On 21/06/2024 15:35, Dimitris Soumis wrote:
Hi all,
I hope this message finds you well. I am writing to seek clarifications and
provide some suggestions regarding the Tomcat Native binary distributions.
Firstly, I have noticed that openssl.exe is included in the Tomcat Native
binary distributions. It appears that the .dll file is sufficient for the
component to function correctly. Thus, my question is why is openssl.exe
included in the distribution? If openssl.exe is not essential, it might be
worth considering its removal from the distribution to minimize the
vulnerability footprint.
Its inclusion predates me acting as release manager for Tomcat Native.
If I had to guess, I'd guess that it was included so folks on Windows
had an OpenSSL binary to use to work with keys, certificates, signing
requests etc.
Secondly, I observed that Tomcat Native 1.3.0 does not include the .pdb
file, which is present in version 2.0.7. I would like to confirm if this is
intentional.
No. That looks like an oversight.
Additionally, Tomcat Native 1.3.0 contains a deprecated VERSIONS file.
Could you be more specific about this.
I would also like to suggest pruning the "Building" and "Running the tests"
sections in the README.txt for both versions. These sections are not
applicable to the binary distribution and their exclusion could make the
documentation more concise and user-friendly.
I think separate README files for source and binary will be more work to
manage and also more error prone. It might be simpler to mark those
sections with "(source distribution only)" or similar.
Lastly, I noticed a minor issue, the NOTICE file for both releases contains
an outdated copyright date.
Could you be more specific. The NOTICE file in both tags looks to have
the correct date.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
