2008-08-31T00:01:23 <xorAxAx> anyway, good night
2008-08-31T00:01:31 <ThomasWaldmann> gn xorAxAx
2008-08-31T01:21:45 <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4050:6f6eed3818ed 1.8/ (5 files in 5 dirs): merged moin/1.7 repo
2008-08-31T01:21:45 <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4051:63fbadea490e 1.8/ (MoinMoin/config/multiconfig.py docs/CHANGES): partially reverted removal of backup action (without the problematic 'restore' code) - we'll keep this until the refactored storage code is merged
2008-08-31T01:24:20 <ThomasWaldmann> dennda: PawelPacana: we'll need a replacement for this stuff ^^
2008-08-31T01:24:53 <dennda> in a nutshell, what is that?
2008-08-31T01:24:57 <dennda> way too tired
2008-08-31T01:28:05 <ThomasWaldmann> backup via http :)
2008-08-31T01:29:20 <ThomasWaldmann> or, generically speaking: (de)serialization of storage backend contents
2008-08-31T01:32:17 <ThomasWaldmann> (there is lots of other stuff with higher prio, though :)
2008-08-31T01:32:55 * dennda needs holida
2008-08-31T01:32:56 <dennda> y
2008-08-31T03:09:23 <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4052:0cdc180a2932 1.8/MoinMoin/config/multiconfig.py: improve config setting descriptions
2008-08-31T12:36:45 <ThomasWaldmann> moin
2008-08-31T16:24:49 <dreimark> moin
2008-08-31T16:26:31 * dreimark thinks a working backup feature is nice to have.
2008-08-31T16:27:02 <dreimark> the current one can be used together with the standalone server
2008-08-31T16:27:26 <dreimark> and you have a complete clone (sync down but with attachments)
2008-08-31T16:27:50 <dreimark> the restore action should be removed.
2008-08-31T16:28:18 <dreimark> restore should be done differently to the current one.
2008-08-31T16:28:49 <dreimark> I think noone want's to give control to someone over a server this way
2008-08-31T16:38:52 <ThomasWaldmann> hi dreimark
2008-08-31T16:39:33 <dreimark> hi ThomasWaldmann
2008-08-31T16:41:16 <ThomasWaldmann> btw, 1.7.2 soon. that file leak fix shall be released soon.
2008-08-31T16:41:57 <dreimark> the backup_user needs to be the superuser user, otherwise protected acl pages can be readed easily
2008-08-31T16:42:13 <dreimark> from a user qho normally has not this right
2008-08-31T16:42:18 <dreimark> s/q/w/
2008-08-31T16:42:38 <ThomasWaldmann> no
2008-08-31T16:43:20 <dreimark> why no? the backup_user has a copy on his filesystem and can read everything
2008-08-31T16:43:21 <ThomasWaldmann> backup_user = wiki owner, superuser = server admin
2008-08-31T16:44:21 <ThomasWaldmann> both need to be trusted, but don't need to be same person
2008-08-31T16:44:31 <xorAxAx> but the backup_user is more powerful than the superuser
2008-08-31T16:44:49 <dreimark> hmm, the superuser can su to backup_user
2008-08-31T16:44:58 <ThomasWaldmann> no, he can't install plugins
2008-08-31T16:46:01 <xorAxAx> sure
2008-08-31T16:46:09 <xorAxAx> he reads the password hash of the superuser
2008-08-31T16:46:16 <xorAxAx> logs in as the user and can install plugins
2008-08-31T16:46:40 <dreimark> hash login is disabled in 1.7
2008-08-31T16:46:54 <xorAxAx> that doesnt mean that its impossible to login anyway
2008-08-31T16:47:00 <ThomasWaldmann> i dont think we accept hashes as passwords any more
2008-08-31T16:47:07 <xorAxAx> its easy to retrieve the password using rainbowtables or dictionaries
2008-08-31T16:47:15 <dreimark> that's true
2008-08-31T16:47:30 <xorAxAx> esp. the latter because moin doesnt salt
2008-08-31T16:47:37 <dreimark> that's why I do think it makes only sense to restrict it to superuser
2008-08-31T16:47:50 <dreimark> and don't have a backup_user
2008-08-31T16:48:00 <ThomasWaldmann> xorAxAx: didn't johill add salt?
2008-08-31T16:49:43 <xorAxAx> 1.7 doesnt have salt
2008-08-31T16:49:56 <xorAxAx> but it has the backup action
2008-08-31T16:50:51 <xorAxAx> but 1.8 does
2008-08-31T16:52:05 <ThomasWaldmann> ok, needs more docs about security
2008-08-31T17:05:52 <dreimark> ThomasWaldmann: xorAxAx Does something speak against arnica in 1.8?
2008-08-31T17:09:40 <dreimark> bbl
2008-08-31T17:33:50 <dreimark> re
2008-08-31T17:41:58 * dreimark looks again at MoinMoinBugs/SystemAdminMailAccountData
2008-08-31T19:44:33 <ThomasWaldmann> re
2008-08-31T19:44:42 <dreimark> hi ThomasWaldmann
2008-08-31T19:45:51 <CIA-25> Reimar Bauer <rb.proj AT googlemail DOT com> default * 3797:f7e942210f52 1.7/MoinMoin/ (userform/admin.py widget/browser.py): bug fix for MoinMoinBugs/SystemAdminMailAccountData by using POST and forms for recoverpass and enable/disable useraccount
2008-08-31T19:45:51 <CIA-25> Reimar Bauer <rb.proj AT googlemail DOT com> default * 3798:e513bd09cb3b 1.7/docs/CHANGES: updated CHANGES
2008-08-31T20:52:03 <CIA-25> Reimar Bauer <rb.proj AT googlemail DOT com> default * 4053:31617ef6a68b 1.8/ (3 files in 3 dirs): bug fix for MoinMoinBugs/SystemAdminMailAccountData by using POST and forms for recoverpass and enable/disable useraccount (ported from 1.7)
2008-08-31T21:02:35 <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4054:691e12f53408 1.8/MoinMoin/action/backup.py: backup action: add missing file
2008-08-31T21:15:19 <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4057:b5dfb48bad1c 1.8/ (3 files in 3 dirs): merge moin/1.7
2008-08-31T21:21:28 <dreimark> wb TheSheep
2008-08-31T22:14:09 <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 3799:fd35b36d6282 1.7/MoinMoin/ (2 files in 2 dirs): fix test failures
2008-08-31T22:14:53 <ThomasWaldmann> dreimark: ^^ should be 0 failures after that
2008-08-31T22:18:27 <dreimark> tests finished: 614 passed, 70 skipped in 87.41 seconds
2008-08-31T22:18:38 <dreimark> and 0 failures
2008-08-31T22:34:24 <dreimark> do we want this in 1.7 too ? http://moinmo.in/FeatureRequest/PackageExcludeAttachments
2008-08-31T22:45:16 <dreimark> gn
2008-08-31T22:50:55 <ThomasWaldmann> gn dreimark
2008-08-31T22:53:34 <ThomasWaldmann> dreimark: yes, looks small enough. maybe integrate into 1.7 and afterwards we pull it into 1.8.
2008-08-31T22:54:22 <ThomasWaldmann> dreimark: maybe s/exlude_attachemnt/include_attachments/ (non-negative stuff is less confusing sometimes, and it deals with all attachments, so it should be plural)
2008-08-31T23:04:11 <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 3800:e5778919c0a2 1.7/MoinMoin/i18n/__init__.py: translation dict page names: remove blanks so the pagename is matched by the page_dict_regex (or dict for e.g. language 'Norwegian Bokmal' won't work)
2008-08-31T23:11:11 <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 3801:d996f53790bb 1.7/MoinMoin/server/server_standalone.py: standalone server: use daemon threads so Ctrl-C/kill works better, remove leftover debug code (thanks to Greg Ward for the patch)
2008-08-31T23:19:29 <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 3802:fd4d32812e92 1.7/wiki/htdocs/ (3 files in 3 dirs): CSS: remove some comments related to the 'IE7 hack' (we don't use it any more - and never really did)
MoinMoin: MoinMoinChat/Logs/moin-dev/2008-08-31 (last edited 2008-08-30 22:15:02 by IrcLogImporter)