Hi Piotr, Thank you for the detailed review. I'll make adjustments based on your comments after the release.
Gary On Sun, Jul 27, 2025 at 8:01 AM Piotr P. Karwasz <pi...@mailing.copernik.eu> wrote: > Hi Gary, > > On 26.07.2025 23:04, Gary Gregory wrote: > > JApiCmp Report (compared to 1.27.1): > > > > > https://dist.apache.org/repos/dist/dev/commons/compress/1.28.0-RC1/site/japicmp.html > > +1 (binding): release the artifacts. > > I conducted the following checks: > > - Verified checksums and signatures for source and binary archives. > > - Reproduced the Maven artifacts using: Debian 12, Maven 3.9.9, JDK 21, > TZ=UTC, and umask 0022. > > - Ran unit tests successfully. > > - Reviewed the RAT (license) report. > > - Reviewed API compatibility using JApiCmp and confirmed results with > BND Baseline. > > The JApiCmp report is somewhat tricky to interpret, as it lists several > methods as `REMOVED`: > > > https://dist.apache.org/repos/dist/dev/commons/compress/1.28.0-RC1/site/japicmp.html > > In reality, these methods have been *relocated*, not removed: > > - `ArchiveOutputStream` and `CompressorOutputStream`: methods were moved > to the new `CompressFilterOutputStream` class. > > - `LZ77Compressor.BackReference`, `LiteralBlock`, and `EOD`: affected > methods were moved to `LZ77Compressor.AbstractReference`. > > Note: The Javadoc for `AbstractReference` appears to be copy-pasted and > lacks an `@since 1.28.0` annotation. > > To confirm binary compatibility, I ran a BND Baseline check, and the > results were satisfactory. > > Comments on the release notes: > > - The notes are extremely detailed, listing individual additions like > `GzipParameters.getModificationInstant` and `setModificationInstant`. > > - They also include minor documentation and Javadoc improvements. > > - While this level of granularity might be appreciated by contributors, > it may be hard for users outside the project to quickly assess the > significance of the release. Some grouping would be very appreciated. > > Since this release indirectly “addresse” a *non-exploitable* CVE in > `commons-lang3`, it may be helpful to highlight changes such as > deprecations, especially for users who enforce strict policies against > using deprecated methods. > > Best regards, > Piotr > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
