Hi Jacques, also inline...
Am 13.02.20 um 08:50 schrieb Jacques Le Roux:
Jacques,as I said, this is a huge patch which spreads over many functionalies in the codebase.It was submitted yesterday and got committed on the same day without enough time for others to review and test.You confuse, the commit you speak about was only to complete one missing instance, spotted by Pierre Smits, in the commit done one month ago.
Yes, I confused the date (Jan vs. Feb, time goes by too quick).I speak of the commits towards https://issues.apache.org/jira/browse/OFBIZ-11317. The issue was created and on the same day it was committed. It was not yesterday but the timeline between submit and commit is the same.
Since then James and I work on OFBIZ-11306 (and not OFBIZ-11316 as written below) without any issues related to OFBIZ-11317 on which OFBIZ-11306 depends upon.Actually we are working on it for 2 months. Only one month ago I suggested to James to extract this part.You even acknowledged that you did not test.Of course I test, everyday for a month with OFBIZ-11306
I was refering to https://issues.apache.org/jira/browse/OFBIZ-11317?focusedCommentId=17013724&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17013724
Together with the above confusion it raised an alarm for me.
How can this be considered as a valid base for a security fix without in-depth testing?I think you got it answered
Thank you Jacques. I did not mean to question the work in general, just being sensible to quick commits. I already layed out my motives in other dev threads.
I suggest to provide the OFBIZ-11306 patch once you and James think you are finished for others to review.
I'll have some questions towards OFBIZ-11317 also but I need time to dig deeper.
Thanks, Michael Brohl ecomify GmbH - www.ecomify.de
smime.p7s
Description: S/MIME Cryptographic Signature
