Thread: [Semanticscuttle-devel] Git on sourceforge filled / release task for Eric
Brought to you by:
cweiske
Menu
▾
▴
semanticscuttle-devel
|
From: Christian W. <cw...@cw...> - 2011-01-21 05:54:18
Attachments:
signature.asc
|
Hi all, I created an "sc" repository on the sourceforge git server and pushed my local repository onto it, creating three branches: - master - jquery - quickform The repositories are available anonymously on > git://semanticscuttle.git.sourceforge.net/gitroot/semanticscuttle/sc and read-writable on > ssh://USER@semanticscuttle.git.sourceforge.net/gitroot/semanticscuttle/sc (replace USER with your SourceForge user name) To get a clone of it just do a $ git clone $url and you're set. @Eric: It seems that I did not tag the releases in git, only in svn. Could you please find out which of the git commits was the latest before releasing 0.97.0 (look in svn)? Please create a "0.97" branch starting from that commit and merge the important bug fixes (crashes) that have been fixed in the meantime into it. The question now is: Which bugfixes are the important ones? I remember two crashes and the javascript problem on the bookmarklet page. The changelog contains a list of unreleased changes, so finding them should be possible. -- Regards/Mit freundlichen Grüßen Christian Weiske -=≡ Geeking around in the name of science since 1982 ≡=- |
|
From: Christian W. <cw...@cw...> - 2011-01-22 17:50:08
Attachments:
signature.asc
|
Hi again, > @Eric: > It seems that I did not tag the releases in git, only in svn. Could > you please find out which of the git commits was the latest before > releasing 0.97.0 (look in svn)? > Please create a "0.97" branch starting from that commit and merge the > important bug fixes (crashes) that have been fixed in the meantime > into it. > The question now is: Which bugfixes are the important ones? > I remember two crashes and the javascript problem on the bookmarklet > page. The changelog contains a list of unreleased changes, so finding > them should be possible. I just assigned you a task and don't even know how familiar you are with svn, git and php release management (phing) in general. So what do you say? Maybe implementing a feature from the bug tracker would be a better first task for you? -- Regards/Mit freundlichen Grüßen Christian Weiske -=≡ Geeking around in the name of science since 1982 ≡=- |
|
From: Mark P. <mpe...@gm...> - 2011-01-22 20:46:38
|
I would love to work on the private key feature if you would like. I'm not going to lie and tell you I know everything about source control management but I'm familiar with the basic workings of SVN. Working on getting up to speed with GIT. With that said, my guess is that I make a clone of the master branch to make my changes and then that will be merged when it is complete? I'm open to however you want me to do it. Thanks, Mark On Sat, Jan 22, 2011 at 12:49 PM, Christian Weiske <cw...@cw...>wrote: > Hi again, > > > > @Eric: > > It seems that I did not tag the releases in git, only in svn. Could > > you please find out which of the git commits was the latest before > > releasing 0.97.0 (look in svn)? > > Please create a "0.97" branch starting from that commit and merge the > > important bug fixes (crashes) that have been fixed in the meantime > > into it. > > The question now is: Which bugfixes are the important ones? > > I remember two crashes and the javascript problem on the bookmarklet > > page. The changelog contains a list of unreleased changes, so finding > > them should be possible. > > I just assigned you a task and don't even know how familiar you are > with svn, git and php release management (phing) in general. > So what do you say? Maybe implementing a feature from the bug tracker > would be a better first task for you? > > -- > Regards/Mit freundlichen Grüßen > Christian Weiske > > -=≡ Geeking around in the name of science since 1982 ≡=- > > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better > price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > Semanticscuttle-devel mailing list > Sem...@li... > https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel > > |
|
From: Christian W. <cw...@cw...> - 2011-01-22 21:12:09
Attachments:
signature.asc
|
Hi Mark, > I would love to work on the private key feature if you would like. That's a good idea; it's a small task that still lets you work on several parts of SemanticScuttle. If you like you could write an email sketching out how you would solve the problem, and we can discuss the issue. If not, just get on hacking :) > I'm not going to lie and tell you I know everything about source > control management but I'm familiar with the basic workings of SVN. > Working on getting up to speed with GIT. With that said, my guess is > that I make a clone of the master branch to make my changes and then > that will be merged when it is complete? Yes, that's about it: 1. Create a new branch from the master branch and use that (checkout) 2. Do your changes, commit them to your branch 3. Push the changes in your branch regularly to the semantiscuttle git repository. You all should have write access. 4. When you're done, tell me. I will review your changes, say what could be better and finally merge it into the master branch. 5. Please do not commit to the master branch yourself. If anyone of you have questions, I'm regularly online in irc (semantiscuttle on freenode) and in jabber - don't hesitate to ask. -- Regards/Mit freundlichen Grüßen Christian Weiske -=≡ Geeking around in the name of science since 1982 ≡=- |
|
From: Christian W. <cw...@cw...> - 2011-01-22 22:02:44
Attachments:
signature.asc
|
Hi Mark, > 1) alter user table to include "privateKey" as varchar(32) with > unique index Yep. > 2) alter user db model to include new column I don't know if it's necessary; the user model is not used much yet IIRC. > 3) alter user service, specifically function getCurrentUserId() to > include looking at URL for &privatekey= > 4) alter api/* scripts to include privatekey auth Changing www/api/httpauth.inc.php should suffice, and the rss.php file. Maybe it should also just use the httpauth.inc.php file, but not require authentication (unlike the api files do); only use it to get login data if they are passed. > 5) alter template/profile.php and template/user.php to allow user to > see and possibly alter the 32 length key. Validation is definitely > required (len=32 and unique) I would not let the user manually enter a new key. Regenerating it is a better alternative. md5() returns 32 char strings. If you combine time() + rand() + a salt, you'll get pretty unique keys :) > 6) create upgrade script to fill new column with values perhaps you can get mysql to do that automatically and just add the SQL command to doc/upgrade.txt > I'm assuming it'll need to be alpha(upper and lower)+numeric value? md5 only returns numbers + lowercase letters, so this suffices. PS: Please send the mail to the list only, so everyone can participate and I don't get doubles :) -- Regards/Mit freundlichen Grüßen Christian Weiske -=≡ Geeking around in the name of science since 1982 ≡=- |
|
From: Mark P. <mpe...@gm...> - 2011-01-22 22:50:10
|
Thanks for the reply Christian. Question about something you added to the Feature Request about giving them partial access if authenticated via the private key. My thought is to give them full access but put some code in the authentication method with maxtries or something to thwart hacks. I could go either way on this, so let me know what you think. On Sat, Jan 22, 2011 at 5:02 PM, Christian Weiske <cw...@cw...>wrote: > Hi Mark, > > > > 1) alter user table to include "privateKey" as varchar(32) with > > unique index > Yep. > > > 2) alter user db model to include new column > I don't know if it's necessary; the user model is not used much yet > IIRC. > > > 3) alter user service, specifically function getCurrentUserId() to > > include looking at URL for &privatekey= > > > 4) alter api/* scripts to include privatekey auth > Changing www/api/httpauth.inc.php should suffice, and the rss.php file. > Maybe it should also just use the httpauth.inc.php file, but not > require authentication (unlike the api files do); only use it to get > login data if they are passed. > > > 5) alter template/profile.php and template/user.php to allow user to > > see and possibly alter the 32 length key. Validation is definitely > > required (len=32 and unique) > I would not let the user manually enter a new key. Regenerating it is a > better alternative. md5() returns 32 char strings. If you combine > time() + rand() + a salt, you'll get pretty unique keys :) > > > 6) create upgrade script to fill new column with values > perhaps you can get mysql to do that automatically and just add the > SQL command to doc/upgrade.txt > > > I'm assuming it'll need to be alpha(upper and lower)+numeric value? > md5 only returns numbers + lowercase letters, so this suffices. > > > > PS: Please send the mail to the list only, so everyone can participate > and I don't get doubles :) > > -- > Regards/Mit freundlichen Grüßen > Christian Weiske > > -=≡ Geeking around in the name of science since 1982 ≡=- > > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better > price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > Semanticscuttle-devel mailing list > Sem...@li... > https://lists.sourceforge.net/lists/listinfo/semanticscuttle-devel > > |
|
From: Christian W. <cw...@cw...> - 2011-01-23 09:32:45
Attachments:
signature.asc
|
Hi Mark, > Thanks for the reply Christian. Question about something you added > to the Feature Request about giving them partial access if > authenticated via the private key. My thought is to give them full > access but put some code in the authentication method with maxtries > or something to thwart hacks. I could go either way on this, so let > me know what you think. The user is either allowed to use the api or not - I would not differentiate between "partially authenticated" and normal users. That would lead to code that is hard to read and hard to understand. I thought that partial access would suffice here because the key is currently only needed for the feed. It should not be used with the API, because the api should be used as it exists now (with http authentication over a secure line). The private feed will often be used without ssl (because people often do not know how to set that up), and can easily be sniffed or get lost. That's why we need an easy way to change it. So for starters, allow the key on the feed only. If that works well and people just want to have it elsewhere, we can always implement that. -- Regards/Mit freundlichen Grüßen Christian Weiske -=≡ Geeking around in the name of science since 1982 ≡=- |
Thanks for helping keep SourceForge clean.
X