Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id EE9BC200B3E for ; Wed, 7 Sep 2016 17:12:01 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id ED1C3160AC1; Wed, 7 Sep 2016 15:12:01 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 3DEAF160ABF for ; Wed, 7 Sep 2016 17:12:01 +0200 (CEST) Received: (qmail 21938 invoked by uid 500); 7 Sep 2016 15:12:00 -0000 Mailing-List: contact dev-help@ofbiz.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ofbiz.apache.org Delivered-To: mailing list dev@ofbiz.apache.org Received: (qmail 21911 invoked by uid 99); 7 Sep 2016 15:11:59 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Sep 2016 15:11:59 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 74A33C03BC for ; Wed, 7 Sep 2016 15:11:59 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.179 X-Spam-Level: * X-Spam-Status: No, score=1.179 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id VDlW2ldB_nxF for ; Wed, 7 Sep 2016 15:11:55 +0000 (UTC) Received: from mail-qk0-f177.google.com (mail-qk0-f177.google.com [209.85.220.177]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 4EF215FB33 for ; Wed, 7 Sep 2016 15:11:55 +0000 (UTC) Received: by mail-qk0-f177.google.com with SMTP id w204so14606899qka.0 for ; Wed, 07 Sep 2016 08:11:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Re0kDLwj0e81GvBF2pLL3YCLfHe8zNFEmMmCETyO7VE=; b=CFlgBEN3IiJWUN4ftacnZfZRdlP1bh2C8I/QJrK18gDjwnie8JN2leOF1Ko8Ypo2Mg 8SzHFUofMXNm+HZFZbge2IlM7l5S6IN+HtxnQEnc1OCLdEnbNQM86Vg0+ACc+V+VR1AC hZgY5FOXqq1/zFzayCnIm7ZSUq7/C/9Kb9H0eyShT2ciwRu9GUhhjFEvshTLVnCpj5av AM7uRorwh78v9MSfJZZjG3A8sGNbMR4tXAAlaV8KXwNZ746zBmgVFFB+l47rAhIrjfjo bfCLqQeGMkMPt3C+P6aDJUi0fg93VMX78NjACrQ6vGF5l3/PTPB8m9mXnTjKyrcevFVb y8fQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=Re0kDLwj0e81GvBF2pLL3YCLfHe8zNFEmMmCETyO7VE=; b=lr7CavcTQraDibpLkoeIzYgd9v3McQe5bBPdQjfiroNqpbsT1b1Vhd4M3/EszvDwET 9jMQwUk3lawMk7Ag/+hfKiRdxXwz8i7fafvXpBOulrokTPzPSXFWoEkkT5rC4wreQe33 viQ1GIbCwgvxBhGRlyJue+kbYFc0thrHjIKiI6l99XU6hKN+aC6S/zSJGJq5CAoLuU9Y 1fT9+QoMHGd2/r/uMge16/XQzH+AUFtyxnuAhGIZt8CDUCxGB5pCItbfR+GOW5yQB7jD TTK7ZFFwT0RLTxIZzyZ1Ht83swROY5Vbq9VWjo3mJm/TtGsnRAu5V/s7O/QYwtt5bV9n Avng== X-Gm-Message-State: AE9vXwMj4LEjJuHHpnITYCODhymvvm1kvYFt3tseXUVvtSYm1sxrrdePrS/GQ4QZ0mme7R3Ix8KhXRS2Hg+O1w== X-Received: by 10.55.26.75 with SMTP id a72mr36354451qka.242.1473261114868; Wed, 07 Sep 2016 08:11:54 -0700 (PDT) MIME-Version: 1.0 Received: by 10.55.17.153 with HTTP; Wed, 7 Sep 2016 08:11:54 -0700 (PDT) Received: by 10.55.17.153 with HTTP; Wed, 7 Sep 2016 08:11:54 -0700 (PDT) In-Reply-To: <32b902ce-0ed8-9ee9-8a10-e05752ba3011@les7arts.com> References: <5293a771-d95c-ac85-8472-7152776e7b42@nereide.fr> <7e44b7d2-758b-30c1-06ad-e7627b5cafb4@nereide.fr> <12713d6b-7566-cedd-ca47-2009abcfe52a@les7arts.com> <32b902ce-0ed8-9ee9-8a10-e05752ba3011@les7arts.com> From: Taher Alkhateeb Date: Wed, 7 Sep 2016 18:11:54 +0300 Message-ID: Subject: Re: Taking a decision on remaining Jars in OFBiz To: OFBIZ Development Mailing List Content-Type: multipart/alternative; boundary=001a11470bb869d075053bec55a7 archived-at: Wed, 07 Sep 2016 15:12:02 -0000 --001a11470bb869d075053bec55a7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Jacques, First of all the ofbizSecure task is gone instead everything calls the correct jvm arguments by default to fetch notsoserial. The work to remove notsoserial is almost nothing. You just to remove a few jvm args and that's it. Even if you don't remove the jvm args nothing happens because it will just ignore it as missing from the classpath. Taher Alkhateeb On Sep 7, 2016 5:48 PM, "Jacques Le Roux" wrote: > Huho, I was too fast on this. Currently the Gradle "ofbizSecure" tasks > depends on the notsoserial-1.0-SNAPSHOT.jar > > So this would need more work and w/o answers from them I suspect they wil= l > not publish the jar. > > Now it's a serious security but not OOTB. So I see 2 possibilities. > > 1. Ask the ASF for a derogation (after all it's a Java issue not an OFBiz > one) > 2. Do what I said before AND change the Gradle "ofbizSecure" tasks > > Opinions? > > Jacques > > > Le 07/09/2016 =C3=A0 14:01, Jacques Le Roux a =C3=A9crit : > >> Yes I see no problems with that. I just need to add directions for users >> before. I'll then remove the jars... very soon... >> >> Jacques >> >> >> Le 07/09/2016 =C3=A0 13:09, Jacopo Cappellato a =C3=A9crit : >> >>> Jacques, any news from notsoserial? >>> If not, I think we can proceed by (temporarily) removing the jars until >>> they will publish the jar. >>> >>> Regards, >>> >>> Jacopo >>> >>> On Sat, Aug 20, 2016 at 11:12 AM, Jacques Le Roux < >>> jacques.le.roux@les7arts.com> wrote: >>> >>> Yes that's what I proposed also, I will try that before the worse >>>> solution >>>> as Taher called them, would you help? >>>> >>>> Jacques >>>> >>>> >>>> >>>> Le 20/08/2016 =C3=A0 08:32, Pierre Smits a =C3=A9crit : >>>> >>>> Hi Jacques, >>>>> >>>>> Why not try to convince the people behind notsoserial to have them pu= sh >>>>> the >>>>> library to maven central and/or jpublish? In stead of this community >>>>> doing >>>>> the work? >>>>> >>>>> Best regards, >>>>> >>>>> >>>>> Pierre Smits >>>>> >>>>> ORRTIZ.COM >>>>> OFBiz based solutions & services >>>>> >>>>> OFBiz Extensions Marketplace >>>>> http://oem.ofbizci.net/oci-2/ >>>>> >>>>> >>>>> >> >> > --001a11470bb869d075053bec55a7--