Community mailing list archives

Re: Odoo v9 Community and Enterprise editions

Libertus Solutions, Alan Bell
- 05/11/2015 10:29:34

On 11/05/15 15:03, Christophe Hanon wrote:
> I think this is largely going over what is asked by the licence.
> Zipping on the fly can represent performance issue.
good point
> Also there is no obligation to communicate data  (xml file).
fairly good point, although the XML files are mostly template changes 
supporting fields that are added in the python files, I see that they 
don't need to be included but I can't see a massive benefit to anyone in 
excluding them.
> Finally this give an uncontrolled read-access to productio server is a 
> security risk.
no, it really shouldn't be for this scenario, if you have stuff in your 
module code that is a security risk, then it is in the wrong place. I 
have done custom modules for customers that just wrap up adding extra 
fields here and there, I am just about to do one that adds a hazardous 
materials flag to the product form for example. It isn't a full HAZMAT 
solution integrated across sales, manufacturing and logistics and 
supporting all the different ways that things can be dangerous so it isn't a fully baked 
module that is of general use, but it is the minimum viable solution for 
this particular customer. A competitor downloading this module could 
discover that they have added a hasmat field to the product form. That 
isn't a security risk in itself, but revealing it is something to 
understand. If Odoo had a base facility to grab module sources then we 
would have to do a little review of stuff to make sure that we were not 
revealing anything undesired.