0.9.5 release?

[bbcooper]

Hello,

I've just joined the group. I believe this was asked before,
but...when will 0.9.5 be released? It is holding back the release of
spring-security with included Attribute Exchange. See
http://jira.springframework.org/browse/SEC-935.

Regards,
Borut

[Sutra Zhou]

+1

2009/1/24 bbcooper <borut....@gmail.com>

[Johnny Bufu]

Hello everyone,

Apologies for the delays in getting a new release ready. There were a
number of recurring issues reported by openid4java users, and I wanted
them addressed before packaging a new release. These are:

a) the number of dependencies
b) the (outdated) version of some of the dependencies, and conflicts in
newer deployments
c) deployment of endorsed libraries

The latest patches of last week allow us to address all of these:
- openid4java has its own XRDS parser now
- the XRI local resolver was factored out into its own class
- there's now a proxy XRI resolver as well

The LocalXRIResolver is the only piece that depends on the openxri
library. Thus, openid4java can be packaged and distributed in (at least)
two flavors:

1) a significantly lighter one (using the proxy XRI resolver)
2) another one with the LocalXRIResolver and the openxri and the rest of
the required dependencies

The downside is that the code in the latest changes is fresh, and hasn't
seen enough real-world testing.

What would everyone prefer at this time?
- A fairly stable release of, say, some weeks ago, or
- A new release as outlined above, or
- both options?

Thanks,
Johnny

[Mingfai]

how about releasing the new stuff as 0.9.5 beta?

if you have a release, more people will help to test and find out problems.

[Borut Bolčina]

Hi,

we are using 0.9.5-SNAPSHOT extensively. Releasing 0.9.5 will help including it into spring security. The sooner you release, the sooner it will be included and therefore the code will have wider usage and the chance to test it. You can always release 0.9.6 which is, by definition, a bug fix release. Releases should happen often as SNAPSHOTS don't get included in end customers products.

My vote: go with the new release.

Can you point out the functionality we should test or look out for?

Regards,
Borut

2009/1/31 Johnny Bufu <johnn...@gmail.com>

[Andreas Motl]

Hi there,

this is the same problem we are facing. We already have some patches
ready to support Grails with Attribute Exchange (on top of the Spring
Security Plugin), which are still waiting for a new official
OpenID4Java release to be made, see GRAILSPLUGINS-948 [1] and SEC-935
[2], like bbcooper already pointed out.

Latest patches, an easy tutorial to get started and further
information can now be found at http://myhpi.de/~andreas.motl/openid4grails/

We are currently using openid4java-0.9.5-SNAPSHOT-503.jar [3]
successfully to make this happen (via enhanced Spring Security 2.0.4).

My vote: Skip the new stuff, and do a release of the formerly fairly
stable code (first option). Then we would have a 0.9.5 release
featuring the required functionality, while a 0.9.6 release could
follow soon addressing the dependency issues you pointed out.

Otherwise, if you would favor the second option: Could you provide a
snapshot release of a version using the brand new code for testing?

Cheers,
Andreas.

[1] http://jira.codehaus.org/browse/GRAILSPLUGINS-948
[2] http://jira.springframework.org/browse/SEC-935
[3] https://m2proxy.atlassian.com/repository/public/org/openid4java/openid4java/0.9.5-SNAPSHOT-503/openid4java-0.9.5-SNAPSHOT-503.jar

On 31 Jan., 08:26, Borut Bolčina <borut.bolc...@gmail.com> wrote:
> Hi,
>
> we are using 0.9.5-SNAPSHOT extensively. Releasing 0.9.5 will help including
> it into spring security. The sooner you release, the sooner it will be
> included and therefore the code will have wider usage and the chance to test
> it. You can always release 0.9.6 which is, by definition, a bug fix release.
> Releases should happen often as SNAPSHOTS don't get included in end
> customers products.
>
> My vote: go with the new release.
>
> Can you point out the functionality we should test or look out for?
>
> Regards,
> Borut
>

> 2009/1/31 Johnny Bufu <johnny.b...@gmail.com>

> > Johnny- Zitierten Text ausblenden -
>
> - Zitierten Text anzeigen -

[maticpetek]

One more vote for "A fairly stable release".

[ldeck]

Hi John,

(just joined) any movement on this?

On Jan 31, 3:50 pm, Johnny Bufu <johnny.b...@gmail.com> wrote:
> Hello everyone,
>

> Apologies for the delays in getting a newreleaseready. There were a

> number of recurring issues reported by openid4java users, and I wanted

> them addressed before packaging a newrelease. These are:

>
> a) the number of dependencies
> b) the (outdated) version of some of the dependencies, and conflicts in
> newer deployments
> c) deployment of endorsed libraries
>
> The latest patches of last week allow us to address all of these:
> - openid4java has its own XRDS parser now
> - the XRI local resolver was factored out into its own class
> - there's now a proxy XRI resolver as well
>
> The LocalXRIResolver is the only piece that depends on the openxri
> library. Thus, openid4java can be packaged and distributed in (at least)
> two flavors:
>
> 1) a significantly lighter one (using the proxy XRI resolver)
> 2) another one with the LocalXRIResolver and the openxri and the rest of
> the required dependencies
>
> The downside is that the code in the latest changes is fresh, and hasn't
> seen enough real-world testing.
>
> What would everyone prefer at this time?

> - A fairly stablereleaseof, say, some weeks ago, or
> - A newreleaseas outlined above, or