[
https://issues.apache.org/jira/browse/OFBIZ-7793?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15378403#comment-15378403
]
Jacques Le Roux edited comment on OFBIZ-7793 at 7/14/16 9:32 PM:
-----------------------------------------------------------------
I'm not strongly against this solution, and we could live with it temporarily
but I think for this issue as for OFBIZ-7773 we should follow the Apache Groovy
team recommendation which is to use
https://github.com/tkruse/gradle-groovysh-plugin. We could then ask users for
their preference, it's here a bit more difficult so maybe best to forget it and
let users completly decide about it.
Globally for static downloads, one issue I'm thinking about is possible
vulnerabilities. Here see eg
https://www.cvedetails.com/google-search-results.php?q=jdbc&sa=Search
The beauty of a tool like Gradle is it should automatically prevent
vulnerabilities. We can of course cross compilation issues with automatic
updates but it's orders of magnitude less dangerous than an hidden
vulnerability...
was (Author: jacques.le.roux):
I'm not strongly against this solution, and we could live with it temporarily
but I think for this issue as for OFBIZ-7773 we should follow the Apache Groovy
team recommendation which is to use
https://github.com/tkruse/gradle-groovysh-plugin. We could then ask users for
their preference, it's here a bit more difficult do maybe best to forget it and
let users completly decide about it.
Globally for static downloads, one issue I'm thinking about is possible
vulnerabilities. Here see eg
https://www.cvedetails.com/google-search-results.php?q=jdbc&sa=Search
The beauty of a tool like Gradle is it should automatically prevent
vulnerabilities. We can of course cross compilation issues with automatic
updates but it's orders of magnitude less dangerous than an hidden
vulnerability...
> Add download definition for drivers of commonly used open source rdbms to
> build gradle
> --------------------------------------------------------------------------------------
>
> Key: OFBIZ-7793
> URL: https://issues.apache.org/jira/browse/OFBIZ-7793
> Project: OFBiz
> Issue Type: Improvement
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Attachments: OFBIZ-7793-build.gradle.patch
>
>
> With the move to dependency mgt through gradle/gradlew the download
> definitions for the drivers of the most commonly used rdbms solutions were
> removed.
> Adding these to the build.gradle file will deliver a great pleasure adoption
> wise through a small effort.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
