Release 5.2.1

[Philippe Mouawad <pm...@apache.org>]

Hello,
Following discovery of issue on pom, can we release a 5.2.1 ?

Thanks
Regards

Re: Release 5.2.1

[Milamber <mi...@apache.org>]

  On the way. RC4

On 15/11/2019 23:49, Vladimir Sitnikov wrote:
> Milamber, would you please retry creating RC?
>
> Vladimir
>

Re: Release 5.2.1

[Vladimir Sitnikov <si...@gmail.com>]

Milamber, would you please retry creating RC?

Vladimir

Re: Release 5.2.1

[Milamber <mi...@apache.org>]

OK :-)

On 14/11/2019 20:22, Vladimir Sitnikov wrote:
> >I will try to do a RC2 of v5.2.1 tonight
>
> My bad. The latest snapshot (gradle-6.0.1-20191114002542+0000-all.zip) 
> does not include the fix yet.
> So let's try tomorrow.
>
> Vladimir
>

Re: Release 5.2.1

[Vladimir Sitnikov <si...@gmail.com>]

>I will try to do a RC2 of v5.2.1 tonight

My bad. The latest snapshot (gradle-6.0.1-20191114002542+0000-all.zip) does
not include the fix yet.
So let's try tomorrow.

Vladimir

Re: Release 5.2.1

[Milamber <mi...@apache.org>]

Hello,

I will try to do a RC2 of v5.2.1 tonight

Milamber

On 13/11/2019 12:36, Vladimir Sitnikov wrote:
>> Are we sure it will be available in 1 week ?
> Please have a look over the recent patch releases:
> https://gradle.org/releases/
> They were quite prompt.
> For instance: Gradle 5.2 (Feb 04), 5.2.1 (Feb 08).
> We are not voting that fast yet :-/
>
> If it does not appear in a week, we can revert to 5.6.
>
> Vladimir
>

Re: Release 5.2.1

[Vladimir Sitnikov <si...@gmail.com>]

It seems rather restrictive that repository.apache.org is not ready for
sha256 in 2019.

Vladimir

Re: Release 5.2.1

[sebb <se...@gmail.com>]

Is it not possible to configure Gradle to generate different checksums?

Seems rather restrictive that the checksum types are built in.

On Wed, 13 Nov 2019 at 12:20, Philippe Mouawad <pm...@apache.org> wrote:

> Ok by me then
>
> On Wednesday, November 13, 2019, Vladimir Sitnikov <
> sitnikov.vladimir@gmail.com> wrote:
>
> > >Are we sure it will be available in 1 week ?
> >
> > Please have a look over the recent patch releases:
> > https://gradle.org/releases/
> > They were quite prompt.
> > For instance: Gradle 5.2 (Feb 04), 5.2.1 (Feb 08).
> > We are not voting that fast yet :-/
> >
> > If it does not appear in a week, we can revert to 5.6.
> >
> > Vladimir
> >
>

Re: Release 5.2.1

[Philippe Mouawad <pm...@apache.org>]

Ok by me then

On Wednesday, November 13, 2019, Vladimir Sitnikov <
sitnikov.vladimir@gmail.com> wrote:

> >Are we sure it will be available in 1 week ?
>
> Please have a look over the recent patch releases:
> https://gradle.org/releases/
> They were quite prompt.
> For instance: Gradle 5.2 (Feb 04), 5.2.1 (Feb 08).
> We are not voting that fast yet :-/
>
> If it does not appear in a week, we can revert to 5.6.
>
> Vladimir
>

Re: Release 5.2.1

[Vladimir Sitnikov <si...@gmail.com>]

>Are we sure it will be available in 1 week ?

Please have a look over the recent patch releases:
https://gradle.org/releases/
They were quite prompt.
For instance: Gradle 5.2 (Feb 04), 5.2.1 (Feb 08).
We are not voting that fast yet :-/

If it does not appear in a week, we can revert to 5.6.

Vladimir

Re: Release 5.2.1

[Philippe Mouawad <pm...@apache.org>]

Hello,
Are we sure it will be available in 1 week ?

Thanks

On Wednesday, November 13, 2019, Vladimir Sitnikov <
sitnikov.vladimir@gmail.com> wrote:

> Update: it turned out repository.apache.org is not yet ready for storing
> sha256 and sha512 checksums.
> Gradle 6.0 publishes sha256 and sha512, however, Nexus is not ready yet.
>
> The relevant issue is https://issues.apache.org/jira/browse/INFRA-14923
> Gradle issue is https://github.com/gradle/gradle/issues/11308
>
> So we have at least two options:
> * Wait till 6.0.1 is released with a flag that disables 256/512 checksums
> * Revert Gradle to 5.6.2 and retry the release
>
> I would suggest waiting for Gradle 6.0.1 for a week.
>
> Vladimir
>

Re: Release 5.2.1

[Vladimir Sitnikov <si...@gmail.com>]

Update: it turned out repository.apache.org is not yet ready for storing
sha256 and sha512 checksums.
Gradle 6.0 publishes sha256 and sha512, however, Nexus is not ready yet.

The relevant issue is https://issues.apache.org/jira/browse/INFRA-14923
Gradle issue is https://github.com/gradle/gradle/issues/11308

So we have at least two options:
* Wait till 6.0.1 is released with a flag that disables 256/512 checksums
* Revert Gradle to 5.6.2 and retry the release

I would suggest waiting for Gradle 6.0.1 for a week.

Vladimir

Re: Release 5.2.1

[Milamber <mi...@apache.org>]

Hello,

I will wait tomorrow (~09:00pm GMT+1) to make the RC1 of v5.2.1.

Milamber

On 11/11/2019 21:53, Vladimir Sitnikov wrote:
>> That’s what is done with maven when you want to force a newer version than
> the one embedded by dependency
>
> Remember there are frameworks and there are libraries.
>
> binary distribution of JMeter is a framework: it enforces you to put jars
> into relevant places, and start with ./jmeter.
>
> On the other hand, jar files on Maven Central are libraries. They do not
> enforce the way you use them.
>
> The one who uses Maven artifacts is free to select the suitable versions.
>
> The rule for dependencies should be as follows:
> 1) If we use the class (e.g. in extends, method parameter or method
> returning value), then the dependency should be explicitly declared
> 2) If we do not use a dependency (e.g. we do not use asm explicitly), then
> the dependency should not be declared
> 3) The exception to #2 is the case when the transitive version is too old
> (e.g. contains security issue), then we could still declare an "unused
> dependency".
>
> Unfortunately, there's no validation for the dependencies yet, and I'm
> planning to implement one shortly.
>
> Vladimir
>

Re: Release 5.2.1

[Vladimir Sitnikov <si...@gmail.com>]

>That’s what is done with maven when you want to force a newer version than
the one embedded by dependency

Remember there are frameworks and there are libraries.

binary distribution of JMeter is a framework: it enforces you to put jars
into relevant places, and start with ./jmeter.

On the other hand, jar files on Maven Central are libraries. They do not
enforce the way you use them.

The one who uses Maven artifacts is free to select the suitable versions.

The rule for dependencies should be as follows:
1) If we use the class (e.g. in extends, method parameter or method
returning value), then the dependency should be explicitly declared
2) If we do not use a dependency (e.g. we do not use asm explicitly), then
the dependency should not be declared
3) The exception to #2 is the case when the transitive version is too old
(e.g. contains security issue), then we could still declare an "unused
dependency".

Unfortunately, there's no validation for the dependencies yet, and I'm
planning to implement one shortly.

Vladimir

Re: Release 5.2.1

[Philippe Mouawad <pm...@apache.org>]

Json-path uses it.
In lib of jmeter we have version 7.0 , if we don’t add it, asm 5.0 is use
which might trigger issues with newer java versions
Should we not force it as we want 7.0 ?

That’s what is done with maven when you want to force a newer version than
the one embedded by dependency


On Monday, November 11, 2019, Vladimir Sitnikov <si...@gmail.com>
wrote:

> >Done.
>
> Why add asm?
> We do not use it => it should not be added.
>
> Vladimir
>

Re: Release 5.2.1

[Vladimir Sitnikov <si...@gmail.com>]

>Done.

Why add asm?
We do not use it => it should not be added.

Vladimir

Re: Release 5.2.1

[Philippe Mouawad <ph...@gmail.com>]

Hello,
Done.
Regards

On Mon, Nov 11, 2019 at 9:18 PM Milamber <mi...@apache.org> wrote:

> I not launch the RC generation, if you can fix it now (for 30 min), else
> I will launch the RC
>
> On 11/11/2019 21:13, Vladimir Sitnikov wrote:
> > If Milamber has not yet started rc1, then we could add it.
> > Otherwise, I do not think it is a notable issue for stopping the release.
> >
> > Vladimir
> >
>
>

-- 
Cordialement.
Philippe Mouawad.

Re: Release 5.2.1

[Milamber <mi...@apache.org>]

I not launch the RC generation, if you can fix it now (for 30 min), else 
I will launch the RC

On 11/11/2019 21:13, Vladimir Sitnikov wrote:
> If Milamber has not yet started rc1, then we could add it.
> Otherwise, I do not think it is a notable issue for stopping the release.
>
> Vladimir
>

Re: Release 5.2.1

[Vladimir Sitnikov <si...@gmail.com>]

If Milamber has not yet started rc1, then we could add it.
Otherwise, I do not think it is a notable issue for stopping the release.

Vladimir

Re: Release 5.2.1

[Philippe Mouawad <pm...@apache.org>]

Hello ,
Just one thing, should we reference httpclient in dependency so that the
right version is included in pom.xml ?

For now being obtained through transitive dep mgt, we get 4.5.10 instead of
4.5.12

thanks
Regards

On Monday, November 11, 2019, Milamber <mi...@apache.org> wrote:

> Hello Vladimir,
>
> Ok go to the v5.2.1 RC1
>
> Milamber
>
> On 11/11/2019 20:08, Vladimir Sitnikov wrote:
>
>> Looks good to me.
>>
>> Milamber, would you please create a rc?
>>
>> Vladimir
>>
>>
>

Re: Release 5.2.1

[Milamber <mi...@apache.org>]

Hello Vladimir,

Ok go to the v5.2.1 RC1

Milamber

On 11/11/2019 20:08, Vladimir Sitnikov wrote:
> Looks good to me.
>
> Milamber, would you please create a rc?
>
> Vladimir
>

Re: Release 5.2.1

[Vladimir Sitnikov <si...@gmail.com>]

Looks good to me.

Milamber, would you please create a rc?

Vladimir

Re: Release 5.2.1

[Antonio Gomes Rodrigues <ra...@gmail.com>]

+1

Le lun. 11 nov. 2019 à 18:42, Milamber <mi...@apache.org> a écrit :

> Hello,
>
> Yes, ready to do this, and verify the new release process with the fixes
> from Vladimir.
>
> Milamber
>
> On 11/11/2019 18:37, Philippe Mouawad wrote:
> > Hello,
> > Following discovery of issue on pom, can we release a 5.2.1 ?
> >
> > Thanks
> > Regards
> >
>
>

Re: Release 5.2.1

[Milamber <mi...@apache.org>]

Hello,

Yes, ready to do this, and verify the new release process with the fixes 
from Vladimir.

Milamber

On 11/11/2019 18:37, Philippe Mouawad wrote:
> Hello,
> Following discovery of issue on pom, can we release a 5.2.1 ?
>
> Thanks
> Regards
>

Re: Release 5.2.1

[Vladimir Sitnikov <si...@gmail.com>]

>Following discovery of issue on pom, can we release a 5.2.1 ?

+1

Vladimir