apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <...@apache.org>
Subject Re: 1.6.0 release candidates
Date Mon, 17 Apr 2017 16:06:04 GMT
On Mon, 2017-04-17 at 14:01 +0200, Rainer Jung wrote:

Thanks for the comments.

> my test results: most important is failure to compile on Solaris 8 and a 
> hang during make test on Solaris 10, as well as your key seeming to be 
> revoked. See below.
> 1) Formal observations
> ======================
> - MD5 and SHA1 missing

Indeed.  Do you think those should be encouraged, as they don't
actually give any more security than a simple checksum?

> - zip archives not named "win32-src.zip" as previously
> - CHANGES-APR-1.6 and CHANGES-APR-UTIL-1.6 missing

> - HEADER.html and README.html missing
> - Announcement1.6.txt and Announcement1.6.html missing

AFAICS those don't feature in the tarballs?  I looked at
the 1.5.latest of APR/APU and I don't see them.

> - Key B87F79A9 missing from KEYS file

Good point.  Since ASF now auto-generates per-project keys files
daily, why maintain a separate KEYS file?

> - Key B87F79A9 is listed as "revoked: 2016-08-16" in key server

I saw that key after uploading the tarballs!
That key has a wrong creation date and wrong fingerprint:
it's an imposter who created a clash (I recollect discussing
that, though I only just found out that a fake with my name
on it was "out there")!  My real key is in
http://people.apache.org/keys/group/apr.asc and 
(along with my old 1024-bit key, which I can also use if this
is creating confusion).

> - ".svn" directory included, that's unusual
> - STATUS file included, that's unusual

It's a fair cop, guv!

> - Unix build files configure, *.spec, build-outputs.mk, build/*.sh,
>    build/l*.m4 (libtool m4 files) and the copies of the apr build/*.m4
>    in apu are included in zip (that's new, but IMHO OK)

Ah, right.  Yep, that's probably not such a good idea.

Do we in fact still need those in the Unix tarballs?  Are there
platforms out there with the toolchain for configure/make but not
for buildconf?

> - no more bundled expat: we need to note that in the release notes

Agreed, that was certainly on the agenda for the announcement.

> 2) Compile and run
> ==================
> a) New apr configure options
> b) Changes in apr-util configure options

Useful for release notes :)

> c) Failure to compile apr on Solaris 8
> --------------------------------------

Damn.  That looks like a showstopper for release.  But shouldn't
be too hard, since you've tracked down the cause.

> which indeed doesn't look like a good lvalue.


> d) Hang during APR make check on Solaris 10 (testprocmutex)
> -----------------------------------------------------------
> pthread_mutex_timedlock() hangs when the
>  current thread already has 
> locked the mutex.

Hmmm, OK.  We knew the timedlock stuff had potential to blow up.
I guess that points back to the plan of making it a config option.

I'm out this evening, but will hopefully find time tomorrow to
revisit these problems.  And I need to do some more digging
around that bogus PGP key!

Nick Kew

View raw message