Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 27664 invoked from network); 17 Jul 2006 19:01:23 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 17 Jul 2006 19:01:23 -0000 Received: (qmail 97393 invoked by uid 500); 17 Jul 2006 19:01:22 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 97361 invoked by uid 500); 17 Jul 2006 19:01:22 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 97352 invoked by uid 99); 17 Jul 2006 19:01:22 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Jul 2006 12:01:22 -0700 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE,HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of francois.orsini@gmail.com designates 64.233.182.185 as permitted sender) Received: from [64.233.182.185] (HELO nf-out-0910.google.com) (64.233.182.185) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Jul 2006 12:01:21 -0700 Received: by nf-out-0910.google.com with SMTP id m19so34474nfc for ; Mon, 17 Jul 2006 12:01:00 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=KCfDAdyS4zbd5jF3FBPNf/KR/Mk7jO1HuTaDoVPDfyPRHdnyF+vRBdZdeSAl1Yf22N7rP6P3er+GTvS6BIsk07lJn42z79o83OVAfxHjO586pmFhA80Mv4f66/e4tkZlZhQeyD1s8zgxosGTkNBreeAKZD11nuEuAls0FElOA+U= Received: by 10.48.210.20 with SMTP id i20mr2246331nfg; Mon, 17 Jul 2006 12:01:00 -0700 (PDT) Received: by 10.48.207.16 with HTTP; Mon, 17 Jul 2006 12:00:59 -0700 (PDT) Message-ID: <7921d3e40607171200l47bc3279ub705a719ae22b25@mail.gmail.com> Date: Mon, 17 Jul 2006 12:00:59 -0700 From: "Francois Orsini" To: derby-dev@db.apache.org Subject: DERBY-528 - IRC discussion summary between KatheyM and FrancoisO MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_65004_28341591.1153162859496" X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N ------=_Part_65004_28341591.1153162859496 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline This is a summary of the IRC discussion Kathey M. and I had today. Posting it on derby-dev to record it - Thanks again for your time and help Kathey. francois: Did you want to talk about DERBY-528? We can talk here on #derby and then summarize to the list. I'm going to post some details as you've asked The big question for me is that I want to make sure this doesn't cause any new upgrade order restrictions It should not with the current changes 10.1 /10.2 servers/clients need to continue to work together without change. Even if it is that the DERBY-528 fix exposes an existing but, it needs to be resolved before DERBY-528 goes in. Does that make sense? Absolutely Oh sorry, then I am confused about your original question ok - let me explain not question, statement about the incompatibility. The current changes as they have been posted do not cause 10.1 /10.2 servers/clients connection(s) to fail - all compatibility tests are passing ok. You made a code change then to do that from your original patch? Yes I did I have backed out the default upgraded secmec to use as SECMEC_USRSSBPWD (password substitute) Because we can't process on the client the list of SecMec's returned from a server which does not support this new SecMec (SECMEC_USRSSBPWD) For instance, 10.2 <--> 10.1 I see I really missed that from your patch update description. If I could parse that list on the client side, then SECMEC_USRSSBPWD could be used as a default upgraded secmec after SECMEC_EUSRIDPWD for instance Yes, sorry my description was not clear Hence why I entered http://issues.apache.org/jira/browse/DERBY-1517 Then after the fix for DERBY-1517 you will be able to reenable? Yep and It was working great until I ran the full compatibility tests I had run lots of tests w/ SECMEC_USRSSBPWD so I know it had been working fine, except when going 10.2 --> 10.1 I understand. I was wondering if you could post a summary of the changes that the DERBY-528 patch makes in some detail to make it a little easier to review. Yes am writing it now But Derby-1517 is tricky Excellent. I will wait for that and then review. The server version is not returned from a ACCSECRD :( Right. I was worried about that. It is too early right? I have to recheck again but I did not see it - Yes it is too early as you mentioned in the notes But then am trying to see if I could still parse the list returned today, instead of the array (as the specs mentioned) good. It would be good to upgrade the default. Absolutely - This was my original intention and changes This security mechanism implementation has ben a challenging one Thanks for taking it on. On the coding format. The only place I saw the indentation not matching the surrounding code was BasicAuthenticationServiceImpl with a visual diff. Due to the fact, well, there is no way to decrypt a substituted (hashed) password :) Ok - I'm going to look at these and address them It is awful that we don't have a coding standard Yeah and then it is hard to copy code that does not look standard when you need to put new changes - am always tempted to fix code around but then it is confusing the review Need to ask you something about db2jcc what is 2.6 and 2.8 under master\DerbyNet Someone will eventually get sick of it and pick up DERBY-1363. every new developer gets bitten by that bug. Yes. They are JCC versions. What JCC version are you using? Am using 2.4 OK. When you post your summary comment. Just add that JCC 2.6, 2.8 also need to be updated and ask if someone with access can update the masters. I can probably do it as part of my review. ok I will ask Thanks for your time Kathey Thank you Francois. Cheers, --francois ------=_Part_65004_28341591.1153162859496 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline This is a summary of the IRC discussion Kathey M. and I had today. Posting it on derby-dev to record it - Thanks again for your time and help Kathey.

    <kmarsden>    francois: Did you want to talk about DERBY-528? We can talk here on #derby and then summarize to the list.
    <FrancoisOrsini>    I'm going to post some details as you've asked
    <kmarsden>    The big question for me is that I want to make sure this doesn't cause any new upgrade order restrictions
    <FrancoisOrsini>    It should not with the current changes
    <kmarsden>    10.1 /10.2 servers/clients need to continue to work together without change. Even if it is that the DERBY-528 fix exposes an existing but, it needs to be resolved before DERBY-528 goes in.
    <kmarsden>    Does that make sense?
    <FrancoisOrsini>    Absolutely
    <kmarsden>    Oh sorry, then I am confused about your original question
    <FrancoisOrsini>    ok - let me explain
    <kmarsden>    not question, statement about the incompatibility.
    <FrancoisOrsini>    The current changes as they have been posted do not cause 10.1 /10.2 servers/clients connection(s) to fail - all compatibility tests are passing
    <kmarsden>    ok. You made a code change then to do that from your original patch?
    <FrancoisOrsini>    Yes I did
    <FrancoisOrsini>    I have backed out the default upgraded secmec to use as SECMEC_USRSSBPWD (password substitute)
    <FrancoisOrsini>    Because we can't process on the client the list of SecMec's returned from a server which does not support this new SecMec (SECMEC_USRSSBPWD)
    <FrancoisOrsini>    For instance, 10.2 <--> 10.1
    <kmarsden>    I see I really missed that from your patch update description.
    <FrancoisOrsini>    If I could parse that list on the client side, then SECMEC_USRSSBPWD could be used as a default upgraded secmec after SECMEC_EUSRIDPWD for instance
    <FrancoisOrsini>    Yes, sorry my description was not clear
    <FrancoisOrsini>    Hence why I entered http://issues.apache.org/jira/browse/DERBY-1517
    <kmarsden>    Then after the fix for DERBY-1517 you will be able to reenable?
    <FrancoisOrsini>    Yep
    <FrancoisOrsini>    and It was working great until I ran the full compatibility tests
    <FrancoisOrsini>    I had run lots of tests w/ SECMEC_USRSSBPWD so I know it had been working fine, except when going 10.2 --> 10.1
    <kmarsden>    I understand. I was wondering if you could post a summary of the changes that the DERBY-528 patch makes in some detail to make it a little easier to review.
    <FrancoisOrsini>    Yes am writing it now
    <FrancoisOrsini>    But Derby-1517 is tricky
    <kmarsden>    Excellent. I will wait for that and then review.
    <FrancoisOrsini>    The server version is not returned from a ACCSECRD :(
    <kmarsden>    Right. I was worried about that. It is too early right?
    <FrancoisOrsini>    I have to recheck again but I did not see it - Yes it is too early as you mentioned in the notes
    <FrancoisOrsini>    But then am trying to see if I could still parse the list returned today, instead of the array (as the specs mentioned)
    <kmarsden>    good. It would be good to upgrade the default.
    <FrancoisOrsini>    Absolutely - This was my original intention and changes
    <FrancoisOrsini>    This security mechanism implementation has ben a challenging one
    <kmarsden>    Thanks for taking it on. On the coding format. The only place I saw the indentation not matching the surrounding code was BasicAuthenticationServiceImpl with a visual diff.
    <FrancoisOrsini>    Due to the fact, well, there is no way to decrypt a substituted (hashed) password :)
    <FrancoisOrsini>    Ok - I'm going to look at these and address them
    <kmarsden>    It is awful that we don't have a coding standard
    <FrancoisOrsini>    Yeah and then it is hard to copy code that does not look standard when you need to put new changes - am always tempted to fix code around but then it is confusing the review
    <FrancoisOrsini>    Need to ask you something about db2jcc
    <FrancoisOrsini>    what is 2.6 and 2.8 under master\DerbyNet
    <kmarsden>    Someone will eventually get sick of it and pick up DERBY-1363. every new developer gets bitten by that bug.
    <kmarsden>    Yes. They are JCC versions. What JCC version are you using?
    <FrancoisOrsini>    Am using 2.4
    <kmarsden>    OK. When you post your summary comment. Just add that JCC 2.6, 2.8 also need to be updated and ask if someone with access can update the masters.
    <kmarsden>    I can probably do it as part of my review.
    <FrancoisOrsini>    ok I will ask
    <FrancoisOrsini>    Thanks for your time Kathey
    <kmarsden>    Thank you Francois.

Cheers,

--francois
------=_Part_65004_28341591.1153162859496--