Return-Path: Delivered-To: apmail-incubator-chemistry-dev-archive@minotaur.apache.org Received: (qmail 37210 invoked from network); 8 Feb 2011 12:06:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 8 Feb 2011 12:06:16 -0000 Received: (qmail 95705 invoked by uid 500); 8 Feb 2011 12:06:16 -0000 Delivered-To: apmail-incubator-chemistry-dev-archive@incubator.apache.org Received: (qmail 95579 invoked by uid 500); 8 Feb 2011 12:06:14 -0000 Mailing-List: contact chemistry-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: chemistry-dev@incubator.apache.org Delivered-To: mailing list chemistry-dev@incubator.apache.org Received: (qmail 95571 invoked by uid 99); 8 Feb 2011 12:06:14 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Feb 2011 12:06:14 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jhuebel@opentext.com designates 149.235.128.48 as permitted sender) Received: from [149.235.128.48] (HELO mucmx01.ixos.de) (149.235.128.48) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Feb 2011 12:06:04 +0000 Received: from mucpm01.smtp.dmz.opentext.com (localhost [127.0.0.1]) by mucmx01.ixos.de (8.12.10+Sun/8.12.10) with ESMTP id p18C5hC6019330 for ; Tue, 8 Feb 2011 13:05:43 +0100 (MET) Received: from MUCXGC2.opentext.net (mucxg04.opentext.net [149.235.128.138]) by mucpm01.smtp.dmz.opentext.com (8.14.4/8.14.4) with ESMTP id p18C5gdh025137 for ; Tue, 8 Feb 2011 07:05:42 -0500 (envelope-from jhuebel@opentext.com) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Product/vendor specific contributions to Chemistry Date: Tue, 8 Feb 2011 13:06:27 +0100 Message-ID: <11E8705F4573E64FB42C724ADC742F6F034E2851@MUCXGC2.opentext.net> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Product/vendor specific contributions to Chemistry Thread-Index: AcvHHbMGBTowon81TJ6YHEzgzFM/zQAaAxoQ References: From: =?iso-8859-1?Q?Jens_H=FCbel?= To: X-Archived: msg.AvzGmb2:2011-02-08:mucpm01.smtp.dmz.opentext.com X-Virus-Checked: Checked by ClamAV on apache.org Not sure that I have the full picture yet about the proposed = enhancement, but in general I feel it would be better to provide a = generic extension point in CMIS with the possibility to drop another = Alfresco (or anybody else's) jar on the class path instead of adding = dozens of vendor specific extensions to the Chemistry code bases over = time. Looking at the motivation mentioned in the issue tracker... > "The default authentication scheme supported by OpenCMIS is HTTP BASIC = which is not=20 > suitable for any serious deployment due to the fact that it sends = userids and passwords in=20 > the clear at each request ... well if there is anything better that makes sense we should talk = about this, but securing a repository is a wider field than just = avoiding sending passwords over the wire. The NTLM authentication could be seen as another example of such an = integration but for me this is on a different level of "vendor = specific". Just my thoughts I am open for discussion... Jens -----Original Message----- From: Nick Burch [mailto:nick.burch@alfresco.com]=20 Sent: Dienstag, 8. Februar 2011 00:21 To: chemistry-dev@incubator.apache.org Subject: Re: Product/vendor specific contributions to Chemistry On Mon, 7 Feb 2011, Gabriele Columbro wrote: > this contribution to Alfresco [1] which also comprise a potential=20 > contribution to OpenCMIS is triggering to ask me a more general = question=20 > on the list. > > What is our (and ASF) position with respect to product specific > contributions? Meaning, do you see any "netiquette" or other issues in > committing this the OpenCMIS codebase? My gut feeling is that if you can compile the code without needing any=20 Alfresco jars, and if it's a small-ish optional feature, then it = probably=20 makes sense to have it in Chemistry so it's easy for people to use. We'd = just need to ensure there's always another way to do it though, so = people=20 can code generically if they want to. For code that requires Alfresco (or anyone else's) jars to compile=20 against, it'll almost certainly need to be a different module. If that = is=20 hosted in Chemistry or outside will depend on both the license, and how=20 close a fit the community feels it is. In this case, I seem to recall there's already an alternate = authentication=20 provider for NTLM, so this would seem an OK addition for people who = wanted=20 it, which others can ignore if they don't. Nick