[Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/f
Locked
[Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/f
 
|
Hi all,
Thanks Jacques, Taher and Nicolas mentioned our community rule, "a proper discussion". I created an issue "Add method attribute to request-map to controll a uri can be called GET or POST only" a week ago: https://issues.apache.org/jira/browse/OFBIZ-10438 Thanks Mathieu, he submitted his patches very quickly while I was preparing mine. I tested them and submitted to trunk. Please be aware, the latest versions are r1834465 and r1834570, and the implement requires JDK 1.8. Is the implement acceptable for trunk? Further improvement to do? Would we backport it to releases? If it's not acceptable, I'll revert the implement. Kind Regards, Shi Jinghai -----邮件原件----- 发件人: Paul Foxworthy [mailto:[hidden email]] 发送时间: 2018年6月26日 19:31 收件人: [hidden email] 主题: Re: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework: base/src/main/java/org/apache/ofbiz/base/util/collections/ webapp/config/ webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ webapp/src/test/java/org/apache/ofbiz/weba... On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email]> wrote: > I could be mistaken, but this seems like a very major change that did > not have a thorough and proper discussion at the mailing list? I would > rather at least have an explanation of what was committed and to > discuss the merits and cons of the implementation. > Hi all, I haven't found the specific issue, but wasn't there a major change several years ago from GET to POST to help guard against XSS attacks? Cheers Paul Foxworthy -- Coherent Software Australia Pty Ltd PO Box 2773 Cheltenham Vic 3192 Australia Phone: +61 3 9585 6788 Web: http://www.coherentsoftware.com.au/ Email: [hidden email] |
|
A few comments:
1- I would suggest to try and avoid in the future committing any design changes to the framework without discussing it properly in the mailing list first 2- I think it would be better to revert this work. I noticed in the JIRA for example that Mathieu Lirzin asked for some time to review his work when you just committed his work without checking what he wanted to do, and he later provided refactoring patches. 3- I would recommend providing a summary of what you want to commit. The commit was too long and I don't want to read line-by-line everything in the code to understand what was achieved. Let's first discuss in here what is being done, agree on the general direction, and THEN apply a commit. Those are my recommendations, and I don't know about the rest of the folks opinion here so I invite everyone else to have their input. On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> wrote: > Hi all, > > Thanks Jacques, Taher and Nicolas mentioned our community rule, "a proper discussion". > > I created an issue "Add method attribute to request-map to controll a uri can be called GET or POST only" a week ago: > https://issues.apache.org/jira/browse/OFBIZ-10438 > > Thanks Mathieu, he submitted his patches very quickly while I was preparing mine. I tested them and submitted to trunk. Please be aware, the latest versions are r1834465 and r1834570, and the implement requires JDK 1.8. > > Is the implement acceptable for trunk? Further improvement to do? Would we backport it to releases? > > If it's not acceptable, I'll revert the implement. > > Kind Regards, > > Shi Jinghai > > > -----邮件原件----- > 发件人: Paul Foxworthy [mailto:[hidden email]] > 发送时间: 2018年6月26日 19:31 > 收件人: [hidden email] > 主题: Re: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework: base/src/main/java/org/apache/ofbiz/base/util/collections/ webapp/config/ webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ webapp/src/test/java/org/apache/ofbiz/weba... > > On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email]> > wrote: > >> I could be mistaken, but this seems like a very major change that did >> not have a thorough and proper discussion at the mailing list? I would >> rather at least have an explanation of what was committed and to >> discuss the merits and cons of the implementation. >> > > Hi all, > > I haven't found the specific issue, but wasn't there a major change several > years ago from GET to POST to help guard against XSS attacks? > > Cheers > > Paul Foxworthy > > -- > Coherent Software Australia Pty Ltd > PO Box 2773 > Cheltenham Vic 3192 > Australia > > Phone: +61 3 9585 6788 > Web: http://www.coherentsoftware.com.au/ > Email: [hidden email] |
Re: [Discussion]: Add method attribute to request-map
|
|
Hello Taher,
Taher Alkhateeb <[hidden email]> writes: > A few comments: > > 1- I would suggest to try and avoid in the future committing any > design changes to the framework without discussing it properly in the > mailing list first The limit between a “regular” and “design” change can sometimes hard to define, so I just want to emphasize the *try and avoid* part. > 2- I think it would be better to revert this work. I noticed in the > JIRA for example that Mathieu Lirzin asked for some time to review his > work when you just committed his work without checking what he wanted > to do, and he later provided refactoring patches. > > 3- I would recommend providing a summary of what you want to commit. > The commit was too long and I don't want to read line-by-line > everything in the code to understand what was achieved. Let's first > discuss in here what is being done, agree on the general direction, > and THEN apply a commit. > > Those are my recommendations, and I don't know about the rest of the > folks opinion here so I invite everyone else to have their input. I agree with those recommendations. -- Mathieu Lirzin GPG: F2A3 8D7E EB2B 6640 5761 070D 0ADE E100 9460 4D37 |
Re: [Discussion]: Add method attribute to request-map
Administrator
|
Le 28/06/2018 à 09:56, Mathieu Lirzin a écrit :
> Hello Taher, > > Taher Alkhateeb <[hidden email]> writes: > >> A few comments: >> >> 1- I would suggest to try and avoid in the future committing any >> design changes to the framework without discussing it properly in the >> mailing list first > The limit between a “regular” and “design” change can sometimes hard to > define, so I just want to emphasize the *try and avoid* part. > >> 2- I think it would be better to revert this work. I noticed in the >> JIRA for example that Mathieu Lirzin asked for some time to review his >> work when you just committed his work without checking what he wanted >> to do, and he later provided refactoring patches. >> >> 3- I would recommend providing a summary of what you want to commit. >> The commit was too long and I don't want to read line-by-line >> everything in the code to understand what was achieved. Let's first >> discuss in here what is being done, agree on the general direction, >> and THEN apply a commit. >> >> Those are my recommendations, and I don't know about the rest of the >> folks opinion here so I invite everyone else to have their input. > I agree with those recommendations. > Sometimes, maybe by laziness or eagerness, some of us tend to forget (me included I must say) A proper discussion on the dev ML for important changes is always a good thing to do. Thanks Taher for this clear and detailed call to order As Mathieu outlined the line between a simple and an important change may vary depending on your POV. In case of doubt (of course you need to have one, eagerness does not help sometimes) start a convo here ;) Jacques |
Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/f
|
|
In reply to this post by taher
A strong +1 to your recommendations.
There were several commits in the OFBiz core recently which were not properly discussed before they were committed. We should avoid this. People should have in mind that other committers might not have the time to review, think and discuss these patches in the course of a few days. These things are not urgent and can take their time. Thanks and regards, Michael Am 28.06.18 um 09:15 schrieb Taher Alkhateeb: > A few comments: > > 1- I would suggest to try and avoid in the future committing any > design changes to the framework without discussing it properly in the > mailing list first > 2- I think it would be better to revert this work. I noticed in the > JIRA for example that Mathieu Lirzin asked for some time to review his > work when you just committed his work without checking what he wanted > to do, and he later provided refactoring patches. > 3- I would recommend providing a summary of what you want to commit. > The commit was too long and I don't want to read line-by-line > everything in the code to understand what was achieved. Let's first > discuss in here what is being done, agree on the general direction, > and THEN apply a commit. > > Those are my recommendations, and I don't know about the rest of the > folks opinion here so I invite everyone else to have their input. > > On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> wrote: >> Hi all, >> >> Thanks Jacques, Taher and Nicolas mentioned our community rule, "a proper discussion". >> >> I created an issue "Add method attribute to request-map to controll a uri can be called GET or POST only" a week ago: >> https://issues.apache.org/jira/browse/OFBIZ-10438 >> >> Thanks Mathieu, he submitted his patches very quickly while I was preparing mine. I tested them and submitted to trunk. Please be aware, the latest versions are r1834465 and r1834570, and the implement requires JDK 1.8. >> >> Is the implement acceptable for trunk? Further improvement to do? Would we backport it to releases? >> >> If it's not acceptable, I'll revert the implement. >> >> Kind Regards, >> >> Shi Jinghai >> >> >> -----邮件原件----- >> 发件人: Paul Foxworthy [mailto:[hidden email]] >> 发送时间: 2018年6月26日 19:31 >> 收件人: [hidden email] >> 主题: Re: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework: base/src/main/java/org/apache/ofbiz/base/util/collections/ webapp/config/ webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ webapp/src/test/java/org/apache/ofbiz/weba... >> >> On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email]> >> wrote: >> >>> I could be mistaken, but this seems like a very major change that did >>> not have a thorough and proper discussion at the mailing list? I would >>> rather at least have an explanation of what was committed and to >>> discuss the merits and cons of the implementation. >>> >> Hi all, >> >> I haven't found the specific issue, but wasn't there a major change several >> years ago from GET to POST to help guard against XSS attacks? >> >> Cheers >> >> Paul Foxworthy >> >> -- >> Coherent Software Australia Pty Ltd >> PO Box 2773 >> Cheltenham Vic 3192 >> Australia >> >> Phone: +61 3 9585 6788 >> Web: http://www.coherentsoftware.com.au/ >> Email: [hidden email] |
smime.p7s (5K)
Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/f
|
|
+1 Taher
On Thu, Jun 28, 2018 at 2:01 PM Michael Brohl <[hidden email]> wrote: > A strong +1 to your recommendations. > > There were several commits in the OFBiz core recently which were not > properly discussed before they were committed. We should avoid this. > > People should have in mind that other committers might not have the time > to review, think and discuss these patches in the course of a few days. > These things are not urgent and can take their time. > > Thanks and regards, > > Michael > > > Am 28.06.18 um 09:15 schrieb Taher Alkhateeb: > > A few comments: > > > > 1- I would suggest to try and avoid in the future committing any > > design changes to the framework without discussing it properly in the > > mailing list first > > 2- I think it would be better to revert this work. I noticed in the > > JIRA for example that Mathieu Lirzin asked for some time to review his > > work when you just committed his work without checking what he wanted > > to do, and he later provided refactoring patches. > > 3- I would recommend providing a summary of what you want to commit. > > The commit was too long and I don't want to read line-by-line > > everything in the code to understand what was achieved. Let's first > > discuss in here what is being done, agree on the general direction, > > and THEN apply a commit. > > > > Those are my recommendations, and I don't know about the rest of the > > folks opinion here so I invite everyone else to have their input. > > > > On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> > wrote: > >> Hi all, > >> > >> Thanks Jacques, Taher and Nicolas mentioned our community rule, "a > proper discussion". > >> > >> I created an issue "Add method attribute to request-map to controll a > uri can be called GET or POST only" a week ago: > >> https://issues.apache.org/jira/browse/OFBIZ-10438 > >> > >> Thanks Mathieu, he submitted his patches very quickly while I was > preparing mine. I tested them and submitted to trunk. Please be aware, the > latest versions are r1834465 and r1834570, and the implement requires JDK > 1.8. > >> > >> Is the implement acceptable for trunk? Further improvement to do? Would > we backport it to releases? > >> > >> If it's not acceptable, I'll revert the implement. > >> > >> Kind Regards, > >> > >> Shi Jinghai > >> > >> > >> -----邮件原件----- > >> 发件人: Paul Foxworthy [mailto:[hidden email]] > >> 发送时间: 2018年6月26日 19:31 > >> 收件人: [hidden email] > >> 主题: Re: svn commit: r1834389 - in > /ofbiz/ofbiz-framework/trunk/framework: > base/src/main/java/org/apache/ofbiz/base/util/collections/ webapp/config/ > webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ > webapp/src/test/java/org/apache/ofbiz/weba... > >> > >> On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email]> > >> wrote: > >> > >>> I could be mistaken, but this seems like a very major change that did > >>> not have a thorough and proper discussion at the mailing list? I would > >>> rather at least have an explanation of what was committed and to > >>> discuss the merits and cons of the implementation. > >>> > >> Hi all, > >> > >> I haven't found the specific issue, but wasn't there a major change > several > >> years ago from GET to POST to help guard against XSS attacks? > >> > >> Cheers > >> > >> Paul Foxworthy > >> > >> -- > >> Coherent Software Australia Pty Ltd > >> PO Box 2773 > >> Cheltenham Vic 3192 > >> Australia > >> > >> Phone: +61 3 9585 6788 > >> Web: http://www.coherentsoftware.com.au/ > >> Email: [hidden email] > > > -- Best regards, Arun Patidar Director of Information SystemsHotWax Commerce <http://www.hotwax.co/> |
Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/f
|
|
In reply to this post by taher
+1 to Taher's recommendations.
Jacopo On Thu, Jun 28, 2018 at 9:15 AM, Taher Alkhateeb <[hidden email] > wrote: > A few comments: > > 1- I would suggest to try and avoid in the future committing any > design changes to the framework without discussing it properly in the > mailing list first > 2- I think it would be better to revert this work. I noticed in the > JIRA for example that Mathieu Lirzin asked for some time to review his > work when you just committed his work without checking what he wanted > to do, and he later provided refactoring patches. > 3- I would recommend providing a summary of what you want to commit. > The commit was too long and I don't want to read line-by-line > everything in the code to understand what was achieved. Let's first > discuss in here what is being done, agree on the general direction, > and THEN apply a commit. > > Those are my recommendations, and I don't know about the rest of the > folks opinion here so I invite everyone else to have their input. > > On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> wrote: > > Hi all, > > > > Thanks Jacques, Taher and Nicolas mentioned our community rule, "a > proper discussion". > > > > I created an issue "Add method attribute to request-map to controll a > uri can be called GET or POST only" a week ago: > > https://issues.apache.org/jira/browse/OFBIZ-10438 > > > > Thanks Mathieu, he submitted his patches very quickly while I was > preparing mine. I tested them and submitted to trunk. Please be aware, the > latest versions are r1834465 and r1834570, and the implement requires JDK > 1.8. > > > > Is the implement acceptable for trunk? Further improvement to do? Would > we backport it to releases? > > > > If it's not acceptable, I'll revert the implement. > > > > Kind Regards, > > > > Shi Jinghai > > > > > > -----邮件原件----- > > 发件人: Paul Foxworthy [mailto:[hidden email]] > > 发送时间: 2018年6月26日 19:31 > > 收件人: [hidden email] > > 主题: Re: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework: > base/src/main/java/org/apache/ofbiz/base/util/collections/ webapp/config/ > webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ > webapp/src/test/java/org/apache/ofbiz/weba... > > > > On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email]> > > wrote: > > > >> I could be mistaken, but this seems like a very major change that did > >> not have a thorough and proper discussion at the mailing list? I would > >> rather at least have an explanation of what was committed and to > >> discuss the merits and cons of the implementation. > >> > > > > Hi all, > > > > I haven't found the specific issue, but wasn't there a major change > several > > years ago from GET to POST to help guard against XSS attacks? > > > > Cheers > > > > Paul Foxworthy > > > > -- > > Coherent Software Australia Pty Ltd > > PO Box 2773 > > Cheltenham Vic 3192 > > Australia > > > > Phone: +61 3 9585 6788 > > Web: http://www.coherentsoftware.com.au/ > > Email: [hidden email] > |
Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/f
|
|
In reply to this post by Shi Jinghai-3
Reverted in rev 1834917.
-----邮件原件----- 发件人: Jacopo Cappellato [mailto:[hidden email]] 发送时间: 2018年6月28日 23:59 收件人: [hidden email] 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) +1 to Taher's recommendations. Jacopo On Thu, Jun 28, 2018 at 9:15 AM, Taher Alkhateeb <[hidden email] > wrote: > A few comments: > > 1- I would suggest to try and avoid in the future committing any > design changes to the framework without discussing it properly in the > mailing list first > 2- I think it would be better to revert this work. I noticed in the > JIRA for example that Mathieu Lirzin asked for some time to review his > work when you just committed his work without checking what he wanted > to do, and he later provided refactoring patches. > 3- I would recommend providing a summary of what you want to commit. > The commit was too long and I don't want to read line-by-line > everything in the code to understand what was achieved. Let's first > discuss in here what is being done, agree on the general direction, > and THEN apply a commit. > > Those are my recommendations, and I don't know about the rest of the > folks opinion here so I invite everyone else to have their input. > > On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> wrote: > > Hi all, > > > > Thanks Jacques, Taher and Nicolas mentioned our community rule, "a > proper discussion". > > > > I created an issue "Add method attribute to request-map to controll a > uri can be called GET or POST only" a week ago: > > https://issues.apache.org/jira/browse/OFBIZ-10438 > > > > Thanks Mathieu, he submitted his patches very quickly while I was > preparing mine. I tested them and submitted to trunk. Please be aware, the > latest versions are r1834465 and r1834570, and the implement requires JDK > 1.8. > > > > Is the implement acceptable for trunk? Further improvement to do? Would > we backport it to releases? > > > > If it's not acceptable, I'll revert the implement. > > > > Kind Regards, > > > > Shi Jinghai > > > > > > -----邮件原件----- > > 发件人: Paul Foxworthy [mailto:[hidden email]] > > 发送时间: 2018年6月26日 19:31 > > 收件人: [hidden email] > > 主题: Re: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework: > base/src/main/java/org/apache/ofbiz/base/util/collections/ webapp/config/ > webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ > webapp/src/test/java/org/apache/ofbiz/weba... > > > > On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email]> > > wrote: > > > >> I could be mistaken, but this seems like a very major change that did > >> not have a thorough and proper discussion at the mailing list? I would > >> rather at least have an explanation of what was committed and to > >> discuss the merits and cons of the implementation. > >> > > > > Hi all, > > > > I haven't found the specific issue, but wasn't there a major change > several > > years ago from GET to POST to help guard against XSS attacks? > > > > Cheers > > > > Paul Foxworthy > > > > -- > > Coherent Software Australia Pty Ltd > > PO Box 2773 > > Cheltenham Vic 3192 > > Australia > > > > Phone: +61 3 9585 6788 > > Web: http://www.coherentsoftware.com.au/ > > Email: [hidden email] > |
|
|
Thank you Shi. If you or Mathieu would like to proceed with this work
I recommend starting a new thread laying out the what, why, and how of what you want to do so we can have a proper discussion about it, otherwise I recommend closing the JIRA. If you or Mathieu would like to start a discussion I'd recommend a new thread On Tue, Jul 3, 2018 at 9:22 AM, Shi Jinghai <[hidden email]> wrote: > Reverted in rev 1834917. > > -----邮件原件----- > 发件人: Jacopo Cappellato [mailto:[hidden email]] > 发送时间: 2018年6月28日 23:59 > 收件人: [hidden email] > 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) > > +1 to Taher's recommendations. > > Jacopo > > On Thu, Jun 28, 2018 at 9:15 AM, Taher Alkhateeb <[hidden email] >> wrote: > >> A few comments: >> >> 1- I would suggest to try and avoid in the future committing any >> design changes to the framework without discussing it properly in the >> mailing list first >> 2- I think it would be better to revert this work. I noticed in the >> JIRA for example that Mathieu Lirzin asked for some time to review his >> work when you just committed his work without checking what he wanted >> to do, and he later provided refactoring patches. >> 3- I would recommend providing a summary of what you want to commit. >> The commit was too long and I don't want to read line-by-line >> everything in the code to understand what was achieved. Let's first >> discuss in here what is being done, agree on the general direction, >> and THEN apply a commit. >> >> Those are my recommendations, and I don't know about the rest of the >> folks opinion here so I invite everyone else to have their input. >> >> On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> wrote: >> > Hi all, >> > >> > Thanks Jacques, Taher and Nicolas mentioned our community rule, "a >> proper discussion". >> > >> > I created an issue "Add method attribute to request-map to controll a >> uri can be called GET or POST only" a week ago: >> > https://issues.apache.org/jira/browse/OFBIZ-10438 >> > >> > Thanks Mathieu, he submitted his patches very quickly while I was >> preparing mine. I tested them and submitted to trunk. Please be aware, the >> latest versions are r1834465 and r1834570, and the implement requires JDK >> 1.8. >> > >> > Is the implement acceptable for trunk? Further improvement to do? Would >> we backport it to releases? >> > >> > If it's not acceptable, I'll revert the implement. >> > >> > Kind Regards, >> > >> > Shi Jinghai >> > >> > >> > -----邮件原件----- >> > 发件人: Paul Foxworthy [mailto:[hidden email]] >> > 发送时间: 2018年6月26日 19:31 >> > 收件人: [hidden email] >> > 主题: Re: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework: >> base/src/main/java/org/apache/ofbiz/base/util/collections/ webapp/config/ >> webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ >> webapp/src/test/java/org/apache/ofbiz/weba... >> > >> > On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email]> >> > wrote: >> > >> >> I could be mistaken, but this seems like a very major change that did >> >> not have a thorough and proper discussion at the mailing list? I would >> >> rather at least have an explanation of what was committed and to >> >> discuss the merits and cons of the implementation. >> >> >> > >> > Hi all, >> > >> > I haven't found the specific issue, but wasn't there a major change >> several >> > years ago from GET to POST to help guard against XSS attacks? >> > >> > Cheers >> > >> > Paul Foxworthy >> > >> > -- >> > Coherent Software Australia Pty Ltd >> > PO Box 2773 >> > Cheltenham Vic 3192 >> > Australia >> > >> > Phone: +61 3 9585 6788 >> > Web: http://www.coherentsoftware.com.au/ >> > Email: [hidden email] >> |
Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/f
|
|
In reply to this post by Shi Jinghai-3
Mathieu decides, I have got his valuable code I needed :)
-----邮件原件----- 发件人: Taher Alkhateeb [mailto:[hidden email]] 发送时间: 2018年7月3日 15:09 收件人: OFBIZ Development Mailing List 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) Thank you Shi. If you or Mathieu would like to proceed with this work I recommend starting a new thread laying out the what, why, and how of what you want to do so we can have a proper discussion about it, otherwise I recommend closing the JIRA. If you or Mathieu would like to start a discussion I'd recommend a new thread On Tue, Jul 3, 2018 at 9:22 AM, Shi Jinghai <[hidden email]> wrote: > Reverted in rev 1834917. > > -----邮件原件----- > 发件人: Jacopo Cappellato [mailto:[hidden email]] > 发送时间: 2018年6月28日 23:59 > 收件人: [hidden email] > 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) > > +1 to Taher's recommendations. > > Jacopo > > On Thu, Jun 28, 2018 at 9:15 AM, Taher Alkhateeb <[hidden email] >> wrote: > >> A few comments: >> >> 1- I would suggest to try and avoid in the future committing any >> design changes to the framework without discussing it properly in the >> mailing list first >> 2- I think it would be better to revert this work. I noticed in the >> JIRA for example that Mathieu Lirzin asked for some time to review his >> work when you just committed his work without checking what he wanted >> to do, and he later provided refactoring patches. >> 3- I would recommend providing a summary of what you want to commit. >> The commit was too long and I don't want to read line-by-line >> everything in the code to understand what was achieved. Let's first >> discuss in here what is being done, agree on the general direction, >> and THEN apply a commit. >> >> Those are my recommendations, and I don't know about the rest of the >> folks opinion here so I invite everyone else to have their input. >> >> On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> wrote: >> > Hi all, >> > >> > Thanks Jacques, Taher and Nicolas mentioned our community rule, "a >> proper discussion". >> > >> > I created an issue "Add method attribute to request-map to controll a >> uri can be called GET or POST only" a week ago: >> > https://issues.apache.org/jira/browse/OFBIZ-10438 >> > >> > Thanks Mathieu, he submitted his patches very quickly while I was >> preparing mine. I tested them and submitted to trunk. Please be aware, the >> latest versions are r1834465 and r1834570, and the implement requires JDK >> 1.8. >> > >> > Is the implement acceptable for trunk? Further improvement to do? Would >> we backport it to releases? >> > >> > If it's not acceptable, I'll revert the implement. >> > >> > Kind Regards, >> > >> > Shi Jinghai >> > >> > >> > -----邮件原件----- >> > 发件人: Paul Foxworthy [mailto:[hidden email]] >> > 发送时间: 2018年6月26日 19:31 >> > 收件人: [hidden email] >> > 主题: Re: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework: >> base/src/main/java/org/apache/ofbiz/base/util/collections/ webapp/config/ >> webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ >> webapp/src/test/java/org/apache/ofbiz/weba... >> > >> > On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email]> >> > wrote: >> > >> >> I could be mistaken, but this seems like a very major change that did >> >> not have a thorough and proper discussion at the mailing list? I would >> >> rather at least have an explanation of what was committed and to >> >> discuss the merits and cons of the implementation. >> >> >> > >> > Hi all, >> > >> > I haven't found the specific issue, but wasn't there a major change >> several >> > years ago from GET to POST to help guard against XSS attacks? >> > >> > Cheers >> > >> > Paul Foxworthy >> > >> > -- >> > Coherent Software Australia Pty Ltd >> > PO Box 2773 >> > Cheltenham Vic 3192 >> > Australia >> > >> > Phone: +61 3 9585 6788 >> > Web: http://www.coherentsoftware.com.au/ >> > Email: [hidden email] >> |
Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/f
|
Administrator
|
In reply to this post by taher
Hi,
I don't want to speak for Mathieu and I agree a proper discussion should be done prior on dev ML for such an important topic. I guess Mathieu was unaware of this best practice and already gave some hints in OFBIZ-4274 starting at https://s.apache.org/AECE He then followed with a description at OFBIZ-10438 Now we can make this more clear here. A new thread should be created. Thanks all for your attention Jacques Le 03/07/2018 à 09:09, Taher Alkhateeb a écrit : > Thank you Shi. If you or Mathieu would like to proceed with this work > I recommend starting a new thread laying out the what, why, and how of > what you want to do so we can have a proper discussion about it, > otherwise I recommend closing the JIRA. > > If you or Mathieu would like to start a discussion I'd recommend a new thread > > On Tue, Jul 3, 2018 at 9:22 AM, Shi Jinghai <[hidden email]> wrote: >> Reverted in rev 1834917. >> >> -----邮件原件----- >> 发件人: Jacopo Cappellato [mailto:[hidden email]] >> 发送时间: 2018年6月28日 23:59 >> 收件人: [hidden email] >> 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) >> >> +1 to Taher's recommendations. >> >> Jacopo >> >> On Thu, Jun 28, 2018 at 9:15 AM, Taher Alkhateeb <[hidden email] >>> wrote: >>> A few comments: >>> >>> 1- I would suggest to try and avoid in the future committing any >>> design changes to the framework without discussing it properly in the >>> mailing list first >>> 2- I think it would be better to revert this work. I noticed in the >>> JIRA for example that Mathieu Lirzin asked for some time to review his >>> work when you just committed his work without checking what he wanted >>> to do, and he later provided refactoring patches. >>> 3- I would recommend providing a summary of what you want to commit. >>> The commit was too long and I don't want to read line-by-line >>> everything in the code to understand what was achieved. Let's first >>> discuss in here what is being done, agree on the general direction, >>> and THEN apply a commit. >>> >>> Those are my recommendations, and I don't know about the rest of the >>> folks opinion here so I invite everyone else to have their input. >>> >>> On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> wrote: >>>> Hi all, >>>> >>>> Thanks Jacques, Taher and Nicolas mentioned our community rule, "a >>> proper discussion". >>>> I created an issue "Add method attribute to request-map to controll a >>> uri can be called GET or POST only" a week ago: >>>> https://issues.apache.org/jira/browse/OFBIZ-10438 >>>> >>>> Thanks Mathieu, he submitted his patches very quickly while I was >>> preparing mine. I tested them and submitted to trunk. Please be aware, the >>> latest versions are r1834465 and r1834570, and the implement requires JDK >>> 1.8. >>>> Is the implement acceptable for trunk? Further improvement to do? Would >>> we backport it to releases? >>>> If it's not acceptable, I'll revert the implement. >>>> >>>> Kind Regards, >>>> >>>> Shi Jinghai >>>> >>>> >>>> -----邮件原件----- >>>> 发件人: Paul Foxworthy [mailto:[hidden email]] >>>> 发送时间: 2018年6月26日 19:31 >>>> 收件人: [hidden email] >>>> 主题: Re: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework: >>> base/src/main/java/org/apache/ofbiz/base/util/collections/ webapp/config/ >>> webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ >>> webapp/src/test/java/org/apache/ofbiz/weba... >>>> On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email]> >>>> wrote: >>>> >>>>> I could be mistaken, but this seems like a very major change that did >>>>> not have a thorough and proper discussion at the mailing list? I would >>>>> rather at least have an explanation of what was committed and to >>>>> discuss the merits and cons of the implementation. >>>>> >>>> Hi all, >>>> >>>> I haven't found the specific issue, but wasn't there a major change >>> several >>>> years ago from GET to POST to help guard against XSS attacks? >>>> >>>> Cheers >>>> >>>> Paul Foxworthy >>>> >>>> -- >>>> Coherent Software Australia Pty Ltd >>>> PO Box 2773 >>>> Cheltenham Vic 3192 >>>> Australia >>>> >>>> Phone: +61 3 9585 6788 >>>> Web: http://www.coherentsoftware.com.au/ >>>> Email: [hidden email] |
|
|
To me the issue is not related to Mathieu. The committer is the person who
should engage others before committing or at least ask the contributor to start a discussion. I find it actually admirable that Mathieu took from his time probably a good chunk to work on this code and I encourage him to continue pushing this initiative forward. On Tue, Jul 3, 2018, 11:50 AM Jacques Le Roux <[hidden email]> wrote: > Hi, > > I don't want to speak for Mathieu and I agree a proper discussion should > be done prior on dev ML for such an important topic. > > I guess Mathieu was unaware of this best practice and already gave some > hints in OFBIZ-4274 starting at https://s.apache.org/AECE > > He then followed with a description at OFBIZ-10438 > > Now we can make this more clear here. A new thread should be created. > > Thanks all for your attention > > Jacques > > > Le 03/07/2018 à 09:09, Taher Alkhateeb a écrit : > > Thank you Shi. If you or Mathieu would like to proceed with this work > > I recommend starting a new thread laying out the what, why, and how of > > what you want to do so we can have a proper discussion about it, > > otherwise I recommend closing the JIRA. > > > > If you or Mathieu would like to start a discussion I'd recommend a new > thread > > > > On Tue, Jul 3, 2018 at 9:22 AM, Shi Jinghai <[hidden email]> > wrote: > >> Reverted in rev 1834917. > >> > >> -----邮件原件----- > >> 发件人: Jacopo Cappellato [mailto:[hidden email]] > >> 发送时间: 2018年6月28日 23:59 > >> 收件人: [hidden email] > >> 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn > commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) > >> > >> +1 to Taher's recommendations. > >> > >> Jacopo > >> > >> On Thu, Jun 28, 2018 at 9:15 AM, Taher Alkhateeb < > [hidden email] > >>> wrote: > >>> A few comments: > >>> > >>> 1- I would suggest to try and avoid in the future committing any > >>> design changes to the framework without discussing it properly in the > >>> mailing list first > >>> 2- I think it would be better to revert this work. I noticed in the > >>> JIRA for example that Mathieu Lirzin asked for some time to review his > >>> work when you just committed his work without checking what he wanted > >>> to do, and he later provided refactoring patches. > >>> 3- I would recommend providing a summary of what you want to commit. > >>> The commit was too long and I don't want to read line-by-line > >>> everything in the code to understand what was achieved. Let's first > >>> discuss in here what is being done, agree on the general direction, > >>> and THEN apply a commit. > >>> > >>> Those are my recommendations, and I don't know about the rest of the > >>> folks opinion here so I invite everyone else to have their input. > >>> > >>> On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> > wrote: > >>>> Hi all, > >>>> > >>>> Thanks Jacques, Taher and Nicolas mentioned our community rule, "a > >>> proper discussion". > >>>> I created an issue "Add method attribute to request-map to controll a > >>> uri can be called GET or POST only" a week ago: > >>>> https://issues.apache.org/jira/browse/OFBIZ-10438 > >>>> > >>>> Thanks Mathieu, he submitted his patches very quickly while I was > >>> preparing mine. I tested them and submitted to trunk. Please be aware, > the > >>> latest versions are r1834465 and r1834570, and the implement requires > JDK > >>> 1.8. > >>>> Is the implement acceptable for trunk? Further improvement to do? > Would > >>> we backport it to releases? > >>>> If it's not acceptable, I'll revert the implement. > >>>> > >>>> Kind Regards, > >>>> > >>>> Shi Jinghai > >>>> > >>>> > >>>> -----邮件原件----- > >>>> 发件人: Paul Foxworthy [mailto:[hidden email]] > >>>> 发送时间: 2018年6月26日 19:31 > >>>> 收件人: [hidden email] > >>>> 主题: Re: svn commit: r1834389 - in > /ofbiz/ofbiz-framework/trunk/framework: > >>> base/src/main/java/org/apache/ofbiz/base/util/collections/ > webapp/config/ > >>> webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ > >>> webapp/src/test/java/org/apache/ofbiz/weba... > >>>> On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email] > > > >>>> wrote: > >>>> > >>>>> I could be mistaken, but this seems like a very major change that did > >>>>> not have a thorough and proper discussion at the mailing list? I > would > >>>>> rather at least have an explanation of what was committed and to > >>>>> discuss the merits and cons of the implementation. > >>>>> > >>>> Hi all, > >>>> > >>>> I haven't found the specific issue, but wasn't there a major change > >>> several > >>>> years ago from GET to POST to help guard against XSS attacks? > >>>> > >>>> Cheers > >>>> > >>>> Paul Foxworthy > >>>> > >>>> -- > >>>> Coherent Software Australia Pty Ltd > >>>> PO Box 2773 > >>>> Cheltenham Vic 3192 > >>>> Australia > >>>> > >>>> Phone: +61 3 9585 6788 > >>>> Web: http://www.coherentsoftware.com.au/ > >>>> Email: [hidden email] > > |
Re: [Discussion]: Add method attribute to request-map
|
|
In reply to this post by Jacques Le Roux
Hello everyone,
Jacques Le Roux <[hidden email]> writes: > I don't want to speak for Mathieu and I agree a proper discussion > should be done prior on dev ML for such an important topic. > > I guess Mathieu was unaware of this best practice and already gave > some hints in OFBIZ-4274 starting at https://s.apache.org/AECE > He then followed with a description at OFBIZ-10438 You are correct. AIUI OFBIZ-10438 is a sub-issue of OFBIZ-4274 since it relates to the first step of the solution I am investigating for adding support for REST. > Le 03/07/2018 à 09:09, Taher Alkhateeb a écrit : >> Thank you Shi. If you or Mathieu would like to proceed with this work >> I recommend starting a new thread laying out the what, why, and how of >> what you want to do so we can have a proper discussion about it, >> otherwise I recommend closing the JIRA. >> >> If you or Mathieu would like to start a discussion I'd recommend a new thread I will open a new thread summarizing the goal/intent of adding a ‘method’ attribute to ‘request-map’ elements, and describing the proposed changes. Thanks. -- Mathieu Lirzin GPG: F2A3 8D7E EB2B 6640 5761 070D 0ADE E100 9460 4D37 |
|
|
In reply to this post by Shi Jinghai-3
That is not a constructive thing to say in my opinion. Sounds to me like:
hey I don't like reverting, but I know this code is good and now that I reverted I don't care. This is not how a community works. On Tue, Jul 3, 2018, 10:51 AM Shi Jinghai <[hidden email]> wrote: > Mathieu decides, I have got his valuable code I needed :) > > > -----邮件原件----- > 发件人: Taher Alkhateeb [mailto:[hidden email]] > 发送时间: 2018年7月3日 15:09 > 收件人: OFBIZ Development Mailing List > 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn > commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) > > Thank you Shi. If you or Mathieu would like to proceed with this work > I recommend starting a new thread laying out the what, why, and how of > what you want to do so we can have a proper discussion about it, > otherwise I recommend closing the JIRA. > > If you or Mathieu would like to start a discussion I'd recommend a new > thread > > On Tue, Jul 3, 2018 at 9:22 AM, Shi Jinghai <[hidden email]> wrote: > > Reverted in rev 1834917. > > > > -----邮件原件----- > > 发件人: Jacopo Cappellato [mailto:[hidden email]] > > 发送时间: 2018年6月28日 23:59 > > 收件人: [hidden email] > > 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn > commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) > > > > +1 to Taher's recommendations. > > > > Jacopo > > > > On Thu, Jun 28, 2018 at 9:15 AM, Taher Alkhateeb < > [hidden email] > >> wrote: > > > >> A few comments: > >> > >> 1- I would suggest to try and avoid in the future committing any > >> design changes to the framework without discussing it properly in the > >> mailing list first > >> 2- I think it would be better to revert this work. I noticed in the > >> JIRA for example that Mathieu Lirzin asked for some time to review his > >> work when you just committed his work without checking what he wanted > >> to do, and he later provided refactoring patches. > >> 3- I would recommend providing a summary of what you want to commit. > >> The commit was too long and I don't want to read line-by-line > >> everything in the code to understand what was achieved. Let's first > >> discuss in here what is being done, agree on the general direction, > >> and THEN apply a commit. > >> > >> Those are my recommendations, and I don't know about the rest of the > >> folks opinion here so I invite everyone else to have their input. > >> > >> On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> > wrote: > >> > Hi all, > >> > > >> > Thanks Jacques, Taher and Nicolas mentioned our community rule, "a > >> proper discussion". > >> > > >> > I created an issue "Add method attribute to request-map to controll a > >> uri can be called GET or POST only" a week ago: > >> > https://issues.apache.org/jira/browse/OFBIZ-10438 > >> > > >> > Thanks Mathieu, he submitted his patches very quickly while I was > >> preparing mine. I tested them and submitted to trunk. Please be aware, > the > >> latest versions are r1834465 and r1834570, and the implement requires > JDK > >> 1.8. > >> > > >> > Is the implement acceptable for trunk? Further improvement to do? > Would > >> we backport it to releases? > >> > > >> > If it's not acceptable, I'll revert the implement. > >> > > >> > Kind Regards, > >> > > >> > Shi Jinghai > >> > > >> > > >> > -----邮件原件----- > >> > 发件人: Paul Foxworthy [mailto:[hidden email]] > >> > 发送时间: 2018年6月26日 19:31 > >> > 收件人: [hidden email] > >> > 主题: Re: svn commit: r1834389 - in > /ofbiz/ofbiz-framework/trunk/framework: > >> base/src/main/java/org/apache/ofbiz/base/util/collections/ > webapp/config/ > >> webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ > >> webapp/src/test/java/org/apache/ofbiz/weba... > >> > > >> > On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email] > > > >> > wrote: > >> > > >> >> I could be mistaken, but this seems like a very major change that did > >> >> not have a thorough and proper discussion at the mailing list? I > would > >> >> rather at least have an explanation of what was committed and to > >> >> discuss the merits and cons of the implementation. > >> >> > >> > > >> > Hi all, > >> > > >> > I haven't found the specific issue, but wasn't there a major change > >> several > >> > years ago from GET to POST to help guard against XSS attacks? > >> > > >> > Cheers > >> > > >> > Paul Foxworthy > >> > > >> > -- > >> > Coherent Software Australia Pty Ltd > >> > PO Box 2773 > >> > Cheltenham Vic 3192 > >> > Australia > >> > > >> > Phone: +61 3 9585 6788 > >> > Web: http://www.coherentsoftware.com.au/ > >> > Email: [hidden email] > >> > |
Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/f
|
|
In reply to this post by Shi Jinghai-3
Yes, your feeling is quite right.
I prefer commit-then-review, you prefer review-then-commit. That's our core difference. -----邮件原件----- 发件人: Taher Alkhateeb [mailto:[hidden email]] 发送时间: 2018年7月3日 18:00 收件人: [hidden email] 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) That is not a constructive thing to say in my opinion. Sounds to me like: hey I don't like reverting, but I know this code is good and now that I reverted I don't care. This is not how a community works. On Tue, Jul 3, 2018, 10:51 AM Shi Jinghai <[hidden email]> wrote: > Mathieu decides, I have got his valuable code I needed :) > > > -----邮件原件----- > 发件人: Taher Alkhateeb [mailto:[hidden email]] > 发送时间: 2018年7月3日 15:09 > 收件人: OFBIZ Development Mailing List > 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn > commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) > > Thank you Shi. If you or Mathieu would like to proceed with this work > I recommend starting a new thread laying out the what, why, and how of > what you want to do so we can have a proper discussion about it, > otherwise I recommend closing the JIRA. > > If you or Mathieu would like to start a discussion I'd recommend a new > thread > > On Tue, Jul 3, 2018 at 9:22 AM, Shi Jinghai <[hidden email]> wrote: > > Reverted in rev 1834917. > > > > -----邮件原件----- > > 发件人: Jacopo Cappellato [mailto:[hidden email]] > > 发送时间: 2018年6月28日 23:59 > > 收件人: [hidden email] > > 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn > commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) > > > > +1 to Taher's recommendations. > > > > Jacopo > > > > On Thu, Jun 28, 2018 at 9:15 AM, Taher Alkhateeb < > [hidden email] > >> wrote: > > > >> A few comments: > >> > >> 1- I would suggest to try and avoid in the future committing any > >> design changes to the framework without discussing it properly in the > >> mailing list first > >> 2- I think it would be better to revert this work. I noticed in the > >> JIRA for example that Mathieu Lirzin asked for some time to review his > >> work when you just committed his work without checking what he wanted > >> to do, and he later provided refactoring patches. > >> 3- I would recommend providing a summary of what you want to commit. > >> The commit was too long and I don't want to read line-by-line > >> everything in the code to understand what was achieved. Let's first > >> discuss in here what is being done, agree on the general direction, > >> and THEN apply a commit. > >> > >> Those are my recommendations, and I don't know about the rest of the > >> folks opinion here so I invite everyone else to have their input. > >> > >> On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> > wrote: > >> > Hi all, > >> > > >> > Thanks Jacques, Taher and Nicolas mentioned our community rule, "a > >> proper discussion". > >> > > >> > I created an issue "Add method attribute to request-map to controll a > >> uri can be called GET or POST only" a week ago: > >> > https://issues.apache.org/jira/browse/OFBIZ-10438 > >> > > >> > Thanks Mathieu, he submitted his patches very quickly while I was > >> preparing mine. I tested them and submitted to trunk. Please be aware, > the > >> latest versions are r1834465 and r1834570, and the implement requires > JDK > >> 1.8. > >> > > >> > Is the implement acceptable for trunk? Further improvement to do? > Would > >> we backport it to releases? > >> > > >> > If it's not acceptable, I'll revert the implement. > >> > > >> > Kind Regards, > >> > > >> > Shi Jinghai > >> > > >> > > >> > -----邮件原件----- > >> > 发件人: Paul Foxworthy [mailto:[hidden email]] > >> > 发送时间: 2018年6月26日 19:31 > >> > 收件人: [hidden email] > >> > 主题: Re: svn commit: r1834389 - in > /ofbiz/ofbiz-framework/trunk/framework: > >> base/src/main/java/org/apache/ofbiz/base/util/collections/ > webapp/config/ > >> webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ > >> webapp/src/test/java/org/apache/ofbiz/weba... > >> > > >> > On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email] > > > >> > wrote: > >> > > >> >> I could be mistaken, but this seems like a very major change that did > >> >> not have a thorough and proper discussion at the mailing list? I > would > >> >> rather at least have an explanation of what was committed and to > >> >> discuss the merits and cons of the implementation. > >> >> > >> > > >> > Hi all, > >> > > >> > I haven't found the specific issue, but wasn't there a major change > >> several > >> > years ago from GET to POST to help guard against XSS attacks? > >> > > >> > Cheers > >> > > >> > Paul Foxworthy > >> > > >> > -- > >> > Coherent Software Australia Pty Ltd > >> > PO Box 2773 > >> > Cheltenham Vic 3192 > >> > Australia > >> > > >> > Phone: +61 3 9585 6788 > >> > Web: http://www.coherentsoftware.com.au/ > >> > Email: [hidden email] > >> > |
Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/f
|
Administrator
|
Actually OFBiz uses CTR not RTC but we also decided long ago to discuss important subjects before opening Jiras.
Here, the problem is OFBIZ-4274 already existed, so Mathieu started from that... Reviewing before or after is always a difficult task anyway. And yes I'm also for CTR :) Jacques Le 03/07/2018 à 12:14, Shi Jinghai a écrit : > Yes, your feeling is quite right. > > I prefer commit-then-review, you prefer review-then-commit. That's our core difference. > > -----邮件原件----- > 发件人: Taher Alkhateeb [mailto:[hidden email]] > 发送时间: 2018年7月3日 18:00 > 收件人: [hidden email] > 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) > > That is not a constructive thing to say in my opinion. Sounds to me like: > hey I don't like reverting, but I know this code is good and now that I > reverted I don't care. This is not how a community works. > > On Tue, Jul 3, 2018, 10:51 AM Shi Jinghai <[hidden email]> wrote: > >> Mathieu decides, I have got his valuable code I needed :) >> >> >> -----邮件原件----- >> 发件人: Taher Alkhateeb [mailto:[hidden email]] >> 发送时间: 2018年7月3日 15:09 >> 收件人: OFBIZ Development Mailing List >> 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn >> commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) >> >> Thank you Shi. If you or Mathieu would like to proceed with this work >> I recommend starting a new thread laying out the what, why, and how of >> what you want to do so we can have a proper discussion about it, >> otherwise I recommend closing the JIRA. >> >> If you or Mathieu would like to start a discussion I'd recommend a new >> thread >> >> On Tue, Jul 3, 2018 at 9:22 AM, Shi Jinghai <[hidden email]> wrote: >>> Reverted in rev 1834917. >>> >>> -----邮件原件----- >>> 发件人: Jacopo Cappellato [mailto:[hidden email]] >>> 发送时间: 2018年6月28日 23:59 >>> 收件人: [hidden email] >>> 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn >> commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) >>> +1 to Taher's recommendations. >>> >>> Jacopo >>> >>> On Thu, Jun 28, 2018 at 9:15 AM, Taher Alkhateeb < >> [hidden email] >>>> wrote: >>>> A few comments: >>>> >>>> 1- I would suggest to try and avoid in the future committing any >>>> design changes to the framework without discussing it properly in the >>>> mailing list first >>>> 2- I think it would be better to revert this work. I noticed in the >>>> JIRA for example that Mathieu Lirzin asked for some time to review his >>>> work when you just committed his work without checking what he wanted >>>> to do, and he later provided refactoring patches. >>>> 3- I would recommend providing a summary of what you want to commit. >>>> The commit was too long and I don't want to read line-by-line >>>> everything in the code to understand what was achieved. Let's first >>>> discuss in here what is being done, agree on the general direction, >>>> and THEN apply a commit. >>>> >>>> Those are my recommendations, and I don't know about the rest of the >>>> folks opinion here so I invite everyone else to have their input. >>>> >>>> On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> >> wrote: >>>>> Hi all, >>>>> >>>>> Thanks Jacques, Taher and Nicolas mentioned our community rule, "a >>>> proper discussion". >>>>> I created an issue "Add method attribute to request-map to controll a >>>> uri can be called GET or POST only" a week ago: >>>>> https://issues.apache.org/jira/browse/OFBIZ-10438 >>>>> >>>>> Thanks Mathieu, he submitted his patches very quickly while I was >>>> preparing mine. I tested them and submitted to trunk. Please be aware, >> the >>>> latest versions are r1834465 and r1834570, and the implement requires >> JDK >>>> 1.8. >>>>> Is the implement acceptable for trunk? Further improvement to do? >> Would >>>> we backport it to releases? >>>>> If it's not acceptable, I'll revert the implement. >>>>> >>>>> Kind Regards, >>>>> >>>>> Shi Jinghai >>>>> >>>>> >>>>> -----邮件原件----- >>>>> 发件人: Paul Foxworthy [mailto:[hidden email]] >>>>> 发送时间: 2018年6月26日 19:31 >>>>> 收件人: [hidden email] >>>>> 主题: Re: svn commit: r1834389 - in >> /ofbiz/ofbiz-framework/trunk/framework: >>>> base/src/main/java/org/apache/ofbiz/base/util/collections/ >> webapp/config/ >>>> webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ >>>> webapp/src/test/java/org/apache/ofbiz/weba... >>>>> On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email] >>>>> wrote: >>>>> >>>>>> I could be mistaken, but this seems like a very major change that did >>>>>> not have a thorough and proper discussion at the mailing list? I >> would >>>>>> rather at least have an explanation of what was committed and to >>>>>> discuss the merits and cons of the implementation. >>>>>> >>>>> Hi all, >>>>> >>>>> I haven't found the specific issue, but wasn't there a major change >>>> several >>>>> years ago from GET to POST to help guard against XSS attacks? >>>>> >>>>> Cheers >>>>> >>>>> Paul Foxworthy >>>>> >>>>> -- >>>>> Coherent Software Australia Pty Ltd >>>>> PO Box 2773 >>>>> Cheltenham Vic 3192 >>>>> Australia >>>>> >>>>> Phone: +61 3 9585 6788 >>>>> Web: http://www.coherentsoftware.com.au/ >>>>> Email: [hidden email] |
Re: [Discussion]: Add method attribute to request-map
|
Administrator
|
In reply to this post by Mathieu Lirzin
Le 03/07/2018 à 11:53, Mathieu Lirzin a écrit :
>>> If you or Mathieu would like to start a discussion I'd recommend a new thread > I will open a new thread summarizing the goal/intent of adding a > ‘method’ attribute to ‘request-map’ elements, and describing the > proposed changes. Thanks Mathieu, Much appreciated Jacques |
Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/f
|
Administrator
|
In reply to this post by taher
Yes you are right on this, Mathieu was not the committer.
Jacques Le 03/07/2018 à 11:48, Taher Alkhateeb a écrit : > To me the issue is not related to Mathieu. The committer is the person who > should engage others before committing or at least ask the contributor to > start a discussion. I find it actually admirable that Mathieu took from his > time probably a good chunk to work on this code and I encourage him to > continue pushing this initiative forward. > > On Tue, Jul 3, 2018, 11:50 AM Jacques Le Roux <[hidden email]> > wrote: > >> Hi, >> >> I don't want to speak for Mathieu and I agree a proper discussion should >> be done prior on dev ML for such an important topic. >> >> I guess Mathieu was unaware of this best practice and already gave some >> hints in OFBIZ-4274 starting at https://s.apache.org/AECE >> >> He then followed with a description at OFBIZ-10438 >> >> Now we can make this more clear here. A new thread should be created. >> >> Thanks all for your attention >> >> Jacques >> >> >> Le 03/07/2018 à 09:09, Taher Alkhateeb a écrit : >>> Thank you Shi. If you or Mathieu would like to proceed with this work >>> I recommend starting a new thread laying out the what, why, and how of >>> what you want to do so we can have a proper discussion about it, >>> otherwise I recommend closing the JIRA. >>> >>> If you or Mathieu would like to start a discussion I'd recommend a new >> thread >>> On Tue, Jul 3, 2018 at 9:22 AM, Shi Jinghai <[hidden email]> >> wrote: >>>> Reverted in rev 1834917. >>>> >>>> -----邮件原件----- >>>> 发件人: Jacopo Cappellato [mailto:[hidden email]] >>>> 发送时间: 2018年6月28日 23:59 >>>> 收件人: [hidden email] >>>> 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn >> commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) >>>> +1 to Taher's recommendations. >>>> >>>> Jacopo >>>> >>>> On Thu, Jun 28, 2018 at 9:15 AM, Taher Alkhateeb < >> [hidden email] >>>>> wrote: >>>>> A few comments: >>>>> >>>>> 1- I would suggest to try and avoid in the future committing any >>>>> design changes to the framework without discussing it properly in the >>>>> mailing list first >>>>> 2- I think it would be better to revert this work. I noticed in the >>>>> JIRA for example that Mathieu Lirzin asked for some time to review his >>>>> work when you just committed his work without checking what he wanted >>>>> to do, and he later provided refactoring patches. >>>>> 3- I would recommend providing a summary of what you want to commit. >>>>> The commit was too long and I don't want to read line-by-line >>>>> everything in the code to understand what was achieved. Let's first >>>>> discuss in here what is being done, agree on the general direction, >>>>> and THEN apply a commit. >>>>> >>>>> Those are my recommendations, and I don't know about the rest of the >>>>> folks opinion here so I invite everyone else to have their input. >>>>> >>>>> On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> >> wrote: >>>>>> Hi all, >>>>>> >>>>>> Thanks Jacques, Taher and Nicolas mentioned our community rule, "a >>>>> proper discussion". >>>>>> I created an issue "Add method attribute to request-map to controll a >>>>> uri can be called GET or POST only" a week ago: >>>>>> https://issues.apache.org/jira/browse/OFBIZ-10438 >>>>>> >>>>>> Thanks Mathieu, he submitted his patches very quickly while I was >>>>> preparing mine. I tested them and submitted to trunk. Please be aware, >> the >>>>> latest versions are r1834465 and r1834570, and the implement requires >> JDK >>>>> 1.8. >>>>>> Is the implement acceptable for trunk? Further improvement to do? >> Would >>>>> we backport it to releases? >>>>>> If it's not acceptable, I'll revert the implement. >>>>>> >>>>>> Kind Regards, >>>>>> >>>>>> Shi Jinghai >>>>>> >>>>>> >>>>>> -----邮件原件----- >>>>>> 发件人: Paul Foxworthy [mailto:[hidden email]] >>>>>> 发送时间: 2018年6月26日 19:31 >>>>>> 收件人: [hidden email] >>>>>> 主题: Re: svn commit: r1834389 - in >> /ofbiz/ofbiz-framework/trunk/framework: >>>>> base/src/main/java/org/apache/ofbiz/base/util/collections/ >> webapp/config/ >>>>> webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ >>>>> webapp/src/test/java/org/apache/ofbiz/weba... >>>>>> On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email] >>>>>> wrote: >>>>>> >>>>>>> I could be mistaken, but this seems like a very major change that did >>>>>>> not have a thorough and proper discussion at the mailing list? I >> would >>>>>>> rather at least have an explanation of what was committed and to >>>>>>> discuss the merits and cons of the implementation. >>>>>>> >>>>>> Hi all, >>>>>> >>>>>> I haven't found the specific issue, but wasn't there a major change >>>>> several >>>>>> years ago from GET to POST to help guard against XSS attacks? >>>>>> >>>>>> Cheers >>>>>> >>>>>> Paul Foxworthy >>>>>> >>>>>> -- >>>>>> Coherent Software Australia Pty Ltd >>>>>> PO Box 2773 >>>>>> Cheltenham Vic 3192 >>>>>> Australia >>>>>> >>>>>> Phone: +61 3 9585 6788 >>>>>> Web: http://www.coherentsoftware.com.au/ >>>>>> Email: [hidden email] >> |
|
|
In reply to this post by Shi Jinghai-3
Sorry, but that's not our core difference. Although I personally like
RTC our current strategy in OFBiz is CTR. This is not the issue or the problem. The problem is introducing _design_ changes that affect how the system operates on a fundamental level without consensus, or having important decisions done without a review. CTR does not mean "hey guys, just commit whatever you want and if we don't like it we'll tell you to revert". That's not how it works and not what it means. Committing is a small part in "designing" and "forming a strategy". Take these strategies that we agreed on as an example: - We will not write in minilang and would slowly migrate out from it but continue to support what exists - We will write more documentation in asciidoc - We would like to introduce web APIs Your commit changed multiple fundamental artifacts in the system without a proper discussion. Think of how many things you touched: - Our core XSDs that define what we can do - Controllers - Core Java classes - Servlets So to summarize, the issue (at least for me) is not RTC or CTR, but of the methodology we arrive at making design decisions as a community. On Tue, Jul 3, 2018 at 1:14 PM, Shi Jinghai <[hidden email]> wrote: > Yes, your feeling is quite right. > > I prefer commit-then-review, you prefer review-then-commit. That's our core difference. > > -----邮件原件----- > 发件人: Taher Alkhateeb [mailto:[hidden email]] > 发送时间: 2018年7月3日 18:00 > 收件人: [hidden email] > 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) > > That is not a constructive thing to say in my opinion. Sounds to me like: > hey I don't like reverting, but I know this code is good and now that I > reverted I don't care. This is not how a community works. > > On Tue, Jul 3, 2018, 10:51 AM Shi Jinghai <[hidden email]> wrote: > >> Mathieu decides, I have got his valuable code I needed :) >> >> >> -----邮件原件----- >> 发件人: Taher Alkhateeb [mailto:[hidden email]] >> 发送时间: 2018年7月3日 15:09 >> 收件人: OFBIZ Development Mailing List >> 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn >> commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) >> >> Thank you Shi. If you or Mathieu would like to proceed with this work >> I recommend starting a new thread laying out the what, why, and how of >> what you want to do so we can have a proper discussion about it, >> otherwise I recommend closing the JIRA. >> >> If you or Mathieu would like to start a discussion I'd recommend a new >> thread >> >> On Tue, Jul 3, 2018 at 9:22 AM, Shi Jinghai <[hidden email]> wrote: >> > Reverted in rev 1834917. >> > >> > -----邮件原件----- >> > 发件人: Jacopo Cappellato [mailto:[hidden email]] >> > 发送时间: 2018年6月28日 23:59 >> > 收件人: [hidden email] >> > 主题: Re: [Discussion]: Add method attribute to request-map (Was: svn >> commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework...) >> > >> > +1 to Taher's recommendations. >> > >> > Jacopo >> > >> > On Thu, Jun 28, 2018 at 9:15 AM, Taher Alkhateeb < >> [hidden email] >> >> wrote: >> > >> >> A few comments: >> >> >> >> 1- I would suggest to try and avoid in the future committing any >> >> design changes to the framework without discussing it properly in the >> >> mailing list first >> >> 2- I think it would be better to revert this work. I noticed in the >> >> JIRA for example that Mathieu Lirzin asked for some time to review his >> >> work when you just committed his work without checking what he wanted >> >> to do, and he later provided refactoring patches. >> >> 3- I would recommend providing a summary of what you want to commit. >> >> The commit was too long and I don't want to read line-by-line >> >> everything in the code to understand what was achieved. Let's first >> >> discuss in here what is being done, agree on the general direction, >> >> and THEN apply a commit. >> >> >> >> Those are my recommendations, and I don't know about the rest of the >> >> folks opinion here so I invite everyone else to have their input. >> >> >> >> On Thu, Jun 28, 2018 at 6:46 AM, Shi Jinghai <[hidden email]> >> wrote: >> >> > Hi all, >> >> > >> >> > Thanks Jacques, Taher and Nicolas mentioned our community rule, "a >> >> proper discussion". >> >> > >> >> > I created an issue "Add method attribute to request-map to controll a >> >> uri can be called GET or POST only" a week ago: >> >> > https://issues.apache.org/jira/browse/OFBIZ-10438 >> >> > >> >> > Thanks Mathieu, he submitted his patches very quickly while I was >> >> preparing mine. I tested them and submitted to trunk. Please be aware, >> the >> >> latest versions are r1834465 and r1834570, and the implement requires >> JDK >> >> 1.8. >> >> > >> >> > Is the implement acceptable for trunk? Further improvement to do? >> Would >> >> we backport it to releases? >> >> > >> >> > If it's not acceptable, I'll revert the implement. >> >> > >> >> > Kind Regards, >> >> > >> >> > Shi Jinghai >> >> > >> >> > >> >> > -----邮件原件----- >> >> > 发件人: Paul Foxworthy [mailto:[hidden email]] >> >> > 发送时间: 2018年6月26日 19:31 >> >> > 收件人: [hidden email] >> >> > 主题: Re: svn commit: r1834389 - in >> /ofbiz/ofbiz-framework/trunk/framework: >> >> base/src/main/java/org/apache/ofbiz/base/util/collections/ >> webapp/config/ >> >> webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ >> >> webapp/src/test/java/org/apache/ofbiz/weba... >> >> > >> >> > On 26 June 2018 at 17:58, Taher Alkhateeb <[hidden email] >> > >> >> > wrote: >> >> > >> >> >> I could be mistaken, but this seems like a very major change that did >> >> >> not have a thorough and proper discussion at the mailing list? I >> would >> >> >> rather at least have an explanation of what was committed and to >> >> >> discuss the merits and cons of the implementation. >> >> >> >> >> > >> >> > Hi all, >> >> > >> >> > I haven't found the specific issue, but wasn't there a major change >> >> several >> >> > years ago from GET to POST to help guard against XSS attacks? >> >> > >> >> > Cheers >> >> > >> >> > Paul Foxworthy >> >> > >> >> > -- >> >> > Coherent Software Australia Pty Ltd >> >> > PO Box 2773 >> >> > Cheltenham Vic 3192 >> >> > Australia >> >> > >> >> > Phone: +61 3 9585 6788 >> >> > Web: http://www.coherentsoftware.com.au/ >> >> > Email: [hidden email] >> >> >> |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |