JIRA is already filled :https://issues.apache.org/jira/browse/TOMEE-450 Regarding the doc, not sure how I could help : do you mean i could be granted write access to it? How? who grants? who reviews?
Alex On Sun, Oct 7, 2012 at 9:54 AM, Jean-Louis MONTEIRO <jeano...@gmail.com>wrote: > Fully agree with all Alex. > Maybe you could fill a jira and propose kinda profile or at least sine > peace if code. > > Regarding the doc, That's also an area where you could help. It became > simpler with the new website based on Apache cms. > > Jlouis > Le 6 oct. 2012 22:01, "Alex The Rocker" <alex.m3...@gmail.com> a écrit : > > > This would be acceptable to postpone this JIRA after 1.5.1 if you could > add > > an "Hardening TomEE security" item in documentation and list there the > > steps we have in mind for the profile management tool in a future > release. > > Providing this type of information will give more credits to TomEE as > > suitable production app server (there are many sites about Tomcat > > hardening, TomEE can't be weaker than Tomcat :)) > > > > Alex > > > > On Sat, Oct 6, 2012 at 9:55 PM, Romain Manni-Bucau < > rmannibu...@gmail.com > > >wrote: > > > > > like i said in the Jira i talked about it so i'm +0.8 (not +1 since the > > > conf is still small) > > > > > > then it will not be in 1.5.1 i think (wouldnt add too much security or > > > something like that so it needs some testing) > > > > > > does it sound reasonable for you? > > > > > > *Romain Manni-Bucau* > > > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > > > *Blog: **http://rmannibucau.wordpress.com/*< > > > http://rmannibucau.wordpress.com/> > > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > > > *Github: https://github.com/rmannibucau* > > > > > > > > > > > > > > > 2012/10/6 Alex The Rocker <alex.m3...@gmail.com> > > > > > > > Okay, i agree with that. So how about a profile management tool to > > > generate > > > > a TomEE configuration with minimal surface of attack? > > > > Alex > > > > > > > > On Sat, Oct 6, 2012 at 9:49 PM, Romain Manni-Bucau < > > > rmannibu...@gmail.com > > > > >wrote: > > > > > > > > > hmm that's not exactly what i said Alex :p > > > > > > > > > > on a project you generally have N (>5) developpers using the > > container > > > to > > > > > develop (let say with tomee-maven-pugin or WTP or something > else...) > > > > > > > > > > then when it is about production you have 2-3 people configuring > the > > > > server > > > > > then it can be deployed in cluster automatically from the config. > > > > > > > > > > So my statement is the config work in dev is > the prod one > > > > > > > > > > So IMO it should work out of the box in dev then the prod should > > adapt > > > > the > > > > > conf. That's for instance what we do about datasources: we provide > > some > > > > > default datasources to let people use JPA out of the box then in > > > > production > > > > > you configure your real datasource, your pooling etc... > > > > > > > > > > Sorry if it was not clear. > > > > > > > > > > *Romain Manni-Bucau* > > > > > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > > > > > *Blog: **http://rmannibucau.wordpress.com/*< > > > > > http://rmannibucau.wordpress.com/> > > > > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > > > > > *Github: https://github.com/rmannibucau* > > > > > > > > > > > > > > > > > > > > > > > > > 2012/10/6 Alex The Rocker <alex.m3...@gmail.com> > > > > > > > > > > > Hello, > > > > > > > > > > > > This is to continue the discussion started in users@ list around > > > JIRA > > > > > > improvement item https://issues.apache.org/jira/browse/TOMEE-450 > > > > > > > > > > > > I'm a bit surprised by Romain's statement that TomEE is primarily > > > used > > > > by > > > > > > developers : I thought that in real world there are more app > > servers > > > > used > > > > > > to deploy than to develop ; even if since TomEE is new it's not > yet > > > the > > > > > > case. > > > > > > > > > > > > Any opinion? > > > > > > > > > > > > Alex > > > > > > > > > > > > > > > > > > > > >
