Return-Path: X-Original-To: apmail-camel-dev-archive@www.apache.org Delivered-To: apmail-camel-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 85008105AF for ; Tue, 2 Jul 2013 18:35:43 +0000 (UTC) Received: (qmail 51133 invoked by uid 500); 2 Jul 2013 18:35:43 -0000 Delivered-To: apmail-camel-dev-archive@camel.apache.org Received: (qmail 51029 invoked by uid 500); 2 Jul 2013 18:35:43 -0000 Mailing-List: contact dev-help@camel.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@camel.apache.org Delivered-To: mailing list dev@camel.apache.org Received: (qmail 51015 invoked by uid 99); 2 Jul 2013 18:35:41 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Jul 2013 18:35:41 +0000 X-ASF-Spam-Status: No, hits=1.3 required=5.0 tests=URI_HEX X-Spam-Check-By: apache.org Received-SPF: error (athena.apache.org: local policy) Received: from [64.85.173.253] (HELO server.dankulp.com) (64.85.173.253) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Jul 2013 18:35:37 +0000 Received: by server.dankulp.com (Postfix, from userid 5000) id 0E92B184900; Tue, 2 Jul 2013 14:34:57 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on server.dankulp.com X-Spam-Level: X-Msg-File: /tmp/mailfilter-dev@camel.apache.org.Dzyyl95iuE Received: from macbook.house.dankulp.com (c-24-91-72-253.hsd1.ma.comcast.net [24.91.72.253]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by server.dankulp.com (Postfix) with ESMTPSA id DA3EA1848FB for ; Tue, 2 Jul 2013 14:34:54 -0400 (EDT) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) Subject: Re: [VOTE] Release Apache Camel 2.10.6 From: Daniel Kulp In-Reply-To: Date: Tue, 2 Jul 2013 14:34:54 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <720FF30F-8E35-47A0-8F71-3D77782381E0@apache.org> To: dev@camel.apache.org X-Mailer: Apple Mail (2.1508) X-Virus-Checked: Checked by ClamAV on apache.org X-Old-Spam-Status: No, score=-2.3 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00, URI_HEX shortcircuit=no autolearn=no version=3.3.2 On Jul 2, 2013, at 2:10 PM, Christian M=FCller = wrote: > I'm ok with cutting a new release if it solves an issue with > camel-xmlsecurity, CXF or whatever. >=20 > I'm a bit concerned about the following minor updates: > servicemix-specs-version from 1.9.0 to 2.2.0 This is needed to not end up with confusion in Karaf 2.3 (which uses = specs version 2.2). It doesn't cause problems on Karaf 2.2, but fixes = things on 2.3. > xmlbeans-bundle-version from 2.5.0_2 to 2.6.0_2 > In general, we only have micro (bug fix) dependency updates in our > maintenance releases. Did you checked whether this both dependency = updates > are fully backwards compatible? Yes. That said, the xmlbeans one could be rolled back if wanted. I = think 2.5.0_2 is being pulled in by activemq 5.7 so it's still there. = The main issue again is, if using the obr, you could get different = versions depending on if you start the camel components first or if you = start CXF first. CXF would pull in 2.6. In general, I prefer a = more predictable scenario. That said, in this case, 2.5.0 will likely = not break anything in CXF like the old xmlsec version would. > And referring to the Camel 2.10.6 tag, you are right. It is the same = with > the Camel 2.10.5 tag which I mentioned in the VOTE thread [1]. This is > because we use the Maven release plugin with the configuration > pushChanges=3Dfalse (this is the recommended configuration). If = somebody > commit a change to the GIT repository after the Maven release plugin = tagged > my local copy but before I pushed it to the central repository, I have = to > do a rebase which leads to this. Using pushChanges=3Dtrue will solve = this, > but if we have to redo the release, we have to remove the tag in the > "central" repository (not really central - I know). Because this is a = bad > practice in a distributed repository, we shouldn't use this = configuration. > Any idea what else we can do? Just make sure you push as quickly as possible after the build. At = most, the difference should be an hour or two. It's not something you = can start the build and go to bed and push the tags and stuff the next = day. That and better communication ahead of time (including time for = people to respond and object) about when the builds will occur.=20 Dan >=20 > [1] > = http://camel.465427.n5.nabble.com/VOTE-Release-Apache-Camel-2-10-5-td57346= 07.html >=20 > Best, > Christian > ----------------- >=20 > Software Integration Specialist >=20 > Apache Camel committer: https://camel.apache.org/team > V.P. Apache Camel: https://www.apache.org/foundation/ > Apache Member: https://www.apache.org/foundation/members.html >=20 > https://www.linkedin.com/pub/christian-mueller/11/551/642 >=20 >=20 > On Tue, Jul 2, 2013 at 4:06 AM, Daniel Kulp wrote: >=20 >> I think I'm -1 on this (not a veto, just a vote). >>=20 >> If you look at the history of the 2.10.x branch: >>=20 >> = https://git-wip-us.apache.org/repos/asf?p=3Dcamel.git;a=3Dshortlog;h=3Dref= s/heads/camel-2.10.x >>=20 >> It LOOKS like my changes should be in the release since all the = changes >> were done before the maven-release-plugin things. However, they = aren't >> part of the release. That kind of screws up the history logs and = such >> which bugs me a bit. >>=20 >> Many of the duplicate things I fixed today fix other issues, although = it >> could be argued some of those issues are in CXF/WSS4J. For example, >> without the xmlsec version update, if you install the = camel-xmlsecurity >> feature prior to installing CXF/WSS4J, then a bunch of the = ws-security >> things in CXF won't work. >>=20 >> Dan >>=20 >>=20 >> On Jul 1, 2013, at 6:01 PM, Christian M=FCller = >> wrote: >>=20 >>> To address CVE-2013-2160 [1], we have a new bug fix release = candidate >>> apache-camel-2.10.6 ready. This bug fix was necessary, because the = Apache >>> Camel feature descriptor for Apache Karaf was still using Apache CXF >>> 2.6.6.1. This release comes with 8 issues resolved [2]. You can find = the >>> release notes here [3]. >>>=20 >>> Please find the staging repo here: >>> = https://repository.apache.org/content/repositories/orgapachecamel-095/ >>>=20 >>> The tarballs are here >>>=20 >> = https://repository.apache.org/content/repositories/orgapachecamel-095/org/= apache/camel/apache-camel/2.10.6/ >>>=20 >>> Tag: >>>=20 >> = https://git-wip-us.apache.org/repos/asf?p=3Dcamel.git;a=3Dtag;h=3Db788c083= b81ee73f8eec01240c46fc49db1b9f89 >>>=20 >>> Please review, help out with testing and vote to approve this = release >>> binary. This is our first release which uses the new Confluence = version >> to >>> create the HTML manual. The PDF manual is not created anymore. >>> Please mention what you tested to prevent duplicate work. Your vote >> counts! >>>=20 >>> [ ] +1 Release the binary as Apache Camel 2.10.6 >>> [ ] -1 Veto the release (provide specific comments) >>> Vote is open for at least 72 hours. >>>=20 >>> [1] >> https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc >>> [2] >>>=20 >> = https://issues.apache.org/jira/issues/?jql=3Dproject%20%3D%20CAMEL%20AND%2= 0fixVersion%20%3D%20%222.10.6%22 >>> [3] >>>=20 >> = https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=3D1231121= 1&version=3D12324024 >>>=20 >>> Thanks in advance, >>> Christian >>> ----------------- >>>=20 >>> Software Integration Specialist >>>=20 >>> Apache Camel committer: https://camel.apache.org/team >>> V.P. Apache Camel: https://www.apache.org/foundation/ >>> Apache Member: https://www.apache.org/foundation/members.html >>>=20 >>> https://www.linkedin.com/pub/christian-mueller/11/551/642 >>=20 >> -- >> Daniel Kulp >> dkulp@apache.org - http://dankulp.com/blog >> Talend Community Coder - http://coders.talend.com >>=20 >>=20 --=20 Daniel Kulp dkulp@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com