River Development Process
River build server
Tracking issues and changes
Handling Security -related Issues
There are three options associated with the "Security Level" field in the JIRA instance: "None" "Security risk, visible to committers" - only committers have access to the issue with this option set * "Security risk, visible to anyone" - the issue has a security risk associated with it, and the committers understand the impact. A resolution/fix has been developed.
When a potential security -related issue is identified in the River sourcebase, initial discussion on it should occur on the private PPMC list. If the person(s) who identified the issue are not on the PPMC, they should be included in the discussion.
If the issue is acknowledged as a valid security issue, a JIRA issue needs to be created with the "Security Level" field marked to "Security risk, visible to committers".
As soon as appropriate (for example, when the impact is understood and/or there is a resolution/fix developed), the "Security Level" should be changed to "Security risk, visible to anyone" and an explanation/discussion should occur in the broader River community on the river-dev list.
Developing test cases and running test suites are desired but not required prior to an integration. If unit tests are created for a change, the developer is encouraged to add them to the JIRA issue for sharing.
Each Apache River deliverable has a version number of:
The major version number will in general only be increased in case of major changes that might introduce compatibility problems or represent some fundamental improvements. The minor versions reflect the various feature releases, the last part of the version number reflects the maintenance release.
Ongoing development for the next release takes place in the
Once a release candidate is ready for a first customer release
Although ongoing development should take place in
/trunk | |-------- /branches/2.1/ | \ | \ ------- /tags/2.1.0/ | \ | \ ------- /tags/2.1.1/ | \ | |-------- /branches/2.2/ | \ | \ ------- /tags/2.2.0/ | \ | |-------- /skunk/