Jim,
Thanks for the bump.
Agony might have been more my state of mind than a good reflection of the discussion but I'll
summarize it here.
Note David Jencks comments below about how EJB security is broken in Geronimo. We know it doesn't
work and for the life of me I'm not sure why in the voluminous number of tests executed to certify
Geronimo this simple test case is not included. Nevertheless, it is a security issue and given that
we are working through some legal questions over DTDs and XSDs as the release manager I decided to
let the change in due to the fact it is a security issue.
Thanks
Jim Jagielski wrote:
Will there be a summary of the IRC discussion posted onlist?
On Aug 16, 2006, at 12:31 PM, Matt Hogstrom wrote:
After agonizing over this on IRC let's put in 2313. Close the door
and start testing.
David Jencks wrote:
GERONIMO-2313 is a fairly serious security problem: basically ejb
security is totally broken when the ejb is called from a web app.
I think this could be merged easily from the 1.1 branch into 1.1.1,
however it requires openejb changes as well.
Alan suggested that since 1.1.1 is already delayed for security
problems we might want to include this fix as well.
I think this is a good idea but wait for Matt the release manager's
approval.
thanks
david jencks
