I think this is an excellent idea ! +1 thank you benoit ! jean
On Mon, Jul 19, 2021 at 10:16 AM btell...@apache.org <btell...@apache.org> wrote: > Hello all, > > While fixing our download pages following some infra bot complains, I > ended up fixing the downloads for Apache James Hupa. > > - The latest release (0.3.0) dates from 2012 which is an eternity in > computing. > - The latest tag on Github is 0.0.3 > - The pom references 0.0.5-SNAPSHOT suggesting that 0.0.4 release is > lost :-( > - This repository is crippled by multiple CVEs (quick dependabot review): > - CVE-2021-29425 (commons-io) > - GHSA-m6cp-vxjx-65j6 CVE-2017-7656 CVE-2015-2080 CVE-2017-7657 > CVE-2019-10241 CVE-2019-10247 (Jetty server) > - CVE-2020-9447 (gwtupload) > - GHSA-g3wg-6mcf-8jj6 (jetty-webapp) > - CVE-2019-17571 (log4j) > - CVE-2016-1000031 CVE-2016-3092 (commons-fileupload) > - Sporadic activity since 2012 > - Zero to no exchanges for several years on the mailing lists. > > From the Readme: > > > Hupa is able to discover most of the imap/smtp configuration based on > the email domain part. When you are prompted to login, type your email > address and wait few seconds, if you click on the gear button you can > see the configuration discovered by Hupa, you can modify it if it does > not match your email provider configuration. Then type your inbox > password and you will be logged into your email provider servers. > > > Hupa is compatible with most email providers, gmail, yahoo, hotmail, > outlook, exchange, james, etc. > > I fail to see the value added compared to other webmails like roundcube, > rainloops to quote a few... > > As such, given that alternatives exists, given that the project is > likely not mature, unmaintained and unsecure, I propose to retire this > Apache James subproject. > > I will do research on procedures and best practices to do so. I guess a > formal vote would be necessary. Likely contact Apache Labs were the > project originated from in 2009... > > Best regards, > > Benoit TELLIER > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org > For additional commands, e-mail: server-dev-h...@james.apache.org > >