Contributors mailing list archives

Browse archives


Re: OCA and security notices

InitOS GmbH, Frederik Kramer
- 31/12/2020 15:06:57
Hi Tom, 

at least i heard the same about other partners treating the even
versions as innovative and the uneven as stabilizing. At initOS we
pretty much do the same. To me even 2 years cyles seem somewhat odd
in an ERP world. 

I personally think Odoo constantly tries to dance on several weddings.
One of them is the VC that requires "measurable" process, the other
general Marketing conduct (you always have to have news to sell /
upsell) and than of course the underlying drag of community features
into enterprise (and back ;-)).
I'd personally recommend trying to optimize for a two year cycle but i
am not really in favour of name that LTS, simply because that would
again be a matter of discussion within the OCA and especially in the
already difficult communication with Odoo S.A. 

So in short treating even versions as somewhat LTS (without naming it
like that) is reasonable and probably a good strategy. For OpenUpgrade
however we need to cover the uneven version in the same manner

Best and happy new year in advance


Am Donnerstag, den 31.12.2020, 13:56 +0000 schrieb Tom:

> Odoo is not taking any responsibility for fixing security issues on

> older versions. Since OCA is understaffed, it's hard to keep all

> balls in the air: maintaining and bugfixing older modules, doing

> security patches in OCB, maintaining OpenUpgrade, etc. 


> I heard that Akretion is skipping the uneven versions of Odoo, but

> maybe I heard wrong. 


> Would it be a good idea to take the initiative to designate certain

> versions as "LTS" releases, making sure that these have security

> patches, bugfixes and an upgrade path? Similar to eg. Django or Linux

> Mint. It might serve to bring more focus into a scattered (but

> wonderful) open source effort. 



> Dec 23, 2020 11:47:43 Houssine BAKKALI <>:


> > Hi community,

> > 

> > Yesterday a security notices has been published. 

> > 

> > Stefan has begun to bring one security fix to OCB with this PR

> > 

> > It raises what seems to be an important point about the handling of

> > the security fixes for the unsupported Odoo version on OCB. Will

> > this should be taken in charge by OCA, as OCB is under OCA umbrella

> > or it'll remain on the goodwill of the community's members ? I

> > don't have any problem with one of the possible responses.

> > 

> > My point is how do we takle the minimum about this topic. I mean

> > how do we organize the contribution members on this topics ? 

> > 

> > My first idea will be to open an issue on OCB for each security

> > notice and organize the work as it done for modules migration. What

> > do you think ? Creating a PSC team security could be another idea.

> > 

> > Finding the security issues seems to be easy but at this point we

> > don't have a tracking on the ones that are brought back on the

> > unsupported version on OCB.

> > 

> > Here at Coop IT Easy we'll probably focus on the versions affecting

> > our customers it means 9.0 as 11.0 and later are still supported.

> > 

> > Regards,

> > 

> > Housine

> > 

> > 

> > 	Virus-free.

> > _______________________________________________

> > Mailing-List:

> > Post to:

> > Unsubscribe:

> > 


> _______________________________________________

> Mailing-List:

> Post to:

> Unsubscribe:

Dr.-Ing. Frederik Kramer
initOS GmbH
An der Eisenbahn 1
21224 Rosengarten
Phone:  +49 4105 56156-12
Fax:    +49 4105 56156-10
Mobil:  +49 179 3901819
Dr.-Ing. Frederik Kramer & Dipl.-Ing. (FH) Torsten Francke

Sitz der Gesellschaft: Rosengarten – Klecken
Amtsgericht Tostedt, HRB 205226
Steuer-Nr: 15/200/53247
USt-IdNr.: DE815580155