Hi Jorge, So many questions! 2008/3/21, Jorge G. Mare (a.k.a. Koki) <koki@xxxxxxxxxxxxxx>: > Niels Reedijk wrote: > > Short update: > > > > 2008/3/21, Niels Reedijk <niels.reedijk@xxxxxxxxx>: > >> - Use an XMLRPC authentication mechanism. The Trac server will perform > >> a request whenever a login is taking place, and retrieves the details > >> of the user that way. > >> > >> I don't know if Unixware will allow 1. I should be able to write a > >> plugin for Trac for 2, and a quick google search shows that drupal > >> should already provide an XML plugin. > > > > I just wrote a plugin for Trac, and I think that part is done. I just > > need to hack drupal a little bit (currently only users with blog > > permissions can log in). > > > I think it is a mistake to hack Drupal for this purpose. I do not agree at all with your assertion that this is a mistake or a waste of time. I also do not agree that this is 'hacking' drupal in the ferocious sense of the word you seem to be implying. Drupal has been designed to be extended, and you should be glad it is designed this way, as it enables the website to be the way it is today. Have a look at the actual source code first, before claiming it's a big hack. > What happens when we upgrade Drupal? Big chance that nothing has to be changed. The plugin is in total 60 lines, of which 10 lines actual plugin (the others are hooks). I just quickly glanced over a diff between the 4.7 version of blogapi (on which the plugin is based) and the 6.0 version, and nothing in the relevant part of the code has been changed. > What if we need to move servers suddenly (like we had to once, and rendered > login unusable)? The newer sollution is actually less dependent on the actual server, and more dependent on the availability on www.haiku-os.org (or any other host with Haiku's drupal installation on it). True, it is still a dependency, but in fact this implementation is less dependent on the actual physical location of the main site. > What if Niels is not available when any of this happens? Well, if anything happens to Trac at all, I'd say you'd be lost. I'd be willing to document an 'emergency scenario' if need arises, but it would probably be better to start training a 'junior' website maintainer. > You guys keep repeating the same > mistakes and increase our vulnerability to this sort of situations (that > we have already experienced in the past, btw). All for what? This approach does not increase the vulnerability in comparison to the current situation. In fact, in the case of a server move, it decreases the vulnerability. > For a marginal (at the very best) one time gain in convenience? Well, I don't really know how marginal it is, but I do like the gain in convenience, and if it were possible, I'd try to add the subversion repository authentication as well. What you imply knowing is exactly how vulnerable the system is. What did you do, a complete system analysis? > What's more important, though, is: do you care? Yes. > It looks like you don't, > since you are already moving full steam ahead in spite of the issues > that are being raised here. I DO NOT agree with your assertion that I am moving full speed ahead to anything. I have spent my morning solving a technical problem, by looking at a possible set up. In the same spirit I've been looking at a possible replacement for the current set up a few weeks ago, which I tested on my private Trac installation for several hours (http://www.trac-hacks.org/wiki/AccountManagerPlugin). > What's the point of trying to have a > discussion in a public discussion, if a single person is going to do as > he pleases anyway? Jorge, stop the drama. Nothing has been *done* yet. Nothing has actually been implemented on the server yet. I find the whole tone of this message - as some of yours before - unneccesarily agressive and completely out of context. I have spent my morning on a problem that interested me, and I have come up with a solution that would give us a choice between keeping the current login system or looking for a new one. I am not going to forgive your ignorance on overestimating the Trac login system - the truth is by default there is none. A little investigation (or by just asking) would have revealed that. We will always have to create a dependency on a non-standard module. Please in future, if you do want to override people using rhetorical figures, remember that this style (firing an array or rhetorical questions) does not work using e-mail. I will tediously answer every single one of them. Use arguments instead, next time. Niels ----------------------------------------------------------------------- haiku-web@xxxxxxxxxxxxx - Haiku Web & Developer Support Discussion List