You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@shindig.apache.org by Henry Saputra <he...@gmail.com> on 2012/09/21 01:07:55 UTC

Re: Spin off Apache Shindig 2.5.0-beta5 release with critical fixes

Hi Stanton,

The Caja fix does warrant new release but I think it could wait till
next week if no one actively using Caja with Shindig.

I dont know if any implementors of Shindig that uses Caja needs this
ASAP. I know Yahoo! container does use it.

I am CCing user list for FYI.

Paul, any thoughts?

- Henry

On Thu, Sep 20, 2012 at 4:02 PM, Stanton Sievers <ss...@apache.org> wrote:
> Does that mean it can happen at the regularly scheduled time, i.e., the end
> of the month?  Or do you think we need beta5 ASAP because of the caja fix?
>
> Thanks,
> -Stanton
>
> On Thu, Sep 20, 2012 at 6:52 PM, Henry Saputra <he...@gmail.com>wrote:
>
>> Ah you are right Ryan, looks like you had cutoff the beta4 before
>> Dan's commit the changes.
>>
>> We have "custom" beta4 that include Dan's refactor that we now revert
>> to default beta4.
>>
>> So looks like we only need beta5 for Caja fix then I suppose.
>>
>> - Henry
>>
>> On Thu, Sep 20, 2012 at 3:40 PM, Henry Saputra <he...@gmail.com>
>> wrote:
>> > Hmm so looks like the original bug
>> > https://issues.apache.org/jira/browse/SHINDIG-1864 is close with wrong
>> > fix version then?
>> >
>> > It has fix version of 2.5.0-beta4
>> >
>> > - Henry
>> >
>> > On Thu, Sep 20, 2012 at 3:35 PM, Ryan Baxter <rb...@gmail.com>
>> wrote:
>> >> I am fairly sure Dan's oAuth changes didn't make it in beta 4 but the
>> Caja
>> >> fix probably warrants a new build.
>> >>
>> >> -Ryan
>> >>
>> >> On Sep 20, 2012, at 5:34 PM, Paul Lindner <li...@inuus.com> wrote:
>> >>
>> >> sure. happy to.
>> >>
>> >>
>> >> On Thursday, September 20, 2012, Henry Saputra wrote:
>> >>>
>> >>> Hi Ryan or Paul,
>> >>>
>> >>> With Dan's reverting changes to improvement for oauthpopup (this will
>> >>> fix OAuth 1.0a flow for three legged dance) and Paul changes to fix
>> >>> Caja security vulnerability, could one of you help preparing
>> >>> 2.5.0-beta5 release?
>> >>>
>> >>>
>> >>> Thanks,
>> >>>
>> >>> - Henry
>> >>
>> >>
>> >>
>> >> --
>> >> Paul Lindner -- lindner@inuus.com -- profiles.google.com/pmlindner
>>

Re: Spin off Apache Shindig 2.5.0-beta5 release with critical fixes

Posted by Paul Lindner <li...@inuus.com>.

Release can wait.  The caja problem was a limited set of revisions.

On Thursday, September 20, 2012, Henry Saputra wrote:

> Hi Stanton,
>
> The Caja fix does warrant new release but I think it could wait till
> next week if no one actively using Caja with Shindig.
>
> I dont know if any implementors of Shindig that uses Caja needs this
> ASAP. I know Yahoo! container does use it.
>
> I am CCing user list for FYI.
>
> Paul, any thoughts?
>
> - Henry
>
> On Thu, Sep 20, 2012 at 4:02 PM, Stanton Sievers <ssievers@apache.org<javascript:;>>
> wrote:
> > Does that mean it can happen at the regularly scheduled time, i.e., the
> end
> > of the month?  Or do you think we need beta5 ASAP because of the caja
> fix?
> >
> > Thanks,
> > -Stanton
> >
> > On Thu, Sep 20, 2012 at 6:52 PM, Henry Saputra <henry.saputra@gmail.com<javascript:;>
> >wrote:
> >
> >> Ah you are right Ryan, looks like you had cutoff the beta4 before
> >> Dan's commit the changes.
> >>
> >> We have "custom" beta4 that include Dan's refactor that we now revert
> >> to default beta4.
> >>
> >> So looks like we only need beta5 for Caja fix then I suppose.
> >>
> >> - Henry
> >>
> >> On Thu, Sep 20, 2012 at 3:40 PM, Henry Saputra <henry.saputra@gmail.com<javascript:;>
> >
> >> wrote:
> >> > Hmm so looks like the original bug
> >> > https://issues.apache.org/jira/browse/SHINDIG-1864 is close with
> wrong
> >> > fix version then?
> >> >
> >> > It has fix version of 2.5.0-beta4
> >> >
> >> > - Henry
> >> >
> >> > On Thu, Sep 20, 2012 at 3:35 PM, Ryan Baxter <rbaxter85@gmail.com<javascript:;>
> >
> >> wrote:
> >> >> I am fairly sure Dan's oAuth changes didn't make it in beta 4 but the
> >> Caja
> >> >> fix probably warrants a new build.
> >> >>
> >> >> -Ryan
> >> >>
> >> >> On Sep 20, 2012, at 5:34 PM, Paul Lindner <lindner@inuus.com<javascript:;>>
> wrote:
> >> >>
> >> >> sure. happy to.
> >> >>
> >> >>
> >> >> On Thursday, September 20, 2012, Henry Saputra wrote:
> >> >>>
> >> >>> Hi Ryan or Paul,
> >> >>>
> >> >>> With Dan's reverting changes to improvement for oauthpopup (this
> will
> >> >>> fix OAuth 1.0a flow for three legged dance) and Paul changes to fix
> >> >>> Caja security vulnerability, could one of you help preparing
> >> >>> 2.5.0-beta5 release?
> >> >>>
> >> >>>
> >> >>> Thanks,
> >> >>>
> >> >>> - Henry
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Paul Lindner -- lindner@inuus.com <javascript:;> --
> profiles.google.com/pmlindner
> >>
>


-- 
Paul Lindner -- lindner@inuus.com -- profiles.google.com/pmlindner

Re: Spin off Apache Shindig 2.5.0-beta5 release with critical fixes

Posted by Paul Lindner <li...@inuus.com>.

Release can wait.  The caja problem was a limited set of revisions.

On Thursday, September 20, 2012, Henry Saputra wrote:

> Hi Stanton,
>
> The Caja fix does warrant new release but I think it could wait till
> next week if no one actively using Caja with Shindig.
>
> I dont know if any implementors of Shindig that uses Caja needs this
> ASAP. I know Yahoo! container does use it.
>
> I am CCing user list for FYI.
>
> Paul, any thoughts?
>
> - Henry
>
> On Thu, Sep 20, 2012 at 4:02 PM, Stanton Sievers <ssievers@apache.org<javascript:;>>
> wrote:
> > Does that mean it can happen at the regularly scheduled time, i.e., the
> end
> > of the month?  Or do you think we need beta5 ASAP because of the caja
> fix?
> >
> > Thanks,
> > -Stanton
> >
> > On Thu, Sep 20, 2012 at 6:52 PM, Henry Saputra <henry.saputra@gmail.com<javascript:;>
> >wrote:
> >
> >> Ah you are right Ryan, looks like you had cutoff the beta4 before
> >> Dan's commit the changes.
> >>
> >> We have "custom" beta4 that include Dan's refactor that we now revert
> >> to default beta4.
> >>
> >> So looks like we only need beta5 for Caja fix then I suppose.
> >>
> >> - Henry
> >>
> >> On Thu, Sep 20, 2012 at 3:40 PM, Henry Saputra <henry.saputra@gmail.com<javascript:;>
> >
> >> wrote:
> >> > Hmm so looks like the original bug
> >> > https://issues.apache.org/jira/browse/SHINDIG-1864 is close with
> wrong
> >> > fix version then?
> >> >
> >> > It has fix version of 2.5.0-beta4
> >> >
> >> > - Henry
> >> >
> >> > On Thu, Sep 20, 2012 at 3:35 PM, Ryan Baxter <rbaxter85@gmail.com<javascript:;>
> >
> >> wrote:
> >> >> I am fairly sure Dan's oAuth changes didn't make it in beta 4 but the
> >> Caja
> >> >> fix probably warrants a new build.
> >> >>
> >> >> -Ryan
> >> >>
> >> >> On Sep 20, 2012, at 5:34 PM, Paul Lindner <lindner@inuus.com<javascript:;>>
> wrote:
> >> >>
> >> >> sure. happy to.
> >> >>
> >> >>
> >> >> On Thursday, September 20, 2012, Henry Saputra wrote:
> >> >>>
> >> >>> Hi Ryan or Paul,
> >> >>>
> >> >>> With Dan's reverting changes to improvement for oauthpopup (this
> will
> >> >>> fix OAuth 1.0a flow for three legged dance) and Paul changes to fix
> >> >>> Caja security vulnerability, could one of you help preparing
> >> >>> 2.5.0-beta5 release?
> >> >>>
> >> >>>
> >> >>> Thanks,
> >> >>>
> >> >>> - Henry
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Paul Lindner -- lindner@inuus.com <javascript:;> --
> profiles.google.com/pmlindner
> >>
>


-- 
Paul Lindner -- lindner@inuus.com -- profiles.google.com/pmlindner