I think releasing 2.0.3 is in the best interest of the community, given
the security fixes that it contains. It also gives us a way to announce
to our users that this will be the last 2.0.x release (which we never
really did for 1.1.x) and that they should start moving to 2.1.x or 2.2
for any new projects.
-Donald
Joe Bohn wrote:
I apologize for not raising this question on the earlier thread.
I'm wondering if it is a good idea to release a 2.0.3 at this point in
time. We've had several releases of 2.1.x (four) and we'll hopefully
release 2.2 in the not too distant future. I'm a little concerned that
releasing a 2.0.3 now will just encourage people to continue on the
2.0.* base rather than taking the plunge and moving up to 2.1.*. It's
been a year since we released 2.0.2 and in addition to the security
fixes there have been a lot of other fixes/enhancements in the 2.1 branch.
What are the big stumbling blocks that prevent a user from moving from
2.0.2 to 2.1.3 to resolve the security concerns?
Rather than releasing 2.0.3, should we maybe consider a greater focus on
ensuring there is a smooth migration path from 2.0.2 to 2.1.3? Once we
have clearly identified any issues and ensured that we have adequate
directions we could notify the user community that there will be no
further 2.0.* releases and encourage them to move to 2.1.3. It might
actually be easier for us to release 2.0.3 in the short term, but sooner
or later users will have to address the migration issues ... so I'm just
wondering if it might be a better use of our time to address those
migration issues now.
Joe
Jay D. McHugh wrote:
The 2.0.x brach got sidelined by an intermittent
ConcurrentModificationException during stress testing. But, recently
there were a number of security issues found that apply to 2.0.2.
So, I think it's time to start the discussion for a Geronimo 2.0.3
release (It actually already was started).
Server fixes/enhancements are listed on the Release Status page (work in
progress)-
http://cwiki.apache.org/GMOxPMGT/geronimo-203-release-status.html
Details on included security fixes in dependent components are listed on
the Security page -
http://geronimo.apache.org/20x-security-report.html
I have already begun moving issues into 2.0.4 - Does anyone have
additional fixes they would like to include in 2.0.3 before we cut the
branch and start the release process?
If I have moved an issue that you want to work on (And you have time to
work on it right away) move it back onto a 2.0.3 fix and assign it to
yourself.
Jay
