Update on 4.5.4 release?

Post by Peter Lynch
Hi Oleg,
I've seen the message a while back where version 5a3 release had higher
priority over releasing 4.5.4.
http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/201710.mbox/%3C1507798428.15620.5.camel%40apache.org%3E
We are using 4.5.2 in Nexus Repository Manager. 4.5.3 has some nice SSL
related fixes we wanted to pick up, but it also had a regression introduced
https://issues.apache.org/jira/browse/HTTPCLIENT-1831 that is fixed in
4.5.4 . The regression breaks a lot of of our integration tests.
It seems a bit odd a minor fix release with regressions is not
released
before an alpha major version is released, but I am not the one doing the
releasing - easy for me to say. :)
Are you still taking the same release approach this day? Anything I can do
to convince that 4.5.4 be released soon so we can roll more value out to
our customers?

Hi Peter

Not so long ago Sonatype as a commercial entity was openly hostile to
this project. I am sorry if that sounds harsh, but personally I am not
going to do anything to advance commercial interests of an unfriendly
company.

Oleg

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-***@hc.apache.org
For additional commands, e-mail: httpclient-users-***@hc.apache.org

Christopher Schultz

2017-11-25 14:57:39 UTC

Oleg,

Post by Oleg Kalnichevski

Post by Peter Lynch
Hi Oleg,
I've seen the message a while back where version 5a3 release had higher
priority over releasing 4.5.4.
http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/201710.mbox/%3C1507798428.15620.5.camel%40apache.org%3E
We are using 4.5.2 in Nexus Repository Manager. 4.5.3 has some nice SSL
related fixes we wanted to pick up, but it also had a regression introduced
https://issues.apache.org/jira/browse/HTTPCLIENT-1831 that is fixed in
4.5.4 . The regression breaks a lot of of our integration tests.
It seems a bit odd a minor fix release with regressions is not released
before an alpha major version is released, but I am not the one doing the
releasing - easy for me to say. :)
Are you still taking the same release approach this day? Anything I can do
to convince that 4.5.4 be released soon so we can roll more value out to
our customers?

Hi Peter
Not so long ago Sonatype as a commercial entity was openly hostile to
this project.

Reference?

Post by Oleg Kalnichevski
I am sorry if that sounds harsh, but personally I am not going to do
anything to advance commercial interests of an unfriendly company.

That's your prerogative, of course, but Peter doesn't necessarily
represent his company nor the other way round.

Peter, any committer can call for a release of any version/branch of any
project at any time. You can help by providing (non-binding) voting
feedback for any release proposed. If this community has a cold attitude
toward your employer, you can suggest to your employer that they attempt
to reach-out to this community in order to repair that relationship.

You are also free to use a manually-patched version of ASF-released
code. *shrug*

-chris

Brian Fox

2017-11-28 15:22:27 UTC

Post by Oleg Kalnichevski
Not so long ago Sonatype as a commercial entity was openly hostile to
this project.

Reference?

Post by Oleg Kalnichevski
I am sorry if that sounds harsh, but personally I am not going to do
anything to advance commercial interests of an unfriendly company.

That's your prerogative, of course, but Peter doesn't necessarily
represent his company nor the other way round.
Peter, any committer can call for a release of any version/branch of any
project at any time. You can help by providing (non-binding) voting
feedback for any release proposed. If this community has a cold attitude
toward your employer, you can suggest to your employer that they attempt
to reach-out to this community in order to repair that relationship.

Hi Oleg, I was really caught off guard by your assertion and am sorry you
feel that way. I'm one of the co-founders and CTO at Sonatype and I can't
ever recall a time where anyone was hostile towards http client.

I am still actively involved at Apache, through the Maven PMC, Creadur and
RAT PMCs and at Infra. We have many other developers who are contributors
and PMC members of various Apache projects. Sonatype the company sponsors
Apache through Infra donations and still provides the Central repository
for everyone to use. We've also helped report vulnerabilities that are
uncovered in our research and our CSO even fixed a Xalan vulnerability
since there were no devs left on the project.

In short, I believe Sonatype and our developers have a healthy and happy
relationship with Apache in general. If you believe otherwise, I'd be happy
to chat with you off list to understand your concerns.

--Brian

Gary Gregory

2017-11-28 15:28:44 UTC

Post by Oleg Kalnichevski
Not so long ago Sonatype as a commercial entity was openly hostile to
this project.

Reference?

Post by Oleg Kalnichevski
I am sorry if that sounds harsh, but personally I am not going to do
anything to advance commercial interests of an unfriendly company.

That's your prerogative, of course, but Peter doesn't necessarily
represent his company nor the other way round.
Peter, any committer can call for a release of any version/branch of any
project at any time. You can help by providing (non-binding) voting
feedback for any release proposed. If this community has a cold attitude
toward your employer, you can suggest to your employer that they attempt
to reach-out to this community in order to repair that relationship.

Hi Oleg, I was really caught off guard by your assertion and am sorry you
feel that way. I'm one of the co-founders and CTO at Sonatype and I can't
ever recall a time where anyone was hostile towards http client.
I am still actively involved at Apache, through the Maven PMC, Creadur and
RAT PMCs and at Infra. We have many other developers who are contributors
and PMC members of various Apache projects. Sonatype the company sponsors
Apache through Infra donations and still provides the Central repository
for everyone to use. We've also helped report vulnerabilities that are
uncovered in our research and our CSO even fixed a Xalan vulnerability
since there were no devs left on the project.

Is there a JIRA for that Xalan issue? I am on the Xalan PMC and while my
FOSS TODO list is long, I might be able to help at some point.

Gary

Post by Brian Fox
In short, I believe Sonatype and our developers have a healthy and happy
relationship with Apache in general. If you believe otherwise, I'd be happy
to chat with you off list to understand your concerns.
--Brian

Brian Fox

2017-11-28 15:40:05 UTC

Hi Gary, this was an issue in 2014 that Ryan Berg helped get fixed:
https://issues.apache.org/jira/browse/XALANJ-2435 (It looks like you were
working with him on the threads when I searched my archives)

Post by Oleg Kalnichevski
Not so long ago Sonatype as a commercial entity was openly hostile to
this project.

Reference?

Post by Oleg Kalnichevski
I am sorry if that sounds harsh, but personally I am not going to do
anything to advance commercial interests of an unfriendly company.

That's your prerogative, of course, but Peter doesn't necessarily
represent his company nor the other way round.
Peter, any committer can call for a release of any version/branch of

any

Post by Christopher Schultz
project at any time. You can help by providing (non-binding) voting
feedback for any release proposed. If this community has a cold

attitude

Post by Christopher Schultz
toward your employer, you can suggest to your employer that they

attempt

Post by Christopher Schultz
to reach-out to this community in order to repair that relationship.

and

Post by Brian Fox
RAT PMCs and at Infra. We have many other developers who are contributors
and PMC members of various Apache projects. Sonatype the company sponsors
Apache through Infra donations and still provides the Central repository
for everyone to use. We've also helped report vulnerabilities that are
uncovered in our research and our CSO even fixed a Xalan vulnerability
since there were no devs left on the project.

Is there a JIRA for that Xalan issue? I am on the Xalan PMC and while my
FOSS TODO list is long, I might be able to help at some point.
Gary

Post by Brian Fox
In short, I believe Sonatype and our developers have a healthy and happy
relationship with Apache in general. If you believe otherwise, I'd be

happy

Post by Brian Fox
to chat with you off list to understand your concerns.
--Brian

Gary Gregory

2017-11-28 15:53:45 UTC

Post by Brian Fox
https://issues.apache.org/jira/browse/XALANJ-2435 (It looks like you were
working with him on the threads when I searched my archives)

The important part is that we released the fix in 2.7.2 :-)

Gary

Post by Oleg Kalnichevski
Not so long ago Sonatype as a commercial entity was openly hostile

Post by Oleg Kalnichevski
this project.

Reference?

Post by Oleg Kalnichevski
I am sorry if that sounds harsh, but personally I am not going to

Post by Oleg Kalnichevski
anything to advance commercial interests of an unfriendly company.

That's your prerogative, of course, but Peter doesn't necessarily
represent his company nor the other way round.
Peter, any committer can call for a release of any version/branch of

any

Post by Christopher Schultz
project at any time. You can help by providing (non-binding) voting
feedback for any release proposed. If this community has a cold

attitude

Post by Christopher Schultz
toward your employer, you can suggest to your employer that they

attempt

Post by Christopher Schultz
to reach-out to this community in order to repair that relationship.

Hi Oleg, I was really caught off guard by your assertion and am sorry

you

Post by Brian Fox
feel that way. I'm one of the co-founders and CTO at Sonatype and I

can't

Post by Brian Fox
ever recall a time where anyone was hostile towards http client.
I am still actively involved at Apache, through the Maven PMC, Creadur

and

Post by Brian Fox
RAT PMCs and at Infra. We have many other developers who are

contributors