Jacques, just a remark on this:
> Remember this is only trunk and will not be released before at least 1 year and most possibly 2, you have plenty of time.
Even this is trunk and can be unstable, we should treat trunk with the same care as we do with release branches. trunk is not meant to put everything in and see if it works or someone finds a bug. We all know that this ist the root cause for some problematic code we have to deal with.
And we should not forget that new users also check out trunk to evaluate OFBiz, so it is important to have it as stable and bug free as possible.
Regards, Michael Brohl ecomify GmbH www.ecomify.de Am 20.08.18 um 09:28 schrieb Jacques Le Roux:
Le 19/08/2018 à 20:25, Taher Alkhateeb a écrit :I did not revert, it was not committed. I updated my patch and it was really a small change. Initially I already planned to not use the client side to grab the loginId with OFBIZ-10206. But forgot about it because I stumbled upon many other issues since. This work was challenging at many levels, believe me. I'll not drop it without really good arguments!Wow, so after having a long, long email (as usual) talking about how good the work is and you deployed for a client (my god!), now you reverted because of a fundamental flaw pointed out by Scott.Again, please give me good *technical* arguments. My work works and is safe, prove the contrary.And now you want to apply lazy consensus despite my objections and the obvious flaw which you acknowledged. This makes me skeptical of the entire approach and the quality of the code in question. I would prefer if you halt all work and study what you're doing instead of falling into more mistakes.Keep calm, you can still prevent me to commit if you give me good argument as Scoot did. And if you can't find them now you will still be able to veto if you find some later. And again as explained at https://www.apache.org/foundation/voting.html#Veto you need arguments:I'm also distressed with your phrase "Without negative comments well argumented I'll commit both". In other words if you can't convince me i'm pushing this code, why, because I want to. That's not how community works./To prevent vetos from being used capriciously, they must be accompanied by a technical justification showing why the change is bad (opens a security exposure, negatively affects performance, //etc.//). A veto without a justification is invalid and has no weight./Remember this is only trunk and will not be released before at least 1 year and most possibly 2, you have plenty of time.I'm all ears JacquesOn Sun, Aug 19, 2018 at 3:29 PM Jacques Le Roux <jacques.le.r...@les7arts.com> wrote:ôOps missed some words... Le 19/08/2018 à 12:33, Jacques Le Roux a écrit :I simply send a JWT token: https://en.wikipedia.org/wiki/JSON_Web_Token and https://jwt.io/ toallow an user to connect to another OFBiz instance (using same version than source) on another server (target) on another domain w/o signing in.Jacques
smime.p7s
Description: S/MIME Cryptographic Signature
