You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Remy Maucherat <re...@apache.org> on 2002/02/28 20:09:08 UTC
[4.0.3] [VOTES] Upcoming release and security fix
Since there are apparently diverging opinions on the subject (and also since
I didn't get any +1s for a possible 4.0.3 b1, or a 4.0.2a release), here's a
formal request for vote.
On the security problem reported yesterday, affecting the security manager
sandboxing. We should:
<ballot>
A [ ] Make a full 4.0.3 (or 4.0.2a) release which would only include the
security fix
B [ ] Make the security fix available as a binary patch for 4.0.2 (it would
take the form of an archive to extract in $CATALINA_HOME, and would be
*small*)
C [ ] Accelerate the release schedule of 4.0.3, which would include the
security fix, as well as fixes for other issues with 4.0.2 (with Beta 1 on
03/01 and Final on 03/08)
</ballot>
Multiple votes are acceptable. If there are other interesting possibilities,
let me know.
My vote is 'B'.
In parallel, I'd like to release a first beta of 4.0.3 on 03/01 (depending
on the vote on item 'C' above, the release cycle may be shorter or longer):
<ballot>
+1 [ ] I support the release, and I will help
+0 [ ] I support the release
-0 [ ] I don't support the release
-1 [ ] I'm against the release because:
</ballot>
My vote is +1.
Note: Non-committers are welcome to vote if they feel like it, but the vote
in that case is non binding.
Remy
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [4.0.3] [VOTES] Upcoming release and security fix
Posted by Jason Brittain <ja...@collab.net>.
Hi Remy and gang..
Below is my non-binding vote (for fun!):
Remy Maucherat wrote:
> Since there are apparently diverging opinions on the subject (and also since
> I didn't get any +1s for a possible 4.0.3 b1, or a 4.0.2a release), here's a
> formal request for vote.
>
> On the security problem reported yesterday, affecting the security manager
> sandboxing. We should:
> <ballot>
> A [X] Make a full 4.0.3 (or 4.0.2a) release which would only include the
> security fix
This looks to me to be the path of least resistance/hassle for everyone
involved, since it's just a small change to the last release. Release early,
release often. :)
> B [ ] Make the security fix available as a binary patch for 4.0.2 (it would
> take the form of an archive to extract in $CATALINA_HOME, and would be
> *small*)
Binary patches make me nervous. Whether this would work best or not
depends on a whole bunch of unspecified factors, so I won't vote for it.
> C [ ] Accelerate the release schedule of 4.0.3, which would include the
> security fix, as well as fixes for other issues with 4.0.2 (with Beta 1 on
> 03/01 and Final on 03/08)
> </ballot>
This one would be nice too, but it creates a bunch of extra work for you
it seems (which is my guess as to why you're not voting for it).
> Multiple votes are acceptable. If there are other interesting possibilities,
> let me know.
>
> My vote is 'B'.
>
> In parallel, I'd like to release a first beta of 4.0.3 on 03/01 (depending
> on the vote on item 'C' above, the release cycle may be shorter or longer):
> <ballot>
> +1 [ ] I support the release, and I will help
> +0 [X] I support the release, and I sure wish I had time to help!!
> -0 [ ] I don't support the release
> -1 [ ] I'm against the release because:
--
Jason Brittain
<jasonb (at) collab (dot) net>
CollabNet http://www.collab.net
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [4.0.3] [VOTES] Upcoming release and security fix
Posted by Bill Barker <wb...@wilshire.com>.
----- Original Message -----
From: "Remy Maucherat" <re...@apache.org>
To: <to...@jakarta.apache.org>
Sent: Thursday, February 28, 2002 11:09 AM
Subject: [4.0.3] [VOTES] Upcoming release and security fix
> <ballot>
> A [+0] Make a full 4.0.3 (or 4.0.2a) release which would only include the
> security fix
> B [+0] Make the security fix available as a binary patch for 4.0.2 (it
would
> take the form of an archive to extract in $CATALINA_HOME, and would be
> *small*)
> C [ ] Accelerate the release schedule of 4.0.3, which would include the
> security fix, as well as fixes for other issues with 4.0.2 (with Beta 1 on
> 03/01 and Final on 03/08)
> </ballot>
>
Much the same as with Craig. The RPM people will probably want A, whereas
I'd guess that a lot of non-Linux people will want B.
> <ballot>
> +1 [ ] I support the release, and I will help
> +0 [X] I support the release
> -0 [ ] I don't support the release
> -1 [ ] I'm against the release because:
>
>
> </ballot>
>
> My vote is +1.
>
> Note: Non-committers are welcome to vote if they feel like it, but the
vote
> in that case is non binding.
>
> Remy
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [4.0.3] [VOTES] Upcoming release and security fix
Posted by jean-frederic clere <jf...@fujitsu-siemens.com>.
Remy Maucherat wrote:
>
> Since there are apparently diverging opinions on the subject (and also since
> I didn't get any +1s for a possible 4.0.3 b1, or a 4.0.2a release), here's a
> formal request for vote.
>
> On the security problem reported yesterday, affecting the security manager
> sandboxing. We should:
> <ballot>
> A [ ] Make a full 4.0.3 (or 4.0.2a) release which would only include the
> security fix
> B [ ] Make the security fix available as a binary patch for 4.0.2 (it would
> take the form of an archive to extract in $CATALINA_HOME, and would be
> *small*)
> C [ ] Accelerate the release schedule of 4.0.3, which would include the
> security fix, as well as fixes for other issues with 4.0.2 (with Beta 1 on
> 03/01 and Final on 03/08)
I need some of these fixes...
But I have just noted it only yesterday therefore today the choice A does not
help me... So B.
> </ballot>
>
> Multiple votes are acceptable. If there are other interesting possibilities,
> let me know.
>
> My vote is 'B'.
>
> In parallel, I'd like to release a first beta of 4.0.3 on 03/01 (depending
> on the vote on item 'C' above, the release cycle may be shorter or longer):
> <ballot>
> +1 [X] I support the release, and I will help
> +0 [ ] I support the release
> -0 [ ] I don't support the release
> -1 [ ] I'm against the release because:
>
> </ballot>
>
> My vote is +1.
>
> Note: Non-committers are welcome to vote if they feel like it, but the vote
> in that case is non binding.
>
> Remy
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [4.0.3] [VOTES] Upcoming release and security fix
Posted by Eric Rescorla <ek...@rtfm.com>.
"Remy Maucherat" <re...@apache.org> writes:
> Since there are apparently diverging opinions on the subject (and also since
> I didn't get any +1s for a possible 4.0.3 b1, or a 4.0.2a release), here's a
> formal request for vote.
>
> On the security problem reported yesterday, affecting the security manager
> sandboxing. We should:
> <ballot>
> A [ ] Make a full 4.0.3 (or 4.0.2a) release which would only include the
> security fix
> B [ ] Make the security fix available as a binary patch for 4.0.2 (it would
> take the form of an archive to extract in $CATALINA_HOME, and would be
> *small*)
> C [ ] Accelerate the release schedule of 4.0.3, which would include the
> security fix, as well as fixes for other issues with 4.0.2 (with Beta 1 on
> 03/01 and Final on 03/08)
> </ballot>
My vote is C.
> In parallel, I'd like to release a first beta of 4.0.3 on 03/01 (depending
> on the vote on item 'C' above, the release cycle may be shorter or longer):
> <ballot>
> +1 [ ] I support the release, and I will help
> +0 [ ] I support the release
> -0 [ ] I don't support the release
> -1 [ ] I'm against the release because:
>
>
> </ballot>
>
> My vote is +1.
+0
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [4.0.3] [VOTES] Upcoming release and security fix
Posted by "Craig R. McClanahan" <cr...@apache.org>.
+1 for option A and B together (they don't have to be mutually exclusive,
and we can examine user behavior to see if binary patches are an idea
worth pursuing.
+1 for 4.0.3-b1.
Craig
On Thu, 28 Feb 2002, Remy Maucherat wrote:
> Date: Thu, 28 Feb 2002 11:09:08 -0800
> From: Remy Maucherat <re...@apache.org>
> Reply-To: Tomcat Developers List <to...@jakarta.apache.org>
> To: tomcat-dev@jakarta.apache.org
> Subject: [4.0.3] [VOTES] Upcoming release and security fix
>
> Since there are apparently diverging opinions on the subject (and also since
> I didn't get any +1s for a possible 4.0.3 b1, or a 4.0.2a release), here's a
> formal request for vote.
>
> On the security problem reported yesterday, affecting the security manager
> sandboxing. We should:
> <ballot>
> A [ ] Make a full 4.0.3 (or 4.0.2a) release which would only include the
> security fix
> B [ ] Make the security fix available as a binary patch for 4.0.2 (it would
> take the form of an archive to extract in $CATALINA_HOME, and would be
> *small*)
> C [ ] Accelerate the release schedule of 4.0.3, which would include the
> security fix, as well as fixes for other issues with 4.0.2 (with Beta 1 on
> 03/01 and Final on 03/08)
> </ballot>
>
> Multiple votes are acceptable. If there are other interesting possibilities,
> let me know.
>
> My vote is 'B'.
>
> In parallel, I'd like to release a first beta of 4.0.3 on 03/01 (depending
> on the vote on item 'C' above, the release cycle may be shorter or longer):
> <ballot>
> +1 [ ] I support the release, and I will help
> +0 [ ] I support the release
> -0 [ ] I don't support the release
> -1 [ ] I'm against the release because:
>
>
> </ballot>
>
> My vote is +1.
>
> Note: Non-committers are welcome to vote if they feel like it, but the vote
> in that case is non binding.
>
> Remy
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [4.0.3] [VOTES] Upcoming release and security fix
Posted by co...@covalent.net.
On Thu, 28 Feb 2002, Remy Maucherat wrote:
> On the security problem reported yesterday, affecting the security manager
> sandboxing. We should:
> <ballot>
> A [] Make a full 4.0.3 (or 4.0.2a) release which would only include the
> security fix
> B [+1] Make the security fix available as a binary patch for 4.0.2 (it would
> take the form of an archive to extract in $CATALINA_HOME, and would be
> *small*)
> C [] Accelerate the release schedule of 4.0.3, which would include the
> security fix, as well as fixes for other issues with 4.0.2 (with Beta 1 on
> 03/01 and Final on 03/08)
> </ballot>
> Multiple votes are acceptable. If there are other interesting possibilities,
> let me know.
>
> My vote is 'B'.
>
> In parallel, I'd like to release a first beta of 4.0.3 on 03/01 (depending
> on the vote on item 'C' above, the release cycle may be shorter or longer):
> <ballot>
> +1 [+1( jk part )] I support the release, and I will help
> +0 [ ] I support the release
> -0 [ ] I don't support the release
> -1 [ ] I'm against the release because:
Costin
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>