Vincent Massol wrote: > On Apr 2, 2009, at 12:15 PM, Lilianne E. Blaze wrote: > >> Any chance of finally including mail auth support? > > I think we already discussed this in the past and the agreement was to
Yes, and the reason given was that it required hard dependency mailsender -> core, which this patch doesn't have thanks to reflection. > write a sendmail component that would be used by the core and by the > sendmail plugin. Actually the mailsender plugin would no longer be > required and the new component could be exposed to velocity and used > directly by wiki pages instead of the mailsender plugin. There's > probably 2-3 days of work to do all this. There's just one problem - it requires much more knowledge about XWiki internals. As I already proved, I'm willing to contribute. But I'm not willing to learn the whole system just to know where a dozen-line patch would best fit. > > If someone can provide a patch that does this and respect xwiki's > coding conventions then it can be quickly applied. > > The patch you have provided Lilianne is a workaround but not a good > long term solution. I don't know about the others but I'm personally I agree, but I insist it's a must-have feature. One that should have been included from 1.0. Better a crude but trivial workaround than forcing users to set up a security hole / spam relay. It can always be replaced later when someone comes up with something better. Right now I seem to be the only one who cares. > wary of introducing too many hacks in xwiki's code base. We've I wouldn't call it a hack, it's just a trivial bridge replacing a method that's deprecated anyway. Hack implies lack of transparency, and that code couldn't be easier to understand. > actually been doing the opposite for the past 2 years (removing hacks > and cleaning up code) so this would be a step backward IMO. Please, take the issue a bit more seriously. As it is, there's no way to take a standard XWiki and make it spam-proof. Things like flexible validation mails, captchas, bad words filters, spam ip filters, they should be given very high priority, and they should work out-of-the-box, not treated as fluff. It's 2009, spammers, scammers, hackers, script kiddies everywhere. Put yourself in noob's shoes for a minute, try to set up a public-edit wiki as a typical Joe "I just want it to work" User would, you'd be ears-deep in spam as soon as it hit the google index. And don't think mail auth has nothing to do with it - I'm willing to bet half a year's income that if you randomly choose 10 hosting providers 7 of them will refuse to set up open relays, and 2 out of remaining 3 won't have any security at all. > Thanks > -Vincent Greetings, Lilianne > >> Greetings, Lilianne >> >> Vincent Massol wrote: >>> Hi devs, >>> >>> XE 1.8.1 is planned for the 6th of April (next Monday). >>> >>> I propose we plan a XE 1.8.2 two weeks after, i.e. for the 20th of >>> April. >>> >>> The goals is that it'll contain the issues planned for 1.8.1 that are >>> not finished: >>> http://tinyurl.com/cpanfc >>> >>> Again the idea is to make rendering/wysiwyg bug fixes and >>> improvements >>> available to our users ASAP. >>> >>> Here's my +1 >>> >>> Thanks >>> -Vincent > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > > _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
