I don't see how the missing links can be regarded as trivial. This obviously needs to be fixed before the announce can be accepted.
At the same time, I asked for the KEYS file link to be standardised. There is already a KEYS file at the standard location - why not link to that instead? On Wed, 10 Feb 2021 at 15:35, Stefan Sperling <s...@apache.org> wrote: > Sebb, blocking our release announcements over trivialities like this > really is not a nice thing to do. Last time it happened in May 2020. > It was already discussed back then and raised with the announce@ > moderation team. > > The Subversion PMC came to the conclusion that our handling of > the KEYS files is adequate for our purposes: > https://svn.haxx.se/dev/archive-2020-05/0156.shtml > > Please raise the issue on our dev@subversion.a.o list if it bothers you. > The moderation mechanism is supposed to prevent spam. Using it to enforce > release workflow policies amounts to misuse of your moderation privileges. > > Regards, > Stefan > > On Wed, Feb 10, 2021 at 03:20:41PM -0000, announce-ow...@apache.org wrote: > > > > Hi! This is the ezmlm program. I'm managing the > > annou...@apache.org mailing list. > > > > I'm working for my owner, who can be reached > > at announce-ow...@apache.org. > > > > I'm sorry, your message (enclosed) was not accepted by the moderator. > > If the moderator has made any comments, they are shown below. > > > > >>>>> -------------------- >>>>> > > Sorry, but the announce cannot be accepted. > > The linked download page does not contain links for the version in the > > email. > > > > Also, the standard name for the KEYS file is KEYS - no prefix, no suffix. > > Please correct the download page, check it, and submit a corrected > announce > > mail. > > > > Thanks, > > Sebb. > > <<<<< -------------------- <<<<< > > > > > Date: Wed, 10 Feb 2021 14:37:00 +0100 > > From: Stefan Sperling <s...@apache.org> > > To: annou...@subversion.apache.org, us...@subversion.apache.org, > > dev@subversion.apache.org, annou...@apache.org > > Cc: secur...@apache.org, oss-secur...@lists.openwall.com, > > bugt...@securityfocus.com > > Subject: [SECURITY][ANNOUNCE] Apache Subversion 1.10.7 released > > Message-ID: <ycphfdancjgpy...@byrne.stsp.name> > > Reply-To: us...@subversion.apache.org > > Content-Type: text/plain; charset=utf-8 > > > > I'm happy to announce the release of Apache Subversion 1.10.7. > > Please choose the mirror closest to you by visiting: > > > > https://subversion.apache.org/download.cgi#supported-releases > > > > This is a stable bugfix and security release of the Apache Subversion > > open source version control system. > > > > THIS RELEASE CONTAINS AN IMPORTANT SECURITY FIX: > > > > CVE-2020-17525 > > "Remote unauthenticated denial-of-service in Subversion mod_authz_svn" > > > > The full security advisory for CVE-2020-17525 is available at: > > https://subversion.apache.org/security/CVE-2020-17525-advisory.txt > > > > A brief summary of this advisory follows: > > > > Subversion's mod_authz_svn module will crash if the server is using > > in-repository authz rules with the AuthzSVNReposRelativeAccessFile > > option and a client sends a request for a non-existing repository URL. > > > > This can lead to disruption for users of the service. > > > > We recommend all users to upgrade to the 1.10.7 or 1.14.1 release > > of the Subversion mod_dav_svn server. > > > > As a workaround, the use of in-repository authz rules files with > > the AuthzSVNReposRelativeAccessFile can be avoided by switching > > to an alternative configuration which fetches an authz rules file > > from the server's filesystem, rather than from an SVN repository. > > > > This issue was reported by Thomas Åkesson. > > > > SHA-512 checksums are available at: > > > > > https://www.apache.org/dist/subversion/subversion-1.10.7.tar.bz2.sha512 > > > https://www.apache.org/dist/subversion/subversion-1.10.7.tar.gz.sha512 > > https://www.apache.org/dist/subversion/subversion-1.10.7.zip.sha512 > > > > PGP Signatures are available at: > > > > https://www.apache.org/dist/subversion/subversion-1.10.7.tar.bz2.asc > > https://www.apache.org/dist/subversion/subversion-1.10.7.tar.gz.asc > > https://www.apache.org/dist/subversion/subversion-1.10.7.zip.asc > > > > For this release, the following people have provided PGP signatures: > > > > Stefan Sperling [2048R/4F7DBAA99A59B973] with fingerprint: > > 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 > > Branko Čibej [4096R/1BCA6586A347943F] with fingerprint: > > BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F > > Johan Corveleyn [4096R/B59CE6D6010C8AAD] with fingerprint: > > 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD > > > > These public keys are available at: > > > > https://www.apache.org/dist/subversion/subversion-1.10.7.KEYS > > > > Release notes for the 1.10.x release series may be found at: > > > > https://subversion.apache.org/docs/release-notes/1.10.html > > > > You can find the list of changes between 1.10.7 and earlier versions at: > > > > https://svn.apache.org/repos/asf/subversion/tags/1.10.7/CHANGES > > > > Questions, comments, and bug reports to us...@subversion.apache.org. > > > > Thanks, > > - The Subversion Team > > > > -- > > To unsubscribe, please see: > > > > https://subversion.apache.org/mailing-lists.html#unsubscribing > > > >
