geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Bohn <>
Subject Re: [DISCUSS] Geronimo 2.0.3 release
Date Tue, 28 Oct 2008 15:18:28 GMT

I guess I should resolve this discussion on "if" we should release 2.0.3 
that I started.

Thank you both Jay and Donald for your responses. I'm not completely 
opposed to a 2.0.3 release.  I was just wondering aloud if it was the 
best use of our resources and if it conveyed the right message to our 
users.  I was also wondering a little if it might create more problems 
for our users than it solves.  You know the drill ... upgrade from one 
maintenance release to another only to discover yet another issue that 
then forces you to a new version like 2.1.* because it isn't resolved in 
the current maintenance stream.  If it weren't for the security issues I 
would see no value in a 2.0.3 release.  Anyway, I am certainly not 
planning to stand in the way of a 2.0.3 release.  I'll even do my part 
to validate the images and help where I can.  However, my gut still 
tells me that we might creating more problems than we are solving. But 
since I'm the only one that feels that way I'm not too worried (I've 
been wrong plenty of times before ;-) ).

It sounds like we still need to document what is necessary to move from 
2.0.* to 2.1.* in any case.  I guess the first step might be adding the 
libraries that are no longer included in 2.1.* into the list in the wiki 
under  Does 
anybody have a complete list of these libraries?  We'll probably still 
need more specific documentation to make it clear what a user might have 
to do when moving from 2.0.* to 2.1.*.  Perhaps another page somewhere 
(similar to those under "Migrating to Apache Geronimo")?


Donald Woods wrote:
> I think releasing 2.0.3 is in the best interest of the community, given 
> the security fixes that it contains.  It also gives us a way to announce 
> to our users that this will be the last 2.0.x release (which we never 
> really did for 1.1.x) and that they should start moving to 2.1.x or 2.2 
> for any new projects.
> -Donald
> Joe Bohn wrote:
>> I apologize for not raising this question on the earlier thread.
>> I'm wondering if it is a good idea to release a 2.0.3 at this point in 
>> time.  We've had several releases of 2.1.x (four) and we'll hopefully 
>> release 2.2 in the not too distant future.  I'm a little concerned 
>> that releasing a 2.0.3 now will just encourage people to continue on 
>> the 2.0.* base rather than taking the plunge and moving up to 2.1.*.  
>> It's been a year since we released 2.0.2 and in addition to the 
>> security fixes there have been a lot of other fixes/enhancements in 
>> the 2.1 branch.
>> What are the big stumbling blocks that prevent a user from moving from 
>> 2.0.2 to 2.1.3 to resolve the security concerns?
>> Rather than releasing 2.0.3, should we maybe consider a greater focus 
>> on ensuring there is a smooth migration path from 2.0.2 to 2.1.3?  
>> Once we have clearly identified any issues and ensured that we have 
>> adequate directions we could notify the user community that there will 
>> be no further 2.0.* releases and encourage them to move to 2.1.3.  It 
>> might actually be easier for us to release 2.0.3 in the short term, 
>> but sooner or later users will have to address the migration issues 
>> ... so I'm just wondering if it might be a better use of our time to 
>> address those migration issues now.
>> Joe
>> Jay D. McHugh wrote:
>>> The 2.0.x brach got sidelined by an intermittent
>>> ConcurrentModificationException during stress testing.  But, recently
>>> there were a number of security issues found that apply to 2.0.2.
>>> So, I think it's time to start the discussion for a Geronimo 2.0.3
>>> release (It actually already was started).
>>> Server fixes/enhancements are listed on the Release Status page (work in
>>> progress)-
>>> Details on included security fixes in dependent components are listed on
>>> the Security page -
>>> I have already begun moving issues into 2.0.4 - Does anyone have
>>> additional fixes they would like to include in 2.0.3 before we cut the
>>> branch and start the release process?
>>> If I have moved an issue that you want to work on (And you have time to
>>> work on it right away) move it back onto a 2.0.3 fix and assign it to
>>> yourself.
>>> Jay

View raw message