This sounds a lot like what was discussed back when components went through
Java 6 -> 7 and later Java 7 -> 8 upgrades. So far, we’ve only made Java
requirement updates in the minor version, not the patch version, and as Gary is
saying, we wouldn’t bump the major version without renaming the
How about using multi-release jars? That way we can include module-info files
and version-specific additions while still supporting Java 8 for a while. It
could require a newer Java compiler while still targeting the Java 8 bytecode
version.
—
Matt Sicker
> On Apr 23, 2023, at 08:46, G
Yes, please use the existing fuzz-testing list. It’s basically a notifications
list at this point due to differences in memory safety between Java and the C
family making fuzzing a little trickier to reproduce security issues.
—
Matt Sicker
> On Nov 23, 2022, at 08:58, Mark Thomas wr
+1 from me
With that, this vote passes with 3 +1 binding votes from me, Gary, and Bruno.
I’ll continue the release.
—
Matt Sicker
> On Oct 30, 2022, at 13:16, Matt Sicker wrote:
>
> Looks like this vote will end up passing. I’ll make my vote and finish up the
> vote thread
r releases have), and shows as not released yet (normally it has the
>> vote release date, I think). Can be fixed later, other reports look OK.
>>
>> Manually inspected files from dist area (source and binaries), and also
>> checked signatures. Everything looks OK!
>
otes several errors.
>>These are considered OK for the reasons stated below.
>>These exceptions are also noted in the Changes and Release Notes.
>>
>>Errors reported:
>>- removal of checked exceptions in various methods
>>***
>>
I did; I just forgot to remove the markers.
—
Matt Sicker
> On Oct 25, 2022, at 15:43, Gary Gregory wrote:
>
> Matt,
>
> You are suppose to edit what is in between ××× ...
>
> Gary
>
> On Tue, Oct 25, 2022, 16:05 Matt Sicker wrote:
>
>> We have f
sooner than 72 hours from now.
[ ] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Thank you,
Matt Sicker,
Release Manager (using key 0x031EE010CA15D1EE)
For following is intended as a helper and refresher for re
, platform encoding: UTF-8
OS name: "mac os x", version: "12.6", arch: "aarch64", family: "mac"
—
Matt Sicker
> On Oct 23, 2022, at 09:58, Gary Gregory wrote:
>
> We have fixed one bug since Apache Commons BCEL 6.6.0 was released, so
&g
+1
Tested with Java versions 8.0.322-zulu, 11.0.15-zulu, and 17.0.2-zulu.
Apache Maven 3.8.5
OS name: "mac os x", version: "12.6", arch: "aarch64", family: “mac"
—
Matt Sicker
> On Oct 8, 2022, at 07:35, Gary Gregory wrote:
>
> We have fixed a few b
thub.com/google/oss-fuzz/pull/7582
> >> >
> >> > The initial oss-fuzz for ASF was, if I recall correctly, all put under a
> >> > single project:
> >> > https://github.com/google/oss-fuzz/tree/master/projects/apache-commons
> >> >
> >
I get emails about some of the Commons fuzzing things, but I was only
aware of it being enabled for compress and imaging.
On Mon, Oct 10, 2022 at 1:37 PM Roman Wagner
wrote:
>
> Hi all,
>
> I am working for Code Intelligence we did our best to find a maintainer for
> the oss-fuzz project.
I'm one of the PMC members already in our oss-fuzz project. Please
feel free to add commons-math!
On Thu, Jul 21, 2022 at 3:23 PM Bruno Kinoshita wrote:
>
> Hi
>
> There is an oss-fuzz project for commons where multiple modules are hosted
> (I am sure Imaging is there, and I think Compress too).
The only OpenSSL fork I know of in macOS is BoringSSL which is also used by
Chrome. This fork maintains some level of compatibility though.
—
Matt Sicker
> On Jun 29, 2022, at 20:03, Alex Remily wrote:
>
> Which Mac OS version did you use? Since I upgraded to BigSur (OS 11) my
Some JSON parsers do support comments. Some use cases could potentially use
YAML or similar. Otherwise, yeah, might as well exclude where comments can’t be
added.
—
Matt Sicker
> On Jun 27, 2022, at 08:42, Gilles Sadowski wrote:
>
> Hello.
>
>> Le lun. 27 juin 2022 à 1
AWS offers macOS VMs. GitHub Actions support macOS which presumably uses
something similar. I don’t think Apple offers an equivalent service, but there
are more companies that do offer macOS VMs in the cloud.
—
Matt Sicker
> On Jun 16, 2022, at 12:05, Jochen Wiedmann wrote:
>
> On
You can run Windows in a VM on macOS, but that’s starting to sound fairly
complicated if macOS is itself in a VM.
—
Matt Sicker
> On Jun 15, 2022, at 18:03, sebb wrote:
>
> On Wed, 15 Jun 2022 at 17:32, Matt Sicker wrote:
>>
>> We could always request a Windows VM fr
We could always request a Windows VM from Infra if necessary for building
releases. Same for a Mac VM or Linux VM, though the Linux one can be done
fairly easily via Docker on any OS (even FreeBSD supports Linux containers now).
—
Matt Sicker
> On Jun 15, 2022, at 05:10, sebb wr
The issue with the previous RC required an updated version of the Commons
release plugin. I don’t remember if that’s been done yet.
—
Matt Sicker
> On Jun 14, 2022, at 05:12, Alex Herbert wrote:
>
> On Mon, 13 Jun 2022 at 17:46, Matt Sicker wrote:
>
>> I haven’t h
I haven’t had a chance to try a second RC. I’ve been out sick the past few days
as well. If you’d like to help make the release, let me know!
—
Matt Sicker
> On Jun 13, 2022, at 11:15, Alex Herbert wrote:
>
> A RC1 cut was made for codec 1.16 in January 2022:
>
>> g
suppose that doesn’t surprise me too much.
—
Matt Sicker
> On Jun 11, 2022, at 12:25, Rodion Efremov wrote:
>
> Hi Matt and community,
>
> About thread safety: I keep an int counting modifications (called
> modCount). Now, spliterator/iterator/sublist check that modCount ==
as well, that sort of process
is fairly long term, so I’d imagine that Collections would be a great place for
it. If you’re trying to donate this to multiple projects, then Eclipse also has
a collections library that might like it, and Guava might like it, too.
—
Matt Sicker
> On Jun 10, 2
Seems reasonable to me given the use case.
—
Matt Sicker
> On Jun 9, 2022, at 20:23, Matt Juntunen wrote:
>
> Hello,
>
> We are slowly getting closer to a 2.8.0 release for
> commons-configuration. One remaining item on the list is a PR [1] for
> bumping the com.sun.
Seems reasonable to me. Anyone still using Java 7 probably isn’t too concerned
about CVEs as I hope that type of software is not internet connected!
—
Matt Sicker
> On Jun 6, 2022, at 09:09, Melloware wrote:
>
> +1 from me on that Gary!
>
>
>> On 6/6/2022 9:43 AM, Gary
It hasn’t had activity in over 10 years, but there’s also
https://commons.apache.org/sandbox/commons-graph/ as a potential component to
revive.
—
Matt Sicker
> On Apr 27, 2022, at 10:43, Bernd Eckenfels wrote:
>
> I think 20 classes is not small, so probably not good for -lang.
Now that sounds like a good reason for beanutils2, too. Module splits
to allow for minimal module dependencies is a great idea IMO, though I
may be biased since we already started the same idea in Log4j for 3.x
a while ago, too.
On Mon, Apr 25, 2022 at 6:55 AM Gary Gregory wrote:
>
> Hi All,
>
>
to manage releases is a great way to get invited
into the PMC, too, so keep that in mind.
On Wed, Apr 20, 2022 at 10:36 PM Xeno Amess wrote:
>
> @Matt Sicker
>
> Like what I said before, there be no current active commons committers who
> interested in developing bean-utils.
>
> For
I don’t see why that couldn’t have been done here. There’s no need to fork
Commons projects when they’re fairly open to contributors.
—
Matt Sicker
> On Apr 20, 2022, at 16:19, Melloware Inc wrote:
>
> It was supposed to be temporary until Apache released 2.0. It’s been over 5
Yes, at this point, it would help to see what aspects of this would be
useful or welcomed as a library. In the meantime, I've been asked if I
could port the log4j DI system back to 2.x, so I may end up working on
that in the near term and defer any work to extract code to Commons
until we have a
At this point, I'd be most willing to start up a repo and codebase for
this only if it would be useful for Commons, too. In this scenario, I
can begin by porting over the relevant code from log4j to form a
starting point for the library (mainly an API, and annotation
processor, and default
res).
On Fri, Apr 8, 2022 at 12:06 PM Romain Manni-Bucau
wrote:
>
> Le ven. 8 avr. 2022 à 18:50, Matt Sicker a écrit :
>
> > I suspect at this point that most of the remaining slowness in startup
> > on Log4j is related to code that _doesn't_ use plugins. There are some
>
I suspect at this point that most of the remaining slowness in startup
on Log4j is related to code that _doesn't_ use plugins. There are some
strategies that configure on startup in log4j-api based on system
properties and service loaders which are provided for improved
steady-state performance
One of the issues I've found with loading classes eagerly is that many
ClassLoader implementations rely on fairly broad locks. Deferred class
loading can avoid some of this lock contention.
On Thu, Apr 7, 2022 at 12:57 PM Ralph Goers wrote:
>
>
>
> > On Apr 7, 2022, at 2:52 AM, Peter Verhas
ugin system.
>
> Ralph
>
> > On Apr 4, 2022, at 8:39 AM, Matt Sicker wrote:
> >
> > I used to work on the Jenkins project for a few years, so yes, I'm
> > fairly familiar with those difficulties. I've also used OSGi in the
> > past, and I like their ap
gt; > > >>>>>
> > > >>>>> Hi Matt,
> > > >>>>>
> > > >>>>> This is quite timely since I've spent the past week researching
> > > >>>>> frameworks to modularize a monolithic application at my day job
> &
thing I've looked at so far is
> > >>>>> larger and more complicated than I need (e.g. OSGi, Spring, etc) so I
> > >>>>> was seriously considering writing my own, perhaps based on select
> > >>>>> components from the Plexus project [1]. I w
Perhaps? I’d have to investigate how commons configuration works to be sure.
And thanks, Ralph, for answering the questions here. I’ll write up a more
detailed proposal we can discuss.
—
Matt Sicker
> On Apr 3, 2022, at 21:25, Gary Gregory wrote:
>
> So in a Commons centric fanta
ps://github.com/apache/logging-log4j2/tree/master/log4j-plugins>
—
Matt Sicker
Ah, I didn't get a chance to start the next release as I was finishing
up some work on Log4j over the weekend.
On Thu, Mar 17, 2022 at 6:58 PM Gary Gregory wrote:
>
> Anytime ;)
>
> On Thu, Mar 17, 2022, 19:56 Matt Sicker wrote:
>
> > Then I’ll work on a new release ca
Then I’ll work on a new release candidate over the next couple days. Thanks!
—
Matt Sicker
> On Mar 17, 2022, at 14:04, Gary Gregory wrote:
>
> I just released the plugin today, it might not have made it to Maven
> Central yet though...
>
> Gary
>
>> On Thu, Mar
I needed a new release of the commons release plugin to cut a second
release candidate. This first one can be dropped as the vote was
cancelled.
On Thu, Mar 17, 2022 at 8:28 AM Gary Gregory wrote:
>
> Matt,
>
> I see on https://repository.apache.org/#stagingRepositories a Commons Codec
>
The same applies to changing access modifiers. JUnit 5 encourages use of
package private everything as it’s the least typing and now supported (as in v5
will reflectively allow access to your test code if it’s not public).
—
Matt Sicker
> On Feb 17, 2022, at 19:59, Gary Gregory wr
IntelliJ has a useful feature for helping automate migration of JUnit
tests. Works wherever you have tests that don't use rules or
parameterized tests (those need to be manually migrated still).
On Wed, Feb 16, 2022 at 9:17 AM Alex Herbert wrote:
>
> On Wed, 16 Feb 2022 at 14:30, Gilles Sadowski
I think this would be a great idea. There's even some potential work
that can be done related to fuzz testing if we want to expand our
OSS-Fuzz coverage. I imagine we have plenty of interesting Jira
tickets that could make for GSoC projects, too.
On Wed, Jan 26, 2022 at 7:16 AM Gilles Sadowski
Yes, this vote is cancelled. I’d like to see if we can update the parent pom
first so that we get the correct build timestamp. Otherwise, I’ve updated the
other parts in master which will go into RC2.
—
Matt Sicker
> On Jan 24, 2022, at 06:50, Gary Gregory wrote:
>
> Hi Matt,
as well to pick that
up.
—
Matt Sicker
> On Jan 22, 2022, at 15:33, Gary Gregory wrote:
>
> The copyright year is derived from POM properties or can be hard coded.
> Trying to have a reproducible build can further muck things up where you
> end up with 1969 as then end year as I
.
As for the javadoc copyright year, do you know where this gets specified? I
figured it was auto-generated at build time.
—
Matt Sicker
> On Jan 22, 2022, at 08:10, Gary Gregory wrote:
>
> Thank you for cutting the RC! :-)
>
> Maybe blocker:
>
> The Javadoc end copyright
but really should fix...
[ ] -1 I oppose this release because...
Thank you,
Matt Sicker,
Release Manager (using key 748F15B2CF9BA8F024155E6ED7C92B70FA1C814D)
For following is intended as a helper and refresher for reviewers.
Validating a release candidate
==
Thanks, that did the trick. I’ll have a release candidate soon.
—
Matt Sicker
> On Jan 21, 2022, at 23:14, Gary Gregory wrote:
>
> I think you have to go back to Maven 3.6.x because Maven broke
> compatibility with plugins, see
> https://issues.apache.org/jira/browse/MNG
ime:
/Library/Java/JavaVirtualMachines/zulu-8.jdk/Contents/Home/jre
Default locale: en_US, platform encoding: UTF-8
OS name: "mac os x", version: "12.1", arch: "aarch64", family: "mac"
[1]: https://commons.apache.org/releases/prepare.html
—
Matt Sicker
This is the relevant bit about how we no longer need to worry about
reporting cryptography code. Thus, we're clear to make a commons-codec
release as soon as I can find some release instructions.
-- Forwarded message -
From: Roman Shaposhnik
Date: Thu, Jul 15, 2021 at 6:05 PM
<https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates>
--
Matt Sicker
> On Dec 30, 2021, at 16:48, Rob Tompkins wrote:
>
>
>
>> On Dec 30, 2021, at 5:37 PM, sebb &g
All these version pins, notification settings, etc., are all configurable in
the Dependabot config file.
--
Matt Sicker
> On Dec 29, 2021, at 09:22, Romain Manni-Bucau wrote:
>
> @Rob: not sure dependabot would get commits permissions anytime soon, it is
> really an automotion
I’d be +1 for Log4j2 as the API particularly due to the more active development
community and licensing. SLF4J is mostly reliant on the heroic efforts of its
sole maintainer which is a bit of an anti-pattern at Apache. If there’s a
desire to support the Java module system, the only versions of
Updates that help with testing in newer JDKs while still supporting
older ones (which version tends to depend on the specific component;
most have been or can be upgraded to JDK 8 at least). With Java 17
coming out, some developers will make the jump from 11 to 17.
On Sat, Sep 11, 2021 at 11:49
+1
Verified signatures and builds via a few JDKs:
Apache Maven 3.8.2 (ea98e05a04480131370aa0c110b8c54cf726c06f)
Maven home: /usr/local/Cellar/maven/3.8.2/libexec
Java version: 11.0.10, vendor: Oracle Corporation, runtime:
/usr/local/Cellar/openjdk@11/11.0.10/libexec/openjdk.jdk/Contents/Home
+1
Signatures, reports, etc. validated.
Built and tested on:
Apache Maven 3.8.1 (05c21c65bdfed0f71a2f2ada8b84da59348c4c5d)
Maven home: /usr/local/Cellar/maven/3.8.1/libexec
Java version: 16.0.1, vendor: Homebrew, runtime:
/usr/local/Cellar/openjdk/16.0.1/libexec/openjdk.jdk/Contents/Home
Default
att,
>
> Il Ven 9 Lug 2021, 18:25 Matt Sicker ha scritto:
>
> > There seems to be an increased interest from users around making
> > releases of various components in order to clean up their security
> > checklists mandated from above. Since making releases is somewha
There seems to be an increased interest from users around making
releases of various components in order to clean up their security
checklists mandated from above. Since making releases is somewhat
standardized here, would it make sense to create some sort of guide
for volunteers who want releases
Perhaps the key point here is throwing a more specific exception than
RuntimeException? Even if it's a subclass of it. Adding the javadocs
for which exceptions are allowed to be thrown might be sufficient to
cover the DoS attacks.
On Sun, Jun 27, 2021 at 12:05 PM Torsten Curdt wrote:
>
> >
> > >
Checked exceptions are also used when the error isn’t a programmer error.
>From an aesthetic perspective, I prefer the unchecked exceptions unless an
API already established them. Subclassing IOException is fairly common for
example.
On Sun, Jun 27, 2021 at 10:37 Torsten Curdt wrote:
> > Can
Welcome back, Henri! Glad to see you again!
On Sun, Jun 13, 2021 at 08:52 Gary Gregory wrote:
> Let's welcome back Henri Biestro to the PMC.
>
> Gary
>
+1
Signatures good, builds and tests good. Verified on:
Apache Maven 3.8.1 (05c21c65bdfed0f71a2f2ada8b84da59348c4c5d)
Maven home: /usr/local/Cellar/maven/3.8.1/libexec
Java version: 16.0.1, vendor: Homebrew, runtime:
/usr/local/Cellar/openjdk/16.0.1/libexec/openjdk.jdk/Contents/Home
Default
Ah, I see. These exceptions could derive from UncheckedIOException perhaps?
On Sun, 6 Jun 2021 at 15:56, Gilles Sadowski wrote:
>
> Le dim. 6 juin 2021 à 22:32, Matt Sicker a écrit :
> >
> > Well, if there's a parse error decompressing a file, that makes sense
> > as an
Well, if there's a parse error decompressing a file, that makes sense
as an IOException of some sort.
On Sun, 6 Jun 2021 at 12:01, Gilles Sadowski wrote:
>
> Le dim. 6 juin 2021 à 07:51, Stefan Bodewig a écrit :
> >
> > Hi
> >
> > I'm thinking about a specific IOException subclass that is
+1
Signatures good, reports good, built and tested on the following:
Apache Maven 3.8.1 (05c21c65bdfed0f71a2f2ada8b84da59348c4c5d)
Maven home: /usr/local/Cellar/maven/3.8.1/libexec
Java version: 16.0.1, vendor: Homebrew, runtime:
/usr/local/Cellar/openjdk/16.0.1/libexec/openjdk.jdk/Contents/Home
+1
Signatures are good on everything. Spot checks on basic release stuff
are all good (license, notice, rat check etc.). Built and tested fine
on the following (Java 11, 15, 16):
Apache Maven 3.8.1 (05c21c65bdfed0f71a2f2ada8b84da59348c4c5d)
Maven home: /usr/local/Cellar/maven/3.8.1/libexec
Java
There's also a bit of an issue of fixing these types of
vulnerabilities at the library level. The library itself typically
won't have much in the way of a security model until you integrate it
into an application. For example, if you only use commons-compress on
trusted input, then even high
I see that now. Thanks for handling the ticket!
On Tue, 20 Apr 2021 at 11:38, sebb wrote:
>
> On Tue, 20 Apr 2021 at 17:22, Matt Sicker wrote:
> >
> > I've tried adding that email to the allow-subscribe list for that
> > mailing list. Let's see if the next mess
I've tried adding that email to the allow-subscribe list for that
mailing list. Let's see if the next messages get through without
moderation now.
On Tue, 20 Apr 2021 at 10:46, Matt Sicker wrote:
>
> I've accepted all the moderation requests so far, though I also get
> CC'd on the sa
so normal moderation rules
> can be applied)
>
> > On Tue, Apr 20, 2021, 17:30 Matt Sicker wrote:
> >
> > > Guess we'll have to ask infra then. They probably have a way to filter
> > > based on regex or something.
> > >
> > &
Guess we'll have to ask infra then. They probably have a way to filter
based on regex or something.
On Tue, 20 Apr 2021 at 10:05, sebb wrote:
>
> On Tue, 20 Apr 2021 at 15:53, Matt Sicker wrote:
>
> > Looks like we need to add the bot email as an allowed sender to the list.
>
Looks like we need to add the bot email as an allowed sender to the list.
Otherwise, I’ve seen the alerts start already
On Tue, Apr 20, 2021 at 09:27 Fabian Meumertzheim <
meumertzh...@code-intelligence.com> wrote:
> The first OSS-Fuzz build passed and some bugs have already been created.
>
Can we make a Google group or shared Google account for the commons PMC?
On Sat, Apr 17, 2021 at 17:43 sebb wrote:
> On Sat, 17 Apr 2021 at 18:05, Fabian Meumertzheim
> wrote:
> >
> > On Sat, Apr 17, 2021 at 3:58 PM Stefan Bodewig
> wrote:
> > >
> > > I'm not sure I understand this. AFAIU I
I have a Google account I can be CC’d on. I do security engineering
professionally, so I have some experience in the area as well.
On Sat, Apr 17, 2021 at 08:58 Stefan Bodewig wrote:
> On 2021-04-15, Fabian Meumertzheim wrote:
>
> > Just to keep the following in mind: Full access to bug reports
Would the undeclared runtime exceptions be "fixable" for the fuzzing
tool if the methods declared their runtime exceptions being thrown? Or
the javadocs? As in, this tool is looking for exceptional conditions
that don't appear to be intentional?
I've briefly looked at OSS-Fuzz, and it certainly
Calling it technical debt is pretty useful, too, because just like
monetary debt, it can be useful to accumulate some in the short term
for productive reasons, but if you don't pay it off and manage it
properly, the interest payments begin to dominate expenses. Interest
on technical debt comes in
And the two linked bugs in Java15BugFastDateParserTest.java are marked
fixed already:
https://bugs.openjdk.java.net/browse/JDK-8248655
https://bugs.openjdk.java.net/browse/JDK-8248434
On Sun, 21 Mar 2021 at 10:26, Matt Sicker wrote:
>
> Looks related to some locale changes most
Looks related to some locale changes most likely? There are also a
couple test failures that are likely due to illegal reflective access.
Case in point, one of the tests has an InaccessibleObject error
message.
Tested on:
openjdk version "16" 2021-03-16
OpenJDK Runtime Environment AdoptOpenJDK
Perhaps the output of this tool won't have nearly as much spam as
Dependabot et al? If so, we could just use the security list.
On Tue, 9 Mar 2021 at 15:48, sebb wrote:
>
> On Tue, 9 Mar 2021 at 21:38, Gary Gregory wrote:
> >
> > What if we make the existing notification list private? Who uses
e libcrypto installed locally.
>
>
>
> On Sun, Feb 28, 2021 at 6:21 PM Matt Sicker wrote:
>
> > That's why I'm interested in proper benchmarks before supporting a
> > release of something with platform-specific code. The CPU extensions
> > are ostensibly for
We could create another private list for static analysis alerts perhaps?
On Sun, 7 Mar 2021 at 03:51, Stefan Bodewig wrote:
>
> On 2021-03-07, Fabian Meumertzheim wrote:
>
> > On Sat, Mar 6, 2021 at 10:08 PM Stefan Bodewig wrote:
>
> >> OTOH I'm not sure I understand the requirements of
+1
Signatures good, tested on macOS with Java 1.8, 11, and 15.
On Sun, 7 Mar 2021 at 09:30, Arturo Bernal
wrote:
>
> Hi All,
>
> Build OK from the tag '4fbaade0’ with ‘mvn test’
>
>
>
> Maven home: /opt/apache-maven-3.6.3
> Java version: 1.8.0_275, vendor: AdoptOpenJDK, runtime:
>
the assembler-optimized variants), but if JNI overhead
negates the gains there, then I'd agree that sticking to pure Java
code here would be optimal.
On Sun, 28 Feb 2021 at 17:18, sebb wrote:
>
> On Sun, 28 Feb 2021 at 20:14, Matt Sicker wrote:
> >
> > I'd also be interested in benchm
(blake2b is the default hash used in libsodium, a
popular C crypto library). Some links:
https://github.com/BLAKE3-team/BLAKE3
https://www.blake2.net/
Specs:
https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf
On Sun, 28 Feb 2021 at 14:14, Matt Sicker wrote:
>
> I'
I'd also be interested in benchmarking comparisons as I've been
working on a proof of concept using Blake3 to do similarly (I have a
pure Java implementation and a JNI version that ultimately invokes the
reference C implementation, though I've also wondered about linking
the reference Rust
+1
Tested with:
Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)
Maven home: /usr/local/Cellar/maven/3.6.3_1/libexec
Java version: 15.0.1, vendor: N/A, runtime:
/usr/local/Cellar/openjdk/15.0.1/libexec/openjdk.jdk/Contents/Home
Default locale: en_US, platform encoding: UTF-8
OS
Provided dependencies typically mean that the dependency is copied
into another dependency (think Java EE APIs typically) and doesn't
need to be added by a runtime dependency. It's kind of the opposite of
the runtime scope which doesn't add it at compile time but does at
runtime.
On Thu, 4 Feb
to compile.
>
> > On Mon, Feb 1, 2021, 17:22 sebb wrote:
> >
> > > On Mon, 1 Feb 2021 at 17:56, Matt Sicker wrote:
> > > >
> > > > Compile time annotations would only be necessary to build the commons
> > > > component.
> &g
Compile time annotations would only be necessary to build the commons
component. Unless they're runtime scope, but even that can work
without class loader errors provided you're not reflecting on it.
On Mon, 1 Feb 2021 at 11:45, sebb wrote:
>
> On Mon, 1 Feb 2021 at 16:52, Tomo Suzuki wrote:
>
Are we even allowed to use the intrinsic annotation in user code? Java
9 introduces modules in that they wish to hide internal details, and
this sounds like an internal detail?
On Wed, 27 Jan 2021 at 10:39, Erik Svensson wrote:
>
> Hello all!
>
> I work for a fintech company and we do a lot of
The fact that it's in a single file rather than in the copyright
header of every file as is typically done already reduces the number
of things to update at least. :)
Maybe there's a thing in the commons maven plugin?
On Sun, 10 Jan 2021 at 11:01, Xeno Amess wrote:
>
> In nearly all repos in
This library has largely been superseded by log4j-api in Log4j2. Some
details here: https://logging.apache.org/log4j/2.x/manual/api.html
On Mon, 14 Dec 2020 at 10:45, Elliotte Rusty Harold wrote:
>
> Hello,
>
> I wanted to check on the status of commons-logging. It hasn't been
> updated since
LGTM, thanks, Gary!
On Tue, 8 Dec 2020 at 11:11, Gary Gregory wrote:
>
> Here is our draft board report:
>
> ## Description:
> The mission of Apache Commons is the creation and maintenance of Java
> focused
> reusable libraries and components
>
> ## Issues:
> There are no issues requiring board
Wrong list?
On Tue, 17 Nov 2020 at 12:23, Gary Gregory wrote:
>
> Hi all,
>
> Why is this an enum and not a class?
>
> Hary
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail:
trivial to
>
> port this code to Java; but maybe some of the ideas could be
>
> incorporated into [CLI]?
>
>
>
> Thanks
>
> Oliver
>
>
>
> [1] https://github.com/oheger/scli
>
> [2] https://github.com/oheger/scli/blob/master/Tutorial.adoc
>
>
>
>
>
>
>
> -
>
> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
>
> For additional commands, e-mail: dev-h...@commons.apache.org
>
>
>
> --
Matt Sicker
Branches have green checks on them too. Every commit does unless you push
more than one at a time to a single branch (then they’re batched). This
applies to both Jenkins and GH Actions.
On Thu, Sep 17, 2020 at 19:39 Gary Gregory wrote:
> On Thu, Sep 17, 2020 at 12:23 PM Matt Sicker wr
Do they show up as branches before or after the PR? If it’s before, maybe
we can disable the PR and just use the branches.
On Wed, Sep 16, 2020 at 20:53 Gary Gregory wrote:
> On Wed, Sep 16, 2020 at 8:53 PM Matt Sicker wrote:
>
> >
>
> > Don’t Dependabot PRs show up as
itional commands, e-mail: dev-h...@commons.apache.org
>
> > >>
>
> > >
>
> > > -
>
> > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
>
> > > For additional commands, e-mail: dev-h...@commons.apache.org
>
> > >
>
> >
>
> > -
>
> > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
>
> > For additional commands, e-mail: dev-h...@commons.apache.org
>
> >
>
>
>
> -
>
> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
>
> For additional commands, e-mail: dev-h...@commons.apache.org
>
>
>
> --
Matt Sicker
UT---
>
> Gilles
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
> For additional commands, e-mail: dev-h...@commons.apache.org
>
--
Matt Sicker
--
1 - 100 of 572 matches
Mail list logo