Sync use accounts between appdb, wine-bugs and wine-forums

[Gardou Jérôme]

Currently, I have two accounts : one for wine-bugs and one for appdb. That doesn't annoy me as it is, but that would be cool f those were merged together. I don't know if it is possible, since appdb, bugzilla and phpbb are three different php programs, but that would help new users to participate on every side of wine.

By the way, I saw that my tr'd message went on a new thread on the forum, but it was an answer to a previous question. You probably want to merge them together. (That was about a sound card).

Cheers
Jérôme


---------------------------------
Envoyé avec Yahoo! Mail.
La boite email la plus appreciée au monde.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winehq.org/pipermail/wine-us ... chment.htm

[TonyLambregts]

Well Bugzilla is actually CGI not PHP... Whatever... The thing is we should have a unified login for all our sites. We currently have 4 sites that a user can log into. They are:

Bugs: server at CodeVWeavers using CGI and MySql login by email
AppDb: server at CodeWeavers using PHP and MySql login by email.
Wiki: server at Lattica using python login by user name.
Forum: server at CodeWeavers using PHP and ??? login by user name

Bugzilla has the ability to use LDAP already. and extending it to the others would be the way to go IMO.

We have come a long way in integrating the AppDB and Bugzilla. Integrating the logins would be a huge advantage for application maintainers as well as administrators.

This is not really and original thought since it has been around since 2002. see bug 560

[James McKenzie]

TonyLambregts wrote:

Well Bugzilla is actually CGI not PHP... Whatever... The thing is we should have a unified login for all our sites. We currently have 4 sites that a user can log into. They are:

Bugs (http://bugs.winehq.org): server at CodeVWeavers using CGI and MySql login by email
AppDb (http://appdb.winehq.org): server at CodeWeavers using PHP and MySql login by email.
Wiki (http://wiki.winehq.org): server at Lattica using python login by user name.
Forum (http://forum.winehq.org): server at CodeWeavers using PHP and ??? login by user name

Bugzilla has the ability to use LDAP already. and extending it to the others would be the way to go IMO.

We have come a long way in integrating the AppDB and Bugzilla. Integrating the logins would be a huge advantage for application maintainers as well as administrators.

This is not really and original thought since it has been around since 2002. see bug 560 (http://bugs.winehq.org/show_bug.cgi?id=560)

No. If one account gets compromised, you are basically up a tree. I'm
a maintainer in the AppDb. If my login was compromised, someone with
malicious intent could make my life miserable for a while. I'd have a
mess to clean up...

James McKenzie

[James Hawkins]

On Fri, Mar 14, 2008 at 9:52 PM, James McKenzie
<[email protected]> wrote:

TonyLambregts wrote:

Well Bugzilla is actually CGI not PHP... Whatever... The thing is we should have a unified login for all our sites. We currently have 4 sites that a user can log into. They are:

Bugs (http://bugs.winehq.org): server at CodeVWeavers using CGI and MySql login by email
AppDb (http://appdb.winehq.org): server at CodeWeavers using PHP and MySql login by email.
Wiki (http://wiki.winehq.org): server at Lattica using python login by user name.
Forum (http://forum.winehq.org): server at CodeWeavers using PHP and ??? login by user name

Bugzilla has the ability to use LDAP already. and extending it to the others would be the way to go IMO.

We have come a long way in integrating the AppDB and Bugzilla. Integrating the logins would be a huge advantage for application maintainers as well as administrators.

This is not really and original thought since it has been around since 2002. see bug 560 (http://bugs.winehq.org/show_bug.cgi?id=560)

No. If one account gets compromised, you are basically up a tree. I'm
a maintainer in the AppDb. If my login was compromised, someone with
malicious intent could make my life miserable for a while. I'd have a
mess to clean up...

You're fear is unjustified, as you're implying the appdb is inherently
more secure than the 3 other sites (which I have a feeling you can't
justify). You worry that if the logins are unified, your appdb login
will be compromised. As it stands, do you really think the appdb on
its own is bullet-proof, thus you don't worry about that account being
compromised?

--
James Hawkins

[James McKenzie]

James Hawkins wrote:

On Fri, Mar 14, 2008 at 9:52 PM, James McKenzie
<[email protected]> wrote:

TonyLambregts wrote:

Well Bugzilla is actually CGI not PHP... Whatever... The thing is we should have a unified login for all our sites. We currently have 4 sites that a user can log into. They are:

Bugs (http://bugs.winehq.org): server at CodeVWeavers using CGI and MySql login by email
AppDb (http://appdb.winehq.org): server at CodeWeavers using PHP and MySql login by email.
Wiki (http://wiki.winehq.org): server at Lattica using python login by user name.
Forum (http://forum.winehq.org): server at CodeWeavers using PHP and ??? login by user name

Bugzilla has the ability to use LDAP already. and extending it to the others would be the way to go IMO.

We have come a long way in integrating the AppDB and Bugzilla. Integrating the logins would be a huge advantage for application maintainers as well as administrators.

This is not really and original thought since it has been around since 2002. see bug 560 (http://bugs.winehq.org/show_bug.cgi?id=560)

No. If one account gets compromised, you are basically up a tree. I'm
a maintainer in the AppDb. If my login was compromised, someone with
malicious intent could make my life miserable for a while. I'd have a
mess to clean up...

You're fear is unjustified, as you're implying the appdb is inherently
more secure than the 3 other sites (which I have a feeling you can't
justify). You worry that if the logins are unified, your appdb login
will be compromised. As it stands, do you really think the appdb on
its own is bullet-proof, thus you don't worry about that account being
compromised?

James:

No I am not stating that the AppDB is more secure than any of the other
sites. What I am saying is that the four sites have different logins
and that is how they should stay. If my AppDb information is
compromised, you cannot get into Bugzilla (I don't even use the same
login name for the two sites). If we unify them, then you can and
definitely 'wreck havoc'. If you all are really interested, I can go
into more detail as to why you don't want unified logins, and it has to
do with levels of security that most folks do not deal with. I'm not
going to bore or rant about that here in the mailing list. The bottom
line (as they state in business): Don't use the same login and/or
password for more than a single web site. Since the AppDb and Bugzilla
are technically two different web sites, then that policy should apply.
Never give up security for the appearance of ease of use.

James McKenzie

[Jérôme Gardou]

Le Saturday 15 March 2008 12:35:10 James McKenzie, vous avez écrit :

James:

No I am not stating that the AppDB is more secure than any of the other
sites.  What I am saying is that the four sites have different logins
and that is how they should stay.  If my AppDb information is
compromised, you cannot get into Bugzilla (I don't even use the same
login name for the two sites).  If we unify them, then you can and
definitely 'wreck havoc'.   If you all are really interested, I can go
into more detail as to why you don't want unified logins, and it has to
do with levels of security that most folks do not deal with.  I'm not
going to bore or rant about that here in the mailing list.  The bottom
line (as they state in business):  Don't use the same login and/or
password for more than a single web site.  Since the AppDb and Bugzilla
are technically two different web sites, then that policy should apply.  
Never give up security for the appearance of ease of use.

James McKenzie

I partly agree with you on this point, except for the fact that bugzilla,
appdb, forums and wiki are the same site: winehq.org. Having one strongly
secure user base would help the admins to manage it more easily.
That is true too that one bad account can do much more damages than if this
was separated for each component, but lots of sites have one account for each
user. (eg. sourceforge)





___________________________________________________________________________
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
http://fr.mail.yahoo.com

[Dan Kegel]

On Sat, Mar 15, 2008 at 12:59 PM, Jérôme Gardou <[email protected]> wrote:

I partly agree with you on this point, except for the fact that bugzilla,
appdb, forums and wiki are the same site: winehq.org. Having one strongly
secure user base would help the admins to manage it more easily.

Indeed. I'm a security fanatic, but in this case, I think that
the extra convenience of having just one password
for winehq outweighs any possible increase in security
from having one for each subpart of winehq.

[jnewman]

I think the main problem is doing the work, and then maintaining it forever. The only internally written project here is the AppDB. Bugzilla and the Forums are open source projects maintained outside of WineHQ. If we ever want to upgrade to new versions of PHPbb and Bugzilla, our patches would need to be ported over each time.

It's not impossible, but it is also not something that can be done carelessly.

[Dan Kegel]

jnewman <[email protected]> wrote:

I think the main problem is doing the work, and then maintaining it forever.

There is OpenID support out there for PHPbb,
http://www.phpbbopenid.com/
We might consider trying that out.

There isn't current support for Bugzilla yet, but people are talking about it:
https://bugzilla.mozilla.org/show_bug.cgi?id=294608
- Dan

[TonyLambregts]

jnewman <[email protected]> wrote:

I think the main problem is doing the work, and then maintaining it forever.

There is OpenID support out there for PHPbb,
http://www.phpbbopenid.com/
We might consider trying that out.

There isn't current support for Bugzilla yet, but people are talking about it:
https://bugzilla.mozilla.org/show_bug.cgi?id=294608
- Dan

I have a student here that is interested in implementing OpenID for the AppDB as a SOC project and I would be willing to mentor him if it was accepted. His name is Matthew Weiss and he is a second year computing science major here a Kings University. Do you think that there is a chance we could get it accepted as a SOC project?

[Dan Kegel]

On Thu, Mar 20, 2008 at 2:35 PM, TonyLambregts
<[email protected]> wrote:

I have a student here that is interested in implementing OpenID for the AppDB as a SOC project and I would be willing to mentor him if it was accepted. His name is Matthew Weiss and he is a second year computing science major here a Kings University. Do you think that there is a chance we could get it accepted as a SOC project?

It seems unlikely; in the past, such 'website infrastructure'
projects were discouraged by SoC staff.