On Tue, Mar 12, 2024 at 3:02 PM Christopher Schultz <ch...@christopherschultz.net> wrote: > > Mark, > > On 3/12/24 05:00, Mark Thomas wrote: > > On 11/03/2024 21:38, schu...@apache.org wrote: > >> This is an automated email from the ASF dual-hosted git repository. > >> > >> schultz pushed a commit to branch main > >> in repository https://gitbox.apache.org/repos/asf/tomcat.git > >> > >> commit 3ab883aa746a5c577efa39d9080858e53ca77da6 > >> Author: Christopher Schultz <ch...@christopherschultz.net> > >> AuthorDate: Mon Mar 11 17:38:01 2024 -0400 > >> > >> Add checking for the age of the Tomcat version running and warn > >> if it's getting old. > > > > How do I disable this check if I don't want to use it? I'd expect > > something like set it to "-1". > > I could add a special case for "disable" or you could set it to a very > high value. > > If your Tomcat installation is still running in 32768 days, you > certainly won't give a damn if it starts issuing warnings.
I don't like this either. It might get me into real trouble with my downstream, actually. Unless there's a security issue, I think people don't really really have to upgrade working production systems that often. For example, between 9.0.62 and 9.0.71, no CVEs above low. And even if there was most often a user will not be affected. Upgrading costs testing and resources, so ... I'm not advocating that users should never upgrade, but building in a nag by default is not great. Esp 6 months. By the time things are upgraded they will start nagging again the next day pretty much. Then a warn log about security often cannot be simply ignored. Rémy > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
