Camelia, the Perl 6 bug

IRC log for #darcs, 2013-08-12

| Channels | #darcs index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:31 edwardk joined #darcs
00:37 kofno joined #darcs
00:48 kofno joined #darcs
00:54 dolio joined #darcs
00:55 kofno joined #darcs
01:07 intripoon_ joined #darcs
02:05 kofno joined #darcs
02:31 favonia joined #darcs
02:51 kofno joined #darcs
03:15 kofno joined #darcs
03:51 edwardk joined #darcs
04:12 mizu_no_oto joined #darcs
06:02 lelit joined #darcs
06:23 kofno joined #darcs
07:02 raichoo joined #darcs
07:26 kofno joined #darcs
08:11 favonia joined #darcs
08:16 alexei_ joined #darcs
08:29 donri joined #darcs
08:35 whaletechno joined #darcs
10:50 lelit joined #darcs
12:16 kofno joined #darcs
13:06 endou joined #darcs
13:07 favonia joined #darcs
13:21 bfrank_ joined #darcs
13:21 mizu_no_oto joined #darcs
13:22 byorgey joined #darcs
16:24 alexei_ joined #darcs
16:52 mizu_no_oto joined #darcs
16:57 bsrk joined #darcs
16:59 * Heffalump appears
16:59 bsrk Hi
16:59 Heffalump bsrk: how's it going? Could you go through the things from my email and comment on how it's going?
17:00 bsrk Yes, I implemented all your suggestions
17:00 Heffalump cool - where's the todo list now?
17:01 bsrk http://darcs.net/GSoC/2013-Darcsden#todo
17:02 bsrk Oh, and using --mail with darcs send works;
17:02 raichoo joined #darcs
17:02 bsrk now somehow the darcsden handlier is not able to properly intercept the requeset
17:04 bsrk I have cleaned up the new repo patches into two patches - they are in darcsden-import
17:04 bsrk If they are fine with you and simon I will shift development to the new branch.
17:05 bsrk http://hub.darcs.net/Adity​a/darcsden-import/changes
17:24 * Heffalump reappears (tunnels)
17:25 Heffalump so for darcs send, I think we need to make it default to be "on" if the target is a post url
17:26 bsrk true, but it ought to work first. :-)
17:26 Heffalump true :-)
17:27 Heffalump is your dev server working at the moment?
17:27 bsrk I think the default should also include --sign-ssl
17:27 bsrk so that it also take cares of auth mechanism
17:27 bsrk My dev server is working, but I have not installed darcsden yet
17:30 Heffalump what would the authentication achieve?
17:30 Heffalump if the contributor is known, darcsden could make use of that info?
17:31 * Heffalump doesn't know what --sign-ssl does :-)
17:32 bsrk The authentication will confirm that the user's identity
17:32 Heffalump doesn't --sign-ssl require an id file?
17:32 Heffalump how do we default that?
17:32 bsrk otherwise we just have an email address, which can be faked easily
17:33 bsrk yeah, they need it now anyway
17:33 bsrk (for push)
17:33 Heffalump yes, but not send
17:33 Heffalump and for push it's an ssh private key, not an ssl one
17:33 Heffalump unless those are the same
17:34 bsrk I think they are the same. Or I made the assumption that they are the same. :-)
17:40 Heffalump even if they are, why would the user have one? Just because they are trying to use 'darcs send' doesn't mean they have 'darcs push' set up
17:40 bsrk True, but if we have no auth, any user can pretend to be any user when submitting an issue/bundle/
17:42 Heffalump ok, so there is a problem of identity, because darcsden has a concept of identity and 'darcs send' doesn't.
17:42 bsrk exactly
17:42 Heffalump that doesn't (necessarily) mean that --sign-ssl is the solution
17:43 Heffalump can you think of other options
17:43 Heffalump ?
17:44 bsrk the user could configure his client side to send a email through darcs send
17:45 Heffalump and where would the email go?
17:45 bsrk patches@darcsden?
17:45 bsrk patches@darcsden.net
17:45 Heffalump then what?
17:46 bsrk Since the user sent the mail from some account
17:46 bsrk we will assume that the darcsden user is the user with that account
17:47 Heffalump doesn't that have the same problem you mentioned above?
17:48 Heffalump email sending isn't authenticated in anyay, I could send an email pretendning to be you
17:48 Heffalump s/anyway/anyway/
17:48 Heffalump s/anyay/anyway/ I mean
17:49 bsrk how can you send an email from another person's email account?
17:50 bsrk the from address of the emai identifies the user
17:50 mtp no it doesn't
17:50 mtp the from address identifies what i put in as the from address
17:51 Heffalump try it with darcs send --from :-)
17:51 bsrk ah.
17:51 Heffalump it's unauthenticated
17:51 bsrk then it cant be by this model
17:51 Heffalump (except there's this new thing called SPF which adds some small obstacles to faking some address)
17:52 Heffalump let's take a step back - do bug trackers typically allow anonymous submissions?
17:52 Heffalump i.e. do we need to solve the identity problem or is it enough for darcsden just to treat submissions as unauthenticated?
17:53 Heffalump also bearing in mind that's what would happen if someone emailed you with a patch
17:54 bsrk I guess auth is not really necceary
17:55 bsrk and it does raise the issue of anonymous patches
17:55 bsrk the current bundle/issue system assumes that you have a darcsden account
17:56 Heffalump ok, so any ideas how to handle anyonymous stuff?
17:58 bsrk Yeah, we can change bundle/issue types to record email instead of user ids
17:59 bsrk and when displaying the bundle/issue, we will link the appropriate text to the appropriate user
17:59 bsrk appropriate email to the appropriate user
17:59 Heffalump you mean if there's a user signed up with that email?
17:59 bsrk yes
18:00 Heffalump does darcsden already reveal user eamil addresses?
18:00 Heffalump if not, that linking would expose them to other users
18:01 bsrk I won't reveal the email of existing users; they will continue to have the same ui
18:02 Heffalump no, but if my email address is ganesh@earth.li, and I or anyone else sends a patch from ganesh@earth.li, then linking the email to my user account reveals that my user account has the email address ganesh@earth.li
18:03 bsrk The end user will not know the email
18:03 bsrk if that email is linked with an account
18:04 Heffalump which end user?
18:04 bsrk any end user
18:04 Heffalump well, I know my own email address
18:04 Heffalump and you might suspect the email address used on an an acount named 'ganesh' but not be sure
18:04 Heffalump if I send a patch then I would be unwittingly revealing the email address associated with my account to other users
18:04 bsrk No
18:04 Heffalump and you could use 'darcs send' to confirm your suspicion
18:05 bsrk Oh
18:05 bsrk Yes, that is feasible
18:05 Heffalump and remember that this is all unauthenticated, that being your original point :-)
18:07 bsrk hmm, and authentication will prevent you from guessing someone's email
18:08 Heffalump I think the starting point is just to allow anonymous submissions that are associated only with an email address.
18:09 bsrk all issues from "darcs send" are anonymous?
18:09 Heffalump I think that's a good starting point
18:09 bsrk okay
18:09 Heffalump building from that, we mgiht want to optionally have authenticated sending
18:09 Heffalump and also allow users to "claim" patches that they sent
18:10 bsrk I see
18:10 Heffalump do sent patches become new issues?
18:10 bsrk yes
18:10 bsrk or atleast, that is how I am envisioning it
18:10 Heffalump what's the suggested workflow if you are sending a patch to fix an existing issue?
18:10 Heffalump I can see various designs here, but it's good to think through the use cases and see how they fit
18:11 Heffalump in the existing darcs tracker, we have issues and patches separate, for example
18:11 Heffalump I'm not quite sure whether github pull requests are issues or not
18:12 mtp i think PRs automatically create issues
18:12 bsrk I think you can prefix the subject with the issue number
18:12 bsrk mtp: yeah that is what I remember too
18:13 Heffalump I see, so you would then associate a PR with an existing issue, and if the PR is acceted it closes both the PR-issue and the original issue
18:13 Heffalump ?
18:13 Heffalump bsrk: I'm about to get home. Could you list the todo items that arose from our discussion today so I can check it makes sense to me?
18:13 bsrk I think you will have to close the original issue seperatly
18:14 bsrk 1) darcs send
18:14 bsrk 2) get the development server running
18:15 bsrk 3) changes & annotate on files
18:15 Heffalump what about darcs send?
18:15 bsrk using darcs send to create anonymous issues
18:15 bsrk with patch bundles
18:16 bsrk Seems resonable?
18:16 Heffalump yep
18:16 Heffalump shall we meet next on Thursday at the usual time?
18:16 bsrk okay
18:17 Heffalump see you then
18:17 bsrk bye
18:17 Heffalump (don't forget to update the wiki with the todo items)
18:56 lelix joined #darcs
19:26 mizu_no_oto joined #darcs
19:41 gh__ joined #darcs
19:53 Heffalump hi
19:56 edwardk joined #darcs
20:12 jpdeplaix left #darcs
20:29 dolio joined #darcs
20:38 edwardk left #darcs
21:27 mizu_no_oto joined #darcs
21:40 schlaftier joined #darcs
21:56 gh__ I'm going to screen http://bugs.darcs.net/patch1083 ,  but I wonder if we should put an upper bound to the new dependency on the hashable package?
22:09 addos joined #darcs
22:31 kofno joined #darcs
22:31 mizu_no_oto joined #darcs
22:40 dolio joined #darcs

| Channels | #darcs index | Today | | Search | Google Search | Plain-Text | summary