While its tempting to say, yeah sure let's get this fix in, my better
judgement tells me that we should wait. Nothing is ever going to be perfect
unfortunately and we could go on fixing issues forever if we really wanted
to. I haven't reviewed the patch in detail yet but not all the parts are
trivial. Christian I sent you some questions i had. And whose to say that
this fix won't lead to another issue and delay the release. Things are
"quiet" right now so I think we should move on it.
So, long story short, unless this fix is a blocker that severely prevents
usage, or not doing it now will make it impossible to do cleanly in a later
release I would say let's stick with the plan of RC1.
There is also the folks at CSIRO to consider here. Ben went to his
management and was able to get resources because we had a date we had
agreed upon. Changing that date now is not really fair so imo there should
be a very very good reason.
$0.02
On Fri, Jun 15, 2012 at 7:50 AM, Christian Mueller <[email protected]>wrote:
> Hi Andrea,
>
> Yes, imho GSIP 77 will improve the situation. Big +1 for the proposal. The
> whole new security system is a monster change and I do not want to have a
> Geoserver release with an inconsistent security system. Let us wait for
> Justins opinion, I would vote for your proposal having a beta 3.
>
> Christian
>
>
> 2012/6/15 Andrea Aime <[email protected]>
>
>> On Fri, Jun 15, 2012 at 1:05 PM, Christian Mueller <[email protected]>
>> wrote:
>> > The question is how to continue, two facts I want to point out
>> >
>> > - We cannot make a 2.2.0 release without the changes. The system would
>> not
>> > work correctly.
>> > - My next steps would be to review/complete the security documentation
>> and
>> > during this work, make a next round hardening the code.
>> >
>> >
>> > Opinions ?.
>>
>> The fact that we still need a 4400+loc patch to fix the security
>> subsystem tells me
>> whatever we release next week cannot possibly be a release candidate, but
>> at
>> best a beta3, especially since you say that a next round of hardening is
>> in
>> the plans: nothing bad about it per se, but bad that it's needed since RC
>> means
>> Release Candidate, means we believe we're done and ask the users to
>> check and eventually tell us otherwise.
>>
>> Hopefully GSIP 77 will bring some sanity into all of this.
>>
>> Btw, I have no time to review the patch, I can have a look during the
>> weekend
>> but my familiarity with the new authentication system is not enough.
>> I'll trust Justin's judgement on it unless my quick review really
>> finds some red flag.
>>
>> Cheers
>> Andrea
>>
>> --
>> Ing. Andrea Aime
>> GeoSolutions S.A.S.
>> Tech lead
>>
>> Via Poggio alle Viti 1187
>> 55054 Massarosa (LU)
>> Italy
>>
>> phone: +39 0584 962313
>> fax: +39 0584 962313
>> mob: +39 339 8844549
>>
>> http://www.geo-solutions.it
>> http://geo-solutions.blogspot.com/
>> http://www.youtube.com/user/GeoSolutionsIT
>> http://www.linkedin.com/in/andreaaime
>> http://twitter.com/geowolf
>>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Geoserver-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
>
--
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
