Mailing-List: contact dev-help@camel.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@camel.apache.org
Received-SPF: pass (nike.apache.org: domain of christian.mueller@gmail.com
 designates 209.85.214.173 as permitted sender)
MIME-Version: 1.0
In-Reply-To: <720FF30F-8E35-47A0-8F71-3D77782381E0@apache.org>
References: 
 <CALvzYd9bsdTy+QjCVtXMf9U8+g8kQ60ECe8BFhKYBoGktT-EPg@mail.gmail.com>
	<720FF30F-8E35-47A0-8F71-3D77782381E0@apache.org>
Date: Tue, 2 Jul 2013 20:10:21 +0200
Message-ID: 
 <CALvzYd9JCGGA07JdPw2GompnsJNEybOeJcDbTCcQu7AUySuHwQ@mail.gmail.com>
Subject: Re: [VOTE] Release Apache Camel 2.10.6
From: =?ISO-8859-1?Q?Christian_M=FCller?= <christian.mueller@gmail.com>
To: "dev@camel.apache.org" <dev@camel.apache.org>
Content-Type: multipart/alternative; boundary=e89a8f923fb627f4bd04e08b420b

--e89a8f923fb627f4bd04e08b420b
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I'm ok with cutting a new release if it solves an issue with
camel-xmlsecurity, CXF or whatever.

I'm a bit concerned about the following minor updates:
servicemix-specs-version from 1.9.0 to 2.2.0
xmlbeans-bundle-version from 2.5.0_2 to 2.6.0_2
In general, we only have micro (bug fix) dependency updates in our
maintenance releases. Did you checked whether this both dependency updates
are fully backwards compatible?

And referring to the Camel 2.10.6 tag, you are right. It is the same with
the Camel 2.10.5 tag which I mentioned in the VOTE thread [1]. This is
because we use the Maven release plugin with the configuration
pushChanges=3Dfalse (this is the recommended configuration). If somebody
commit a change to the GIT repository after the Maven release plugin tagged
my local copy but before I pushed it to the central repository, I have to
do a rebase which leads to this. Using pushChanges=3Dtrue will solve this,
but if we have to redo the release, we have to remove the tag in the
"central" repository (not really central - I know). Because this is a bad
practice in a distributed repository, we shouldn't use this configuration.
Any idea what else we can do?

[1]
http://camel.465427.n5.nabble.com/VOTE-Release-Apache-Camel-2-10-5-td573460=
7.html

Best,
Christian
-----------------

Software Integration Specialist

Apache Camel committer: https://camel.apache.org/team
V.P. Apache Camel: https://www.apache.org/foundation/
Apache Member: https://www.apache.org/foundation/members.html

https://www.linkedin.com/pub/christian-mueller/11/551/642


On Tue, Jul 2, 2013 at 4:06 AM, Daniel Kulp <dkulp@apache.org> wrote:

> I think I'm -1 on this (not a veto, just a vote).
>
> If you look at the history of the 2.10.x branch:
>
> https://git-wip-us.apache.org/repos/asf?p=3Dcamel.git;a=3Dshortlog;h=3Dre=
fs/heads/camel-2.10.x
>
> It LOOKS like my changes should be in the release since all the changes
> were done before the maven-release-plugin things.  However, they aren't
> part of the release.  That kind of screws up the history logs and such
> which bugs me a bit.
>
> Many of the duplicate things I fixed today fix other issues, although it
> could be argued some of those issues are in CXF/WSS4J.  For example,
> without the xmlsec version update, if you install the camel-xmlsecurity
> feature prior to installing CXF/WSS4J, then a bunch of the ws-security
> things in CXF won't work.
>
> Dan
>
>
> On Jul 1, 2013, at 6:01 PM, Christian M=FCller <christian.mueller@gmail.c=
om>
> wrote:
>
> > To address CVE-2013-2160 [1], we have a new bug fix release candidate
> > apache-camel-2.10.6 ready. This bug fix was necessary, because the Apac=
he
> > Camel feature descriptor for Apache Karaf was still using Apache CXF
> > 2.6.6.1. This release comes with 8 issues resolved [2]. You can find th=
e
> > release notes here [3].
> >
> > Please find the staging repo here:
> > https://repository.apache.org/content/repositories/orgapachecamel-095/
> >
> > The tarballs are here
> >
> https://repository.apache.org/content/repositories/orgapachecamel-095/org=
/apache/camel/apache-camel/2.10.6/
> >
> > Tag:
> >
> https://git-wip-us.apache.org/repos/asf?p=3Dcamel.git;a=3Dtag;h=3Db788c08=
3b81ee73f8eec01240c46fc49db1b9f89
> >
> > Please review, help out with testing and vote to approve this release
> > binary. This is our first release which uses the new Confluence version
> to
> > create the HTML manual. The PDF manual is not created anymore.
> > Please mention what you tested to prevent duplicate work. Your vote
> counts!
> >
> > [ ] +1 Release the binary as Apache Camel 2.10.6
> > [ ] -1 Veto the release (provide specific comments)
> > Vote is open for at least 72 hours.
> >
> > [1]
> https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
> > [2]
> >
> https://issues.apache.org/jira/issues/?jql=3Dproject%20%3D%20CAMEL%20AND%=
20fixVersion%20%3D%20%222.10.6%22
> > [3]
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=3D123112=
11&version=3D12324024
> >
> > Thanks in advance,
> > Christian
> > -----------------
> >
> > Software Integration Specialist
> >
> > Apache Camel committer: https://camel.apache.org/team
> > V.P. Apache Camel: https://www.apache.org/foundation/
> > Apache Member: https://www.apache.org/foundation/members.html
> >
> > https://www.linkedin.com/pub/christian-mueller/11/551/642
>
> --
> Daniel Kulp
> dkulp@apache.org - http://dankulp.com/blog
> Talend Community Coder - http://coders.talend.com
>
>

--e89a8f923fb627f4bd04e08b420b--