But I guess you cannot extend such unanimity to those concrete
components.
I do not need the features these modules introduce, therefore I
obviously have some questions if they really fit in the scope of the
project. But you are right that this is not the time for such
discussion, but at some point we should have, so I'll cast my vote
accordingly.
Cheers,
--
Sergio Fernández
Senior Researcher
Knowledge and Media Technologies
Salzburg Research Forschungsgesellschaft mbH
Jakob-Haringer-Straße 5/3 | 5020 Salzburg, Austria
T: +43 662 2288 318 | M: +43 660 2747 925
sergio.fernandez@salzburgresearch.at
http://www.salzburgresearch.at
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Reto Gmür <re...@wymiwyg.com>.
On Mon, Jun 2, 2014 at 11:14 AM, Sergio Fernández <
sergio.fernandez@salzburgresearch.at> wrote:
> Hi Reto,
>
>
> On 02/06/14 10:28, Reto Gmür wrote:
>
>> There have been two releases of these components. This one brings clear
>> improvement over the older (it works with Jersey >=2) without afaict
>> bringing any disadvantage. The code with the patch has been in subversion
>> since June 10th of 2013 so it can be assumed that it has been community
>> tested quite a bit. It has not not only been used in Stanbol but also in
>> Clerezza.
>>
>
> Well, my comment comes to raise the issue that, according to the feedback
> I read in this mailing list, the security components are not really
> community-driven, but motivated by a concrete use case from another project
> and not really well documented:
>
> http://stanbol.apache.org/development/security.html
We had discussions when the code was originally added. And yes some
problems where reported and fixed. IIRC those problems where all not
actually related to the Stanbol security features but in the components not
working correctly in a secure environment, i.e. they would alsohave
appeared when integrating the components in any application server with an
active Java security manager. Anyone could have vetoed the addition of the
code, but nobody did. Also two relases containg the code where unanimously
accepted.
I don't think that the problem you had with other components are in any way
> specific to the patch incorporated to this release and probably not even
> caused by a bug in these components. But if you create issues then these
> could help improve situations. But even if these problems are real (JIRA
> issues rather than FUD) we cannot only make a release if that release
> solves all the problems the software might have.
>
Well, for casting a positive vote I'd like to know the modules coverage:
> how many implement that, how many they just ignore it, etc.
Confused. The vote is about two modules that can be used in Stanbol or in
other environment. Other modules do not need any specific interaction with
these modules. They do interact indirectly via Java security, e.g. whenthe
open a file this requires a FilePermission.
> Sorry, I did not report proper issues to Jira since just disabling the
> security worked fine in my deployment scenarios.
>
So you're jumping in on a discussion about releasing modules that you are
not event using? And you can't say what the exact problem they have and
you've previously +1 when in released together with others?
>
> In the end I think we should clarify is such security granularity is
> actually necessary here. Because my understanding of Stanbol is a set of
> reusable restful components for semantic content management, not a semantic
> cms itself, which is the direction where this security modules pushed it.
>
Sergio, you can of course start a discussion about removing the security
related module. A filibuster on the third release featuring an important,
simple and well tested patch doesn't seem a good way to bring this issue
in. I agree for the rest of what you say except that this modules would
push in the direction of CMS. But we did release many modules and even full
releases that aren't restfull, but that's even less the place to discuss
this.
Thanks.
Reto
> Cheers,
>
>
> --
> Sergio Fernández
> Senior Researcher
> Knowledge and Media Technologies
> Salzburg Research Forschungsgesellschaft mbH
> Jakob-Haringer-Straße 5/3 | 5020 Salzburg, Austria
> T: +43 662 2288 318 | M: +43 660 2747 925
> sergio.fernandez@salzburgresearch.at
> http://www.salzburgresearch.at
>
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Sergio Fernández <se...@salzburgresearch.at>.
Hi Reto,
On 02/06/14 10:28, Reto Gmür wrote:
> There have been two releases of these components. This one brings clear
> improvement over the older (it works with Jersey >=2) without afaict
> bringing any disadvantage. The code with the patch has been in subversion
> since June 10th of 2013 so it can be assumed that it has been community
> tested quite a bit. It has not not only been used in Stanbol but also in
> Clerezza.
Well, my comment comes to raise the issue that, according to the
feedback I read in this mailing list, the security components are not
really community-driven, but motivated by a concrete use case from
another project and not really well documented:
http://stanbol.apache.org/development/security.html
> I don't think that the problem you had with other components are in any way
> specific to the patch incorporated to this release and probably not even
> caused by a bug in these components. But if you create issues then these
> could help improve situations. But even if these problems are real (JIRA
> issues rather than FUD) we cannot only make a release if that release
> solves all the problems the software might have.
Well, for casting a positive vote I'd like to know the modules coverage:
how many implement that, how many they just ignore it, etc. Sorry, I did
not report proper issues to Jira since just disabling the security
worked fine in my deployment scenarios.
In the end I think we should clarify is such security granularity is
actually necessary here. Because my understanding of Stanbol is a set of
reusable restful components for semantic content management, not a
semantic cms itself, which is the direction where this security modules
pushed it.
Cheers,
--
Sergio Fernández
Senior Researcher
Knowledge and Media Technologies
Salzburg Research Forschungsgesellschaft mbH
Jakob-Haringer-Straße 5/3 | 5020 Salzburg, Austria
T: +43 662 2288 318 | M: +43 660 2747 925
sergio.fernandez@salzburgresearch.at
http://www.salzburgresearch.at
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Reto Gmür <re...@wymiwyg.com>.
On Mon, Jun 2, 2014 at 8:35 AM, Sergio Fernández <
sergio.fernandez@salzburgresearch.at> wrote:
> Hi,
>
> is the stuff really tested by a broader community? Personally I've had to
> disable it in all my launchers due several issues with other components. So
> I'd like to clarify that before casting my vote.
>
Hi Sergio,
There have been two releases of these components. This one brings clear
improvement over the older (it works with Jersey >=2) without afaict
bringing any disadvantage. The code with the patch has been in subversion
since June 10th of 2013 so it can be assumed that it has been community
tested quite a bit. It has not not only been used in Stanbol but also in
Clerezza.
I don't think that the problem you had with other components are in any way
specific to the patch incorporated to this release and probably not even
caused by a bug in these components. But if you create issues then these
could help improve situations. But even if these problems are real (JIRA
issues rather than FUD) we cannot only make a release if that release
solves all the problems the software might have.
Regards,
Reto
>
> Thanks.
>
> Cheers,
>
> PD: as Andreas pointed, the versioning is also quite confusing... I though
> the community had decided to switch from the old version policy (individual
> per module) to a common one for all modules.
>
>
>
> On 02/06/14 00:16, Reto Gmür wrote:
>
>> Hi community,
>>
>> Given that the 1.0.0 release might take some more discussion I've tailored
>> a mini-release of two modules. The 0.12 security.core module doesn't work
>> with jersey >= 2.0 because of what I believe to be a bug in Jersey
>> (JERSEY-1926) but a work-around working with all Jersey versions is
>> straight forward and has been in trunk for almost exactly one year. Apart
>> from the patch to work around JERSEY-1926 affecting security.core and
>> authentication.basic the new release also incorporates the code
>> simplification patch provided by Furkan Kamaci (STANBOL-1317).
>>
>> Solved issues:
>> - STANBOL-1094
>> - STANBOL-1317
>>
>> SVN-Tag:
>> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.
>> stanbol.commons.security-0.99/
>>
>> Staging repos
>> https://repository.apache.org/content/repositories/orgapachestanbol-1006/
>>
>> Source tarball:
>> http://repository.apache.org/content/repositories/
>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>> security-0.99-source-release.tar.gz
>>
>> Detached signature:
>> https://repository.apache.org/content/repositories/
>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>> security-0.99-source-release.tar.gz.asc
>>
>> PGP release keys
>> https://dist.apache.org/repos/dist/release/stanbol/KEYS
>>
>> The vote will be open for at least 48 hours.
>> Thanks for reviewing this release and for voting!
>>
>> Cheers,
>> Reto
>>
>>
> --
> Sergio Fernández
> Senior Researcher
> Knowledge and Media Technologies
> Salzburg Research Forschungsgesellschaft mbH
> Jakob-Haringer-Straße 5/3 | 5020 Salzburg, Austria
> T: +43 662 2288 318 | M: +43 660 2747 925
> sergio.fernandez@salzburgresearch.at
> http://www.salzburgresearch.at
>
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Reto Gmür <re...@apache.org>.
On Mon, Jun 2, 2014 at 12:46 PM, Andreas Kuckartz <a....@ping.de>
wrote:
> Rupert Westenthaler:
> > While I am clearly in favor of this release I would like to have a
> > discussion about the the use version.
>
> Agreed.
>
> > I am strongly against 0.99. IMO only 0.13 or 1.0.0 are possible option.
>
> Agreed.
>
> > Personally I do have a strong
> > preference for 1.0.0
>
> I do have a preference for 0.13 because AFAIU "only" two modules are
> different fixing "only" two issues.
>
The "problem" is that then we are likely to have the 1.0.0 launcher using
the 0.13 version of these bundles. Unless we make a new release without
any change except for the version number.
>
> In general I dislike using version numbers for marketing purposes. But I
> do think that a 1.0.0 version is widely considered a significant step.
> It should not be spent for rather small progress (which definitely is
> important). A 1.0.0 release lets people expect a bit more.
>
I think it is quite clear that this is not a full release. For the opennlp
bundles we already released version 1.1.0 without creating wrong
expectations.
Cheers,
Reto
>
> Cheers,
> Andreas
>
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Enrico Daga <en...@gmail.com>.
Hi all,
I agree with Rupert's vision, in particular about the version number,
IMHO should be 1.0.0. I think the work done from 0.0.1 until now is
towards 1.0.0.
We wanted to generalize JAX-RS and then released 0.12 to save existing
users to change their implementations.
This is OK once, now we have to go for 0.13 because of the security modules...
What are we waiting for?
We should probably release more often and not wait for all components
to be ready before releasing commons or shared ones, like the security
is. Releases might contain unseen bugs (thus lead to new releases with
bugfixes...). I don't see a useful point to wait to add other features
before doing releases. We make lot of work to modularize the code and
then get stuck because we want a monolithic full featured 1.0 release?
But a discussion on release strategies is off topic now :) (... but is
it needed?)
I am for releasing parent and security as 1.0.0 and wait for CORS and
WAR to be finalized, then start testing and releasing other modules in
the 1.0.0 trunk.
So developers can go ahead working on changing the world (add
important features and break
backward compatibility) towards version 2.0.0.
This is also inline with what happened in the codebase since one year
until today. It should count, I think.
my 2 cents,
Enrico
Enrico Daga
--
http://www.enridaga.net
skype: enri-pan
On 2 June 2014 11:46, Andreas Kuckartz <a....@ping.de> wrote:
> Rupert Westenthaler:
>> While I am clearly in favor of this release I would like to have a
>> discussion about the the use version.
>
> Agreed.
>
>> I am strongly against 0.99. IMO only 0.13 or 1.0.0 are possible option.
>
> Agreed.
>
>> Personally I do have a strong
>> preference for 1.0.0
>
> I do have a preference for 0.13 because AFAIU "only" two modules are
> different fixing "only" two issues.
>
> In general I dislike using version numbers for marketing purposes. But I
> do think that a 1.0.0 version is widely considered a significant step.
> It should not be spent for rather small progress (which definitely is
> important). A 1.0.0 release lets people expect a bit more.
>
> Cheers,
> Andreas
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Andreas Kuckartz <a....@ping.de>.
Rupert Westenthaler:
> While I am clearly in favor of this release I would like to have a
> discussion about the the use version.
Agreed.
> I am strongly against 0.99. IMO only 0.13 or 1.0.0 are possible option.
Agreed.
> Personally I do have a strong
> preference for 1.0.0
I do have a preference for 0.13 because AFAIU "only" two modules are
different fixing "only" two issues.
In general I dislike using version numbers for marketing purposes. But I
do think that a 1.0.0 version is widely considered a significant step.
It should not be spent for rather small progress (which definitely is
important). A 1.0.0 release lets people expect a bit more.
Cheers,
Andreas
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Reto Gmür <re...@wymiwyg.com>.
On Mon, Jun 2, 2014 at 11:48 AM, Rupert Westenthaler <
rupert.westenthaler@gmail.com> wrote:
> Hi all,
>
> 1. Regarding versioning:
>
> For me it is ok to (pre-)release single components of the
> 1.0.0-SNAPSHOT branch as soon as they are ready. What I do not like is
> to obfuscate this by using 0.99 as version. So I would prefer to use
> 1.0.0 or maybe 1.0.0-beta instead.
>
>
> 2. Regarding the release
>
> + ./releasing/check_staged_release.sh 1006 .. OK
> + ./releasing/check_release_matches_tag.sh 1006 /tmp/stanbol-staging/ .. OK
> + build is fine
> + DEPENDENCIES, NOTICE and LICENSE files are present and do look fine
>
> So out of my point of view the forged release is OK
>
>
> 3. Regarding the other mentioned issues:
>
> In fact there where a lot of discussions about this component when it
> was introduced first. It is also true that enabling the Java Security
> Manager causes issues with a lot of used libraries (especially
> Lucene/Solr and Tika) as they do not natively support it. For all
> those libraries one need to manually care about security related
> things by writing code as described at [1].
>
> AFAIK all Stanbol components (including all Enhancement Engines) are
> compatible with an enabled Java Security Manager. For new components
> issues like that are discovered by the Integration tests - as those
> do run with the Security Manager enabled.
>
> My personal opinion has not changed since the beginning. If someone
> wants to restrict access to some Stanbol services he should run a
> gateway. I have not come along an use case that requires to do the
> user-management within Stanbol. But I accept that others may have such
> use cases. So while I personally always exclude the security related
> modules form my custom Stanbol launchers (as also Sergio and Rafa
> pointed out) I am fine with having such modules around.
>
> I trust in those users that do use the security features in filing
> issues and in the community in fixing the same. This release solving
> STANBOL-1094 and STANBOL-1317 is an example of this process.
>
> To conclude:
>
> While I am clearly in favor of this release I would like to have a
> discussion about the the use version. I am strongly against 0.99. IMO
> only 0.13 or 1.0.0 are possible option. Personally I do have a strong
> preference for 1.0.0
>
Hi Rupert
Thank you for your review and your differentiated comments.
I have no problem against 1.0.0. That's actually how I started tailoring
the release but then I thought it might "politically" easier to get the
release through by not using the "big" number. But you're right, the
release arises from the 1.0.0-SNAPSHOT trunk version so using this version
would be the most logical option. In this case it would howver probably be
the best to also release the parent so that the released 1.0.0 versions do
not use an older version of the parent than the 1.0.0-SNAPSHOT version.
Cheers,
Reto
>
> best
> Rupert
>
>
> [1] http://stanbol.apache.org/development/security.html
>
> On Mon, Jun 2, 2014 at 10:52 AM, Rafa Haro <rh...@apache.org> wrote:
> > really ? :-)
> >
> > El 02/06/14 10:32, Reto Gmür escribió:
> >
> >> On Mon, Jun 2, 2014 at 9:09 AM, Rafa Haro <rh...@apache.org> wrote:
> >>
> >>> Hi,
> >>>
> >>> El 02/06/14 08:35, Sergio Fernández escribió:
> >>>
> >>> Hi,
> >>>>
> >>>> is the stuff really tested by a broader community? Personally I've had
> >>>> to
> >>>> disable it in all my launchers due several issues with other
> components.
> >>>> So
> >>>> I'd like to clarify that before casting my vote.
> >>>>
> >>> I'm exactly in the same situation than Sergio. I honestly haven't
> tested
> >>> it because of the problems in the firsts releases of the component.
> >>
> >>
> >> Hi Rafa
> >>
> >> You voted +1 to the previous release of these components on February
> 25th.
> >> What testing could you do back then, that you can no longer do now?
> >>
> >> Cheers,
> >> Reto
> >>
> >>
> >>>
> >>>> Thanks.
> >>>>
> >>>> Cheers,
> >>>>
> >>>> PD: as Andreas pointed, the versioning is also quite confusing... I
> >>>> though the community had decided to switch from the old version policy
> >>>> (individual per module) to a common one for all modules.
> >>>>
> >>>>
> >>>> On 02/06/14 00:16, Reto Gmür wrote:
> >>>>
> >>>>> Hi community,
> >>>>>
> >>>>> Given that the 1.0.0 release might take some more discussion I've
> >>>>> tailored
> >>>>> a mini-release of two modules. The 0.12 security.core module doesn't
> >>>>> work
> >>>>> with jersey >= 2.0 because of what I believe to be a bug in Jersey
> >>>>> (JERSEY-1926) but a work-around working with all Jersey versions is
> >>>>> straight forward and has been in trunk for almost exactly one year.
> >>>>> Apart
> >>>>> from the patch to work around JERSEY-1926 affecting security.core and
> >>>>> authentication.basic the new release also incorporates the code
> >>>>> simplification patch provided by Furkan Kamaci (STANBOL-1317).
> >>>>>
> >>>>> Solved issues:
> >>>>> - STANBOL-1094
> >>>>> - STANBOL-1317
> >>>>>
> >>>>> SVN-Tag:
> >>>>> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.
> >>>>> stanbol.commons.security-0.99/
> >>>>>
> >>>>> Staging repos
> >>>>> https://repository.apache.org/content/repositories/
> >>>>> orgapachestanbol-1006/
> >>>>>
> >>>>> Source tarball:
> >>>>> http://repository.apache.org/content/repositories/
> >>>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
> >>>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
> >>>>> security-0.99-source-release.tar.gz
> >>>>>
> >>>>> Detached signature:
> >>>>> https://repository.apache.org/content/repositories/
> >>>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
> >>>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
> >>>>> security-0.99-source-release.tar.gz.asc
> >>>>>
> >>>>> PGP release keys
> >>>>> https://dist.apache.org/repos/dist/release/stanbol/KEYS
> >>>>>
> >>>>> The vote will be open for at least 48 hours.
> >>>>> Thanks for reviewing this release and for voting!
> >>>>>
> >>>>> Cheers,
> >>>>> Reto
> >>>>>
> >>>>>
> >
>
>
>
> --
> | Rupert Westenthaler rupert.westenthaler@gmail.com
> | Bodenlehenstraße 11 ++43-699-11108907
> | A-5500 Bischofshofen
> | REDLINK.CO
> ..........................................................................
> | http://redlink.co/
>
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Rupert Westenthaler <ru...@gmail.com>.
Hi all,
1. Regarding versioning:
For me it is ok to (pre-)release single components of the
1.0.0-SNAPSHOT branch as soon as they are ready. What I do not like is
to obfuscate this by using 0.99 as version. So I would prefer to use
1.0.0 or maybe 1.0.0-beta instead.
2. Regarding the release
+ ./releasing/check_staged_release.sh 1006 .. OK
+ ./releasing/check_release_matches_tag.sh 1006 /tmp/stanbol-staging/ .. OK
+ build is fine
+ DEPENDENCIES, NOTICE and LICENSE files are present and do look fine
So out of my point of view the forged release is OK
3. Regarding the other mentioned issues:
In fact there where a lot of discussions about this component when it
was introduced first. It is also true that enabling the Java Security
Manager causes issues with a lot of used libraries (especially
Lucene/Solr and Tika) as they do not natively support it. For all
those libraries one need to manually care about security related
things by writing code as described at [1].
AFAIK all Stanbol components (including all Enhancement Engines) are
compatible with an enabled Java Security Manager. For new components
issues like that are discovered by the Integration tests - as those
do run with the Security Manager enabled.
My personal opinion has not changed since the beginning. If someone
wants to restrict access to some Stanbol services he should run a
gateway. I have not come along an use case that requires to do the
user-management within Stanbol. But I accept that others may have such
use cases. So while I personally always exclude the security related
modules form my custom Stanbol launchers (as also Sergio and Rafa
pointed out) I am fine with having such modules around.
I trust in those users that do use the security features in filing
issues and in the community in fixing the same. This release solving
STANBOL-1094 and STANBOL-1317 is an example of this process.
To conclude:
While I am clearly in favor of this release I would like to have a
discussion about the the use version. I am strongly against 0.99. IMO
only 0.13 or 1.0.0 are possible option. Personally I do have a strong
preference for 1.0.0
best
Rupert
[1] http://stanbol.apache.org/development/security.html
On Mon, Jun 2, 2014 at 10:52 AM, Rafa Haro <rh...@apache.org> wrote:
> really ? :-)
>
> El 02/06/14 10:32, Reto Gmür escribió:
>
>> On Mon, Jun 2, 2014 at 9:09 AM, Rafa Haro <rh...@apache.org> wrote:
>>
>>> Hi,
>>>
>>> El 02/06/14 08:35, Sergio Fernández escribió:
>>>
>>> Hi,
>>>>
>>>> is the stuff really tested by a broader community? Personally I've had
>>>> to
>>>> disable it in all my launchers due several issues with other components.
>>>> So
>>>> I'd like to clarify that before casting my vote.
>>>>
>>> I'm exactly in the same situation than Sergio. I honestly haven't tested
>>> it because of the problems in the firsts releases of the component.
>>
>>
>> Hi Rafa
>>
>> You voted +1 to the previous release of these components on February 25th.
>> What testing could you do back then, that you can no longer do now?
>>
>> Cheers,
>> Reto
>>
>>
>>>
>>>> Thanks.
>>>>
>>>> Cheers,
>>>>
>>>> PD: as Andreas pointed, the versioning is also quite confusing... I
>>>> though the community had decided to switch from the old version policy
>>>> (individual per module) to a common one for all modules.
>>>>
>>>>
>>>> On 02/06/14 00:16, Reto Gmür wrote:
>>>>
>>>>> Hi community,
>>>>>
>>>>> Given that the 1.0.0 release might take some more discussion I've
>>>>> tailored
>>>>> a mini-release of two modules. The 0.12 security.core module doesn't
>>>>> work
>>>>> with jersey >= 2.0 because of what I believe to be a bug in Jersey
>>>>> (JERSEY-1926) but a work-around working with all Jersey versions is
>>>>> straight forward and has been in trunk for almost exactly one year.
>>>>> Apart
>>>>> from the patch to work around JERSEY-1926 affecting security.core and
>>>>> authentication.basic the new release also incorporates the code
>>>>> simplification patch provided by Furkan Kamaci (STANBOL-1317).
>>>>>
>>>>> Solved issues:
>>>>> - STANBOL-1094
>>>>> - STANBOL-1317
>>>>>
>>>>> SVN-Tag:
>>>>> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.
>>>>> stanbol.commons.security-0.99/
>>>>>
>>>>> Staging repos
>>>>> https://repository.apache.org/content/repositories/
>>>>> orgapachestanbol-1006/
>>>>>
>>>>> Source tarball:
>>>>> http://repository.apache.org/content/repositories/
>>>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>>>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>>>>> security-0.99-source-release.tar.gz
>>>>>
>>>>> Detached signature:
>>>>> https://repository.apache.org/content/repositories/
>>>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>>>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>>>>> security-0.99-source-release.tar.gz.asc
>>>>>
>>>>> PGP release keys
>>>>> https://dist.apache.org/repos/dist/release/stanbol/KEYS
>>>>>
>>>>> The vote will be open for at least 48 hours.
>>>>> Thanks for reviewing this release and for voting!
>>>>>
>>>>> Cheers,
>>>>> Reto
>>>>>
>>>>>
>
--
| Rupert Westenthaler rupert.westenthaler@gmail.com
| Bodenlehenstraße 11 ++43-699-11108907
| A-5500 Bischofshofen
| REDLINK.CO ..........................................................................
| http://redlink.co/
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Reto Gmür <re...@apache.org>.
On Mon, Jun 2, 2014 at 10:52 AM, Rafa Haro <rh...@apache.org> wrote:
> really ? :-)
>
really.
http://mail-archives.apache.org/mod_mbox/stanbol-dev/201402.mbox/%3C530C7F5E.909%40apache.org%3E
and so we had a non-bunding vote from Sergio:
http://mail-archives.apache.org/mod_mbox/stanbol-dev/201402.mbox/%3C530CA66B.2060109%40salzburgresearch.at%3E
Se please don't just oppose to this release now out of reasons that have
nothing to do with the patch of the code to be released. Because of the
Clerezza depending on these components and Stanbol in turn depending on
Clerezza components it is important not to end up in a release-dead-lock.
Cheers,
Reto
> El 02/06/14 10:32, Reto Gmür escribió:
>
> On Mon, Jun 2, 2014 at 9:09 AM, Rafa Haro <rh...@apache.org> wrote:
>>
>> Hi,
>>>
>>> El 02/06/14 08:35, Sergio Fernández escribió:
>>>
>>> Hi,
>>>
>>>> is the stuff really tested by a broader community? Personally I've had
>>>> to
>>>> disable it in all my launchers due several issues with other
>>>> components. So
>>>> I'd like to clarify that before casting my vote.
>>>>
>>>> I'm exactly in the same situation than Sergio. I honestly haven't
>>> tested
>>> it because of the problems in the firsts releases of the component.
>>>
>>
>> Hi Rafa
>>
>> You voted +1 to the previous release of these components on February 25th.
>> What testing could you do back then, that you can no longer do now?
>>
>> Cheers,
>> Reto
>>
>>
>>
>>> Thanks.
>>>>
>>>> Cheers,
>>>>
>>>> PD: as Andreas pointed, the versioning is also quite confusing... I
>>>> though the community had decided to switch from the old version policy
>>>> (individual per module) to a common one for all modules.
>>>>
>>>>
>>>> On 02/06/14 00:16, Reto Gmür wrote:
>>>>
>>>> Hi community,
>>>>>
>>>>> Given that the 1.0.0 release might take some more discussion I've
>>>>> tailored
>>>>> a mini-release of two modules. The 0.12 security.core module doesn't
>>>>> work
>>>>> with jersey >= 2.0 because of what I believe to be a bug in Jersey
>>>>> (JERSEY-1926) but a work-around working with all Jersey versions is
>>>>> straight forward and has been in trunk for almost exactly one year.
>>>>> Apart
>>>>> from the patch to work around JERSEY-1926 affecting security.core and
>>>>> authentication.basic the new release also incorporates the code
>>>>> simplification patch provided by Furkan Kamaci (STANBOL-1317).
>>>>>
>>>>> Solved issues:
>>>>> - STANBOL-1094
>>>>> - STANBOL-1317
>>>>>
>>>>> SVN-Tag:
>>>>> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.
>>>>> stanbol.commons.security-0.99/
>>>>>
>>>>> Staging repos
>>>>> https://repository.apache.org/content/repositories/
>>>>> orgapachestanbol-1006/
>>>>>
>>>>> Source tarball:
>>>>> http://repository.apache.org/content/repositories/
>>>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>>>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>>>>> security-0.99-source-release.tar.gz
>>>>>
>>>>> Detached signature:
>>>>> https://repository.apache.org/content/repositories/
>>>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>>>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>>>>> security-0.99-source-release.tar.gz.asc
>>>>>
>>>>> PGP release keys
>>>>> https://dist.apache.org/repos/dist/release/stanbol/KEYS
>>>>>
>>>>> The vote will be open for at least 48 hours.
>>>>> Thanks for reviewing this release and for voting!
>>>>>
>>>>> Cheers,
>>>>> Reto
>>>>>
>>>>>
>>>>>
>
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Rafa Haro <rh...@apache.org>.
really ? :-)
El 02/06/14 10:32, Reto Gmür escribió:
> On Mon, Jun 2, 2014 at 9:09 AM, Rafa Haro <rh...@apache.org> wrote:
>
>> Hi,
>>
>> El 02/06/14 08:35, Sergio Fernández escribió:
>>
>> Hi,
>>> is the stuff really tested by a broader community? Personally I've had to
>>> disable it in all my launchers due several issues with other components. So
>>> I'd like to clarify that before casting my vote.
>>>
>> I'm exactly in the same situation than Sergio. I honestly haven't tested
>> it because of the problems in the firsts releases of the component.
>
> Hi Rafa
>
> You voted +1 to the previous release of these components on February 25th.
> What testing could you do back then, that you can no longer do now?
>
> Cheers,
> Reto
>
>
>>
>>> Thanks.
>>>
>>> Cheers,
>>>
>>> PD: as Andreas pointed, the versioning is also quite confusing... I
>>> though the community had decided to switch from the old version policy
>>> (individual per module) to a common one for all modules.
>>>
>>>
>>> On 02/06/14 00:16, Reto Gmür wrote:
>>>
>>>> Hi community,
>>>>
>>>> Given that the 1.0.0 release might take some more discussion I've
>>>> tailored
>>>> a mini-release of two modules. The 0.12 security.core module doesn't work
>>>> with jersey >= 2.0 because of what I believe to be a bug in Jersey
>>>> (JERSEY-1926) but a work-around working with all Jersey versions is
>>>> straight forward and has been in trunk for almost exactly one year. Apart
>>>> from the patch to work around JERSEY-1926 affecting security.core and
>>>> authentication.basic the new release also incorporates the code
>>>> simplification patch provided by Furkan Kamaci (STANBOL-1317).
>>>>
>>>> Solved issues:
>>>> - STANBOL-1094
>>>> - STANBOL-1317
>>>>
>>>> SVN-Tag:
>>>> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.
>>>> stanbol.commons.security-0.99/
>>>>
>>>> Staging repos
>>>> https://repository.apache.org/content/repositories/
>>>> orgapachestanbol-1006/
>>>>
>>>> Source tarball:
>>>> http://repository.apache.org/content/repositories/
>>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>>>> security-0.99-source-release.tar.gz
>>>>
>>>> Detached signature:
>>>> https://repository.apache.org/content/repositories/
>>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>>>> security-0.99-source-release.tar.gz.asc
>>>>
>>>> PGP release keys
>>>> https://dist.apache.org/repos/dist/release/stanbol/KEYS
>>>>
>>>> The vote will be open for at least 48 hours.
>>>> Thanks for reviewing this release and for voting!
>>>>
>>>> Cheers,
>>>> Reto
>>>>
>>>>
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Reto Gmür <re...@wymiwyg.com>.
On Mon, Jun 2, 2014 at 10:57 AM, Rafa Haro <rh...@apache.org> wrote:
> I voted general 0.12 release in that date. I didn't find the reason to not
> vote it because I have been always using --no-security.......so.....I'm not
> that incoherent.
>
So you tested the modules in one usage scenario (with --no-security), you
can do the same for the new release if you want.
Cheers,
Reto
>
>
> El 02/06/14 10:32, Reto Gmür escribió:
>
>> On Mon, Jun 2, 2014 at 9:09 AM, Rafa Haro <rh...@apache.org> wrote:
>>
>>
>> Hi,
>>>
>>> El 02/06/14 08:35, Sergio Fernández escribió:
>>>
>>> Hi,
>>>
>>>> is the stuff really tested by a broader community? Personally I've had
>>>> to
>>>> disable it in all my launchers due several issues with other
>>>> components. So
>>>> I'd like to clarify that before casting my vote.
>>>>
>>>> I'm exactly in the same situation than Sergio. I honestly haven't
>>> tested
>>> it because of the problems in the firsts releases of the component.
>>>
>>
>> Hi Rafa
>>
>> You voted +1 to the previous release of these components on February 25th.
>> What testing could you do back then, that you can no longer do now?
>>
>> Cheers,
>> Reto
>>
>>
>>
>>> Thanks.
>>>>
>>>> Cheers,
>>>>
>>>> PD: as Andreas pointed, the versioning is also quite confusing... I
>>>> though the community had decided to switch from the old version policy
>>>> (individual per module) to a common one for all modules.
>>>>
>>>>
>>>> On 02/06/14 00:16, Reto Gmür wrote:
>>>>
>>>> Hi community,
>>>>>
>>>>> Given that the 1.0.0 release might take some more discussion I've
>>>>> tailored
>>>>> a mini-release of two modules. The 0.12 security.core module doesn't
>>>>> work
>>>>> with jersey >= 2.0 because of what I believe to be a bug in Jersey
>>>>> (JERSEY-1926) but a work-around working with all Jersey versions is
>>>>> straight forward and has been in trunk for almost exactly one year.
>>>>> Apart
>>>>> from the patch to work around JERSEY-1926 affecting security.core and
>>>>> authentication.basic the new release also incorporates the code
>>>>> simplification patch provided by Furkan Kamaci (STANBOL-1317).
>>>>>
>>>>> Solved issues:
>>>>> - STANBOL-1094
>>>>> - STANBOL-1317
>>>>>
>>>>> SVN-Tag:
>>>>> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.
>>>>> stanbol.commons.security-0.99/
>>>>>
>>>>> Staging repos
>>>>> https://repository.apache.org/content/repositories/
>>>>> orgapachestanbol-1006/
>>>>>
>>>>> Source tarball:
>>>>> http://repository.apache.org/content/repositories/
>>>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>>>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>>>>> security-0.99-source-release.tar.gz
>>>>>
>>>>> Detached signature:
>>>>> https://repository.apache.org/content/repositories/
>>>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>>>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>>>>> security-0.99-source-release.tar.gz.asc
>>>>>
>>>>> PGP release keys
>>>>> https://dist.apache.org/repos/dist/release/stanbol/KEYS
>>>>>
>>>>> The vote will be open for at least 48 hours.
>>>>> Thanks for reviewing this release and for voting!
>>>>>
>>>>> Cheers,
>>>>> Reto
>>>>>
>>>>>
>>>>>
>
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Rafa Haro <rh...@apache.org>.
I voted general 0.12 release in that date. I didn't find the reason to
not vote it because I have been always using
--no-security.......so.....I'm not that incoherent.
El 02/06/14 10:32, Reto Gmür escribió:
> On Mon, Jun 2, 2014 at 9:09 AM, Rafa Haro <rh...@apache.org> wrote:
>
>> Hi,
>>
>> El 02/06/14 08:35, Sergio Fernández escribió:
>>
>> Hi,
>>> is the stuff really tested by a broader community? Personally I've had to
>>> disable it in all my launchers due several issues with other components. So
>>> I'd like to clarify that before casting my vote.
>>>
>> I'm exactly in the same situation than Sergio. I honestly haven't tested
>> it because of the problems in the firsts releases of the component.
>
> Hi Rafa
>
> You voted +1 to the previous release of these components on February 25th.
> What testing could you do back then, that you can no longer do now?
>
> Cheers,
> Reto
>
>
>>
>>> Thanks.
>>>
>>> Cheers,
>>>
>>> PD: as Andreas pointed, the versioning is also quite confusing... I
>>> though the community had decided to switch from the old version policy
>>> (individual per module) to a common one for all modules.
>>>
>>>
>>> On 02/06/14 00:16, Reto Gmür wrote:
>>>
>>>> Hi community,
>>>>
>>>> Given that the 1.0.0 release might take some more discussion I've
>>>> tailored
>>>> a mini-release of two modules. The 0.12 security.core module doesn't work
>>>> with jersey >= 2.0 because of what I believe to be a bug in Jersey
>>>> (JERSEY-1926) but a work-around working with all Jersey versions is
>>>> straight forward and has been in trunk for almost exactly one year. Apart
>>>> from the patch to work around JERSEY-1926 affecting security.core and
>>>> authentication.basic the new release also incorporates the code
>>>> simplification patch provided by Furkan Kamaci (STANBOL-1317).
>>>>
>>>> Solved issues:
>>>> - STANBOL-1094
>>>> - STANBOL-1317
>>>>
>>>> SVN-Tag:
>>>> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.
>>>> stanbol.commons.security-0.99/
>>>>
>>>> Staging repos
>>>> https://repository.apache.org/content/repositories/
>>>> orgapachestanbol-1006/
>>>>
>>>> Source tarball:
>>>> http://repository.apache.org/content/repositories/
>>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>>>> security-0.99-source-release.tar.gz
>>>>
>>>> Detached signature:
>>>> https://repository.apache.org/content/repositories/
>>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>>>> security-0.99-source-release.tar.gz.asc
>>>>
>>>> PGP release keys
>>>> https://dist.apache.org/repos/dist/release/stanbol/KEYS
>>>>
>>>> The vote will be open for at least 48 hours.
>>>> Thanks for reviewing this release and for voting!
>>>>
>>>> Cheers,
>>>> Reto
>>>>
>>>>
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Reto Gmür <re...@apache.org>.
On Mon, Jun 2, 2014 at 9:09 AM, Rafa Haro <rh...@apache.org> wrote:
> Hi,
>
> El 02/06/14 08:35, Sergio Fernández escribió:
>
> Hi,
>>
>> is the stuff really tested by a broader community? Personally I've had to
>> disable it in all my launchers due several issues with other components. So
>> I'd like to clarify that before casting my vote.
>>
> I'm exactly in the same situation than Sergio. I honestly haven't tested
> it because of the problems in the firsts releases of the component.
Hi Rafa
You voted +1 to the previous release of these components on February 25th.
What testing could you do back then, that you can no longer do now?
Cheers,
Reto
>
>
>> Thanks.
>>
>> Cheers,
>>
>> PD: as Andreas pointed, the versioning is also quite confusing... I
>> though the community had decided to switch from the old version policy
>> (individual per module) to a common one for all modules.
>>
>>
>> On 02/06/14 00:16, Reto Gmür wrote:
>>
>>> Hi community,
>>>
>>> Given that the 1.0.0 release might take some more discussion I've
>>> tailored
>>> a mini-release of two modules. The 0.12 security.core module doesn't work
>>> with jersey >= 2.0 because of what I believe to be a bug in Jersey
>>> (JERSEY-1926) but a work-around working with all Jersey versions is
>>> straight forward and has been in trunk for almost exactly one year. Apart
>>> from the patch to work around JERSEY-1926 affecting security.core and
>>> authentication.basic the new release also incorporates the code
>>> simplification patch provided by Furkan Kamaci (STANBOL-1317).
>>>
>>> Solved issues:
>>> - STANBOL-1094
>>> - STANBOL-1317
>>>
>>> SVN-Tag:
>>> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.
>>> stanbol.commons.security-0.99/
>>>
>>> Staging repos
>>> https://repository.apache.org/content/repositories/
>>> orgapachestanbol-1006/
>>>
>>> Source tarball:
>>> http://repository.apache.org/content/repositories/
>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>>> security-0.99-source-release.tar.gz
>>>
>>> Detached signature:
>>> https://repository.apache.org/content/repositories/
>>> orgapachestanbol-1006/org/apache/stanbol/org.apache.
>>> stanbol.commons.security/0.99/org.apache.stanbol.commons.
>>> security-0.99-source-release.tar.gz.asc
>>>
>>> PGP release keys
>>> https://dist.apache.org/repos/dist/release/stanbol/KEYS
>>>
>>> The vote will be open for at least 48 hours.
>>> Thanks for reviewing this release and for voting!
>>>
>>> Cheers,
>>> Reto
>>>
>>>
>>
>
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Rafa Haro <rh...@apache.org>.
Hi,
El 02/06/14 08:35, Sergio Fernández escribió:
> Hi,
>
> is the stuff really tested by a broader community? Personally I've had
> to disable it in all my launchers due several issues with other
> components. So I'd like to clarify that before casting my vote.
I'm exactly in the same situation than Sergio. I honestly haven't tested
it because of the problems in the firsts releases of the component.
>
> Thanks.
>
> Cheers,
>
> PD: as Andreas pointed, the versioning is also quite confusing... I
> though the community had decided to switch from the old version policy
> (individual per module) to a common one for all modules.
>
>
> On 02/06/14 00:16, Reto Gmür wrote:
>> Hi community,
>>
>> Given that the 1.0.0 release might take some more discussion I've
>> tailored
>> a mini-release of two modules. The 0.12 security.core module doesn't
>> work
>> with jersey >= 2.0 because of what I believe to be a bug in Jersey
>> (JERSEY-1926) but a work-around working with all Jersey versions is
>> straight forward and has been in trunk for almost exactly one year.
>> Apart
>> from the patch to work around JERSEY-1926 affecting security.core and
>> authentication.basic the new release also incorporates the code
>> simplification patch provided by Furkan Kamaci (STANBOL-1317).
>>
>> Solved issues:
>> - STANBOL-1094
>> - STANBOL-1317
>>
>> SVN-Tag:
>> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.stanbol.commons.security-0.99/
>>
>>
>> Staging repos
>> https://repository.apache.org/content/repositories/orgapachestanbol-1006/
>>
>>
>> Source tarball:
>> http://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz
>>
>>
>> Detached signature:
>> https://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz.asc
>>
>>
>> PGP release keys
>> https://dist.apache.org/repos/dist/release/stanbol/KEYS
>>
>> The vote will be open for at least 48 hours.
>> Thanks for reviewing this release and for voting!
>>
>> Cheers,
>> Reto
>>
>
Re: [] Apache Stanbol Partial Security Release 0.99
Posted by Sergio Fernández <se...@salzburgresearch.at>.
Hi,
is the stuff really tested by a broader community? Personally I've had
to disable it in all my launchers due several issues with other
components. So I'd like to clarify that before casting my vote.
Thanks.
Cheers,
PD: as Andreas pointed, the versioning is also quite confusing... I
though the community had decided to switch from the old version policy
(individual per module) to a common one for all modules.
On 02/06/14 00:16, Reto Gmür wrote:
> Hi community,
>
> Given that the 1.0.0 release might take some more discussion I've tailored
> a mini-release of two modules. The 0.12 security.core module doesn't work
> with jersey >= 2.0 because of what I believe to be a bug in Jersey
> (JERSEY-1926) but a work-around working with all Jersey versions is
> straight forward and has been in trunk for almost exactly one year. Apart
> from the patch to work around JERSEY-1926 affecting security.core and
> authentication.basic the new release also incorporates the code
> simplification patch provided by Furkan Kamaci (STANBOL-1317).
>
> Solved issues:
> - STANBOL-1094
> - STANBOL-1317
>
> SVN-Tag:
> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.stanbol.commons.security-0.99/
>
> Staging repos
> https://repository.apache.org/content/repositories/orgapachestanbol-1006/
>
> Source tarball:
> http://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz
>
> Detached signature:
> https://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz.asc
>
> PGP release keys
> https://dist.apache.org/repos/dist/release/stanbol/KEYS
>
> The vote will be open for at least 48 hours.
> Thanks for reviewing this release and for voting!
>
> Cheers,
> Reto
>
--
Sergio Fernández
Senior Researcher
Knowledge and Media Technologies
Salzburg Research Forschungsgesellschaft mbH
Jakob-Haringer-Straße 5/3 | 5020 Salzburg, Austria
T: +43 662 2288 318 | M: +43 660 2747 925
sergio.fernandez@salzburgresearch.at
http://www.salzburgresearch.at
Re: [VOTE] Apache Stanbol Partial Security Release 0.99
Posted by Reto Gmür <re...@apache.org>.
voting is good!
+1
On Mon, Jun 2, 2014 at 12:16 AM, Reto Gmür <re...@apache.org> wrote:
> Hi community,
>
> Given that the 1.0.0 release might take some more discussion I've tailored
> a mini-release of two modules. The 0.12 security.core module doesn't work
> with jersey >= 2.0 because of what I believe to be a bug in Jersey
> (JERSEY-1926) but a work-around working with all Jersey versions is
> straight forward and has been in trunk for almost exactly one year. Apart
> from the patch to work around JERSEY-1926 affecting security.core and
> authentication.basic the new release also incorporates the code
> simplification patch provided by Furkan Kamaci (STANBOL-1317).
>
> Solved issues:
> - STANBOL-1094
> - STANBOL-1317
>
> SVN-Tag:
>
> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.stanbol.commons.security-0.99/
>
> Staging repos
> https://repository.apache.org/content/repositories/orgapachestanbol-1006/
>
> Source tarball:
>
> http://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz
>
> Detached signature:
>
> https://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz.asc
>
> PGP release keys
> https://dist.apache.org/repos/dist/release/stanbol/KEYS
>
> The vote will be open for at least 48 hours.
> Thanks for reviewing this release and for voting!
>
> Cheers,
> Reto
>
>
>
>
>
>
>
>
Re: [VOTE] Apache Stanbol Partial Security Release 0.99
Posted by Sergio Fernández <se...@salzburgresearch.at>.
+0
Personally I still have some questions about the fit of these modules in
the general roadmap of the project, but I won't oppose if such concerns
are not generally shared the community.
On 02/06/14 00:16, Reto Gmür wrote:
> Hi community,
>
> Given that the 1.0.0 release might take some more discussion I've tailored
> a mini-release of two modules. The 0.12 security.core module doesn't work
> with jersey >= 2.0 because of what I believe to be a bug in Jersey
> (JERSEY-1926) but a work-around working with all Jersey versions is
> straight forward and has been in trunk for almost exactly one year. Apart
> from the patch to work around JERSEY-1926 affecting security.core and
> authentication.basic the new release also incorporates the code
> simplification patch provided by Furkan Kamaci (STANBOL-1317).
>
> Solved issues:
> - STANBOL-1094
> - STANBOL-1317
>
> SVN-Tag:
> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.stanbol.commons.security-0.99/
>
> Staging repos
> https://repository.apache.org/content/repositories/orgapachestanbol-1006/
>
> Source tarball:
> http://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz
>
> Detached signature:
> https://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz.asc
>
> PGP release keys
> https://dist.apache.org/repos/dist/release/stanbol/KEYS
>
> The vote will be open for at least 48 hours.
> Thanks for reviewing this release and for voting!
>
> Cheers,
> Reto
>
--
Sergio Fernández
Senior Researcher
Knowledge and Media Technologies
Salzburg Research Forschungsgesellschaft mbH
Jakob-Haringer-Straße 5/3 | 5020 Salzburg, Austria
T: +43 662 2288 318 | M: +43 660 2747 925
sergio.fernandez@salzburgresearch.at
http://www.salzburgresearch.at
Re: [VOTE] Apache Stanbol Partial Security Release 0.99
Posted by Reto Gmür <re...@wymiwyg.com>.
Hi Andreas
The Release is tailored out of the 1.0.0 codebase in trunk. Instead of
taking 1.0.0 I thought I reserve this more symbolic number to a bigger
release (i.e. of all we have in trunk).
Cheers,
Reto
On Jun 2, 2014 6:17 AM, "Andreas Kuckartz" <a....@ping.de> wrote:
> Hi all,
>
> the next version number seems to be 0.13, not 0.99.
>
> (I also do not see how such a jump is justified for a "mini-release")
>
> Cheers,
> Andreas
> ---
>
> Reto Gmür:
> > Hi community,
> >
> > Given that the 1.0.0 release might take some more discussion I've
> tailored
> > a mini-release of two modules. The 0.12 security.core module doesn't work
> > with jersey >= 2.0 because of what I believe to be a bug in Jersey
> > (JERSEY-1926) but a work-around working with all Jersey versions is
> > straight forward and has been in trunk for almost exactly one year. Apart
> > from the patch to work around JERSEY-1926 affecting security.core and
> > authentication.basic the new release also incorporates the code
> > simplification patch provided by Furkan Kamaci (STANBOL-1317).
> >
> > Solved issues:
> > - STANBOL-1094
> > - STANBOL-1317
> >
> > SVN-Tag:
> >
> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.stanbol.commons.security-0.99/
> >
> > Staging repos
> >
> https://repository.apache.org/content/repositories/orgapachestanbol-1006/
> >
> > Source tarball:
> >
> http://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz
> >
> > Detached signature:
> >
> https://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz.asc
> >
> > PGP release keys
> > https://dist.apache.org/repos/dist/release/stanbol/KEYS
> >
> > The vote will be open for at least 48 hours.
> > Thanks for reviewing this release and for voting!
> >
> > Cheers,
> > Reto
>
Re: [VOTE] Apache Stanbol Partial Security Release 0.99
Posted by Andreas Kuckartz <a....@ping.de>.
Hi all,
the next version number seems to be 0.13, not 0.99.
(I also do not see how such a jump is justified for a "mini-release")
Cheers,
Andreas
---
Reto Gmür:
> Hi community,
>
> Given that the 1.0.0 release might take some more discussion I've tailored
> a mini-release of two modules. The 0.12 security.core module doesn't work
> with jersey >= 2.0 because of what I believe to be a bug in Jersey
> (JERSEY-1926) but a work-around working with all Jersey versions is
> straight forward and has been in trunk for almost exactly one year. Apart
> from the patch to work around JERSEY-1926 affecting security.core and
> authentication.basic the new release also incorporates the code
> simplification patch provided by Furkan Kamaci (STANBOL-1317).
>
> Solved issues:
> - STANBOL-1094
> - STANBOL-1317
>
> SVN-Tag:
> https://svn.apache.org/repos/asf/stanbol/tags/org.apache.stanbol.commons.security-0.99/
>
> Staging repos
> https://repository.apache.org/content/repositories/orgapachestanbol-1006/
>
> Source tarball:
> http://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz
>
> Detached signature:
> https://repository.apache.org/content/repositories/orgapachestanbol-1006/org/apache/stanbol/org.apache.stanbol.commons.security/0.99/org.apache.stanbol.commons.security-0.99-source-release.tar.gz.asc
>
> PGP release keys
> https://dist.apache.org/repos/dist/release/stanbol/KEYS
>
> The vote will be open for at least 48 hours.
> Thanks for reviewing this release and for voting!
>
> Cheers,
> Reto