continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Venisse" <emmanuel.veni...@gmail.com>
Subject Re: [VOTE] Release Continuum 1.2 (take 3)
Date Wed, 17 Sep 2008 21:21:28 GMT
I don't consider it as a bloker issue for the majority of installs but it is
one for vmbuild.
IMO, we can release it with this issue and release 1.2.1 in few week with
redback 1.2 (not tested yet brett's changes) and some other fixes, but I'm
ok for a take 4 too :-)

Emmanuel

On Wed, Sep 17, 2008 at 10:19 PM, Olivier Lamy <olamy@apache.org> wrote:

> As I understand here we depend on a redback 1.2 release to fix that ?
> When this one will be released ?
> Perso, I don't have any objections to try an other release (take 4) if
> the next rednack release which fix that is available at the end of the
> week. (Now I know exactly what to do to cut a continuum releases all
> scripts are ready ;-) ).
> I consider this issue as blocker if we want to update the continuum
> instance in vmbuild.
>
> Thoughts ?
>
> Thanks,
> --
> Olivier
>
>
> 2008/9/17 Wendy Smoak <wsmoak@gmail.com>:
> > On Mon, Sep 15, 2008 at 3:59 AM, Olivier Lamy <olamy@apache.org> wrote:
> >
> >> The last release is 9 months and no one has been done since the TLP
> graduation.
> >> I'd like to release continuum 1.2.
> >> We fixed 128 issues :
> >>
> http://jira.codehaus.org/secure/ReleaseNote.jspa?version=13779&styleName=Html&projectId=10540&Create=Create
> >>
> >> The staging repo is here :
> http://people.apache.org/~olamy/staging-repo/<http://people.apache.org/%7Eolamy/staging-repo/>
> >
> > If you're using project group permissions, there's a fairly serious
> > security issue in 1.2.  Any project group admin can grant roles all
> > the way up to system administrator, to himself and others.
> > (CONTINUUM-1867)
> >
> > I'm conflicted about releasing this as-is.  On one hand, if you're
> > depending on the roles to prevent access to projects, it's seriously
> > broken.  On the other hand... most people I've talked to aren't using
> > this feature, and even if the roles *are* working, any developer can
> > check in a script, which runs as the Continuum user, and do pretty
> > much anything they want.
> >
> > Thoughts?
> >
> > --
> > Wendy
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message