On Sat, 22 Aug 2020 at 23:45, Gary Gregory wrote:
>
> On Sat, Aug 22, 2020 at 4:50 PM sebb wrote:
>
> > On Sat, 22 Aug 2020 at 17:13, Gilles Sadowski
> > wrote:
> > >
> > > 2020-08-22 16:02 UTC+02:00, Gary Gregory :
> > > > Here is a first cut:
> > > >
> > > >
Hi all,
I intent on creating a release candidate for Commons Crypto soon.
I pushed a snapshot today which contains native binaries for Windows 32 and
64, Linux 32 and 64, Mac 64, and ARM and ARM HF.
Please help testing these on whatever platforms you may have access to.
Gary
On Sat, Aug 22, 2020 at 4:50 PM sebb wrote:
> On Sat, 22 Aug 2020 at 17:13, Gilles Sadowski
> wrote:
> >
> > 2020-08-22 16:02 UTC+02:00, Gary Gregory :
> > > Here is a first cut:
> > >
> > > https://github.com/apache/commons-io/security/policy
>
> Why does IO have links to Known Vulnerabilities
On Sat, 22 Aug 2020 at 17:13, Gilles Sadowski wrote:
>
> 2020-08-22 16:02 UTC+02:00, Gary Gregory :
> > Here is a first cut:
> >
> > https://github.com/apache/commons-io/security/policy
Why does IO have links to Known Vulnerabilities for Compress,
Collections etc, but not IO?
> And here is my
2020-08-22 16:02 UTC+02:00, Gary Gregory :
> Here is a first cut:
>
> https://github.com/apache/commons-io/security/policy
And here is my suggestion:
https://github.com/apache/commons-rng/security/policy
YMMV,
Gilles
> [...]
I don’t see any harm having more documentation. It’s kinda like the apple
philosophy of trying to make every thing that someone would think of doing on a
computer, actually work like they think it would…right? The more intuitive we
can make things the better we will end up being, I would think.
2020-08-22 16:40 UTC+02:00, Gary Gregory :
> Two items: (1) security is different
from what?
> because, well, it seems obvious to me
> that anything security related should be as accessible as possible as
> opposed to going through an extra hoop
YMMV, but IMHO the (unique) "source of truth" is
The Apache Commons Team is pleased to announce the availability of
Apache Commons JCS 3.0
Apache Commons JCS is a distributed, versatile caching system.
This has been a major overhaul of JCS with many adjustments for JDK 8+,
better concurrency and logging.
Commons JCS 3.0 requires Java 8 or
Two items: (1) security is different because, well, it seems obvious to me
that anything security related should be as accessible as possible as
opposed to going through an extra hoop and (2) making/keeping our GitHub
presence a first class citizen in how we put a face on the project.
Gary
On
Hi.
2020-08-22 15:26 UTC+02:00, Gary Gregory :
> Hi All,
>
> You may have noticed (or nor) that GitHub has a Security [1] tab for our
> repositories. On this tab, you can define a Security Policy.[2] in a
> SECURITY.md (just like we have a README.md).
>
> I would like to fill this in with the
Here is a first cut:
https://github.com/apache/commons-io/security/policy
This is pretty much a copy of https://commons.apache.org/security.html with
an extra link, a spelling fix, and slightly different formatting.
Gary
On Sat, Aug 22, 2020 at 9:32 AM Gary Gregory wrote:
> Actually, maybe
Actually, maybe our build plugin can generate this page like it generates
others like README.md...
Gary
On Sat, Aug 22, 2020 at 9:26 AM Gary Gregory wrote:
> Hi All,
>
> You may have noticed (or nor) that GitHub has a Security [1] tab for our
> repositories. On this tab, you can define a
+1 this is a fantastic idea Gary.
On 8/22/2020 9:26 AM, Gary Gregory wrote:
Hi All,
You may have noticed (or nor) that GitHub has a Security [1] tab for our
repositories. On this tab, you can define a Security Policy.[2] in a
SECURITY.md (just like we have a README.md).
I would like to fill
Hi All,
You may have noticed (or nor) that GitHub has a Security [1] tab for our
repositories. On this tab, you can define a Security Policy.[2] in a
SECURITY.md (just like we have a README.md).
I would like to fill this in with the same text we now have here:
> I think we need a different approach, IMO: We only want to allow the
> Pack200 tests to fail on Java >= 14. For that, please create a Maven
> profile in the POM that excludes those tests on JAva >= 14. This will allow
> all us to detect problem in all the other tests.
>
+1
I have pushed a PR
15 matches
Mail list logo
