[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Google Code shutting down
From: |
Trevor Daniels |
Subject: |
Re: Google Code shutting down |
Date: |
Sat, 16 May 2015 12:15:12 +0100 |
Phil Holmes wrote Saturday, May 16, 2015 11:17 AM
>
>> Trevor Daniels wrote Tuesday, May 12, 2015 9:15 PM
>>
>>> I'm sure we'll find some undesirable features of Allura when we get down
>>> to the details, but that's what the next few weeks will tell us.
>>
>> I've pretty well completed my assessment of Allura at SourceForge, and
>> find the facilities available pretty well match our needs, in fact they
>> are surprisingly similar to those at GoogleCode. There are some
>> differences but none which we can't live with. So far so good.
>>
>> However, there is a show-stopper concerning the integrity of the Issues
>> discussions recorded in the tracker. Each item in the discussion has an
>> owner, and this is set to Anonymous during the import, since the original
>> owner is not recognised as a SourceForge account-holder. This in itself
>> is not a serious problem, as the correct owner is recorded in the text of
>> the message. However, owners of discussion messages are always permitted
>> to edit them, irrespective of the permission settings, and I can find no
>> way of preventing this. That means Anonymous, which is any not-logged-in
>> user, i.e. anyone, will be able to edit, accidently or maliciously, any
>> and all discussion entries in our Issues DB.
>>
>> I've reported this to the SourceForge maintainers:
>> https://sourceforge.net/p/forge/site-support/10317/
>
>
> Good detective work. This might be a pain, but don't think it's a
> show-stopper: there's no evidence it would actually happen. If it becomes a
> problem, we might well be able to get a script to update the owners?
Unless the developers accept the weakness and fix it I guess we have
no choice. At least new posts by SF account-holders, i.e developers and
users who choose to register, will be properly protected.
Re a script: it's possible for an admin or dev to change the owner of the
original ticket via the online interface, but I can see no way to
change the owner of a subsequent post, neither online as an administrator
nor via the API.
Trevor
- Re: Google Code shutting down, (continued)
- Re: Google Code shutting down, Phil Holmes, 2015/05/11
- Re: Google Code shutting down, Trevor Daniels, 2015/05/11
- Re: Google Code shutting down, James, 2015/05/12
- Re: Google Code shutting down, Carl Sorensen, 2015/05/12
- Re: Google Code shutting down, Trevor Daniels, 2015/05/12
- Re: Google Code shutting down, Trevor Daniels, 2015/05/12
- Re: Google Code shutting down, James Lowe, 2015/05/19
- Re: Google Code shutting down, Marc Hohl, 2015/05/19
- Message not available
- Re: Google Code shutting down, Trevor Daniels, 2015/05/16
- Re: Google Code shutting down, Phil Holmes, 2015/05/16
- Re: Google Code shutting down,
Trevor Daniels <=
- Re: Google Code shutting down, David Kastrup, 2015/05/16
- Re: Google Code shutting down, Trevor Daniels, 2015/05/16
- Message not available
- Message not available
- Re: Google Code shutting down, Trevor Daniels, 2015/05/17
- Re: Google Code shutting down, David Kastrup, 2015/05/17
- Re: Google Code shutting down, Trevor Daniels, 2015/05/17
- Re: Google Code shutting down, Carl Sorensen, 2015/05/12
- Re: Google Code shutting down, Trevor Daniels, 2015/05/12
Re: Google Code shutting down, Carl Sorensen, 2015/05/03