[arch-releng] Iso tests

Dieter Plaetinck dieter at plaetinck.be
Thu Mar 10 16:01:57 EST 2011


On Thu, 10 Mar 2011 13:42:26 -0600
Dan McGee <dpmcgee at gmail.com> wrote:

> On Thu, Mar 10, 2011 at 1:24 PM, Dieter Plaetinck <dieter at plaetinck.be> wrote:
> > On Thu, 10 Mar 2011 19:17:37 +0100
> > Tom Willemsen <tom.willemsen at archlinux.us> wrote:
> >
> >
> >> > * there will need to be some kind of "are you human test"
> >> >   on the input form (a simple question/response check might do fine,
> >> >   like "which Linux distro is this about? (just the 4-letter word)")
> >> > * I would prefer even some sort of authentication.  if there was a way
> >> >   to allow people to authenticate with their bbs or archwiki login, or
> >> >   even get cookies from the wiki (does archlinux.org get the cookies
> >> >   from wiki.archlinux.org?)  this will be needed to have some
> >> >   credibility for entries, as well as a way to get back to the user if
> >> >   I have any questions about their report.  also if we have this, we
> >> >   don't need the 'are you human' test.
> >> That would be pretty cool, I only know it _should_ be possible if we
> >> just grab credentials from the bbs/wiki/aur database, but I think that
> >> would be beyond the scope of just the app I'm writing. Of course I could
> >> look at how (re)captcha works.
> >
> > I think this app needs authentication (for webbased form input), there are 2 reasons in my previous mail.  Why do you think this app doesn't need authentication?
> > captcha isn't needed if we have authentication.
> 
> Why does this need authentication at all? I'm totally confused on this one.
> 
> 1. No way this will ever integrate with BBS/Wiki login unless you get
> single sign-on working for everything anyway, so just forget that
> idea. That has been a dream feature request for years
> (https://bugs.archlinux.org/task/10703). If you want integration, then
> this app should be a a) forum thread or b) wiki page.
> 2. Credibility- we ask for a name and email address here, so that is
> something. You'll be able to see bogus results if they come through.
> I'm not sure how this form is any more likely to result in spam than
> posts to the ML, and if it does, don't accept forms without comments,
> etc. There are plenty of ways to avoid garbage.

okay, so no authentication reuse.
then i guess the next best thing is to ask a (nick)name, email address and response to a simple "are you human" question. that should work well enough, except it would allow people to purposely add "everything is okay" reports with a bogus name/ email address, which would cause me to mark iso's as "verified enough" and make an official release of crappy isos. (or the inverse: they can mark as everything as broken).  if users would be authenticated I think there would be less chance for abuse.

> > AFAIK templates/public/download.html is a static page, maybe looking at that can help you.
> 
> Hardly static, and I hate the damn thing as people ride my ass if I am
> an hour late updating and deploying it. I have to edit it every time
> we do a release which is ridiculous, so please please please don't
> follow this. If anything, and I have done this on other Django
> projects, we should add a "StaticContent" type model that allows
> arbitrary admin controlled bits and pieces of content to be displayed
> on our various pages.

I think with static you mean "rarely/never gets updated".  I meant "not dynamically generated"...

But yeah, I wouldn't want to force you doing work whenever I do a typo fix on the page. OTOH if deploying a small update is more work then 1 simple command, then there's something wrong with our method of deploying. Imho there should be a command that you, I or any other dev can execute to deploy updated archweb code. and the tree should always be in a state that it can be pulled from and put live right away (maybe by using a `production` branch?), and when there are invasive changes, needing schema changes or whatever, these should be brought into `production` branch when they are being enabled live by someone who knows what he's doing. (i.e. you).

However, if that is not something we want (it would for example imply I need push access to the repo) or have time to setup right now, I can live with the next best thing: maintaining the help page on the wiki. (I don't like the idea of managing the page content through the webinterface, I want version control, so let's keep this webapp simple and let's not poorly reinvent a wiki)

Dieter



More information about the arch-releng mailing list