[undertow-dev] 2.0.30.sp1 and 2.1.0.Final?
Francisco A. Lozano
flozano at gmail.com
Mon Apr 27 13:36:52 EDT 2020
Hi,
So the SP tags are not created in the open-source repositories as a rule?
(and of course neither are binaries published in maven)?
Are you implying that RH is not releasing "SP" fixes in 2.0.X as
open-source in the normal repos?
If that is the case, I'd like to understand fully what is the policy for
releasing bug-fixes, security fixes and such. Is there any document that
explains such policy? I have built stuff that right now depends on 2.0.X,
as many others I guess, based in (wrong?) assumptions about the open-ness
of this project.
br,
Francisco A. Lozano
El lun., 27 abr. 2020 a las 17:49, Flavia Rainone (<frainone at redhat.com>)
escribió:
> Hi Francisco
>
> The SP tags are done in Red Hat internal product repositories.
>
> The 2.1.0.Final? is uploaded to the github.repo.
>
> Regards,
> Flavia
>
> On Wed, Apr 22, 2020 at 9:59 AM Francisco A. Lozano <flozano at gmail.com>
> wrote:
>
>> Hi,
>> With regard to https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757:
>>
>> - I can't find 2.0.30.sp1 and 2.1.0 final tags in
>> https://github.com/undertow-io/undertow .
>> - In binary form, I can find 2.1.0.Final? in maven central repository,
>> but 2.0.30.sp1 is not available there either.
>>
>> Francisco A. Lozano
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>
>
> --
>
> Flavia Rainone
>
> Principal Software Engineer
>
> Red Hat <https://www.redhat.com>
>
> frainone at redhat.com
> <https://www.redhat.com>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20200427/3f53aad4/attachment.html
More information about the undertow-dev
mailing list