RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-04-30 Thread Michael Glavassevich 
I have asked security@ for guidance on what to do next.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

David Dillard  wrote on 04/30/2018 11:02:28 AM:

> From: David Dillard 
> To: "j-...@xerces.apache.org" , 
> "muk...@apache.org" , "priv...@xerces.apache.org"
> , "j-users@xerces.apache.org"  us...@xerces.apache.org>
>
> Date: 04/30/2018 11:32 AM
> Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> I asked before about getting a CVE for the issue I raised that was 
> fixed, and about a security advisory.  I don’t recall seeing a response.
> 
> Can that please be done as well?  I don’t know what the internal 
> Apache process is for getting CVEs, but there’s got to be one.
> 
> 
> From: Mukul Gandhi [mailto:muk...@apache.org] 
> Sent: Sunday, April 29, 2018 11:45 PM
> To: j-...@xerces.apache.org; priv...@xerces.apache.org; j-
> us...@xerces.apache.org
> Subject: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> Hi all,
>The vote to release Xerces-J 2.12.0 resulted in 3 +1 votes (all 
> from PMC members) and no other votes:
> 
> +1 by:
> Gareth Reakes (PMC)
> Michael Glavassevich (PMC)
> Mukul Gandhi (PMC)
> 
> The release should be up on the mirror sites very soon.
> 
> 
> On Mon, Apr 23, 2018 at 5:36 PM, Mukul Gandhi  wrote:
> Hi all,
>The 1st voting for Xerces-J 2.12.0 release was stopped, due to 
> certain issues that were in the release candidates (RC) that were 
> found by the reviewers ([5]). Those have been fixed now, and I'm 
> initiating this new mail for the Vote for new RC.
> 
> I've uploaded Xerces-J 2.12.0 release candidates (the revised one) 
> to [1] for review. In this release candidate there are two sets of 
> packages, the main release built from the trunk [2] and the XML 
> Schema 1.1 release built from the XML Schema 1.1 development branch 
> [3]. The change summary is available here [4] in JIRA. 81 issues 
> (plus issues that were mentioned, during the review of 1st RC) were 
resolved.
> 
> Test results have been looking good, so I'd like to call an official
> vote now on the release.
> 
> To start, here's my +1.
> 
> Great work everyone.
> 
> [1] https://dist.apache.org/repos/dist/dev/xerces/j/2.12.0/
> Revision 26468
> 
> [2] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0/
> Directory revision: 1829687 (of 1829689)
> 
> [3] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0-
> xml-schema-1.1/
> Directory revision: 1829688 (of 1829689)
> 
> [4] https://issues.apache.org/jira/secure/ReleaseNote.jspa?
> projectId=10520&version=12336542
> 
> [5] https://markmail.org/message/54obpdyqrn6nfzgi : discussion about
> previous RC, suggesting a revote
> 
> [6] Deleting .md5 hash files from the RC distribution at, https://
> dist.apache.org/repos/dist/dev/xerces/j/2.12.0/. Mentioned Revision 
> number in point [1] above. (suggestions from sebb, seb...@gmail.com 
> during this voting)
> 
> 

> 
> -- 
> Regards,
> Mukul Gandhi

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-04-30 Thread David Dillard 
I asked before about getting a CVE for the issue I raised that was fixed, and 
about a security advisory.  I don’t recall seeing a response.

Can that please be done as well?  I don’t know what the internal Apache process 
is for getting CVEs, but there’s got to be one.


From: Mukul Gandhi [mailto:muk...@apache.org]
Sent: Sunday, April 29, 2018 11:45 PM
To: j-...@xerces.apache.org; priv...@xerces.apache.org; 
j-users@xerces.apache.org
Subject: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

Hi all,
   The vote to release Xerces-J 2.12.0 resulted in 3 +1 votes (all from PMC 
members) and no other votes:



+1 by:

Gareth Reakes (PMC)

Michael Glavassevich (PMC)

Mukul Gandhi (PMC)



The release should be up on the mirror sites very soon.


On Mon, Apr 23, 2018 at 5:36 PM, Mukul Gandhi 
mailto:muk...@apache.org>> wrote:
Hi all,
   The 1st voting for Xerces-J 2.12.0 release was stopped, due to certain 
issues that were in the release candidates (RC) that were found by the 
reviewers ([5]). Those have been fixed now, and I'm initiating this new mail 
for the Vote for new RC.

I've uploaded Xerces-J 2.12.0 release candidates (the revised one) to [1] for 
review. In this release candidate there are two sets of packages, the main 
release built from the trunk [2] and the XML Schema 1.1 release built from the 
XML Schema 1.1 development branch [3]. The change summary is available here [4] 
in JIRA. 81 issues (plus issues that were mentioned, during the review of 1st 
RC) were resolved.

Test results have been looking good, so I'd like to call an official vote now 
on the release.

To start, here's my +1.

Great work everyone.

[1] https://dist.apache.org/repos/dist/dev/xerces/j/2.12.0/
Revision 26468

[2] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0/
Directory revision: 1829687 (of 1829689)

[3] 
http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0-xml-schema-1.1/
Directory revision: 1829688 (of 1829689)

[4] 
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10520&version=12336542

[5] https://markmail.org/message/54obpdyqrn6nfzgi : discussion about previous 
RC, suggesting a revote

[6] Deleting .md5 hash files from the RC distribution at, 
https://dist.apache.org/repos/dist/dev/xerces/j/2.12.0/. Mentioned Revision 
number in point [1] above. (suggestions from sebb, 
seb...@gmail.com during this voting)




--
Regards,
Mukul Gandhi

Re: [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-04-30 Thread Mukul Gandhi 
Hi all,
   Presently we're experiencing some issues, making Xerces-J 2.12.0 files
available at http://xerces.apache.org/mirrors.cgi. We're seeking help from
Henk (apache infra, and other members of private@xerces group).

We'll let everybody know, when these issues are resolved.

On Mon, Apr 30, 2018 at 9:15 AM, Mukul Gandhi  wrote:

> Hi all,
>The vote to release Xerces-J 2.12.0 resulted in 3 +1 votes (all from
> PMC members) and no other votes:
>
> +1 by: Gareth Reakes (PMC) Michael Glavassevich (PMC) Mukul Gandhi (PMC)
>
> The release should be up on the mirror sites very soon.
>



-- 
Regards,
Mukul Gandhi