Re: [validator] Collections 4
well if you be very hurry you can use a fork for some months... (like what I did for tomcat&maven... From: Josh Fenlason Sent: Tuesday, October 1, 2024 11:40:58 PM To: Commons Developers List Subject: RE: [validator] Collections 4 Gary, I appreciate all the work you put into the various Apache Commons projects, so I hope this does not sound ungrateful. I would like to ask what can be done to increase the urgency for releasing Validator 2.0. Due to requirements from our public sector customers, we need be STIG compliant (https://www.stigviewer.com/controls/800-53/SA-22) and the age of the latest Validator release is impeding that. Based on the activity on the mailing list it appears that there are several others that are in a similar situation. I know that you have been doing some work in this regard and already do a lot for other Apache Commons projects as well, so I am not coming and asking you to handle this all on your own. There are several in the community who are offering to help get Validator 2 out the door. I would like to respectfully ask what I can be doing to hasten the new release by the end of October at the latest so I can avoid having to do my own fork of the library. Thanks, Josh. -Original Message- From: Gary Gregory Sent: Wednesday, September 25, 2024 3:24 PM To: Commons Developers List Subject: Re: [validator] Collections 4 CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you believe this is a phishing email, use the Report to Cybersecurity icon in Outlook. On Wed, Sep 25, 2024 at 4:06 PM Josh Fenlason wrote: > > Is the Validator 2.0 release still being planned for the near future? Yes, maybe within a month or so. > > Is that PR for moving the Commons Collections dependency from 3 to 4 still in > active? Or would it help for someone to take another pass at that? No, this will be done as part of 2.0. > > The package structure still needs to be updated from > "org.apache.commons.validator" to "org.apache.commons.validator2", correct? > Would it help if I created a PR to do that? No, because this will touch every single file and will make a PR too hard and tedious to review (all files will be deleted and added). Gary > > Josh. > > -Original Message- > From: Josh Fenlason > Sent: Wednesday, September 11, 2024 9:46 AM > To: Commons Developers List > Subject: RE: [validator] Collections 4 > > > CAUTION: This email originated from outside the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. If you believe this is a phishing email, use the Report to > Cybersecurity icon in Outlook. > > > > I was looking through the jira items for validator. > > I see one item that looks like it would be necessary for a Validator 2.X > release, VALIDATOR-390, for updating to Commons Collections 4. I see a > relatively recent PR, https://github.com/apache/commons-validator/pull/53, > for that though. I know that breaks binary compatibility an would therefore > require a new Validator 2 release. Since it looks like there is momentum for > that, is the plan to accept that PR? Or is a different solution necessary > for that? > > One other thing is that I believe the convention is for new major releases to > bump the version in the package name, refactoring from > "org.apache.commons.validator" to "org.apache.commons.validator2", correct? > I am not seeing a jira item for that. Did I miss it? Would it be helpful > for me to create a PR with that refactoring? > > Thanks, > Josh. > > -Original Message- > From: Gary D. Gregory > Sent: Wednesday, September 4, 2024 8:32 AM > To: dev@commons.apache.org > Subject: RE: [validator] Collections 4 > > > CAUTION: This email originated from outside the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. If you believe this is a phishing email, use the Report to > Cybersecurity icon in Outlook. > > > > On 2024/09/03 19:54:05 Josh Fenlason wrote: > > That is great to hear! Is there anything I can do to assist with that? > > Watch this list and test builds and release candidates when they become > available. > > You can also scan Jira and pull requests on GitHub and see if anything > catches your eye. > > Gary > > > > > -Original Message- > > From: Gary Gregory > > Sent: Tuesday, September 3, 2024 2:53 PM > > To: Commons Developers List > > Subject: Re: [validator] Collections 4 > > > > > > CAUTION: This email originated from outside the organization. Do not click > > links or open attachments unless you recognize the sender and know the > > content is safe. If you believe this is a phishing email, use the Report to > > Cybersecurity icon in Outlook. > > > > > > > > I am planning on what will
Re: [validator] Collections 4
after all a nexus server is easy to setup... From: Xeno Amess Sent: Wednesday, October 2, 2024 1:41:40 AM To: Commons Developers List Subject: Re: [validator] Collections 4 well if you be very hurry you can use a fork for some months... (like what I did for tomcat&maven... From: Josh Fenlason Sent: Tuesday, October 1, 2024 11:40:58 PM To: Commons Developers List Subject: RE: [validator] Collections 4 Gary, I appreciate all the work you put into the various Apache Commons projects, so I hope this does not sound ungrateful. I would like to ask what can be done to increase the urgency for releasing Validator 2.0. Due to requirements from our public sector customers, we need be STIG compliant (https://www.stigviewer.com/controls/800-53/SA-22) and the age of the latest Validator release is impeding that. Based on the activity on the mailing list it appears that there are several others that are in a similar situation. I know that you have been doing some work in this regard and already do a lot for other Apache Commons projects as well, so I am not coming and asking you to handle this all on your own. There are several in the community who are offering to help get Validator 2 out the door. I would like to respectfully ask what I can be doing to hasten the new release by the end of October at the latest so I can avoid having to do my own fork of the library. Thanks, Josh. -Original Message- From: Gary Gregory Sent: Wednesday, September 25, 2024 3:24 PM To: Commons Developers List Subject: Re: [validator] Collections 4 CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you believe this is a phishing email, use the Report to Cybersecurity icon in Outlook. On Wed, Sep 25, 2024 at 4:06 PM Josh Fenlason wrote: > > Is the Validator 2.0 release still being planned for the near future? Yes, maybe within a month or so. > > Is that PR for moving the Commons Collections dependency from 3 to 4 still in > active? Or would it help for someone to take another pass at that? No, this will be done as part of 2.0. > > The package structure still needs to be updated from > "org.apache.commons.validator" to "org.apache.commons.validator2", correct? > Would it help if I created a PR to do that? No, because this will touch every single file and will make a PR too hard and tedious to review (all files will be deleted and added). Gary > > Josh. > > -Original Message- > From: Josh Fenlason > Sent: Wednesday, September 11, 2024 9:46 AM > To: Commons Developers List > Subject: RE: [validator] Collections 4 > > > CAUTION: This email originated from outside the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. If you believe this is a phishing email, use the Report to > Cybersecurity icon in Outlook. > > > > I was looking through the jira items for validator. > > I see one item that looks like it would be necessary for a Validator 2.X > release, VALIDATOR-390, for updating to Commons Collections 4. I see a > relatively recent PR, https://github.com/apache/commons-validator/pull/53, > for that though. I know that breaks binary compatibility an would therefore > require a new Validator 2 release. Since it looks like there is momentum for > that, is the plan to accept that PR? Or is a different solution necessary > for that? > > One other thing is that I believe the convention is for new major releases to > bump the version in the package name, refactoring from > "org.apache.commons.validator" to "org.apache.commons.validator2", correct? > I am not seeing a jira item for that. Did I miss it? Would it be helpful > for me to create a PR with that refactoring? > > Thanks, > Josh. > > -Original Message- > From: Gary D. Gregory > Sent: Wednesday, September 4, 2024 8:32 AM > To: dev@commons.apache.org > Subject: RE: [validator] Collections 4 > > > CAUTION: This email originated from outside the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. If you believe this is a phishing email, use the Report to > Cybersecurity icon in Outlook. > > > > On 2024/09/03 19:54:05 Josh Fenlason wrote: > > That is great to hear! Is there anything I can do to assist with that? > > Watch this list and test builds and release candidates when they become > available. > > You can also scan Jira and pull requests on GitHub and see if anything > catches your eye. > > Gary > > > > > -Original Message- > > From: Gary Gregory > > Sent: Tuesday, September 3, 2024 2:53 PM > > To: Commons Developers List > > Subject: Re: [validator] Collections 4 > > > > > > CAUTION: This email originated from outside the organization. Do not click > > links or open attachm
RE: [validator] Collections 4
Gary, I appreciate all the work you put into the various Apache Commons projects, so I hope this does not sound ungrateful. I would like to ask what can be done to increase the urgency for releasing Validator 2.0. Due to requirements from our public sector customers, we need be STIG compliant (https://www.stigviewer.com/controls/800-53/SA-22) and the age of the latest Validator release is impeding that. Based on the activity on the mailing list it appears that there are several others that are in a similar situation. I know that you have been doing some work in this regard and already do a lot for other Apache Commons projects as well, so I am not coming and asking you to handle this all on your own. There are several in the community who are offering to help get Validator 2 out the door. I would like to respectfully ask what I can be doing to hasten the new release by the end of October at the latest so I can avoid having to do my own fork of the library. Thanks, Josh. -Original Message- From: Gary Gregory Sent: Wednesday, September 25, 2024 3:24 PM To: Commons Developers List Subject: Re: [validator] Collections 4 CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you believe this is a phishing email, use the Report to Cybersecurity icon in Outlook. On Wed, Sep 25, 2024 at 4:06 PM Josh Fenlason wrote: > > Is the Validator 2.0 release still being planned for the near future? Yes, maybe within a month or so. > > Is that PR for moving the Commons Collections dependency from 3 to 4 still in > active? Or would it help for someone to take another pass at that? No, this will be done as part of 2.0. > > The package structure still needs to be updated from > "org.apache.commons.validator" to "org.apache.commons.validator2", correct? > Would it help if I created a PR to do that? No, because this will touch every single file and will make a PR too hard and tedious to review (all files will be deleted and added). Gary > > Josh. > > -Original Message- > From: Josh Fenlason > Sent: Wednesday, September 11, 2024 9:46 AM > To: Commons Developers List > Subject: RE: [validator] Collections 4 > > > CAUTION: This email originated from outside the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. If you believe this is a phishing email, use the Report to > Cybersecurity icon in Outlook. > > > > I was looking through the jira items for validator. > > I see one item that looks like it would be necessary for a Validator 2.X > release, VALIDATOR-390, for updating to Commons Collections 4. I see a > relatively recent PR, https://github.com/apache/commons-validator/pull/53, > for that though. I know that breaks binary compatibility an would therefore > require a new Validator 2 release. Since it looks like there is momentum for > that, is the plan to accept that PR? Or is a different solution necessary > for that? > > One other thing is that I believe the convention is for new major releases to > bump the version in the package name, refactoring from > "org.apache.commons.validator" to "org.apache.commons.validator2", correct? > I am not seeing a jira item for that. Did I miss it? Would it be helpful > for me to create a PR with that refactoring? > > Thanks, > Josh. > > -Original Message- > From: Gary D. Gregory > Sent: Wednesday, September 4, 2024 8:32 AM > To: dev@commons.apache.org > Subject: RE: [validator] Collections 4 > > > CAUTION: This email originated from outside the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. If you believe this is a phishing email, use the Report to > Cybersecurity icon in Outlook. > > > > On 2024/09/03 19:54:05 Josh Fenlason wrote: > > That is great to hear! Is there anything I can do to assist with that? > > Watch this list and test builds and release candidates when they become > available. > > You can also scan Jira and pull requests on GitHub and see if anything > catches your eye. > > Gary > > > > > -Original Message- > > From: Gary Gregory > > Sent: Tuesday, September 3, 2024 2:53 PM > > To: Commons Developers List > > Subject: Re: [validator] Collections 4 > > > > > > CAUTION: This email originated from outside the organization. Do not click > > links or open attachments unless you recognize the sender and know the > > content is safe. If you believe this is a phishing email, use the Report to > > Cybersecurity icon in Outlook. > > > > > > > > I am planning on what will likely be a new major version as we cannot break > > binary compatibility. Maybe within the next few weeks. > > > > Gary > > > > On Tue, Sep 3, 2024, 3:10 PM Josh Fenlason > > wrote: > > > > > I have requirements to eliminate collections3 from my project. > > > T
RE: [beanutils] For 2.0, WeakFastHashMap vs ConcurrentHashMap
Gary, I appreciate all the work you put into the various Apache Commons projects, so I hope this does not sound ungrateful. I would like to ask what can be done to increase the urgency for releasing BeanUtils 2.0. Due to requirements from our public sector customers, we need be STIG compliant (https://www.stigviewer.com/controls/800-53/SA-22) and the age of the latest BeanUtil release is impeding that. Based on the activity on the mailing list it appears that there are several others that are in a similar situation. I know that you have been doing some work in this regard and already do a lot for other Apache Commons projects as well, so I am not coming and asking you to handle this all on your own. There are several in the community who are offering to help get BeanUtils 2 out the door. I would like to respectfully ask what I can be doing to hasten the new release by the end of October at the latest so I can avoid having to do my own fork of the library. Thanks, Josh. -Original Message- From: Josh Fenlason Sent: Wednesday, September 25, 2024 3:25 PM To: Commons Developers List Subject: RE: [beanutils] For 2.0, WeakFastHashMap vs ConcurrentHashMap CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you believe this is a phishing email, use the Report to Cybersecurity icon in Outlook. Sounds good. I'll keep an eye out for it. -Original Message- From: Gary Gregory Sent: Wednesday, September 25, 2024 3:22 PM To: Commons Developers List Subject: Re: [beanutils] For 2.0, WeakFastHashMap vs ConcurrentHashMap CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you believe this is a phishing email, use the Report to Cybersecurity icon in Outlook. I'll ping this thread when there is something in git master to test in more depth. Gary On Wed, Sep 25, 2024 at 4:01 PM Josh Fenlason wrote: > > Excellent, thanks for that encouraging update! Is there anything I can > assist with? > Josh. > > -Original Message- > From: Gary Gregory > Sent: Wednesday, September 25, 2024 2:52 PM > To: Commons Developers List > Subject: Re: [beanutils] For 2.0, WeakFastHashMap vs ConcurrentHashMap > > > CAUTION: This email originated from outside the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. If you believe this is a phishing email, use the Report to > Cybersecurity icon in Outlook. > > > > FWIW, I have a patch in progress using the Apache Grooy's version of the > class, so licensing will not be an issue, Apache to Apache. > > If you look at the recent commits in git master, you'll see that I've started > adding missing tests we need before we add anything else... > > I also have tests written that fit in the existing test framework. > These will likely need to be beefed up. I saw zero tests for this class in > the Groovy code base. > > Stay tuned. > > Gary > > On Wed, Sep 25, 2024 at 3:37 PM Josh Fenlason > wrote: > > > > Are legal concerns of using Netty's ConcurrentWeakKeyHashMap the only issue > > with Melloware's PR (https://github.com/apache/commons-beanutils/pull/56) > > from a couple of years ago? That PR mentions > > http://creativecommons.org/licenses/publicdomain for details on the > > license, which unfortunately no longer works. However, looking at the > > Netty source > > (https://github.com/netty/netty/blob/3.9/src/main/java/org/jboss/netty/util/internal/ConcurrentWeakKeyHashMap.java), > > they have an Apache 2 license. Doesn't that alleviate any license > > concerns? Can we resuscitate Melloware's PR and wrap up this issue? > > Thanks, > > Josh. > > > > -Original Message- > > From: Gary Gregory > > Sent: Monday, September 16, 2024 4:26 PM > > To: Commons Developers List > > Subject: Re: [beanutils] For 2.0, WeakFastHashMap vs > > ConcurrentHashMap > > > > > > CAUTION: This email originated from outside the organization. Do not click > > links or open attachments unless you recognize the sender and know the > > content is safe. If you believe this is a phishing email, use the Report to > > Cybersecurity icon in Outlook. > > > > > > > > Which points to: > > https://issu/ > > es.apache.org%2Fjira%2Fbrowse%2FBEANUTILS-509&data=05%7C02%7CJosh.Fe > > nl > > ason%40veritas.com%7C594b7769bda54bbd892d08dcdd9ba40c%7Cfc8e13c0422c > > 4c > > 55b3eaca318e6cac32%7C0%7C0%7C638628907749754165%7CUnknown%7CTWFpbGZs > > b3 > > d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D > > %7 > > C0%7C%7C%7C&sdata=SGR%2B0SfgS%2F7gmd8VCPOlTmmlwQQNNp77J05QI5fFaBc%3D > > &r > > eserved=0 > > > > Gary > > > > On Mon, Sep 16, 2024, 5:24 PM Gary Gregory wrote: > > > > > Related: > > > https://issu/ > > > es.apache.org%2Fjira%2Fbrowse%2FC
