On Thu, Oct 16, 2014 at 10:04 PM, sebb <[email protected]> wrote: > On 16 October 2014 20:49, Philippe Mouawad <[email protected]> > wrote: > > On Thu, Oct 16, 2014 at 9:42 PM, sebb <[email protected]> wrote: > > > >> On 16 October 2014 20:32, Philippe Mouawad <[email protected]> > >> wrote: > >> > On Thu, Oct 16, 2014 at 9:24 PM, sebb <[email protected]> wrote: > >> > > >> >> On 16 October 2014 19:48, Milamber <[email protected]> wrote: > >> >> > Hello, > >> >> > > >> >> > I propose to act as RM and to start a new release process near the > >> >> weekend > >> >> > of 31 October 2014. > >> >> > > >> >> > I would like to fix before the bug 56357 (Certificates algorithm > >> >> > constraints) for a "full" Java 7/8 support > >> >> > >> >> I've commented on that bug. > >> >> Ideally we need to continue to support testing insecure sites. > >> >> > >> >> I agree with sebb comment. > >> > > >> > > >> >> > and change the default cipher for > >> >> > Proxy server (change from SSLv3 to TLS (because of the recent > security > >> >> issue > >> >> > with SSLv3 (POODLE - CVE-2014-3566)). > >> >> > >> >> OK. That should not affect users, and if it does, they can revert to > >> >> the previous value. > >> >> > >> >> I think we shoud do it the opposite, be as lenient as possible and > for > >> > people who want to ensure their server is secure document the way to > >> switch > >> > to the most secure config. > >> > The lambda user is not a security expert, as such he will see failures > >> and > >> > will not easily find the way to change this. > >> > While the user who wants to test security is aware of such things and > >> will > >> > know how to play with Security algorithms. > >> > >> AIUI the proposal here is to change the default cipher for the > >> outgoing connection from the Proxy. > >> I assume the intention is to better secure the connection during > recording? > >> > >> Provided that the connection will fall back to SSLv3, it should not > >> make any difference to the user. > >> > > > > This is the issue. AFAIU (but may be I don't ) we intend to remove the > > fallback to SSLv3, > > If that were the case, I would agree with you. > > But I think the proposal is merely to change the default (initial) cipher. >
Ok, let's see what Milamber has in mind and I will comment when commited. > > > if server only understands this, recording will fails. I > > doubt a non security aware user will find out the problem. > > I may be a stupid user, but I must say that the first time I faced this > > issue it took me some time to find the existing property to play with SSL > > algorithms. > > That is a different matter, as it involves the JVM SSL implementation, > not JMeter. > It is not my understanding, AFAIK this is partly controlled by jmeter properties: # Default HTTPS protocol level: #https.default.protocol=TLS #https.default.protocol=SSLv3 #https.socket.protocols=SSLv2Hello SSLv3 TLSv1 But your more detailed explanations are welcome, always nice to learn new things > > > > >> And if in rare cases fallback does not work, the user can change the > >> property. > >> Obviously this needs to be documented in the release notes and > >> component reference. > >> > >> The change won't affect the running of the generated Test Plan. > >> > > > > > >> So I'm not sure what your objection is. > >> > >> > > >> > > >> >> > If anyone have a blocker bug before release, please send a warning. > >> >> > > >> >> > Milamber > >> >> > > >> >> > > >> >> > > >> >> > On 15/10/2014 07:24, Philippe Mouawad wrote: > >> >> >> > >> >> >> Hi, > >> >> >> What about starting a 2.12 release process. > >> >> >> > >> >> >> Regards > >> >> >> > >> >> >> On Wednesday, July 23, 2014, Milamber <[email protected]> > wrote: > >> >> >> > >> >> >>> Hello, > >> >> >>> > >> >> >>> Currently I works on a new behavior to allow to save the > settings of > >> >> >>> Response Time Graph in jmx file. I think I can put on svn this > work > >> >> this > >> >> >>> week. > >> >> >>> > >> >> >>> I can prepare slowly the new and noteworthy section to release > the > >> >> 2.12, > >> >> >>> and the screenshots in the target of September (start of). > >> >> >>> > >> >> >>> > >> >> >>> Milamber > >> >> >>> > >> >> >>> > >> >> >>> Le 22/07/2014 20:53, Philippe Mouawad a ecrit : > >> >> >>>> > >> >> >>>> I meant: > >> >> >>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=55913 > >> >> >>>> > >> >> >>>> Not > >> >> >>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=55863 > >> >> >>>> > >> >> >>>> > >> >> >>>> On Tue, Jul 22, 2014 at 10:50 PM, Philippe Mouawad < > >> >> >>>> [email protected] <javascript:;>> wrote: > >> >> >>>> > >> >> >>>>> Hello, > >> >> >>>>> A certain number of issues+improvements were commited these > last > >> days > >> >> >>>>> which make trunk ready for a release in my opinion. > >> >> >>>>> > >> >> >>>>> I think we could release a version as supporting JAVA8 > correctly > >> >> would > >> >> >>> > >> >> >>> be > >> >> >>>>> > >> >> >>>>> nice. > >> >> >>>>> Furthermore we have something like 46 issues fixed for now: > >> >> >>>>> - 18 Improvements > >> >> >>>>> - 28 bug fixes > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> For release I see this remaining work to do plus all the > release > >> >> >>> > >> >> >>> process: > >> >> >>>>> > >> >> >>>>> - Updates New and Noteworthy > >> >> >>>>> - Update screenshot of JMS Publisher/Point to point > >> >> >>>>> - Update screenshot of Synchronizing timer > >> >> >>>>> > >> >> >>>>> I am still working on this: > >> >> >>>>> - https://issues.apache.org/bugzilla/show_bug.cgi?id=55863 > >> >> >>>>> > >> >> >>>>> Which is taking me more time than I had expected, so I don't > >> think I > >> >> >>> > >> >> >>> will > >> >> >>>>> > >> >> >>>>> be able to commit it before september, and anyway it would be > >> Beta or > >> >> >>> > >> >> >>> Alpha. > >> >> >>>>> > >> >> >>>>> Regards > >> >> >>>>> Philippe M. > >> >> >>>>> @philmdot > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> On Tue, May 27, 2014 at 3:32 AM, sebb <[email protected] > >> >> <javascript:;>> > >> >> >>> > >> >> >>> wrote: > >> >> >>>>>> > >> >> >>>>>> On 26 May 2014 21:55, Philippe Mouawad < > >> [email protected] > >> >> >>> > >> >> >>> <javascript:;>> > >> >> >>>>>> > >> >> >>>>>> wrote: > >> >> >>>>>>> > >> >> >>>>>>> Hello, > >> >> >>>>>>> Regards > >> >> >>>>>>> > >> >> >>>>>>> Philippe > >> >> >>>>>>> > >> >> >>>>>>> > >> >> >>>>>>> On Tue, May 20, 2014 at 5:46 PM, sebb <[email protected] > >> >> >>> > >> >> >>> <javascript:;>> wrote: > >> >> >>>>>>>> > >> >> >>>>>>>> On 16 May 2014 06:48, Philippe Mouawad < > >> >> [email protected] > >> >> >>> > >> >> >>> <javascript:;>> > >> >> >>>>>> > >> >> >>>>>> wrote: > >> >> >>>>>>>>> > >> >> >>>>>>>>> Hello, > >> >> >>>>>>>>> Shouldn't we release a version at least to support > officially > >> >> 2.12 > >> >> >>>>>>>>> ? > >> >> >>>>>>>> > >> >> >>>>>>>> Yes, we should probably do another release soon. > >> >> >>>>>>>> > >> >> >>>>>>>>> We had 1 report at user mailing list and 1 on french one > about > >> >> >>> > >> >> >>> people > >> >> >>>>>>>> > >> >> >>>>>>>> using > >> >> >>>>>>>>> > >> >> >>>>>>>>> Java8 and having issues. > >> >> >>>>>>>> > >> >> >>>>>>>> Are there any recent bug reports that need to be fixed > first, > >> or > >> >> can > >> >> >>>>>>>> they wait for a later release? > >> >> >>>>>>>> > >> >> >>>>>>> I see this one: > >> >> >>>>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=56292 > >> >> >>>>>> > >> >> >>>>>> Fixed. > >> >> >>>>>> > >> >> >>>>>>> And maybe this one: > >> >> >>>>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=56159 > >> >> >>>>>> > >> >> >>>>>> Spurious notification that the test plan has changed > >> >> >>>>>> > >> >> >>>>>> Would be good to fix, but may be quite tricky. > >> >> >>>>>> > >> >> >>>>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=56368 > >> >> >>>>>> > >> >> >>>>>> No source package deployed on Maven central > >> >> >>>>>> > >> >> >>>>>> This is an enhancement request. > >> >> >>>>>> > >> >> >>>>>> It would be very tedious to create Javadoc for each separate > >> Maven > >> >> >>> > >> >> >>> module. > >> >> >>>>>> > >> >> >>>>>> Also quite tedious to create source for each. > >> >> >>>>>> > >> >> >>>>>> I don't see a pressing need to spend time on this, but if > someone > >> >> >>>>>> provides a working patch we could include it. > >> >> >>>>>> > >> >> >>>>>> There is one other issue that needs fixing - rsyntaxtextarea > >> 2.5.1 > >> >> is > >> >> >>>>>> not available from Maven Central. > >> >> >>>>>> This breaks the JMeter Maven poms. > >> >> >>>>>> Can we revert to 2.5.0 or are there critical fixes in 2.5.1? > >> >> >>>>>> > >> >> >>>>>>>>> Regards > >> >> >>>>>>>>> > >> >> >>>>>>>>> ---------- Forwarded message ---------- > >> >> >>>>>>>>> From: *Milamber* <[email protected] <javascript:;>> > >> >> >>>>>>>>> Date: Tuesday, May 13, 2014 > >> >> >>>>>>>>> Subject: Release 2.12 > >> >> >>>>>>>>> To: JMeter Users List <[email protected] > <javascript:;>> > >> >> >>>>>>>>> > >> >> >>>>>>>>> > >> >> >>>>>>>>> > >> >> >>>>>>>>> Hello, > >> >> >>>>>>>>> > >> >> >>>>>>>>> Currently, no date is planned. > >> >> >>>>>>>>> > >> >> >>>>>>>>> Milamber > >> >> >>>>>>>>> > >> >> >>>>>>>>> > >> >> >>>>>>>>> Le 11/05/2014 18:13, Sergio Boso a ecrit : > >> >> >>>>>>>>> > >> >> >>>>>>>>>> Hi every body, > >> >> >>>>>>>>>> > >> >> >>>>>>>>>> > >> >> >>>>>>>>>> which is the scheduled date for next Jmeter release? > >> >> >>>>>>>>>> > >> >> >>>>>>>>>> thank you > >> >> >>>>>>>>>> > >> >> >>>>>>>>> > >> >> >>> > >> --------------------------------------------------------------------- > >> >> >>>>>>>>> > >> >> >>>>>>>>> To unsubscribe, e-mail: [email protected] > >> >> >>> > >> >> >>> <javascript:;> > >> >> >>>>>>>>> > >> >> >>>>>>>>> For additional commands, e-mail: > [email protected] > >> >> >>> > >> >> >>> <javascript:;> > >> >> >>>>>>>>> > >> >> >>>>>>>>> > >> >> >>>>>>>>> > >> >> >>>>>>>>> > >> >> >>>>>>>>> -- > >> >> >>>>>>>>> Cordialement. > >> >> >>>>>>>>> Philippe Mouawad. > >> >> >>>>>>> > >> >> >>>>>>> > >> >> >>>>>>> -- > >> >> >>>>>>> Cordialement. > >> >> >>>>>>> Philippe Mouawad. > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> -- > >> >> >>>>> Cordialement. > >> >> >>>>> Philippe Mouawad. > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> > >> >> >>> > >> >> > > >> >> > >> > > >> > > >> > > >> > -- > >> > Cordialement. > >> > Philippe Mouawad. > >> > > > > > > > > -- > > Cordialement. > > Philippe Mouawad. > -- Cordialement. Philippe Mouawad.
