> I think you cannot make the tool responsible for how it is used in this
> particular case.
of course the tool is responsible! Jira is not a tool to review code!
"Jira: Issue & Project Tracking Software"
so nothing to do with code ;)
Just imagine how it would be possible with another tool.
Hi Michael,
>
> To justify the need of making a change, to me the question is quite the
> opposite: what does GitHub offer which Jira does not in the domain of
> contributing/ project management/ issue tracking?
Jira review process is awfull!
I tried to review OFBIZ-11306 and give up after 3
Hi all,
> Am 05.01.20 um 18:32 schrieb Mathieu Lirzin:
> >
> > I urge other contributors to join this discussion which is crucial to
> > define our capability to work together as a community and my willing to
> > continue to participate.
I also hope others contributors will eventually join (many
Hi all,
Quoting Jacques Le Roux (2019-12-18 12:39:56)
> OK, I sent this message before seeing Mathieu's last one. I guess the revert
> Mathieu should close this discussion. I suggest to create a new one about
> feature forking (please stop this one).
feature forking is another discussion =>
Hi all,
I see another point to consider on our workflow: running continuous
integration (checkstyle, compilation, unit test, integration test, sonar) on
every code submission (I mean before commiting on trunk!)
It seems to me that is not really complicated with github/gitlab pull
requests. But I
yes there is a need for csrf check on get request ;)
I will write details in OFBIZ-11306 [1]
Samuel
[1]: https://issues.apache.org/jira/browse/OFBIZ-11306
Hi James,
I still don't see any reason to keep checkSecureParameter in any form
because it is related to ServiceEventHandler.
Protection against csrf is a good idea but it has no thing to do with
Service. It should be done upstream in http request processing so every
type of event
Hi,
agree with Mathieu: I prefer keeping issue id in footer (at the end of
commit message) so we can save some characters in subject line to
express something meaningful.
In addition if we put this information in commit footer (or body) we can
copy the complete link to issue (for example
Hi James,
actually `checkSecureParameter` is only for service event in a request
map. So it doesn't mean you are updating server data. Moreover you can
also update server data with a java event and in this case
`checkSecureParameter` is not called. So in my opinion this protection
is very
