OFBiz OFBiz - Dev
Login  Register

[VOTE] Security fixes and releases

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options Options
 
Embed post
Permalink
Jacques Le Roux
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Nov 26, 2007; 7:07pm

[VOTE] Security fixes and releases

Jacques Le Roux
Administrator
17869 posts
Hi,

This is the official vote thread about security issues and fixes in releases

My proposition is to make a vote on 2 points

Please vote for each points
[+1] Yes
[+0] I'm fine either way
[-1] No

1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?

2. Do you vote for, in general, commiting security fixes in releases ?

Other examples of other security issues may be found from here :
https://issues.apache.org/jira/browse/OFBIZ-178

Thanks

Jacques

Jacopo Cappellato
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Nov 26, 2007; 7:30pm

Re: [VOTE] Security fixes and releases

Jacopo Cappellato
1743 posts
+1
+1 (but it depends on the nature of the patch)

Jacques Le Roux wrote:

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
... [show rest of quote]
Adrian Crum
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Nov 26, 2007; 7:32pm

Re: [VOTE] Security fixes and releases

Adrian Crum
2435 posts
In reply to this post by Jacques Le Roux
Is this vote open to all or just the PMC?


Jacques Le Roux wrote:

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>
>
... [show rest of quote]
Jacopo Cappellato
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Nov 26, 2007; 7:48pm

Re: [VOTE] Security fixes and releases

Jacopo Cappellato
1743 posts
The binding votes are those from the PMC members, but committers' votes
are important too (so please express your, Adrian) and also the votes
from developers in general.

Cheers,

Jacopo


Adrian Crum wrote:

> Is this vote open to all or just the PMC?
>
>
> Jacques Le Roux wrote:
>
>> Hi,
>>
>> This is the official vote thread about security issues and fixes in
>> releases
>>
>> My proposition is to make a vote on 2 points
>>
>> Please vote for each points
>> [+1] Yes
>> [+0] I'm fine either way
>> [-1] No
>>
>> 1. Do you vote for commiting the patch input-with-password.patch from
>> Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
>> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>>
>> in dev ML for history) ?
>>
>> 2. Do you vote for, in general, commiting security fixes in releases ?
>>
>> Other examples of other security issues may be found from here :
>> https://issues.apache.org/jira/browse/OFBIZ-178
>>
>> Thanks
>>
>> Jacques
>>
>>
... [show rest of quote]
Adrian Crum
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Nov 26, 2007; 7:53pm

Re: [VOTE] Security fixes and releases

Adrian Crum
2435 posts
In reply to this post by Jacques Le Roux
+1
-1 (I believe each case should be discussed)

-Adrian

Jacques Le Roux wrote:

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>
>
... [show rest of quote]
David E Jones
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Nov 26, 2007; 7:58pm

Re: [VOTE] Security fixes and releases

David E Jones
1775 posts
In reply to this post by Adrian Crum

All votes are open to all PMC members, committers, contributors,  
commentors, users, etc.

Only PMC member votes are binding.

Personally though I don't see a reason for an "official vote" on this  
topic. Did ANYONE actually disagree with doing this?

-David


On Nov 26, 2007, at 12:32 PM, Adrian Crum wrote:

> Is this vote open to all or just the PMC?
>
>
> Jacques Le Roux wrote:
>
>> Hi,
>> This is the official vote thread about security issues and fixes in  
>> releases
>> My proposition is to make a vote on 2 points
>> Please vote for each points
>> [+1] Yes
>> [+0] I'm fine either way
>> [-1] No
>> 1. Do you vote for commiting the patch input-with-password.patch  
>> from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
>> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or  
>> out?)>> in dev ML for history) ?
>> 2. Do you vote for, in general, commiting security fixes in  
>> releases ?
>> Other examples of other security issues may be found from here :
>> https://issues.apache.org/jira/browse/OFBIZ-178
>> Thanks
>> Jacques
>
... [show rest of quote]

... [show rest of quote]

smime.p7s (3K) Download Attachment
Tim Ruppert
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Nov 26, 2007; 8:28pm

Re: [VOTE] Security fixes and releases

Tim Ruppert
1151 posts
+1
-1 (all should be reviewed)

On Nov 26, 2007, at 12:58 PM, David E Jones wrote:

>
> All votes are open to all PMC members, committers, contributors,  
> commentors, users, etc.
>
> Only PMC member votes are binding.
>
> Personally though I don't see a reason for an "official vote" on  
> this topic. Did ANYONE actually disagree with doing this?
>
> -David
>
>
> On Nov 26, 2007, at 12:32 PM, Adrian Crum wrote:
>
>> Is this vote open to all or just the PMC?
>>
>>
>> Jacques Le Roux wrote:
>>
>>> Hi,
>>> This is the official vote thread about security issues and fixes  
>>> in releases
>>> My proposition is to make a vote on 2 points
>>> Please vote for each points
>>> [+1] Yes
>>> [+0] I'm fine either way
>>> [-1] No
>>> 1. Do you vote for commiting the patch input-with-password.patch  
>>> from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
>>> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or  
>>> out?)>> in dev ML for history) ?
>>> 2. Do you vote for, in general, commiting security fixes in  
>>> releases ?
>>> Other examples of other security issues may be found from here :
>>> https://issues.apache.org/jira/browse/OFBIZ-178
>>> Thanks
>>> Jacques
>>
>
... [show rest of quote]

... [show rest of quote]

smime.p7s (3K) Download Attachment
Malin Nicolas
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Nov 26, 2007; 8:32pm

Re: [VOTE] Security fixes and releases

Malin Nicolas
377 posts
In reply to this post by Jacques Le Roux
If I can vote :

1. +1
2. +1 if it's a critical security correction and for the last release only

Nicolas
Jacques Le Roux a écrit :

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>
>
>  
... [show rest of quote]



--
Nicolas MALIN
Consultant
Tél : 06.17.66.40.06
Site projet : http://www.neogia.org/
-------
Société LibrenBerry
Tél : 02.48.02.56.12
Site : http://www.librenberry.net/
jonwimp
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Nov 27, 2007; 6:17am

Re: [VOTE] Security fixes and releases

jonwimp
707 posts
In reply to this post by Jacques Le Roux
+1

-1

For the 2nd point, note how I am always always lambasted for fixing a bug I haven't reproduced,
and often for good reason (I deal with many stable production forks). Sometimes I catch bugs just
by looking at source codes.

Be careful when applying patches to stable releases. Always be sure it won't destabilize the release.

This holds true for any non-bug fixes, not just for security-related non-bug fixes.

Jonathon

Jacques Le Roux wrote:

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>
>
... [show rest of quote]
Scott Gray
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Nov 27, 2007; 6:27am

Re: [VOTE] Security fixes and releases

Scott Gray
986 posts
In reply to this post by Jacques Le Roux
+1

-1 (Because I don't really know what it implies if this vote were to pass)

Regards
Scott

On 27/11/2007, Jacques Le Roux <[hidden email]> wrote:

>
> Hi,
>
> This is the official vote thread about security issues and fixes in
> releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira
> issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in
> dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>
>
... [show rest of quote]
Jacques Le Roux
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Nov 28, 2007; 10:05pm

Re: [VOTE] Security fixes and releases

Jacques Le Roux
Administrator
17869 posts
In reply to this post by Jacques Le Roux
+1
+1

Jacques

De : "Jacques Le Roux" <[hidden email]>

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106
in

> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>

Jacques Le Roux
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Nov 28, 2007; 10:05pm

Re: [VOTE] Security fixes and releases

Jacques Le Roux
Administrator
17869 posts
In reply to this post by Jacques Le Roux
Point 1
[+1] : 7
[+0] : 0
[-1] : 0
The vote has passed and I will back-port the change in release soon.

Point 2
[+1] : 3
[+0] : 0
[-1] : 4
There is no clear consensus and we will have to discuss of each cases in future.

Thanks for your votes

Jacques

De : "Jacques Le Roux" <[hidden email]>

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106
in

> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>

Free forum by Nabble Edit this page