<rant mode> I don't know why people have the impression that they need support or some special motivation when voting on a proposal.
Yes - your admin tool argument doesn't make sense. You can easily precompile the admintool ( and we should do it anyway ) and run it in the JSR154-only container - if you want to. And I don't think including it in the minimal is a good idea either ( if it can run without it, then it shouldn't be in "minimal" ). The vote was about creating a separate distribution of tomcat with certain content. You can vote +1 or -1 if you want to influence the result, or -0 or +0 if you don't want to change the result, but still want to say you agree or not. If you had a bad dream about it last night or you feel it will confuse users or whatever - it doesn't matter, this is not a veto but a majority decision on a proposal. And a +1 doesn't mean ( in this case ) that you'll have to help. It has this meaning ( in tomcat at least ) only on the final vote to release. A +1 only means that you feel it is a good idea and will make tomcat better. Has everyone lost interest in tomcat and doesn't care what happens ? This open source stuff and majority vote and so on doesn't work if people don't participate. I can understand that we all have little time - but at least read the proposals ( marked with [VOTE] or [PROPOSAL] so you can set your mailer and ignore everything else ) and send your opinion. A simple +-1, +-0 is enough and shouldn't consume that much time. One concern I had about Jon's proposal is the tensions it may create among committers, and especially those that work or use jasper. If their answer is "we don't give a damn about tomcat releases" - then I'm wrong. My other concern is that users will be confused if they have N downloads to choose from, and our efforts on documenting and testing will be diluted if we have N releases each with 3 people working on them. Costin Jeanfrancois Arcand wrote: > OK, seems I don't have any supports to stay with my -1 (seems nobody > care about the AdminTool argument :-)). So I will change my mind and > vote 0. > > -- Jeanfrancois > > Pier Fumagalli wrote: > >>On 10/12/02 0:30 "Jeanfrancois Arcand" <[EMAIL PROTECTED]> wrote: >> >> >> >>>>Now, don't tell me that ALL that collection of cruft doesn't have a >>>>bug... It's just that we are lucky and noone found them yet (given >>>>enough eyes... Linus says)... >>>> >>>> >>>> >>>I never say that and I will never says that. But I least I have try >>>during the Security Audit to fix some of the obvious one. Still Tomcat >>>is probably not enough secure (and will never be). My point is if you >>>are aware of such obvious one, then let me know and I will fix them. >>> >>> >> >>You said (quote) "Jasper/AdminTool/etc. are secure"... That's a pretty >>bold statement. >> >>>From my experience, security audits and stuff are all right, until >>>someone >>doesn't call up at 3 AM saying "the server is down because of a DOS"... >>Nah, I don't like being woken up in the middle of the night... >> >> >> >>>But I don't think Tomcat is more secure without JSP.... I know, I know, >>>what I think you don't care :-) >>> >>> >> >>The bible (for us Sun customers, _your_ customers): >> >><http://wwws.sun.com/software/security/blueprints/#minimum> >> >> >> >>>"Solaris Operating Environment Minimization for Security: A Simple, >>>Reproducible and Secure Application Installation Methodology >>>- Updated for the Solaris 8 Operating Environment" >>>- November 2000 >>>- by Alex Noordergraaf >>> >>>Discusses the process of minimizing an installation of the Solaris >>>Operating Environment. Mimimization is the process of removing all >>>unnecessary components and services from the Solaris software to reduce >>>system vulnerabilities. Also introduces a simple technique for >>>replicating these types of installations across a large number of >>>systems. >>> >>> >> >>_YOUR_ security folks tought me that... Go and talk to them, they're down >>in SCA-7 if I'm not wrong... Paranoia is an irreversible process for us on >>the line-of-fire. >> >> >> >>>>To sum up: rule of the thumb #3, less code, less bugs (you folks from >>>>Sun preach that all over your Solaris Blueprints stuff, I learnt it when >>>>your employer was paying my salary). >>>> >>>> >>>> >>>Wow, didn't know that... I've missed the chance to work with you :-) >>> >>> >> >>Don't worry, you would have _hated_ working with me (and proudly keeping >>up my record of being the most hated freak on the planet). >> >> >> >>>I should studies my Tomcat history and learn who is doing what, what >>>biases he/she have, and then vote appropriatly. >>> >>> >> >>Oh, no, I got paranoid after I left Sun and started working on the other >>side of the barricade... Trying to use in production what I was coding >>earlier... :-) >> >> >> >>>>So, please, donšt come up on a mailing list saying "that is secure", >>>>just say that "noone has found a bug yet", because that (and only that) >>>>is the truth... >>>> >>>> >>>> >>>I agree my wording was not appropriate. Should say that in french next >>>time :-) >>> >>> >> >>Pas de problemes (where are the accents on this keyboard?) >> >> Pier >> >> >>-- >>To unsubscribe, e-mail: >><mailto:[EMAIL PROTECTED]> For additional >>commands, e-mail: <mailto:[EMAIL PROTECTED]> >> >> >> >> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
