I thought we were talking about computer programming algorithms.
Social engineering is outside the scope of the discussion on the subject of the algorithm devised in the invisible ( to API developers), network layer implementation. The scope of discussion is that the intranet is a tightly coupled comm system therefore secure by design. Imagine a couple holding each other tightly so no intruder, (third party) can come in between and interfere. Meanwhile the internet (loosely coupled) due to physical limitations could not be implemented using the same algorithm. It was left to users to work out the security which can be done using encryption (HTTPS) as one means of security. Other strategies are also available. Only the CHECKSUM was supplied as means of data integrity by the network Gods. Anybody want to talk about intraprocess (tight coupling) and Interprocess (loose coupling) ? On Sun, 28 Mar 2021, 15:39 Markus KARG, <[email protected]> wrote: > Nonsense. It is common sense that most criminal acts are spawned from > within the local network, due to social engineering. > -Markus > > > -----Ursprüngliche Nachricht----- > Von: Som Lima [mailto:[email protected]] > Gesendet: Sonntag, 28. März 2021 15:06 > An: Maven Developers List > Betreff: Re: [DISCUSS] Next release version: 3.6.4, 3.7.0, 3.8.0 or other > > > BTW there should be an option to still use unsecure http as many people > run http in their LANs. > > I could be wrong but I think the intranet is a tightly coupled comm system > therefore it is secure by design. > > > > On Sun, 28 Mar 2021, 13:31 Markus KARG, <[email protected]> wrote: > > > We should not do any tricks or unexpected behavior but just stick with > > SemVer. > > If there is a need for a security fix, it has to be 3.6.4 and BTW there > > should be an option to still use unsecure http as many people run http in > > their LANs. > > If it contains backwards-compatible features, it has to be 3.7.0. > > If it breaks backwards-compatibility, it has to be 4.0.0. > > In no case it can be 3.8.0. > > If mvnw was proposed for 3.7 but is not here now, then we either have to > > wait with 3.7.0, or we have to tell people that we move mvnw to 3.8 or > 4.0. > > I do not see a need for any discussion at all, as SemVer is pretty clear > > about the sole correct answer. > > -Markus > > > > -----Ursprüngliche Nachricht----- > > Von: Romain Manni-Bucau [mailto:[email protected]] > > Gesendet: Sonntag, 28. März 2021 11:47 > > An: Maven Developers List > > Betreff: [DISCUSS] Next release version: 3.6.4, 3.7.0, 3.8.0 or other > > > > Hi all, > > > > Before we reroll the failed 3.8.0 I'd like we discuss openly the next > > versioning since it seems we didn't reach a consensus yet and trying to > not > > create too much friction for users and in the community. > > > > As a reminder the only feature the release will get is to prevent HTTP > repo > > (in favor of HTTPS ones). In that regard it is a breaking change if users > > rely on HTTP repo but a security fix (I don't come back on the HTTP -> > > HTTPS move IT ecosystem got recently here). > > > > So it seems there are multiple versioning options: > > > > 1. 3.6.4: seems natural since it is a security fix, enables companies to > > get this fix respecting a project versioning policy without having to > > upgrade and avoids us to have to maintain 3.6 + 3.7/3.8 and soon 4.x. > > Indeed it requires a very well documented paragraph about this change and > > how to workaround it (local proxy/mirror is a trivial one for example) > but > > it will be the case whatever version we pick anyway IMHO. > > 2. 3.7.0: since it is a breaking change it can seem natural too (but has > > the pitfall to likely require a backport in 3.6 anyway, due to the > > versioning policies which can prevent some users to upgrade to a 3.7) > > 3. 3.8.0: was the vote, seems the rational was that originally we > > targetting mvnw in 3.7 and since we didn't make it 3.8 was used. Have to > > admit I'm not sure of this reasoning more than that (cause for me if we > > don't have a planned feature we can either try to push/wait for it or > > postpone it but not skip a version due to that) so if anyone wants to > > complete the reasoning here it would be great. > > > > Indeed my preference is for 3.6.4 which has the most advantages for > > everyone and no additional drawbacks compared to 3.7 or 3.8 options until > > we try to push to get mvnw in which would mean 3.7 becomes more natural > > (and likely imply a 3.6.x maintenance version). > > > > Goal of this thread is to feel the overall trend and see if we can refine > > the proposals (for example: can we drop 3.8 one and only keep 3.7 and 3.6 > > or - best - can we refine it to a single version after some exchanges). > > If we keep a few proposals after some days, what about a vote where the > > majority wins - we would just need to define how we count, > > bindings/committers/all (my preference being last one indeed)? > > > > Romain Manni-Bucau > > @rmannibucau <https://twitter.com/rmannibucau> | Blog > > <https://rmannibucau.metawerx.net/> | Old Blog > > <http://rmannibucau.wordpress.com> | Github < > > https://github.com/rmannibucau> | > > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book > > < > > > https://www.packtpub.com/application-development/java-ee-8-high-performance > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
