[Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...)

[Shi Jinghai]

Hi all,

Thanks Jacques, Taher and Nicolas mentioned our community rule, "a proper 
discussion".

I created an issue "Add method attribute to request-map to controll a uri can 
be called GET or POST only" a week ago:
https://issues.apache.org/jira/browse/OFBIZ-10438

Thanks Mathieu, he submitted his patches very quickly while I was preparing 
mine. I tested them and submitted to trunk. Please be aware, the latest 
versions are r1834465 and r1834570, and the implement requires JDK 1.8.

Is the implement acceptable for trunk? Further improvement to do? Would we 
backport it to releases?

If it's not acceptable, I'll revert the implement.

Kind Regards,

Shi Jinghai


-邮件原件-
发件人: Paul Foxworthy [mailto:p...@cohsoft.com.au] 
发送时间: 2018年6月26日 19:31
收件人: dev@ofbiz.apache.org
主题: Re: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework: 
base/src/main/java/org/apache/ofbiz/base/util/collections/ webapp/config/ 
webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ 
webapp/src/test/java/org/apache/ofbiz/weba...

On 26 June 2018 at 17:58, Taher Alkhateeb 
wrote:

> I could be mistaken, but this seems like a very major change that did
> not have a thorough and proper discussion at the mailing list? I would
> rather at least have an explanation of what was committed and to
> discuss the merits and cons of the implementation.
>

Hi all,

I haven't found the specific issue, but wasn't there a major change several
years ago from GET to POST to help guard against XSS attacks?

Cheers

Paul Foxworthy

-- 
Coherent Software Australia Pty Ltd
PO Box 2773
Cheltenham Vic 3192
Australia

Phone: +61 3 9585 6788
Web: http://www.coherentsoftware.com.au/
Email: i...@coherentsoftware.com.au

Re: Welcome to Swapnil M. Mane as new committer!

[Shi Jinghai]

Congratulations Swapnil!

-邮件原件-
发件人: Jacques Le Roux [mailto:jacques.le.r...@les7arts.com] 
发送时间: 2018年6月27日 4:01
收件人: dev@ofbiz.apache.org
主题: Welcome to Swapnil M. Mane as new committer!

The OFBiz PMC has invited Swapnil to become a new committer and we arepleased  
to announce that he has accepted.

Swapnil has a high level of commitment for Apache OFBiz and consistently works 
with the community.

He is one of the most advanced contributors (including committers) in the 
functional domain.
  
Please join me in welcoming and congratulating Swapnil.

Jacques

Re: Welcome to Suraj Khurana as new committer!

[Shi Jinghai]

Congratulations Suraj!

-邮件原件-
发件人: Jacques Le Roux [mailto:jacques.le.r...@les7arts.com] 
发送时间: 2018年6月27日 4:00
收件人: dev@ofbiz.apache.org
主题: Welcome to Suraj Khurana as new committer!

The OFBiz PMC has invited Suraj to become a new committer and we arepleased  to 
announce that he has accepted.

Suraj has proved to be committed for a long time now and is doing a very good 
work as a contributor.

He helped in a lot of Jiras, answered properly on MLs and proposed a few quite 
interesting subjects.

Please join me in welcoming and congratulating Suraj.

Jacques

Re: Welcome to Aditya Sharma as new committer!

[Shi Jinghai]

Congratulations Adity!

-邮件原件-
发件人: Jacques Le Roux [mailto:jacques.le.r...@les7arts.com] 
发送时间: 2018年6月27日 4:00
收件人: dev@ofbiz.apache.org
主题: Welcome to Aditya Sharma as new committer!

The OFBiz PMC has invited Aditya to become a new committer and we arepleased  
to announce that he has accepted.

Aditya has proved to be committed and doing a very good work as a contributor.

He notably coordinated the work around the refactoring of the data model 
documents, helped in a lot of Jiras and answered appropriately on MLs.

Please join me in welcoming and congratulating Aditya.

Jacques

Re: Welcome to Suraj Khurana as new committer!

[Gil Portenseigne]

Many Congratulations Suraj !

Gil
Le mardi 26 juin 2018 à 22:00:18 (+0200), Jacques Le Roux a écrit :
> The OFBiz PMC has invited Suraj to become a new committer and we arepleased  
> to announce that he has accepted.
> 
> Suraj has proved to be committed for a long time now and is doing a very good 
> work as a contributor.
> 
> He helped in a lot of Jiras, answered properly on MLs and proposed a few 
> quite interesting subjects.
> 
> Please join me in welcoming and congratulating Suraj.
> 
> Jacques
> 

Re: Welcome to Aditya Sharma as new committer!

[Gil Portenseigne]

Many Congratulations Aditya !

Gil
Le mardi 26 juin 2018 à 21:59:58 (+0200), Jacques Le Roux a écrit :
> The OFBiz PMC has invited Aditya to become a new committer and we arepleased  
> to announce that he has accepted.
> 
> Aditya has proved to be committed and doing a very good work as a contributor.
> 
> He notably coordinated the work around the refactoring of the data model 
> documents, helped in a lot of Jiras and answered appropriately on MLs.
> 
> Please join me in welcoming and congratulating Aditya.
> 
> Jacques
> 

Re: Welcome to Swapnil M. Mane as new committer!

[Gil Portenseigne]

Many Congratulations Swapnil !

Gil
Le mardi 26 juin 2018 à 22:00:59 (+0200), Jacques Le Roux a écrit :
> The OFBiz PMC has invited Swapnil to become a new committer and we arepleased 
>  to announce that he has accepted.
> 
> Swapnil has a high level of commitment for Apache OFBiz and consistently 
> works with the community.
> 
> He is one of the most advanced contributors (including committers) in the 
> functional domain.
> Please join me in welcoming and congratulating Swapnil.
> 
> Jacques
> 

Re: gradle-versions-plugin OOTB?

[Jacques Le Roux]

Thanks for your feedback Taher,

Rest inline...

Le 26/06/2018 à 18:49, Taher Alkhateeb a écrit :

Ok, so you have a plugin that essentially prints out a report of
dependencies and decides which ones are up to date. Here are my
thoughts

- First, your patch is not correct and does not add the task you
mentioned. It seems you didn't test it?

Of course I tested it :) We already used it to update our libs.
Actually Michael was at the start of the initiative
    https://issues.apache.org/jira/browse/OFBIZ-9674
I then created an umbrella task
    https://issues.apache.org/jira/browse/OFBIZ-10213
But I never updated the libs myself, only Michael did so far.
More about that below.

"My patch" was just to show how it's an easy thing to add.
Thinking more about it, I think we don't need to add it to the build
A simple documentation in the main README should be enough.
A warning should be added, it's something to use with care.


- Upon testing this plugin, I found packages that match, exceed
milestones, have later milestones (don't know the difference), and it
failed to determine for some packages. I'm not sure what is useful
about this information and how to apply it? I'm also not sure if this
information is accurate?

It's accurate


- Package updates is not something that can not be done easily and /
or automated. It has to be done with care.

I totally agree and we already suffered from 2 too quick updates with Tomcat 
8.5 and itext:4.2.0


- It seems like we are incurring the cost of pulling in more packages,
more dependencies and more build time for no apparent immediate value?

Yes, I agree. A simple documentation as I suggested above should be enough


- The report does not distinguish between security updates and regular
minor updates, which again does not provide a lot of value.

Yes, for security updates I used to use OWASP Dependency Check before the 
introduction of Gradle.
Quoting myslef at 
https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check
>



- Finally, it seems that for a value to be derived from this plugin
[1] it should automate the report and add more conditions and whatnot.
Just putting it there doesn't do much on its own.

Yes, maybe, but that's another task different from simply documenting it with a 
warning that I now propose


So perhaps more care and thought should be put into this, and better
analysis of value added should be done. And if anything, maybe we
should consider _reducing_ our libraries in the first place, instead
of adding more stuff into the pile.

Yes, if that's possible +1

Jacques


[1] 
https://github.com/ben-manes/gradle-versions-plugin/blob/master/examples/build.gradle

On Tue, Jun 26, 2018 at 7:11 PM, Jacques Le Roux
 wrote:

I thought my 1st message was clear enough. Let me try to phrase it better.

In order for our users to have an easier and secure life, I suggest to have
this patch applied

Index: build.gradle
===
--- build.gradle(révision 1834418)
+++ build.gradle(copie de travail)
@@ -31,6 +31,7 @@
  classpath
'at.bxm.gradleplugins:gradle-svntools-plugin:latest.release'
  classpath 'org.asciidoctor:asciidoctor-gradle-plugin:1.5.7'
  classpath 'org.asciidoctor:asciidoctorj-pdf:1.5.0-alpha.16'
+classpath 'com.github.ben-manes:gradle-versions-plugin:0.17.0'
  }
  }
  apply plugin: 'java'

And to create a Gradle task to use it. Actually just run

./gradlew dependencyUpdates -Drevision=release

And of course to document it in our main README

It would clarify how to keep libs updated to our users rather than having to
look for this in Jira or by themselves.

What do you think (not only you Taher ;)) ?

Jacques



Le 26/06/2018 à 10:56, Taher Alkhateeb a écrit :

I'm not sure I understand what you want to do exactly. Clarification would
help

On Tue, Jun 26, 2018 at 11:27 AM, Jacques Le Roux
 wrote:

Hi,

Nobody interested? So sounds like a lazy consensus.

Without any more comments I'll open a Jira and attach a patch

Jacques



Le 11/06/2018 à 14:02, Jacques Le Roux a écrit :

Hi,

I was wondering: some projects use the trunk or I guess more often a
release branch as source.

Should we not provide them a way to check the branch they use has the
last
libs versions using gradle-versions-plugin with a documented tasks, or
should this stay (a bit buried) in one of our Jiras?

I mean in a more global way, should we not document that for our users?

Jacques

Re: Welcome to Swapnil M. Mane as new committer!

[Humera Khan]

Many Congratulations Swapnil !!

*Humera Khan* | Enterprise Software Engineer
HotWax Commerce  by HotWax Systems

Plot no. 80, Scheme no. 78 Part 2, Near Brilliant Convention Center, Indore,
M.P, India - 452010
Cell phone: +91 9926084049

HotWax Systems recently received 8 mentions in *The Gartner Digital
Commerce Vendor Guide, 2016 *by Gartner, Inc., the world's leading IT
research and advisory company. Learn more about our research here

.


On Wed, Jun 27, 2018 at 1:05 PM, Sharan Foga  wrote:

> Congratulations and welcome Swapnil!  :-)
>
> Thanks
> Sharan
>
> On 2018/06/26 20:00:59, Jacques Le Roux 
> wrote:
> > The OFBiz PMC has invited Swapnil to become a new committer and we
> arepleased  to announce that he has accepted.
> >
> > Swapnil has a high level of commitment for Apache OFBiz and consistently
> works with the community.
> >
> > He is one of the most advanced contributors (including committers) in
> the functional domain.
> >
> > Please join me in welcoming and congratulating Swapnil.
> >
> > Jacques
> >
> >
>

Re: Welcome to Suraj Khurana as new committer!

[Humera Khan]

Many Congratulations Suraj !!

*Humera Khan* | Enterprise Software Engineer
HotWax Commerce  by HotWax Systems

Plot no. 80, Scheme no. 78 Part 2, Near Brilliant Convention Center, Indore,
M.P, India - 452010
Cell phone: +91 9926084049

HotWax Systems recently received 8 mentions in *The Gartner Digital
Commerce Vendor Guide, 2016 *by Gartner, Inc., the world's leading IT
research and advisory company. Learn more about our research here

.


On Wed, Jun 27, 2018 at 1:10 PM, Sharan Foga  wrote:

> Congratulations  Suraj!
>
> Thanks
> Sharan
>
> On 2018/06/26 20:00:18, Jacques Le Roux 
> wrote:
> > The OFBiz PMC has invited Suraj to become a new committer and we
> arepleased  to announce that he has accepted.
> >
> > Suraj has proved to be committed for a long time now and is doing a very
> good work as a contributor.
> >
> > He helped in a lot of Jiras, answered properly on MLs and proposed a few
> quite interesting subjects.
> >
> > Please join me in welcoming and congratulating Suraj.
> >
> > Jacques
> >
> >
>

Re: Committers still in contributors list?

[Arun Patidar]

+1

On Wed, Jun 27, 2018 at 4:49 PM Sharan  wrote:

> Hi Jacques
>
> Yes, I think that would be a good idea because it give us more
> visibility on any new (and existing) contributors.
>
> Thanks
> Sharan
>
> On 27.6.2018 13:05, Jacques Le Roux wrote:
> > Hi,
> >
> > I was wondering, should we not remove committers from the contributors
> > list in wiki?
> >
> >
> https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Contributors
> >
> >
> > Jacques
> >
>
>

-- 

Best regards,

Arun Patidar
Director of Information SystemsHotWax Commerce 

Re: Committers still in contributors list?

[Sharan]

Hi Jacques

Yes, I think that would be a good idea because it give us more 
visibility on any new (and existing) contributors.


Thanks
Sharan

On 27.6.2018 13:05, Jacques Le Roux wrote:

Hi,

I was wondering, should we not remove committers from the contributors 
list in wiki?


https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Contributors 



Jacques

Committers still in contributors list?

[Jacques Le Roux]

Hi,

I was wondering, should we not remove committers from the contributors list in 
wiki?

https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Contributors

Jacques

Fwd: [jira] [Updated] (INFRA-16545) Erreur de création de la macro 'link'

[Jacques Le Roux]

Hi All,

FYI: what do you think?

Jacques


 Message transféré 
Sujet : [jira] [Updated] (INFRA-16545) Erreur de création de la macro 
'link'
Date :  Tue, 26 Jun 2018 17:19:00 + (UTC)
De :Gavin (JIRA) 
Pour :  jacques.le.r...@les7arts.com



 [ 
https://issues.apache.org/jira/browse/INFRA-16545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gavin updated INFRA-16545:
--
Status: Waiting for user  (was: Waiting for Infra)

I re-enabled the plugin in question , it works for other things, but not for 
'link' macro currently. Having looked at your workflow, I believe you should 
replace using the link macro with a html link instead.

See https://cwiki.apache.org/confluence/display/test/Link+test for an example.

Let me know what you think.


Erreur de création de la macro 'link'
-

Key: INFRA-16545
URL: https://issues.apache.org/jira/browse/INFRA-16545
Project: Infrastructure
 Issue Type: Sub-task
 Components: Confluence
   Reporter: Jacques Le Roux
   Assignee: Gavin
   Priority: Major

Error in 
https://cwiki-test.apache.org/confluence/display/OFBIZ/OFBiz+Tutorial+-+From+Mini+Language+to+Groovy
Erreur de création de la macro 'link'
com/atlassian/gzipfilter/org/apache/commons/lang/StringUtils
not in 
https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Tutorial+-+From+Mini+Language+to+Groovy




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Welcome to Aditya Sharma as new committer!

[Sharan Foga]

Congratulations Aditya!

Thanks
Sharan

On 2018/06/26 19:59:58, Jacques Le Roux  wrote: 
> The OFBiz PMC has invited Aditya to become a new committer and we arepleased  
> to announce that he has accepted.
> 
> Aditya has proved to be committed and doing a very good work as a contributor.
> 
> He notably coordinated the work around the refactoring of the data model 
> documents, helped in a lot of Jiras and answered appropriately on MLs.
> 
> Please join me in welcoming and congratulating Aditya.
> 
> Jacques
> 
> 

Re: Welcome to Suraj Khurana as new committer!

[Sharan Foga]

Congratulations  Suraj!

Thanks
Sharan

On 2018/06/26 20:00:18, Jacques Le Roux  wrote: 
> The OFBiz PMC has invited Suraj to become a new committer and we arepleased  
> to announce that he has accepted.
> 
> Suraj has proved to be committed for a long time now and is doing a very good 
> work as a contributor.
> 
> He helped in a lot of Jiras, answered properly on MLs and proposed a few 
> quite interesting subjects.
> 
> Please join me in welcoming and congratulating Suraj.
> 
> Jacques
> 
> 

Re: Welcome to Swapnil M. Mane as new committer!

[Sharan Foga]

Congratulations and welcome Swapnil!  :-)

Thanks
Sharan

On 2018/06/26 20:00:59, Jacques Le Roux  wrote: 
> The OFBiz PMC has invited Swapnil to become a new committer and we arepleased 
>  to announce that he has accepted.
> 
> Swapnil has a high level of commitment for Apache OFBiz and consistently 
> works with the community.
> 
> He is one of the most advanced contributors (including committers) in the 
> functional domain.
>   
> Please join me in welcoming and congratulating Swapnil.
> 
> Jacques
> 
> 

Re: Welcome to Swapnil M. Mane as new committer!

[Rishi Solanki]

Congratulations Swapnil!! :-)

Rishi Solanki
Sr Manager, Enterprise Software Development
HotWax Systems Pvt. Ltd.
Direct: +91-9893287847
http://www.hotwaxsystems.com
www.hotwax.co

On Wed, Jun 27, 2018 at 10:55 AM, Ankit Joshi  wrote:

> Many congratulations Swapnil !!
>
> Thanks & Regards,
> Ankit Joshi
>
>
> On Wed, Jun 27, 2018 at 1:30 AM, Jacques Le Roux <
> jacques.le.r...@les7arts.com> wrote:
>
> > The OFBiz PMC has invited Swapnil to become a new committer and we
> > arepleased  to announce that he has accepted.
> >
> > Swapnil has a high level of commitment for Apache OFBiz and consistently
> > works with the community.
> >
> > He is one of the most advanced contributors (including committers) in the
> > functional domain.
> >  Please join me in welcoming and congratulating Swapnil.
> >
> > Jacques
> >
> >
>

Re: Welcome to Suraj Khurana as new committer!

[Rishi Solanki]

Congratulations Suraj!! ;-)

Rishi Solanki
Sr Manager, Enterprise Software Development
HotWax Systems Pvt. Ltd.
Direct: +91-9893287847
http://www.hotwaxsystems.com
www.hotwax.co

On Wed, Jun 27, 2018 at 10:53 AM, Ankit Joshi  wrote:

> Many congratulations Suraj !!
>
>
> Thanks & Regards,
> Ankit Joshi
>
>
> On Wed, Jun 27, 2018 at 1:30 AM, Jacques Le Roux <
> jacques.le.r...@les7arts.com> wrote:
>
> > The OFBiz PMC has invited Suraj to become a new committer and we
> > arepleased  to announce that he has accepted.
> >
> > Suraj has proved to be committed for a long time now and is doing a very
> > good work as a contributor.
> >
> > He helped in a lot of Jiras, answered properly on MLs and proposed a few
> > quite interesting subjects.
> >
> > Please join me in welcoming and congratulating Suraj.
> >
> > Jacques
> >
> >
>

Re: Welcome to Aditya Sharma as new committer!

[Rishi Solanki]

Congratulations Aditya!! ;-)


Rishi Solanki
Sr Manager, Enterprise Software Development
HotWax Systems Pvt. Ltd.
Direct: +91-9893287847
http://www.hotwaxsystems.com
www.hotwax.co

On Wed, Jun 27, 2018 at 10:56 AM, Ankit Joshi  wrote:

> Many congratulations Aditya !!
>
> Thanks & Regards,
> Ankit Joshi
>
>
> On Wed, Jun 27, 2018 at 1:29 AM, Jacques Le Roux <
> jacques.le.r...@les7arts.com> wrote:
>
> > The OFBiz PMC has invited Aditya to become a new committer and we
> > arepleased  to announce that he has accepted.
> >
> > Aditya has proved to be committed and doing a very good work as a
> > contributor.
> >
> > He notably coordinated the work around the refactoring of the data model
> > documents, helped in a lot of Jiras and answered appropriately on MLs.
> >
> > Please join me in welcoming and congratulating Aditya.
> >
> > Jacques
> >
> >
>