OFBiz OFBiz - Dev

[VOTE] Security fixes and releases

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options
Jacques Le Roux
Reply | Threaded
Open this post in threaded view
|

[VOTE] Security fixes and releases

Jacques Le Roux
Administrator
Hi,

This is the official vote thread about security issues and fixes in releases

My proposition is to make a vote on 2 points

Please vote for each points
[+1] Yes
[+0] I'm fine either way
[-1] No

1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?

2. Do you vote for, in general, commiting security fixes in releases ?

Other examples of other security issues may be found from here :
https://issues.apache.org/jira/browse/OFBIZ-178

Thanks

Jacques

Jacopo Cappellato
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Security fixes and releases

Jacopo Cappellato
+1
+1 (but it depends on the nature of the patch)

Jacques Le Roux wrote:

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques

Adrian Crum
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Security fixes and releases

Adrian Crum
In reply to this post by Jacques Le Roux
Is this vote open to all or just the PMC?


Jacques Le Roux wrote:

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>
>

Jacopo Cappellato
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Security fixes and releases

Jacopo Cappellato
The binding votes are those from the PMC members, but committers' votes
are important too (so please express your, Adrian) and also the votes
from developers in general.

Cheers,

Jacopo


Adrian Crum wrote:

> Is this vote open to all or just the PMC?
>
>
> Jacques Le Roux wrote:
>
>> Hi,
>>
>> This is the official vote thread about security issues and fixes in
>> releases
>>
>> My proposition is to make a vote on 2 points
>>
>> Please vote for each points
>> [+1] Yes
>> [+0] I'm fine either way
>> [-1] No
>>
>> 1. Do you vote for commiting the patch input-with-password.patch from
>> Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
>> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>>
>> in dev ML for history) ?
>>
>> 2. Do you vote for, in general, commiting security fixes in releases ?
>>
>> Other examples of other security issues may be found from here :
>> https://issues.apache.org/jira/browse/OFBIZ-178
>>
>> Thanks
>>
>> Jacques
>>
>>

Adrian Crum
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Security fixes and releases

Adrian Crum
In reply to this post by Jacques Le Roux
+1
-1 (I believe each case should be discussed)

-Adrian

Jacques Le Roux wrote:

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>
>

David E Jones
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Security fixes and releases

David E Jones
In reply to this post by Adrian Crum

All votes are open to all PMC members, committers, contributors,  
commentors, users, etc.

Only PMC member votes are binding.

Personally though I don't see a reason for an "official vote" on this  
topic. Did ANYONE actually disagree with doing this?

-David


On Nov 26, 2007, at 12:32 PM, Adrian Crum wrote:

> Is this vote open to all or just the PMC?
>
>
> Jacques Le Roux wrote:
>
>> Hi,
>> This is the official vote thread about security issues and fixes in  
>> releases
>> My proposition is to make a vote on 2 points
>> Please vote for each points
>> [+1] Yes
>> [+0] I'm fine either way
>> [-1] No
>> 1. Do you vote for commiting the patch input-with-password.patch  
>> from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
>> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or  
>> out?)>> in dev ML for history) ?
>> 2. Do you vote for, in general, commiting security fixes in  
>> releases ?
>> Other examples of other security issues may be found from here :
>> https://issues.apache.org/jira/browse/OFBIZ-178
>> Thanks
>> Jacques
>


smime.p7s (3K) Download Attachment
Tim Ruppert
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Security fixes and releases

Tim Ruppert
+1
-1 (all should be reviewed)

On Nov 26, 2007, at 12:58 PM, David E Jones wrote:

>
> All votes are open to all PMC members, committers, contributors,  
> commentors, users, etc.
>
> Only PMC member votes are binding.
>
> Personally though I don't see a reason for an "official vote" on  
> this topic. Did ANYONE actually disagree with doing this?
>
> -David
>
>
> On Nov 26, 2007, at 12:32 PM, Adrian Crum wrote:
>
>> Is this vote open to all or just the PMC?
>>
>>
>> Jacques Le Roux wrote:
>>
>>> Hi,
>>> This is the official vote thread about security issues and fixes  
>>> in releases
>>> My proposition is to make a vote on 2 points
>>> Please vote for each points
>>> [+1] Yes
>>> [+0] I'm fine either way
>>> [-1] No
>>> 1. Do you vote for commiting the patch input-with-password.patch  
>>> from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
>>> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or  
>>> out?)>> in dev ML for history) ?
>>> 2. Do you vote for, in general, commiting security fixes in  
>>> releases ?
>>> Other examples of other security issues may be found from here :
>>> https://issues.apache.org/jira/browse/OFBIZ-178
>>> Thanks
>>> Jacques
>>
>


smime.p7s (3K) Download Attachment
Malin Nicolas
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Security fixes and releases

Malin Nicolas
In reply to this post by Jacques Le Roux
If I can vote :

1. +1
2. +1 if it's a critical security correction and for the last release only

Nicolas
Jacques Le Roux a écrit :

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>
>
>  



--
Nicolas MALIN
Consultant
Tél : 06.17.66.40.06
Site projet : http://www.neogia.org/
-------
Société LibrenBerry
Tél : 02.48.02.56.12
Site : http://www.librenberry.net/
jonwimp
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Security fixes and releases

jonwimp
In reply to this post by Jacques Le Roux
+1

-1

For the 2nd point, note how I am always always lambasted for fixing a bug I haven't reproduced,
and often for good reason (I deal with many stable production forks). Sometimes I catch bugs just
by looking at source codes.

Be careful when applying patches to stable releases. Always be sure it won't destabilize the release.

This holds true for any non-bug fixes, not just for security-related non-bug fixes.

Jonathon

Jacques Le Roux wrote:

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>
>

Scott Gray
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Security fixes and releases

Scott Gray
In reply to this post by Jacques Le Roux
+1

-1 (Because I don't really know what it implies if this vote were to pass)

Regards
Scott

On 27/11/2007, Jacques Le Roux <[hidden email]> wrote:

>
> Hi,
>
> This is the official vote thread about security issues and fixes in
> releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira
> issue https://issues.apache.org/jira/browse/OFBIZ-1106 in
> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in
> dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>
>
Jacques Le Roux
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Security fixes and releases

Jacques Le Roux
Administrator
In reply to this post by Jacques Le Roux
+1
+1

Jacques

De : "Jacques Le Roux" <[hidden email]>

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106
in

> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>

Jacques Le Roux
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Security fixes and releases

Jacques Le Roux
Administrator
In reply to this post by Jacques Le Roux
Point 1
[+1] : 7
[+0] : 0
[-1] : 0
The vote has passed and I will back-port the change in release soon.

Point 2
[+1] : 3
[+0] : 0
[-1] : 4
There is no clear consensus and we will have to discuss of each cases in future.

Thanks for your votes

Jacques

De : "Jacques Le Roux" <[hidden email]>

> Hi,
>
> This is the official vote thread about security issues and fixes in releases
>
> My proposition is to make a vote on 2 points
>
> Please vote for each points
> [+1] Yes
> [+0] I'm fine either way
> [-1] No
>
> 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106
in

> release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ?
>
> 2. Do you vote for, in general, commiting security fixes in releases ?
>
> Other examples of other security issues may be found from here :
> https://issues.apache.org/jira/browse/OFBIZ-178
>
> Thanks
>
> Jacques
>

Free forum by Nabble Edit this page