Hi all, I have a couple of questions regarding continuum's webapp. I've
been looking through jira and haven't found these issues tackled.
1. Is it just me or permissions are not checked when adding/removing
projects? If I log in, copy the url for deleting a project and then
logout, it seems that I can delete the project anyways. After going
through the sources, I didn't find where permissions are checked.
2. What is the use of parsing the pom when introducing a new maven1
project? IMHO the pom should be parsed after checkout. This would allow
building projects which extend from others if the extension project is
included first. Maybe it would be useful to specify the relative url of
the pom when the checkout is performed. IMO all you need to build a
maven project is the scm connection url and parameters and the relative
url to the pom.
3. Isn't the scm password stored as clear text on the db? Usually this
is a unix user/password from the scm machine... I would consider making
a certificate for ssh connection or something like that. Then the public
key for the user could be available for download and put in the scm machine.
Obviestly I am willing to contribute with patches on these issues if
they are welcome. I didn't want to open tickets just yet as it is my
first approach to continuum...
Anyways, I think Continuum is a very nice tool that could be really made
into a monster! Thanks a lot for the effort!
Thank you for your attention
nacho
