IRC logs of #tryton for Tuesday, 2009-09-01

chat.freenode.net #tryton log beginning Tue Sep 1 00:00:02 CEST 2009
2009-09-01 00:24 -!- carlos(n=carlos@61.157.221.87.dynamic.jazztel.es) has joined #tryton
2009-09-01 00:29 -!- vengfulsquirrel(n=ian@c-69-181-194-95.hsd1.ca.comcast.net) has joined #tryton
2009-09-01 01:43 -!- vengfulsquirrel(n=ian@c-69-181-194-95.hsd1.ca.comcast.net) has joined #tryton
2009-09-01 02:49 -!- ikks(n=ikks@190.158.102.224) has joined #tryton
2009-09-01 03:55 -!- woakas(n=woakas@190.144.69.234) has joined #tryton
2009-09-01 05:19 -!- yangoon(n=mathiasb@p549F723D.dip.t-dialin.net) has joined #tryton
2009-09-01 06:32 -!- gour(n=user@188.125.5.165) has joined #tryton
2009-09-01 07:00 -!- udono(n=udono@dynamic-unidsl-85-197-19-166.westend.de) has joined #tryton
2009-09-01 07:44 -!- enlightx(n=enlightx@static-217-133-61-144.clienti.tiscali.it) has joined #tryton
2009-09-01 07:54 -!- sharkcz(n=dan@plz1-v-4-17.static.adsl.vol.cz) has joined #tryton
2009-09-01 08:28 -!- cedk(n=ced@gentoo/developer/cedk) has joined #tryton
2009-09-01 08:35 <gour> morning cedk
2009-09-01 09:09 <gour> ACTION just uploaded tryton(d)-1.2.1 pkgs to the archlinux' AUR...now going to upgrade to 1.2.2 and prepare modules...
2009-09-01 09:14 <cedk> gour: tryton doesn't depend on pyopenssl
2009-09-01 09:15 <cedk> gour: and I think it is better to ending url with / like http://www.tryton.org/
2009-09-01 09:18 <gour> cedk: pyopenssl is optional dep
2009-09-01 09:18 <gour> ("if you want to use SSL connections")
2009-09-01 09:18 <cedk> gour: it is not
2009-09-01 09:19 <cedk> gour: for the client
2009-09-01 09:20 <gour> ahh, then the wiki docs http://code.google.com/p/tryton/wiki/Requirements are not up-to-date
2009-09-01 09:21 <cedk> gour: you must trust setup.py :-)
2009-09-01 09:21 <gour> ok, will fix those issues...i agree :-)
2009-09-01 09:24 -!- bechamel(n=user@host-85-201-159-186.brutele.be) has joined #tryton
2009-09-01 09:24 <cedk> gour: I'm not fan of those install pages because they are not uptodate enough
2009-09-01 09:26 <gour> cedk: well, i agree, but would be nice to have 'em uptodate
2009-09-01 09:29 <gour> ACTION fixed url for trytond
2009-09-01 09:32 <gour> ACTION fixed optdeps for tryton as well
2009-09-01 09:33 <gour> now i've to go shopping...then i'll upgrade to 1.2.2 and add some modules...
2009-09-01 09:59 <CIA-2> ced@b2ck.com * r726 /wiki/Requirements.wiki: Remove wrong deps
2009-09-01 10:35 -!- carlos(n=carlos@180.156.221.87.dynamic.jazztel.es) has joined #tryton
2009-09-01 10:45 <gour> cedk: does e.g. trytond_account-1.2.2 module can work with trytond-1.2.1 ?
2009-09-01 10:46 <cedk> gour: yes
2009-09-01 10:46 <cedk> gour: all works with the same serie
2009-09-01 10:46 <cedk> gour: a serie is the two first numbers
2009-09-01 10:46 <gour> cedk: so, the req for modules is to match the major serie?
2009-09-01 10:46 <gour> cool. thanks
2009-09-01 10:46 <cedk> gour: yes
2009-09-01 10:49 <carlos> cedk: I wonder the rationale behind the contact mechanism being independent of the party address
2009-09-01 10:50 <carlos> cedk: I understand that website and maybe others would be common, even some generic email address, however, you may want to attach the mobile phone with a contact name or its direct email, or even different phone numbers per address
2009-09-01 10:51 <carlos> a good example is the sales contact and an invoice contact, both may have different contact mechanism
2009-09-01 10:52 <CIA-2> Bertrand Chenal <bch@b2ck.com> default * 1968:b14a6d0f20fb trytond/trytond/protocols/dispatcher.py: Pass True as arg to sql query for db independance
2009-09-01 10:52 <CIA-2> http://hg.tryton.org/trytond/rev/b14a6d0f20fb
2009-09-01 10:53 <carlos> cedk: is there a plan to improve the situation ? I don't think collapsing contact_mechanism with the address part is the solution (like OpenERP does), but maybe a mix model...
2009-09-01 10:55 <cedk> carlos: I don't have any problem with the current situation
2009-09-01 10:55 <cedk> carlos: what you call a contact name must be a party
2009-09-01 10:56 <carlos> cedk: is there support for nested parties? (something like companies do with employees)
2009-09-01 10:57 <cedk> carlos: not yet
2009-09-01 10:58 <carlos> otherwise, having to look for the sales contact as a different party is going to be difficult
2009-09-01 10:58 <carlos> cedk: ok, that other solution is also fine for me, however, how do you do it right now?
2009-09-01 10:59 <carlos> adding the company name also as part of the contact name ?
2009-09-01 10:59 <carlos> sorry, s/contact name/party name/
2009-09-01 10:59 <carlos> something like: Carlos Perelló Marín (PEMAS Servicios...)
2009-09-01 11:01 <cedk> carlos: I don't
2009-09-01 11:01 -!- gremly(n=gremly@190.156.158.121) has joined #tryton
2009-09-01 11:02 <carlos> then, how would you do to get my contact information? (If you don't know my name, just my company name)
2009-09-01 11:04 <cedk> carlos: why do I need to have your name?
2009-09-01 11:05 <carlos> how do you get the salesman email or phone if you store it as other party?
2009-09-01 11:06 <carlos> I'm trying to know how do you solve that use case with curren tryton
2009-09-01 11:06 <cedk> carlos: I don't say that
2009-09-01 11:06 <cedk> carlos: you can stored where you want
2009-09-01 11:06 <cedk> carlos: but it depends of the usage after
2009-09-01 11:07 <cedk> carlos: storing information is simple: create a field
2009-09-01 11:09 <yangoon> carlos I think it is the purpose of party_relationship, that udono planned some time ago
2009-09-01 11:10 <yangoon> carlos: it is the logical consequence of the party model
2009-09-01 11:10 <carlos> yangoon: yeah, I guess that's cedk was talking about. I was just trying to figure how others 'workaround' the lack of party_relationship
2009-09-01 11:13 <gour> ACTION uploaded trytond_account (1st pkg module) for archlinux
2009-09-01 11:15 <cedk> gour: trytond_account must depend to trytond_company, trytond_party, trytond_currency
2009-09-01 11:16 <gour> cedk: oops
2009-09-01 11:18 <gour> cedk: howto find out about those deps?
2009-09-01 11:20 <yangoon> gour: have a look at __tryton__.py
2009-09-01 11:20 <cedk> gour: it is in __tryton__.py
2009-09-01 11:21 <gour> ahh, right...missed when i took a look for the 1st time
2009-09-01 11:22 <gour> what is provided by the base package?
2009-09-01 11:25 <cedk> gour: ir, res, workflow, webdav
2009-09-01 11:25 <CIA-2> C?dric Krier <ced@b2ck.com> default * 171:ec83757de74a company/company.py: Add company to search domain for root user because he is skipped by ir.rule
2009-09-01 11:25 <CIA-2> http://hg.tryton.org/modules/company/rev/ec83757de74a
2009-09-01 11:25 <gour> cedk: ta
2009-09-01 11:54 <gour> cedk: do you think it is proper to change the category of module-pkgs from 'office' to 'modules' ?
2009-09-01 11:59 <cedk> gour: I don't know
2009-09-01 12:04 <gour> ok. let's leave it in 'office' for now
2009-09-01 12:05 -!- yangoon(n=mathiasb@p549F723D.dip.t-dialin.net) has joined #tryton
2009-09-01 12:06 -!- yangoon(n=mathiasb@p549F723D.dip.t-dialin.net) has joined #tryton
2009-09-01 12:57 -!- udono(n=udono@dynamic-unidsl-85-197-19-166.westend.de) has joined #tryton
2009-09-01 12:59 -!- paepke(n=paepke@R8ea6.r.pppool.de) has joined #tryton
2009-09-01 13:15 <gour> cedk: ok, tryton(d) is now up-to date on archlinux with trytond-account module and its deps...
2009-09-01 13:16 <cedk> gour: good
2009-09-01 13:16 <cedk> gour: trytond_party could also depend on vatnumber
2009-09-01 13:16 <gour> i've noticed that despite of installing modules, they were nor marked as installed on the server...it looks i've to become (more) familiar with working of tryton (especially) considering that i skipped quickly over openerp :-)
2009-09-01 13:17 <cedk> gour: this is because you must also install module on a database
2009-09-01 13:18 <gour> cedk: for where you got this info about vatnumber? is it optional dep?
2009-09-01 13:18 <cedk> gour: and as Tryton is multi-database, you can have different modules per database
2009-09-01 13:18 <gour> cedk: yep...it will take some time to adjust my brain onto it, but, so far, i'm pleased with it
2009-09-01 13:18 <cedk> gour: http://code.google.com/p/vatnumber/
2009-09-01 13:19 <cedk> gour: it is an optional deps but I think it is very useful
2009-09-01 13:19 <gour> cedk: i've dl-ed vatnumber, but from where to 'read' its dep on vatnumber?
2009-09-01 13:19 <gour> ahh, ok.
2009-09-01 13:19 <cedk> gour: if you have company as customer
2009-09-01 13:22 <gour> before contributing to tryton, i had to prepare basic system first...now i'll see what are some of the further modules i might package...then playing with it and taking look at 'medical' :-D
2009-09-01 13:24 <gour> cedk: i might provide vatnumber and vobject soon
2009-09-01 13:25 <cedk> gour: vobject is not in archlinux?
2009-09-01 13:25 <gour> cedk: now i see it is :-)
2009-09-01 13:26 <gour> but let's add it as optdep
2009-09-01 13:27 <cedk> gour: vobject is required for trunk modules
2009-09-01 13:29 <gour> good. let's be prepared for 1.4 :-)
2009-09-01 13:33 <gour> cedk: vatnumber can be put into 'module' category?
2009-09-01 13:35 <cedk> gour: it is a python module
2009-09-01 13:36 <gour> cedk: yep, but do you think i could put it in 'module' category in arch as well?
2009-09-01 13:39 <cedk> gour: I think office is better
2009-09-01 13:40 <gour> cedk: ok
2009-09-01 13:56 <gour> ACTION uploaded python-vatnumber
2009-09-01 13:58 -!- fehmsen(n=frank@p548CAFF9.dip.t-dialin.net) has joined #tryton
2009-09-01 14:01 <cedk> gour: looks good
2009-09-01 14:04 <gour> ACTION --> lunch. bbl
2009-09-01 14:04 <cedk> gour: the opt deps for vatnumber and vobject must not be on trytond
2009-09-01 14:04 <cedk> gour: vatnumber is on trytond_party
2009-09-01 14:04 <cedk> gour: and vobject will be on trytond_party_vcarddav and trytond_calendar
2009-09-01 14:09 <cedk> fehmsen: hi
2009-09-01 14:12 <fehmsen> hi
2009-09-01 14:37 <carlos> funny, I was going to point to cedk a security problem announced in OpenERP's forum (I got it by email), just in case it affects tryton and when I went to the forum to get a link to the topic, cedk was the one sending the announcement...
2009-09-01 14:37 <carlos> cedk: does it affect Tryton?
2009-09-01 14:37 <cedk> carlos: no, never
2009-09-01 14:37 <carlos> Ok, perfect
2009-09-01 14:38 <carlos> cedk: I guess then that it's related with the fact that the passwords are stored in plain text in OpenErp by default
2009-09-01 14:38 <cedk> carlos: no
2009-09-01 14:39 <cedk> carlos: and Tryton was also not affect by the previous security issue of OpenERP
2009-09-01 14:39 <carlos> ok, then I will wait for the announcement and will turn off my old tinyerp off while I'm not extracting old data from it...
2009-09-01 14:40 <carlos> ACTION -> lunch
2009-09-01 14:40 <carlos> cheers
2009-09-01 14:42 <cedk> By the way, Tiny has not made any annoucement about the previous security issue which was also problematic
2009-09-01 14:42 <cedk> carlos: and the previous + mine: allow to break without login access
2009-09-01 14:44 <CIA-2> C?dric Krier <ced@b2ck.com> default * 1969:338ec4fa9a6a trytond/ (6 files in 3 dirs): Add ModelSingleton
2009-09-01 14:44 <CIA-2> http://hg.tryton.org/trytond/rev/338ec4fa9a6a
2009-09-01 14:44 <CIA-2> C?dric Krier <ced@b2ck.com> default * 1970:e4da92d54f07 trytond/trytond/protocols/dispatcher.py: merge
2009-09-01 14:44 <CIA-2> http://hg.tryton.org/trytond/rev/e4da92d54f07
2009-09-01 14:51 <gour> cedk: ahh, i was led astray by not-the-perfect sectioning at the http://code.google.com/p/tryton/wiki/Requirements wiki page
2009-09-01 14:51 <gour> ACTION is not wiki-fan
2009-09-01 14:57 <gour> cedk: trytond_party_vcarddav and trytond_calendar will be ready for 1.4?
2009-09-01 15:02 <cedk> gour: yes
2009-09-01 15:03 -!- _TiN_(i=ahenze@190.0.162.41) has joined #tryton
2009-09-01 15:04 <gour> ok. for now i fixed trytond & *-party
2009-09-01 15:11 <carlos> cedk: I hope that at least, they fixed it...
2009-09-01 15:16 <carlos> "it's normal with a login to have access to datas and do modifications ... "
2009-09-01 15:17 <carlos> so changing the admin password with a non admin account is supposed to be correct... that guy has no clue... (talking about the openerp security problem)
2009-09-01 15:18 <cedk> carlos: it is not normal to be allow to change any data
2009-09-01 15:19 <cedk> carlos: there is security rule and you are not supposed to break it
2009-09-01 15:19 <carlos> cedk: yeah, admins should trust you will not do bad things, right?...
2009-09-01 15:19 <cedk> carlos: imagine the portal module, where your customer/supplier has access to your account info
2009-09-01 15:20 <cedk> carlos: that is not how security works
2009-09-01 15:20 <cedk> carlos: you can even drop the database :-)
2009-09-01 15:21 <carlos> cedk: but you cannot do that, the rules are there to follow them!
2009-09-01 15:21 <carlos> ACTION sets sarcastic mode off
2009-09-01 15:33 <cedk> carlos: on an OS when a user can grant root/admin access, it is considered as an security issue
2009-09-01 15:34 <carlos> cedk: well, I think that comment doesn't come from an OpenERP developer, but a user or someone that is starting with OpenERP so he didn't understand your post
2009-09-01 15:36 <cedk> carlos: perhaps
2009-09-01 15:36 <carlos> cedk: anyway, what he told you is the right way to file a security issue in Launchpad. Your bug report will be only available to you and the OpenERP's security team, unless they want to publish it
2009-09-01 15:37 <cedk> carlos: ok, I will fill it
2009-09-01 15:37 <carlos> so no one will be able to see the exploit outside you and them
2009-09-01 15:37 <cedk> carlos: but I find that OpenERP doesn't deal properly with security issue
2009-09-01 15:37 <cedk> carlos: they don't make any annouce about the previous one
2009-09-01 15:38 <cedk> carlos: I think the link is wrong
2009-09-01 15:39 <carlos> well, that's a different issue, I don't think is a good thing for them, neither for their users that install the available packages in their linux distribution, because they may miss the security fix backport....
2009-09-01 15:40 <carlos> cedk: https://bugs.launchpad.net/openobject/+filebug
2009-09-01 15:40 <carlos> cedk: the other link is for the client
2009-09-01 15:41 <carlos> cedk: or even https://bugs.launchpad.net/openobject-server/+filebug so you don't need to select the server
2009-09-01 15:44 <cedk> carlos: done it is bug #422563
2009-09-01 15:45 <carlos> cedk: and confirmed it's not published:
2009-09-01 15:45 <carlos> Not allowed here
2009-09-01 15:45 <carlos> Sorry, you don't have permission to access this page.
2009-09-01 15:49 -!- Timitos(n=timitos@88.217.184.172) has joined #tryton
2009-09-01 15:55 <CIA-2> ced@b2ck.com * r727 /wiki/Release_1_4_0.wiki: Add ModelSingleton
2009-09-01 16:04 -!- jerojasro(n=jerojasr@190.144.69.234) has joined #tryton
2009-09-01 16:25 -!- juanfer(n=juanfer@190.144.69.234) has joined #tryton
2009-09-01 16:35 -!- carlos(n=carlos@180.156.221.87.dynamic.jazztel.es) has joined #tryton
2009-09-01 16:35 -!- _TiN_(i=ahenze@190.0.162.41) has joined #tryton
2009-09-01 16:54 -!- carlos(n=carlos@180.156.221.87.dynamic.jazztel.es) has joined #tryton
2009-09-01 16:59 <cedk> http://codereview.appspot.com/110133
2009-09-01 16:59 <cedk> it adds ir.model.access check to set/get on ir.property
2009-09-01 17:00 <cedk> I don't think we should considered it as a security issue as set/get are not accessible from outside
2009-09-01 17:00 <cedk> what do you think?
2009-09-01 17:09 <cedk> bechamel: ping
2009-09-01 17:11 <bechamel> cedk: and you want to apply the patch anyway ?
2009-09-01 17:12 <cedk> bechamel: yes because it enforces the coherence
2009-09-01 17:15 <cedk> bechamel: and it doesn't add too much load because there is a cache on check function
2009-09-01 17:17 <cedk> they fix it: http://bazaar.launchpad.net/~openerp/openobject-server/5.0/revision/1853
2009-09-01 17:21 <Timitos> cedk: i think your patch from above is an important patch. even when set/get are not accessible from outside
2009-09-01 17:22 <cedk> Timitos: ok, but should it be backported?
2009-09-01 17:22 <Timitos> cedk: i think it would be better
2009-09-01 17:23 <cedk> Timitos: but it is not a bug
2009-09-01 17:25 <Timitos> cedk: it is a difficult decision.
2009-09-01 17:31 <gour> ACTION wonders if any tryton dev uses emacs and which xml mode he recommends...
2009-09-01 17:32 <Timitos> gour: ask bechamel ;-)
2009-09-01 17:32 <gour> Timitos: thanks
2009-09-01 17:33 <bechamel> gour: I use emacs and the default xml mode, I think it's just xml-mode
2009-09-01 17:33 <gour> bechamel: ok. cool
2009-09-01 17:34 <yangoon> cedk: Timitos backport is not only for bug fixing, but also for security issue, so why not?
2009-09-01 17:34 <bechamel> gour: actually I don't know how to find which mode is used (M-x xml-mode doesn't change anything)
2009-09-01 17:35 <bechamel> yangoon: it's more a consistency issue than a security issue
2009-09-01 17:37 <gour> bechamel: i opened oen xml doc (from medical) and emacs says: XML and sgml menu is enabled
2009-09-01 17:37 <yangoon> bechamel: cedk classification is up to you;)
2009-09-01 17:37 <Timitos> cedk: bechamel: i think the question we need to answer is: what is a security issue for tryton community and what not? when we answer this question for this patch with yes. then we should backport it and when we answer with no there is no reason for a backport. so what are security issues for tryton community?
2009-09-01 17:38 <gour> :-)
2009-09-01 17:38 <Timitos> maybe there is some classification to find in the web about this
2009-09-01 17:39 <bechamel> gour: you have this message with other xml file ?
2009-09-01 17:40 <gour> bechamel: well, opening some xml file shows XML in status
2009-09-01 17:40 <bechamel> Timitos: for me there is a security issue if the software allow someone to do something that is not theoricaly allowed (the funny thing is that a bug is exactly the opposite: the software doesn't allow ...)
2009-09-01 17:41 <bechamel> gour: what's the url of the medical module repo ?
2009-09-01 17:42 <gour> bechamel: http://sourceforge.net/projects/medical/files/
2009-09-01 17:43 <gour> bechamel: or svn co https://medical.svn.sourceforge.net/svnroot/medical medical
2009-09-01 17:44 <Timitos> cedk: www.redhat.com/f/pdf/rhel4/SecurityClassification.pdf maybe this is helpful
2009-09-01 17:45 <gour> ACTION --> afk. bbl
2009-09-01 18:01 <cedk> I find the def. of bechamel good
2009-09-01 18:13 <cedk> so for ir.property, I don't see any way how it can allow an external user making something that is not allowed
2009-09-01 18:15 <bechamel> cedk: so the question is: is it a bug ?
2009-09-01 18:16 <cedk> bechamel: no because it doesn't block any thing
2009-09-01 18:17 <cedk> I think it is an improvement that prevent buggy code to do wrong things
2009-09-01 18:17 <bechamel> cedk: ok
2009-09-01 18:26 <CIA-2> C?dric Krier <ced@b2ck.com> default * 1971:26be1212635f trytond/ (CHANGELOG trytond/ir/property.py): Add ir.model.access check get and set of ir.property
2009-09-01 18:26 <CIA-2> http://hg.tryton.org/trytond/rev/26be1212635f
2009-09-01 18:38 <CIA-2> C?dric Krier <ced@b2ck.com> default * 1387:0bba5ca25132 tryton/ (6 files in 3 dirs): Add 'login.host' options to hide server connection
2009-09-01 18:38 <CIA-2> http://hg.tryton.org/tryton/rev/0bba5ca25132
2009-09-01 19:46 -!- vengfulsquirrel(n=ian@c-69-181-194-95.hsd1.ca.comcast.net) has joined #tryton
2009-09-01 20:53 -!- carlos(n=carlos@180.156.221.87.dynamic.jazztel.es) has joined #tryton
2009-09-01 21:08 -!- enlightx(n=enlightx@host-78-13-114-247.cust-adsl.tiscali.it) has joined #tryton
2009-09-01 21:36 -!- jerojasro(n=jerojasr@190.144.69.234) has joined #tryton
2009-09-01 22:15 -!- jerojasro(n=jerojasr@190.144.69.234) has joined #tryton
2009-09-01 22:16 -!- jerojasro(n=jerojasr@190.144.69.234) has joined #tryton
2009-09-01 22:28 -!- juanfer(n=juanfer@190.144.69.234) has joined #tryton
2009-09-01 22:42 -!- vengfulsquirrel(n=ian@c-69-181-194-95.hsd1.ca.comcast.net) has joined #tryton
2009-09-01 22:52 -!- carlos(n=carlos@180.156.221.87.dynamic.jazztel.es) has joined #tryton
2009-09-01 22:56 -!- carlos(n=carlos@180.156.221.87.dynamic.jazztel.es) has joined #tryton
2009-09-01 23:56 <vengfulsquirrel> If I browse and get some records back, say moves, and then write to a move using move_obj.write(...., move.id, values) will my move object I browsed for change or do I have to call again to get the changes?
2009-09-01 23:56 <cedk> vengfulsquirrel: it depends of the Tryton version
2009-09-01 23:57 <cedk> vengfulsquirrel: you need new browse for <= 1.2.x and no more for later

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!