Community mailing list archives
Re: Odoo v9 Community and Enterprise editionsby
Libertus Solutions, Alan Bell
On 11/05/15 15:03, Christophe Hanon wrote: > I think this is largely going over what is asked by the licence. > > Zipping on the fly can represent performance issue. good point > Also there is no obligation to communicate data (xml file). fairly good point, although the XML files are mostly template changes supporting fields that are added in the python files, I see that they don't need to be included but I can't see a massive benefit to anyone in excluding them. > Finally this give an uncontrolled read-access to productio server is a > security risk. no, it really shouldn't be for this scenario, if you have stuff in your module code that is a security risk, then it is in the wrong place. I have done custom modules for customers that just wrap up adding extra fields here and there, I am just about to do one that adds a hazardous materials flag to the product form for example. It isn't a full HAZMAT solution integrated across sales, manufacturing and logistics and supporting all the different ways that things can be dangerous https://en.wikipedia.org/wiki/Dangerous_goods so it isn't a fully baked module that is of general use, but it is the minimum viable solution for this particular customer. A competitor downloading this module could discover that they have added a hasmat field to the product form. That isn't a security risk in itself, but revealing it is something to understand. If Odoo had a base facility to grab module sources then we would have to do a little review of stuff to make sure that we were not revealing anything undesired. Alan.