Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [microprofile-wg] [BALLOT] MicroProfile LRA 2.0 Specification Release Review - VOTE by March 2 (two weeks)
0 (iJUG)

Why:
I don't want to block the LRA 2.0 release in general.
There are findings in the review, some need to be solved outside of this specification first and do not affect LRA alone:

- Michael found the missing images in the HTML version (good catch by the way) already - need to be fixed in the MP Parent.
- The missing release notes entry for the 2.0 release - this is a very nice to have, but not a requirement in general.
- The references in the spec for JAX-RS instead of Jakarta RESTful Web Services - this was part of the change between the Java/Jakarta EE 8 and Jakarta EE 9 - so this should have been fixed, as it's current referenced name means a version in the old namespace. Of course this is not consequently enforced elsewhere too. As this spec name will be changed in the future to simply Jakarta REST a solution could be to reference the current full name in the spec documents begin and introduce the (new) short name for further use in the spec document.
- Security issues, that need to be fixed in the MP Parent.

@Roberto: Yes, https://github.com/eclipse/microprofile/pull/300 covers my security concerns partly, the remaining part can be found here:
https://bugs.eclipse.org/bugs/show_bug.cgi

In general, I think, when there are findings during the review it's not bad and quite usual during QA - then there is a chance fixing them before the release and improve the quality.

I can offer my support in fixing the MP Parent part (or other issues).

Thanks & best,
Jan

Am 01.03.23 um 18:29 schrieb Roberto Cortez via microprofile-wg:
Hi,

Hi Michael and Jan,

Thanks for the review.

Jan, the security issues you refer to are in https://github.com/eclipse/microprofile/pull/300, correct? In my opinion, these do not affect the API JAR directly (which the users consume), so it should be fine to release it as is. Of course, I agree that we should bump the parent version. We are happy to do it in a 2.0.1 right after we get this done, or if we don’t get the ballot to pass, we reroll with the fixes in.

We are still waiting for the following members to vote:

- Atlanta JUG
- IBM
- Tomitribe
- iJUG
- Microsoft
- Primeton
- Payara

Please cast your vote as soon as possible. The ballot closes tomorrow.

Thank you!

Cheers
Roberto

On 1 Mar 2023, at 12:42, Jan Westerkamp <jan.westerkamp@xxxxxxx> wrote:

Hi Michael,
I think his behaviour of missing parts in the HTML spec document is because in the MicroProfile Parent's "asciidoc" profile these additional resources are not exported to the Maven repository.

This affects images here, but is a general problem for the HTML version of documents, as additional resources like images, css files and fonts, that are referenced by relative paths to the root document, not get pushed by the current versions of MicroProfile Parent.

We need to fix this.


Additional findings from my side so far:
In the LRA 2.0 spec document there is no release notes section for 2.0 - this is not a requirement, but really helps reviewers ;-)
In the Spec document, JAX-RS is referenced which is the old (protected) spec name, not Jakarta RESTful Web Services (hopefully soon called Jakarta REST simply).
I have findings regarding MicroProfile Parent, Maven related to vulnerabilities (I reported some of them in vulnerability process already). Should we fix them first?

I really like this specification, but I have strong concerns releasing a version with known (security) issues...
Any thoughts regrading this?

Best,
Jan


Am 26.02.23 um 12:40 schrieb Michael Redlich:
+1 (Garden State JUG)

I wanted to mention that the images in the HTML version of the specification aren't rendered, but they are rendered in the PDF version.  I've noticed this behavior with AsciiDoctor, but haven't yet determined why.

Mike.

On Thu, Feb 16, 2023 at 8:45 AM Roberto Cortez via microprofile-wg <microprofile-wg@xxxxxxxxxxx> wrote:
To approve and ratify the Release Review of MicroProfile LRA 2.0 Specification, the Steering Committee Representatives vote is requested. Please respond with +1 (positive), 0 (abstain), or -1 (reject). Any feedback that you can provide to support your vote will be appreciated. 

The MicroProfile Specification Process requires the Specification Committee and the Community to provide feedback during the approval process using the relevant documents:


This ballot will last fourteen days, ending on Thursday, March 2nd. The ballot requires a Super-majority positive vote of the Steering Committee members. There is no veto. Community input and Community votes are welcomed. However, only the votes delivered by Steering Committee Representatives will be counted.

--
Thank you
Roberto Cortez, on behalf of the MicroProfile Steering Committee
_______________________________________________
microprofile-wg mailing list
microprofile-wg@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/microprofile-wg


--
Code, TestWrite, Cycle, Run, Drink, Sleep ... Repeat
Lead Java Queue Editor, InfoQ

Laissez Les Bon Temps Rouler

_______________________________________________
microprofile-wg mailing list
microprofile-wg@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/microprofile-wg


_______________________________________________
microprofile-wg mailing list
microprofile-wg@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/microprofile-wg


_______________________________________________
microprofile-wg mailing list
microprofile-wg@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/microprofile-wg


Back to the top