Hi all,
we all are aware of the problems affecting our content in Confluence but before
we discuss the next steps and evaluate different options and their pros and
cons, in my opinion it would make sense to aggregate all the 5 spaces into 2.
This would give us a rather easy and actionable plan
Could you please verify this with Daniel? He asked me to which address you sent
it (US or Hungary)...
Thank you,
Jacopo
On Nov 20, 2012, at 11:25 PM, Adam Heath wrote:
> On 11/16/2012 04:24 AM, Jacopo Cappellato wrote:
>> I don't think that the comment is about the lic
Here is an update on this effort.
In rev. 1413687 I have committed a series of changes to the website; here is
the commit log:
===
First pass in the last step of the removal of automatically generated pages
from Confluence from the OFBiz website:
* moved a bunch of links to
On Nov 26, 2012, at 10:29 PM, Jacques Le Roux wrote:
>> Now the next steps should be:
>>
>> 1) remove the "features" tab from the top bar and add a link to the "main
>> new features" document to the document.html page
>> 2) convert the following two pages to static html:
>> https://cwiki.apache
I have committed this change in rev. 1414639
Kind regards,
Jacopo
On Nov 27, 2012, at 9:35 AM, Jacopo Cappellato wrote:
>
> On Nov 26, 2012, at 10:29 PM, Jacques Le Roux wrote:
>
>>> Now the next steps should be:
>>>
>>> 1) remove the "features&qu
On Nov 28, 2012, at 1:58 PM, Jacques Le Roux wrote:
> It's ok with me as a WIP
> But did not we loose the link to Fisheye? Since it's an ASF tool we could
> keep it on main page?
The link was redundant because we have it in the "Source" page.
> Also I understand that the list of pages under "T
On Nov 28, 2012, at 6:53 PM, Jacques Le Roux wrote:
>
> Also I don't like much the missing left margin in pages like
> https://cwiki.apache.org/OFBADMIN/ofbiz-source-repository-and-access.html but
> I guess we can't do much because those are exported.
>
This page will be fixed as part of this
On Nov 28, 2012, at 6:50 PM, Jacques Le Roux wrote:
> From: "Jacopo Cappellato"
>> On Nov 28, 2012, at 1:58 PM, Jacques Le Roux wrote:
>>
>>> It's ok with me as a WIP
>>> But did not we loose the link to Fisheye? Since it's an ASF tool we
On Dec 5, 2012, at 8:54 AM, Jacques Le Roux wrote:
> Note: I intentionally used the verb reject, because it seems it how some
> contributors are now feeling the way the OFBiz project is doing with their
> proposed contributions
I understand that this "feeling" could indeed happen but unfortunat
utions & services
>
> OFBiz Extensions Marketplace
> http://oem.ofbizci.net/oci-2/
>
> On Mon, Jun 20, 2016 at 5:31 PM, Jacopo Cappellato <
> jacopo.cappell...@hotwaxsystems.com> wrote:
>
> > Agreed, this is the plan we should follow; we should also port it to
> 15.12.
>
+1 for switching to Gradle.
Jacopo
On Mon, Jun 20, 2016 at 2:50 PM, Sharan Foga wrote:
> Hi Everyone
>
> This is the second of two emails to inform the community about what has
> been happening around how we are planning to handle external dependencies
> in the trunk. Two weeks ago the communit
On Tue, Jun 21, 2016 at 11:30 PM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> - gen-kek
>>
>
> Never used it, but Jacopo put it in recent
>
Actually, I didn't create it: it has been created long ago by Adam; but I
edited it to work with Shiro.
In my opinion it can be dropped and pos
Dear all,
I would like to bring to your attention the patch attached to
https://issues.apache.org/jira/browse/OFBIZ-7760 that I would like to
commit today to let other committers (Taher, Gil, Nicolas and others) to
continue their work on Gradle and dynamic jar download at build time.
I have tried
I went thru all the comments in this thread and it seems to me that the
summary that Sharan provided based on the discussion on the user list is a
good way to go to deal with Pierre's and other's concerns and with the
concerns of the developers: it seems we are all on the same page.
Jacopo
On Mon
On Mon, Jul 11, 2016 at 10:33 AM, Sharan Foga wrote:
> ...
> In fact the main discussion that I wanted to start here was more related
> to support for 14.12 and 15.12. As we are in transition to gradle, we need
> to define a time period for backporting bug fixes into these unreleased
> branches.
12 months seems a reasonable timeframe to me.
Jacopo
On Mon, Jul 11, 2016 at 11:14 AM, Sharan Foga wrote:
> Hi Everyone
>
> Following on from the discussion on the user mailing list and the
> consensus to leave 14.12 and 15.12 as unreleased branches.
>
> I'd like to start thinking about the sup
> Best regards,
>
> Pierre Smits
>
> ORRTIZ.COM <http://www.orrtiz.com>
> OFBiz based solutions & services
>
> OFBiz Extensions Marketplace
> http://oem.ofbizci.net/oci-2/
>
> On Mon, Jul 11, 2016 at 11:11 AM, Jacopo Cappellato <
> jacopo.cappell...@
On Thu, Jul 14, 2016 at 1:35 PM, Pierre Smits
wrote:
> Hi Sharan,
>
> I guess all accepted proposals can now be transformed into JIRA issues, for
> follow-up and tracking purposes.
>
> Also, with respect to the failing components) I suggest that we postpone
> the ultimate decision of activation/d
+1 to the idea, with defaults for optional resources (1 mandatory, 3
optional).
Wish: it would be nice to have more control on the component structure; for
example create a component without a webapp, add a webapp to an existing
component etc...
Jacopo
On Tue, Jul 19, 2016 at 11:15 AM, Taher Alk
This is very useful for development, thanks for sharing the tip Taher.
However, it would be nice if we could configure this behavior in order to
download only the required jars when a release is built: we should explore
this option as well.
Jacopo
On Thu, Jul 21, 2016 at 8:05 AM, Taher Alkhateeb
Regards,
>
> Taher Alkhateeb
>
> On Jul 21, 2016 9:17 AM, "Jacopo Cappellato" <
> jacopo.cappell...@hotwaxsystems.com> wrote:
>
> This is very useful for development, thanks for sharing the tip Taher.
> However, it would be nice if we could configure this beh
es
>
> OFBiz Extensions Marketplace
> http://oem.ofbizci.net/oci-2/
>
> On Thu, Jul 21, 2016 at 8:17 AM, Jacopo Cappellato <
> jacopo.cappell...@hotwaxsystems.com> wrote:
>
> > This is very useful for development, thanks for sharing the tip Taher.
> > However, i
Frankly speaking I don't see any accusation from Taher.
Since, as you wrote, you are unfamiliar with the topic discussed, your
feedback was not very useful and may be a distraction.
Jacopo
On Thu, Jul 21, 2016 at 1:03 PM, Pierre Smits
wrote:
> Are you accusing me of something, Taher?
>
> Pierre
+1 to the proposal and I am interested to see what (if) others have to say.
Jacopo
On Thu, Jul 21, 2016 at 11:38 AM, Taher Alkhateeb <
slidingfilame...@gmail.com> wrote:
> Hello Everyone,
>
> This is a proposal to _remove_ the following commands from the OFBiz server
> (invoked with ./gradlew "o
My preference is either #2 or #3
Jacopo
On Wed, Jul 20, 2016 at 10:31 AM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> Hi All,
>
> With https://issues.apache.org/jira/browse/OFBIZ-7906 "Have a Gradle
> build file for the cmssite component" Pierre Smits suggests to put back the
> jars
Hi Taher,
On Thu, Jul 21, 2016 at 3:24 PM, Taher Alkhateeb wrote:
> Hi scott,
>
> I would suggest that it starts on its own. just like any software system
> that communicates with your system. The POS is just a desktop app that
> communicates with the OFBiz server.
This is kind of true but...
For the record, I prefer option 2.
I have casted my vote as well on the survey but there is a chance that I
have messed it up: I have selected Yes for option 2 but didn't select No
for option 1 and 3 (left them empty).
Jacopo
On Fri, Jul 22, 2016 at 3:13 PM, Sharan Foga wrote:
> Hi Everyone
>
>
Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexi
Rationale: Jira notifications are currently sent to the "dev" list, causing
a lot of traffic and sometimes distracting from actual conversations; the
creation of a "notification" email (similar to the "commits" mailing list)
will solve this problem; in the future we may vote to use the
"notificatio
> > >
> > > >> Do we actually need a separate mailing list, or should it just
> forward
> > > to
> > > >> private@?
> > > >>
> > > >> Regards
> > > >> Scott
> > > >>
> > > >> O
On Tue, Jul 26, 2016 at 11:36 AM, Pierre Smits
wrote:
> ...
> In my viewpoint, this project should not limit the flexibility of the
> product (for any - potential - adopter) just to cater to the viewpoint of a
> (few) contributor(s).
It is always difficult to foresee the impact of such decision
Hmmm... not sure about this because jars with incompatible licenses should
not be required to build a release.
Jacopo
On Wed, Jul 27, 2016 at 2:18 PM, Taher Alkhateeb wrote:
> Actually, I think you can also enable these files and declare whatever
> proprietary libraries you need since they will
I think that the core reason for the failure is that most of the tests need
the demo data that is loaded with the ecommerce component; if you disable
it the data is not loaded.
Could you please try to enable ecommerce and run them again?
Thanks,
Jacopo
On Wed, Jul 27, 2016 at 1:21 PM, Taher Alkh
Taher Alkhateeb
>
> On Wed, Jul 27, 2016 at 4:01 PM, Jacopo Cappellato <
> jacopo.cappell...@hotwaxsystems.com> wrote:
>
> > I think that the core reason for the failure is that most of the tests
> need
> > the demo data that is loaded with the ecommerce component; if yo
On Wed, Jul 27, 2016 at 3:47 PM, Pierre Smits
wrote:
> ...
> But when code is already available in the OFBiz repo - and made available
> through releases - such an enabler/disabler is as much overkill to an
> adopter as a convenience script to download JDBC libraries (to paraphrase
another contr
+1
Jacopo
On Sun, Jul 24, 2016 at 2:32 PM, Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com> wrote:
> Rationale: every ASF project needs a private list to discuss product
> vulnerabilities; for OFBiz the "private" list has been used for this
> purpose until no
+1
Jacopo
On Sun, Jul 24, 2016 at 2:59 PM, Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com> wrote:
> Rationale: Jira notifications are currently sent to the "dev" list,
> causing a lot of traffic and sometimes distracting from actual
> conversations; the cr
The vote is successful with 15 positive (i.e. "+1") votes (of which 8 are
binding votes), no negative votes.
I will proceed with the request for the new mailing list to the ASF Infra.
Thank you all.
Jacopo
On Sun, Jul 24, 2016 at 2:32 PM, Jacopo Cappellato <
jacopo.cappell...@hotw
The vote is successful with 14 positive (i.e. "+1") votes (of which 8 are
binding votes), no negative votes.
I will proceed with the request for the new mailing list to the ASF Infra.
Thank you all.
On Sun, Jul 24, 2016 at 2:59 PM, Jacopo Cappellato <
jacopo.cappell...@hotwaxsyste
hanks
>
> Jacques
>
> Jacques
>
> Le 28/07/2016 à 16:34, Amardeep Singh Jhajj a écrit :
>
>> +1
>>
>> Regards,
>> --
>> Amardeep Singh Jhajj
>>
>> On Sun, Jul 24, 2016 at 6:29 PM, Jacopo Cappellato <
>> jacopo.cappell...@hotwaxsy
While we wait for the new site we could:
0) add the page discalimer as suggested; additionally, as Jacques pointed
out, this page is open to anyone who submits an ICLA and asks to be
registered as OFBiz contributor: no one is really reviewing the data
provided... we could mention this in the heade
On Fri, Jul 29, 2016 at 1:56 PM, Taher Alkhateeb wrote:
> ...
- ebaystore component
>
The jars in the ebaystore components are licensed under the CDDL licence,
that is addressed by the following ASF licensing rules:
http://www.apache.org/legal/resolved.html#category-b
I am not sure I fully gr
I think that making it part of the entity component would make sense.
Jacopo
On Fri, Aug 5, 2016 at 2:35 PM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> Hi,
>
> At I wrote I wonder if we should let the geronimo component alone with
> only 2 classes, could we not put that in entity
On Sat, Aug 6, 2016 at 12:49 PM, Taher Alkhateeb wrote:
>
> [...} I suggest the following:
>
> - remove ofbizSecure and ofbizBackgroundSecure
> - make all other server tasks secure by default (i.e. loading notsoserial
> and all other jvm args which are currently used in ofbizSecure). This means
>
On Fri, Aug 12, 2016 at 1:58 PM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> ...
Why? I prefer, it's more intuitive and I feel a continuity with "legacy",
> to type start and stop rather than ofbiz and "ofbiz --shutdown" :p
>
> Jacques
My preference is to design and implement a set
If the time it takes you to resolve the conflicts due to local changes to
your build.gradle file is too much then you could automate your process by
preparing a script to revert your local changes before updating the trunk
and then re-applying them after the update:
1) revert local changes (the scr
On Mon, Aug 15, 2016 at 12:37 PM, Sharan Foga wrote:
>
> I think it would be good to have a 'Thanks' page (I'm surprised that we
> don't have one already!).
We are actually properly implementing, as a project, the ASF request (done
a few years ago) to have a link to the ASF Thanks page from the
Hi all,
very soon all the Jira traffic email notifications currently forwarded to
the dev list will be redirected to the newly created
notificati...@ofbiz.apache.org mailing list.
Please subscribe to this new list if you are interested in getting the
notification traffic, by sending an empty emai
I am starting a new thread with a new subject in the dev list to discuss
the interesting topic about Wiki space cleanup/refactoring that was started
by Jacques as an off topic (going off-topic is a bad habit that we should
try to limit).
In my opinion we could just have one Wiki space (open to con
not seen much deletion from contributors so it should not be
> an issue.
>
> Jacques
>
>
>
> Le 17/08/2016 à 15:17, Jacopo Cappellato a écrit :
>
>> I am starting a new thread with a new subject in the dev list to discuss
>> the interesting topic about Wiki space
", content is not a
> problem because it's still in page history or space trash. The problem is
> with comments and attachments, see my previous explanation and question.
>
> Maybe you implicitly agree about what I suggested about news, comments and
> attachment?
>
> Jacques
On Sat, Aug 20, 2016 at 7:57 AM, jler...@apache.org
wrote:
> ...
> ebaystore component we need to put in Attic?
>
Either attic or (quoting myself from a previous mail in this thread) "remove
these jars, disable the component, add a README file to the component to
explain how to download the jars
On Sat, Aug 20, 2016 at 7:57 AM, jler...@apache.org
wrote:
> ...
> IMO we can delete the cmssite component jars they are only used in
> extensions of Dockbook and AFAIK we don't use them
>
>
+1
>
> notsoserial-1.0-SNAPSHOT.jar we need to keep, maybe we could push it in
> jcenter, but would be b
This contribution seems completely wrong to me. Pierre and Jacques, have
you performed proper tests and reviews before committing it?
Jacopo
On Mon, Aug 22, 2016 at 11:58 AM, wrote:
> Author: jleroux
> Date: Mon Aug 22 09:58:35 2016
> New Revision: 1757130
>
> URL: http://svn.apache.org/viewvc
s
>
> ORRTIZ.COM <http://www.orrtiz.com>
> OFBiz based solutions & services
>
> OFBiz Extensions Marketplace
> http://oem.ofbizci.net/oci-2/
>
> On Mon, Aug 22, 2016 at 12:43 PM, Jacopo Cappellato <
> jacopo.cappell...@hotwaxsystems.com> wrote:
>
> >
e used in cmssite,
> ecommerce and webpos. Should we not convert all to services?
>
> Best regards,
>
> Pierre Smits
>
> ORRTIZ.COM <http://www.orrtiz.com>
> OFBiz based solutions & services
>
> OFBiz Extensions Marketplace
> http://oem.ofbizci.net/oci-2/
>
Hi Jacques,
please see my comment below:
On Tue, Aug 23, 2016 at 9:31 AM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> ...
2. How other projects handle it. There is much diversity. Roughly:
> ...
Tomcat nothing on ecj jar (Eclipse.org) even in binary release
>
Just to check one
Jacques,
see my comments inline:
On Tue, Aug 23, 2016 at 11:06 AM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> [...] So it should have been
>
> "Tomcat nothing on ecj jar (Eclipse.org) in binary release" same for JMeter
>
>
Please double check: I have checked the binary release as w
Specifically I have checked the binary release of Tomcat 8.5.4
Jacopo
On Tue, Aug 23, 2016 at 11:22 AM, Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com> wrote:
> Jacques,
>
> see my comments inline:
>
> On Tue, Aug 23, 2016 at 11:06 AM, Jacques Le Roux <
> j
A couple of comments:
1) a "release" at the ASF is a "source release". It would be better, to
avoid any confusion in the future, if we name "binary packages" the
(optional) files that we could produce from a release
2) my preference would be to not issue binary packages: focusing on
publishing go
Thanks for the research, Jacques: your conclusions are inline with mine.
Jacopo
On Thu, Aug 25, 2016 at 6:37 AM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> Le 24/08/2016 à 15:04, Jacques Le Roux a écrit :
>
>> 2 things I still wonder about are:
>>
>> 1. Why Ant does not document th
A reminder: we should review in a similar way the LICENSE and NOTICE files
under specialpurpose.
Jacopo
On Thu, Aug 25, 2016 at 6:37 AM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> Le 24/08/2016 à 15:04, Jacques Le Roux a écrit :
>
>> 2 things I still wonder about are:
>>
>> 1. Why
+1
Jacopo
On Tue, Aug 23, 2016 at 1:57 PM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> Sure, +1!
>
> Jacques
>
>
>
> Le 23/08/2016 à 11:34, Sharan Foga a écrit :
>
>> Hi Everyone
>>
>> The ASF is offering all projects the opportunity to get for analytic
>> services. (from Snoot).
>>
While it is always nice to experiment new tools, I don't see any advantage
in using Steve for the usual votes we run in these lists.
However we could consider it to run special votes that require features
that a mailing list doesn't easily provide, like the recent vote we had
about our logo.
Just
In my opinion we should include the full header, that is important to
comply with the ASF licenses policies, unless there is a strong reason for
not doing so.
BTW, the Q/A you have quoted doesn't apply very well to the scenario you
are considering: the rule doesn't say "you can use the short header
On Tue, Aug 30, 2016 at 7:19 AM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> Mmm, then who should fix it?
>
This is an opportunity for anyone reading your message to contribute.
> Of course I could have fixed it myself, but I thought that by providing an
> advice I'd help more.
H
On Thu, Sep 1, 2016 at 6:53 AM, wrote:
> ...
> Legal statements are not required in readme files, as per consensus in dev
> mail thread with title 'Shorter ASL2 header in short files'. The mail
> thread started here: http://ofbiz.markmail.org/message/pc5bzrsiupef7xjt
>
>
Consensus? I was actually
ake it obvious which product they relate
> > to.>>
> >
> > That seems OK with me
> >
> > Jacques
> >
> >
> >
> > Le 01/09/2016 à 08:36, Jacopo Cappellato a écrit :
> >
> >> On Thu, Sep 1, 2016 at 6:53 AM, wrote:
> >>
L2 header or not, I
> want things to be consistent
>
> Jacques
>
>
> Le 01/09/2016 à 10:48, Jacopo Cappellato a écrit :
>
>> I still don't see where the consensus was reached: discussions in Jira are
>> not the same as discussion on the dev list (which is mention
ml#faq-exceptions
>
> Do we really need a vote for that?
>
> Jacques
>
>
>
>> Jacopo
>>
>>
>> Note that I have no strong opinion on putting the ASL2 header or not, I
>>> want things to be consistent
>>>
>>> Jacques
>>>
>>
Hi Jacques,
you have committed some unwanted/unrelated changes in this commit.
Jacopo
On Thu, Sep 1, 2016 at 3:34 PM, wrote:
> Author: jleroux
> Date: Thu Sep 1 13:34:17 2016
> New Revision: 1758774
>
> URL: http://svn.apache.org/viewvc?rev=1758774&view=rev
> Log:
> A patch from Pierre Smits
Jacques,
after a cursory review it seems to me that in your commit there are a few
issues; for example:
1) you are adding a close statement to code that already had the close
statement in the "finally" block; your modification actually introduces a
code pattern that is not correct (if an exception
On Fri, Sep 2, 2016 at 3:19 PM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> Le 02/09/2016 à 12:30, Jacopo Cappellato a écrit :
>
>> ...
>
> 2) I suspect that you are closing the socket connection too early
>> in PcChargeApi
>>
>
> I see no
I am resurrecting this old thread, because I think that Scott's remarks and
concerns to Jacques' commit were valid and the response of Jacques was not
satisfactory: in fact the two tickets Jacques mentioned have been resolved
but the issues that Scott identified in Jacques' commit are still there.
Thank you Jacques
Jacopo
On Sat, Sep 3, 2016 at 12:27 PM, wrote:
> Author: jleroux
> Revision: 1759065
> Modified property: svn:log
>
> Modified: svn:log at Sat Sep 3 10:27:20 2016
>
> --
> --- svn:log (original)
> ++
Hi all,
I have a general question about transitive dependencies.
Here is an example use case:
OFBiz depends on 2 external jars: jar1 and jar2
jar1 depends on log4j-version1
jar2 depends on log4j-version2
How should we manage the two versions of the same product (log4j in this
exemple), containing
Regards,
Jacopo
>
> Taher Alkhateeb
>
> On Sep 3, 2016 4:57 PM, "Jacopo Cappellato" <
> jacopo.cappell...@hotwaxsystems.com> wrote:
>
> > Hi all,
> >
> > I have a general question about transitive dependencies.
> > Here is an examp
Hi Jinghai,
I have noticed that when you have committed the Solr component you have
created a class named OFBizSolrContextFilter.java that is mostly the copy
of ContextFilter: as a consequence the logic implemented in its utility
methods has been duplicated.
I didn't check, but it is possible that
On Tue, Sep 6, 2016 at 6:38 PM, wrote:
> Author: jleroux
> Date: Tue Sep 6 16:38:14 2016
> New Revision: 1759457
>
> URL: http://svn.apache.org/viewvc?rev=1759457&view=rev
> Log:
>
...
> * Moreover the string can't be in the LabelReferences.java file, to avoid
> side effects
>
Hi Jacques,
wha
Hi Thang ,
the SupplierProduct entity was designed to support multiple prices for the
same product and supplier based on different ordered quantity or different
currency; see the primary key:
Unfortunately the design of the SupplierProduct entity is far from being
clean and nice, and I am n
On Wed, Sep 7, 2016 at 9:23 AM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> ...
>
2. So I created a private static final String: private static final String
> getResourceRegex = "ServiceUtil\\.getResource\\(\\)"
>But this did not work. I got
>
>2016-09-07 08:27:32,489 |ttp-nio
Hi all,
I think it is the right time to create a new release branch out of the
trunk.
According to our naming conventions the release will be named
"release16.09".
Any objections or concerns? If not, I will create the branch later
today/tomorrow.
After that we will start, in a separate thread,
On Sat, Aug 20, 2016 at 11:10 AM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> Le 20/08/2016 à 08:28, Jacopo Cappellato a écrit :
>
>> On Sat, Aug 20, 2016 at 7:57 AM, jler...@apache.org
>> wrote:
>>
>> ...
>>> ebaystore component we
Jacques, any news from notsoserial?
If not, I think we can proceed by (temporarily) removing the jars until
they will publish the jar.
Regards,
Jacopo
On Sat, Aug 20, 2016 at 11:12 AM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> Yes that's what I proposed also, I will try that befo
On Sat, Aug 20, 2016 at 8:29 AM, Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com> wrote:
>
> On Sat, Aug 20, 2016 at 7:57 AM, jler...@apache.org
> wrote:
>
>> ...
>> IMO we can delete the cmssite component jars they are only used in
>> extensions of
nge the Gradle "ofbizSecure" tasks
> >
> > Opinions?
> >
> > Jacques
> >
> >
> > Le 07/09/2016 à 14:01, Jacques Le Roux a écrit :
> >
> >> Yes I see no problems with that. I just need to add directions for users
> >> before
uot;]
>> +def jvmArguments = ['-Xms128M', '-Xmx1024M']
>> ext.ofbizMainClass = 'org.apache.ofbiz.base.start.Start'
>> javadoc.failOnError = false
>> sourceCompatibility = '1.8'
>>
>> On Wed, Sep 7, 2016 at 9:04 PM,
0-SNAPSHOT.jar",
>>> -
>>> "-Dnotsoserial.whitelist=${rootDir}/tools/security/notsoseri
>>> al/empty.txt",
>>> -
>>> "-Dnotsoserial.dryrun=${rootDir}/tools/security/notsoserial/
>>> is-deserialized.txt",
>>> -
>
What about the following slightly modified template?
==
[Implemented|Improved|Fix for|Documentation]: [Jira title|Free text]
[(OFBIZ-)]
[More detailed explanation of what has been done and what the fix achieves,
sideeffects etc.]
[Thanks:] [ for ... and for]
On Thu, Sep 8, 2016 at 12:04 PM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> ...
> If we remove the jar and all the rest, I fear the notsoserial effort will
> be definitely thrown away, exposing our "naive" users at the risk of using
> RMI or a vulnerable external classes.
>
Configur
On Tue, Sep 6, 2016 at 12:10 PM, Shi Jinghai wrote:
> Hi Jacopo,
>
> I cleaned OFBizSolrContextFilter.java and submitted in rev. 1759401.
> Please check if it's required to do a further refactoring.
>
> Kind Regards,
>
> Shi Jinghai
>
>
Thank you, Jinghai.
I still see a lot of code that is duplic
On Thu, Sep 8, 2016 at 2:54 PM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> ...
> How do you expect to warn users about deserialization driven attacks? I
> mean people can have a such risk w/o using RMI, deserialization driven
> attacks are not only about RMI.
In my opinion a messag
On Thu, Sep 8, 2016 at 5:01 PM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> But the topic is still there, hackers have all their time, and they will
> bite again...
Well, the above is too generic statement and I would prefer you to describe
about specific attacks and weak points in
A web application, in order to leverage the OFBiz framework, requires that
a series of objects are in its contexts (servlet context, session and
request) such as "delegator", "delegatorName", "dispatcher", "security"
etc. etc...
This setup is performed by the logic contained in the servlet filter
i
end.
>
> -邮件原件-
> 发件人: Jacopo Cappellato [mailto:jacopo.cappell...@hotwaxsystems.com]
> 发送时间: 2016年9月8日 21:14
> 收件人: dev@ofbiz.apache.org
> 主题: Re: svn commit: r1700119 [1/26] - in /ofbiz/trunk: ./ runtime/indexes/
> specialpurpose/ specialpurpose/solr/ specialpurpose/
duplicated etc...)
3) identify the filters that "extends" the ContextFilter class and figure
out how to refactor their code to work in a filter chain where the first
filter is ContextFilter
Jacopo
On Fri, Sep 9, 2016 at 10:07 AM, Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com
On Thu, Sep 8, 2016 at 11:31 PM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
> ...
> So it would be easier for us (OFBiz team) and contributors to deliver (at
> least free) plugins [...]
The terms "us", "OFBiz team" and the distinction with "contributors" don't
make much sense to me a
ner
> than later in our JIRA.
>
> Best regards,
>
> Pierre Smits
>
> ORRTIZ.COM <http://www.orrtiz.com>
> OFBiz based solutions & services
>
> OFBiz Extensions Marketplace
> http://oem.ofbizci.net/oci-2/
>
> On Fri, Sep 9, 2016 at 10:23 AM, Jacopo Cappe
In ContextFilter, the character encoding (aka charset) of every http
*request* object is set using the WebAppUtil.setCharacterEncoding(...)
method (see its logic here [*]).
It is wrong to override the character encoding if already specified by the
http request: in fact it doesn't make any sense to
Hi devs,
I would like to commit sometime soon the patches I have created for:
https://issues.apache.org/jira/browse/OFBIZ-8179
https://issues.apache.org/jira/browse/OFBIZ-8224
It would be great if you could have a look at them and let me know if you
have concerns or comments; if you like, you ca
701 - 800 of 6139 matches
Mail list logo
