Re: Backport OFBIZ-11317

Thu, 13 Feb 2020 02:45:13 -0800 

Le 13/02/2020 à 09:31, Michael Brohl a écrit :

Hi Jacques,

also inline...

Am 13.02.20 um 08:50 schrieb Jacques Le Roux:

Jacques,


as I said, this is a huge patch which spreads over many functionalies in the 
codebase.
It was submitted yesterday and got committed on the same day without enough time for others to review and test. 

You confuse, the commit you speak about was only to complete one missing 
instance, spotted by Pierre Smits, in the commit done one month ago.



Yes, I confused the date (Jan vs. Feb, time goes by too quick).
I speak of the commits towards https://issues.apache.org/jira/browse/OFBIZ-11317. The issue was created and on the same day it was committed. It was not yesterday but the timeline between submit and commit is the same. 

I don't want to argue too much about that, so I hope it will be the end of this 
exchange. You are right about the Jira and commit moment, they are same.

But I see 2 points here:

 * It's something you can review in ½ a hour, if not even the "famous" 10 
minutes. You can even use a regexp to help you...
 * These changes were present exactly the same for a month in OFBIZ-11306
So I did not and still don't see any reasons to delay the commit (the backports were straightforward). We can't wait for everybody to valid a such simple commit. For such commits CTR[1] is appropriate, and so far we use CTR. 

[1] https://www.apache.org/foundation/glossary.html#CommitThenReview




How can this be considered as a valid base for a security fix without in-depth 
testing?


I think you got it answered
Thank you Jacques. I did not mean to question the work in general, just being sensible to quick commits. I already layed out my motives in other dev threads.
Yes, sometimes we must be careful. It's not the case here, and there will other such cases. We don't need to rehearse the same tune everytime, else the project will be really stale ;) 




I suggest to provide the OFBIZ-11306 patch once you and James think you are 
finished for others to review.
Sure, that's what we have planned. We will need all available eyeballs to review and hands to test! This said don't refrain (not particularly you Michael) to begin to review and as the work is going on. There are still some edges to smooth but it's pretty stable now. 




I'll have some questions towards OFBIZ-11317 also but I need time to dig deeper.


Sure, shoot :)

Jacques



Thanks,

Michael Brohl

ecomify GmbH - www.ecomify.de

Reply via email to