Hi Ian, Any reasons for changing the LDAP random password logic? I think this way it would make it less secure than the previous one.
Thanks, ~Rajani On 28-Jan-2014, at 10:55 am, Ian Duffy <i...@ianduffy.ie> wrote: > Hi Animesh, > > Can you cherry-pick the below commit from from 4.3-forward to 4.3 branch? > > Fix findbug issues within LDAP authenticator > commit 92b4f66d73562e4211d2d787554ff229dbeb5705 > > Thanks, > Ian > > On 28 January 2014 03:48, Animesh Chaturvedi > <animesh.chaturv...@citrix.com>wrote: > >> Hugo I was reviewing your commits to 4.3-forward and looked at your commits >> >> >> https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=f18c5a1910b6370585a1d61638b8310c3ecba5ef >> >> https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=60ac12780bfa1604902a89d5dc7937a8b9334e0d >> I think you want the last one which has fixes for NetUtils and >> XenServerStorageMotionStrategy for which you had put -1 in first RC but the >> commit includes more files. Can you make limited changes directly to 4.3? I >> want to build another RC later tonight >> >> Animesh >> >> >> -----Original Message----- >> From: Animesh Chaturvedi [mailto:animesh.chaturv...@citrix.com] >> Sent: Monday, January 27, 2014 1:30 PM >> To: dev@cloudstack.apache.org >> Subject: RE: Findbugs report on 4.3-forward >> >> Agreed >> >> We need to fix the most important ones for 4.3. There may be assumptions >> in the code which we may not know and may get broken if these issues are >> fixed late. I will pull in the one Hugo casted his -1 for the first vote, >> any others? >> >> Animesh >> >> -----Original Message----- >> From: David Nalley [mailto:da...@gnsa.us] >> Sent: Monday, January 27, 2014 11:46 AM >> To: dev@cloudstack.apache.org >> Subject: Re: Findbugs report on 4.3-forward >> >> So just curious if I am the only one concerned about a ton of fixes going >> in at the last minute. If the fixes are for serious bugs and we have >> consensus around their severity being high enough, indeed lets fix things. >> My concern is that much of the QA we do is manual; and while we are getting >> better; fixing tons of things at the last minute may have unintended >> consequences that we don't know about and won't easily find. >> >> I yearn for the day when our automated testing is broad enough that we can >> do fixes right up to the wire and know that things still work, I am just >> not sure that I have confidence that we are there yet. >> Thoughts? I am being paranoid? >> >> --David >> >> On Mon, Jan 27, 2014 at 3:11 AM, Daan Hoogland <daan.hoogl...@gmail.com> >> wrote: >>> Animesh, I commented the once i made yesterday with findbugs: >>> >>> I allready send a few and will get you a list of the rest later today. >>> >>> regards, >>> >>> On Mon, Jan 27, 2014 at 3:48 AM, Animesh Chaturvedi >>> <animesh.chaturv...@citrix.com> wrote: >>>> Good job fellas. I see a number of commits 20+ into 4.3-forward branch. >> Are their specific commits you want me to pick up out of these? >>>> >>>> Animesh >>>> >>>> -----Original Message----- >>>> From: Daan Hoogland [mailto:daan.hoogl...@gmail.com] >>>> Sent: Sunday, January 26, 2014 2:41 AM >>>> To: dev >>>> Subject: Re: Findbugs report on 4.3-forward >>>> >>>> I didn't get very far last night and will be looking at the server >> package again this afternoon. >>>> >>>> bon appétit, >>>> >>>> On Sun, Jan 26, 2014 at 1:36 AM, Ian Duffy <i...@ianduffy.ie> wrote: >>>>> Hi, >>>>> >>>>> Fixed the issues highlighted in the ldap user authentication package. >>>>> >>>>> Have pushed to 4.3-forward. >>>>> >>>>> Thanks, >>>>> Ian >>>>> >>>>> >>>>> On 25 January 2014 22:26, Daan Hoogland <daan.hoogl...@gmail.com> >> wrote: >>>>> >>>>>>> or reply to this mail with the filename you are working on >>>>>> I'll be looking at the server package as it seems to contain the >>>>>> most issues. >>>>>> >>>>>> On Sat, Jan 25, 2014 at 4:00 PM, Hugo Trippaers <h...@trippaers.nl> >> wrote: >>>>>>> I've also added a job to master with the Findbugs report and the >>>>>> cobertura code coverage report. >>>>>>> >>>>>>> Good stuff, we have a 12% coverage of our classes with unit tests. >>>>>>> Huge >>>>>> improvement over the last release where we had 4% iirc. We have 306 >>>>>> reports from Findbugs, of which the majority are internationalization >> issues. >>>>>> (String.getBytes without charset mostly). On the coverity site we >>>>>> have >>>>>> 6000+ issues still open, but at least that number is relatively >>>>>> 6000+ stable, we >>>>>> fix as much issues as we introduce and it's untuned so we can >>>>>> assume a large number of false positives there. >>>>>>> >>>>>>> I think that on average the automated tools tell us that code >>>>>>> quality is >>>>>> improving, which a good thing. Combined with the functional testing >>>>>> and the simulator build we can prove that we are doing quite well >>>>>> on the code quality angle. >>>>>>> >>>>>>> http://jenkins.buildacloud.org/job/build-master-slowbuild/ >>>>>>> >>>>>>> >>>>>>> Cheers, >>>>>>> >>>>>>> Hugo >>>>>>> >>>>>>> >>>>>>> On 25 jan. 2014, at 14:13, Daan Hoogland >>>>>>> <daan.hoogl...@gmail.com> >>>>>> wrote: >>>>>>> >>>>>>>> H Hugo, >>>>>>>> >>>>>>>> I'll spend some time on it tonight. Do you have a work load >>>>>>>> distribution scheme or is it random access? >>>>>>>> ;) >>>>>>>> >>>>>>>> regards >>>>>>>> >>>>>>>> On Sat, Jan 25, 2014 at 12:39 PM, Hugo Trippaers >>>>>>>> <h...@trippaers.nl> >>>>>> wrote: >>>>>>>>> Hey all, >>>>>>>>> >>>>>>>>> I've made Jenkins run the findbugs analysis on 4.3-forward. Is >>>>>>>>> there >>>>>> somebody who is willing to help triage the findings? Maybe there is >>>>>> some stuff that we need to fix? >>>>>>>>> >>>>>>>>> the url is >>>>>> http://jenkins.buildacloud.org/job/cloudstack-4.3-forward-maven-bui >>>>>> ld >>>>>> /3/findbugsResult/ >>>>>>>>> >>>>>>>>> Cheers, >>>>>>>>> >>>>>>>>> Hugo >>>>>>> >>>>>> >>
