Re: [VOTE] Create a "notifications" mailing list

2016-07-24 Thread Deepak Dixit 
+1

Thanks & Regards
--
Deepak Dixit
www.hotwaxsystems.com

On Mon, Jul 25, 2016 at 9:31 AM, Ashish Vijaywargiya <
ashish.vijaywarg...@hotwaxsystems.com> wrote:

> +1
>
> --
> Kind Regards
> Ashish Vijaywargiya
> HotWax Systems - est. 1997
>
>
> On Sun, Jul 24, 2016 at 6:29 PM, Jacopo Cappellato <
> jacopo.cappell...@hotwaxsystems.com> wrote:
>
> > Rationale: Jira notifications are currently sent to the "dev" list,
> causing
> > a lot of traffic and sometimes distracting from actual conversations; the
> > creation of a "notification" email (similar to the "commits" mailing
> list)
> > will solve this problem; in the future we may vote to use the
> > "notification" list to host traffic coming from buildbot etc... thus the
> > proposal for naming it "notifications" rather than just "issues"; however
> > this vote is only about traffic from Jira (we will discuss if we want to
> > extend the usage of this list in the future).
> >
> > Please vote,
> >
> > +1
> >
> > to create a "notifications" mailing list (i.e.
> > notificati...@ofbiz.apache.org) and redirect to it all the traffic
> coming
> > from Jira notifications.
> >
> > Otherwise vote -1 to continue to use the "dev" list for Jira
> notifications.
> >
>

Re: [VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread Deepak Dixit 
+1

Thanks & Regards
--
Deepak Dixit
www.hotwaxsystems.com

On Mon, Jul 25, 2016 at 10:08 AM, Scott Gray 
wrote:

> Do we actually need a separate mailing list, or should it just forward to
> private@?
>
> Regards
> Scott
>
> On 25 July 2016 at 15:58, Ashish Vijaywargiya <
> ashish.vijaywarg...@hotwaxsystems.com> wrote:
>
> > +1
> >
> > --
> > Kind Regards
> > Ashish Vijaywargiya
> > HotWax Systems - est. 1997
> >
> >
> > On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
> > jacopo.cappell...@hotwaxsystems.com> wrote:
> >
> > > Rationale: every ASF project needs a private list to discuss product
> > > vulnerabilities; for OFBiz the "private" list has been used for this
> > > purpose until now; however an ad-hoc list may be useful because it
> could
> > > provide a more focused space to discuss the security issues and could
> > > provide more flexibility to invite in the private list persons willing
> to
> > > help that are trusted by the PMC.
> > >
> > > Please vote,
> > >
> > > +1
> > >
> > > to create a "security" list (i.e. secur...@ofbiz.apache.org) and move
> > all
> > > the security related discussions and notifications currently happening
> on
> > > the private list to this new list: according to the ASF policies [*]
> the
> > > list will be a private list used by the persons willing to help to
> > resolve
> > > security issues; the list of subscribers will be approved by the OFBiz
> > PMC.
> > >
> > > Otherwise vote -1 to continue to use the "private" mailing list for
> > > vulnerability handling.
> > >
> > > [*] http://www.apache.org/security/
> > >
> >
>

Re: [VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread Scott Gray 
Do we actually need a separate mailing list, or should it just forward to
private@?

Regards
Scott

On 25 July 2016 at 15:58, Ashish Vijaywargiya <
ashish.vijaywarg...@hotwaxsystems.com> wrote:

> +1
>
> --
> Kind Regards
> Ashish Vijaywargiya
> HotWax Systems - est. 1997
>
>
> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
> jacopo.cappell...@hotwaxsystems.com> wrote:
>
> > Rationale: every ASF project needs a private list to discuss product
> > vulnerabilities; for OFBiz the "private" list has been used for this
> > purpose until now; however an ad-hoc list may be useful because it could
> > provide a more focused space to discuss the security issues and could
> > provide more flexibility to invite in the private list persons willing to
> > help that are trusted by the PMC.
> >
> > Please vote,
> >
> > +1
> >
> > to create a "security" list (i.e. secur...@ofbiz.apache.org) and move
> all
> > the security related discussions and notifications currently happening on
> > the private list to this new list: according to the ASF policies [*] the
> > list will be a private list used by the persons willing to help to
> resolve
> > security issues; the list of subscribers will be approved by the OFBiz
> PMC.
> >
> > Otherwise vote -1 to continue to use the "private" mailing list for
> > vulnerability handling.
> >
> > [*] http://www.apache.org/security/
> >
>

Re: [VOTE] Create a "notifications" mailing list

2016-07-24 Thread Ashish Vijaywargiya 
+1

--
Kind Regards
Ashish Vijaywargiya
HotWax Systems - est. 1997


On Sun, Jul 24, 2016 at 6:29 PM, Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com> wrote:

> Rationale: Jira notifications are currently sent to the "dev" list, causing
> a lot of traffic and sometimes distracting from actual conversations; the
> creation of a "notification" email (similar to the "commits" mailing list)
> will solve this problem; in the future we may vote to use the
> "notification" list to host traffic coming from buildbot etc... thus the
> proposal for naming it "notifications" rather than just "issues"; however
> this vote is only about traffic from Jira (we will discuss if we want to
> extend the usage of this list in the future).
>
> Please vote,
>
> +1
>
> to create a "notifications" mailing list (i.e.
> notificati...@ofbiz.apache.org) and redirect to it all the traffic coming
> from Jira notifications.
>
> Otherwise vote -1 to continue to use the "dev" list for Jira notifications.
>

Re: [VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread Ashish Vijaywargiya 
+1

--
Kind Regards
Ashish Vijaywargiya
HotWax Systems - est. 1997


On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com> wrote:

> Rationale: every ASF project needs a private list to discuss product
> vulnerabilities; for OFBiz the "private" list has been used for this
> purpose until now; however an ad-hoc list may be useful because it could
> provide a more focused space to discuss the security issues and could
> provide more flexibility to invite in the private list persons willing to
> help that are trusted by the PMC.
>
> Please vote,
>
> +1
>
> to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
> the security related discussions and notifications currently happening on
> the private list to this new list: according to the ASF policies [*] the
> list will be a private list used by the persons willing to help to resolve
> security issues; the list of subscribers will be approved by the OFBiz PMC.
>
> Otherwise vote -1 to continue to use the "private" mailing list for
> vulnerability handling.
>
> [*] http://www.apache.org/security/
>

Re: [VOTE] Create a "notifications" mailing list

2016-07-24 Thread Scott Gray 
+1 thanks Jacopo

On 25 July 2016 at 08:38, Julien NICOLAS  wrote:

> +1 Good idea :)
>
>
>
> On 24/07/2016 14:59, Jacopo Cappellato wrote:
>
>> Rationale: Jira notifications are currently sent to the "dev" list,
>> causing
>> a lot of traffic and sometimes distracting from actual conversations; the
>> creation of a "notification" email (similar to the "commits" mailing list)
>> will solve this problem; in the future we may vote to use the
>> "notification" list to host traffic coming from buildbot etc... thus the
>> proposal for naming it "notifications" rather than just "issues"; however
>> this vote is only about traffic from Jira (we will discuss if we want to
>> extend the usage of this list in the future).
>>
>> Please vote,
>>
>> +1
>>
>> to create a "notifications" mailing list (i.e.
>> notificati...@ofbiz.apache.org) and redirect to it all the traffic coming
>> from Jira notifications.
>>
>> Otherwise vote -1 to continue to use the "dev" list for Jira
>> notifications.
>>
>>
>

[jira] [Comment Edited] (OFBIZ-7754) The big problem when load seed.

2016-07-24 Thread Hans Bakker (JIRA) 

[ 
https://issues.apache.org/jira/browse/OFBIZ-7754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15391227#comment-15391227
 ] 

Hans Bakker edited comment on OFBIZ-7754 at 7/25/16 1:11 AM:
-

if you move these initial property settings to the database is fine with me, As 
long as you delete the general.properties file,  because that file does not do 
anything anymore because overridden by the database settings... 

But here you will upset the people upgrading who did previously used the 
general properties file.


was (Author: hansbak):
if you move these initial property settings to the database is fine with me, As 
long as you delete the general.properties file,  because that file does not do 
anything anymore because overridden by the database settings... 

> The big problem when load seed.
> ---
>
> Key: OFBIZ-7754
> URL: https://issues.apache.org/jira/browse/OFBIZ-7754
> Project: OFBiz
>  Issue Type: Improvement
>  Components: framework
>Affects Versions: Trunk
>Reporter: Kongrath Suankaewmanee
>Assignee: Pierre Smits
> Attachments: OFBIZ-7754.patch
>
>
> Hi All,
> Regarding, [OFBIZ-7112|https://issues.apache.org/jira/browse/OFBIZ-7112]
> That's good for who start on use the ofbiz with initial setup, but not for 
> the site that already online and has to update the OFBiz core. Because when 
> has update OFBiz core they will use command load-seed for update.
> The problem is if we use load-seed mean the configuration data that's already 
> exists will be replaced by the data from this file,
> *CommonSystemPropertyData.xml*
> So, for my suggestion should change the reader from *seed* to *seed-initial*  
> or remove systemPropertyValue from the data file.
> Thank you,
> Kongrath



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (OFBIZ-7754) The big problem when load seed.

2016-07-24 Thread Hans Bakker (JIRA) 

[ 
https://issues.apache.org/jira/browse/OFBIZ-7754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15391227#comment-15391227
 ] 

Hans Bakker commented on OFBIZ-7754:


if you move these initial property settings to the database is fine with me, As 
long as you delete the general.properties file,  because that file does not do 
anything anymore because overridden by the database settings... 

> The big problem when load seed.
> ---
>
> Key: OFBIZ-7754
> URL: https://issues.apache.org/jira/browse/OFBIZ-7754
> Project: OFBiz
>  Issue Type: Improvement
>  Components: framework
>Affects Versions: Trunk
>Reporter: Kongrath Suankaewmanee
>Assignee: Pierre Smits
> Attachments: OFBIZ-7754.patch
>
>
> Hi All,
> Regarding, [OFBIZ-7112|https://issues.apache.org/jira/browse/OFBIZ-7112]
> That's good for who start on use the ofbiz with initial setup, but not for 
> the site that already online and has to update the OFBiz core. Because when 
> has update OFBiz core they will use command load-seed for update.
> The problem is if we use load-seed mean the configuration data that's already 
> exists will be replaced by the data from this file,
> *CommonSystemPropertyData.xml*
> So, for my suggestion should change the reader from *seed* to *seed-initial*  
> or remove systemPropertyValue from the data file.
> Thank you,
> Kongrath



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: [VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread Julien NICOLAS 

+1


On 24/07/2016 14:32, Jacopo Cappellato wrote:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create a "notifications" mailing list

2016-07-24 Thread Julien NICOLAS 

+1 Good idea :)


On 24/07/2016 14:59, Jacopo Cappellato wrote:

Rationale: Jira notifications are currently sent to the "dev" list, causing
a lot of traffic and sometimes distracting from actual conversations; the
creation of a "notification" email (similar to the "commits" mailing list)
will solve this problem; in the future we may vote to use the
"notification" list to host traffic coming from buildbot etc... thus the
proposal for naming it "notifications" rather than just "issues"; however
this vote is only about traffic from Jira (we will discuss if we want to
extend the usage of this list in the future).

Please vote,

+1

to create a "notifications" mailing list (i.e.
notificati...@ofbiz.apache.org) and redirect to it all the traffic coming
from Jira notifications.

Otherwise vote -1 to continue to use the "dev" list for Jira notifications.

[jira] [Commented] (OFBIZ-7534) Migrate OFBiz from Apache Ant to Gradle build system

2016-07-24 Thread Taher Alkhateeb (JIRA) 

[ 
https://issues.apache.org/jira/browse/OFBIZ-7534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15391096#comment-15391096
 ] 

Taher Alkhateeb commented on OFBIZ-7534:


Okay, LDAP library (cas-server-core) is now replaced with a remote one in 
1753944 and again all tests pass

> Migrate OFBiz from Apache Ant to Gradle build system
> 
>
> Key: OFBIZ-7534
> URL: https://issues.apache.org/jira/browse/OFBIZ-7534
> Project: OFBiz
>  Issue Type: Improvement
>  Components: ALL COMPONENTS
>Affects Versions: Upcoming Branch
>Reporter: Taher Alkhateeb
>Assignee: Taher Alkhateeb
>  Labels: ant, build-tools, gradle
> Attachments: ANT_GRADLE_COMPARISON.txt, OFBIZ-7534.patch, 
> OFBIZ-7534.patch, OFBIZ-7534.patch, OFBIZ-7534.patch, OFBizRemoteJarList.csv, 
> OFBizRemoteJarList.csv, OFBizRemoteJarList.csv, OFBizRemoteJarList.csv, 
> gradle-wrapper.jar
>
>
> This is a major refactoring task referring to the [email 
> thread|http://ofbiz.markmail.org/message/vstt3wxuubmjgmqj?q=Important+Changes+to+Trunk+and+Use+of+Ant+%26+Gradle]
>  in which the community voted for the switch after a proposal from the PMC
> The purpose of this JIRA is to achieve the following objectives
> - Fully implement a working compiling system in Gradle that passes all tests
> - Remove all ant and maven build scripts from the system
> - update the documentation of the system to reflect these changes



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: Library sources are automatically downloaded

2016-07-24 Thread Taher Alkhateeb 
Hi All,

After a bit of investigation I believe Gradle will _not_ download source
libraries _unless_ someone calls the "eclipse" task. So I think no need to
do any changes for releases.

Cheers,

Taher Alkhateeb

On Fri, Jul 22, 2016 at 11:08 PM, Taher Alkhateeb <
slidingfilame...@gmail.com> wrote:

> Hi Jacques,
>
> Sure. I have an idea in mind for how to make this very trivial so that
> minimal code is needed to prepare for a release. Whenever you issue the
> jira I'll attach a patch for a convenient solution.
>
> Regards,
>
> Taher Alkhateeb
>
> On Jul 22, 2016 11:04 PM, "Jacques Le Roux" 
> wrote:
>
> I think a Jira is appropriate. I believe it should be a subtask of
> OFBIZ-7534. I like them because it's easy to spot the state (advance of
> work done, and especially remaining issue to work on). I'll handle the wiki
> side when I'll get a chance...
>
> Thanks
>
> Jacques
>
>
>
> Le 21/07/2016 à 14:39, Taher Alkhateeb a écrit :
>
>> Nice work okay we have the answer on how to stop downloading the sources
>> :)
>>
>> On Jul 21, 2016 3:35 PM, "Jacques Le Roux" 
>> wrote:
>>
>> Thanks Taher,
>>>
>>> I guess you spoke about Eclipse. BTW should we not add "
>>> downloadSources=true"
>>>
>>> https://stackoverflow.com/questions/10156847/how-to-tell-gradle-to-download-all-the-source-jars#answer-10655347
>>> ?
>>>
>>> For IntelliJ it's here
>>>
>>> https://stackoverflow.com/questions/12718753/how-to-download-dependency-sources-for-gradle-project-in-idea
>>>
>>> We will put that, with other things, in the "Gradle to And" wiki page
>>> ASAP
>>>
>>> Jacques
>>>
>>>
>>> Le 21/07/2016 à 08:05, Taher Alkhateeb a écrit :
>>>
>>> Hi Everyone,

 One of the very nice things I discovered a while back is that Gradle
 automatically downloads The Source libraries for the jar dependencies
 for
 almost all of the libraries.

 This means that you can ctrl-click with your IDE to navigate the source
 code of these external libraries which I find very helpful for
 debugging.

 So just wanted to share that for anyone who might want to take advantage
 of
 this

 Taher Alkhateeb



>
>

[jira] [Commented] (OFBIZ-7804) Check if we should fix or remove the POS (hence WebPos?)

2016-07-24 Thread Jacques Le Roux (JIRA) 

[ 
https://issues.apache.org/jira/browse/OFBIZ-7804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15391070#comment-15391070
 ] 

Jacques Le Roux commented on OFBIZ-7804:


I must add that I have the XUI sources available so I will put all what I have 
in repo before removing the component. At some point I created my own XUI 
version but the authors fixed it after. I must also say that we had then any 
issues with XUI and it's still working perfectly for the POS.

> Check if we should fix or remove the POS (hence WebPos?)
> 
>
> Key: OFBIZ-7804
> URL: https://issues.apache.org/jira/browse/OFBIZ-7804
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: specialpurpose/pos, specialpurpose/webpos
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
> Fix For: Upcoming Branch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: [VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread Jacques Le Roux 

Mmm... I must also add that ASF members have access to other PMCs private MLs

Jacques


Le 24/07/2016 à 14:56, Jacques Le Roux a écrit :

Le 24/07/2016 à 14:55, Jacques Le Roux a écrit :

Yes Michael.

Le 24/07/2016 à 14:43, Michael Brohl a écrit :
The "private" mailing list is only for PMC members of the project?

Re: [VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread Sharan Foga 

+1

Thanks
Sharan

On 24/07/16 14:32, Jacopo Cappellato wrote:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create a "notifications" mailing list

2016-07-24 Thread Sharan Foga 
+1 excellent idea - lately it has been hard to find discussion threads 
and messages with all the jira traffic.


Thanks
Sharan

On 24/07/16 14:59, Jacopo Cappellato wrote:

Rationale: Jira notifications are currently sent to the "dev" list, causing
a lot of traffic and sometimes distracting from actual conversations; the
creation of a "notification" email (similar to the "commits" mailing list)
will solve this problem; in the future we may vote to use the
"notification" list to host traffic coming from buildbot etc... thus the
proposal for naming it "notifications" rather than just "issues"; however
this vote is only about traffic from Jira (we will discuss if we want to
extend the usage of this list in the future).

Please vote,

+1

to create a "notifications" mailing list (i.e.
notificati...@ofbiz.apache.org) and redirect to it all the traffic coming
from Jira notifications.

Otherwise vote -1 to continue to use the "dev" list for Jira notifications.

Re: [VOTE] Create a "notifications" mailing list

2016-07-24 Thread Jacques Le Roux 

Le 24/07/2016 à 15:17, gil portenseigne a écrit :

+1

I actually use mail filter to separate Jira notifications from other dev mails. 
But i understand that not everyone can use filter...


Right Gil, we tend to forget others once we have resolved the issue for us :)

Jacques



Gil

On 24/07/2016 14:59, Jacopo Cappellato wrote:

Rationale: Jira notifications are currently sent to the "dev" list, causing
a lot of traffic and sometimes distracting from actual conversations; the
creation of a "notification" email (similar to the "commits" mailing list)
will solve this problem; in the future we may vote to use the
"notification" list to host traffic coming from buildbot etc... thus the
proposal for naming it "notifications" rather than just "issues"; however
this vote is only about traffic from Jira (we will discuss if we want to
extend the usage of this list in the future).

Please vote,

+1

to create a "notifications" mailing list (i.e.
notificati...@ofbiz.apache.org) and redirect to it all the traffic coming
from Jira notifications.

Otherwise vote -1 to continue to use the "dev" list for Jira notifications.

Re: [VOTE] Create a "notifications" mailing list

2016-07-24 Thread Jacques Le Roux 

+1 (thought by filtering locally I already resolved this issue)

Jacques


Le 24/07/2016 à 14:59, Jacopo Cappellato a écrit :

Rationale: Jira notifications are currently sent to the "dev" list, causing
a lot of traffic and sometimes distracting from actual conversations; the
creation of a "notification" email (similar to the "commits" mailing list)
will solve this problem; in the future we may vote to use the
"notification" list to host traffic coming from buildbot etc... thus the
proposal for naming it "notifications" rather than just "issues"; however
this vote is only about traffic from Jira (we will discuss if we want to
extend the usage of this list in the future).

Please vote,

+1

to create a "notifications" mailing list (i.e.
notificati...@ofbiz.apache.org) and redirect to it all the traffic coming
from Jira notifications.

Otherwise vote -1 to continue to use the "dev" list for Jira notifications.

Re: [VOTE] Create a "notifications" mailing list

2016-07-24 Thread Michael Brohl 

+1

Michael Brohl
ecomify GmbH
www.ecomify.de

Am 24.07.16 um 14:59 schrieb Jacopo Cappellato:

Rationale: Jira notifications are currently sent to the "dev" list, causing
a lot of traffic and sometimes distracting from actual conversations; the
creation of a "notification" email (similar to the "commits" mailing list)
will solve this problem; in the future we may vote to use the
"notification" list to host traffic coming from buildbot etc... thus the
proposal for naming it "notifications" rather than just "issues"; however
this vote is only about traffic from Jira (we will discuss if we want to
extend the usage of this list in the future).

Please vote,

+1

to create a "notifications" mailing list (i.e.
notificati...@ofbiz.apache.org) and redirect to it all the traffic coming
from Jira notifications.

Otherwise vote -1 to continue to use the "dev" list for Jira notifications.






smime.p7s
Description: S/MIME Cryptographic Signature

Re: [VOTE] Create a "notifications" mailing list

2016-07-24 Thread Taher Alkhateeb 
+1 this would make things nice and clear

On Sunday, 24 July 2016, Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com> wrote:

> Rationale: Jira notifications are currently sent to the "dev" list, causing
> a lot of traffic and sometimes distracting from actual conversations; the
> creation of a "notification" email (similar to the "commits" mailing list)
> will solve this problem; in the future we may vote to use the
> "notification" list to host traffic coming from buildbot etc... thus the
> proposal for naming it "notifications" rather than just "issues"; however
> this vote is only about traffic from Jira (we will discuss if we want to
> extend the usage of this list in the future).
>
> Please vote,
>
> +1
>
> to create a "notifications" mailing list (i.e.
> notificati...@ofbiz.apache.org ) and redirect to it all the
> traffic coming
> from Jira notifications.
>
> Otherwise vote -1 to continue to use the "dev" list for Jira notifications.
>

Re: [VOTE] Create a "notifications" mailing list

2016-07-24 Thread gil portenseigne 

+1

I actually use mail filter to separate Jira notifications from other dev 
mails. But i understand that not everyone can use filter...


Gil

On 24/07/2016 14:59, Jacopo Cappellato wrote:

Rationale: Jira notifications are currently sent to the "dev" list, causing
a lot of traffic and sometimes distracting from actual conversations; the
creation of a "notification" email (similar to the "commits" mailing list)
will solve this problem; in the future we may vote to use the
"notification" list to host traffic coming from buildbot etc... thus the
proposal for naming it "notifications" rather than just "issues"; however
this vote is only about traffic from Jira (we will discuss if we want to
extend the usage of this list in the future).

Please vote,

+1

to create a "notifications" mailing list (i.e.
notificati...@ofbiz.apache.org) and redirect to it all the traffic coming
from Jira notifications.

Otherwise vote -1 to continue to use the "dev" list for Jira notifications.

Re: [VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread gil portenseigne 

+1

On 24/07/2016 14:32, Jacopo Cappellato wrote:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread Taher Alkhateeb 
+1 good idea

On Jul 24, 2016 3:56 PM, "Jacques Le Roux" 
wrote:

Le 24/07/2016 à 14:55, Jacques Le Roux a écrit :

> Yes Michael.
>
> +1 for me also for the security list
>
> I noted that this will allow your contact info to be published here:
> https://www.apache.org/security/projects.html
>
Typo, it's : our contact info
Jacques


> Thanks
>
> Jacques
>
>
> Le 24/07/2016 à 14:43, Michael Brohl a écrit :
>
>> +1
>>
>> The "private" mailing list is only for PMC members of the project?
>>
>> Regards,
>> Michael Brohl
>> ecomify GmbH
>> www.ecomify.de
>>
>>
>> Am 24.07.16 um 14:32 schrieb Jacopo Cappellato:
>>
>>> Rationale: every ASF project needs a private list to discuss product
>>> vulnerabilities; for OFBiz the "private" list has been used for this
>>> purpose until now; however an ad-hoc list may be useful because it could
>>> provide a more focused space to discuss the security issues and could
>>> provide more flexibility to invite in the private list persons willing to
>>> help that are trusted by the PMC.
>>>
>>> Please vote,
>>>
>>> +1
>>>
>>> to create a "security" list (i.e. secur...@ofbiz.apache.org) and move
>>> all
>>> the security related discussions and notifications currently happening on
>>> the private list to this new list: according to the ASF policies [*] the
>>> list will be a private list used by the persons willing to help to
>>> resolve
>>> security issues; the list of subscribers will be approved by the OFBiz
>>> PMC.
>>>
>>> Otherwise vote -1 to continue to use the "private" mailing list for
>>> vulnerability handling.
>>>
>>> [*] http://www.apache.org/security/
>>>
>>>
>>
>>
>
>

[VOTE] Create a "notifications" mailing list

2016-07-24 Thread Jacopo Cappellato 
Rationale: Jira notifications are currently sent to the "dev" list, causing
a lot of traffic and sometimes distracting from actual conversations; the
creation of a "notification" email (similar to the "commits" mailing list)
will solve this problem; in the future we may vote to use the
"notification" list to host traffic coming from buildbot etc... thus the
proposal for naming it "notifications" rather than just "issues"; however
this vote is only about traffic from Jira (we will discuss if we want to
extend the usage of this list in the future).

Please vote,

+1

to create a "notifications" mailing list (i.e.
notificati...@ofbiz.apache.org) and redirect to it all the traffic coming
from Jira notifications.

Otherwise vote -1 to continue to use the "dev" list for Jira notifications.

Re: [VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread Jacques Le Roux 

Le 24/07/2016 à 14:55, Jacques Le Roux a écrit :

Yes Michael.

+1 for me also for the security list

I noted that this will allow your contact info to be published here: 
https://www.apache.org/security/projects.html

Typo, it's : our contact info
Jacques


Thanks

Jacques


Le 24/07/2016 à 14:43, Michael Brohl a écrit :

+1

The "private" mailing list is only for PMC members of the project?

Regards,
Michael Brohl
ecomify GmbH
www.ecomify.de


Am 24.07.16 um 14:32 schrieb Jacopo Cappellato:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread Jacques Le Roux 

Yes Michael.

+1 for me also for the security list

I noted that this will allow your contact info to be published here: 
https://www.apache.org/security/projects.html

Thanks

Jacques


Le 24/07/2016 à 14:43, Michael Brohl a écrit :

+1

The "private" mailing list is only for PMC members of the project?

Regards,
Michael Brohl
ecomify GmbH
www.ecomify.de


Am 24.07.16 um 14:32 schrieb Jacopo Cappellato:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread gregory draperi 
+1

2016-07-24 14:32 GMT+02:00 Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com>:

> Rationale: every ASF project needs a private list to discuss product
> vulnerabilities; for OFBiz the "private" list has been used for this
> purpose until now; however an ad-hoc list may be useful because it could
> provide a more focused space to discuss the security issues and could
> provide more flexibility to invite in the private list persons willing to
> help that are trusted by the PMC.
>
> Please vote,
>
> +1
>
> to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
> the security related discussions and notifications currently happening on
> the private list to this new list: according to the ASF policies [*] the
> list will be a private list used by the persons willing to help to resolve
> security issues; the list of subscribers will be approved by the OFBiz PMC.
>
> Otherwise vote -1 to continue to use the "private" mailing list for
> vulnerability handling.
>
> [*] http://www.apache.org/security/
>



-- 
Grégory Draperi

Re: [VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread Michael Brohl 

+1

The "private" mailing list is only for PMC members of the project?

Regards,
Michael Brohl
ecomify GmbH
www.ecomify.de


Am 24.07.16 um 14:32 schrieb Jacopo Cappellato:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/






smime.p7s
Description: S/MIME Cryptographic Signature

[jira] [Commented] (OFBIZ-7804) Check if we should fix or remove the POS (hence WebPos?)

2016-07-24 Thread Jacques Le Roux (JIRA) 

[ 
https://issues.apache.org/jira/browse/OFBIZ-7804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15391045#comment-15391045
 ] 

Jacques Le Roux commented on OFBIZ-7804:


Something I want to note there and will repeat in any place it will fit 
(notably in wiki) is that the POS will be in Attic which means *it will still 
be available in the repo as is*

So I'll keep the documentation as is in wiki with a link to the last revision 
the POS will be available (I'll tag it). So If ever someone wants to use the 
POS or (why not?) revive it, it's will still be possible.

Note that the POS uses XUI which is no longer maintained (since 2008) and the 
POS has not changed for years, my last effort was in end of 2009.

> Check if we should fix or remove the POS (hence WebPos?)
> 
>
> Key: OFBIZ-7804
> URL: https://issues.apache.org/jira/browse/OFBIZ-7804
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: specialpurpose/pos, specialpurpose/webpos
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
> Fix For: Upcoming Branch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[VOTE] Create the "security" mailing list for the OFBiz project

2016-07-24 Thread Jacopo Cappellato 
Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

[jira] [Created] (OFBIZ-7928) Use "Let's encrypt" for OFBiz demos SSL/TLS certificates

2016-07-24 Thread Jacques Le Roux (JIRA) 
Jacques Le Roux created OFBIZ-7928:
--

 Summary: Use "Let's encrypt" for OFBiz demos SSL/TLS certificates
 Key: OFBIZ-7928
 URL: https://issues.apache.org/jira/browse/OFBIZ-7928
 Project: OFBiz
  Issue Type: Task
Reporter: Jacques Le Roux
Assignee: Jacques Le Roux


This is a transtion from INFRA-11960
{quote}
After some tries, I have finally decided to adapt and use 
http://blog.ivantichy.cz/blogpost/view/74 which is the most convenient way for 
OFBiz

Since we need to use SANs (for demo-trunk-ofbiz.apache.org, 
demo-stable-ofbiz.apache.org and demo-old-ofbiz.apache.org which are actually 
OFBiz instances using different set of ports), I will try to use "-d 
ofbiz-vm.apache.org" as 1st "-d" argument and if that does not work I'll simply 
use the "-d" parameter with the other sub-domains only. What I actually need is 
a renewable certificate in the OFBiz Java keystore (ofbiz.jks) with the SANs 
present. From my experiences, the (adapted) script above should provide me that.
{quote}
Maybe another possibility would be to install our own HTTPS and use the 
instructions provided by Sam Ruby in INFRA-11960.  I have to balance the work 
with adapting the script I refered to above.
{quote}
The EFF has published new instructions: 
https://certbot.eff.org/#ubuntutrusty-apache

FWIW, I had no problem moving from whimy-vm2 to whimsy-vm3. I've now got certs 
for a second machine (ghmon-vm). Here's the puppet instructions to download 
certbot, create a cronjob, and add use the certificates with Apache httpd:

https://github.com/apache/infrastructure-puppet/pull/107/commits/8fea8223f398a77e67173c1b0c1b06b80fe576b0

Once this is deployed, all that is left is running a single command: 
certbot-auto -d host1.apache.org -d host2.apache.org... and answering two 
prompts (you need to provide an email address and to indicate that you have 
read the terms of service).
{quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (OFBIZ-7804) Check if we should fix or remove the POS (hence WebPos?)

2016-07-24 Thread Jacques Le Roux (JIRA) 

[ 
https://issues.apache.org/jira/browse/OFBIZ-7804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15391016#comment-15391016
 ] 

Jacques Le Roux commented on OFBIZ-7804:


Agreed, I just mean that removing the rest could have an impact on the WebPos, 
but I so far found not evidences, testing will say it!

> Check if we should fix or remove the POS (hence WebPos?)
> 
>
> Key: OFBIZ-7804
> URL: https://issues.apache.org/jira/browse/OFBIZ-7804
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: specialpurpose/pos, specialpurpose/webpos
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
> Fix For: Upcoming Branch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (OFBIZ-7534) Migrate OFBiz from Apache Ant to Gradle build system

2016-07-24 Thread Taher Alkhateeb (JIRA) 

[ 
https://issues.apache.org/jira/browse/OFBIZ-7534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15391014#comment-15391014
 ] 

Taher Alkhateeb commented on OFBIZ-7534:


After the work on Migrating BIRT, we now have the following remaining libraries:

./tools/demo-backup/contrast-rO0.jar
./tools/security/notsoserial/notsoserial-1.0-SNAPSHOT.jar
./specialpurpose/cmssite/template/docbook/extensions/webhelpindexer.jar
./specialpurpose/cmssite/template/docbook/extensions/tagsoup-1.2.1.jar
./specialpurpose/cmssite/template/docbook/extensions/lucene-analyzers-3.0.0.jar
./specialpurpose/cmssite/template/docbook/extensions/xalan-2.7.2.jar
./specialpurpose/cmssite/template/docbook/extensions/saxon65.jar
./specialpurpose/cmssite/template/docbook/extensions/lucene-core-3.0.0.jar
./specialpurpose/pos/lib/jpos18-controls.jar
./specialpurpose/pos/lib/XuiCoreSwing-v3.2rc2b.jar
./specialpurpose/pos/lib/jcl.jar
./specialpurpose/pos/lib/looks-2.0.2.jar
./specialpurpose/pos/lib/XuiOptional-v3.2rc2b.jar
./specialpurpose/ldap/lib/cas-server-core-3.3.jar
./specialpurpose/ebaystore/lib/helper.jar
./specialpurpose/ebaystore/lib/attributes.jar
./specialpurpose/ebaystore/lib/ebaysdkcore.jar
./specialpurpose/ebaystore/lib/ebaycalls.jar
./framework/base/lib/jpim-0.1.jar

I will apply the following:
- Delete ./tools/demo-backup/contrast-rO0.jar
- POS will be removed to attic as per the discussion threads including the 
latest one to user ML by Jacques

This means the jars that are not yet resolved, and we need to take a decision 
on are:

# ./tools/security/notsoserial/notsoserial-1.0-SNAPSHOT.jar
# ./specialpurpose/cmssite/template/docbook/extensions/webhelpindexer.jar
# ./specialpurpose/cmssite/template/docbook/extensions/tagsoup-1.2.1.jar
# 
./specialpurpose/cmssite/template/docbook/extensions/lucene-analyzers-3.0.0.jar
# ./specialpurpose/cmssite/template/docbook/extensions/xalan-2.7.2.jar
# ./specialpurpose/cmssite/template/docbook/extensions/saxon65.jar
# ./specialpurpose/cmssite/template/docbook/extensions/lucene-core-3.0.0.jar
# ./specialpurpose/ldap/lib/cas-server-core-3.3.jar
# ./specialpurpose/ebaystore/lib/helper.jar
# ./specialpurpose/ebaystore/lib/attributes.jar
# ./specialpurpose/ebaystore/lib/ebaysdkcore.jar
# ./specialpurpose/ebaystore/lib/ebaycalls.jar
# ./framework/base/lib/jpim-0.1.jar


> Migrate OFBiz from Apache Ant to Gradle build system
> 
>
> Key: OFBIZ-7534
> URL: https://issues.apache.org/jira/browse/OFBIZ-7534
> Project: OFBiz
>  Issue Type: Improvement
>  Components: ALL COMPONENTS
>Affects Versions: Upcoming Branch
>Reporter: Taher Alkhateeb
>Assignee: Taher Alkhateeb
>  Labels: ant, build-tools, gradle
> Attachments: ANT_GRADLE_COMPARISON.txt, OFBIZ-7534.patch, 
> OFBIZ-7534.patch, OFBIZ-7534.patch, OFBIZ-7534.patch, OFBizRemoteJarList.csv, 
> OFBizRemoteJarList.csv, OFBizRemoteJarList.csv, OFBizRemoteJarList.csv, 
> gradle-wrapper.jar
>
>
> This is a major refactoring task referring to the [email 
> thread|http://ofbiz.markmail.org/message/vstt3wxuubmjgmqj?q=Important+Changes+to+Trunk+and+Use+of+Ant+%26+Gradle]
>  in which the community voted for the switch after a proposal from the PMC
> The purpose of this JIRA is to achieve the following objectives
> - Fully implement a working compiling system in Gradle that passes all tests
> - Remove all ant and maven build scripts from the system
> - update the documentation of the system to reflect these changes



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (OFBIZ-7804) Check if we should fix or remove the POS (hence WebPos?)

2016-07-24 Thread Taher Alkhateeb (JIRA) 

[ 
https://issues.apache.org/jira/browse/OFBIZ-7804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15391011#comment-15391011
 ] 

Taher Alkhateeb commented on OFBIZ-7804:


I think either way we should remove the Jars for the POS component since they 
are used for the UI which is not used in web pos

> Check if we should fix or remove the POS (hence WebPos?)
> 
>
> Key: OFBIZ-7804
> URL: https://issues.apache.org/jira/browse/OFBIZ-7804
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: specialpurpose/pos, specialpurpose/webpos
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
> Fix For: Upcoming Branch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (OFBIZ-7804) Check if we should fix or remove the POS (hence WebPos?)

2016-07-24 Thread Jacques Le Roux (JIRA) 

 [ 
https://issues.apache.org/jira/browse/OFBIZ-7804?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacques Le Roux updated OFBIZ-7804:
---
Summary: Check if we should fix or remove the POS (hence WebPos?)  (was: 
Check if we should fix or remove the POS (hence webpos))

> Check if we should fix or remove the POS (hence WebPos?)
> 
>
> Key: OFBIZ-7804
> URL: https://issues.apache.org/jira/browse/OFBIZ-7804
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: specialpurpose/pos, specialpurpose/webpos
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
> Fix For: Upcoming Branch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Assigned] (OFBIZ-7804) Check if we should fix or remove the POS (hence webpos)

2016-07-24 Thread Jacques Le Roux (JIRA) 

 [ 
https://issues.apache.org/jira/browse/OFBIZ-7804?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacques Le Roux reassigned OFBIZ-7804:
--

Assignee: Jacques Le Roux

> Check if we should fix or remove the POS (hence webpos)
> ---
>
> Key: OFBIZ-7804
> URL: https://issues.apache.org/jira/browse/OFBIZ-7804
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: specialpurpose/pos, specialpurpose/webpos
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
> Fix For: Upcoming Branch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (OFBIZ-7804) Check if we should fix or remove the POS (hence webpos)

2016-07-24 Thread Jacques Le Roux (JIRA) 

[ 
https://issues.apache.org/jira/browse/OFBIZ-7804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15391007#comment-15391007
 ] 

Jacques Le Roux commented on OFBIZ-7804:


Removing the POS has been announced on the user ML after a discussion on dev ML 
http://markmail.org/message/oaqxcxsrlfbiid24

I'm still not sure if removing the POS has an influence on the WebPos. I'll 
check that when removing the POS...

> Check if we should fix or remove the POS (hence webpos)
> ---
>
> Key: OFBIZ-7804
> URL: https://issues.apache.org/jira/browse/OFBIZ-7804
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: specialpurpose/pos, specialpurpose/webpos
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
> Fix For: Upcoming Branch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: Token Based Authentication with Apache OfBiz

2016-07-24 Thread gregory draperi 
Hi Jacques,

Okay, so I misunderstood the goal. You can forget what I said :)
Still the article is really interesting :)

Cheers,

Gregory

2016-07-23 12:55 GMT+02:00 Jacques Le Roux :

> HI Gregory,
>
> If I'm not mistaken (I'll not do it) the idea is indeed to use tokens for
> one time authentication, but to then use OFBiz current work flow for the
> rest (ie handling sessions)
>
> Quoting below: "Behind the scenes, we will be using the current work flow
> as is"
>
> This is also what we did with the project I spoke about.
>
> Thanks for the article!
>
> Jacques
>
>
>
> Le 22/07/2016 à 15:53, gregory draperi a écrit :
>
>> Hi guys,
>>
>> JSON web tokens are suitable for one time authentication between parties
>> but they have important drawbacks if they are used as a session mechanism
>> (how to store them, not possible to invalidate one...)
>>
>> There is a nice article on this:
>> http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
>>
>> Best wishes,
>>
>> Gregory
>>
>>
>>
>> 2016-07-13 13:19 GMT+02:00 Rishi Solanki :
>>
>> Rahul,
>>>
>>> Thanks for detailed proposal, I gone thru all the details. No changes in
>>> the current auth system, and achieving token based authentication looks a
>>> good idea to me.
>>>
>>> Agree on all the details provided and will try to participate in the
>>> reviewing the design/implementation.
>>>
>>>
>>> +1.
>>>
>>>
>>> Rishi Solanki
>>> Manager, Enterprise Software Development
>>> HotWax Systems Pvt. Ltd.
>>> Direct: +91-9893287847
>>> http://www.hotwaxsystems.com
>>>
>>> On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux <
>>> jacques.le.r...@les7arts.com> wrote:
>>>
>>> We (I was then working with ilscipio) did something like that for a
 client, and I agree it's the way to go.

 I mean that I agree with "We are not going to implement the Token Based
 Authentication process at low level. Behind the scenes, we will be using
 the current work flow as is"

 Disclaimer: I did not look into all details. Also we planned to use

>>> OpenId
>>>
 but eventually the Token Based Authentication we used was specific and
 proprietary to the client (this remembered me
 http://markmail.org/message/7vtjvjomneimspvl)

 Jacques



 Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit :

 Hello All,
> Recently felt the need of Token Based Authentication process in Apache
> OfBiz while using OfBiz's business process offerings with standalone
> clients like Mobile Apps, Angular JS based apps running outside Apache
> OfBiz etc.
>
> What currently we are having in OfBiz is session based authentication
> process which is *stateful*. But while dealing with the independently
> running remote clients stateful authentication is not gonna work as we
> will
> not be using *server-browser session* anymore in those cases.
>
> Following are the initial draft & supporting documents to proceed
>
 further:
>>>
  - Token Based Authentication in Apache OfBiz
>  <
>
>
>>> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv
>>>
  - Token Based Authentication
>  <
>
>
>>> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4
>>>
  - JSON Web Tokens
>  <
>
>
>>> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit
>>>
  - IETF's  (Internet Engineering Task Force) Documentation for JSON
>
 Web
>>>
  Tokens
>  <
>
>
>>> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2=1
>>>
 I would like to propose a requirement to implement this in OfBiz, &
>
 invite
>>>
 you all to provide valuable inputs to conclude the requirements &
> implementation plans.
>
> Thanks and Regards
> *Rahul Bhooteshwar*
> Enterprise Software Engineer
> HotWax Systems  - *Global leader in
> innovative enterprise commerce solutions **powered by Apache OFBiz.*
>
>
>
>>
>>
>


-- 
Grégory Draperi

Re: svn commit: r1753885 - /ofbiz/trunk/build.gradle

2016-07-24 Thread Taher Alkhateeb 
Noted, Thank you Jacques,

You are right about the config file, I've updated to the latest version.
Thank you.

On Sun, Jul 24, 2016 at 11:12 AM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:

> Taher here it is http://markmail.org/message/kgg2x5pxr5ttozoj <
> http://markmail.org/message/kgg2x5pxr5ttozoj> I thought you saw it
> already (you answered to this mail ;)).
>
> But I know now (from HipChat) it was a misunderstanding: you thought I
> already fixed the EOLs (hè you would have seen it in commits;))
>
> Now I wonder about one thing? Are you sure your svn config is up to date
> (contains the .gradle line) in right place? (please check again, sorry for
> the burden)
> Because according to svn doc, apart the last difficult review it should
> not have been a problem for you. I mean in repo it's always in *nix format
> anyway
>
> Jacques
>
> Le 24/07/2016 à 09:08, ta...@apache.org a écrit :
>
>> Author: taher
>> Date: Sun Jul 24 07:08:55 2016
>> New Revision: 1753885
>>
>> URL: http://svn.apache.org/viewvc?rev=1753885=rev
>> Log:
>> fix build.gradle EOL issue again.
>>
>> Most likely due to an editor problem in the environment of
>> Jacques Le Roux which converts the EOL characters from unix
>> \n to windows \r\n. I had to apply dos2unix to fix it again.
>>
>> Modified:
>>  ofbiz/trunk/build.gradle
>>
>> Modified: ofbiz/trunk/build.gradle
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/build.gradle?rev=1753885=1753884=1753885=diff
>>
>> ==
>> --- ofbiz/trunk/build.gradle (original)
>> +++ ofbiz/trunk/build.gradle Sun Jul 24 07:08:55 2016
>> @@ -1,865 +1,865 @@
>> -/*
>> - * Licensed to the Apache Software Foundation (ASF) under one
>> - * or more contributor license agreements.  See the NOTICE file
>> - * distributed with this work for additional information
>> - * regarding copyright ownership.  The ASF licenses this file
>> - * to you under the Apache License, Version 2.0 (the
>> - * "License"); you may not use this file except in compliance
>> - * with the License.  You may obtain a copy of the License at
>> - *
>> - * http://www.apache.org/licenses/LICENSE-2.0
>> - *
>> - * Unless required by applicable law or agreed to in writing,
>> - * software distributed under the License is distributed on an
>> - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>> - * KIND, either express or implied.  See the License for the
>> - * specific language governing permissions and limitations
>> - * under the License.
>> - */
>> -import org.apache.tools.ant.filters.ReplaceTokens
>> -
>> -/* 
>> - * Project setup
>> - *  */
>> -
>> -apply plugin: 'java'
>> -apply plugin: 'eclipse'
>> -
>> -apply from: 'common.gradle'
>> -
>> -// java settings
>> -def jvmArguments = ['-Xms128M', '-Xmx512M']
>> -ext.ofbizMainClass = 'org.apache.ofbiz.base.start.Start'
>> -javadoc.failOnError = false
>> -sourceCompatibility = '1.8'
>> -targetCompatibility = '1.8'
>> -
>> -// root and subproject settings
>> -defaultTasks 'build'
>> -
>> -allprojects {
>> -repositories{
>> -jcenter()
>> -}
>> -}
>> -
>> -subprojects {
>> -configurations {
>> -// compile-time plugin libraries
>> -pluginLibsCompile
>> -// runtime plugin libraries
>> -pluginLibsRuntime
>> -}
>> -}
>> -
>> -configurations {
>> -junitLibs
>> -}
>> -
>> -dependencies {
>> -// general framework libs
>> -compile 'apache-xerces:resolver:2.9.1'
>> -compile 'apache-xerces:xercesImpl:2.9.1'
>> -compile 'avalon-framework:avalon-framework-impl:4.2.0'
>> -compile 'bouncycastle:bouncycastle-jce-jdk13:112'
>> -compile 'com.fasterxml.jackson.core:jackson-annotations:2.4.0'
>> -compile 'com.fasterxml.jackson.core:jackson-core:2.4.2'
>> -compile 'com.google.guava:guava:19.0'
>> -compile 'com.google.zxing:core:3.2.1'
>> -compile
>> 'com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.0'
>> -compile
>> 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20160628.1'
>> -compile 'com.ibm.icu:icu4j:57.1'
>> -compile 'com.lowagie:itext:2.1.7'
>> -compile 'com.sun.mail:javax.mail:1.5.1'
>> -compile
>> 'com.sun.syndication:com.springsource.com.sun.syndication:0.9.0'
>> -compile 'com.thoughtworks.xstream:xstream:1.4.9'
>> -compile 'commons-beanutils:commons-beanutils-core:1.8.3'
>> -compile 'commons-cli:commons-cli:1.3.1'
>> -compile 'commons-codec:commons-codec:1.10'
>> -compile 'commons-el:commons-el:1.0'
>> -compile 'commons-fileupload:commons-fileupload:1.3.1'
>> -compile 'commons-io:commons-io:2.4'
>> -compile 'commons-logging:commons-logging:1.2'
>> -compile 'commons-net:commons-net:3.3'
>> -compile 'commons-validator:commons-validator:1.5.1'
>> -compile 'de.odysseus.juel:juel-impl:2.2.7'
>> -

Re: svn commit: r1753885 - /ofbiz/trunk/build.gradle

2016-07-24 Thread Jacques Le Roux 
Taher here it is http://markmail.org/message/kgg2x5pxr5ttozoj  I thought you saw it already (you 
answered to this mail ;)).


But I know now (from HipChat) it was a misunderstanding: you thought I already 
fixed the EOLs (hè you would have seen it in commits;))

Now I wonder about one thing? Are you sure your svn config is up to date (contains the .gradle line) in right place? (please check again, sorry for 
the burden)

Because according to svn doc, apart the last difficult review it should not 
have been a problem for you. I mean in repo it's always in *nix format anyway

Jacques

Le 24/07/2016 à 09:08, ta...@apache.org a écrit :

Author: taher
Date: Sun Jul 24 07:08:55 2016
New Revision: 1753885

URL: http://svn.apache.org/viewvc?rev=1753885=rev
Log:
fix build.gradle EOL issue again.

Most likely due to an editor problem in the environment of
Jacques Le Roux which converts the EOL characters from unix
\n to windows \r\n. I had to apply dos2unix to fix it again.

Modified:
 ofbiz/trunk/build.gradle

Modified: ofbiz/trunk/build.gradle
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/build.gradle?rev=1753885=1753884=1753885=diff
==
--- ofbiz/trunk/build.gradle (original)
+++ ofbiz/trunk/build.gradle Sun Jul 24 07:08:55 2016
@@ -1,865 +1,865 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-import org.apache.tools.ant.filters.ReplaceTokens
-
-/* 
- * Project setup
- *  */
-
-apply plugin: 'java'
-apply plugin: 'eclipse'
-
-apply from: 'common.gradle'
-
-// java settings
-def jvmArguments = ['-Xms128M', '-Xmx512M']
-ext.ofbizMainClass = 'org.apache.ofbiz.base.start.Start'
-javadoc.failOnError = false
-sourceCompatibility = '1.8'
-targetCompatibility = '1.8'
-
-// root and subproject settings
-defaultTasks 'build'
-
-allprojects {
-repositories{
-jcenter()
-}
-}
-
-subprojects {
-configurations {
-// compile-time plugin libraries
-pluginLibsCompile
-// runtime plugin libraries
-pluginLibsRuntime
-}
-}
-
-configurations {
-junitLibs
-}
-
-dependencies {
-// general framework libs
-compile 'apache-xerces:resolver:2.9.1'
-compile 'apache-xerces:xercesImpl:2.9.1'
-compile 'avalon-framework:avalon-framework-impl:4.2.0'
-compile 'bouncycastle:bouncycastle-jce-jdk13:112'
-compile 'com.fasterxml.jackson.core:jackson-annotations:2.4.0'
-compile 'com.fasterxml.jackson.core:jackson-core:2.4.2'
-compile 'com.google.guava:guava:19.0'
-compile 'com.google.zxing:core:3.2.1'
-compile 
'com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.0'
-compile 
'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20160628.1'
-compile 'com.ibm.icu:icu4j:57.1'
-compile 'com.lowagie:itext:2.1.7'
-compile 'com.sun.mail:javax.mail:1.5.1'
-compile 'com.sun.syndication:com.springsource.com.sun.syndication:0.9.0'
-compile 'com.thoughtworks.xstream:xstream:1.4.9'
-compile 'commons-beanutils:commons-beanutils-core:1.8.3'
-compile 'commons-cli:commons-cli:1.3.1'
-compile 'commons-codec:commons-codec:1.10'
-compile 'commons-el:commons-el:1.0'
-compile 'commons-fileupload:commons-fileupload:1.3.1'
-compile 'commons-io:commons-io:2.4'
-compile 'commons-logging:commons-logging:1.2'
-compile 'commons-net:commons-net:3.3'
-compile 'commons-validator:commons-validator:1.5.1'
-compile 'de.odysseus.juel:juel-impl:2.2.7'
-compile 'de.odysseus.juel:juel-spi:2.2.7'
-compile 'httpunit:httpunit:1.7'
-compile 'javax.el:javax.el-api:3.0.1-b04'
-compile 'javax.servlet:javax.servlet-api:3.1.0'
-compile 'javax.servlet.jsp:javax.servlet.jsp-api:2.3.0'
-compile 'javolution:javolution:5.4.3'
-compile 'junit:junit-dep:4.10'
-compile 'jython:jython:2.1'
-compile 'net.fortuna.ical4j:ical4j:1.0-rc3-atlassian-11'
-compile 'net.sf.barcode4j:barcode4j-fop-ext-complete:2.0'
-compile 'net.sf.dozer:dozer:4.2.1'
-compile

[jira] [Commented] (OFBIZ-7534) Migrate OFBiz from Apache Ant to Gradle build system

2016-07-24 Thread Taher Alkhateeb (JIRA) 

[ 
https://issues.apache.org/jira/browse/OFBIZ-7534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15390981#comment-15390981
 ] 

Taher Alkhateeb commented on OFBIZ-7534:


Extremely happy to announce that I got BIRT working with all tests passing in 
r1753886.

After lots of investigation I realized that BIRT from JCenter pulls two 
offending dependencies:

org.eclipse.birt.runtime.3_7_1:derby
org.eclipse.birt.runtime.3_7_1:org.apache.batik.pdf

As soon as I removed these two dependencies everything ran correctly including 
tests. We are very, very close to migrating all Jars, only 19 remain now :)

> Migrate OFBiz from Apache Ant to Gradle build system
> 
>
> Key: OFBIZ-7534
> URL: https://issues.apache.org/jira/browse/OFBIZ-7534
> Project: OFBiz
>  Issue Type: Improvement
>  Components: ALL COMPONENTS
>Affects Versions: Upcoming Branch
>Reporter: Taher Alkhateeb
>Assignee: Taher Alkhateeb
>  Labels: ant, build-tools, gradle
> Attachments: ANT_GRADLE_COMPARISON.txt, OFBIZ-7534.patch, 
> OFBIZ-7534.patch, OFBIZ-7534.patch, OFBIZ-7534.patch, OFBizRemoteJarList.csv, 
> OFBizRemoteJarList.csv, OFBizRemoteJarList.csv, OFBizRemoteJarList.csv, 
> gradle-wrapper.jar
>
>
> This is a major refactoring task referring to the [email 
> thread|http://ofbiz.markmail.org/message/vstt3wxuubmjgmqj?q=Important+Changes+to+Trunk+and+Use+of+Ant+%26+Gradle]
>  in which the community voted for the switch after a proposal from the PMC
> The purpose of this JIRA is to achieve the following objectives
> - Fully implement a working compiling system in Gradle that passes all tests
> - Remove all ant and maven build scripts from the system
> - update the documentation of the system to reflect these changes



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

buildbot success in on ofbiz-trunk

2016-07-24 Thread buildbot 
The Buildbot has detected a restored build on builder ofbiz-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/ofbiz-trunk/builds/1144

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-ofbiz-commit' 
triggered this build
Build Source Stamp: [branch ofbiz/trunk] 1753885
Blamelist: taher

Build succeeded!

Sincerely,
 -The Buildbot