You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by si...@apache.org on 2013/03/27 15:58:15 UTC
svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Author: simonetripodi
Date: Wed Mar 27 14:58:15 2013
New Revision: 1461628
URL: http://svn.apache.org/r1461628
Log:
use the `exclude` logic to create the sources archive, rather than specifying what has to be included
Modified:
commons/proper/ognl/trunk/src/main/assembly/src.xml
Modified: commons/proper/ognl/trunk/src/main/assembly/src.xml
URL: http://svn.apache.org/viewvc/commons/proper/ognl/trunk/src/main/assembly/src.xml?rev=1461628&r1=1461627&r2=1461628&view=diff
==============================================================================
--- commons/proper/ognl/trunk/src/main/assembly/src.xml (original)
+++ commons/proper/ognl/trunk/src/main/assembly/src.xml Wed Mar 27 14:58:15 2013
@@ -26,17 +26,17 @@
<baseDirectory>${project.build.finalName}-src</baseDirectory>
<fileSets>
<fileSet>
- <includes>
- <include>checkstyle.xml</include>
- <include>LICENSE.txt</include>
- <include>NOTICE.txt</include>
- <include>pom.xml</include>
- <include>RELEASE-NOTES.txt</include>
- <include>findbugs-exclude-filter.xml</include>
- </includes>
- </fileSet>
- <fileSet>
- <directory>src</directory>
+ <directory>${basedir}</directory>
+ <excludes>
+ <exclude>**/.classpath</exclude>
+ <exclude>**/.project</exclude>
+ <exclude>**/.settings/</exclude>
+ <exclude>**/doap_*.rdf</exclude>
+ <exclude>**/bin/</exclude>
+ <exclude>**/.externalToolBuilders/</exclude>
+ <exclude>**/${project.build.directory}/</exclude>
+ <exclude>**/download*.cgi</exclude>
+ </excludes>
</fileSet>
</fileSets>
</assembly>
Re: svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Posted by sebb <se...@gmail.com>.
On 28 March 2013 08:59, Simone Tripodi <si...@apache.org> wrote:
>>>
>>> That assumes reviewers compare the tag with the releases - does anyone
>>> apart from me do that?
>>>
>>
>
> everybody HAS to do it and I assume everybody does it, otherwise we
No, that's not a requirement as far as I know (probably should be).
> have to be aware we are voting poor releases
>
>> I do that :)
>>
>
> great! :)
In that case, a missing file will be detected and the assembly file
can be corrected.
I still say it's much safer to include the minimum set of files.
And probably not significantly more maintenance.
> -Simo
>
> http://people.apache.org/~simonetripodi/
> http://simonetripodi.livejournal.com/
> http://twitter.com/simonetripodi
> http://www.99soft.org/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Posted by Simone Tripodi <si...@apache.org>.
>>
>> That assumes reviewers compare the tag with the releases - does anyone
>> apart from me do that?
>>
>
everybody HAS to do it and I assume everybody does it, otherwise we
have to be aware we are voting poor releases
> I do that :)
>
great! :)
-Simo
http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Posted by Benedikt Ritter <br...@apache.org>.
2013/3/27 sebb <se...@gmail.com>
> On 27 March 2013 20:33, Simone Tripodi <si...@apache.org> wrote:
> >>
> >> No, sorry, it's just not as safe.
> >>
> >> I'd rather a file be missing from the release than have a release with
> >> a spurious file that could contain anything.
> >
> > The only risk we have ATM is that the RM includes Idea's or Netbean's
> > dedicated files -
>
> IDE files are the most likely to be found, but those can be easily
> excluded.
> The problem is another file which could come from anywhere.
>
> > and produced archives are reviewed and voted, so if
> > they contain a spurious file that contains whatever potentially
> > dangerous - not just technically, but also under a legal PoV - vote is
> > cancelled.
>
> That assumes reviewers compare the tag with the releases - does anyone
> apart from me do that?
>
I do that :)
>
> >> Once released, it cannot be unreleased. Whereas a missing file means
> > at worst doing a point release.
> >
> > but that could be applied to other logic as well, the RM can
> > potentially forget to include some required file - or not?
>
> Yes, but reviewers are likely to notice a missing NOTICE or LICENSE file.
> And unless the N&L files are renamed or removed from the assembly
> descriptor, if one build is OK, future builds will be OK.
>
> The same is not true of the unexpected file that can appear in a release.
>
> Besides, as I already wrote, one can do a new point release if a file
> is missing.
> One cannot remove a file from a release.
>
> It's just not worth the risk.
>
> > http://people.apache.org/~simonetripodi/
> > http://simonetripodi.livejournal.com/
> > http://twitter.com/simonetripodi
> > http://www.99soft.org/
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>
--
http://people.apache.org/~britter/
http://www.systemoutprintln.de/
http://twitter.com/BenediktRitter
http://github.com/britter
Re: svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Posted by sebb <se...@gmail.com>.
On 28 March 2013 08:53, Simone Tripodi <si...@apache.org> wrote:
>>> cannot come from anywhere since it declares the fileset from ${basedir}
>>
>> I meant, the file could have been copied from anywhere and
>> accidentally left in the directory structure.
>>
>
> this is too general, it happens everywhere - like generated sources
> accidentally included in bin archives, OSGi metadata included in test
> jars (it happens, see the FU vote thread), etc. - and doesn't justify
> a -1.
The point is, with the exclusive method there are many more places
where it can go wrong.
> http://people.apache.org/~simonetripodi/
> http://simonetripodi.livejournal.com/
> http://twitter.com/simonetripodi
> http://www.99soft.org/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Posted by Simone Tripodi <si...@apache.org>.
>> cannot come from anywhere since it declares the fileset from ${basedir}
>
> I meant, the file could have been copied from anywhere and
> accidentally left in the directory structure.
>
this is too general, it happens everywhere - like generated sources
accidentally included in bin archives, OSGi metadata included in test
jars (it happens, see the FU vote thread), etc. - and doesn't justify
a -1.
http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Posted by sebb <se...@gmail.com>.
On 27 March 2013 22:22, Simone Tripodi <si...@apache.org> wrote:
>> The problem is another file which could come from anywhere.
>
> cannot come from anywhere since it declares the fileset from ${basedir}
I meant, the file could have been copied from anywhere and
accidentally left in the directory structure.
> http://people.apache.org/~simonetripodi/
> http://simonetripodi.livejournal.com/
> http://twitter.com/simonetripodi
> http://www.99soft.org/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Posted by Simone Tripodi <si...@apache.org>.
> The problem is another file which could come from anywhere.
cannot come from anywhere since it declares the fileset from ${basedir}
http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Posted by sebb <se...@gmail.com>.
On 27 March 2013 20:33, Simone Tripodi <si...@apache.org> wrote:
>>
>> No, sorry, it's just not as safe.
>>
>> I'd rather a file be missing from the release than have a release with
>> a spurious file that could contain anything.
>
> The only risk we have ATM is that the RM includes Idea's or Netbean's
> dedicated files -
IDE files are the most likely to be found, but those can be easily excluded.
The problem is another file which could come from anywhere.
> and produced archives are reviewed and voted, so if
> they contain a spurious file that contains whatever potentially
> dangerous - not just technically, but also under a legal PoV - vote is
> cancelled.
That assumes reviewers compare the tag with the releases - does anyone
apart from me do that?
>> Once released, it cannot be unreleased. Whereas a missing file means
> at worst doing a point release.
>
> but that could be applied to other logic as well, the RM can
> potentially forget to include some required file - or not?
Yes, but reviewers are likely to notice a missing NOTICE or LICENSE file.
And unless the N&L files are renamed or removed from the assembly
descriptor, if one build is OK, future builds will be OK.
The same is not true of the unexpected file that can appear in a release.
Besides, as I already wrote, one can do a new point release if a file
is missing.
One cannot remove a file from a release.
It's just not worth the risk.
> http://people.apache.org/~simonetripodi/
> http://simonetripodi.livejournal.com/
> http://twitter.com/simonetripodi
> http://www.99soft.org/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Posted by Simone Tripodi <si...@apache.org>.
>
> No, sorry, it's just not as safe.
>
> I'd rather a file be missing from the release than have a release with
> a spurious file that could contain anything.
The only risk we have ATM is that the RM includes Idea's or Netbean's
dedicated files - and produced archives are reviewed and voted, so if
they contain a spurious file that contains whatever potentially
dangerous - not just technically, but also under a legal PoV - vote is
cancelled.
> Once released, it cannot be unreleased. Whereas a missing file means
at worst doing a point release.
but that could be applied to other logic as well, the RM can
potentially forget to include some required file - or not?
http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Posted by sebb <se...@gmail.com>.
On 27 March 2013 16:50, Simone Tripodi <si...@apache.org> wrote:
> we just voted a component which -src assembly descriptor[1] uses that one
>
> would you reconsider the -1 to -0?
No, sorry, it's just not as safe.
I'd rather a file be missing from the release than have a release with
a spurious file that could contain anything.
Once released, it cannot be unreleased. Whereas a missing file means
at worst doing a point release.
I overlooked fileupload, so it's too late to fix that release, but I
think fileupload should be changed for the next release too.
> [1] http://svn.apache.org/repos/asf/commons/proper/fileupload/trunk/src/main/assembly/src.xml
>
> http://people.apache.org/~simonetripodi/
> http://simonetripodi.livejournal.com/
> http://twitter.com/simonetripodi
> http://www.99soft.org/
>
>
> On Wed, Mar 27, 2013 at 5:40 PM, sebb <se...@gmail.com> wrote:
>> On 27 March 2013 14:58, <si...@apache.org> wrote:
>>> Author: simonetripodi
>>> Date: Wed Mar 27 14:58:15 2013
>>> New Revision: 1461628
>>>
>>> URL: http://svn.apache.org/r1461628
>>> Log:
>>> use the `exclude` logic to create the sources archive, rather than specifying what has to be included
>>
>> -1
>>
>> I think that is not nearly as safe, as it will pick up arbitrary
>> additional files and directory trees in the root dir.
>>
>> The previous method of specifying src/ plus specific top-level files
>> was only susceptible to spurious files under src/.
>> The new method is still susceptible to such files (very difficult to
>> avoid that), but is also susceptible lots of other files.
>>
>>> Modified:
>>> commons/proper/ognl/trunk/src/main/assembly/src.xml
>>>
>>> Modified: commons/proper/ognl/trunk/src/main/assembly/src.xml
>>> URL: http://svn.apache.org/viewvc/commons/proper/ognl/trunk/src/main/assembly/src.xml?rev=1461628&r1=1461627&r2=1461628&view=diff
>>> ==============================================================================
>>> --- commons/proper/ognl/trunk/src/main/assembly/src.xml (original)
>>> +++ commons/proper/ognl/trunk/src/main/assembly/src.xml Wed Mar 27 14:58:15 2013
>>> @@ -26,17 +26,17 @@
>>> <baseDirectory>${project.build.finalName}-src</baseDirectory>
>>> <fileSets>
>>> <fileSet>
>>> - <includes>
>>> - <include>checkstyle.xml</include>
>>> - <include>LICENSE.txt</include>
>>> - <include>NOTICE.txt</include>
>>> - <include>pom.xml</include>
>>> - <include>RELEASE-NOTES.txt</include>
>>> - <include>findbugs-exclude-filter.xml</include>
>>> - </includes>
>>> - </fileSet>
>>> - <fileSet>
>>> - <directory>src</directory>
>>> + <directory>${basedir}</directory>
>>> + <excludes>
>>> + <exclude>**/.classpath</exclude>
>>> + <exclude>**/.project</exclude>
>>> + <exclude>**/.settings/</exclude>
>>> + <exclude>**/doap_*.rdf</exclude>
>>> + <exclude>**/bin/</exclude>
>>> + <exclude>**/.externalToolBuilders/</exclude>
>>> + <exclude>**/${project.build.directory}/</exclude>
>>> + <exclude>**/download*.cgi</exclude>
>>> + </excludes>
>>> </fileSet>
>>> </fileSets>
>>> </assembly>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> For additional commands, e-mail: dev-help@commons.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Posted by Simone Tripodi <si...@apache.org>.
we just voted a component which -src assembly descriptor[1] uses that one
would you reconsider the -1 to -0?
[1] http://svn.apache.org/repos/asf/commons/proper/fileupload/trunk/src/main/assembly/src.xml
http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/
On Wed, Mar 27, 2013 at 5:40 PM, sebb <se...@gmail.com> wrote:
> On 27 March 2013 14:58, <si...@apache.org> wrote:
>> Author: simonetripodi
>> Date: Wed Mar 27 14:58:15 2013
>> New Revision: 1461628
>>
>> URL: http://svn.apache.org/r1461628
>> Log:
>> use the `exclude` logic to create the sources archive, rather than specifying what has to be included
>
> -1
>
> I think that is not nearly as safe, as it will pick up arbitrary
> additional files and directory trees in the root dir.
>
> The previous method of specifying src/ plus specific top-level files
> was only susceptible to spurious files under src/.
> The new method is still susceptible to such files (very difficult to
> avoid that), but is also susceptible lots of other files.
>
>> Modified:
>> commons/proper/ognl/trunk/src/main/assembly/src.xml
>>
>> Modified: commons/proper/ognl/trunk/src/main/assembly/src.xml
>> URL: http://svn.apache.org/viewvc/commons/proper/ognl/trunk/src/main/assembly/src.xml?rev=1461628&r1=1461627&r2=1461628&view=diff
>> ==============================================================================
>> --- commons/proper/ognl/trunk/src/main/assembly/src.xml (original)
>> +++ commons/proper/ognl/trunk/src/main/assembly/src.xml Wed Mar 27 14:58:15 2013
>> @@ -26,17 +26,17 @@
>> <baseDirectory>${project.build.finalName}-src</baseDirectory>
>> <fileSets>
>> <fileSet>
>> - <includes>
>> - <include>checkstyle.xml</include>
>> - <include>LICENSE.txt</include>
>> - <include>NOTICE.txt</include>
>> - <include>pom.xml</include>
>> - <include>RELEASE-NOTES.txt</include>
>> - <include>findbugs-exclude-filter.xml</include>
>> - </includes>
>> - </fileSet>
>> - <fileSet>
>> - <directory>src</directory>
>> + <directory>${basedir}</directory>
>> + <excludes>
>> + <exclude>**/.classpath</exclude>
>> + <exclude>**/.project</exclude>
>> + <exclude>**/.settings/</exclude>
>> + <exclude>**/doap_*.rdf</exclude>
>> + <exclude>**/bin/</exclude>
>> + <exclude>**/.externalToolBuilders/</exclude>
>> + <exclude>**/${project.build.directory}/</exclude>
>> + <exclude>**/download*.cgi</exclude>
>> + </excludes>
>> </fileSet>
>> </fileSets>
>> </assembly>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: svn commit: r1461628 - /commons/proper/ognl/trunk/src/main/assembly/src.xml
Posted by sebb <se...@gmail.com>.
On 27 March 2013 14:58, <si...@apache.org> wrote:
> Author: simonetripodi
> Date: Wed Mar 27 14:58:15 2013
> New Revision: 1461628
>
> URL: http://svn.apache.org/r1461628
> Log:
> use the `exclude` logic to create the sources archive, rather than specifying what has to be included
-1
I think that is not nearly as safe, as it will pick up arbitrary
additional files and directory trees in the root dir.
The previous method of specifying src/ plus specific top-level files
was only susceptible to spurious files under src/.
The new method is still susceptible to such files (very difficult to
avoid that), but is also susceptible lots of other files.
> Modified:
> commons/proper/ognl/trunk/src/main/assembly/src.xml
>
> Modified: commons/proper/ognl/trunk/src/main/assembly/src.xml
> URL: http://svn.apache.org/viewvc/commons/proper/ognl/trunk/src/main/assembly/src.xml?rev=1461628&r1=1461627&r2=1461628&view=diff
> ==============================================================================
> --- commons/proper/ognl/trunk/src/main/assembly/src.xml (original)
> +++ commons/proper/ognl/trunk/src/main/assembly/src.xml Wed Mar 27 14:58:15 2013
> @@ -26,17 +26,17 @@
> <baseDirectory>${project.build.finalName}-src</baseDirectory>
> <fileSets>
> <fileSet>
> - <includes>
> - <include>checkstyle.xml</include>
> - <include>LICENSE.txt</include>
> - <include>NOTICE.txt</include>
> - <include>pom.xml</include>
> - <include>RELEASE-NOTES.txt</include>
> - <include>findbugs-exclude-filter.xml</include>
> - </includes>
> - </fileSet>
> - <fileSet>
> - <directory>src</directory>
> + <directory>${basedir}</directory>
> + <excludes>
> + <exclude>**/.classpath</exclude>
> + <exclude>**/.project</exclude>
> + <exclude>**/.settings/</exclude>
> + <exclude>**/doap_*.rdf</exclude>
> + <exclude>**/bin/</exclude>
> + <exclude>**/.externalToolBuilders/</exclude>
> + <exclude>**/${project.build.directory}/</exclude>
> + <exclude>**/download*.cgi</exclude>
> + </excludes>
> </fileSet>
> </fileSets>
> </assembly>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org