[Phpmyadmin-devel] Access control for the error reporting server
There are three levels of users that I can differentiate between in the error reporting system 1- A non logged in user 2- logged in user that does not have commit access to the phpmyadmin repo 3- logged in user with commit access to the phpmyadmin repo The system has a range of actions from viewing of error reports listing, full error reports to creating tickets on the error reporting system as well as changing the status of the report. do you need something to be for some privileged users or do you think that anyone should be able to do anything. should I require a login at any point or is there no use
2013/7/11 Mohamed Ashraf <mohamed.ashraf.213@gmail.com>:
There are three levels of users that I can differentiate between in the error reporting system 1- A non logged in user 2- logged in user that does not have commit access to the phpmyadmin repo 3- logged in user with commit access to the phpmyadmin repo
The system has a range of actions from viewing of error reports listing, full error reports to creating tickets on the error reporting system as well as changing the status of the report.
do you need something to be for some privileged users or do you think that anyone should be able to do anything. should I require a login at any point or is there no use
I would say to limit all actions to phpMyAdmin developers that have commit access to github. Other opinions? -- Kind regards, Dieter Adriaenssens
On Friday, July 12, 2013 at 3:57 PM, Dieter Adriaenssens wrote:
2013/7/11 Mohamed Ashraf <mohamed.ashraf.213@gmail.com>:
There are three levels of users that I can differentiate between in the error reporting system 1- A non logged in user 2- logged in user that does not have commit access to the phpmyadmin repo 3- logged in user with commit access to the phpmyadmin repo
The system has a range of actions from viewing of error reports listing, full error reports to creating tickets on the error reporting system as well as changing the status of the report.
do you need something to be for some privileged users or do you think that anyone should be able to do anything. should I require a login at any point or is there no use
I would say to limit all actions to phpMyAdmin developers that have commit access to github.
Other opinions?
It depends on how many developers that actively support phpmyadmin but donot have commit access to the repo. Since there is probably going to be alot of error reports I would suggest that you get as much help as possible.
-- Kind regards,
Dieter Adriaenssens
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
Hi Dne Thu, 11 Jul 2013 18:45:03 +0200 Mohamed Ashraf <mohamed.ashraf.213@gmail.com> napsal(a):
There are three levels of users that I can differentiate between in the error reporting system 1- A non logged in user 2- logged in user that does not have commit access to the phpmyadmin repo 3- logged in user with commit access to the phpmyadmin repo
The system has a range of actions from viewing of error reports listing, full error reports to creating tickets on the error reporting system as well as changing the status of the report.
do you need something to be for some privileged users or do you think that anyone should be able to do anything. should I require a login at any point or is there no use
The error report should not contain anything private, so I'd go with completely open access. Something like http://oops.kernel.org/ -- Michal Čihař | http://cihar.com | http://blog.cihar.com
On Mon, Jul 15, 2013 at 11:20 AM, Michal Čihař <michal@cihar.com> wrote:
Hi
Dne Thu, 11 Jul 2013 18:45:03 +0200 Mohamed Ashraf <mohamed.ashraf.213@gmail.com> napsal(a):
There are three levels of users that I can differentiate between in the error reporting system 1- A non logged in user 2- logged in user that does not have commit access to the phpmyadmin repo 3- logged in user with commit access to the phpmyadmin repo
The system has a range of actions from viewing of error reports listing, full error reports to creating tickets on the error reporting system as well as changing the status of the report.
do you need something to be for some privileged users or do you think that anyone should be able to do anything. should I require a login at any point or is there no use
The error report should not contain anything private, so I'd go with completely open access. Something like http://oops.kernel.org/
do you want complete access to submit reports to the sourceforge ticket system as well as changing the report status as well as marking reports as related.
-- Michal Čihař | http://cihar.com | http://blog.cihar.com
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
2013/7/19 Mohamed Ashraf <mohamed.ashraf.213@gmail.com>:
On Mon, Jul 15, 2013 at 11:20 AM, Michal Čihař <michal@cihar.com> wrote:
Hi
Dne Thu, 11 Jul 2013 18:45:03 +0200 Mohamed Ashraf <mohamed.ashraf.213@gmail.com> napsal(a):
There are three levels of users that I can differentiate between in the error reporting system 1- A non logged in user 2- logged in user that does not have commit access to the phpmyadmin repo 3- logged in user with commit access to the phpmyadmin repo
The system has a range of actions from viewing of error reports listing, full error reports to creating tickets on the error reporting system as well as changing the status of the report.
do you need something to be for some privileged users or do you think that anyone should be able to do anything. should I require a login at any point or is there no use
The error report should not contain anything private, so I'd go with completely open access. Something like http://oops.kernel.org/
do you want complete access to submit reports to the sourceforge ticket system as well as changing the report status as well as marking reports as related.
I'd say yes here, following Michal's example of kernel bugs. I'm a bit reluctant regarding the submission into the soruceforge tracker, as it might get flooded, if people start pushing their error reports witout checking if they are related/identical to other reports. But that said, I don't think users will go through the effort of going to the error-reporting website and start soring and pushing reports. -- Kind regards, Dieter Adriaenssens
On Sun, Jul 21, 2013 at 11:36 AM, Dieter Adriaenssens <dieter.adriaenssens@gmail.com> wrote:
2013/7/19 Mohamed Ashraf <mohamed.ashraf.213@gmail.com>:
On Mon, Jul 15, 2013 at 11:20 AM, Michal Čihař <michal@cihar.com> wrote:
Hi
Dne Thu, 11 Jul 2013 18:45:03 +0200 Mohamed Ashraf <mohamed.ashraf.213@gmail.com> napsal(a):
There are three levels of users that I can differentiate between in the error reporting system 1- A non logged in user 2- logged in user that does not have commit access to the phpmyadmin repo 3- logged in user with commit access to the phpmyadmin repo
The system has a range of actions from viewing of error reports listing, full error reports to creating tickets on the error reporting system as well as changing the status of the report.
do you need something to be for some privileged users or do you think that anyone should be able to do anything. should I require a login at any point or is there no use
The error report should not contain anything private, so I'd go with completely open access. Something like http://oops.kernel.org/
do you want complete access to submit reports to the sourceforge ticket system as well as changing the report status as well as marking reports as related.
I'd say yes here, following Michal's example of kernel bugs. I'm a bit reluctant regarding the submission into the soruceforge tracker, as it might get flooded, if people start pushing their error reports without checking if they are related/identical to other reports. we can use github authentication so as to add a small barrier to this step. The user doesn't need to have commit access but just have some login credentials with github. we will use his public github profile info to get his name so it may help us with logging who did the submission into sourceforge.
But that said, I don't think users will go through the effort of going to the error-reporting website and start soring and pushing reports.
-- Kind regards,
Dieter Adriaenssens
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
-- Mohamed Ashraf
2013/7/21 Mohamed Ashraf <mohamed.ashraf.213@gmail.com>:
On Sun, Jul 21, 2013 at 11:36 AM, Dieter Adriaenssens <dieter.adriaenssens@gmail.com> wrote:
2013/7/19 Mohamed Ashraf <mohamed.ashraf.213@gmail.com>:
On Mon, Jul 15, 2013 at 11:20 AM, Michal Čihař <michal@cihar.com> wrote:
Hi
Dne Thu, 11 Jul 2013 18:45:03 +0200 Mohamed Ashraf <mohamed.ashraf.213@gmail.com> napsal(a):
There are three levels of users that I can differentiate between in the error reporting system 1- A non logged in user 2- logged in user that does not have commit access to the phpmyadmin repo 3- logged in user with commit access to the phpmyadmin repo
The system has a range of actions from viewing of error reports listing, full error reports to creating tickets on the error reporting system as well as changing the status of the report.
do you need something to be for some privileged users or do you think that anyone should be able to do anything. should I require a login at any point or is there no use
The error report should not contain anything private, so I'd go with completely open access. Something like http://oops.kernel.org/
do you want complete access to submit reports to the sourceforge ticket system as well as changing the report status as well as marking reports as related.
I'd say yes here, following Michal's example of kernel bugs. I'm a bit reluctant regarding the submission into the soruceforge tracker, as it might get flooded, if people start pushing their error reports without checking if they are related/identical to other reports. we can use github authentication so as to add a small barrier to this step. The user doesn't need to have commit access but just have some login credentials with github. we will use his public github profile info to get his name so it may help us with logging who did the submission into sourceforge.
Seems fine. Having the sourceforge account would be better, but mapping the the github account with the sourceforge account will be very difficult, if not impossible. -- Kind regards, Dieter Adriaenssens
On Sun, Jul 21, 2013 at 1:16 PM, Dieter Adriaenssens <dieter.adriaenssens@gmail.com> wrote:
2013/7/21 Mohamed Ashraf <mohamed.ashraf.213@gmail.com>:
On Sun, Jul 21, 2013 at 11:36 AM, Dieter Adriaenssens <dieter.adriaenssens@gmail.com> wrote:
2013/7/19 Mohamed Ashraf <mohamed.ashraf.213@gmail.com>:
On Mon, Jul 15, 2013 at 11:20 AM, Michal Čihař <michal@cihar.com> wrote:
Hi
Dne Thu, 11 Jul 2013 18:45:03 +0200 Mohamed Ashraf <mohamed.ashraf.213@gmail.com> napsal(a):
There are three levels of users that I can differentiate between in the error reporting system 1- A non logged in user 2- logged in user that does not have commit access to the phpmyadmin repo 3- logged in user with commit access to the phpmyadmin repo
The system has a range of actions from viewing of error reports listing, full error reports to creating tickets on the error reporting system as well as changing the status of the report.
do you need something to be for some privileged users or do you think that anyone should be able to do anything. should I require a login at any point or is there no use
The error report should not contain anything private, so I'd go with completely open access. Something like http://oops.kernel.org/
do you want complete access to submit reports to the sourceforge ticket system as well as changing the report status as well as marking reports as related.
I'd say yes here, following Michal's example of kernel bugs. I'm a bit reluctant regarding the submission into the soruceforge tracker, as it might get flooded, if people start pushing their error reports without checking if they are related/identical to other reports. we can use github authentication so as to add a small barrier to this step. The user doesn't need to have commit access but just have some login credentials with github. we will use his public github profile info to get his name so it may help us with logging who did the submission into sourceforge.
Seems fine. Having the sourceforge account would be better, but mapping the the github account with the sourceforge account will be very difficult, if not impossible. why would it be better to check for a sourceforge account rather than a github account.
-- Kind regards,
Dieter Adriaenssens
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
-- Mohamed Ashraf
2013/7/21 Mohamed Ashraf <mohamed.ashraf.213@gmail.com>:
On Sun, Jul 21, 2013 at 1:16 PM, Dieter Adriaenssens <dieter.adriaenssens@gmail.com> wrote:
2013/7/21 Mohamed Ashraf <mohamed.ashraf.213@gmail.com>:
On Sun, Jul 21, 2013 at 11:36 AM, Dieter Adriaenssens <dieter.adriaenssens@gmail.com> wrote:
2013/7/19 Mohamed Ashraf <mohamed.ashraf.213@gmail.com>:
On Mon, Jul 15, 2013 at 11:20 AM, Michal Čihař <michal@cihar.com> wrote:
Hi
Dne Thu, 11 Jul 2013 18:45:03 +0200 Mohamed Ashraf <mohamed.ashraf.213@gmail.com> napsal(a):
> There are three levels of users that I can differentiate between in > the error reporting system > 1- A non logged in user > 2- logged in user that does not have commit access to the phpmyadmin repo > 3- logged in user with commit access to the phpmyadmin repo > > The system has a range of actions from viewing of error reports > listing, full error reports to creating tickets on the error reporting > system as well as changing the status of the report. > > do you need something to be for some privileged users or do you think > that anyone should be able to do anything. should I require a login at > any point or is there no use
The error report should not contain anything private, so I'd go with completely open access. Something like http://oops.kernel.org/
do you want complete access to submit reports to the sourceforge ticket system as well as changing the report status as well as marking reports as related.
I'd say yes here, following Michal's example of kernel bugs. I'm a bit reluctant regarding the submission into the soruceforge tracker, as it might get flooded, if people start pushing their error reports without checking if they are related/identical to other reports. we can use github authentication so as to add a small barrier to this step. The user doesn't need to have commit access but just have some login credentials with github. we will use his public github profile info to get his name so it may help us with logging who did the submission into sourceforge.
Seems fine. Having the sourceforge account would be better, but mapping the the github account with the sourceforge account will be very difficult, if not impossible. why would it be better to check for a sourceforge account rather than a github account.
It doesn't matter. We handle the submitted bug reports on the sourceforge bug tracker, thus the submitter would be able to track progress on a bug, orcan be contacted in case of a question. But because the error reports are done anonymously, there is no way of contacting the original submitter, so it doesn't make sense if any username is added to the report. A generic username for the error report server is sufficient info. That way it is clear that the issue was reported by the error reporting server, and if more info is needed, you can check the original report on the error reporting server. -- Kind regards, Dieter Adriaenssens
participants (3)
-
Dieter Adriaenssens -
Michal Čihař -
Mohamed Ashraf