Hi all
I really want to find a solution for this unlucky situation. The core
developers have the big picture about Geoserver and I do not want to cause
further problems.
Waiting 4-6 weeks is no problem (I am 46 years old, small time frame for
me). I have only one question.
The security code is brand new and introduced in the 2.2.x versions. Let
us call it version A. The patch removes a lot of problems, let us call it
version B.
I think it is important to say that the patch modifies only the brand new
security code. The idea is to delay major changes like
http://jira.codehaus.org/browse/GEOS-5155 and prefixed role names to a
later release.
I cannot see a reason for using version A instead of version B. Again,
modifications of B only touches security code, A is new and B is new too.
Version A may cause a lot of problems for early adopters. I try to see it
from the perspective of the core developers not involved in the development
of the security module. (Justin is the exception). The risk is the same,
why not make a 2.2.0 release with a lot of bug fixes ?
To close this issue, I need a decision of the PSC. I am not frustrated but
I fear early adopters will be. On the other side, I do not have the big
picture, please vote.
Again, I am sorry about the situation
Christian
2012/6/15 Andrea Aime <[email protected]>
> On Sat, Jun 16, 2012 at 12:00 AM, Rodrigo Del C. Andrade
> <[email protected]> wrote:
> >
> > Hello, folks.
> >
> > I apologize for intruding in something that is above my paygrade, but for
> > whatever it's worth I will drop my .2c as a user just in case:
> >
> > I spent the last weak extending the JDBC service to have an alternative
> that
> > uses our own databases structure and pass encoding hash algorithms (btw,
> > thanks for the guidance, it works like a dream! :) ) and the problems
> > Christian described with the JDBC extension are, if not a complete deal
> > breaker, frustrating to someone who is not aware of the inner workings of
> > security subsystem. An average user would have a bad time if he screws up
> > the configuration the first time.
> >
> > Were not for the root password I would probably have flipped tables way
> > more often than what I am known for and many times I had to manually edit
> > the config.xml files because of some inconsistency or other odd things in
> > the services I was creating.
>
> Rodrigo, what we're discussing here is not the opportunity of committing
> the
> patches at all, it's obvious that they must go in,
> but the opportuntity commit them now instead of a 4-6 weeks time,
> for a feature that's new and whose you're a early adopter of.
>
> It is astonishing that someone cannot wait one month for a large amount
> of changes to land where other contributors had to wait over four months
> so far to get a release (half of the PSC was ready to release in
> February, mind),
> and had to pay consequences because of that.
>
> Working in a community is also about balancing the needs of all the
> contributors,
> focusing on one particular need and forgetting all the other work that was
> done
> is offensive for the peole that carried it on and makes it harder to
> justify
> contributing as a company, or find reasons to spend a Sunday trying to
> help out instead of having fun or relax.
> This of course works both ways, I'm sure Christian is pretty frustrated and
> wondering why he put all the effort and now he can't close it up for the
> 2.2.0
> release, at the same time the people that wanted to release in February
> have been frustrated for 4 months now and with the continous pushes
> to delay the release to get in this or that it's really getting beyond
> ridicolous.
>
> Cheers
> Andrea
>
> --
> Ing. Andrea Aime
> GeoSolutions S.A.S.
> Tech lead
>
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
>
> phone: +39 0584 962313
> fax: +39 0584 962313
> mob: +39 339 8844549
>
> http://www.geo-solutions.it
> http://geo-solutions.blogspot.com/
> http://www.youtube.com/user/GeoSolutionsIT
> http://www.linkedin.com/in/andreaaime
> http://twitter.com/geowolf
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Geoserver-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
