July 2017 - jbosstools-issues - Jboss List Archives

[JBoss JIRA] (JBIDE-24642) Please include sha256 checksums in announcements

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24642?page=com.atlassian.jira.plugi... ] Nick Boldt commented on JBIDE-24642: ------------------------------------ Do you mean the announcements like this one should list the SHAs? http://lists.jboss.org/pipermail/jbosstools-dev/2017-June/011998.html Or are you talking about adding SHAs to the blog posts such as this? http://tools.jboss.org/blog/4.5.0.am1-for-oxygen.0.html We could also hard-code the SHA values into the download page, rather than linking to them: http://tools.jboss.org/downloads/jbosstools/oxygen/4.5.0.AM1.html#zips [~jeffmaury] WDYT? > Please include sha256 checksums in announcements > ------------------------------------------------ > > Key: JBIDE-24642 > URL: https://issues.jboss.org/browse/JBIDE-24642 > Project: Tools (JBoss Tools) > Issue Type: Feature Request > Components: build > Reporter: Jesper Skov > Assignee: Nick Boldt > Fix For: LATER > > > I would like to be able to verify checksums on downloaded JBoss artifacts - both EAP and eclipse-related binaries. > Or even better, verify a signature. > Today, when I want to use a JBossTools release, I would download > http://download.jboss.org/jbosstools/static/oxygen/development/updates/co... > And my only opportunity to verify the file is by downloading the sha256 file that lies next to it: > http://download.jboss.org/jbosstools/static/oxygen/development/updates/co... > If a hacker manages to replace the updatesite archive with compromised files, I assume they will have the brains to also update the checksum file next to it. > So the current checksum can really only be used to verify the integrity of the downloaded file. > Not that its contents is untampered. > If the jar-files in the archive were signed, it would be less of an issue... > Signed artifacts would be best. But would probably take some effort to put in place. > A simpler remedy would be to include the checksums in the announcement. This would give an additional factor of security for those who care about that. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24379) javaee tests failing for linux, windows and osx

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24379?page=com.atlassian.jira.plugi... ] Nick Boldt updated JBIDE-24379: ------------------------------- Fix Version/s: 4.5.0.AM2 (was: 4.5.x) > javaee tests failing for linux, windows and osx > ----------------------------------------------- > > Key: JBIDE-24379 > URL: https://issues.jboss.org/browse/JBIDE-24379 > Project: Tools (JBoss Tools) > Issue Type: Bug > Components: batch, jsf, seam2 > Affects Versions: 4.5.0.AM1 > Reporter: Nick Boldt > Assignee: Dmitrii Bocharov > Priority: Blocker > Fix For: 4.5.0.AM2 > > Attachments: javaee-test-failures.png, javaee-test-failures_last_pass_jan26.png, javaee-tests-failing.png > > > JavaEE tests have been failing for months. > Please investigate. > https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstud... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24379) javaee tests failing for linux, windows and osx

by Dmitrii Bocharov (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24379?page=com.atlassian.jira.plugi... ] Dmitrii Bocharov updated JBIDE-24379: ------------------------------------- Sprint: devex #134 Jun 2017 > javaee tests failing for linux, windows and osx > ----------------------------------------------- > > Key: JBIDE-24379 > URL: https://issues.jboss.org/browse/JBIDE-24379 > Project: Tools (JBoss Tools) > Issue Type: Bug > Components: batch, jsf, seam2 > Affects Versions: 4.5.0.AM1 > Reporter: Nick Boldt > Assignee: Dmitrii Bocharov > Priority: Blocker > Fix For: 4.5.x > > Attachments: javaee-test-failures.png, javaee-test-failures_last_pass_jan26.png, javaee-tests-failing.png > > > JavaEE tests have been failing for months. > Please investigate. > https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstud... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24379) javaee tests failing for linux, windows and osx

by Dmitrii Bocharov (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24379?page=com.atlassian.jira.plugi... ] Dmitrii Bocharov reassigned JBIDE-24379: ---------------------------------------- Assignee: Dmitrii Bocharov (was: Jeff MAURY) > javaee tests failing for linux, windows and osx > ----------------------------------------------- > > Key: JBIDE-24379 > URL: https://issues.jboss.org/browse/JBIDE-24379 > Project: Tools (JBoss Tools) > Issue Type: Bug > Components: batch, jsf, seam2 > Affects Versions: 4.5.0.AM1 > Reporter: Nick Boldt > Assignee: Dmitrii Bocharov > Priority: Blocker > Fix For: 4.5.x > > Attachments: javaee-test-failures.png, javaee-test-failures_last_pass_jan26.png, javaee-tests-failing.png > > > JavaEE tests have been failing for months. > Please investigate. > https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstud... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-9356) NLS.bind vs MessageFormat.format

by Jeff MAURY (JIRA)

[ https://issues.jboss.org/browse/JBIDE-9356?page=com.atlassian.jira.plugin... ] Jeff MAURY closed JBIDE-9356. ----------------------------- Resolution: Rejected > NLS.bind vs MessageFormat.format > -------------------------------- > > Key: JBIDE-9356 > URL: https://issues.jboss.org/browse/JBIDE-9356 > Project: Tools (JBoss Tools) > Issue Type: Task > Components: cleanup > Affects Versions: 3.3.0.M3 > Reporter: Rob Stryker > Assignee: Jeff MAURY > Fix For: 4.5.0.AM1, 4.0.x > > > A substantial number of classes use NLS.bind(Messages.SomeString, name) to bind message strings. Another subset of the classes use MessageFormat.format(etc). > I believe NLS.bind() is the correct solution which works properly with eclipse osgi and all that jazz. Should this be standardized? Is it confusing to be using two interchangable APIs? -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24642) Please include sha256 checksums in announcements

by Jeff MAURY (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24642?page=com.atlassian.jira.plugi... ] Jeff MAURY updated JBIDE-24642: ------------------------------- Component/s: build > Please include sha256 checksums in announcements > ------------------------------------------------ > > Key: JBIDE-24642 > URL: https://issues.jboss.org/browse/JBIDE-24642 > Project: Tools (JBoss Tools) > Issue Type: Feature Request > Components: build > Reporter: Jesper Skov > Fix For: LATER > > > I would like to be able to verify checksums on downloaded JBoss artifacts - both EAP and eclipse-related binaries. > Or even better, verify a signature. > Today, when I want to use a JBossTools release, I would download > http://download.jboss.org/jbosstools/static/oxygen/development/updates/co... > And my only opportunity to verify the file is by downloading the sha256 file that lies next to it: > http://download.jboss.org/jbosstools/static/oxygen/development/updates/co... > If a hacker manages to replace the updatesite archive with compromised files, I assume they will have the brains to also update the checksum file next to it. > So the current checksum can really only be used to verify the integrity of the downloaded file. > Not that its contents is untampered. > If the jar-files in the archive were signed, it would be less of an issue... > Signed artifacts would be best. But would probably take some effort to put in place. > A simpler remedy would be to include the checksums in the announcement. This would give an additional factor of security for those who care about that. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24642) Please include sha256 checksums in announcements

by Jeff MAURY (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24642?page=com.atlassian.jira.plugi... ] Jeff MAURY updated JBIDE-24642: ------------------------------- Fix Version/s: LATER > Please include sha256 checksums in announcements > ------------------------------------------------ > > Key: JBIDE-24642 > URL: https://issues.jboss.org/browse/JBIDE-24642 > Project: Tools (JBoss Tools) > Issue Type: Feature Request > Components: build > Reporter: Jesper Skov > Fix For: LATER > > > I would like to be able to verify checksums on downloaded JBoss artifacts - both EAP and eclipse-related binaries. > Or even better, verify a signature. > Today, when I want to use a JBossTools release, I would download > http://download.jboss.org/jbosstools/static/oxygen/development/updates/co... > And my only opportunity to verify the file is by downloading the sha256 file that lies next to it: > http://download.jboss.org/jbosstools/static/oxygen/development/updates/co... > If a hacker manages to replace the updatesite archive with compromised files, I assume they will have the brains to also update the checksum file next to it. > So the current checksum can really only be used to verify the integrity of the downloaded file. > Not that its contents is untampered. > If the jar-files in the archive were signed, it would be less of an issue... > Signed artifacts would be best. But would probably take some effort to put in place. > A simpler remedy would be to include the checksums in the announcement. This would give an additional factor of security for those who care about that. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24642) Please include sha256 checksums in announcements

by Jeff MAURY (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24642?page=com.atlassian.jira.plugi... ] Jeff MAURY reassigned JBIDE-24642: ---------------------------------- Assignee: Nick Boldt > Please include sha256 checksums in announcements > ------------------------------------------------ > > Key: JBIDE-24642 > URL: https://issues.jboss.org/browse/JBIDE-24642 > Project: Tools (JBoss Tools) > Issue Type: Feature Request > Components: build > Reporter: Jesper Skov > Assignee: Nick Boldt > Fix For: LATER > > > I would like to be able to verify checksums on downloaded JBoss artifacts - both EAP and eclipse-related binaries. > Or even better, verify a signature. > Today, when I want to use a JBossTools release, I would download > http://download.jboss.org/jbosstools/static/oxygen/development/updates/co... > And my only opportunity to verify the file is by downloading the sha256 file that lies next to it: > http://download.jboss.org/jbosstools/static/oxygen/development/updates/co... > If a hacker manages to replace the updatesite archive with compromised files, I assume they will have the brains to also update the checksum file next to it. > So the current checksum can really only be used to verify the integrity of the downloaded file. > Not that its contents is untampered. > If the jar-files in the archive were signed, it would be less of an issue... > Signed artifacts would be best. But would probably take some effort to put in place. > A simpler remedy would be to include the checksums in the announcement. This would give an additional factor of security for those who care about that. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24645) openshift prcheck job is sometimes failing (not able to start CDK)

by Radim Hopp (JIRA)

Radim Hopp created JBIDE-24645: ---------------------------------- Summary: openshift prcheck job is sometimes failing (not able to start CDK) Key: JBIDE-24645 URL: https://issues.jboss.org/browse/JBIDE-24645 Project: Tools (JBoss Tools) Issue Type: Bug Components: integration-tests, openshift Affects Versions: 4.5.0.AM1 Reporter: Radim Hopp Assignee: Ondrej Dockal Fix For: 4.5.0.AM2 Attachments: prcheck-output.txt openshift.prcheck job is sometimes failing due to minishifft not being able to start: https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job... (output also as attachment) -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24644) Maven dependency resolution through "LATEST" and "RELEASE" version labels using "KieServices.newKieContainer(ReleaseId releaseId)" method fails

by Pyit Phyo Aung (JIRA)

Pyit Phyo Aung created JBIDE-24644: -------------------------------------- Summary: Maven dependency resolution through "LATEST" and "RELEASE" version labels using "KieServices.newKieContainer(ReleaseId releaseId)" method fails Key: JBIDE-24644 URL: https://issues.jboss.org/browse/JBIDE-24644 Project: Tools (JBoss Tools) Issue Type: Bug Components: drools Affects Versions: LATER Environment: OS: macOS Sierra (10.12.5) Hardware: MacBook Pro (13-inch, 2017) Reporter: Pyit Phyo Aung Assignee: Kris Verlaenen Priority: Minor I tried to use KieScanner for automatic business rule deployment through kjar modules setup in private maven repository. For that, I tried to specify getting latest kjar modules using "LATEST" and "RELEASE" version labels. They failed for three drools versions I tried (6.5.0.Final, 7.0.0.Final and 7.1.0.Beta3). However, when I tried open-ended version label, solution works. So, I believe that there is issue in dependency resolution related to KieContainer through KieServices.newKieContainer(ReleaseId releaseId) method. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 9 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbosstools-issues July 2017