MoinMoin: MoinMoinChat/Logs/moin-dev/2008-08-31

2008-08-31T00:01:23  <xorAxAx> anyway, good night
2008-08-31T00:01:31  <ThomasWaldmann> gn xorAxAx
2008-08-31T01:21:45  <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4050:6f6eed3818ed 1.8/ (5 files in 5 dirs): merged moin/1.7 repo
2008-08-31T01:21:45  <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4051:63fbadea490e 1.8/ (MoinMoin/config/multiconfig.py docs/CHANGES): partially reverted removal of backup action (without the problematic 'restore' code) - we'll keep this until the refactored storage code is merged
2008-08-31T01:24:20  <ThomasWaldmann> dennda: PawelPacana: we'll need a replacement for this stuff ^^
2008-08-31T01:24:53  <dennda> in a nutshell, what is that?
2008-08-31T01:24:57  <dennda> way too tired
2008-08-31T01:28:05  <ThomasWaldmann> backup via http :)
2008-08-31T01:29:20  <ThomasWaldmann> or, generically speaking: (de)serialization of storage backend contents
2008-08-31T01:32:17  <ThomasWaldmann> (there is lots of other stuff with higher prio, though :)
2008-08-31T01:32:55  * dennda needs holida
2008-08-31T01:32:56  <dennda> y
2008-08-31T03:09:23  <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4052:0cdc180a2932 1.8/MoinMoin/config/multiconfig.py: improve config setting descriptions
2008-08-31T12:36:45  <ThomasWaldmann> moin
2008-08-31T16:24:49  <dreimark> moin
2008-08-31T16:26:31  * dreimark thinks a working backup feature is nice to have. 
2008-08-31T16:27:02  <dreimark> the current one can be used together with the standalone server
2008-08-31T16:27:26  <dreimark> and you have a complete clone (sync down but with attachments)
2008-08-31T16:27:50  <dreimark> the restore action should be removed.
2008-08-31T16:28:18  <dreimark> restore should be done differently to the current one.
2008-08-31T16:28:49  <dreimark> I think noone want's to give control to someone over a server this way
2008-08-31T16:38:52  <ThomasWaldmann> hi dreimark
2008-08-31T16:39:33  <dreimark> hi ThomasWaldmann
2008-08-31T16:41:16  <ThomasWaldmann> btw, 1.7.2 soon. that file leak fix shall be released soon.
2008-08-31T16:41:57  <dreimark> the backup_user needs to be the superuser user, otherwise protected acl pages can be readed easily
2008-08-31T16:42:13  <dreimark> from a user qho normally has not this right
2008-08-31T16:42:18  <dreimark> s/q/w/
2008-08-31T16:42:38  <ThomasWaldmann> no
2008-08-31T16:43:20  <dreimark> why no? the backup_user has a copy on his filesystem and can read everything
2008-08-31T16:43:21  <ThomasWaldmann> backup_user = wiki owner, superuser = server admin
2008-08-31T16:44:21  <ThomasWaldmann> both need to be trusted, but don't need to be same person
2008-08-31T16:44:31  <xorAxAx> but the backup_user is more powerful than the superuser
2008-08-31T16:44:49  <dreimark> hmm, the superuser can su to backup_user
2008-08-31T16:44:58  <ThomasWaldmann> no, he can't install plugins
2008-08-31T16:46:01  <xorAxAx> sure
2008-08-31T16:46:09  <xorAxAx> he reads the password hash of the superuser
2008-08-31T16:46:16  <xorAxAx> logs in as the user and can install plugins
2008-08-31T16:46:40  <dreimark> hash login is disabled in 1.7
2008-08-31T16:46:54  <xorAxAx> that doesnt mean that its impossible to login anyway
2008-08-31T16:47:00  <ThomasWaldmann> i dont think we accept hashes as passwords any more
2008-08-31T16:47:07  <xorAxAx> its easy to retrieve the password using rainbowtables or dictionaries
2008-08-31T16:47:15  <dreimark> that's true
2008-08-31T16:47:30  <xorAxAx> esp. the latter because moin doesnt salt
2008-08-31T16:47:37  <dreimark> that's why I do think it makes only sense to restrict it to superuser
2008-08-31T16:47:50  <dreimark> and don't have a backup_user
2008-08-31T16:48:00  <ThomasWaldmann> xorAxAx: didn't johill add salt?
2008-08-31T16:49:43  <xorAxAx> 1.7 doesnt have salt
2008-08-31T16:49:56  <xorAxAx> but it has the backup action
2008-08-31T16:50:51  <xorAxAx> but 1.8 does
2008-08-31T16:52:05  <ThomasWaldmann> ok, needs more docs about security
2008-08-31T17:05:52  <dreimark> ThomasWaldmann: xorAxAx Does something speak against arnica in 1.8?
2008-08-31T17:09:40  <dreimark> bbl
2008-08-31T17:33:50  <dreimark> re
2008-08-31T17:41:58  * dreimark looks again at MoinMoinBugs/SystemAdminMailAccountData
2008-08-31T19:44:33  <ThomasWaldmann> re
2008-08-31T19:44:42  <dreimark> hi ThomasWaldmann
2008-08-31T19:45:51  <CIA-25> Reimar Bauer <rb.proj AT googlemail DOT com> default * 3797:f7e942210f52 1.7/MoinMoin/ (userform/admin.py widget/browser.py): bug fix for MoinMoinBugs/SystemAdminMailAccountData by using POST and forms for recoverpass and enable/disable useraccount
2008-08-31T19:45:51  <CIA-25> Reimar Bauer <rb.proj AT googlemail DOT com> default * 3798:e513bd09cb3b 1.7/docs/CHANGES: updated CHANGES
2008-08-31T20:52:03  <CIA-25> Reimar Bauer <rb.proj AT googlemail DOT com> default * 4053:31617ef6a68b 1.8/ (3 files in 3 dirs): bug fix for MoinMoinBugs/SystemAdminMailAccountData by using POST and forms for recoverpass and enable/disable useraccount (ported from 1.7)
2008-08-31T21:02:35  <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4054:691e12f53408 1.8/MoinMoin/action/backup.py: backup action: add missing file
2008-08-31T21:15:19  <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4057:b5dfb48bad1c 1.8/ (3 files in 3 dirs): merge moin/1.7
2008-08-31T21:21:28  <dreimark> wb TheSheep
2008-08-31T22:14:09  <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 3799:fd35b36d6282 1.7/MoinMoin/ (2 files in 2 dirs): fix test failures
2008-08-31T22:14:53  <ThomasWaldmann> dreimark: ^^ should be 0 failures after that
2008-08-31T22:18:27  <dreimark> tests finished: 614 passed, 70 skipped in 87.41 seconds
2008-08-31T22:18:38  <dreimark> and 0 failures
2008-08-31T22:34:24  <dreimark> do we want this in 1.7 too ? http://moinmo.in/FeatureRequest/PackageExcludeAttachments
2008-08-31T22:45:16  <dreimark> gn
2008-08-31T22:50:55  <ThomasWaldmann> gn dreimark
2008-08-31T22:53:34  <ThomasWaldmann> dreimark: yes, looks small enough. maybe integrate into 1.7 and afterwards we pull it into 1.8.
2008-08-31T22:54:22  <ThomasWaldmann> dreimark: maybe s/exlude_attachemnt/include_attachments/  (non-negative stuff is less confusing sometimes, and it deals with all attachments, so it should be plural)
2008-08-31T23:04:11  <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 3800:e5778919c0a2 1.7/MoinMoin/i18n/__init__.py: translation dict page names: remove blanks so the pagename is matched by the page_dict_regex (or dict for e.g. language 'Norwegian Bokmal' won't work)
2008-08-31T23:11:11  <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 3801:d996f53790bb 1.7/MoinMoin/server/server_standalone.py: standalone server: use daemon threads so Ctrl-C/kill works better, remove leftover debug code (thanks to Greg Ward for the patch)
2008-08-31T23:19:29  <CIA-25> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 3802:fd4d32812e92 1.7/wiki/htdocs/ (3 files in 3 dirs): CSS: remove some comments related to the 'IE7 hack' (we don't use it any more - and never really did)