The concerns were communicated and ignored, hence the Confluence page. I'm not new to this process, and I'm not suggesting anything I haven't done myself.. When I have an idea, I present it to the dev mailing list and wait for responses. If there is some interest, I post POC code in Jira (just do a search on "Sandbox:" with me as the reporter). Others are able to comment and provide patches. When everyone agrees on the change, I commit it.
As far as community involvement in the new security framework is concerned, a simple check of timestamps will reveal: April 24, Confluence page created: "OFBiz Security Refactor" April 27, First mention of Security Refactor on ml: Jacques reply to "Best place for security check?" April 28, Jira OFBIZ-2380 created: "Security Re-Implementation" April 29, SVN commit 769928: "implementation of new authorization (authz) functionality" I don't see a lot of community involvement there. Rather, I see a design being foisted on the community. Unlike Andrew, when I have an idea, I present it to the community first - before I start "working hard on it." I have a lot of ideas - many of them not worth pursuing, and the community has been good at bringing that to my attention (the SAX widgets parsing idea is a recent example). So, instead of going back and forth in this thread, why not create a new one - one that invites others to participate in the process. It's obvious from the conversation so far that some have felt excluded. So why object to starting over? -Adrian --- On Fri, 5/1/09, Scott Gray <scott.g...@hotwaxmedia.com> wrote: > From: Scott Gray <scott.g...@hotwaxmedia.com> > Subject: Re: Authz API Discussion (was re: svn commit: r770084) > To: dev@ofbiz.apache.org > Date: Friday, May 1, 2009, 5:55 PM > Well posting concerns in a new confluence page doesn't > really constitute communicating those concerns. > > In my experience with the community silence has always > implied either consent or a lack of interest and when your > working hard on something you don't want to see progress > stall while you wait in vain for people to comment further. > > All this could easily have been avoided by interested > parties simply commenting that they are actually interested > and would like time to comment further instead of just > assuming that the proposer is aware that you're going to > get around to it at some point. > > Regards > Scott > > > On 2/05/2009, at 12:25 PM, Adrian Crum wrote: > > > > > --- On Fri, 5/1/09, Scott Gray > <scott.g...@hotwaxmedia.com> wrote: > >> What do you mean by reboot this entire process? > So far > >> you're the only person who has questioned the > design... > >> and you already commented on it initially on the > confluence > >> page to which Andrew responded. > > > > That's not true: > > > > > http://docs.ofbiz.org/display/OFBIZ/Notes+on+New+Security+Model?focusedCommentId=7797#comment-7797 > > > > -Adrian > > > > > > > >
