Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Jacopo Cappellato]

+1

Jacopo Cappellato


On Thu, Feb 27, 2020 at 10:49 AM Jacopo Cappellato <
jacopo.cappell...@gmail.com> wrote:

> This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01":
> this is the first release, containing the framework, applications and all
> the plugins from the 17.12 release branches.
>
> The release files can be downloaded from here:
> https://dist.apache.org/repos/dist/dev/ofbiz/
>
> and are:
> * apache-ofbiz-17.12.01.zip
> * KEYS: text file with keys
> * apache-ofbiz-17.12.01.zip.asc: the detached signature file
> * apache-ofbiz-17.12.01.zip.sha512: checksum file
>
> Please download the zip file, build and test OFBiz and verify the
> signature and checksum (for instructions on testing the signatures see
> http://www.apache.org/info/verification.html).
>
> Vote:
>
> [ +1] release as Apache OFBiz 17.12.01
> [ -1] do not release
>
> This vote will be open for 5 days.
> For more details about this process please read
> http://www.apache.org/foundation/voting.html
>
>

Re: Impersonation feature, was: Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Pierre Smits]

Are we confident that documentation and/or logging/audit capabilities are
up to (potential) expectations?

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Trafodion , Vice President*
*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer


On Fri, Feb 28, 2020 at 9:15 AM Gil Portenseigne <
gil.portensei...@nereide.fr> wrote:

> You understand correctly, and moreover a specific permission must be
> granted to allow the user to impersonate another one. And we even added
> another security to not allow impersonating a user with more permission
> than ourselves.
>
> When we contributed the feature, it was discussed, and improved
> regarding the concern that were expressed. And i'm glad that was done
> this way (improvement through discussion).
>
> Gil
>
> On Fri, Feb 28, 2020 at 09:01:30AM +0100, Michael Brohl wrote:
> > *creating a new thread to leave the vote thread untouched*
> >
> >
> > In my understanding from the previous threads about the impersonation
> > features, it is disabled by default and must be enabled explicitly.
> >
> > Using this feature and dealing with the consequences is up to the user
> then.
> > So I see no valid concern to have this feature in the codebase.
> >
> > Am I missing something?
> >
> > Michael Brohl
> >
> > ecomify GmbH - www.ecomify.de
> >
> > Am 28.02.20 um 08:49 schrieb Gil Portenseigne:
> > > Hello Pierre,
> > >
> > > If you are talking about impersonation feature, that is not in the
> 17.12
> > > branch.
> > >
> > > In either way, administrative tools, if we got access to it, allow what
> > > your are saying. But there is no security issue that grant these
> > > privilege we are aware of. If you do, please share to the security
> list.
> > >
> > > I'm open to discuss about the "criminal" aspect of the impersonation
> > > feature, but not on this thread.
> > >
> > > Gil
> > >
> > > On Fri, Feb 28, 2020 at 02:54:01AM +0100, Pierre Smits wrote:
> > > > -1
> > > >
> > > > As this release contains software elements that will enable criminal
> > > > parties to gain access to the implemented OFBiz system of a user (a
> > > > business organisation) and impersonate valid users with the intent
> to bring
> > > > harm to the aforementioned business organisation through transactions
> > > > registered by the impersonated valid user..
> > > >
> > > > Met vriendelijke groet,
> > > >
> > > > Pierre Smits
> >
>
>
>

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Aditya Sharma]

+1

Thanks and regards,
Aditya Sharma

On Fri, Feb 28, 2020 at 3:17 PM Michael Brohl 
wrote:

> There is no impersonation functionality in 17.12. The findings are
> either documentation or "constants" which do not affect the functionality.
>
> For 17.12.02 we should remove the documentation artefacts for the
> impersonation feature, but IMO this is no showstopper for the 17.12.01
> release.
>
> Michael
>
> ecomify GmbH - www.ecomify.de
>
>
> Am 28.02.20 um 09:21 schrieb Pierre Smits:
> > I found 3 artefacts relating to the impersonation aspects.
> >
> > - CommonEvents.java
> > - security.adoc
> > - sy-impersonation.adoc
> >
> >
> >
> > Met vriendelijke groet,
> >
> > Pierre Smits
>
>

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Michael Brohl]

There is no impersonation functionality in 17.12. The findings are 
either documentation or "constants" which do not affect the functionality.


For 17.12.02 we should remove the documentation artefacts for the 
impersonation feature, but IMO this is no showstopper for the 17.12.01 
release.


Michael

ecomify GmbH - www.ecomify.de


Am 28.02.20 um 09:21 schrieb Pierre Smits:

I found 3 artefacts relating to the impersonation aspects.

- CommonEvents.java
- security.adoc
- sy-impersonation.adoc



Met vriendelijke groet,

Pierre Smits




smime.p7s
Description: S/MIME Cryptographic Signature

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Taher Alkhateeb]

+1

On Fri, Feb 28, 2020, 12:37 PM Gil Portenseigne 
wrote:

> +1
>
> On Thu, Feb 27, 2020 at 06:09:34PM +0100, Michael Brohl wrote:
> > +1
> >
> > ~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01 
> > ../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip
> > sha check of file: apache-ofbiz-17.12.01.zip
> > Using sha file: apache-ofbiz-17.12.01.zip.sha512
> > apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B
> > 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72
> > 5B8A5358 36208F4A D26DEB40
> > apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B
> > 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72
> > 5B8A5358 36208F4A D26DEB40
> > sha checksum OK
> >
> > GPG verification output
> > gpg: Signature made Thu Feb 27 10:36:12 2020 CET using RSA key ID
> 847AF9E0
> > gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY)
> > " [ultimate]
> >
> >
> > ./gradlew loadAll testIntegration
> >
> > ...
> >
> > :testIntegration
> >
> > BUILD SUCCESSFUL
> >
> >
> > Thanks,
> >
> > Michael Brohl
> >
> > ecomify GmbH - www.ecomify.de
> >
> >
> > Am 27.02.20 um 10:49 schrieb Jacopo Cappellato:
> > > This is the vote thread (3nd attempt) to release "Apache OFBiz
> 17.12.01":
> > > this is the first release, containing the framework, applications and
> all
> > > the plugins from the 17.12 release branches.
> > >
> > > The release files can be downloaded from here:
> > > https://dist.apache.org/repos/dist/dev/ofbiz/
> > >
> > > and are:
> > > * apache-ofbiz-17.12.01.zip
> > > * KEYS: text file with keys
> > > * apache-ofbiz-17.12.01.zip.asc: the detached signature file
> > > * apache-ofbiz-17.12.01.zip.sha512: checksum file
> > >
> > > Please download the zip file, build and test OFBiz and verify the
> signature
> > > and checksum (for instructions on testing the signatures see
> > > http://www.apache.org/info/verification.html).
> > >
> > > Vote:
> > >
> > > [ +1] release as Apache OFBiz 17.12.01
> > > [ -1] do not release
> > >
> > > This vote will be open for 5 days.
> > > For more details about this process please read
> > > http://www.apache.org/foundation/voting.html
> > >
> >
>
>
>

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Gil Portenseigne]

+1

On Thu, Feb 27, 2020 at 06:09:34PM +0100, Michael Brohl wrote:
> +1
> 
> ~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01 
> ../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip
> sha check of file: apache-ofbiz-17.12.01.zip
> Using sha file: apache-ofbiz-17.12.01.zip.sha512
> apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B
> 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72
> 5B8A5358 36208F4A D26DEB40
> apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B
> 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72
> 5B8A5358 36208F4A D26DEB40
> sha checksum OK
> 
> GPG verification output
> gpg: Signature made Thu Feb 27 10:36:12 2020 CET using RSA key ID 847AF9E0
> gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY)
> " [ultimate]
> 
> 
> ./gradlew loadAll testIntegration
> 
> ...
> 
> :testIntegration
> 
> BUILD SUCCESSFUL
> 
> 
> Thanks,
> 
> Michael Brohl
> 
> ecomify GmbH - www.ecomify.de
> 
> 
> Am 27.02.20 um 10:49 schrieb Jacopo Cappellato:
> > This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01":
> > this is the first release, containing the framework, applications and all
> > the plugins from the 17.12 release branches.
> > 
> > The release files can be downloaded from here:
> > https://dist.apache.org/repos/dist/dev/ofbiz/
> > 
> > and are:
> > * apache-ofbiz-17.12.01.zip
> > * KEYS: text file with keys
> > * apache-ofbiz-17.12.01.zip.asc: the detached signature file
> > * apache-ofbiz-17.12.01.zip.sha512: checksum file
> > 
> > Please download the zip file, build and test OFBiz and verify the signature
> > and checksum (for instructions on testing the signatures see
> > http://www.apache.org/info/verification.html).
> > 
> > Vote:
> > 
> > [ +1] release as Apache OFBiz 17.12.01
> > [ -1] do not release
> > 
> > This vote will be open for 5 days.
> > For more details about this process please read
> > http://www.apache.org/foundation/voting.html
> > 
> 




signature.asc
Description: PGP signature

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Pierre Smits]

I found 3 artefacts relating to the impersonation aspects.

   - CommonEvents.java
   - security.adoc
   - sy-impersonation.adoc



Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Trafodion , Vice President*
*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer


On Fri, Feb 28, 2020 at 9:18 AM Nicolas Malin 
wrote:

> +1
>
> All work from my part
>
> Nicolas
>
> On 27/02/2020 10:49, Jacopo Cappellato wrote:
> > This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01":
> > this is the first release, containing the framework, applications and all
> > the plugins from the 17.12 release branches.
> >
> > The release files can be downloaded from here:
> > https://dist.apache.org/repos/dist/dev/ofbiz/
> >
> > and are:
> > * apache-ofbiz-17.12.01.zip
> > * KEYS: text file with keys
> > * apache-ofbiz-17.12.01.zip.asc: the detached signature file
> > * apache-ofbiz-17.12.01.zip.sha512: checksum file
> >
> > Please download the zip file, build and test OFBiz and verify the
> signature
> > and checksum (for instructions on testing the signatures see
> > http://www.apache.org/info/verification.html).
> >
> > Vote:
> >
> > [ +1] release as Apache OFBiz 17.12.01
> > [ -1] do not release
> >
> > This vote will be open for 5 days.
> > For more details about this process please read
> > http://www.apache.org/foundation/voting.html
> >
> On 27/02/2020 10:49, Jacopo Cappellato wrote:
> > This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01":
> > this is the first release, containing the framework, applications and all
> > the plugins from the 17.12 release branches.
> >
> > The release files can be downloaded from here:
> > https://dist.apache.org/repos/dist/dev/ofbiz/
> >
> > and are:
> > * apache-ofbiz-17.12.01.zip
> > * KEYS: text file with keys
> > * apache-ofbiz-17.12.01.zip.asc: the detached signature file
> > * apache-ofbiz-17.12.01.zip.sha512: checksum file
> >
> > Please download the zip file, build and test OFBiz and verify the
> signature
> > and checksum (for instructions on testing the signatures see
> > http://www.apache.org/info/verification.html).
> >
> > Vote:
> >
> > [ +1] release as Apache OFBiz 17.12.01
> > [ -1] do not release
> >
> > This vote will be open for 5 days.
> > For more details about this process please read
> > http://www.apache.org/foundation/voting.html
> >
>

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Nicolas Malin]

+1

All work from my part

Nicolas

On 27/02/2020 10:49, Jacopo Cappellato wrote:
> This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01":
> this is the first release, containing the framework, applications and all
> the plugins from the 17.12 release branches.
>
> The release files can be downloaded from here:
> https://dist.apache.org/repos/dist/dev/ofbiz/
>
> and are:
> * apache-ofbiz-17.12.01.zip
> * KEYS: text file with keys
> * apache-ofbiz-17.12.01.zip.asc: the detached signature file
> * apache-ofbiz-17.12.01.zip.sha512: checksum file
>
> Please download the zip file, build and test OFBiz and verify the signature
> and checksum (for instructions on testing the signatures see
> http://www.apache.org/info/verification.html).
>
> Vote:
>
> [ +1] release as Apache OFBiz 17.12.01
> [ -1] do not release
>
> This vote will be open for 5 days.
> For more details about this process please read
> http://www.apache.org/foundation/voting.html
>
On 27/02/2020 10:49, Jacopo Cappellato wrote:
> This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01":
> this is the first release, containing the framework, applications and all
> the plugins from the 17.12 release branches.
>
> The release files can be downloaded from here:
> https://dist.apache.org/repos/dist/dev/ofbiz/
>
> and are:
> * apache-ofbiz-17.12.01.zip
> * KEYS: text file with keys
> * apache-ofbiz-17.12.01.zip.asc: the detached signature file
> * apache-ofbiz-17.12.01.zip.sha512: checksum file
>
> Please download the zip file, build and test OFBiz and verify the signature
> and checksum (for instructions on testing the signatures see
> http://www.apache.org/info/verification.html).
>
> Vote:
>
> [ +1] release as Apache OFBiz 17.12.01
> [ -1] do not release
>
> This vote will be open for 5 days.
> For more details about this process please read
> http://www.apache.org/foundation/voting.html
>


pEpkey.asc
Description: application/pgp-keys

Re: Impersonation feature, was: Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Gil Portenseigne]

You understand correctly, and moreover a specific permission must be
granted to allow the user to impersonate another one. And we even added
another security to not allow impersonating a user with more permission
than ourselves.

When we contributed the feature, it was discussed, and improved
regarding the concern that were expressed. And i'm glad that was done
this way (improvement through discussion).

Gil

On Fri, Feb 28, 2020 at 09:01:30AM +0100, Michael Brohl wrote:
> *creating a new thread to leave the vote thread untouched*
> 
> 
> In my understanding from the previous threads about the impersonation
> features, it is disabled by default and must be enabled explicitly.
> 
> Using this feature and dealing with the consequences is up to the user then.
> So I see no valid concern to have this feature in the codebase.
> 
> Am I missing something?
> 
> Michael Brohl
> 
> ecomify GmbH - www.ecomify.de
> 
> Am 28.02.20 um 08:49 schrieb Gil Portenseigne:
> > Hello Pierre,
> > 
> > If you are talking about impersonation feature, that is not in the 17.12
> > branch.
> > 
> > In either way, administrative tools, if we got access to it, allow what
> > your are saying. But there is no security issue that grant these
> > privilege we are aware of. If you do, please share to the security list.
> > 
> > I'm open to discuss about the "criminal" aspect of the impersonation
> > feature, but not on this thread.
> > 
> > Gil
> > 
> > On Fri, Feb 28, 2020 at 02:54:01AM +0100, Pierre Smits wrote:
> > > -1
> > > 
> > > As this release contains software elements that will enable criminal
> > > parties to gain access to the implemented OFBiz system of a user (a
> > > business organisation) and impersonate valid users with the intent to 
> > > bring
> > > harm to the aforementioned business organisation through transactions
> > > registered by the impersonated valid user..
> > > 
> > > Met vriendelijke groet,
> > > 
> > > Pierre Smits
> 




signature.asc
Description: PGP signature

Impersonation feature, was: Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Michael Brohl]

*creating a new thread to leave the vote thread untouched*


In my understanding from the previous threads about the impersonation 
features, it is disabled by default and must be enabled explicitly.


Using this feature and dealing with the consequences is up to the user 
then. So I see no valid concern to have this feature in the codebase.


Am I missing something?

Michael Brohl

ecomify GmbH - www.ecomify.de

Am 28.02.20 um 08:49 schrieb Gil Portenseigne:

Hello Pierre,

If you are talking about impersonation feature, that is not in the 17.12
branch.

In either way, administrative tools, if we got access to it, allow what
your are saying. But there is no security issue that grant these
privilege we are aware of. If you do, please share to the security list.

I'm open to discuss about the "criminal" aspect of the impersonation
feature, but not on this thread.

Gil

On Fri, Feb 28, 2020 at 02:54:01AM +0100, Pierre Smits wrote:

-1

As this release contains software elements that will enable criminal
parties to gain access to the implemented OFBiz system of a user (a
business organisation) and impersonate valid users with the intent to bring
harm to the aforementioned business organisation through transactions
registered by the impersonated valid user..

Met vriendelijke groet,

Pierre Smits




smime.p7s
Description: S/MIME Cryptographic Signature

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Gil Portenseigne]

Hello Pierre,

If you are talking about impersonation feature, that is not in the 17.12
branch.

In either way, administrative tools, if we got access to it, allow what
your are saying. But there is no security issue that grant these
privilege we are aware of. If you do, please share to the security list.

I'm open to discuss about the "criminal" aspect of the impersonation
feature, but not on this thread.

Gil

On Fri, Feb 28, 2020 at 02:54:01AM +0100, Pierre Smits wrote:
> -1
> 
> As this release contains software elements that will enable criminal
> parties to gain access to the implemented OFBiz system of a user (a
> business organisation) and impersonate valid users with the intent to bring
> harm to the aforementioned business organisation through transactions
> registered by the impersonated valid user..
> 
> Met vriendelijke groet,
> 
> Pierre Smits


signature.asc
Description: PGP signature

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Swapnil M Mane]

+1

Best regards,
Swapnil M Mane,
ofbiz.apache.org



On Thu, Feb 27, 2020 at 3:20 PM Jacopo Cappellato <
jacopo.cappell...@gmail.com> wrote:

> This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01":
> this is the first release, containing the framework, applications and all
> the plugins from the 17.12 release branches.
>
> The release files can be downloaded from here:
> https://dist.apache.org/repos/dist/dev/ofbiz/
>
> and are:
> * apache-ofbiz-17.12.01.zip
> * KEYS: text file with keys
> * apache-ofbiz-17.12.01.zip.asc: the detached signature file
> * apache-ofbiz-17.12.01.zip.sha512: checksum file
>
> Please download the zip file, build and test OFBiz and verify the signature
> and checksum (for instructions on testing the signatures see
> http://www.apache.org/info/verification.html).
>
> Vote:
>
> [ +1] release as Apache OFBiz 17.12.01
> [ -1] do not release
>
> This vote will be open for 5 days.
> For more details about this process please read
> http://www.apache.org/foundation/voting.html
>

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Suraj Khurana]

+1

--
Best Regards,
Suraj Khurana
www.hotwax.co

On Thu, Feb 27, 2020 at 3:20 PM Jacopo Cappellato <
jacopo.cappell...@gmail.com> wrote:

> This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01":
> this is the first release, containing the framework, applications and all
> the plugins from the 17.12 release branches.
>
> The release files can be downloaded from here:
> https://dist.apache.org/repos/dist/dev/ofbiz/
>
> and are:
> * apache-ofbiz-17.12.01.zip
> * KEYS: text file with keys
> * apache-ofbiz-17.12.01.zip.asc: the detached signature file
> * apache-ofbiz-17.12.01.zip.sha512: checksum file
>
> Please download the zip file, build and test OFBiz and verify the signature
> and checksum (for instructions on testing the signatures see
> http://www.apache.org/info/verification.html).
>
> Vote:
>
> [ +1] release as Apache OFBiz 17.12.01
> [ -1] do not release
>
> This vote will be open for 5 days.
> For more details about this process please read
> http://www.apache.org/foundation/voting.html
>

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Pawan Verma]

+1
-- 
Thanks & Regards
Pawan Verma

On Fri, Feb 28, 2020 at 7:30 AM Pierre Smits  wrote:

> And/or contains elements that provide criminal parties information to
> impersonate valid users.
>
> Met vriendelijke groet,
>
> Pierre Smits
> *Proud* *contributor** of* Apache OFBiz  since
> 2008 (without privileges)
>
> *Apache Trafodion , Vice President*
> *Apache Directory , PMC Member*
> Apache Incubator , committer
> Apache Steve , committer
>
>
> On Fri, Feb 28, 2020 at 2:54 AM Pierre Smits 
> wrote:
>
> > -1
> >
> > As this release contains software elements that will enable criminal
> > parties to gain access to the implemented OFBiz system of a user (a
> > business organisation) and impersonate valid users with the intent to
> bring
> > harm to the aforementioned business organisation through transactions
> > registered by the impersonated valid user..
> >
> > Met vriendelijke groet,
> >
> > Pierre Smits
> > *Proud* *contributor** of* Apache OFBiz 
> since
> > 2008 (without privileges)
> >
> > *Apache Trafodion , Vice President*
> > *Apache Directory , PMC Member*
> > Apache Incubator , committer
> > Apache Steve , committer
> >
> >
> > On Thu, Feb 27, 2020 at 8:56 PM Nicola Mazzoni <
> nicola.mazz...@mpstyle.it>
> > wrote:
> >
> >> +1
> >>
> >> Il gio 27 feb 2020, 18:40 Jacques Le Roux  >
> >> ha
> >> scritto:
> >>
> >> > +1
> >> >
> >> > Jacques
> >> >
> >> > Le 27/02/2020 à 18:09, Michael Brohl a écrit :
> >> > > +1
> >> > >
> >> > > ~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01 
> >> > ../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip
> >> > > sha check of file: apache-ofbiz-17.12.01.zip
> >> > > Using sha file: apache-ofbiz-17.12.01.zip.sha512
> >> > > apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51
> >> 88F98E3B
> >> > 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7
> 658C9A72
> >> > > 5B8A5358 36208F4A D26DEB40
> >> > > apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51
> >> 88F98E3B
> >> > 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7
> 658C9A72
> >> > > 5B8A5358 36208F4A D26DEB40
> >> > > sha checksum OK
> >> > >
> >> > > GPG verification output
> >> > > gpg: Signature made Thu Feb 27 10:36:12 2020 CET using RSA key ID
> >> > 847AF9E0
> >> > > gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY) <
> >> > jaco...@apache.org>" [ultimate]
> >> > >
> >> > >
> >> > > ./gradlew loadAll testIntegration
> >> > >
> >> > > ...
> >> > >
> >> > > :testIntegration
> >> > >
> >> > > BUILD SUCCESSFUL
> >> > >
> >> > >
> >> > > Thanks,
> >> > >
> >> > > Michael Brohl
> >> > >
> >> > > ecomify GmbH - www.ecomify.de
> >> > >
> >> > >
> >> > > Am 27.02.20 um 10:49 schrieb Jacopo Cappellato:
> >> > >> This is the vote thread (3nd attempt) to release "Apache OFBiz
> >> > 17.12.01":
> >> > >> this is the first release, containing the framework, applications
> and
> >> > all
> >> > >> the plugins from the 17.12 release branches.
> >> > >>
> >> > >> The release files can be downloaded from here:
> >> > >> https://dist.apache.org/repos/dist/dev/ofbiz/
> >> > >>
> >> > >> and are:
> >> > >> * apache-ofbiz-17.12.01.zip
> >> > >> * KEYS: text file with keys
> >> > >> * apache-ofbiz-17.12.01.zip.asc: the detached signature file
> >> > >> * apache-ofbiz-17.12.01.zip.sha512: checksum file
> >> > >>
> >> > >> Please download the zip file, build and test OFBiz and verify the
> >> > signature
> >> > >> and checksum (for instructions on testing the signatures see
> >> > >> http://www.apache.org/info/verification.html).
> >> > >>
> >> > >> Vote:
> >> > >>
> >> > >> [ +1] release as Apache OFBiz 17.12.01
> >> > >> [ -1] do not release
> >> > >>
> >> > >> This vote will be open for 5 days.
> >> > >> For more details about this process please read
> >> > >> http://www.apache.org/foundation/voting.html
> >> > >>
> >> > >
> >> >
> >>
> >
>

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Pierre Smits]

And/or contains elements that provide criminal parties information to
impersonate valid users.

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Trafodion , Vice President*
*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer


On Fri, Feb 28, 2020 at 2:54 AM Pierre Smits  wrote:

> -1
>
> As this release contains software elements that will enable criminal
> parties to gain access to the implemented OFBiz system of a user (a
> business organisation) and impersonate valid users with the intent to bring
> harm to the aforementioned business organisation through transactions
> registered by the impersonated valid user..
>
> Met vriendelijke groet,
>
> Pierre Smits
> *Proud* *contributor** of* Apache OFBiz  since
> 2008 (without privileges)
>
> *Apache Trafodion , Vice President*
> *Apache Directory , PMC Member*
> Apache Incubator , committer
> Apache Steve , committer
>
>
> On Thu, Feb 27, 2020 at 8:56 PM Nicola Mazzoni 
> wrote:
>
>> +1
>>
>> Il gio 27 feb 2020, 18:40 Jacques Le Roux 
>> ha
>> scritto:
>>
>> > +1
>> >
>> > Jacques
>> >
>> > Le 27/02/2020 à 18:09, Michael Brohl a écrit :
>> > > +1
>> > >
>> > > ~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01 
>> > ../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip
>> > > sha check of file: apache-ofbiz-17.12.01.zip
>> > > Using sha file: apache-ofbiz-17.12.01.zip.sha512
>> > > apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51
>> 88F98E3B
>> > 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72
>> > > 5B8A5358 36208F4A D26DEB40
>> > > apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51
>> 88F98E3B
>> > 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72
>> > > 5B8A5358 36208F4A D26DEB40
>> > > sha checksum OK
>> > >
>> > > GPG verification output
>> > > gpg: Signature made Thu Feb 27 10:36:12 2020 CET using RSA key ID
>> > 847AF9E0
>> > > gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY) <
>> > jaco...@apache.org>" [ultimate]
>> > >
>> > >
>> > > ./gradlew loadAll testIntegration
>> > >
>> > > ...
>> > >
>> > > :testIntegration
>> > >
>> > > BUILD SUCCESSFUL
>> > >
>> > >
>> > > Thanks,
>> > >
>> > > Michael Brohl
>> > >
>> > > ecomify GmbH - www.ecomify.de
>> > >
>> > >
>> > > Am 27.02.20 um 10:49 schrieb Jacopo Cappellato:
>> > >> This is the vote thread (3nd attempt) to release "Apache OFBiz
>> > 17.12.01":
>> > >> this is the first release, containing the framework, applications and
>> > all
>> > >> the plugins from the 17.12 release branches.
>> > >>
>> > >> The release files can be downloaded from here:
>> > >> https://dist.apache.org/repos/dist/dev/ofbiz/
>> > >>
>> > >> and are:
>> > >> * apache-ofbiz-17.12.01.zip
>> > >> * KEYS: text file with keys
>> > >> * apache-ofbiz-17.12.01.zip.asc: the detached signature file
>> > >> * apache-ofbiz-17.12.01.zip.sha512: checksum file
>> > >>
>> > >> Please download the zip file, build and test OFBiz and verify the
>> > signature
>> > >> and checksum (for instructions on testing the signatures see
>> > >> http://www.apache.org/info/verification.html).
>> > >>
>> > >> Vote:
>> > >>
>> > >> [ +1] release as Apache OFBiz 17.12.01
>> > >> [ -1] do not release
>> > >>
>> > >> This vote will be open for 5 days.
>> > >> For more details about this process please read
>> > >> http://www.apache.org/foundation/voting.html
>> > >>
>> > >
>> >
>>
>

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Pierre Smits]

-1

As this release contains software elements that will enable criminal
parties to gain access to the implemented OFBiz system of a user (a
business organisation) and impersonate valid users with the intent to bring
harm to the aforementioned business organisation through transactions
registered by the impersonated valid user..

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Trafodion , Vice President*
*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer


On Thu, Feb 27, 2020 at 8:56 PM Nicola Mazzoni 
wrote:

> +1
>
> Il gio 27 feb 2020, 18:40 Jacques Le Roux 
> ha
> scritto:
>
> > +1
> >
> > Jacques
> >
> > Le 27/02/2020 à 18:09, Michael Brohl a écrit :
> > > +1
> > >
> > > ~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01 
> > ../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip
> > > sha check of file: apache-ofbiz-17.12.01.zip
> > > Using sha file: apache-ofbiz-17.12.01.zip.sha512
> > > apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B
> > 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72
> > > 5B8A5358 36208F4A D26DEB40
> > > apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B
> > 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72
> > > 5B8A5358 36208F4A D26DEB40
> > > sha checksum OK
> > >
> > > GPG verification output
> > > gpg: Signature made Thu Feb 27 10:36:12 2020 CET using RSA key ID
> > 847AF9E0
> > > gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY) <
> > jaco...@apache.org>" [ultimate]
> > >
> > >
> > > ./gradlew loadAll testIntegration
> > >
> > > ...
> > >
> > > :testIntegration
> > >
> > > BUILD SUCCESSFUL
> > >
> > >
> > > Thanks,
> > >
> > > Michael Brohl
> > >
> > > ecomify GmbH - www.ecomify.de
> > >
> > >
> > > Am 27.02.20 um 10:49 schrieb Jacopo Cappellato:
> > >> This is the vote thread (3nd attempt) to release "Apache OFBiz
> > 17.12.01":
> > >> this is the first release, containing the framework, applications and
> > all
> > >> the plugins from the 17.12 release branches.
> > >>
> > >> The release files can be downloaded from here:
> > >> https://dist.apache.org/repos/dist/dev/ofbiz/
> > >>
> > >> and are:
> > >> * apache-ofbiz-17.12.01.zip
> > >> * KEYS: text file with keys
> > >> * apache-ofbiz-17.12.01.zip.asc: the detached signature file
> > >> * apache-ofbiz-17.12.01.zip.sha512: checksum file
> > >>
> > >> Please download the zip file, build and test OFBiz and verify the
> > signature
> > >> and checksum (for instructions on testing the signatures see
> > >> http://www.apache.org/info/verification.html).
> > >>
> > >> Vote:
> > >>
> > >> [ +1] release as Apache OFBiz 17.12.01
> > >> [ -1] do not release
> > >>
> > >> This vote will be open for 5 days.
> > >> For more details about this process please read
> > >> http://www.apache.org/foundation/voting.html
> > >>
> > >
> >
>

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Nicola Mazzoni]

+1

Il gio 27 feb 2020, 18:40 Jacques Le Roux  ha
scritto:

> +1
>
> Jacques
>
> Le 27/02/2020 à 18:09, Michael Brohl a écrit :
> > +1
> >
> > ~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01 
> ../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip
> > sha check of file: apache-ofbiz-17.12.01.zip
> > Using sha file: apache-ofbiz-17.12.01.zip.sha512
> > apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B
> 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72
> > 5B8A5358 36208F4A D26DEB40
> > apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B
> 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72
> > 5B8A5358 36208F4A D26DEB40
> > sha checksum OK
> >
> > GPG verification output
> > gpg: Signature made Thu Feb 27 10:36:12 2020 CET using RSA key ID
> 847AF9E0
> > gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY) <
> jaco...@apache.org>" [ultimate]
> >
> >
> > ./gradlew loadAll testIntegration
> >
> > ...
> >
> > :testIntegration
> >
> > BUILD SUCCESSFUL
> >
> >
> > Thanks,
> >
> > Michael Brohl
> >
> > ecomify GmbH - www.ecomify.de
> >
> >
> > Am 27.02.20 um 10:49 schrieb Jacopo Cappellato:
> >> This is the vote thread (3nd attempt) to release "Apache OFBiz
> 17.12.01":
> >> this is the first release, containing the framework, applications and
> all
> >> the plugins from the 17.12 release branches.
> >>
> >> The release files can be downloaded from here:
> >> https://dist.apache.org/repos/dist/dev/ofbiz/
> >>
> >> and are:
> >> * apache-ofbiz-17.12.01.zip
> >> * KEYS: text file with keys
> >> * apache-ofbiz-17.12.01.zip.asc: the detached signature file
> >> * apache-ofbiz-17.12.01.zip.sha512: checksum file
> >>
> >> Please download the zip file, build and test OFBiz and verify the
> signature
> >> and checksum (for instructions on testing the signatures see
> >> http://www.apache.org/info/verification.html).
> >>
> >> Vote:
> >>
> >> [ +1] release as Apache OFBiz 17.12.01
> >> [ -1] do not release
> >>
> >> This vote will be open for 5 days.
> >> For more details about this process please read
> >> http://www.apache.org/foundation/voting.html
> >>
> >
>

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Jacques Le Roux]

+1

Jacques

Le 27/02/2020 à 18:09, Michael Brohl a écrit :

+1

~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01  
../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip
sha check of file: apache-ofbiz-17.12.01.zip
Using sha file: apache-ofbiz-17.12.01.zip.sha512
apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72 
5B8A5358 36208F4A D26DEB40
apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B 76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72 
5B8A5358 36208F4A D26DEB40

sha checksum OK

GPG verification output
gpg: Signature made Thu Feb 27 10:36:12 2020 CET using RSA key ID 847AF9E0
gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY) 
" [ultimate]


./gradlew loadAll testIntegration

...

:testIntegration

BUILD SUCCESSFUL


Thanks,

Michael Brohl

ecomify GmbH - www.ecomify.de


Am 27.02.20 um 10:49 schrieb Jacopo Cappellato:

This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01":
this is the first release, containing the framework, applications and all
the plugins from the 17.12 release branches.

The release files can be downloaded from here:
https://dist.apache.org/repos/dist/dev/ofbiz/

and are:
* apache-ofbiz-17.12.01.zip
* KEYS: text file with keys
* apache-ofbiz-17.12.01.zip.asc: the detached signature file
* apache-ofbiz-17.12.01.zip.sha512: checksum file

Please download the zip file, build and test OFBiz and verify the signature
and checksum (for instructions on testing the signatures see
http://www.apache.org/info/verification.html).

Vote:

[ +1] release as Apache OFBiz 17.12.01
[ -1] do not release

This vote will be open for 5 days.
For more details about this process please read
http://www.apache.org/foundation/voting.html

Re: [VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Michael Brohl]

+1

~/Projects/apache-ofbiz/dist-apache-ofbiz-17.12.01  
../ofbiz-tools/verify-ofbiz-release.sh apache-ofbiz-17.12.01.zip

sha check of file: apache-ofbiz-17.12.01.zip
Using sha file: apache-ofbiz-17.12.01.zip.sha512
apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B 
76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72 
5B8A5358 36208F4A D26DEB40
apache-ofbiz-17.12.01.zip: 3E92DF0F 92E71B33 0FEF2B7C FBEE2E51 88F98E3B 
76614824 2A40C84F 922DDB08 B0760B76 8667EAF4 E35F2939 44757CD7 658C9A72 
5B8A5358 36208F4A D26DEB40

sha checksum OK

GPG verification output
gpg: Signature made Thu Feb 27 10:36:12 2020 CET using RSA key ID 847AF9E0
gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY) 
" [ultimate]



./gradlew loadAll testIntegration

...

:testIntegration

BUILD SUCCESSFUL


Thanks,

Michael Brohl

ecomify GmbH - www.ecomify.de


Am 27.02.20 um 10:49 schrieb Jacopo Cappellato:

This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01":
this is the first release, containing the framework, applications and all
the plugins from the 17.12 release branches.

The release files can be downloaded from here:
https://dist.apache.org/repos/dist/dev/ofbiz/

and are:
* apache-ofbiz-17.12.01.zip
* KEYS: text file with keys
* apache-ofbiz-17.12.01.zip.asc: the detached signature file
* apache-ofbiz-17.12.01.zip.sha512: checksum file

Please download the zip file, build and test OFBiz and verify the signature
and checksum (for instructions on testing the signatures see
http://www.apache.org/info/verification.html).

Vote:

[ +1] release as Apache OFBiz 17.12.01
[ -1] do not release

This vote will be open for 5 days.
For more details about this process please read
http://www.apache.org/foundation/voting.html





smime.p7s
Description: S/MIME Cryptographic Signature

[VOTE] [RELEASE] Apache OFBiz 17.12.01 (full version), vote #3

[Jacopo Cappellato]

This is the vote thread (3nd attempt) to release "Apache OFBiz 17.12.01":
this is the first release, containing the framework, applications and all
the plugins from the 17.12 release branches.

The release files can be downloaded from here:
https://dist.apache.org/repos/dist/dev/ofbiz/

and are:
* apache-ofbiz-17.12.01.zip
* KEYS: text file with keys
* apache-ofbiz-17.12.01.zip.asc: the detached signature file
* apache-ofbiz-17.12.01.zip.sha512: checksum file

Please download the zip file, build and test OFBiz and verify the signature
and checksum (for instructions on testing the signatures see
http://www.apache.org/info/verification.html).

Vote:

[ +1] release as Apache OFBiz 17.12.01
[ -1] do not release

This vote will be open for 5 days.
For more details about this process please read
http://www.apache.org/foundation/voting.html