[ https://issues.apache.org/jira/browse/OFBIZ-6271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14528552#comment-14528552 ]
Adam Heath commented on OFBIZ-6271: ----------------------------------- Hahaha. That guy is an idiot. Seriously. Don't blame the tool for bad developers. I gave a talk at ApacheCon just recently, showing how to use ofbiz and docker together. Do you think I just randomly download stuff from the internet, every single time? I don't, because I understand the point of trusted build, and security. Docker itself is really really really bad for security on downloaded image layers. It has a message that says "verified" when it has fetched remote data, but the data was retrieved over http, and the hashsum in the metadata is *not* checked. All that verified message means is that the metadata was syntactically correct! I rebuild my base image layers using debootstrap(I don't trust the debian or ubuntu image flavors). This is all based on apt-get stuff. The only thing I download is wp-cli, but that's not being fully utilized, and I don't actually download it automatically(it's a manual step, so could be verified by the developer). So, I've taken this tool(docker), and used the parts that are good, and not the parts that are bad. ps: This is not a rant at you, Jacques. pps: I'm close to having my docker+ofbiz scripts ready. I have a repo already with most of my stuff on github, it just needs a bit of documentation. > build management with maven > --------------------------- > > Key: OFBIZ-6271 > URL: https://issues.apache.org/jira/browse/OFBIZ-6271 > Project: OFBiz > Issue Type: Improvement > Components: ALL COMPONENTS > Reporter: Adam Heath > Priority: Minor > Attachments: console.log > > > This is a new build system; the primary goal will be to not require any > changes to existing ofbiz layouts(for backwards compatibility, at least > initially). > These pom.xml files are completely new; the existing build.xml infrastructure > will continue to exist. The existing build.xml will never call into > maven(which is what processes the pom.xml), and maven will never call into > build.xml either. > I have already committed a working pom.xml for the top level, and > framework/start. Shortly, I will be adding framework/base and > framework/entity, but into this branch. -- This message was sent by Atlassian JIRA (v6.3.4#6332)