Ok. I cancel and will ask help from the redback guys for 1.1.1 release (as soon as possible :-) ) I will continue with the same versionning scheme (deleting tag and recreate it). But we can discuss about this for the next release.
-- Olivier 2008/9/17 Emmanuel Venisse <[EMAIL PROTECTED]>: > I don't consider it as a bloker issue for the majority of installs but it is > one for vmbuild. > IMO, we can release it with this issue and release 1.2.1 in few week with > redback 1.2 (not tested yet brett's changes) and some other fixes, but I'm > ok for a take 4 too :-) > > Emmanuel > > On Wed, Sep 17, 2008 at 10:19 PM, Olivier Lamy <[EMAIL PROTECTED]> wrote: > >> As I understand here we depend on a redback 1.2 release to fix that ? >> When this one will be released ? >> Perso, I don't have any objections to try an other release (take 4) if >> the next rednack release which fix that is available at the end of the >> week. (Now I know exactly what to do to cut a continuum releases all >> scripts are ready ;-) ). >> I consider this issue as blocker if we want to update the continuum >> instance in vmbuild. >> >> Thoughts ? >> >> Thanks, >> -- >> Olivier >> >> >> 2008/9/17 Wendy Smoak <[EMAIL PROTECTED]>: >> > On Mon, Sep 15, 2008 at 3:59 AM, Olivier Lamy <[EMAIL PROTECTED]> wrote: >> > >> >> The last release is 9 months and no one has been done since the TLP >> graduation. >> >> I'd like to release continuum 1.2. >> >> We fixed 128 issues : >> >> >> http://jira.codehaus.org/secure/ReleaseNote.jspa?version=13779&styleName=Html&projectId=10540&Create=Create >> >> >> >> The staging repo is here : >> http://people.apache.org/~olamy/staging-repo/<http://people.apache.org/%7Eolamy/staging-repo/> >> > >> > If you're using project group permissions, there's a fairly serious >> > security issue in 1.2. Any project group admin can grant roles all >> > the way up to system administrator, to himself and others. >> > (CONTINUUM-1867) >> > >> > I'm conflicted about releasing this as-is. On one hand, if you're >> > depending on the roles to prevent access to projects, it's seriously >> > broken. On the other hand... most people I've talked to aren't using >> > this feature, and even if the roles *are* working, any developer can >> > check in a script, which runs as the Continuum user, and do pretty >> > much anything they want. >> > >> > Thoughts? >> > >> > -- >> > Wendy >> > >> >
