stanbol-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reto Bachmann-Gmür <r...@wymiwyg.com>
Subject Re: [POLL] make "-no-security" the default
Date Mon, 08 Apr 2013 09:31:15 GMT
What about this suggestions: rather than polls and anecdotal reports you
all create issues for security related regressions and tag them with
"security" if one of them remains open for more than 10 we do the
defaults/additional launcher stuff.

And I disagree about the analysis about why we are at this point. That
security related issues would come to surface was exactly the scope of the
exercise. We are at this point because people see some exceptions but
rather than investigating the cause or reporting issues they started
complaing [sarcasm ahead] about this stupid java causing all those
exceptions and demanded to have java removed since anyway we want a
rest-app and no java-app.

Cheers,
Reto
On Apr 8, 2013 10:35 AM, "Fabian Christ" <christ.fabian@googlemail.com>
wrote:

> Hi,
>
> 2013/4/5 Reto Bachmann-Gmür <reto@apache.org>:
> > Rather than having a discussion based on assumptions I'd like to see a
> list
> > of the concrete issues so that we can evaluate:
> >
> > - The effort of fixing the issues
> > - The possibility and effort needed for work a rounds (as mentioned in
> the
> > answer to Rupert)
> > - The disadvantages for those requiring security if this issues aren't
> fixed
> > - The disadvantages for those not requiring security if this issues
> aren't
> > fixed
>
> I agree that we need concrete things to evaluate. I see that Rupert
> already spent effort on fixing issues but did not create an issue for
> each case. Maybe this would have made things clearer and maybe Rupert
> can report on some details what he has fixed.
>
> Anyway, the reason why we are in the current situation and the
> discussion comes up again and again is IMHO exactly Retos point.
> Security features were introduced without careful planning and
> discussion. We just added security without testing all the components
> for security compliance first. People have agreed on including it but
> did not overlook the consequences. The main reason why the skeptics
> agreed on including it was, that it is easy to disable the security
> bundles on a launcher level. As I said, we do not have "default"
> settings - only launchers. The decision happened in the community and
> I think we should be more careful in the future when introducing
> cross-cuts.
>
> My suggestion would be to leave the full launcher as it is and prepare
> another launcher without the security bundles. Call it the "play"
> launcher or "getting started" launcher. This launcher is just for
> convenience for the people who do not want to load the security
> bundles. We could document that in productive environments we suggest
> to use security and that our long term goal is to support security in
> all bundles.
>
>
> --
> Fabian
> http://twitter.com/fctwitt
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message