tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gomez Henri <>
Subject Re: [ANNOUNCEMENT] Security Related Updates - Tomcat 3.1.1 and Tomcat 3.2.1
Date Thu, 14 Dec 2000 23:12:30 GMT
> This raises an interesting policy issue that should be discussed.

> In short, I think that packaging additional docs and fixes with your
> 3.2.1 RPMs
> is very misleading to Tomcat users, because what you get is *not* the
> same as
> what the "official" packages contain.

I've added ajp13 multi-part patch in my RPM since it was released by Dan after 
the 3.2.1 release, but documentation update (JDBCRealm) and multi-cookie ARE IN 
3.2.1 ;-) And I've committed cookies patch one day before the release. So there 
are in....
> A far better service to the Tomcat community would be to do as you and I
> have
> discussed before -- bring the RPM generation process into the official
> source
> tree, create the RPMs that match the functionality of the tar/zip
> distros
> (directory organization changes to meet platform conventions are fine --
> bug
> fixes that are not present in the official release are not), and publish
> them on
> the Jakarta web site as official versions of Tomcat.

RPM match the official release. At least the first revision of RPM. After I 
apply some patches since they fix real problems. And these goes in next release 
of the RPM (tagged -2, -3). And each time the patch are commented in RPM 
changelog. It's up to the users to use the latest RPM or the identical to 
released on Apache Site.

We could see RPM sub-release as RELEASE + UPDATE, a way for RPM users to be 
sure to have the more stable version possible.

> Henri, you are a committer on Tomcat -- could you please post the bug
> fixes 
> doc improvements that you've included into the CVS repositories for the
> appropriate Tomcat releases?  

As I said doc updates was not my job and the cookie patch was commited some 
hours before the release (in Ajp13Response). You could see that in the cvs log.
I've asked some days ago about the 'Attic ?'...

> And, when your RPMs match the content of
> official
> releases, post them on the Jakarta web site (it's on locus as well ...
> write me
> separately for details)?  That way, everyone will benefit from them.

I think we could do that for tomcat and others projects.

Tell you more tomorrow.

View raw message