geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Donald Woods <dwo...@apache.org>
Subject Re: [DISCUSS] Geronimo 2.0.3 release
Date Tue, 17 Feb 2009 13:58:53 GMT
Pushing users to 2.1.x for continued maintenance releases sounds fine to me.


-Donald


Jay D. McHugh wrote:
> Hello all,
> 
> I did some work on trying to get a 2.0.3 release that would:
> a) build - sucess!
> b) pass the TCK - Massive failure (over 5000 tests)
> 
> So, considering that we have a 2.1.x and 2.2.x codestream in progress
> with JEE6 breathing down our necks - I have been officially pushed into
> the 'we should probably just document what it takes to upgrade' group.
> 
> Are there any folks who truly need to stay on 2.0?
> 
> Or would it be reasonable to make a pronouncement that the 2.0.x
> codestream is no longer going to be maintained - even for bug fixes and
> security issues?
> 
> Thoughts/comments?
> 
> (I'll start documenting the libraries/jars that have changed or been
> removed - we will need that regardless)
> 
> Jay
> 
> Joe Bohn wrote:
>> I guess I should resolve this discussion on "if" we should release 2.0.3
>> that I started.
>>
>> Thank you both Jay and Donald for your responses. I'm not completely
>> opposed to a 2.0.3 release.  I was just wondering aloud if it was the
>> best use of our resources and if it conveyed the right message to our
>> users.  I was also wondering a little if it might create more problems
>> for our users than it solves.  You know the drill ... upgrade from one
>> maintenance release to another only to discover yet another issue that
>> then forces you to a new version like 2.1.* because it isn't resolved in
>> the current maintenance stream.  If it weren't for the security issues I
>> would see no value in a 2.0.3 release.  Anyway, I am certainly not
>> planning to stand in the way of a 2.0.3 release.  I'll even do my part
>> to validate the images and help where I can.  However, my gut still
>> tells me that we might creating more problems than we are solving. But
>> since I'm the only one that feels that way I'm not too worried (I've
>> been wrong plenty of times before ;-) ).
>>
>> It sounds like we still need to document what is necessary to move from
>> 2.0.* to 2.1.* in any case.  I guess the first step might be adding the
>> libraries that are no longer included in 2.1.* into the list in the wiki
>> under http://cwiki.apache.org/GMOxDOC21/what-changed-in-21.html.  Does
>> anybody have a complete list of these libraries?  We'll probably still
>> need more specific documentation to make it clear what a user might have
>> to do when moving from 2.0.* to 2.1.*.  Perhaps another page somewhere
>> (similar to those under "Migrating to Apache Geronimo")?
>>
>> Joe
>>
>>
>> Donald Woods wrote:
>>> I think releasing 2.0.3 is in the best interest of the community,
>>> given the security fixes that it contains.  It also gives us a way to
>>> announce to our users that this will be the last 2.0.x release (which
>>> we never really did for 1.1.x) and that they should start moving to
>>> 2.1.x or 2.2 for any new projects.
>>>
>>>
>>> -Donald
>>>
>>>
>>> Joe Bohn wrote:
>>>> I apologize for not raising this question on the earlier thread.
>>>>
>>>> I'm wondering if it is a good idea to release a 2.0.3 at this point
>>>> in time.  We've had several releases of 2.1.x (four) and we'll
>>>> hopefully release 2.2 in the not too distant future.  I'm a little
>>>> concerned that releasing a 2.0.3 now will just encourage people to
>>>> continue on the 2.0.* base rather than taking the plunge and moving
>>>> up to 2.1.*.  It's been a year since we released 2.0.2 and in
>>>> addition to the security fixes there have been a lot of other
>>>> fixes/enhancements in the 2.1 branch.
>>>>
>>>> What are the big stumbling blocks that prevent a user from moving
>>>> from 2.0.2 to 2.1.3 to resolve the security concerns?
>>>>
>>>> Rather than releasing 2.0.3, should we maybe consider a greater focus
>>>> on ensuring there is a smooth migration path from 2.0.2 to 2.1.3? 
>>>> Once we have clearly identified any issues and ensured that we have
>>>> adequate directions we could notify the user community that there
>>>> will be no further 2.0.* releases and encourage them to move to
>>>> 2.1.3.  It might actually be easier for us to release 2.0.3 in the
>>>> short term, but sooner or later users will have to address the
>>>> migration issues ... so I'm just wondering if it might be a better
>>>> use of our time to address those migration issues now.
>>>>
>>>> Joe
>>>>
>>>> Jay D. McHugh wrote:
>>>>> The 2.0.x brach got sidelined by an intermittent
>>>>> ConcurrentModificationException during stress testing.  But, recently
>>>>> there were a number of security issues found that apply to 2.0.2.
>>>>>
>>>>> So, I think it's time to start the discussion for a Geronimo 2.0.3
>>>>> release (It actually already was started).
>>>>>
>>>>> Server fixes/enhancements are listed on the Release Status page
>>>>> (work in
>>>>> progress)-
>>>>> http://cwiki.apache.org/GMOxPMGT/geronimo-203-release-status.html
>>>>>
>>>>> Details on included security fixes in dependent components are
>>>>> listed on
>>>>> the Security page -
>>>>> http://geronimo.apache.org/20x-security-report.html
>>>>>
>>>>> I have already begun moving issues into 2.0.4 - Does anyone have
>>>>> additional fixes they would like to include in 2.0.3 before we cut the
>>>>> branch and start the release process?
>>>>>
>>>>> If I have moved an issue that you want to work on (And you have time
to
>>>>> work on it right away) move it back onto a 2.0.3 fix and assign it to
>>>>> yourself.
>>>>>
>>>>>
>>>>> Jay
>>>>>
>>>>
> 

Mime
View raw message