commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phil Steitz <phil.ste...@gmail.com>
Subject Re: [VOTE] Release Commons Compress 1.6
Date Sun, 13 Oct 2013 19:39:05 GMT
On 10/12/13 10:31 PM, Stefan Bodewig wrote:
> Hi
>
> since Compress 1.5 we've fixed a few bugs but most notably added
> read-only support for LZMA standalone, uncompressed ARJ and full support
> for 7z.
>
> I have not created a RC website as the only difference to the current
> website would be the download page and the version number - and I'd
> immediately change the site after the release to include the release
> date anyway.
>
> Foo 1.2 RC1 is available for review here:
>     https://dist.apache.org/repos/dist/dev/commons/compress/
>     (svn revision 3254)
>
>   Maven artifacts are here:
>     https://repository.apache.org/content/repositories/orgapachecommons-167/org/apache/commons/commons-compress/1.6/
>
>   Details of changes since 1.5 are in the release notes:
>     https://svn.apache.org/repos/asf/commons/proper/compress/tags/COMPRESS-1.6-RC1/RELEASE-NOTES.txt
>
>   The tag is here:
>     https://svn.apache.org/repos/asf/commons/proper/compress/tags/COMPRESS-1.6-RC1/
>     (svn revision 1531616)
>
>   Site:
>     http://commons.apache.org/compress/
>
>   Clirr Report (compared to 1.5):
>     http://commons.apache.org/compress/clirr-report.html
>
>   RAT Report:
>     http://commons.apache.org/compress/rat-report.html
>
>   KEYS:
>   http://www.apache.org/dist/commons/KEYS
>           
>   Please review the release candidate and vote.
>   This vote will close no sooner that 72 hours from now, i.e. after 0530
>   GMT 16-October 2013 - given that I'll be traveling the second half of
>   this week I'd rather expect the release to happen next Saturday.
>
>   [ ] +1 Release these artifacts
>   [ ] +0 OK, but...
>   [ ] -0 OK, but really should fix...
>   [ ] -1 I oppose this release because...

+0
Code builds fine for me on OSX 1.7.0_21-b12
Jar, tarball contents, notice, license look fine.
Sigs, hashes are good.
+0 instead of +1 because the title on the release notes is incorrect
- should be 1.6.

One thing to verify:  the manifest says the build was done using
1.6.0_27.  Is that recent enough to include the fix for the javadoc
XSS vulnerabilty?

Phil

Phil
>
>   Thanks!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message