Costin Manolache wrote:
Aren't we in 'comit then review' mode for the trunk ?
Yes.
My understanding was that RTC is in effect for the stable releases, but not
the trunk,
and if there is no controversy ( and so far I think the only major issues
was
'don't touch file structure or break ant' ) -
Costin Manolache wrote:
Sorry, I haven't been paying attention to all the rule changes - if someone
could
post the short version, I'm quite interested - I plan to re-start
contributing few things and it
would be good to know the process.
trunk is CTR - normal veto rules apply
all release branch
any Manolache wrote:
BTW - can someone remove [EMAIL PROTECTED] from tomcat-dev ?
being done now.
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
BTW - can someone remove [EMAIL PROTECTED] from tomcat-dev ?
It's quite annoying, after each mail I get an auto-reply from them... I
don't think I have karma to do it.
Costin
On Wed, Apr 30, 2008 at 6:06 PM, Costin Manolache <[EMAIL PROTECTED]> wrote:
> On Wed, Apr 30, 2008 at 5:32 PM, Filip
On Wed, Apr 30, 2008 at 5:32 PM, Filip Hanik - Dev Lists <[EMAIL PROTECTED]>
wrote:
> Costin Manolache wrote:
>
> > Aren't we in 'comit then review' mode for the trunk ?
> >
> > My understanding was that RTC is in effect for the stable releases, but
> > not
> > the trunk,
> > and if there is no co
Costin Manolache wrote:
Aren't we in 'comit then review' mode for the trunk ?
My understanding was that RTC is in effect for the stable releases, but not
the trunk,
and if there is no controversy ( and so far I think the only major issues
was 'don't touch file structure or break ant' ) - he can
Aren't we in 'comit then review' mode for the trunk ?
My understanding was that RTC is in effect for the stable releases, but not
the trunk,
and if there is no controversy ( and so far I think the only major issues
was
'don't touch file structure or break ant' ) - he can just submit.
Sorry, I ha
Costin Manolache wrote:
On Wed, Apr 30, 2008 at 11:31 AM, Filip Hanik - Dev Lists <
[EMAIL PROTECTED]> wrote:
Costin Manolache wrote:
We already have eclipse files checked in AFAIK - that counts as the
second
build system.
We used to have makefiles too, also in parallel with ant (in
https://issues.apache.org/bugzilla/show_bug.cgi?id=43147
Mark Thomas <[EMAIL PROTECTED]> changed:
What|Removed |Added
Status|NEW |RESOLVED
https://issues.apache.org/bugzilla/show_bug.cgi?id=43327
Mark Thomas <[EMAIL PROTECTED]> changed:
What|Removed |Added
Status|NEW |RESOLVED
On Apr 30, 2008, at 10:28 AM, Costin Manolache wrote:
On Wed, Apr 30, 2008 at 1:00 AM, Peter Kriens <[EMAIL PROTECTED]>
wrote:
Regarding HttpService - I don't think it's a good idea for tomcat.
One of the major problems with OSGI ( and we need to make sure we
don't
fall
in this trap ) is t
On Wed, Apr 30, 2008 at 11:31 AM, Filip Hanik - Dev Lists <
[EMAIL PROTECTED]> wrote:
> Costin Manolache wrote:
>
> > We already have eclipse files checked in AFAIK - that counts as the
> > second
> > build system.
> > We used to have makefiles too, also in parallel with ant (in 3.0
> > times).
>
Costin Manolache wrote:
We already have eclipse files checked in AFAIK - that counts as the second
build system.
We used to have makefiles too, also in parallel with ant (in 3.0 times).
The goal IMO is that people who like to type mvn can do it - without any
guarantee that
the result will be id
On Wed, Apr 30, 2008 at 1:00 AM, Peter Kriens <[EMAIL PROTECTED]>
wrote:
> Regarding HttpService - I don't think it's a good idea for tomcat.
> > One of the major problems with OSGI ( and we need to make sure we don't
> > fall
> > in this trap ) is the re-invention of common APIs - logging, servle
https://issues.apache.org/bugzilla/show_bug.cgi?id=43153
Mark Thomas <[EMAIL PROTECTED]> changed:
What|Removed |Added
Status|NEW |RESOLVED
We already have eclipse files checked in AFAIK - that counts as the second
build system.
We used to have makefiles too, also in parallel with ant (in 3.0 times).
The goal IMO is that people who like to type mvn can do it - without any
guarantee that
the result will be identical with the official
Mark,
I agree with all of your comments 100%.
If you really wanted to conduct an in-depth security analysis, the best
bet is to hire a dedicated application security company to conduct a
targeted code review.
Most automated application security tools are crap. But for the sake of
academic r
Jim Manico wrote:
The Fortify Opensource project automatically scans the Tomcat codebase
on a regular basis.
This probably only gives you 10% security coverage at best, but it's a
free report form a $50k tool.
http://opensource.fortifysoftware.com
A great example of why I have don't have m
The Fortify Opensource project automatically scans the Tomcat codebase
on a regular basis.
This probably only gives you 10% security coverage at best, but it's a
free report form a $50k tool.
http://opensource.fortifysoftware.com
Hi devs,
I've been investigating Apache Tomcat within my Bach
Michael Osipov wrote:
Mark Thomas wrote:
We do occasionally receive reports to the security team that provide
outputs from various security testing tools. In short, the output is
nearly always complete garbage. For example, on one occasion a handful
of XSS issues were reported all of which wer
On Tue, Apr 22, 2008 at 11:45 AM, Henri Gomez <[EMAIL PROTECTED]> wrote:
> Hi to all,
>
> Did there is plans, ideas or interest around about OSGI-fing Tomcat ?
Quotes from http://www.infoq.com/news/2008/04/springsource-app-platform
"...the SpringSource Application Platform, an application server
Mark Thomas wrote:
Michael Osipov wrote:
Security advisories are taken up by a security team [3]. Does this team
or any other group/person take any measures to assure security with
testing tools,
with a special test plan or functional requirements?
Hello Mark,
I did not expect such a quick an
Michael Osipov wrote:
Security advisories are taken up by a security team [3]. Does this team
or any other group/person take any measures to assure security with
testing tools,
with a special test plan or functional requirements?
We do occasionally receive reports to the security team that prov
Hi devs,
I've been investigating Apache Tomcat within my Bachelor's thesis
"Application
of security test tools in open source" at the Free University of Berlin
(FU Berlin) [1].
Basically, I am looking for security measures which have been taken to
prevent security leaks/vulnerabilities especially
https://issues.apache.org/bugzilla/show_bug.cgi?id=44908
--- Comment #1 from Edwin Lee <[EMAIL PROTECTED]> 2008-04-30 03:02:22 PST ---
Created an attachment (id=21885)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=21885)
WAR file to replicate issue.
--
Configure bugmail: https
https://issues.apache.org/bugzilla/show_bug.cgi?id=44908
Summary: LoggerConfigurationException Caused by session-timeout
Setting in web.xml
Product: Tomcat 4
Version: 4.1.37
Platform: PC
OS/Version: Windows XP
Statu
On Tue, 2008-04-29 at 22:28 -0400, Yoav Shapira wrote:
> On Tue, Apr 29, 2008 at 10:09 PM, Remy Maucherat <[EMAIL PROTECTED]> wrote:
> > The current build scripts are fully tested and work well. Adding
> > additional methods of building or replacing these scripts altogether
> > would only provid
Regarding HttpService - I don't think it's a good idea for tomcat.
One of the major problems with OSGI ( and we need to make sure we
don't fall
in this trap ) is the re-invention of common APIs - logging, servlet
interfaces, etc.
As a bit of background. The logging and Http Service API are fro
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The following page has been changed by JamesGoodger:
http://wiki.apache.org/tomcat/SSLWithFORMFallback
--
https://issues.apache.org/bugzilla/show_bug.cgi?id=43174
Mark Thomas <[EMAIL PROTECTED]> changed:
What|Removed |Added
Status|NEW |RESOLVED
30 matches
Mail list logo
