ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Taher Alkhateeb <slidingfilame...@gmail.com>
Subject Re: Taking a decision on remaining Jars in OFBiz
Date Wed, 07 Sep 2016 15:11:54 GMT
Hi Jacques,

First of all the ofbizSecure task is gone instead everything calls the
correct jvm arguments by default to fetch notsoserial.

The work to remove notsoserial is almost nothing. You just to remove a few
jvm args and that's it. Even if you don't remove the jvm args nothing
happens because it will just ignore it as missing from the classpath.

Taher Alkhateeb

On Sep 7, 2016 5:48 PM, "Jacques Le Roux" <jacques.le.roux@les7arts.com>
wrote:

> Huho, I was too fast on this. Currently the Gradle "ofbizSecure" tasks
> depends on the notsoserial-1.0-SNAPSHOT.jar
>
> So this would need more work and w/o answers from them I suspect they will
> not publish the jar.
>
> Now it's a serious security but not OOTB. So I see 2 possibilities.
>
> 1. Ask the ASF for a derogation (after all it's a Java issue not an OFBiz
> one)
> 2. Do what I said before AND change the Gradle "ofbizSecure" tasks
>
> Opinions?
>
> Jacques
>
>
> Le 07/09/2016 à 14:01, Jacques Le Roux a écrit :
>
>> Yes I see no problems with that. I just need to add directions for users
>> before. I'll then remove the jars... very soon...
>>
>> Jacques
>>
>>
>> Le 07/09/2016 à 13:09, Jacopo Cappellato a écrit :
>>
>>> Jacques, any news from notsoserial?
>>> If not, I think we can proceed by (temporarily) removing the jars until
>>> they will publish the jar.
>>>
>>> Regards,
>>>
>>> Jacopo
>>>
>>> On Sat, Aug 20, 2016 at 11:12 AM, Jacques Le Roux <
>>> jacques.le.roux@les7arts.com> wrote:
>>>
>>> Yes that's what I proposed also, I will try that before the worse
>>>> solution
>>>> as Taher called them, would you help?
>>>>
>>>> Jacques
>>>>
>>>>
>>>>
>>>> Le 20/08/2016 à 08:32, Pierre Smits a écrit :
>>>>
>>>> Hi Jacques,
>>>>>
>>>>> Why not try to convince the people behind notsoserial to have them push
>>>>> the
>>>>> library to maven central and/or jpublish? In stead of this community
>>>>> doing
>>>>> the work?
>>>>>
>>>>> Best regards,
>>>>>
>>>>>
>>>>> Pierre Smits
>>>>>
>>>>> ORRTIZ.COM <http://www.orrtiz.com>
>>>>> OFBiz based solutions & services
>>>>>
>>>>> OFBiz Extensions Marketplace
>>>>> http://oem.ofbizci.net/oci-2/
>>>>>
>>>>>
>>>>>
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message