Contributors mailing list archives

contributors@odoo-community.org

Avatar

OCA and security notices

by
Open Architects Consulting, Houssine BAKKALI
- 23/12/2020 10:41:53

Hi community,

Yesterday a security notices has been published.

Stefan has begun to bring one security fix to OCB with this PR

It raises what seems to be an important point about the handling of the security fixes for the unsupported Odoo version on OCB. Will this should be taken in charge by OCA, as OCB is under OCA umbrella or it'll remain on the goodwill of the community's members ? I don't have any problem with one of the possible responses.

My point is how do we takle the minimum about this topic. I mean how do we organize the contribution members on this topics ?

My first idea will be to open an issue on OCB for each security notice and organize the work as it done for modules migration. What do you think ? Creating a PSC team security could be another idea.

Finding the security issues seems to be easy but at this point we don't have a tracking on the ones that are brought back on the unsupported version on OCB.

Here at Coop IT Easy we'll probably focus on the versions affecting our customers it means 9.0 as 11.0 and later are still supported.

Regards,

Housine


Virus-free. www.avast.com

Follow-Ups