Re: [RESULT][VOTE] release Apache VCL 2.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The following votes were given: +1 Alan Cabrera (transferred from vote on vcl-...@i.a.o list) +1 Kevan Miller (transferred from vote on vcl-...@i.a.o list) +1 Niall Pemberton +1 Ant Elder Leo Simons made some notable comments: > 3) There is no website yet? You really have to do a basic homepage > over at http://incubator.apache.org/vcl/, for example so that you can > point people at mirrors (see http://www.apache.org/dev/#mirror about > the mirroring system). Our plan is to copy the autoexport from our VCLDOCS confluence space as the content for our official web space. VCLDOCS was created recently, and we haven't started migrating our content there yet. For now, I've used a slightly modified version of the index page from our VCL confluence space to be a placeholder at the URL you've listed. Once we get the release out, I'll change the link for "VCL 2.1 Information" under Project Resources to not have the "(unreleased)" part. > 4) Since this is PHP code I did a cursory code review for SQL > injection / XSS / etc. It seems like that's had some attention, but at > a glance maybe its not quite perfect? For example checkAccess() in > utils.php: > > $xmlpass = $_SERVER['HTTP_X_PASS']; > if(get_magic_quotes_gpc()) > $xmlpass = stripslashes($xmlpass); > > where $xmlpass is used moments later to execute SQL: > > $query = "SELECT x.id " >. "FROM xmlrpcKey x, " >. "user u " >. "WHERE x.ownerid = u.id AND " >. "u.unityid = '$xmluser' AND " >. "x.key = '$xmlpass' AND " >. "x.active = 1"; > > Another piece of suspect code would be in submitLogin() in > authentication.php which does not appear to validate the > $_POST['password']. I'm by no means a PHP expert so I might be making > a fool of myself here, but better safe than sorry. So, can you explain > (preferably on, err, your website) what measures are in place to guard > against things like SQL injection and XSS? Wow - thanks for pouring over the code that carefully! I am the author of the php part of the code. Some time ago (before we even migrated to ASF), I went over everything to protect against SQL injection and XSS attacks. However, more recently, I discovered that the measures in place for protection messed up passwords with special characters in them in the places you've pointed out above. I made changes to allow the passwords to work. I've created a JIRA issue (VCL-274) to look in to making those parts secure again. We have several sites using VCL already from SVN. Given that and the fact that we did get enough votes to pass, I'm going to go ahead and get this release out so those sites can have something official, and then address the SQL injection/XSS hardening in Apache VCL 2.2. Thanks, Josh Thompson Apache VCL release manager - -- - --- Josh Thompson Systems Programmer Advanced Computing | VCL Developer North Carolina State University josh_thomp...@ncsu.edu 919-515-5323 my GPG/PGP key can be found at pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFLF/7nV/LQcNdtPQMRAmn+AJ0XSR7T1TTGQlOgAxq+qYjHa5EduwCfZMtj OiA35oS97b/Bc7U//YC7WUE= =9aw2 -END PGP SIGNATURE- - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
Hey hey, On Wed, Nov 18, 2009 at 8:42 PM, Josh Thompson wrote: > The Apache VCL community voted on and approved a proposal to release Apache > VCL 2.1. We would like to request the endorsement of the Incubator PMC to > publish this release. > > The release artifact, sums, and GPG signature can be found here: > http://people.apache.org/~jfthomps/apache-VCL-2.1-RC2-incubating/ 1) Basic package looks good to me, though I didn't try to install or run it. I checked RAT and checksums and read the various instructions. 2) The licensing situation looks 'interesting' - you have a few GPLed dependencies like MySQL and mcrypt and Nmap without which I imagine the product doesn't work. I would like to see VCL run on a non-GPL database and be ensured that it can function without other viral-licensed components as hard dependencies, some time before graduation (I think its ok to release, as long as some kind of plan is in place). 3) There is no website yet? You really have to do a basic homepage over at http://incubator.apache.org/vcl/, for example so that you can point people at mirrors (see http://www.apache.org/dev/#mirror about the mirroring system). 4) Since this is PHP code I did a cursory code review for SQL injection / XSS / etc. It seems like that's had some attention, but at a glance maybe its not quite perfect? For example checkAccess() in utils.php: $xmlpass = $_SERVER['HTTP_X_PASS']; if(get_magic_quotes_gpc()) $xmlpass = stripslashes($xmlpass); where $xmlpass is used moments later to execute SQL: $query = "SELECT x.id " . "FROM xmlrpcKey x, " . "user u " . "WHERE x.ownerid = u.id AND " . "u.unityid = '$xmluser' AND " . "x.key = '$xmlpass' AND " . "x.active = 1"; Another piece of suspect code would be in submitLogin() in authentication.php which does not appear to validate the $_POST['password']. I'm by no means a PHP expert so I might be making a fool of myself here, but better safe than sorry. So, can you explain (preferably on, err, your website) what measures are in place to guard against things like SQL injection and XSS? thanks, Leo - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
On 23/11/2009, Josh Thompson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > I'm not on the general incubator list but have followed the discussion for > this thread via the online archives. > > There are two things I'd like to point out. I created the archive in .bz2 > format because that is what was suggested in the last paragraph under > the "Compression Formats" section on this page: > > http://incubator.apache.org/guides/releasemanagement.html > > The other thing is that Apache VCL is not developed to /run/ under Windows, > only to /deploy/ Windows based systems. We'll work on making that more clear > as part of our system requirements. Thanks, that's very helpful. Since VCL is not intended to run on Windows, it is obviously not so important to include a zip version of the archive, and I no longer regard that as a blocker. > Josh > > > On Wednesday November 18, 2009, Josh Thompson wrote: > > Incubator PMC, > > > > The Apache VCL community voted on and approved a proposal to release Apache > > VCL 2.1. We would like to request the endorsement of the Incubator PMC to > > publish this release. > > > > The release artifact, sums, and GPG signature can be found here: > > http://people.apache.org/~jfthomps/apache-VCL-2.1-RC2-incubating/ > > > > SVN tag from which artifact was exported: > > https://svn.apache.org/repos/asf/incubator/vcl/tags/release-2.1-RC2/ > > > > Vote Proposal: > > http://mail-archives.apache.org/mod_mbox/incubator-vcl-dev/200911.mbox/%3C2 > >00911121649.53032.josh_thomp...@ncsu.edu%3e > > > > Vote result: > > http://mail-archives.apache.org/mod_mbox/incubator-vcl-dev/200911.mbox/%3C2 > >00911181425.46850.josh_thomp...@ncsu.edu%3e > > > > The vote will be open for at least 72 hours. Alan Cabrera and Kevan Miller > > both voted +1 in the community vote. It is my understanding that their > > votes transfer to this voting process, starting us out with a +2 vote. > > > > Please vote to > > > > [ ] +1 yes, release Apache VCL 2.1 > > [ ] 0 don't know > > [ ] -1 no, don't release Apache VCL 2.1 (provide reasons if this is your > > vote) > > > > Thank you for your consideration, > > Josh Thompson > > Apache VCL release manager > - -- > - --- > Josh Thompson > Systems Programmer > > Advanced Computing | VCL Developer > > North Carolina State University > > josh_thomp...@ncsu.edu > 919-515-5323 > > > my GPG/PGP key can be found at pgp.mit.edu > -BEGIN PGP SIGNATURE- > > Version: GnuPG v1.4.6 (GNU/Linux) > > > iD8DBQFLCs8wV/LQcNdtPQMRAsUrAJ9s9O9Sy5gKkc+Novm91tb1eQGqZgCfXaig > huVX/MUwfMVzReikx+LFB6g= > =rrCD > > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
On Mon, Nov 23, 2009 at 5:02 PM, Kevan Miller wrote: > > On Nov 23, 2009, at 11:10 AM, sebb wrote: > >> On 23/11/2009, Andrus Adamchik wrote: >>> >>> On Nov 23, 2009, at 5:49 PM, sebb wrote: >>> >>> There is only a "bz2" archive. Normally projects release archives in zip andr tar.gz format which are more commonly supported. IMO, this is a release blocker >>> >>> Just curious why you think this is a blocker? Each project knows better >>> what formats are common and acceptable in the target user community. There's >>> no single distribution format and this is not a blocker IMO. >> >> The project OS targets include Windows, which does not support BZ2 >> natively by default, whereas Windows does now support Zip archives. >> >> AFAIK, all other ASF releases use both tar.gz and zip archives. > > Personally, I don't see how this is a blocking issue. It is unusual. However, > I leave it up to the VCL community to decide what archive format is meeting > the needs of their users. > I agree with that, maybe it would be worth looking at having tar.gz and zips in later releases but this doesn't seem to me like a blocker for this one. I've reviewed the release artifacts and they look ok to me so +1 on the release. ...ant - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm not on the general incubator list but have followed the discussion for this thread via the online archives. There are two things I'd like to point out. I created the archive in .bz2 format because that is what was suggested in the last paragraph under the "Compression Formats" section on this page: http://incubator.apache.org/guides/releasemanagement.html The other thing is that Apache VCL is not developed to /run/ under Windows, only to /deploy/ Windows based systems. We'll work on making that more clear as part of our system requirements. Josh On Wednesday November 18, 2009, Josh Thompson wrote: > Incubator PMC, > > The Apache VCL community voted on and approved a proposal to release Apache > VCL 2.1. We would like to request the endorsement of the Incubator PMC to > publish this release. > > The release artifact, sums, and GPG signature can be found here: > http://people.apache.org/~jfthomps/apache-VCL-2.1-RC2-incubating/ > > SVN tag from which artifact was exported: > https://svn.apache.org/repos/asf/incubator/vcl/tags/release-2.1-RC2/ > > Vote Proposal: > http://mail-archives.apache.org/mod_mbox/incubator-vcl-dev/200911.mbox/%3C2 >00911121649.53032.josh_thomp...@ncsu.edu%3e > > Vote result: > http://mail-archives.apache.org/mod_mbox/incubator-vcl-dev/200911.mbox/%3C2 >00911181425.46850.josh_thomp...@ncsu.edu%3e > > The vote will be open for at least 72 hours. Alan Cabrera and Kevan Miller > both voted +1 in the community vote. It is my understanding that their > votes transfer to this voting process, starting us out with a +2 vote. > > Please vote to > > [ ] +1 yes, release Apache VCL 2.1 > [ ] 0 don't know > [ ] -1 no, don't release Apache VCL 2.1 (provide reasons if this is your > vote) > > Thank you for your consideration, > Josh Thompson > Apache VCL release manager - -- - --- Josh Thompson Systems Programmer Advanced Computing | VCL Developer North Carolina State University josh_thomp...@ncsu.edu 919-515-5323 my GPG/PGP key can be found at pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFLCs8wV/LQcNdtPQMRAsUrAJ9s9O9Sy5gKkc+Novm91tb1eQGqZgCfXaig huVX/MUwfMVzReikx+LFB6g= =rrCD -END PGP SIGNATURE- - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
sebb wrote: > Not relevant - the discussion is about what archives are supported by > the OS, not the development process. > I thought it was about which archive formats an ASF release should be distributed in. All I ever recall reading in policy documents are requirements about the /contents/ of the release. For all I care it can be .shar.Z, if the project team feels that is what serves their users best. > Even Apache httpd (which is written in C) releases Windows archives in > Zip (and MSI) format. > Yup, so does APR, so does Subversion (but careful, the MSIs are not considered part of the official release in any of these projects). It just happens that (we) the developers decided that was best. -- Brane - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
On Mon, Nov 23, 2009 at 5:08 PM, Alan D. Cabrera wrote: > > On Nov 23, 2009, at 9:02 AM, Kevan Miller wrote: > >> >> On Nov 23, 2009, at 11:10 AM, sebb wrote: >> >>> On 23/11/2009, Andrus Adamchik wrote: On Nov 23, 2009, at 5:49 PM, sebb wrote: > There is only a "bz2" archive. > Normally projects release archives in zip andr tar.gz format which are > more commonly supported. > > IMO, this is a release blocker > Just curious why you think this is a blocker? Each project knows better what formats are common and acceptable in the target user community. There's no single distribution format and this is not a blocker IMO. >>> >>> The project OS targets include Windows, which does not support BZ2 >>> natively by default, whereas Windows does now support Zip archives. >>> >>> AFAIK, all other ASF releases use both tar.gz and zip archives. >> >> Personally, I don't see how this is a blocking issue. It is unusual. >> However, I leave it up to the VCL community to decide what archive format is >> meeting the needs of their users. > > This reflects my sentiments as well. +1 Niall > Regards, > Alan - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
On Nov 23, 2009, at 9:02 AM, Kevan Miller wrote: On Nov 23, 2009, at 11:10 AM, sebb wrote: On 23/11/2009, Andrus Adamchik wrote: On Nov 23, 2009, at 5:49 PM, sebb wrote: There is only a "bz2" archive. Normally projects release archives in zip andr tar.gz format which are more commonly supported. IMO, this is a release blocker Just curious why you think this is a blocker? Each project knows better what formats are common and acceptable in the target user community. There's no single distribution format and this is not a blocker IMO. The project OS targets include Windows, which does not support BZ2 natively by default, whereas Windows does now support Zip archives. AFAIK, all other ASF releases use both tar.gz and zip archives. Personally, I don't see how this is a blocking issue. It is unusual. However, I leave it up to the VCL community to decide what archive format is meeting the needs of their users. This reflects my sentiments as well. Regards, Alan - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
On Nov 23, 2009, at 11:10 AM, sebb wrote: > On 23/11/2009, Andrus Adamchik wrote: >> >> On Nov 23, 2009, at 5:49 PM, sebb wrote: >> >> >>> There is only a "bz2" archive. >>> Normally projects release archives in zip andr tar.gz format which are >>> more commonly supported. >>> >>> IMO, this is a release blocker >>> >> >> Just curious why you think this is a blocker? Each project knows better >> what formats are common and acceptable in the target user community. There's >> no single distribution format and this is not a blocker IMO. > > The project OS targets include Windows, which does not support BZ2 > natively by default, whereas Windows does now support Zip archives. > > AFAIK, all other ASF releases use both tar.gz and zip archives. Personally, I don't see how this is a blocking issue. It is unusual. However, I leave it up to the VCL community to decide what archive format is meeting the needs of their users. --kevan - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
The only thing that should block a release is a policy violation, either of the IPMC or the ASF. This doesn't appear to be the case. Sebb, I'd like to suggest you join the IPMC so you can issue binding +/- 1's instead of overall vetoes (which carry no weight unless it pertains to policy). - Original Message > From: sebb > To: general@incubator.apache.org > Sent: Mon, November 23, 2009 11:51:58 AM > Subject: Re: [VOTE] release Apache VCL 2.1 > > On 23/11/2009, Branko Čibej wrote: > > sebb wrote: > > > On 23/11/2009, Andrus Adamchik wrote: > > > > > >> On Nov 23, 2009, at 5:49 PM, sebb wrote: > > >> > > >> > > >> > > >>> There is only a "bz2" archive. > > >>> Normally projects release archives in zip andr tar.gz format which are > > >>> more commonly supported. > > >>> > > >>> IMO, this is a release blocker > > >>> > > >>> > > >> Just curious why you think this is a blocker? Each project knows better > > >> what formats are common and acceptable in the target user community. > There's > > >> no single distribution format and this is not a blocker IMO. > > >> > > > > > > The project OS targets include Windows, which does not support BZ2 > > > natively by default, whereas Windows does now support Zip archives. > > > > > > > > > Most people on Windows will prefer to use an installer provided by > > someone else, anyway. The "someone else" is likely to have 7-zip or some > > other free archiver that does support bzip2 installed. > > > > > > > AFAIK, all other ASF releases use both tar.gz and zip archives. > > > > > > > > > I'm going to barge in again, but this is like requiring every Apache > > project from now on to be written in Java, "because Windows usually has > > a JRE but not a C compiler installed." Next you'll be mandating coding > > standards. > > Not relevant - the discussion is about what archives are supported by > the OS, not the development process. > > Even Apache httpd (which is written in C) releases Windows archives in > Zip (and MSI) format. > > > Isn't this just a /little/ bit over the line of sensible requirements? > > No. > > > -- Brane > > > > > > - > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
On 23/11/2009, Branko Čibej wrote: > sebb wrote: > > On 23/11/2009, Andrus Adamchik wrote: > > > >> On Nov 23, 2009, at 5:49 PM, sebb wrote: > >> > >> > >> > >>> There is only a "bz2" archive. > >>> Normally projects release archives in zip andr tar.gz format which are > >>> more commonly supported. > >>> > >>> IMO, this is a release blocker > >>> > >>> > >> Just curious why you think this is a blocker? Each project knows better > >> what formats are common and acceptable in the target user community. > There's > >> no single distribution format and this is not a blocker IMO. > >> > > > > The project OS targets include Windows, which does not support BZ2 > > natively by default, whereas Windows does now support Zip archives. > > > > > Most people on Windows will prefer to use an installer provided by > someone else, anyway. The "someone else" is likely to have 7-zip or some > other free archiver that does support bzip2 installed. > > > > AFAIK, all other ASF releases use both tar.gz and zip archives. > > > > > I'm going to barge in again, but this is like requiring every Apache > project from now on to be written in Java, "because Windows usually has > a JRE but not a C compiler installed." Next you'll be mandating coding > standards. Not relevant - the discussion is about what archives are supported by the OS, not the development process. Even Apache httpd (which is written in C) releases Windows archives in Zip (and MSI) format. > Isn't this just a /little/ bit over the line of sensible requirements? No. > -- Brane > > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
sebb wrote: > On 23/11/2009, Andrus Adamchik wrote: > >> On Nov 23, 2009, at 5:49 PM, sebb wrote: >> >> >> >>> There is only a "bz2" archive. >>> Normally projects release archives in zip andr tar.gz format which are >>> more commonly supported. >>> >>> IMO, this is a release blocker >>> >>> >> Just curious why you think this is a blocker? Each project knows better >> what formats are common and acceptable in the target user community. There's >> no single distribution format and this is not a blocker IMO. >> > > The project OS targets include Windows, which does not support BZ2 > natively by default, whereas Windows does now support Zip archives. > Most people on Windows will prefer to use an installer provided by someone else, anyway. The "someone else" is likely to have 7-zip or some other free archiver that does support bzip2 installed. > AFAIK, all other ASF releases use both tar.gz and zip archives. > I'm going to barge in again, but this is like requiring every Apache project from now on to be written in Java, "because Windows usually has a JRE but not a C compiler installed." Next you'll be mandating coding standards. Isn't this just a /little/ bit over the line of sensible requirements? -- Brane - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
On 23/11/2009, Andrus Adamchik wrote: > > On Nov 23, 2009, at 5:49 PM, sebb wrote: > > > > There is only a "bz2" archive. > > Normally projects release archives in zip andr tar.gz format which are > > more commonly supported. > > > > IMO, this is a release blocker > > > > Just curious why you think this is a blocker? Each project knows better > what formats are common and acceptable in the target user community. There's > no single distribution format and this is not a blocker IMO. The project OS targets include Windows, which does not support BZ2 natively by default, whereas Windows does now support Zip archives. AFAIK, all other ASF releases use both tar.gz and zip archives. > Andrus > > > > - > To unsubscribe, e-mail: > general-unsubscr...@incubator.apache.org > For additional commands, e-mail: > general-h...@incubator.apache.org > > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
I ran a RAT report on the release and all looks good. Has the appropriate license/notice/disclaimer files. From what I can see only the project source is shipped, so although there are some dependencies that wouldn't be allowed under ASF policy, since they're not shipped with the release then this is OK. Normally I like to test releases I vote on - but this is outside my knowledge - however all looks good from what I can see so +1 from me. Niall On Mon, Nov 23, 2009 at 2:40 PM, Kevan Miller wrote: > All, > Would appreciate some reviews and votes for this release. It's the first > Incubator release for VCL and could definitely benefit from some extra eyes. > > Thanks! > > --kevan > > On Nov 18, 2009, at 3:42 PM, Josh Thompson wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Incubator PMC, >> >> The Apache VCL community voted on and approved a proposal to release Apache >> VCL 2.1. We would like to request the endorsement of the Incubator PMC to >> publish this release. >> >> The release artifact, sums, and GPG signature can be found here: >> http://people.apache.org/~jfthomps/apache-VCL-2.1-RC2-incubating/ >> >> SVN tag from which artifact was exported: >> https://svn.apache.org/repos/asf/incubator/vcl/tags/release-2.1-RC2/ >> >> Vote Proposal: >> http://mail-archives.apache.org/mod_mbox/incubator-vcl-dev/200911.mbox/%3c200911121649.53032.josh_thomp...@ncsu.edu%3e >> >> Vote result: >> http://mail-archives.apache.org/mod_mbox/incubator-vcl-dev/200911.mbox/%3c200911181425.46850.josh_thomp...@ncsu.edu%3e >> >> The vote will be open for at least 72 hours. Alan Cabrera and Kevan Miller >> both voted +1 in the community vote. It is my understanding that their votes >> transfer to this voting process, starting us out with a +2 vote. >> >> Please vote to >> >> [ ] +1 yes, release Apache VCL 2.1 >> [ ] 0 don't know >> [ ] -1 no, don't release Apache VCL 2.1 (provide reasons if this is your >> vote) >> >> Thank you for your consideration, >> Josh Thompson >> Apache VCL release manager >> - -- >> - --- >> Josh Thompson >> Systems Programmer >> Virtual Computing Lab (VCL) >> North Carolina State University >> >> josh_thomp...@ncsu.edu >> 919-515-5323 >> >> my GPG/PGP key can be found at www.keyserver.net >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v2.0.11 (GNU/Linux) >> >> iD8DBQFLBFw/V/LQcNdtPQMRAhtgAJ0f1zEoIZKn8Ut0ynbxwPRIlpQQ0wCeLoU6 >> wf1/iqZaP6tXbQnFczlguMY= >> =sB2c >> -END PGP SIGNATURE- >> >> - >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> > > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
On Nov 23, 2009, at 5:49 PM, sebb wrote: There is only a "bz2" archive. Normally projects release archives in zip andr tar.gz format which are more commonly supported. IMO, this is a release blocker Just curious why you think this is a blocker? Each project knows better what formats are common and acceptable in the target user community. There's no single distribution format and this is not a blocker IMO. Andrus - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
On 18/11/2009, Josh Thompson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Incubator PMC, > > The Apache VCL community voted on and approved a proposal to release Apache > VCL 2.1. We would like to request the endorsement of the Incubator PMC to > publish this release. > > The release artifact, sums, and GPG signature can be found here: > http://people.apache.org/~jfthomps/apache-VCL-2.1-RC2-incubating/ There is only a "bz2" archive. Normally projects release archives in zip andr tar.gz format which are more commonly supported. IMO, this is a release blocker, but it should be trivial to fix. The hashes and sig are OK. > SVN tag from which artifact was exported: > https://svn.apache.org/repos/asf/incubator/vcl/tags/release-2.1-RC2/ Contents of release tag agree with contents of archive (once different EOLs are taken into account) As far as I can tell, there are no build files and no test scripts. Nor is there any documentation describing how to create the release archive(s). I realise that the code is all in the form of scripts, but it would be useful to have at least some tests that can be done without installing everything. > Vote Proposal: > > http://mail-archives.apache.org/mod_mbox/incubator-vcl-dev/200911.mbox/%3c200911121649.53032.josh_thomp...@ncsu.edu%3e > > Vote result: > > http://mail-archives.apache.org/mod_mbox/incubator-vcl-dev/200911.mbox/%3c200911181425.46850.josh_thomp...@ncsu.edu%3e > > The vote will be open for at least 72 hours. Alan Cabrera and Kevan Miller > both voted +1 in the community vote. It is my understanding that their votes > transfer to this voting process, starting us out with a +2 vote. > > Please vote to > > [ ] +1 yes, release Apache VCL 2.1 > [ ] 0 don't know > [ ] -1 no, don't release Apache VCL 2.1 (provide reasons if this is your > vote) > > Thank you for your consideration, > Josh Thompson > Apache VCL release manager > - -- > - --- > Josh Thompson > Systems Programmer > Virtual Computing Lab (VCL) > North Carolina State University > > josh_thomp...@ncsu.edu > 919-515-5323 > > my GPG/PGP key can be found at www.keyserver.net > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.11 (GNU/Linux) > > iD8DBQFLBFw/V/LQcNdtPQMRAhtgAJ0f1zEoIZKn8Ut0ynbxwPRIlpQQ0wCeLoU6 > wf1/iqZaP6tXbQnFczlguMY= > =sB2c > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] release Apache VCL 2.1
All, Would appreciate some reviews and votes for this release. It's the first Incubator release for VCL and could definitely benefit from some extra eyes. Thanks! --kevan On Nov 18, 2009, at 3:42 PM, Josh Thompson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Incubator PMC, > > The Apache VCL community voted on and approved a proposal to release Apache > VCL 2.1. We would like to request the endorsement of the Incubator PMC to > publish this release. > > The release artifact, sums, and GPG signature can be found here: > http://people.apache.org/~jfthomps/apache-VCL-2.1-RC2-incubating/ > > SVN tag from which artifact was exported: > https://svn.apache.org/repos/asf/incubator/vcl/tags/release-2.1-RC2/ > > Vote Proposal: > http://mail-archives.apache.org/mod_mbox/incubator-vcl-dev/200911.mbox/%3c200911121649.53032.josh_thomp...@ncsu.edu%3e > > Vote result: > http://mail-archives.apache.org/mod_mbox/incubator-vcl-dev/200911.mbox/%3c200911181425.46850.josh_thomp...@ncsu.edu%3e > > The vote will be open for at least 72 hours. Alan Cabrera and Kevan Miller > both voted +1 in the community vote. It is my understanding that their votes > transfer to this voting process, starting us out with a +2 vote. > > Please vote to > > [ ] +1 yes, release Apache VCL 2.1 > [ ] 0 don't know > [ ] -1 no, don't release Apache VCL 2.1 (provide reasons if this is your vote) > > Thank you for your consideration, > Josh Thompson > Apache VCL release manager > - -- > - --- > Josh Thompson > Systems Programmer > Virtual Computing Lab (VCL) > North Carolina State University > > josh_thomp...@ncsu.edu > 919-515-5323 > > my GPG/PGP key can be found at www.keyserver.net > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.11 (GNU/Linux) > > iD8DBQFLBFw/V/LQcNdtPQMRAhtgAJ0f1zEoIZKn8Ut0ynbxwPRIlpQQ0wCeLoU6 > wf1/iqZaP6tXbQnFczlguMY= > =sB2c > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
[VOTE] release Apache VCL 2.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Incubator PMC, The Apache VCL community voted on and approved a proposal to release Apache VCL 2.1. We would like to request the endorsement of the Incubator PMC to publish this release. The release artifact, sums, and GPG signature can be found here: http://people.apache.org/~jfthomps/apache-VCL-2.1-RC2-incubating/ SVN tag from which artifact was exported: https://svn.apache.org/repos/asf/incubator/vcl/tags/release-2.1-RC2/ Vote Proposal: http://mail-archives.apache.org/mod_mbox/incubator-vcl-dev/200911.mbox/%3c200911121649.53032.josh_thomp...@ncsu.edu%3e Vote result: http://mail-archives.apache.org/mod_mbox/incubator-vcl-dev/200911.mbox/%3c200911181425.46850.josh_thomp...@ncsu.edu%3e The vote will be open for at least 72 hours. Alan Cabrera and Kevan Miller both voted +1 in the community vote. It is my understanding that their votes transfer to this voting process, starting us out with a +2 vote. Please vote to [ ] +1 yes, release Apache VCL 2.1 [ ] 0 don't know [ ] -1 no, don't release Apache VCL 2.1 (provide reasons if this is your vote) Thank you for your consideration, Josh Thompson Apache VCL release manager - -- - --- Josh Thompson Systems Programmer Virtual Computing Lab (VCL) North Carolina State University josh_thomp...@ncsu.edu 919-515-5323 my GPG/PGP key can be found at www.keyserver.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.11 (GNU/Linux) iD8DBQFLBFw/V/LQcNdtPQMRAhtgAJ0f1zEoIZKn8Ut0ynbxwPRIlpQQ0wCeLoU6 wf1/iqZaP6tXbQnFczlguMY= =sB2c -END PGP SIGNATURE- - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org