date:20180619

Re: [VOTE] cordova-common 2.2.4 patch release

2018-06-19 Thread Chris Brody

The vote has now closed. The results are:

Positive Binding Votes: 3

Christopher J. Brody
Jesse MacFadyen
Darryl Pogue

Negative Binding Votes: 0

The vote has passed.

Thanks for your vote and consideration.

Chris

https://twitter.com/brodybits

On Mon, Jun 18, 2018 at 8:24 PM Chris Brody  wrote:

> There are now enough +1 votes to pass, and I had sent the original request
> more than 48 hours ago. Giving this another 12 hours in case of any
> possible objections. Will make the release and publish the blog post if
> there are no objections within the next 12 hours.
>
> On Mon, Jun 18, 2018 at 8:06 PM Darryl Pogue  wrote:
>
>> I vote +1
>>
>> * Confirmed sigs & hashes with `coho verify-archive`
>> * Verified sha1s match tags with `coho verify-tags`
>>
>> On Mon, Jun 18, 2018 at 3:22 PM Jesse  wrote:
>> >
>> > I vote +1
>> > * Ran coho audit-license-headers over the relevant repos
>> > * Ran coho check-license to ensure all dependencies and
>> > sub-dependencies have Apache-compatible licenses
>> > * Ensured continuous build was green when repos were tagged
>> > * installed and ran tests locally
>> >
>> >
>> >
>> > @purplecabbage
>> > risingj.com
>> >
>> > On Mon, Jun 18, 2018 at 3:14 PM, Chris Brody 
>> wrote:
>> >
>> > > Plenty of discussion in other threads, something definitely went
>> wrong,
>> > > lesson learned. I would like to kindly request actual votes in this
>> thread
>> > > in order to unblock my work.
>> > >
>> > > In case of -1 vote please just give a quick reason so that it would be
>> > > possible for me to rectify any such issues.
>> > >
>> > > I would really like to move forward with this patch if we do not
>> identify
>> > > any major issues in order to resolve the npm audit issues asap. We can
>> > > always make a follow-up patch if needed.
>> > >
>> > > Thanks in advance, best regards,
>> > >
>> > > Chris
>> > >
>> > > On Jun 18, 2018 7:06 AM, "Chris Brody"  wrote:
>> > >
>> > > > This vote was requested last Friday but received votes, positive or
>> > > > negative. This patch release is needed to resolve npm audit issues.
>> > > >
>> > > > Please review and vote on this cordova-common 2.2.4 (patch release)
>> > > > by replying to this email (and keep discussion on the [DISCUSS]
>> thread)
>> > > >
>> > > > Release issue: https://issues.apache.org/jira/browse/CB-14138
>> > > >
>> > > > Purpose is to release a single version of cordova-common with npm
>> > > > audit issues fixed, working on cordova-android, cordova-ios, and all
>> > > > other tools and platform packages.
>> > > >
>> > > > Artifacts for this cordova-common patch release have been published
>> to
>> > > > dist/dev:
>> > > > https://dist.apache.org/repos/dist/dev/cordova/CB-14138/
>> > > >
>> > > > The package artifacts were published from their corresponding git
>> tag(s):
>> > > >
>> > > > cordova-common: 2.2.4 (494edddc23)
>> > > >
>> > > > Upon a successful vote I will upload the archives to dist/, publish
>> > > > them to npm, and post the corresponding blog post.
>> > > >
>> > > > Voting guidelines:
>> > > > https://github.com/apache/cordova-coho/blob/master/docs/
>> > > release-voting.md
>> > > >
>> > > > Voting will go on for a minimum of 48 hours.
>> > > >
>> > > > I vote +1:
>> > > > * Ran coho audit-license-headers over the relevant repos
>> > > > * Ran coho check-license to ensure all dependencies and
>> > > > sub-dependencies have Apache-compatible licenses
>> > > > * Ensured continuous build was green when repos were tagged
>> > > >
>> > > > Thanks and best regards,
>> > > >
>> > > > Chris
>> > > >
>> > > > https://twitter.com/brodybits
>> > > >
>> > >
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
>> For additional commands, e-mail: dev-h...@cordova.apache.org
>>
>>

Re: Android 4.4 support?

2018-06-19 Thread Shazron

"We should consider KitKat 'abandoned'" w.r.t. the media plugin, not
Cordova...

On Tue, Jun 19, 2018 at 11:47 PM Shazron  wrote:

> Using http might fix the test, for sure - but I think we should move on to
> testing https only, as the new normal.
>
> Although this is through one major browser vendor (which dwarfs all others
> at 60% market share) -- the coming https-pocalypse later this year (see
> https://techcrunch.com/2018/02/08/chrome-will-soon-mark-all-unencrypted-pages-as-not-secure/)
> is the hammer coming for most sites. These sites will not want to lose any
> Google juice and it will be the new reality (sites might not want to
> change, but customers leaving will make that choice for them).
>
> Even if we keep testing for http, most sites will eventually redirect to
> https, and we would be back to square one with the failing tests. We should
> consider KitKat 'abandoned' since Google definitely won't be updating it
> with the latest security standard.
>
> Filed and resolved: https://issues.apache.org/jira/browse/CB-14146
>
>
>
>
> On Tue, Jun 19, 2018 at 5:43 PM julio cesar sanchez <
> jcesarmob...@gmail.com> wrote:
>
>> Why don't we just use http instead of https? shouldn't that fix the
>> problems too? or https is required in other platforms?
>>
>> 2018-06-19 11:32 GMT+02:00 Ken Naito :
>>
>>> Hi Shazron,
>>>
>>> Thanks for the advice!
>>> I sent a new commit of PR, which removes some tests for Android 4.4.
>>>
>>> Ken Naito.
>>>
>>> On 2018/06/19 13:35, Shazron wrote:
>>>
 Thanks Ken!
 I think we should go for the simpler option, and log this as a new
 issue that is known and out of our control. Android 4.4 (even though 10% of
 the market) should not be a priority for us.

 On Tue, Jun 19, 2018 at 12:30 PM Ken Naito >>> k...@monaca.io>> wrote:


 I have investigated the test failure for Android 4.4. For
 cordova-plugin-media, the cause of the failure may be the SSL
 handshake.

 The MediaPlayer in Android 4.4 can not connect to a modern SSL
 server.
 For example:
 https://cordova.apache.org/downloads/BlueZedEx.mp3

 https://cordova-develop.github.io/cordova-plugin-media/res/BlueZedEx.mp3

 On the other hand, the MediaPlayer can connect to a standard SSL
 server
 like:
 https://www.asial.co.jp/data_knaito/BlueZedEx.mp3

 I have checked the packet, and the available cipher suites of
 Android
 4.4 are as follows:

 ECDHE-RSA-AES256-CBC-SHA
 ECDHE-ECDSA-AES256-CBC-SHA
 SRP-SHA-DSS-AES256-CBC-SHA
 SRP-SHA-RSA-AES256-CBC-SHA
 DHE-RSA-AES256-CBC-SHA
 DHE-DSS-AES256-CBC-SHA
 ECDH-RSA-AES256-CBC-SHA
 ECDH-ECDSA-AES256-CBC-SHA
 RSA-AES256-CBC-SHA
 ECDHE-RSA-3DES-EDE-CBC-SHA
 ECDHE-ECDSA-3DES-EDE-CBC-SHA
 SRP-SHA-DSS-3DES-EDE-CBC-SHA
 SRP-SHA-RSA-3DES-EDE-CBC-SHA
 DHE-RSA-3DES-EDE-CBC-SHA
 DHE-DSS-3DES-EDE-CBC-SHA
 ECDH-RSA-3DES-EDE-CBC-SHA
 ECDH-ECDSA-3DES-EDE-CBC-SHA
 RSA-3DES-EDE-CBC-SHA
 ECDHE-RSA-AES128-CBC-SHA
 ECDHE-ECDSA-AES128-CBC-SHA
 SRP-SHA-DSS-AES128-CBC-SHA
 SRP-SHA-RSA-AES128-CBC-SHA
 DHE-RSA-AES128-CBC-SHA
 DHE-DSS-AES128-CBC-SHA
 ECDH-RSA-AES128-CBC-SHA
 ECDH-ECDSA-AES128-CBC-SHA
 RSA-AES128-CBC-SHA
 ECDHE-RSA-RC4-SHA
 ECDHE-ECDSA-RC4-SHA
 ECDH-RSA-RC4-SHA
 ECDH-ECDSA-RC4-SHA
 RSA-RC4-SHA
 RSA-RC4-MD5

 Modern SSL servers may refuse these cipher suites.

 In order to resolve this issue, the mp3 file should be downloaded in
 another way and then be played by MediaPlayer.
 One way of downloading is using the okhttp library with a custom ssl
 socket factory.

 However, the okhttp library is not included in the latest
 cordova-android, and cordova-plugin-okhttp
 (https://github.com/MobileChromeApps/cordova-plugin-okhttp) is too
 old
 and not maintained.

 I think that a new okhttp plugin should be created, and
 cordova-plugin-media should depend on the new okhttp plugin in
 order to
 connect to a modern SSL server.

 Or, a more simple option is to specify that the MediaPlayer can not
 connect modern SSL servers for Android 4.4, and remove the test of
 playing streams for Android 4.4.


 On 2018/06/18 13:02, Shazron wrote:
 > We keep seeing this failed Media test on Android 4.4:
 > https://github.com/apache/cordova-plugin-media/pull/166
 >
 > I'm not sure of the state of our Android support, especially
 4.4. Does
 > anyone have any pointers? Thanks
 >


>>>
>>

Re: Android 4.4 support?

2018-06-19 Thread Shazron

Using http might fix the test, for sure - but I think we should move on to
testing https only, as the new normal.

Although this is through one major browser vendor (which dwarfs all others
at 60% market share) -- the coming https-pocalypse later this year (see
https://techcrunch.com/2018/02/08/chrome-will-soon-mark-all-unencrypted-pages-as-not-secure/)
is the hammer coming for most sites. These sites will not want to lose any
Google juice and it will be the new reality (sites might not want to
change, but customers leaving will make that choice for them).

Even if we keep testing for http, most sites will eventually redirect to
https, and we would be back to square one with the failing tests. We should
consider KitKat 'abandoned' since Google definitely won't be updating it
with the latest security standard.

Filed and resolved: https://issues.apache.org/jira/browse/CB-14146




On Tue, Jun 19, 2018 at 5:43 PM julio cesar sanchez 
wrote:

> Why don't we just use http instead of https? shouldn't that fix the
> problems too? or https is required in other platforms?
>
> 2018-06-19 11:32 GMT+02:00 Ken Naito :
>
>> Hi Shazron,
>>
>> Thanks for the advice!
>> I sent a new commit of PR, which removes some tests for Android 4.4.
>>
>> Ken Naito.
>>
>> On 2018/06/19 13:35, Shazron wrote:
>>
>>> Thanks Ken!
>>> I think we should go for the simpler option, and log this as a new issue
>>> that is known and out of our control. Android 4.4 (even though 10% of the
>>> market) should not be a priority for us.
>>>
>>> On Tue, Jun 19, 2018 at 12:30 PM Ken Naito >> k...@monaca.io>> wrote:
>>>
>>>
>>> I have investigated the test failure for Android 4.4. For
>>> cordova-plugin-media, the cause of the failure may be the SSL
>>> handshake.
>>>
>>> The MediaPlayer in Android 4.4 can not connect to a modern SSL
>>> server.
>>> For example:
>>> https://cordova.apache.org/downloads/BlueZedEx.mp3
>>>
>>> https://cordova-develop.github.io/cordova-plugin-media/res/BlueZedEx.mp3
>>>
>>> On the other hand, the MediaPlayer can connect to a standard SSL
>>> server
>>> like:
>>> https://www.asial.co.jp/data_knaito/BlueZedEx.mp3
>>>
>>> I have checked the packet, and the available cipher suites of Android
>>> 4.4 are as follows:
>>>
>>> ECDHE-RSA-AES256-CBC-SHA
>>> ECDHE-ECDSA-AES256-CBC-SHA
>>> SRP-SHA-DSS-AES256-CBC-SHA
>>> SRP-SHA-RSA-AES256-CBC-SHA
>>> DHE-RSA-AES256-CBC-SHA
>>> DHE-DSS-AES256-CBC-SHA
>>> ECDH-RSA-AES256-CBC-SHA
>>> ECDH-ECDSA-AES256-CBC-SHA
>>> RSA-AES256-CBC-SHA
>>> ECDHE-RSA-3DES-EDE-CBC-SHA
>>> ECDHE-ECDSA-3DES-EDE-CBC-SHA
>>> SRP-SHA-DSS-3DES-EDE-CBC-SHA
>>> SRP-SHA-RSA-3DES-EDE-CBC-SHA
>>> DHE-RSA-3DES-EDE-CBC-SHA
>>> DHE-DSS-3DES-EDE-CBC-SHA
>>> ECDH-RSA-3DES-EDE-CBC-SHA
>>> ECDH-ECDSA-3DES-EDE-CBC-SHA
>>> RSA-3DES-EDE-CBC-SHA
>>> ECDHE-RSA-AES128-CBC-SHA
>>> ECDHE-ECDSA-AES128-CBC-SHA
>>> SRP-SHA-DSS-AES128-CBC-SHA
>>> SRP-SHA-RSA-AES128-CBC-SHA
>>> DHE-RSA-AES128-CBC-SHA
>>> DHE-DSS-AES128-CBC-SHA
>>> ECDH-RSA-AES128-CBC-SHA
>>> ECDH-ECDSA-AES128-CBC-SHA
>>> RSA-AES128-CBC-SHA
>>> ECDHE-RSA-RC4-SHA
>>> ECDHE-ECDSA-RC4-SHA
>>> ECDH-RSA-RC4-SHA
>>> ECDH-ECDSA-RC4-SHA
>>> RSA-RC4-SHA
>>> RSA-RC4-MD5
>>>
>>> Modern SSL servers may refuse these cipher suites.
>>>
>>> In order to resolve this issue, the mp3 file should be downloaded in
>>> another way and then be played by MediaPlayer.
>>> One way of downloading is using the okhttp library with a custom ssl
>>> socket factory.
>>>
>>> However, the okhttp library is not included in the latest
>>> cordova-android, and cordova-plugin-okhttp
>>> (https://github.com/MobileChromeApps/cordova-plugin-okhttp) is too
>>> old
>>> and not maintained.
>>>
>>> I think that a new okhttp plugin should be created, and
>>> cordova-plugin-media should depend on the new okhttp plugin in
>>> order to
>>> connect to a modern SSL server.
>>>
>>> Or, a more simple option is to specify that the MediaPlayer can not
>>> connect modern SSL servers for Android 4.4, and remove the test of
>>> playing streams for Android 4.4.
>>>
>>>
>>> On 2018/06/18 13:02, Shazron wrote:
>>> > We keep seeing this failed Media test on Android 4.4:
>>> > https://github.com/apache/cordova-plugin-media/pull/166
>>> >
>>> > I'm not sure of the state of our Android support, especially
>>> 4.4. Does
>>> > anyone have any pointers? Thanks
>>> >
>>>
>>>
>>
>

Nightly build #756 for cordova has succeeded!

2018-06-19 Thread Apache Jenkins Server

Nightly build #756 for cordova has succeeded!
The latest nightly has been published and you can try it out with 'npm i -g 
cordova@nightly'

For details check build console at 
https://builds.apache.org/job/cordova-nightly/756/consoleFull

-
Jenkins for Apache Cordova

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

Re: Android 4.4 support?

2018-06-19 Thread julio cesar sanchez

Why don't we just use http instead of https? shouldn't that fix the
problems too? or https is required in other platforms?

2018-06-19 11:32 GMT+02:00 Ken Naito :

> Hi Shazron,
>
> Thanks for the advice!
> I sent a new commit of PR, which removes some tests for Android 4.4.
>
> Ken Naito.
>
> On 2018/06/19 13:35, Shazron wrote:
>
>> Thanks Ken!
>> I think we should go for the simpler option, and log this as a new issue
>> that is known and out of our control. Android 4.4 (even though 10% of the
>> market) should not be a priority for us.
>>
>> On Tue, Jun 19, 2018 at 12:30 PM Ken Naito > k...@monaca.io>> wrote:
>>
>>
>> I have investigated the test failure for Android 4.4. For
>> cordova-plugin-media, the cause of the failure may be the SSL
>> handshake.
>>
>> The MediaPlayer in Android 4.4 can not connect to a modern SSL
>> server.
>> For example:
>> https://cordova.apache.org/downloads/BlueZedEx.mp3
>> https://cordova-develop.github.io/cordova-plugin-media/res/
>> BlueZedEx.mp3
>>
>> On the other hand, the MediaPlayer can connect to a standard SSL
>> server
>> like:
>> https://www.asial.co.jp/data_knaito/BlueZedEx.mp3
>>
>> I have checked the packet, and the available cipher suites of Android
>> 4.4 are as follows:
>>
>> ECDHE-RSA-AES256-CBC-SHA
>> ECDHE-ECDSA-AES256-CBC-SHA
>> SRP-SHA-DSS-AES256-CBC-SHA
>> SRP-SHA-RSA-AES256-CBC-SHA
>> DHE-RSA-AES256-CBC-SHA
>> DHE-DSS-AES256-CBC-SHA
>> ECDH-RSA-AES256-CBC-SHA
>> ECDH-ECDSA-AES256-CBC-SHA
>> RSA-AES256-CBC-SHA
>> ECDHE-RSA-3DES-EDE-CBC-SHA
>> ECDHE-ECDSA-3DES-EDE-CBC-SHA
>> SRP-SHA-DSS-3DES-EDE-CBC-SHA
>> SRP-SHA-RSA-3DES-EDE-CBC-SHA
>> DHE-RSA-3DES-EDE-CBC-SHA
>> DHE-DSS-3DES-EDE-CBC-SHA
>> ECDH-RSA-3DES-EDE-CBC-SHA
>> ECDH-ECDSA-3DES-EDE-CBC-SHA
>> RSA-3DES-EDE-CBC-SHA
>> ECDHE-RSA-AES128-CBC-SHA
>> ECDHE-ECDSA-AES128-CBC-SHA
>> SRP-SHA-DSS-AES128-CBC-SHA
>> SRP-SHA-RSA-AES128-CBC-SHA
>> DHE-RSA-AES128-CBC-SHA
>> DHE-DSS-AES128-CBC-SHA
>> ECDH-RSA-AES128-CBC-SHA
>> ECDH-ECDSA-AES128-CBC-SHA
>> RSA-AES128-CBC-SHA
>> ECDHE-RSA-RC4-SHA
>> ECDHE-ECDSA-RC4-SHA
>> ECDH-RSA-RC4-SHA
>> ECDH-ECDSA-RC4-SHA
>> RSA-RC4-SHA
>> RSA-RC4-MD5
>>
>> Modern SSL servers may refuse these cipher suites.
>>
>> In order to resolve this issue, the mp3 file should be downloaded in
>> another way and then be played by MediaPlayer.
>> One way of downloading is using the okhttp library with a custom ssl
>> socket factory.
>>
>> However, the okhttp library is not included in the latest
>> cordova-android, and cordova-plugin-okhttp
>> (https://github.com/MobileChromeApps/cordova-plugin-okhttp) is too
>> old
>> and not maintained.
>>
>> I think that a new okhttp plugin should be created, and
>> cordova-plugin-media should depend on the new okhttp plugin in
>> order to
>> connect to a modern SSL server.
>>
>> Or, a more simple option is to specify that the MediaPlayer can not
>> connect modern SSL servers for Android 4.4, and remove the test of
>> playing streams for Android 4.4.
>>
>>
>> On 2018/06/18 13:02, Shazron wrote:
>> > We keep seeing this failed Media test on Android 4.4:
>> > https://github.com/apache/cordova-plugin-media/pull/166
>> >
>> > I'm not sure of the state of our Android support, especially
>> 4.4. Does
>> > anyone have any pointers? Thanks
>> >
>>
>>
>

Re: Android 4.4 support?

2018-06-19 Thread Ken Naito

Hi Shazron,

Thanks for the advice!
I sent a new commit of PR, which removes some tests for Android 4.4.

Ken Naito.

On 2018/06/19 13:35, Shazron wrote:

Thanks Ken!
I think we should go for the simpler option, and log this as a new 
issue that is known and out of our control. Android 4.4 (even though 
10% of the market) should not be a priority for us.

On Tue, Jun 19, 2018 at 12:30 PM Ken Naito > wrote:

I have investigated the test failure for Android 4.4. For
cordova-plugin-media, the cause of the failure may be the SSL
handshake.

The MediaPlayer in Android 4.4 can not connect to a modern SSL
server.
For example:
https://cordova.apache.org/downloads/BlueZedEx.mp3
https://cordova-develop.github.io/cordova-plugin-media/res/BlueZedEx.mp3

On the other hand, the MediaPlayer can connect to a standard SSL
server
like:
https://www.asial.co.jp/data_knaito/BlueZedEx.mp3

I have checked the packet, and the available cipher suites of Android
4.4 are as follows:

ECDHE-RSA-AES256-CBC-SHA
ECDHE-ECDSA-AES256-CBC-SHA
SRP-SHA-DSS-AES256-CBC-SHA
SRP-SHA-RSA-AES256-CBC-SHA
DHE-RSA-AES256-CBC-SHA
DHE-DSS-AES256-CBC-SHA
ECDH-RSA-AES256-CBC-SHA
ECDH-ECDSA-AES256-CBC-SHA
RSA-AES256-CBC-SHA
ECDHE-RSA-3DES-EDE-CBC-SHA
ECDHE-ECDSA-3DES-EDE-CBC-SHA
SRP-SHA-DSS-3DES-EDE-CBC-SHA
SRP-SHA-RSA-3DES-EDE-CBC-SHA
DHE-RSA-3DES-EDE-CBC-SHA
DHE-DSS-3DES-EDE-CBC-SHA
ECDH-RSA-3DES-EDE-CBC-SHA
ECDH-ECDSA-3DES-EDE-CBC-SHA
RSA-3DES-EDE-CBC-SHA
ECDHE-RSA-AES128-CBC-SHA
ECDHE-ECDSA-AES128-CBC-SHA
SRP-SHA-DSS-AES128-CBC-SHA
SRP-SHA-RSA-AES128-CBC-SHA
DHE-RSA-AES128-CBC-SHA
DHE-DSS-AES128-CBC-SHA
ECDH-RSA-AES128-CBC-SHA
ECDH-ECDSA-AES128-CBC-SHA
RSA-AES128-CBC-SHA
ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA
ECDH-RSA-RC4-SHA
ECDH-ECDSA-RC4-SHA
RSA-RC4-SHA
RSA-RC4-MD5

Modern SSL servers may refuse these cipher suites.

In order to resolve this issue, the mp3 file should be downloaded in
another way and then be played by MediaPlayer.
One way of downloading is using the okhttp library with a custom ssl
socket factory.

However, the okhttp library is not included in the latest
cordova-android, and cordova-plugin-okhttp
(https://github.com/MobileChromeApps/cordova-plugin-okhttp) is too
old
and not maintained.

I think that a new okhttp plugin should be created, and
cordova-plugin-media should depend on the new okhttp plugin in
order to
connect to a modern SSL server.

Or, a more simple option is to specify that the MediaPlayer can not
connect modern SSL servers for Android 4.4, and remove the test of
playing streams for Android 4.4.

On 2018/06/18 13:02, Shazron wrote:
> We keep seeing this failed Media test on Android 4.4:
> https://github.com/apache/cordova-plugin-media/pull/166
>
> I'm not sure of the state of our Android support, especially
4.4. Does
> anyone have any pointers? Thanks
>

Re: [VOTE] cordova-common 2.2.4 patch release

Re: Android 4.4 support?

Re: Android 4.4 support?

Nightly build #756 for cordova has succeeded!

Re: Android 4.4 support?

Re: Android 4.4 support?

6 matches

Site Navigation

Mail list logo

Footer information