ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacopo Cappellato <jacopo.cappell...@hotwaxsystems.com>
Subject Re: Taking a decision on remaining Jars in OFBiz
Date Wed, 07 Sep 2016 15:16:10 GMT
Thank you Jacques and Taher.

So it seems we can move on and temporarily remove the jar.

Jacopo


On Wed, Sep 7, 2016 at 5:11 PM, Taher Alkhateeb <slidingfilaments@gmail.com>
wrote:

> Hi Jacques,
>
> First of all the ofbizSecure task is gone instead everything calls the
> correct jvm arguments by default to fetch notsoserial.
>
> The work to remove notsoserial is almost nothing. You just to remove a few
> jvm args and that's it. Even if you don't remove the jvm args nothing
> happens because it will just ignore it as missing from the classpath.
>
> Taher Alkhateeb
>
> On Sep 7, 2016 5:48 PM, "Jacques Le Roux" <jacques.le.roux@les7arts.com>
> wrote:
>
> > Huho, I was too fast on this. Currently the Gradle "ofbizSecure" tasks
> > depends on the notsoserial-1.0-SNAPSHOT.jar
> >
> > So this would need more work and w/o answers from them I suspect they
> will
> > not publish the jar.
> >
> > Now it's a serious security but not OOTB. So I see 2 possibilities.
> >
> > 1. Ask the ASF for a derogation (after all it's a Java issue not an OFBiz
> > one)
> > 2. Do what I said before AND change the Gradle "ofbizSecure" tasks
> >
> > Opinions?
> >
> > Jacques
> >
> >
> > Le 07/09/2016 à 14:01, Jacques Le Roux a écrit :
> >
> >> Yes I see no problems with that. I just need to add directions for users
> >> before. I'll then remove the jars... very soon...
> >>
> >> Jacques
> >>
> >>
> >> Le 07/09/2016 à 13:09, Jacopo Cappellato a écrit :
> >>
> >>> Jacques, any news from notsoserial?
> >>> If not, I think we can proceed by (temporarily) removing the jars until
> >>> they will publish the jar.
> >>>
> >>> Regards,
> >>>
> >>> Jacopo
> >>>
> >>> On Sat, Aug 20, 2016 at 11:12 AM, Jacques Le Roux <
> >>> jacques.le.roux@les7arts.com> wrote:
> >>>
> >>> Yes that's what I proposed also, I will try that before the worse
> >>>> solution
> >>>> as Taher called them, would you help?
> >>>>
> >>>> Jacques
> >>>>
> >>>>
> >>>>
> >>>> Le 20/08/2016 à 08:32, Pierre Smits a écrit :
> >>>>
> >>>> Hi Jacques,
> >>>>>
> >>>>> Why not try to convince the people behind notsoserial to have them
> push
> >>>>> the
> >>>>> library to maven central and/or jpublish? In stead of this community
> >>>>> doing
> >>>>> the work?
> >>>>>
> >>>>> Best regards,
> >>>>>
> >>>>>
> >>>>> Pierre Smits
> >>>>>
> >>>>> ORRTIZ.COM <http://www.orrtiz.com>
> >>>>> OFBiz based solutions & services
> >>>>>
> >>>>> OFBiz Extensions Marketplace
> >>>>> http://oem.ofbizci.net/oci-2/
> >>>>>
> >>>>>
> >>>>>
> >>
> >>
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message