stanbol-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fabian Christ <christ.fab...@googlemail.com>
Subject Re: [POLL] make "-no-security" the default
Date Mon, 08 Apr 2013 08:34:56 GMT
Hi,

2013/4/5 Reto Bachmann-Gmür <reto@apache.org>:
> Rather than having a discussion based on assumptions I'd like to see a list
> of the concrete issues so that we can evaluate:
>
> - The effort of fixing the issues
> - The possibility and effort needed for work a rounds (as mentioned in the
> answer to Rupert)
> - The disadvantages for those requiring security if this issues aren't fixed
> - The disadvantages for those not requiring security if this issues aren't
> fixed

I agree that we need concrete things to evaluate. I see that Rupert
already spent effort on fixing issues but did not create an issue for
each case. Maybe this would have made things clearer and maybe Rupert
can report on some details what he has fixed.

Anyway, the reason why we are in the current situation and the
discussion comes up again and again is IMHO exactly Retos point.
Security features were introduced without careful planning and
discussion. We just added security without testing all the components
for security compliance first. People have agreed on including it but
did not overlook the consequences. The main reason why the skeptics
agreed on including it was, that it is easy to disable the security
bundles on a launcher level. As I said, we do not have "default"
settings - only launchers. The decision happened in the community and
I think we should be more careful in the future when introducing
cross-cuts.

My suggestion would be to leave the full launcher as it is and prepare
another launcher without the security bundles. Call it the "play"
launcher or "getting started" launcher. This launcher is just for
convenience for the people who do not want to load the security
bundles. We could document that in productive environments we suggest
to use security and that our long term goal is to support security in
all bundles.


--
Fabian
http://twitter.com/fctwitt

Mime
View raw message