commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@bluewin.ch
Subject RE: httpclient md5 and asc files
Date Thu, 17 Jun 2004 15:44:34 GMT
Thomas,

See my comments in-line

>
>Thanks for sharing your thoughts on the matter, especially on 3.0.  However
>. . .
>
>Quibble 1:
>It seems odd to make would-be users choose between an "unverifiable"
>production version (2.0) and a "verifiable" alpha version (3.0).
>

Maybe I am missing something obvious, but I can't see why this kind of "verifiability"
matters. What comfort is it to you that HttpClient has been built, packaged
and signed by some, for instance, Russian fella who's supposedly a Jakarta
Commons committer? If you need truly verifiable build, you should probably
consider checking the source out of cvs.apache.org, building and signing
it yourself using a trusted key. I do not know it for sure but I ~ass~ume
that all Commons releases are signed using self-generated keys that have
not been signed by some sort of Root CA (Please someone correct me if I am
wrong).


>Quibble 2:
>How long would it take to post an md5 hash, a signed 2.0.1--with or without
>minor bug fixes--and accompanying .asc file?

Cutting a proper release can usually take a good day of work

>
>Quibble 3:
>No one has to upgrade if he/she doesn't want to.

I am personally a bit hesitant to inflate release numbers for non-bugfix
related issues.

>
>I'll try to drop the matter for now so as not to clutter mailboxes with
this
>seemingly trivial request.  Plus, I'm sure you all have bigger fish to fry
>(e.g., 3.0).
>

All this stuff said, if this is an important matter for you due to some regulatory
reasons or company guidelines, let us know. All it takes to release 2.0.1
is a good cause, and winning a user is always a good one

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org


Mime
View raw message