openerp-india team mailing list archive

Thread
Date

[Bug 934242] Re: EDI Auto-email should not be active by default

To: openerp-india@xxxxxxxxxxxxxxxxxxx
From: Nicolas Bessi - Camptocamp <934242@xxxxxxxxxxxxxxxxxx>
Date: Sat, 18 Feb 2012 17:26:13 -0000
Reply-to: Bug 934242 <934242@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hello,

In an ERP as is any system one of the golden rule is that user should
have control on all "output" of a system. We do not like when services
or phones APP send mail or transmit our personal data without asking us.

Here it is the same, we do not want our system to generate output
without our explicit authorization. OpenERP has a nice configuration
panel. The activation of EDI mail should be set in a step of
configuration wizard that is explicit and where check box is not checked
by default.

An other problem is that EDI expose your ERP address if ERP is not
accessible to public the link proposed in mail will lead to error
message. That not good in term of image. An ERP is a critical
application having his address propagated trough e-mail may be a
security threat.

EDI is a great tool especially in term of B2B and is clearly a great
advantage. But sale orders, purchase ordesr and invoices are highly
strategic information and they should be really manage with care.

IMHO at that timeEDI layout of mail, and default security mechanism are
mature enough to use it without taking other infrastructure
reinforcement and tweak.

Regards

Nicolas

--
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/934242

Title:
EDI Auto-email should not be active by default

Status in OpenERP Addons (modules):
Opinion

Bug description:
Hello,

3 emails actions are created when we install the modules sale / account / purchase :
Auto-email confirmed sale orders [1]
Auto-email confirmed invoices [2]
Auto-email confirmed purchase orders [3]

These actions are configured to send a mail to the partners (unless if
they have the "opt-out" on) with the document with the EDI system.

I think that it is quite debatable to activate this by default.
In my opinion, this should be set off by default, and afterwards it should be the responsibility of the integrator or user to active this feature or not, because it can have serious effects on the customer base.

But above all, noupdate="1" must be set on the xml! If you deactivate
the actions server manually, because you (absolutely) do not want
those mails to be send to your customers, next time you update your
modules, the server actions will be reactivated ! (and mails will be
sent before you see it.)

The question is not on the quality or goodness of this EDI feature,
but that's about the control of the mail outputs.

Thanks for your understanding on this topic.

Guewen

[1] http://bazaar.launchpad.net/~openerp/openobject-addons/6.1/view/head:/sale/edi/sale_order_action_data.xml#L5
[2] http://bazaar.launchpad.net/~openerp/openobject-addons/6.1/view/head:/account/edi/invoice_action_data.xml#L5
[3] http://bazaar.launchpad.net/~openerp/openobject-addons/6.1/view/head:/purchase/edi/purchase_order_action_data.xml#L5

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-addons/+bug/934242/+subscriptions

References

[Bug 934242] [NEW] EDI Auto-email
From: Guewen Baconnier @ Camptocamp, 2012-02-17