Nope, not in a hurry. Maybe run the vote on Monday.
On Fri, Oct 5, 2012 at 4:49 PM, Bob Harner <[email protected]> wrote: > Howard, > > Although I'm with Massimo on the random HMAC pass phrase, I don't > think the question should hold up a release. Having *some* HMAC > solution in place soon is important. I think having a random key is going to give people a false sense of security ("look, I don't even need to configure anything") and then big headaches ("why do some of my forms blow up with this HMAC thing?"). The current solution runs, but emits the error that things could be more secure. I'm really thinking about using the AlertManager to force this into the developer's face. > > I should be committing a few minor javadoc changes this weekend > (finishing up TAP5-1735, the "package-info.java" files), but if you're > in a hurry don't wait for me. > > On Thu, Oct 4, 2012 at 6:24 PM, Massimo Lusetti <[email protected]> wrote: >> On Fri, Oct 5, 2012 at 12:18 AM, Howard Lewis Ship <[email protected]> wrote: >> >>> I think it might be time for a 5.3.6. This is what I'm showing as fixed: >> >>> * [TAP5-2008] - Serialized object data stored on the client should >>> be HMAC signed and validated >> >> Please read my other on the HMAC signature before start the release. >> >> Cheers >> -- >> Massimo >> http://meridio.blogspot.com >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > -- Howard M. Lewis Ship Creator of Apache Tapestry The source for Tapestry training, mentoring and support. Contact me to learn how I can get you up and productive in Tapestry fast! (971) 678-5210 http://howardlewisship.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
