Hi, Am 29.08.2014 13:57, schrieb Andrew Lindesay:
One thing that I have been thinking about a bit for the last week is authentication. As there are already a number of systems in play already (TRAC, Drupal, git, ...?) the authentication is already fragmented. Adding another system and subsequent authentication credentials into the mix will make things a "little bit worse". Thinking long-term this may be confusing for people. Is it worth expending effort and delaying now in order to look at trying to harmonize authentication for these web / application-server systems going forward or is this too big a block of work to get into right now?
To me it sounds like it could delay things a bit too much. But I have no clue. There might be a reason why the logins have not been merged, or it may be something easy that no one thought of, for all I know.
I do think a dev / test / staging deployment separate from the production deployment is necessary. As you mentioned, the 'current' deployment could (conveniently) become the production deployment and another environment could host the continued dev / test / staging deployment. All of the system's storage is in the single Postgres database instance so it should be easy to backup with pg_dump -- that should be happening on some schedule before we let people start loading material in. Oliver; you'll have some ideas on these sorts of things?
Let's delay any decision until at least that much is clear.
I think your approach to permissions makes sense. How can that be best managed; on a mailing list?
Yes, out in the open might be good.
I see in the logs there are recently lots of API look-ups on packages that are not present; org.haikuos.haikudepotserver.api1.support.ObjectNotFoundException: the entity Pkg was not able to be found with the identifier haiku_devel I'm trying to figure out where those are coming from -- could that be the desktop application? Oliver; could I get access to the Apache2 logs to see if that helps me understand the source of those?
Yes, that would be HaikuDepot. I enabled the code recently which tries to lookup package info. It does so for all packages that are known to it from "somewhere", and not all of the package request data is generated correctly (architecture is hardcoded for example).
Best regards, -Stephan