Hi,
So the SP tags are not created in the open-source repositories as a rule?
(and of course neither are binaries published in maven)?
Are you implying that RH is not releasing "SP" fixes in 2.0.X as
open-source in the normal repos?
If that is the case, I'd like to understand fully what is the policy for
releasing bug-fixes, security fixes and such. Is there any document that
explains such policy? I have built stuff that right now depends on 2.0.X,
as many others I guess, based in (wrong?) assumptions about the open-ness
of this project.
br,
Francisco A. Lozano
El lun., 27 abr. 2020 a las 17:49, Flavia Rainone (<frainone(a)redhat.com>)
escribió:
Hi Francisco
The SP tags are done in Red Hat internal product repositories.
The 2.1.0.Final? is uploaded to the github.repo.
Regards,
Flavia
On Wed, Apr 22, 2020 at 9:59 AM Francisco A. Lozano <flozano(a)gmail.com>
wrote:
> Hi,
> With regard to
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757:
>
> - I can't find 2.0.30.sp1 and 2.1.0 final tags in
>
https://github.com/undertow-io/undertow .
> - In binary form, I can find 2.1.0.Final? in maven central repository,
> but 2.0.30.sp1 is not available there either.
>
> Francisco A. Lozano
> _______________________________________________
> undertow-dev mailing list
> undertow-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/undertow-dev
>
--
Flavia Rainone
Principal Software Engineer
Red Hat <
https://www.redhat.com>
frainone(a)redhat.com
<
https://www.redhat.com>