More importantly, each RC should have a signed tag [1] in git and that tag should be in the VOTE email to help keep a record and connect the dots.
Once a release is successful, a new signed tag with the "rel/" prefix should be created, this tag will be read-only automatically if the GitBox repository is properly set up. The "rel/" convention is not in the current repo because IIRC we've only adopted it since we moved to git. Gary [1] https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=tags On Sat, Oct 15, 2022 at 8:51 AM Gary Gregory <garydgreg...@gmail.com> wrote: > > Note that, IMO, https://dist.apache.org/repos/dist/dev/xalan/j/2.7.3/ > should not contain the old RCs, it could lead to testing an incorrect > RC by accident. > > Gary > > On Sat, Oct 15, 2022 at 8:49 AM Gary Gregory <garydgreg...@gmail.com> wrote: > > > > When I unzip the src zip and run "ant fulldist", I get: > > > > BUILD FAILED > > /Users/garydgregory/rc/xalan-j_2_7_3/build.xml:1415: The following > > error occurred while executing this line: > > /Users/garydgregory/rc/xalan-j_2_7_3/build.xml:1347: Warning: Could > > not find file /Users/garydgregory/rc/xalan-j_2_7_3/lib/endorsed/xml-apis.jar > > to copy. > > > > Total time: 37 seconds > > > > Gary > > > > On Sat, Oct 15, 2022 at 12:19 AM Mukul Gandhi <muk...@apache.org> wrote: > > > > > > Hi all, > > > We've published the new RC for XalanJ 2.7.3 release (located at > > > https://dist.apache.org/repos/dist/dev/xalan/j/2.7.3/RC4/). This RC, > > > includes the latest version of commons BCEL library (v 6.6.0). > > > > > > The necessary XalanJ build tests pass, with this RC. > > > > > > Details of changes since XalanJ version 2.7.2 are mentioned within the > > > release notes (that can be seen, within the documentation in the > > > archives xalan-j_2_7_3-bin.zip & xalan-j_2_7_3-bin.tar.gz). > > > > > > The latest KEYS file is located at: > > > https://github.com/apache/xalan-java/blob/xalan-j_2_7_1_maint/KEYS > > > > > > Please review this release candidate and vote. > > > > > > [ ] +1 Release these artifacts > > > [ ] +0 OK, but... > > > [ ] -0 OK, but really should fix... > > > [ ] -1 I oppose this release because... > > > > > > Great work everyone. Here's my +1 for this RC. > > > > > > On Tue, Oct 4, 2022 at 8:38 PM Mukul Gandhi <muk...@apache.org> wrote: > > > > > > > > Hi Gary, > > > > That should be great. > > > > > > > > Currently, the XalanJ 2.7.3 RC3 removes the commons BCEL jar that was > > > > bundled with XalanJ previously. Instead, XalanJ 2.7.3 RC3 bundles the > > > > source code of commons BCEL (v 6.5.0) within it along with a fix of > > > > CVE-2022-34169 for BCEL. > > > > > > > > If you could, help produce a new version of commons BCEL with the fix > > > > for CVE-2022-34169, then we could include the new commons BCEL jar > > > > within XalanJ 2.7.3 instead of the current way of including commons > > > > BCEL within XalanJ 2.7.3 RC3. > > > > > > > > We shall wait for, a new commons BCEL release with the fix, which we > > > > can include within XalanJ 2.7.3's new RC. > > > > > > > > On Tue, Oct 4, 2022 at 2:58 PM Gary Gregory <garydgreg...@gmail.com> > > > > wrote: > > > > > > > > > > Note that I plan creating a release candidate for Commons BCEL this > > > > > week. > > > > > > > > > > Gary > > > > > > > > > -- > > > Regards, > > > Mukul Gandhi
