continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Olivier Lamy" <ol...@apache.org>
Subject Re: [VOTE] Release Continuum 1.2 (take 3)
Date Wed, 17 Sep 2008 21:30:23 GMT
Ok.
I cancel and will ask help from the redback guys for 1.1.1 release (as
soon as possible :-) )
I will continue with the same versionning scheme (deleting tag and recreate it).
But we can discuss about  this for the next release.

--
Olivier


2008/9/17 Emmanuel Venisse <emmanuel.venisse@gmail.com>:
> I don't consider it as a bloker issue for the majority of installs but it is
> one for vmbuild.
> IMO, we can release it with this issue and release 1.2.1 in few week with
> redback 1.2 (not tested yet brett's changes) and some other fixes, but I'm
> ok for a take 4 too :-)
>
> Emmanuel
>
> On Wed, Sep 17, 2008 at 10:19 PM, Olivier Lamy <olamy@apache.org> wrote:
>
>> As I understand here we depend on a redback 1.2 release to fix that ?
>> When this one will be released ?
>> Perso, I don't have any objections to try an other release (take 4) if
>> the next rednack release which fix that is available at the end of the
>> week. (Now I know exactly what to do to cut a continuum releases all
>> scripts are ready ;-) ).
>> I consider this issue as blocker if we want to update the continuum
>> instance in vmbuild.
>>
>> Thoughts ?
>>
>> Thanks,
>> --
>> Olivier
>>
>>
>> 2008/9/17 Wendy Smoak <wsmoak@gmail.com>:
>> > On Mon, Sep 15, 2008 at 3:59 AM, Olivier Lamy <olamy@apache.org> wrote:
>> >
>> >> The last release is 9 months and no one has been done since the TLP
>> graduation.
>> >> I'd like to release continuum 1.2.
>> >> We fixed 128 issues :
>> >>
>> http://jira.codehaus.org/secure/ReleaseNote.jspa?version=13779&styleName=Html&projectId=10540&Create=Create
>> >>
>> >> The staging repo is here :
>> http://people.apache.org/~olamy/staging-repo/<http://people.apache.org/%7Eolamy/staging-repo/>
>> >
>> > If you're using project group permissions, there's a fairly serious
>> > security issue in 1.2.  Any project group admin can grant roles all
>> > the way up to system administrator, to himself and others.
>> > (CONTINUUM-1867)
>> >
>> > I'm conflicted about releasing this as-is.  On one hand, if you're
>> > depending on the roles to prevent access to projects, it's seriously
>> > broken.  On the other hand... most people I've talked to aren't using
>> > this feature, and even if the roles *are* working, any developer can
>> > check in a script, which runs as the Continuum user, and do pretty
>> > much anything they want.
>> >
>> > Thoughts?
>> >
>> > --
>> > Wendy
>> >
>>
>

Mime
View raw message