I was in the "document the upgrade path" camp prior to this so that
sounds good to me. If we take that approach, I agree that we need to
officially announce the that 2.0.x will no longer be maintained.
Regarding the version libraries/jars that have changed/removed ... I
think we have most of that documented here for 2.1.*:
http://cwiki.apache.org/GMOxDOC21/what-changed-in-21.html#Whatchangedin2.1-Componentversions
and here for 2.2:
http://cwiki.apache.org/GMOxDOC22/component-versions.html
They probably need to be updated with the latest/greatest info but I
tried to get it as current as possible a while back. Hopefully is it
fairly close except for needing a new column for 2.1.4 and updates to
2.2 ... but it should be easier than starting from scratch. I think
somebody (perhaps Jarek?) had even created some script to help generate
the content at some point in time.
Joe
Jay D. McHugh wrote:
Hello all,
I did some work on trying to get a 2.0.3 release that would:
a) build - sucess!
b) pass the TCK - Massive failure (over 5000 tests)
So, considering that we have a 2.1.x and 2.2.x codestream in progress
with JEE6 breathing down our necks - I have been officially pushed into
the 'we should probably just document what it takes to upgrade' group.
Are there any folks who truly need to stay on 2.0?
Or would it be reasonable to make a pronouncement that the 2.0.x
codestream is no longer going to be maintained - even for bug fixes and
security issues?
Thoughts/comments?
(I'll start documenting the libraries/jars that have changed or been
removed - we will need that regardless)
Jay
Joe Bohn wrote:
I guess I should resolve this discussion on "if" we should release 2.0.3
that I started.
Thank you both Jay and Donald for your responses. I'm not completely
opposed to a 2.0.3 release. I was just wondering aloud if it was the
best use of our resources and if it conveyed the right message to our
users. I was also wondering a little if it might create more problems
for our users than it solves. You know the drill ... upgrade from one
maintenance release to another only to discover yet another issue that
then forces you to a new version like 2.1.* because it isn't resolved in
the current maintenance stream. If it weren't for the security issues I
would see no value in a 2.0.3 release. Anyway, I am certainly not
planning to stand in the way of a 2.0.3 release. I'll even do my part
to validate the images and help where I can. However, my gut still
tells me that we might creating more problems than we are solving. But
since I'm the only one that feels that way I'm not too worried (I've
been wrong plenty of times before ;-) ).
It sounds like we still need to document what is necessary to move from
2.0.* to 2.1.* in any case. I guess the first step might be adding the
libraries that are no longer included in 2.1.* into the list in the wiki
under http://cwiki.apache.org/GMOxDOC21/what-changed-in-21.html. Does
anybody have a complete list of these libraries? We'll probably still
need more specific documentation to make it clear what a user might have
to do when moving from 2.0.* to 2.1.*. Perhaps another page somewhere
(similar to those under "Migrating to Apache Geronimo")?
Joe
Donald Woods wrote:
I think releasing 2.0.3 is in the best interest of the community,
given the security fixes that it contains. It also gives us a way to
announce to our users that this will be the last 2.0.x release (which
we never really did for 1.1.x) and that they should start moving to
2.1.x or 2.2 for any new projects.
-Donald
Joe Bohn wrote:
I apologize for not raising this question on the earlier thread.
I'm wondering if it is a good idea to release a 2.0.3 at this point
in time. We've had several releases of 2.1.x (four) and we'll
hopefully release 2.2 in the not too distant future. I'm a little
concerned that releasing a 2.0.3 now will just encourage people to
continue on the 2.0.* base rather than taking the plunge and moving
up to 2.1.*. It's been a year since we released 2.0.2 and in
addition to the security fixes there have been a lot of other
fixes/enhancements in the 2.1 branch.
What are the big stumbling blocks that prevent a user from moving
from 2.0.2 to 2.1.3 to resolve the security concerns?
Rather than releasing 2.0.3, should we maybe consider a greater focus
on ensuring there is a smooth migration path from 2.0.2 to 2.1.3?
Once we have clearly identified any issues and ensured that we have
adequate directions we could notify the user community that there
will be no further 2.0.* releases and encourage them to move to
2.1.3. It might actually be easier for us to release 2.0.3 in the
short term, but sooner or later users will have to address the
migration issues ... so I'm just wondering if it might be a better
use of our time to address those migration issues now.
Joe
Jay D. McHugh wrote:
The 2.0.x brach got sidelined by an intermittent
ConcurrentModificationException during stress testing. But, recently
there were a number of security issues found that apply to 2.0.2.
So, I think it's time to start the discussion for a Geronimo 2.0.3
release (It actually already was started).
Server fixes/enhancements are listed on the Release Status page
(work in
progress)-
http://cwiki.apache.org/GMOxPMGT/geronimo-203-release-status.html
Details on included security fixes in dependent components are
listed on
the Security page -
http://geronimo.apache.org/20x-security-report.html
I have already begun moving issues into 2.0.4 - Does anyone have
additional fixes they would like to include in 2.0.3 before we cut the
branch and start the release process?
If I have moved an issue that you want to work on (And you have time to
work on it right away) move it back onto a 2.0.3 fix and assign it to
yourself.
Jay
