[Building Sakai] Proposal: upgrade dependency versions in 1.0 kernel
David Horwitz
david.horwitz at uct.ac.za
Mon May 10 08:37:46 PDT 2010
See bellow
On 05/10/2010 05:07 PM, Matthew Buckett wrote:
> On 10 May 2010 13:43, David Horwitz <david.horwitz at uct.ac.za> wrote:
>
>> For the 2.7 release a number of kernel dependencies where upgraded some
>> time ago. Testing of 2.7 has indicated that these all seem safe. The
>> list can be seen here:
>>
>> http://jira.sakaiproject.org/browse/KNL-105
>>
>> an includes:
>> hibernate
>> spring
>> javax.mail
>>
> I think this broke some stuff in UserDirectoryService (MimeEncode.base64()).
>
>
There's a patch for uds in the issue linked to the javax upgrade - that
would be added at the same time.
>> cglib
>> commons-lang
>> commons-fileupload
>> commons-logging
>>
>> I would suggest that these now be applied to the 1.0.x kernel series for
>> 2.6, with the exception of the spring upgrade. Any objections?
>>
> To me this is a risk without any clear benefits. I would be happy for
> the versions in the 2.6.x to remain the same so that there aren't any
> surprises for people running the stable software.
>
> If there is a bug in one of the libs which affects Sakai that can only
> simply be fixed by upgrading then it would seems the sensible route to
> upgrade that lib to the newer version.
>
>
There have definitely been people affected by bugs in some of these
libraries and a number have performance issues). In the past we have
been badly stung by not updating these. Notably in a file upload bug
that caused the jvm to consume all system resources. Im proposing this
because I believe now the risk is small enough (based on the 2.7 testing
and close on 6months of local production use) that this is outwayed by
the possible gains in subtle bugs, egde cases and performance issues.
D
More information about the sakai-dev
mailing list