[security-dev] PicketLink restructure

Pete Muir pmuir at redhat.com
Thu Oct 4 13:21:26 EDT 2012


Agree with Jason, Anil, Bruno, et al (sorry if I forgot you, i haven't slept enough!)

* As PicketLink is the new main repo, not sure there is any need to delete older repos. These can just have their github comments amended to say they are for older versions of picketlink
* Definitely deleting history is a very bad idea. If we end up with any IP concerns later on, it's going to make tracking that down really hard. But just as important, it devalues existing contributions
* Can't comment on whether we need to start the JPA impl from scratch, but I think that a big code delete should be discussed here first ;-)

So +1 to putting the old repos back and to adding the history in

On 4 Oct 2012, at 06:38, Anil Saldhana wrote:

> Shane - I said I need the JPA implementation for J1 and Pedro will work on it and we will evaluate after J1.
> 
> The only thing that completely took me by surprise was you deleted the PL IDM repository, rather than waiting for everyone to agree on the new PL workspace. Typically in these situations, I retain old code and nuke it once we have agreement. You should have waited another day for me to get on to chat with you. Internet at J1 sucked. :(
> 
> Ideally I would like us to go over what Pedro has done and evaluate whether we retain/modify/delete the JPA implementation. It cannot be the decision of one person in the project. :)
> 
> Right now, I want to get the PL IDM project back to where it was on Friday. Then we can talk.
> 
> On Oct 3, 2012, at 9:38 PM, Shane Bryzak <sbryzak at redhat.com> wrote:
> 
>> Actually, the history is already there for the tagged release - see [1] for example.
>> 
>> [1] https://github.com/picketlink/picketlink-idm/commits/2.0-20120910/impl/src/main/java/org/jboss/picketlink/idm/internal/jpa
>> 
>> On 04/10/12 12:24, Shane Bryzak wrote:
>>> As I said we have a snapshot of the latest version of the code (see [1]), however this doesn't include the commit history.  If the history is important for whatever reason, I suggest we reinstate it under its own branch of the picketlink-idm repository.  I thought we were both of the understanding though from our discussions that this code was just a stop-gap measure so that we had something to show in time for JavaOne.
>>> 
>>> [1] https://github.com/picketlink/picketlink/tree/953c39f6ccb9c4617357deb47210ad15151c2b08/idm-impl/src/main/java/org/picketlink/idm/internal
>>> 
>>> 
>>> 
>>> On 04/10/12 11:05, Anil Saldhana wrote:
>>>> Shane,
>>>>   did you throw away the JPA code that Pedro had done for almost a month? Where is that code? 
>>>> 
>>>> Code contributions have legal ramifications. We cannot just throw away code and loss of history is deeply disturbing.
>>>> 
>>>> Regards,
>>>> Anil
>>>> 
>>>> On 10/03/2012 05:39 PM, Shane Bryzak wrote:
>>>>> There was a little bit of confusion over the legacy IDM code (I had forgotten that it had been migrated to the picketlink-idm repo on GitHub albeit under different branches) but this has been sorted out now, and I believe all the history for it is intact.  As for the temporary IDM implementation we have the final snapshot of it, however since then I've blown it away anyhow and started working on the proper implementation.  I don't think we need the history for the temporary stuff. 
>>>>> 
>>>>> Agreed with the collective PL release.  As for the version number, did we ever do a 2.x release?  If so, then I agree we should update it to 3.x for the new project.
>>>>> 
>>>>> Shane
>>>>> 
>>>>> On 04/10/12 01:06, Anil Saldhana wrote:
>>>>>> Shane,
>>>>>>   ahh.  You could not wait a day or two. :)  I am wondering if we could have retained history via some form of "git mv".
>>>>>> 
>>>>>> We should probably have PicketLink version as 3.0 for all the code and rather than do individual releases, we can do a collective PL3.x release.
>>>>>> 
>>>>>> Cheers.
>>>>>> 
>>>>>> On 10/02/2012 04:56 AM, Boleslaw Dawidowicz wrote:
>>>>>>> I restored our branches and synced with Shane on IM. 
>>>>>>> 
>>>>>>> picketlink-idm/master will be nuked and only contain some README pointing to new locations
>>>>>>> 
>>>>>>> Current picketlink-idm repo will be kept for few more months at least and after we are in more calm situation with GateIn/EPP it will be renamed into picketlink-idm-legacy. 
>>>>>>> 
>>>>>>> Things under control :)
>>>>>>> 
>>>>>>> Bolek
>>>>>>> 
>>>>>>> On Oct 2, 2012, at 11:08 AM, Boleslaw Dawidowicz <bdawidow at redhat.com> wrote:
>>>>>>> 
>>>>>>>> I must say I'm quite pissed off… even yesterday I shared a link to one of configuration files in 1.4 branch with a consultants. We released twice last month… how could have it happened without any question?
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On Oct 2, 2012, at 11:06 AM, Boleslaw Dawidowicz <bdawidow at redhat.com> wrote:
>>>>>>>> 
>>>>>>>>> Have you just removed picketlink-idm on github?
>>>>>>>>> 
>>>>>>>>> We are actively working on 1.4 branch and this is critical for EPP. Other branches are still maintenance for older versions of GateIn/EPP. I think I was fairly clear that we need those. 
>>>>>>>>> 
>>>>>>>>> This repo needs to be restored ASAP. 
>>>>>>>>> 
>>>>>>>>> On Oct 2, 2012, at 12:30 AM, Shane Bryzak <sbryzak at redhat.com> wrote:
>>>>>>>>> 
>>>>>>>>>> In the interests of presenting a clear message to our developers, one of the steps we'll be taking is to consolidate the various PicketLink projects into a single project and presenting this as the "go to" solution for application security.  For now I've merged the CDI and IDM subprojects (these are now submodules of the PicketLink project, with "CDI" renamed to "Core") and the plan is to eventually merge the social and federation modules also.
>>>>>>>>>> 
>>>>>>>>>> You can find the new GitHub repository here: https://github.com/picketlink (renamed from picketlink-cdi) and the picketlink-idm repository has now been deleted.  For anyone working on these modules, please use the new repository from now on.
>>>>>>>>>> 
>>>>>>>>>> Thanks!
>>>>>>>>>> Shane
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> security-dev mailing list
>>>>>> 
>>>>>> security-dev at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/security-dev
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> security-dev mailing list
>>>>> 
>>>>> security-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/security-dev
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> security-dev mailing list
>>>> 
>>>> security-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/security-dev
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> security-dev mailing list
>>> 
>>> security-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/security-dev
>> 
>> 
>> _______________________________________________
>> security-dev mailing list
>> security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev




More information about the security-dev mailing list