[
https://issues.apache.org/jira/browse/ZOOKEEPER-2360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15133344#comment-15133344
]
Hadoop QA commented on ZOOKEEPER-2360:
--------------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12786342/ZOOKEEPER-2360.patch
against trunk revision 1726354.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified
tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3)
warnings.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3030//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3030//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output:
https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3030//console
This message is automatically generated.
> Update commons collections version used by tests/releaseaudit
> -------------------------------------------------------------
>
> Key: ZOOKEEPER-2360
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2360
> Project: ZooKeeper
> Issue Type: Bug
> Components: build
> Affects Versions: 3.4.7, 3.5.1
> Reporter: Patrick Hunt
> Assignee: Patrick Hunt
> Priority: Blocker
> Fix For: 3.4.8, 3.5.2
>
> Attachments: ZOOKEEPER-2360-branch34.patch, ZOOKEEPER-2360.patch,
> ZOOKEEPER-2360.patch
>
>
> I don't believe this affects us from a security perspective directly, however
> it's something we should clean up in our next release.
> Afaict the only commons we use for shipping/production code is commons-cli.
> Our two release branches, 3.4 and 3.5, neither of them use
> commons-collections. I looked at the binary release artifact and it doesn't
> include the commons collections jar.
> We do have a test that uses CollectionsUtils, but no shipping code. I
> downloaded our 3.4 and 3.5 artifacts, this is all I see:
> phunt:~/Downloads/zd/5/zookeeper-3.5.1-alpha$ grep -R
> "org.apache.commons.collections" .
> ./src/java/test/org/apache/zookeeper/RemoveWatchesTest.java:import
> org.apache.commons.collections.CollectionUtils;
> phunt:~/Downloads/zd/5/zookeeper-3.5.1-alpha$
> Also in our ivy file we have
> <dependency org="org.apache.rat" name="apache-rat-tasks"
> rev="0.10" conf="releaseaudit->default"/>
> <dependency org="commons-lang" name="commons-lang"
> rev="2.6" conf="releaseaudit->default"/>
> <dependency org="commons-collections" name="commons-collections"
> rev="3.2.1" conf="releaseaudit->default"/>
> So commons-collections is pulled in - but only for the release audit, which
> is something we do as a build verification activity but not part of the
> product itself.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
