+1
Greetings
Bernd
Von: Mark Thomas
Gesendet: Freitag, 2. Februar 2018 18:54
An: Commons Developers List
Betreff: [VOTE] Create new component commons-signing
Hello all,
I propose that we create a new component [commons-signing].
The scope of the component is code signing utilities including
Well, there are plans by me. I would not invest time in a project nobody else
can use…
Maybe there can be some consensus on a common protocol.
Gruss
Bernd
Von: Robert Munteanu
Gesendet: Dienstag, 30. Januar 2018 11:21
An: Commons Developers List
Betreff: Re: [Signing] New component for code
+1 - and I would expect we also see a Server-side component.
BTW: Eclipse also has some infrastructure for this (we use a modified Version
with a PHP backend on-prem)
http://git.eclipse.org/c/cbi/org.eclipse.cbi.git/tree/maven-plugins/README.md
Gruss
Bernd
--
http://bernd.eckenfels.net
Von
Need to be replicated as it is not
inherited.
d) Expand the existing documentation. This will take most work and space in the
Code
Whats your Preference? I would really like to use a) in this case, is this
acceptable?
Gruss
Bernd
--
http://bernd.eckenfels.net
Von: Bernd Eckenfels (JIRA
Hello,
commons-vfs does this (at the Moment it only dumps the threads and does not
break the build)
https://github.com/apache/commons-vfs/blob/trunk/commons-vfs2/src/test/java/org/apache/commons/vfs2/test/AbstractTestSuite.java#L213
Gruss
Bernd
--
http://bernd.eckenfels.net
Von: Romain
about the Name and the Mission and less about the maven
structure.
Gruss
Bernd
Von: Gary Gregory
Gesendet: Samstag, 4. November 2017 18:12
An: Commons Developers List
Betreff: Re: [PROPOSAL] Apache Commons JUnit
So are you advocating for a multi-module project?
- commons-testing
- commons-testing
I like the idea (and prefer Commons Testing), for example a method to list all
non-daemon threads after a test run (to see there is no resource leak) can be
used independent of the Unit Test Framework.
Gruss
Bernd
--
http://bernd.eckenfels.net
From: Hasan Diwan
Have no computer access for a couple more days so I can't verify with the
needed due diligence, but thank you for the work, thumbs up.
In case the vote last till Friday I might be able to vote.
Gruss
Bernd
--
http://bernd.eckenfels.net
From: Gary Gregory <gg
> -mvn clirr:check -pl core
> +mvn clirr:check -pl commons-vfs2
Hmm, I think it is intentionally only building the core module, if that is no
longer required would it be better to completely remove the -pl argument to
control partial build?
Gruss
Bernd
--
http://bernd.eckenfels.net
+1
Gruss
Bernd
--
http://bernd.eckenfels.net
On Sun, Aug 20, 2017 at 3:41 PM, Pascal Schumacher
<pascalschumac...@gmx.net<mailto:pascalschumac...@gmx.net> wrote:
> Hi all,
>
> as discussed, I'd like to propose to move Apache Commons Launcher to
> dormant.
>
> Re
as module
aware. But the compile checks should be easy to do.)
Gruss
Bernd
Gruss
Bernd
--
http://bernd.eckenfels.net
From: Jörg Schaible <joerg.schai...@bpm-inspire.com>
Sent: Tuesday, August 8, 2017 5:07:54 PM
To: dev@commons.apache.org
Subject: Re: Ready for JDK 9
Hello Gary,
Well I don't remember that we agreed on it, however as I said both is fine.
Should we then make the change to checkstyle file and if yes, what change?
Using eol for all lcurly entries?
Gruss
Bernd
Gruss
Bernd
--
http://bernd.eckenfels.net
From
-vfs/blob/trunk/checkstyle.properties#L17
Gruss
Bernd
--
http://bernd.eckenfels.net
_
From: ggreg...@apache.org<mailto:ggreg...@apache.org>
Sent: Donnerstag, Juli 20, 2017 1:56 AM
Subject: svn commit: r1802440 -
/commons/proper/vfs/trunk/core/src/test/java/org/
anybody know?
Thanks for looking at the issues, would be good if you commit smaller batches
more often, since there is generally some more interest in the project
currently. If you want I can help with the Javadoc warnings?
Gruss
Bernd
--
http://bernd.eckenfels.net
to get a radically different
view.
(But Imagree with others that for most commons projects (especially tools
libraries) there is not much benefit for having package versions different from
bundle versions. Especially not since there is no overall OSGi theme going on.)
Gruss
Bernd
--
http
println("f exists" + f.exists() +
" is dir " + f.isDirectory() + " is file " + f.isFile() + " norm " +
f.getCanonicalPath() + " len " + f.length())
So we can see what the responses are?
Gruss
Bernd
Hello,
The Local file provider should be able to deal with fuse mounted directories.
It is hard to say what the problem is. Can you tell us how the path is named,
what operations you tried, what exceptions are happening and what `ls` is
returning.
Gruss
Bernd
--
http://bernd.eckenfels.net
. This is true for 1.6
projects compiled with 1.8 maven-Java today.
So while it is good to review prerequisite minimum versions regularly Java 9
seems not a immediate motivation.
Gruss
Bernd
--
http://bernd.eckenfels.net
From: Benedikt Ritter <brit...@apache.org>
GIBo uses the Github profiles:
https://github.com/github/gitignore/blob/master/Java.gitignore
https://github.com/github/gitignore/blob/master/Maven.gitignore
Gruss
Bernd
--
http://bernd.eckenfels.net
From: Benedikt Ritter <brit...@apache.org>
Sent: Tuesday,
Are we talking about only the Maven profile or also about the Java profile. I
find that one overly eager and why does it contain BlueJ IDE (only)?
Gruss
Bernd
--
http://bernd.eckenfels.net
From: sebb <seb...@gmail.com>
Sent: Monday, June 5, 2017 5:09
Hello,
You need to clone the project to your own repos and there you can push the
changes (to a branch) and then create a PR.
Gruss
Bernd
--
http://bernd.eckenfels.net
_
From: Gary Evesson <geves...@atlassian.com<mailto:geves...@atlassian.com>>
Sent: M
).
This is basically the same as with OSGi (only that modules allow friends
easier). The runtime scope in maven would be for those modules which are not
explicitely required but needed at runtime.
Gruss
Bernd
--
http://bernd.eckenfels.net
From: jodastep...@gmail.com
Hm why is that? What step in your compile would need the runtime module?
Gruss
Bernd
--
http://bernd.eckenfels.net
From: Ralph Goers <ralph.go...@dslextreme.com>
Sent: Sunday, April 23, 2017 7:14:02 PM
To: Commons Developers List
Subject: Re: [all] Java 9
also teaching again DSP from Sept so that gives me
naturally time to work on it.
Best,
/Bernd
On 13/01/17 08:51, Eric Barnhill wrote:
> That was where we left it. I asked Bernd if he did not have write access to
> the sandbox. If there was a reply to that I didn't see it.
>
> This woul
) is a good one (as long as
they do not require imports?)
Gruss
Bernd
--
http://bernd.eckenfels.net
From: jodastep...@gmail.com <jodastep...@gmail.com> on behalf of Stephen
Colebourne <scolebou...@joda.org>
Sent: Saturday, April 22, 2017 10:16:40 AM
To: Common
. In fact java.util.logging
comes from java.logging while java.util is in java.base.
http://cr.openjdk.java.net/~mr/jigsaw/ea/module-summary.html
The only inclusion dependency is in source archives as they require a new level
directory per each module.
Gruss
Bernd
--
http://bernd.eckenfels.net
Around what? there is no problem to have multiple packages in multiple modules
depending on each other (if you decide to ship modules at all). Only split
packages is a problem (but this is also a problem for OSGi or code signing so
nobody should really use that anyway)
Gruss
Bernd
--
http
You can run a verification SQL instead. So I guess doing nothing would be fine
as well, as the verification SQL (on borrow) could be configured instead.
Other methods which do a round trip to the database can be used as well (for
example setAutocommit() on some drivers).
Gruss
Bernd
--
http
does not attract the right
engagement (besides the wording is outdated)
We could replace it for a more generic Apache Commons Feedback wanted task: if
you use a Apache Commons components share your experience, problems and
Feedback on the User List. - or similar?
Gruss
Bernd
--
http
://commons.apache.org/proper/commons-rng/
Gruss
Bernd
--
http://bernd.eckenfels.net
_
From: Prashanth.R <prash.r...@gmail.com<mailto:prash.r...@gmail.com>>
Sent: Donnerstag, März 16, 2017 1:23 AM
Subject: Help with task: Random number generators
To: <dev@commons.apache
if you solve a real world problem of yours.
Let us know if project Homepage would be enough to start - and otherwise see
the linked contributors guide.
Gruss
Bernd
--
http://bernd.eckenfels.net
_
From: Frank Es <escobarbfrank...@gmail.com>
Sent: Donnerstag, März 2,
Hello,
I guess that could be helpful. Keep in mind that the selector not only selects
the elemements to match but also the directory hierarchy to travers, so
composition can be a bit tricky.
Gruss
Bernd
--
http://bernd.eckenfels.net
On Fri, Jan 20, 2017 at 5:21 AM +0100, "Gary Gr
Ooops. Sorry. Didn't see that e-mail. I'm away to Greece at the moment
but I'll have a try re write access at the weekend. I agree that it
would be much quicker if I could commit to the sandbox straight away.
/Bernd
On 13/01/17 10:51, Eric Barnhill wrote:
That was where we left it. I asked
Hi Gilles,
I *think* I suggested to add a couple of subdirs. One of them with my
IIR filter code and another one for the Kalman filter in it. However, I
don't have write access to it so I think Eric is planning of doing it.
Best,
/Bernd
On 13/01/17 01:33, Gilles wrote:
Hello.
As of today
> --[X] +1 Move
> [text] to Commons Proper
Gruss
Bernd
--
http://bernd.eckenfels.net
_
From: Rob Tompkins <chtom...@gmail.com>
Sent: Dienstag, Januar 3, 2017 8:40 PM
Su
The issues of the j.u.Random implementation are only for the default
implementation, if you provide a different algorithm (from Securearandom or any
distribution from RNG) you can avoid it (if needed)
Gruss
Bernd
--
http://bernd.eckenfels.net
On Fri, Dec 30, 2016 at 10:50 PM +0100, "G
dge can be provided in RNG for other uses as well.
Gruss
Bernd
--
http://bernd.eckenfels.net
On Fri, Dec 30, 2016 at 7:11 PM +0100, "Gilles" <gil...@harfang.homelinux.org>
wrote:
On Fri, 30 Dec 2016 17:30:17 + (UTC), Bernd Eckenfels wrote:
> Sorry I meant
Sorry I meant *uniform* distribution
Gruss
Bernd
On Fri, Dec 30, 2016 at 5:58 PM +0100, "Bernd Eckenfels"
<e...@zusammenkunft.net> wrote:
Hello,
I am somewhat unclear, why would you require a random distribution (Interface).
Is there no better more generic Inte
source.
Gruss
Bernd
--
http://bernd.eckenfels.net
On Fri, Dec 30, 2016 at 5:04 PM +0100, "Jörg Schaible" <joerg.schai...@gmx.de>
wrote:
Gilles wrote:
> Hi.
>
> On Fri, 30 Dec 2016 09:40:20 -0500, Rob Tompkins wrote:
>> Hello all,
>>
>> Pers
POM nuances)
Gruss
Bernd
--
http://bernd.eckenfels.net
On Sun, Dec 25, 2016 at 12:02 AM +0100, "Apache" <ralph.go...@dslextreme.com>
wrote:
Maven is going to publish all the artifacts that are built to the repository.
This isn’t necessarily a bad thing as people
Hello,
I think hybrid -sry/source does not work very well, since the IDE expect a
package-like directory structure. I am not sure it would work with src/main/
prefix.
Gruss
Bernd
--
http://bernd.eckenfels.net
On Fri, Dec 23, 2016 at 11:33 PM +0100, "Gary Gregory" <garydgreg
to Apache Distribution Site vs
> Maven Central.
Uh, how can that happen, the release process verifies the checksums.
Gruss
Bernd
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
Hello,
What database system/driver did you test? Did you test repeating statements or
not. Because some drivers optimize statement caches only for prepared
statements. This also means it should be configurable.
Gruss
Bernd
--
http://bernd.eckenfels.net
On Sat, Dec 10, 2016 at 10:34 PM
that component (In this case sandbox does not mean incomplete).
The most likely development is that the sandbox is dropped, hopefully somebody
would release a forked binary outside the ASF. (Not sure how that would be done
in regards to package naming).
Gruss
Bernd
--
http://bernd.eckenfels.net
Hello Mark,
are we sure the removed TODO is not related with apxPoolAlloc() return
code?
(I also miss the inserted closing brace, does it still compile? Is that
a different commit?)
Gruss
Bernd
Am Mon, 28 Nov 2016 21:04:06 -
schrieb ma...@apache.org:
> Author: markt
> Date: Mon
(... sorry got interrupted)
... there are arguments for a commons component, but it could also be arguments
having a dedicated community. So I wanted to express that with an abstain.
Gruss
Bernd
--
http://bernd.eckenfels.net
On Thu, Nov 24, 2016 at 4:02 PM +0100, "Bernd Eckenfels
Hello,
Thank you for the summmary. I was aware of the incubation and the discussion on
rdf-dev. There are arguments for a common component,
Gruss
Bernd
--
http://bernd.eckenfels.net
On Thu, Nov 24, 2016 at 12:05 PM +0100, "Sergio Fernández" <wik...@apache.org>
wrote:
so ideally they should live in subdirectories at least so we
could create sub-packages then?
Best,
/Bernd
On 23/11/16 13:34, Gilles wrote:
Hi Bernd, Eric (and others).
I was about to request a JIRA project for the "filter" component.[1]
The name "FILTER" is not taken (as a JIRA p
+0 Undecided as there where no activity on commons-dev it feels to me
like an other home would be better
Am Wed, 23 Nov
2016 13:47:03 + schrieb Stian Soiland-Reyes :
> [Note: this is the Commons PMC vote on dev@commons - there's a
> concurrent IPMC VOTE thread on
Hi Eric,
how do we move this forward? I cannot commit to the CVS so shall I send
you patches and you work them in or what is the workflow?
Best
/Bernd
On 26/10/16 13:48, Eric Barnhill wrote:
On Wed, Oct 26, 2016 at 2:25 PM, Gilles <gil...@harfang.homelinux.org>
wrote:
It sounds li
Hi Eric,
the error came from not having a site subtree. I've added one. That
needs to change so that it fits into the numbering scheme of the
library. I guess it will be a sub-topic in the filter.xml?
Either way "mvn site" works now to get it going.
/Bernd
On 02/11/16 09:09, Eri
Hi Eric,
there hasn't been any documentation except of javadoc on it. I've added
a page in the APT format. msv site requires documentation. Not sure
what's required here.
Best,
/Bernd
On 02/11/16 09:09, Eric Barnhill wrote:
Hi Bernd,
looks like I need org/sonatype/aether/graph
Thanks, Eric for setting up a sandbox project. What is required for "mvn
site"?
/Bernd
On 01/11/16 16:17, Eric Barnhill wrote:
I have set up a sandbox project for commons-filter in the commons sandbox
subversion repository.
I used models in the sandbox for LICENSE.txt,
) filters these are causal digital filters as they essentially behave
as an analogue circuit in a digital form. For the casual (!) user of
filters they'd probably just look for a filter...
/Bernd
On 25-Oct-16 23:00, Gary Gregory wrote:
On Tue, Oct 25, 2016 at 12:07 PM, Eric Barnhill <ericba
which can also
design its own low/high/band/stopband filter via different methods then
I think we should also add this. For example filters based on sinc
functions and windowed with a choice of standard windows would be nice.
/Bernd
On 25/10/16 12:33, Arne Ploese wrote:
> Am Montag, den 24.10.2
e "filter" package is a
strong candidate to examine thoroughly and revamp, if necessary,
for inclusion in a component of its own (or "filter" itself).
No sure what you mean by this. Can give an example?
So, that do I need to do at
P.S.: Just tested it with 3.0.0. There the Laguerre Root function is not
yet implemented. For 3.0.0 we needed to exclude the Bessel filter. That
works from 3.1.0.
On 24/10/16 10:25, Eric Barnhill wrote:
> Hi Bernd, sounds like we agree on basically everything there is to do.
>
>
>
Hi Eric,
On 24/10/16 10:25, Eric Barnhill wrote:
> Hi Bernd, sounds like we agree on basically everything there is to do.
>
>
>> I've spent the weekend adding maven support to the IIRJ library. So now
>> a simple "mvn install" does the job. Also done the testing pr
ics:
https://github.com/berndporr/fir1
Arne, do you have an efficient way of doing that in JAVA? That would be
nice.
Best,
/Bernd
On 24/10/16 09:28, Arne Ploese wrote:
> Am Samstag, den 22.10.2016, 23:25 +0100 schrieb Bernd Porr:
>
> (...)
>
>> I'm not too crazy about proper FIR filters
a simple "mvn install" does the job. Also done the testing properly with
"mvn test" which generates all the different kinds of impulse responses
and puts them in different subdirs for evaluation.
https://github.com/berndporr/iirj
Best,
/Bernd
>
> Eric
>
--
www:http
ss is fine but of course that's only a tiny
part of signal processing.
I have a whole convolution library I wrote at:
https://github.com/ericbarnhill/JVCL which includes GPU based finite
differences convolutions which are quite speedy (and as always,
complex-friendly). With Bernd contributing I
Hi both,
great to get such a positive response.
On 22/10/16 15:59, Gilles wrote:
> Hello.
>
> On Sat, 22 Oct 2016 12:51:03 +0200, Eric Barnhill wrote:
>> Dear Bernd,
>>
>> Thank you for this interesting contribution. I use these sorts of
>> filters
>> fre
and the
documentation is probably not complete for apache but before I embark on
it I'd rather ask if there is interest.
Best,
/Bernd Porr
--
www:http://www.berndporr.me.uk/
http://www.linux-usb-daq.co.uk/
http://www.imdb.com/name/nm3293421/
Mobile: +44 (0)7840 340069
Work: +44 (0
of it (in case any are required)
As the release is immanent, it would be good to do that quickly (but of
course if you come around to do it later it is still valuable for
forthcoming releases).
Thank you for your help and contributions.
Gruss
Bernd
Am Sat, 15 Oct 2016 09:53:15 -0600
schrieb
as well.
Gruss
Bernd
Am Thu, 30 Jun 2016 10:46:12 +
schrieb Benedikt Ritter <brit...@apache.org>:
> We still need to create a security site. Commons Compress can be used
> as an example for this. I don't have time to do it right now.
>
> Benedikt
>
> Benedikt Ritter <
ink to a
definitive source.
Gruss
Bernd
+1 (binding)
> [X] +1, yes move Primitives to dormant
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
the info on the commons.apache.org site easily,
should we do something about that?)
I think there is somewhere a Jenkins running (for us?)
Gruss
Bernd
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands
Hello,
There was no objection to switching VFS project to Git as the primary
source control. Here are the people participated (I also vote +1):
Bernd Eckenfels
Gary Gregory
Dave Brosius
Woonsan Ko
Josh Elser
Ralph Goers
Jochen Wiedmann
Christopher
How to proceed? Open an Infra ticket?
Gruss
+1 (binding)
i do have some remarks/discussion points:
RELEASE-NOTES.txt contains the site link as http instead of https, I
had the impression we wanted to switch the defaults?
Is the site planned to be "rolled back" to 1.3.2 or will it stay
1.4-SNAPSHOT?
Gruss
Bernd
Am Mon, 23 M
will probably need a few days to come
back to this, so this poll with lazy consensus is open for at least 5
days.
Gruss
Bernd
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h
abstraction API, as this is a possible candidate for VFS to envolve to.
(I think commons-compress does not have a abstraction API for this).
Are you planning to support writing/creating images as well?
Gruss
Bernd
Am Sat, 21 May
2016 08:10:12 + schrieb Christofer Dutz <christofer.d...@c-ware
Hello,
Thanks Josh!
This is a binding +1
(however I have some minor optional points which could be fixed in another
RC or before releasing the repo):
2016-05-12 5:29 GMT+02:00 Josh Elser :
> All,
>
> Please consider the following for Apache Commons VFS2 version 2.1 (rc2).
Thanks Stian!
Do you plan to report the noexec issue? If not let me know and I will
file one.
I thought we already had one but I cant find it.
I will do some windows tests and then vote.
Gruss
Bernd
Am Wed, 4 May 2016 13:28:54 +0100
schrieb Stian Soiland-Reyes <st...@apache.org>:
>
it is not built or shipped by default and called sandbox.
(this was not my idea and before my time but I dont see a reason to
change this for this release)
Gruss
Bernd
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For addi
Hello,
the sandbox works perfectly fine for me. Why do you think it is not
ready for release (beside we do not want to?)
I dont think we should burden such structural and long standing changes
onto a voluntary release manager given the 2.0 had the same structure.
Gruss
Bernd
Am Tue, 3 May
Hello,
see inline.
Am Tue, 26 Apr 2016 18:05:01 -0400
schrieb Josh Elser <els...@apache.org>:
> Thanks for the great details, Bernd. Some questions/comments:
>
> I hadn't even stumbled across VFS-570 due to its lack of
> fixVersion=2.1. Are there more that need to be corr
a joined RC1, I am just not sure it wont open a big
chunk of additional work.
Gruss
Bernd
Am Tue, 26 Apr 2016 09:40:01 -0400
schrieb Josh Elser <els...@apache.org>:
> Thanks Matt and Gary.
>
> I do recall seeing the asf-wide note that my commit-bit also applies
> to
ject.
The details are described here, this is pretty current, but I think you
are doing fine. We discussed your report just yesterday. I think we
should get the mock http service in lace so we dont have to fix those
external URLs (again).
https://github.com/apache/commons-vfs/bl
Hello,
I think for this test we can do fine with a (java mock) http server started for
the particular redirection test, other provider tests do that as well.
Added benefit would be, that we can actually assert some properties of the
request on server side.
Gruss
Bernd
--
http
Bernd
Am Mon,
21 Mar 2016 21:38:46 + schrieb "Epstein, Ezra"
<ezra.epst...@neustar.biz>:
> I’ve forked and cloned the repo from GitHub and the build fails with:
>
>
> Tests run: 90, Failures: 0, Errors: 1, Skipped: 0, Time elapsed:
> 5.223 sec <<<
+1 Accept Chimera as new Apache Commons Component
Gruss
Bernd
Von: Benedikt Ritter
Gesendet: Montag, 21. März 2016 09:45
An: Commons Developers List
Cc: Hadoop Common
Betreff: [VOTE] Accept Chimera as new Apache Commons Component
Hi all,
after long discussions I think we have gathered enough
+0
(I would prefer to not see the traffic on the list)
Von: Phil Steitz
Gesendet: Samstag, 16. Januar 2016 16:19
An: Commons Developers List
Betreff: [VOTE] Form a separate TLP based on [math]
The discussion has thus far been generally favorable. I would like
therefore to put the proposal to
Hello,
I added a second CVE to the de-serialisation security-report for
ACC, I dont have the infrastrcuture handy to push the site, can
somebody do that, please?
Gruss
Bernd
URL: http://svn.apache.org/viewvc?rev=1719350=rev
Log:
security-report: added CVE-2015-7501 (Red Hat) to de-serialisaton
Hello Roger,
sounds useful to me. Do you plan to parse a string range ("1-100") or
define a min and max property?
Gruss
Bernd
Am Mon, 7 Dec 2015 13:26:35 -0800
schrieb Roger Membreno <roger.membr...@celigo.com>:
> Hello Apache Community, how are you doing?
>
> We u
Hello,
BTW Oracle issued a "Strange" Security alert:
2015-4852 was released on November 10th, 2015.
This vulnerability, which involves the Apache Commons and Oracle WebLogic
Server, has received a CVSS Base Score of 7.5.
...
Bernd
> Am 08.11.2015 um 10:41 schrieb Benedikt
Am Mon, 9 Nov 2015 09:36:41 +0100
schrieb Benedikt Ritter <brit...@apache.org>:
> Hello Bernd,
>
> very nice. I found two typos:
>
> "It is possible to limit the impact when using a custom
> ObjecrtInputStream which overwrites" - should be ObjectInputStream
fi
Thanks Timo!
Am Mon, 9 Nov 2015 10:18:18 +0100
schrieb Timo <mailant...@gmx.de>:
> Hello Bernd,
>
> nice article and I would be happy to see this on the ASF blog to point
> people to it.
>
> I also found some typos:
>
> "Both research work shows that devel
have some suggestions for
improvement.
Greetings
Bernd (e...@apache.org)
---
Apache Commons statement to widespread Java object de-serialisation
vulnerability
Authors: Bernd Eckenfels, Gary Grogory for Apache Commons
In their
[talk](http://frohoff.github.io/appseccali-marshalling-pickles
Hello,
attached is the draft, thanks for Gary and Gabriel (did I miss any
contribution?)
I think "Bernd Eckenfels and Gary Gregory for Apache Commons" would be
the author (includes a thanks to Gabriel at the end).
What is the procedure to get this published?
Title? "Apache Co
Hello Gary,
thanks for the offer. I will sent you a edit-link for the article, here
is a comment-only version for people to check:
https://oasis.sandstorm.io/shared/prUMi3zkPMx9bdQ8X2vkX7nt7JW79G3b28IKhS_F8vQ
Greetings
Bernd
Am Sun, 8 Nov 2015
12:20:55 -0800 schrieb Gary Gregory <garydg
above clean-up
in git(hub) and get it merged to the sandbox.
gruss
Bernd
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
xt like that.
Gruss
Bernd
Am Sun, 8 Nov 2015
10:22:12 -0800 schrieb Gary Gregory <garydgreg...@gmail.com>:
> Hi All:
>
> What about agreeing on a plan before we post anything? My proposal
> would be to follow up on an idea posted on the dev ML: Use a system
> property to en
quot; which do start (readObject())
in JCL classes and then use pretty generic interfaces like Annotations
or Comparators, so there is really no link between the types and the
specific weakness.
Greetings
Bernd
Am Sat, 7 Nov 2015 00:56:00 +0100
schrieb Thomas Neidhart <thomas.neidh...@gmail.com>:
this
class. Is this currently handled/reported? Of course the more general
problem is using serialisation with untusted peers, and if
commons-collection fixes this, there might still be other vectors, but
still I think it would be good to do something against that "bad press"?
Gruss
Bernd
of the Naomi syntax/power...)
And from my POV that would be a precondition to see some commitment of
the original submitters. Why would we rush things?
Gruss
Bernd
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.
It is in a good shape now, it only needs a compatibility statement for the
release notes explaining the clirr-warnings and probably merging the hdfs write
changes.
Gruss
Bernd
Von: Gary Gregory
Gesendet: Freitag, 2. Oktober 2015 19:36
An: Commons Developers List
Betreff: [VFS] Release road
t; No objection, then?
Uh, be carefull with the trigger of that gun you point at somenes
chest :)
Gruss
Bernd
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
this is required for smaller contributions.
(but I try to do it for VFS on all changes).
Gruss
Bernd
-- Forwarded message --
From: Antonio Petrelli (JIRA) <j...@apache.org>
Date: 2015-09-24 10:50 GMT+02:00
Subject: [jira] [Commented] (VFS-567) Timeout in vsFTPd causes
exceptio
Phil, Is this somewhere codified?
2015-09-24 18:47 GMT+02:00 Phil Steitz <phil.ste...@gmail.com>:
> On 9/24/15 8:59 AM, Bernd wrote:
>> Hello,
>>
>> do we have this rule to include the name of a patch contributor into
>> the commit message? I havent seen that bee
101 - 200 of 432 matches
Mail list logo