Changing my vote to +1, stable.

On 07/06/18 21:15, Mark Thomas wrote:
> On 07/06/18 16:50, jean-frederic clere wrote:
>> Version 1.2.17 includes the following changes compared to 1.2.16:
>> - Windows binaries built with OpenSSL 1.0.2o and APR 1.6.3
>> Various other fixes and improvements. See the changelog for details.
>> The proposed release artefacts can be found at [1],
>> and the build was done using tag [2].
>> The Apache Tomcat Native 1.2.17 is
>>  [X] Stable, go ahead and release
>>  [ ] Broken because of ...
> gpg --verify reports that the signature for
> is bad.

This has been fixed.

> Other notes:
> - We should be providing sha1 and sha512 hashes, not md5.
>   (build scripts may need updating)

These have been provided.

> Checks:
> - hashes match
> - signatures match apart from exception noted above
> - src.tar.gz structure matches tag (with expected differences)
> - library builds from src.tar.gz on Ubuntu Linux
> - unit tests pass on Linux with library built from source
>   (apart from expected failures due to the version of
>   OpenSSL being used)
> - Windows binary layout as expected
> - Windows binaries of expected size
> - Windows binaries have no unexpected DLL dependencies
> - unit tests pass on Windows with library from binaries

I am not concerned that VERSIONS references an older OpenSSL version.
There have been a few releases where this has happened in the past and
the nature of VERSIONS is such that it becomes out of date as time
passes after the release anyway. The important thing is that the
binaries are built with the correct versions and they have been.


To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to