IRC logs of #tryton for Tuesday, 2009-09-01

chat.freenode.net #tryton log beginning Tue Sep 1 00:00:02 CEST 2009
-!- carlos(n=carlos@61.157.221.87.dynamic.jazztel.es) has joined #tryton00:24
-!- vengfulsquirrel(n=ian@c-69-181-194-95.hsd1.ca.comcast.net) has joined #tryton00:29
-!- vengfulsquirrel(n=ian@c-69-181-194-95.hsd1.ca.comcast.net) has joined #tryton01:43
-!- ikks(n=ikks@190.158.102.224) has joined #tryton02:49
-!- woakas(n=woakas@190.144.69.234) has joined #tryton03:55
-!- yangoon(n=mathiasb@p549F723D.dip.t-dialin.net) has joined #tryton05:19
-!- gour(n=user@188.125.5.165) has joined #tryton06:32
-!- udono(n=udono@dynamic-unidsl-85-197-19-166.westend.de) has joined #tryton07:00
-!- enlightx(n=enlightx@static-217-133-61-144.clienti.tiscali.it) has joined #tryton07:44
-!- sharkcz(n=dan@plz1-v-4-17.static.adsl.vol.cz) has joined #tryton07:54
-!- cedk(n=ced@gentoo/developer/cedk) has joined #tryton08:28
gourmorning cedk08:35
gourACTION just uploaded tryton(d)-1.2.1 pkgs to the archlinux' AUR...now going to upgrade to 1.2.2 and prepare modules...09:09
cedkgour: tryton doesn't depend on pyopenssl09:14
cedkgour: and I think it is better to ending url with / like http://www.tryton.org/09:15
gourcedk: pyopenssl is optional dep09:18
gour("if you want to use SSL connections")09:18
cedkgour: it is not09:18
cedkgour: for the client09:19
gourahh, then the wiki docs http://code.google.com/p/tryton/wiki/Requirements are not up-to-date09:20
cedkgour: you must trust setup.py :-)09:21
gourok, will fix those issues...i agree :-)09:21
-!- bechamel(n=user@host-85-201-159-186.brutele.be) has joined #tryton09:24
cedkgour: I'm not fan of those install pages because they are not uptodate enough09:24
gourcedk: well, i agree, but would be nice to have 'em uptodate09:26
gourACTION fixed url for trytond09:29
gourACTION fixed optdeps for tryton as well09:32
gournow i've to go shopping...then i'll upgrade to 1.2.2 and add some modules...09:33
CIA-2ced@b2ck.com * r726 /wiki/Requirements.wiki: Remove wrong deps09:59
-!- carlos(n=carlos@180.156.221.87.dynamic.jazztel.es) has joined #tryton10:35
gourcedk: does e.g. trytond_account-1.2.2 module can work with trytond-1.2.1 ?10:45
cedkgour: yes10:46
cedkgour: all works with the same serie10:46
cedkgour: a serie is the two first numbers10:46
gourcedk: so, the req for modules is to match the major serie?10:46
gourcool. thanks10:46
cedkgour: yes10:46
carloscedk: I wonder the rationale behind the contact mechanism being independent of the party address10:49
carloscedk: I understand that website and maybe others would be common, even some generic email address, however, you may want to attach the mobile phone with a contact name or its direct email, or even different phone numbers per address10:50
carlosa good example is the sales contact and an invoice contact, both may have different contact mechanism10:51
CIA-2Bertrand Chenal <bch@b2ck.com> default * 1968:b14a6d0f20fb trytond/trytond/protocols/dispatcher.py: Pass True as arg to sql query for db independance10:52
CIA-2http://hg.tryton.org/trytond/rev/b14a6d0f20fb10:52
carloscedk: is there a plan to improve the situation ? I don't think collapsing contact_mechanism with the address part is the solution (like OpenERP does), but maybe a mix model...10:53
cedkcarlos: I don't have any problem with the current situation10:55
cedkcarlos: what you call a contact name must be a party10:55
carloscedk: is there support for nested parties? (something like companies do with employees)10:56
cedkcarlos: not yet10:57
carlosotherwise, having to look for the sales contact as a different party is going to be difficult10:58
carloscedk: ok, that other solution is also fine for me, however, how do you do it right now?10:58
carlosadding the company name also as part of the contact name ?10:59
carlossorry, s/contact name/party name/10:59
carlossomething like: Carlos Perelló Marín (PEMAS Servicios...)10:59
cedkcarlos: I don't11:01
-!- gremly(n=gremly@190.156.158.121) has joined #tryton11:01
carlosthen, how would you do to get my contact information? (If you don't know my name, just my company name)11:02
cedkcarlos: why do I need to have your name?11:04
carloshow do you get the salesman email or phone if you store it as other party?11:05
carlosI'm trying to know how do you solve that use case with curren tryton11:06
cedkcarlos: I don't say that11:06
cedkcarlos: you can stored where you want11:06
cedkcarlos: but it depends of the usage after11:06
cedkcarlos: storing information is simple: create a field11:07
yangoon carlos I think it is the purpose of party_relationship, that udono planned some time ago11:09
yangooncarlos: it is the logical consequence of the party model11:10
carlosyangoon: yeah, I guess that's cedk was talking about. I was just trying to figure how others 'workaround' the lack of party_relationship11:10
gourACTION uploaded trytond_account (1st pkg module) for archlinux11:13
cedkgour: trytond_account must depend to trytond_company, trytond_party, trytond_currency11:15
gourcedk: oops11:16
gourcedk: howto find out about those deps?11:18
yangoongour: have a look at __tryton__.py11:20
cedkgour: it is in __tryton__.py11:20
gourahh, right...missed when i took a look for the 1st time11:21
gourwhat is provided by the base package?11:22
cedkgour: ir, res, workflow, webdav11:25
CIA-2C?dric Krier <ced@b2ck.com> default * 171:ec83757de74a company/company.py: Add company to search domain for root user because he is skipped by ir.rule11:25
CIA-2http://hg.tryton.org/modules/company/rev/ec83757de74a11:25
gourcedk: ta11:25
gourcedk: do you think it is proper to change the category of module-pkgs from 'office' to 'modules' ?11:54
cedkgour: I don't know11:59
gourok. let's leave it in 'office' for now12:04
-!- yangoon(n=mathiasb@p549F723D.dip.t-dialin.net) has joined #tryton12:05
-!- yangoon(n=mathiasb@p549F723D.dip.t-dialin.net) has joined #tryton12:06
-!- udono(n=udono@dynamic-unidsl-85-197-19-166.westend.de) has joined #tryton12:57
-!- paepke(n=paepke@R8ea6.r.pppool.de) has joined #tryton12:59
gourcedk: ok, tryton(d) is now up-to date on archlinux with trytond-account module and its deps...13:15
cedkgour: good13:16
cedkgour: trytond_party could also depend on vatnumber13:16
gouri've noticed that despite of installing modules, they were nor marked as installed on the server...it looks i've to become (more) familiar with working of tryton (especially) considering that i skipped quickly over openerp :-)13:16
cedkgour: this is because you must also install module on a database13:17
gourcedk: for where you got this info about vatnumber? is it optional dep?13:18
cedkgour: and as Tryton is multi-database, you can have different modules per database13:18
gourcedk: yep...it will take some time to adjust my brain onto it, but, so far, i'm pleased with it13:18
cedkgour: http://code.google.com/p/vatnumber/13:18
cedkgour: it is an optional deps but I think it is very useful13:19
gourcedk: i've dl-ed vatnumber, but from where to 'read' its dep on vatnumber?13:19
gourahh, ok.13:19
cedkgour: if you have company as customer13:19
gourbefore contributing to tryton, i had to prepare basic system first...now i'll see what are some of the further modules i might package...then playing with it and taking look at 'medical' :-D13:22
gourcedk: i might provide vatnumber and vobject soon13:24
cedkgour: vobject is not in archlinux?13:25
gourcedk: now i see it is :-)13:25
gourbut let's add it as optdep13:26
cedkgour: vobject is required for trunk modules13:27
gourgood. let's be prepared for 1.4 :-)13:29
gourcedk: vatnumber can be put into 'module' category?13:33
cedkgour: it is a python module13:35
gourcedk: yep, but do you think i could put it in 'module' category in arch as well?13:36
cedkgour: I think office is better13:39
gourcedk: ok13:40
gourACTION uploaded python-vatnumber13:56
-!- fehmsen(n=frank@p548CAFF9.dip.t-dialin.net) has joined #tryton13:58
cedkgour: looks good14:01
gourACTION --> lunch. bbl14:04
cedkgour: the opt deps for vatnumber and vobject must not be on trytond14:04
cedkgour: vatnumber is on trytond_party14:04
cedkgour: and vobject will be on trytond_party_vcarddav and trytond_calendar14:04
cedkfehmsen: hi14:09
fehmsenhi14:12
carlosfunny, I was going to point to cedk a security problem announced in OpenERP's forum (I got it by email), just in case it affects tryton and when I went to the forum to get a link to the topic, cedk was the one sending the announcement...14:37
carloscedk: does it affect Tryton?14:37
cedkcarlos: no, never14:37
carlosOk, perfect14:37
carloscedk: I guess then that it's related with the fact that the passwords are stored in plain text in OpenErp by default14:38
cedkcarlos: no14:38
cedkcarlos: and Tryton was also not affect by the previous security issue of OpenERP14:39
carlosok, then I will wait for the announcement and will turn off my old tinyerp off while I'm not extracting old data from it...14:39
carlosACTION -> lunch14:40
carloscheers14:40
cedkBy the way, Tiny has not made any annoucement about the previous security issue which was also problematic14:42
cedkcarlos: and the previous + mine: allow to break without login access14:42
CIA-2C?dric Krier <ced@b2ck.com> default * 1969:338ec4fa9a6a trytond/ (6 files in 3 dirs): Add ModelSingleton14:44
CIA-2http://hg.tryton.org/trytond/rev/338ec4fa9a6a14:44
CIA-2C?dric Krier <ced@b2ck.com> default * 1970:e4da92d54f07 trytond/trytond/protocols/dispatcher.py: merge14:44
CIA-2http://hg.tryton.org/trytond/rev/e4da92d54f0714:44
gourcedk: ahh, i was led astray by not-the-perfect sectioning at the http://code.google.com/p/tryton/wiki/Requirements wiki page14:51
gourACTION is not wiki-fan14:51
gourcedk: trytond_party_vcarddav and trytond_calendar will be ready for 1.4?14:57
cedkgour: yes15:02
-!- _TiN_(i=ahenze@190.0.162.41) has joined #tryton15:03
gourok. for now i fixed trytond & *-party15:04
carloscedk: I hope that at least, they fixed it...15:11
carlos"it's normal with a login to have access to datas and do modifications ... "15:16
carlosso changing the admin password with a non admin account is supposed to be correct... that guy has no clue... (talking about the openerp security problem)15:17
cedkcarlos: it is not normal to be allow to change any data15:18
cedkcarlos: there is security rule and you are not supposed to break it15:19
carloscedk: yeah, admins should trust you will not do bad things, right?...15:19
cedkcarlos: imagine the portal module, where your customer/supplier has access to your account info15:19
cedkcarlos: that is not how security works15:20
cedkcarlos: you can even drop the database :-)15:20
carloscedk: but you cannot do that, the rules are there to follow them!15:21
carlosACTION sets sarcastic mode off15:21
cedkcarlos: on an OS when a user can grant root/admin access, it is considered as an security issue15:33
carloscedk: well, I think that comment doesn't come from an OpenERP developer, but a user or someone that is starting with OpenERP so he didn't understand your post15:34
cedkcarlos: perhaps15:36
carloscedk: anyway, what he told you is the right way to file a security issue in Launchpad. Your bug report will be only available to you and the OpenERP's security team, unless they want to publish it15:36
cedkcarlos: ok, I will fill it15:37
carlosso no one will be able to see the exploit outside you and them15:37
cedkcarlos: but I find that OpenERP doesn't deal properly with security issue15:37
cedkcarlos: they don't make any annouce about the previous one15:37
cedkcarlos: I think the link is wrong15:38
carloswell, that's a different issue, I don't think is a good thing for them, neither for their users that install the available packages in their linux distribution, because they may miss the security fix backport....15:39
carloscedk: https://bugs.launchpad.net/openobject/+filebug15:40
carloscedk: the other link is for the client15:40
carloscedk: or even https://bugs.launchpad.net/openobject-server/+filebug so you don't need to select the server15:41
cedkcarlos: done it is bug #42256315:44
carloscedk: and confirmed it's not published:15:45
carlosNot allowed here15:45
carlosSorry, you don't have permission to access this page.15:45
-!- Timitos(n=timitos@88.217.184.172) has joined #tryton15:49
CIA-2ced@b2ck.com * r727 /wiki/Release_1_4_0.wiki: Add ModelSingleton15:55
-!- jerojasro(n=jerojasr@190.144.69.234) has joined #tryton16:04
-!- juanfer(n=juanfer@190.144.69.234) has joined #tryton16:25
-!- carlos(n=carlos@180.156.221.87.dynamic.jazztel.es) has joined #tryton16:35
-!- _TiN_(i=ahenze@190.0.162.41) has joined #tryton16:35
-!- carlos(n=carlos@180.156.221.87.dynamic.jazztel.es) has joined #tryton16:54
cedkhttp://codereview.appspot.com/11013316:59
cedkit adds ir.model.access check to set/get on ir.property16:59
cedkI don't think we should considered it as a security issue as set/get are not accessible from outside17:00
cedkwhat do you think?17:00
cedkbechamel: ping17:09
bechamelcedk: and you want to apply the patch anyway ?17:11
cedkbechamel: yes because it enforces the coherence17:12
cedkbechamel: and it doesn't add too much load because there is a cache on check function17:15
cedkthey fix it: http://bazaar.launchpad.net/~openerp/openobject-server/5.0/revision/185317:17
Timitoscedk: i think your patch from above is an important patch. even when set/get are not accessible from outside17:21
cedkTimitos: ok, but should it be backported?17:22
Timitoscedk: i think it would be better17:22
cedkTimitos: but it is not a bug17:23
Timitoscedk: it is a difficult decision.17:25
gourACTION wonders if any tryton dev uses emacs and which xml mode he recommends...17:31
Timitosgour: ask bechamel ;-)17:32
gourTimitos: thanks17:32
bechamelgour: I use emacs and the default xml mode, I think it's just xml-mode17:33
gourbechamel: ok. cool17:33
yangooncedk: Timitos backport is not only for bug fixing, but also for security issue, so why not?17:34
bechamelgour: actually I don't know how to find which mode is used (M-x xml-mode doesn't change anything)17:34
bechamelyangoon: it's more a consistency issue than a security issue17:35
gourbechamel: i opened oen xml doc (from medical) and emacs says: XML and sgml menu is enabled17:37
yangoonbechamel: cedk classification is up to you;)17:37
Timitoscedk: bechamel: i think the question we need to answer is: what is a security issue for tryton community and what not? when we answer this question for this patch with yes. then we should backport it and when we answer with no there is no reason for a backport. so what are security issues for tryton community?17:37
gour:-)17:38
Timitosmaybe there is some classification to find in the web about this17:38
bechamelgour: you have this message with other xml file ?17:39
gourbechamel: well, opening some xml file shows XML in status17:40
bechamelTimitos: for me there is a security issue if the software allow someone to do something that is not theoricaly allowed (the funny thing is that a bug is exactly the opposite: the software doesn't allow ...)17:40
bechamelgour: what's the url of the medical module repo ?17:41
gourbechamel: http://sourceforge.net/projects/medical/files/17:42
gourbechamel: or svn co https://medical.svn.sourceforge.net/svnroot/medical medical17:43
Timitoscedk: www.redhat.com/f/pdf/rhel4/SecurityClassification.pdf maybe this is helpful17:44
gourACTION --> afk. bbl17:45
cedkI find the def. of bechamel good18:01
cedkso for ir.property, I don't see any way how it can allow an external user making something that is not allowed18:13
bechamelcedk: so the question is: is it a bug ?18:15
cedkbechamel: no because it doesn't block any thing18:16
cedkI think it is an improvement that prevent buggy code to do wrong things18:17
bechamelcedk: ok18:17
CIA-2C?dric Krier <ced@b2ck.com> default * 1971:26be1212635f trytond/ (CHANGELOG trytond/ir/property.py): Add ir.model.access check get and set of ir.property18:26
CIA-2http://hg.tryton.org/trytond/rev/26be1212635f18:26
CIA-2C?dric Krier <ced@b2ck.com> default * 1387:0bba5ca25132 tryton/ (6 files in 3 dirs): Add 'login.host' options to hide server connection18:38
CIA-2http://hg.tryton.org/tryton/rev/0bba5ca2513218:38
-!- vengfulsquirrel(n=ian@c-69-181-194-95.hsd1.ca.comcast.net) has joined #tryton19:46
-!- carlos(n=carlos@180.156.221.87.dynamic.jazztel.es) has joined #tryton20:53
-!- enlightx(n=enlightx@host-78-13-114-247.cust-adsl.tiscali.it) has joined #tryton21:08
-!- jerojasro(n=jerojasr@190.144.69.234) has joined #tryton21:36
-!- jerojasro(n=jerojasr@190.144.69.234) has joined #tryton22:15
-!- jerojasro(n=jerojasr@190.144.69.234) has joined #tryton22:16
-!- juanfer(n=juanfer@190.144.69.234) has joined #tryton22:28
-!- vengfulsquirrel(n=ian@c-69-181-194-95.hsd1.ca.comcast.net) has joined #tryton22:42
-!- carlos(n=carlos@180.156.221.87.dynamic.jazztel.es) has joined #tryton22:52
-!- carlos(n=carlos@180.156.221.87.dynamic.jazztel.es) has joined #tryton22:56
vengfulsquirrelIf I browse and get some records back, say moves, and then write to a move using move_obj.write(...., move.id, values) will my move object I browsed for change or do I have to call again to get the changes?23:56
cedkvengfulsquirrel: it depends of the Tryton version23:56
cedkvengfulsquirrel: you need new browse for <= 1.2.x and no more for later23:57

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!