Community mailing list archives
Re: MAJOR SECURITY PROBLEM! PRIVACY VIOLATED!by
1. On admin menu goto settings
2. Under Users, select oauth providers
3. You will see facebook, google and Odoo. (you won't see them actually. there is only another option below that)
"Use external authentication providers, sign in with Google..."
4. Select and edit Odoo.
5. On edit. Uncheck Allowed.
In Version 9 no more needed
Don't forget to click save! and check again if it is still active or unchecked! If it is still checked, repeat step 4 again, as it should actually work - but sometimes it doesn't i.e. when your are at that time connected with a slow internet connection.
I have found the following modules to debrand your Odoo 9 installation, it seems thatby IT-Projects LLC, Ivan Yelizariev is quite fit in that debranding stuff, as he provides a whole bunch of also other modules for Odoo.
some other helpful links for getting rid of links are:
To change the Favicon:
How to remove the website footer:
For the backend:
Thanks to Graeme Gellatly this is great professional help.
disable_openerp_online (about 60 results - check if you can find a version for 9) on Github it has been forked 206 times.
There is no version 9 available right now!
But MindAndGo has a version for Odoo 9
Check it out!
If people have a question about licensing and what they should use for their modules or concerning debranding / rebranding and "phoning back-features" than check out the licenses to get help:
The term "commercial" appears only one time in the whole document:
If you are using Version 9 you would need to read also the LGPL
Check out also the FAQ - i.e. if you want to use your stuff in a proprietary module or if yu want to avoid that it is used in a proprietary module you won't have access to.
And even much better readings are this here - about GPL and making money:
Very Important part
Why you shouldn't use the Lesser GPL for your next library
and of course
Why the Affero GPL
Suppose you develop and release a free program under the ordinary GNU GPL. If developer D modifies the program and releases it, the GPL requires him to distribute his version under the GPL too. Thus, if you get a copy of his version, you are free to incorporate some or all of his changes into your own version.
Probably you don't know:
Both the ordinary GNU GPL, version 3, and the GNU Affero GPL have text allowing you to link together modules under these two licenses in one program.
The FSF recommends: 2 Licenses GPL v.3 and AGPL v.3
Graeme you are right that nobody can be forced to use a certain license unless it is simply an requirement and a must due to the fact that it links to a GPL program. On the other hand the OCA could simply promote publishing the modules in AGPL v.3 and trying to avoid that people publish them under LGPL v.3.
Why not have on OCA such a code and module search functionality and even better having a centralised repository for all modules licensed under AGPL - which gets regularly (at least daily) updated. For sure people will come and search on OCA and not on ODOO.com, Also Templates could be offered for a lower price at OCA and for sure people again would come to check them out.
I think it is not good following blind without refection about what is actually going on the ODOO.com roadmap. Why not simply publish a debranded version, which would for sure be used by most of the developers! Why not even publish a AGPL/LGPL version which contains all stuff from 8 and from 9 and where nothing had been changed use the AGPL version. Or even publish a NO Module Version of ODOO and let people choose themselves what they want to load and what not.
There are many ways how actually the community which contributes a lot with their ideas, with time and with coding and not at least with getting more and more customers working with Odoo in the Community boat under at least 80% AGPL - and the rest rewrite to AGPL and use already Python v.3!
IMHO the community has so much power but it is not at all using its power and instead following blind all those license changes until it is to late to switch back to AGPL as to many parts than had been "outsourced" and republished as proprietary software parts. Start thinking about it - actually those who moved out top Tryton already warned that this will happen, but even I did not listen to them at that time! Lesson learned I would say!
The following the leader principal can be quite disastrous for lots of community base ODOO businesses in future if the policy to not inform the community long time before things are actually happening about roadmap, new modules, possible license changes etc.
There are so many problems which never had been addressed - i.e. the hunger on resources of ODOO or that it is often sloooowww and not complete loading when you are connected with no high speed connection or that Odoo is still using Python 2.7 even Python with so many great features is already out since 7 years! If this continues than ODOO or what ever it will be called than is a Stone aged thing with the speed of that age.
A Community like the one of ODOO with really great companies all around the world could do much much better if they would stand together and they put in the features which than get developed - and of course everybody will be happy if Fabien and his company will join this effort and even more if the next release will be AGPL again! Together ODOO might be strong, but with another Fork like with TRYTON it would get worse. Therefore this should be avoided if not necessary. The best way in doing that, is to make the Community much more powerful and let ODOO contribute to the effort and not vice versa like right now. Who guarantees that your work effort you put into the translation, promotion, programming etc, for more or less no price will be still useful after some parts perhaps vanished away into the Proprietary Corner. Well than perhaps step by step more will close down their sources to etc and finally the community version will be a nice looking house with nothing inside anymore as all those ingredients are gone. It might be only a possible Vision but until now there is no clear statement if not more License Changes will happen and more and more code will be LGPL reduced and no more maintained but there proprietary counterparts will. Fact is that LGPL will give the full power to ODOO S.A. and you have to follow if you want or not as they can dictate the way you will go. Lets' talk again when Version 10 is out and remember what I said here!
@ Moy Lop
Please, read Fabien's message:
"If you think your website is more trustable than Odoo, all you need to do is to uninstall OAuth."
Thanks this is one possibility to deinstall it but if you need i.e. google or. i.e. Facebook Oauth services but your customer don't like that his users get in contact with Odoo than you need to customise the module accordingly like described above.
The main point is actually less the Oauth Module but the way that it is working. That it is actually doing things without that the user sees that he gets redirected to another page. They even present the company LOGO of the customers Site on the ODOO.com website and this is IMHO nothing else than methods used usually by Pishing websites! Now I hope that Odoo is not involved in Pishing and I don't think so, but it leaves with customers exactly that impression (especially as they are using the logo to make the odoo.com site looking as it is integrated into the odoo installation of the customers local server.
As mentioned above. Simple rename the button and make it "visible" for users what is actually happening!
I hope that helps also Daniel to setup his site more secure according to european laws even he is in Chile or Argentine - they have for sure not so strict laws I guess! You are lucky! Your customers might not ;-)
By the way for those in Germany who develop with ODOO they should be aware that it could be very expensive for your customers if privacy laws get violated. This was 2013 and meanwhile the Law is even much more stricter and it gets enforced more and more! I guess it is nearly the same in all EU soon.
Have a nice day or night