geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Bohn <>
Subject Re: [DISCUSS] Geronimo 2.0.3 release
Date Mon, 16 Feb 2009 23:06:35 GMT
I was in the "document the upgrade path" camp prior to this so that 
sounds good to me.  If we take that approach, I agree that we need to 
officially announce the that 2.0.x will no longer be maintained.

Regarding the version libraries/jars that have changed/removed ... I 
think we have most of that documented here for 2.1.*:

and here for 2.2:

They probably need to be updated with the latest/greatest info but I 
tried to get it as current as possible a while back.  Hopefully is it 
fairly close except for needing a new column for 2.1.4 and updates to 
2.2 ... but it should be easier than starting from scratch.  I think 
somebody (perhaps Jarek?) had even created some script to help generate 
the content at some point in time.


Jay D. McHugh wrote:
> Hello all,
> I did some work on trying to get a 2.0.3 release that would:
> a) build - sucess!
> b) pass the TCK - Massive failure (over 5000 tests)
> So, considering that we have a 2.1.x and 2.2.x codestream in progress
> with JEE6 breathing down our necks - I have been officially pushed into
> the 'we should probably just document what it takes to upgrade' group.
> Are there any folks who truly need to stay on 2.0?
> Or would it be reasonable to make a pronouncement that the 2.0.x
> codestream is no longer going to be maintained - even for bug fixes and
> security issues?
> Thoughts/comments?
> (I'll start documenting the libraries/jars that have changed or been
> removed - we will need that regardless)
> Jay
> Joe Bohn wrote:
>> I guess I should resolve this discussion on "if" we should release 2.0.3
>> that I started.
>> Thank you both Jay and Donald for your responses. I'm not completely
>> opposed to a 2.0.3 release.  I was just wondering aloud if it was the
>> best use of our resources and if it conveyed the right message to our
>> users.  I was also wondering a little if it might create more problems
>> for our users than it solves.  You know the drill ... upgrade from one
>> maintenance release to another only to discover yet another issue that
>> then forces you to a new version like 2.1.* because it isn't resolved in
>> the current maintenance stream.  If it weren't for the security issues I
>> would see no value in a 2.0.3 release.  Anyway, I am certainly not
>> planning to stand in the way of a 2.0.3 release.  I'll even do my part
>> to validate the images and help where I can.  However, my gut still
>> tells me that we might creating more problems than we are solving. But
>> since I'm the only one that feels that way I'm not too worried (I've
>> been wrong plenty of times before ;-) ).
>> It sounds like we still need to document what is necessary to move from
>> 2.0.* to 2.1.* in any case.  I guess the first step might be adding the
>> libraries that are no longer included in 2.1.* into the list in the wiki
>> under  Does
>> anybody have a complete list of these libraries?  We'll probably still
>> need more specific documentation to make it clear what a user might have
>> to do when moving from 2.0.* to 2.1.*.  Perhaps another page somewhere
>> (similar to those under "Migrating to Apache Geronimo")?
>> Joe
>> Donald Woods wrote:
>>> I think releasing 2.0.3 is in the best interest of the community,
>>> given the security fixes that it contains.  It also gives us a way to
>>> announce to our users that this will be the last 2.0.x release (which
>>> we never really did for 1.1.x) and that they should start moving to
>>> 2.1.x or 2.2 for any new projects.
>>> -Donald
>>> Joe Bohn wrote:
>>>> I apologize for not raising this question on the earlier thread.
>>>> I'm wondering if it is a good idea to release a 2.0.3 at this point
>>>> in time.  We've had several releases of 2.1.x (four) and we'll
>>>> hopefully release 2.2 in the not too distant future.  I'm a little
>>>> concerned that releasing a 2.0.3 now will just encourage people to
>>>> continue on the 2.0.* base rather than taking the plunge and moving
>>>> up to 2.1.*.  It's been a year since we released 2.0.2 and in
>>>> addition to the security fixes there have been a lot of other
>>>> fixes/enhancements in the 2.1 branch.
>>>> What are the big stumbling blocks that prevent a user from moving
>>>> from 2.0.2 to 2.1.3 to resolve the security concerns?
>>>> Rather than releasing 2.0.3, should we maybe consider a greater focus
>>>> on ensuring there is a smooth migration path from 2.0.2 to 2.1.3? 
>>>> Once we have clearly identified any issues and ensured that we have
>>>> adequate directions we could notify the user community that there
>>>> will be no further 2.0.* releases and encourage them to move to
>>>> 2.1.3.  It might actually be easier for us to release 2.0.3 in the
>>>> short term, but sooner or later users will have to address the
>>>> migration issues ... so I'm just wondering if it might be a better
>>>> use of our time to address those migration issues now.
>>>> Joe
>>>> Jay D. McHugh wrote:
>>>>> The 2.0.x brach got sidelined by an intermittent
>>>>> ConcurrentModificationException during stress testing.  But, recently
>>>>> there were a number of security issues found that apply to 2.0.2.
>>>>> So, I think it's time to start the discussion for a Geronimo 2.0.3
>>>>> release (It actually already was started).
>>>>> Server fixes/enhancements are listed on the Release Status page
>>>>> (work in
>>>>> progress)-
>>>>> Details on included security fixes in dependent components are
>>>>> listed on
>>>>> the Security page -
>>>>> I have already begun moving issues into 2.0.4 - Does anyone have
>>>>> additional fixes they would like to include in 2.0.3 before we cut the
>>>>> branch and start the release process?
>>>>> If I have moved an issue that you want to work on (And you have time
>>>>> work on it right away) move it back onto a 2.0.3 fix and assign it to
>>>>> yourself.
>>>>> Jay

View raw message