On Tue, Mar 9, 2021 at 11:16 PM sebb wrote:
>
> How often will the tool be run?
> How often does it need to be run?
OSS-Fuzz runs its fuzzers continuously and will automatically pick up
new project commits. I don't know its precise schedule, but I expect
every project to be fuzzed at least a coup
This VOTE passes with the following +1 votes:
- Bruno P. Kinoshita (binding)
- Matt Sicker (binding)
- Gary Gregory (binding)
In addition, Arturo Bernal said "Build OK from the tag '4fbaade0’
with ‘mvn test’"
Gary
On Wed, Mar 10, 2021 at 12:14 AM Gary Gregory wrote:
>
> My +1
>
> Gary
>
> On S
My +1
Gary
On Sat, Mar 6, 2021 at 9:59 PM Gary Gregory wrote:
>
> Hi All:
>
> We have fixed quite a few bugs and added some significant enhancements
> since Apache Commons VFS Project 2.7.0 was released, so I would like
> to release Apache Commons VFS Project 2.8.0.
>
> Apache Commons VFS Projec
Turns out that it is sufficient to rename additional top-level files
with the string 'license' in them.
(and update any references, of course)
However GH does not re-evaluate the license unless the file itself is touched.
All the components now show up as AL2.0 apart from math and weaver.
Not sur
How often will the tool be run?
How often does it need to be run?
On Tue, 9 Mar 2021 at 22:01, Matt Sicker wrote:
>
> Perhaps the output of this tool won't have nearly as much spam as
> Dependabot et al? If so, we could just use the security list.
>
> On Tue, 9 Mar 2021 at 15:48, sebb wrote:
> >
Perhaps the output of this tool won't have nearly as much spam as
Dependabot et al? If so, we could just use the security list.
On Tue, 9 Mar 2021 at 15:48, sebb wrote:
>
> On Tue, 9 Mar 2021 at 21:38, Gary Gregory wrote:
> >
> > What if we make the existing notification list private? Who uses t
On Tue, 9 Mar 2021 at 21:38, Gary Gregory wrote:
>
> What if we make the existing notification list private? Who uses that
> one and for what?
Not a good idea, as the contents are appropriate to developers not on the PMC.
> G
>
> On Tue, Mar 9, 2021 at 3:41 PM Torsten Curdt wrote:
> >
> > > At
What if we make the existing notification list private? Who uses that
one and for what?
G
On Tue, Mar 9, 2021 at 3:41 PM Torsten Curdt wrote:
>
> > At least for Compress I see value in Fuzz testing.
> > Any other opniions?
> >
>
> I totally see the value and it should go to a private list.
> At least for Compress I see value in Fuzz testing.
> Any other opniions?
>
I totally see the value and it should go to a private list.
On 2021-03-09, Gary Gregory wrote:
> A reminder that we can break our own builds by configuring maven plugins
> like spotbugs, pmd, and so on. If we need to configure another plugin to
> run in our builds to check for different errors, then let's consider that.
Fuzz testing need compute power bey
A reminder that we can break our own builds by configuring maven plugins
like spotbugs, pmd, and so on. If we need to configure another plugin to
run in our builds to check for different errors, then let's consider that.
Or any dev is free to do whatever outside of builds, but, that only leaves
ro
On Tue, Mar 9, 2021, 13:10 Stefan Bodewig wrote:
> On 2021-03-08, Gary Gregory wrote:
>
> > Note that we already have FIVE mailing lists:
>
> > commits
> > dev
> > issues
> > notifications
> > user
>
> which are all public
>
> > PLUS, private and security.
>
> subscribers of which will probably n
Understood, thanks for the clarification.
Gary
On Tue, Mar 9, 2021, 12:12 sebb wrote:
> I was also trying to prod GH to re-evaluate the license...
>
> On Tue, 9 Mar 2021 at 17:10, Gary Gregory wrote:
> >
> > Note that our release plugin does that ;-)
> >
> > Gary
> >
> > On Tue, Mar 9, 2021, 1
Awesome, thank you Sebb!
Gary
On Tue, Mar 9, 2021, 12:11 sebb wrote:
> Good idea.
>
> I have done that for commons-codec, and GH has now agreed to use AL2.0
>
> However it did seem to need a dummy change to the LICENSE file to
> re-evaluate the license.
>
> I'll see about fixing the others
>
>
On 2021-03-08, Gary Gregory wrote:
> Note that we already have FIVE mailing lists:
> commits
> dev
> issues
> notifications
> user
which are all public
> PLUS, private and security.
subscribers of which will probably not like to receive automated emails.
> Do we really want a SIXTH? Can't thi
I was also trying to prod GH to re-evaluate the license...
On Tue, 9 Mar 2021 at 17:10, Gary Gregory wrote:
>
> Note that our release plugin does that ;-)
>
> Gary
>
> On Tue, Mar 9, 2021, 12:04 wrote:
>
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > sebb pushed
Good idea.
I have done that for commons-codec, and GH has now agreed to use AL2.0
However it did seem to need a dummy change to the LICENSE file to
re-evaluate the license.
I'll see about fixing the others
On Tue, 9 Mar 2021 at 01:15, Melloware Inc wrote:
>
> In commons beanutils we recommend
Note that our release plugin does that ;-)
Gary
On Tue, Mar 9, 2021, 12:04 wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> sebb pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/commons-codec.git
>
>
> The following commit(s) w
On Tue, 9 Mar 2021 at 12:51, Gilles Sadowski wrote:
>
> Le mar. 9 mars 2021 à 11:58, sebb a écrit :
> >
> > On Tue, 9 Mar 2021 at 01:39, Gilles Sadowski wrote:
> > >
> > > Le mar. 9 mars 2021 à 01:41, sebb a écrit :
> > > >
> > > > Most of the Commons projects show up in GitHub as having the Ap
Note that GitHub CI files are never in the root.
Gary
On Tue, Mar 9, 2021, 09:34 Emmanuel Bourg wrote:
> +1 for moving these files elsewhere. The project root should just
> contain the pom.xml, license, notice, readme and CI files.
>
> Emmanuel Bourg
>
> Le 09/03/2021 à 02:15, Melloware Inc a é
+1 for moving these files elsewhere. The project root should just
contain the pom.xml, license, notice, readme and CI files.
Emmanuel Bourg
Le 09/03/2021 à 02:15, Melloware Inc a écrit :
> In commons beanutils we recommend using /src/conf for these type of files.
>
> Sent from my iPhone
>
>> O
I think we should try and get rid of these -header.txt files, there must be
a way since not all components use them.
Gary
On Mon, Mar 8, 2021, 19:41 sebb wrote:
> Most of the Commons projects show up in GitHub as having the Apache 2.0
> License
>
> However a few show up as 'other':
>
> commons
Le mar. 9 mars 2021 à 11:58, sebb a écrit :
>
> On Tue, 9 Mar 2021 at 01:39, Gilles Sadowski wrote:
> >
> > Le mar. 9 mars 2021 à 01:41, sebb a écrit :
> > >
> > > Most of the Commons projects show up in GitHub as having the Apache 2.0
> > > License
> > >
> > > However a few show up as 'other':
On Tue, 9 Mar 2021 at 01:39, Gilles Sadowski wrote:
>
> Le mar. 9 mars 2021 à 01:41, sebb a écrit :
> >
> > Most of the Commons projects show up in GitHub as having the Apache 2.0
> > License
> >
> > However a few show up as 'other':
> >
> > commons-codec
> > commons-csv
> > commons-dbutils
> >
24 matches
Mail list logo
