Just to follow-up on this issue in this
mailing list, it was decided in 3/6 status meeting, there was no need to
have a new zip on the download site for this issue,
but I have saved a copy of RC3 on archive
site, which as same content in zip files as final R build, just different
labels (and, not signed).
From:
David M Williams/Raleigh/IBM@IBMUS
To:
wtp-dev@xxxxxxxxxxx
Date:
03/06/2008 12:06 PM
Subject:
[wtp-dev] Status meeting topic: signed
jars in 2.0.2 R build
I wanted to give some advance notice of an issue with the 202 build --
to be discussed at this afternoon's status meeting.
Yesterday I discovered a I made a mistake in the final 202 build for our
download site. The changes I had been making to sign jars for 3.0 stream
"leaked" over into the final 2.0.2 build. See bug (bug
221450).
While signed jars should not cause any functional difference, there is
a risk of subtle performance issues and is a larger change than we'd normally
want to make in a maintenance release.
Given the order of events, the jars on update sight are not signed, the
jars in the EPP package are not signed (they are pulled from update site)
.... only the jars in the final zip for the "R" build got signed.
So ... what to do? I see the options are:
A. Do nothing. Assume the best -- that there are no huge problems
with signed jars, and installing from update site or EPP Package will dominate
and/or provide a work around if issues found.
B. Respin a 202B that is just like 202 but with the signing flag correctly
turned off. And simply replace the current 202 R build with this 202B R
build. In this re-build, all the jars will have the exact same version
numbers as the 202 build. If we do this one, we should also re-smoke-test
that final 202B build just as a sanity check, so it is more work.
I think this is mostly driven by "what do adopters want" -- do
adopters rely on our zips, or our update site jars? Do signed jars concern
them? So will look forward to suggestions.
While not much notice, I'm hoping this note will lead to a decision at
status meeting. If more time is needed, that's fine ... just wanted to
make people aware and get the discussion started.