[jira] [Comment Edited] (OFBIZ-7793) Add download definition for drivers of commonly used open source rdbms to build gradle

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Comment Edited] (OFBIZ-7793) Add download definition for drivers of commonly used open source rdbms to build gradle

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-7793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15378403#comment-15378403 ]

Jacques Le Roux edited comment on OFBIZ-7793 at 7/14/16 9:32 PM:
-----------------------------------------------------------------

I'm not strongly against this solution, and we could live with it temporarily but I think for this issue as for OFBIZ-7773 we should follow the Apache Groovy team recommendation which is to use https://github.com/tkruse/gradle-groovysh-plugin. We could then ask users for their preference, it's here a bit more difficult so maybe best to forget it and let users completly decide about it.

Globally for static downloads, one issue I'm thinking about is possible vulnerabilities. Here see eg https://www.cvedetails.com/google-search-results.php?q=jdbc&sa=Search
The beauty of a tool like Gradle is it should automatically prevent vulnerabilities. We can of course cross compilation issues with automatic updates but it's orders of magnitude less dangerous than an hidden vulnerability...


was (Author: jacques.le.roux):
I'm not strongly against this solution, and we could live with it temporarily but I think for this issue as for OFBIZ-7773 we should follow the Apache Groovy team recommendation which is to use https://github.com/tkruse/gradle-groovysh-plugin. We could then ask users for their preference, it's here a bit more difficult do maybe best to forget it and let users completly decide about it.

Globally for static downloads, one issue I'm thinking about is possible vulnerabilities. Here see eg https://www.cvedetails.com/google-search-results.php?q=jdbc&sa=Search
The beauty of a tool like Gradle is it should automatically prevent vulnerabilities. We can of course cross compilation issues with automatic updates but it's orders of magnitude less dangerous than an hidden vulnerability...

> Add download definition for drivers of commonly used open source rdbms to build gradle
> --------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-7793
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-7793
>             Project: OFBiz
>          Issue Type: Improvement
>    Affects Versions: Trunk
>            Reporter: Pierre Smits
>            Assignee: Pierre Smits
>         Attachments: OFBIZ-7793-build.gradle.patch
>
>
> With the move to dependency mgt through gradle/gradlew the download definitions for the drivers of the most commonly used rdbms solutions were removed.
> Adding these to the build.gradle file will deliver a great pleasure adoption wise through a small effort.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)