... going twice ...
Karl
On Sun, Dec 5, 2010 at 11:42 AM, Karl Wright daddy...@gmail.com wrote:
I'm done with (1), (4), and (5). Still waiting for help with (2) and
(3)... going once
Karl
On Thu, Dec 2, 2010 at 10:02 PM, Karl Wright daddy...@gmail.com wrote:
OK, so I will do the
FYI, I think the package name needs to have the words incubating in it too, as
in manifoldcf-0.1-incubating.tar.gz
-Grant
On Dec 6, 2010, at 8:55 AM, Karl Wright wrote:
... going twice ...
Karl
On Sun, Dec 5, 2010 at 11:42 AM, Karl Wright daddy...@gmail.com wrote:
I'm done with (1),
Ok, this too has been done.
Still no takers for (2) and (3). Going thrice...
Karl
On Mon, Dec 6, 2010 at 3:48 PM, Grant Ingersoll gsing...@apache.org wrote:
Typically, the practice is that the name of the file is the name of the
directory, but I don't know that it has to be. Just easier,
Robert has expressed a willingness to chip in on the remaining issues
later this week, when he's no longer being buried alive.
Thanks, Robert!
Karl
On Mon, Dec 6, 2010 at 6:02 PM, Karl Wright daddy...@gmail.com wrote:
Ok, this too has been done.
Still no takers for (2) and (3). Going thrice...
i took a quick look, i definitely agree we need to document all 3rd
party dependencies in notice.txt and include licenses with them.
separately, i have an additional concern, and that is i'm really
concerned about a release going out with some of the database
interface code looking very prone to
On Mon, Dec 6, 2010 at 7:18 PM, Karl Wright daddy...@gmail.com wrote:
As for the sql injection question, please elaborate. There is no UI
ability to do sql injection that I am aware of, because all the
strings you might enter are properly escaped before being incorporated
into queries. This
quoteSQLString is used mainly for data content that is not directly
sourced from input, such as state values, etc. So your concern is
unlikely to be actually true. But even so, if you are saying that all
of these should be converted to prepared values, fine - but this would
be a large job and is
Here is a list of the pertinent places where quoteSQLString is used.
Note that EXCEPT in a couple of cases where quoteSQLString was needed
to furnish an argument for a clause being formed by a database
abstraction method, ALL other cases are quoting of constant values,
save in one case, which I am
Changes complete.
This was helpful in that it found a bug in the sql generated for
PostgreSQL for two of the history reports. Aside from that, I still
believe this is more of a precaution than a necessity.
Karl
On Mon, Dec 6, 2010 at 8:35 PM, Karl Wright daddy...@gmail.com wrote:
Here is a