[Phpmyadmin-devel] Access control for the error reporting server
Dieter Adriaenssens
dieter.adriaenssens at gmail.com
Sun Jul 21 13:16:30 CEST 2013
2013/7/21 Mohamed Ashraf <mohamed.ashraf.213 at gmail.com>:
> On Sun, Jul 21, 2013 at 11:36 AM, Dieter Adriaenssens
> <dieter.adriaenssens at gmail.com> wrote:
>> 2013/7/19 Mohamed Ashraf <mohamed.ashraf.213 at gmail.com>:
>>> On Mon, Jul 15, 2013 at 11:20 AM, Michal Čihař <michal at cihar.com> wrote:
>>>> Hi
>>>>
>>>> Dne Thu, 11 Jul 2013 18:45:03 +0200
>>>> Mohamed Ashraf <mohamed.ashraf.213 at gmail.com> napsal(a):
>>>>
>>>>> There are three levels of users that I can differentiate between in
>>>>> the error reporting system
>>>>> 1- A non logged in user
>>>>> 2- logged in user that does not have commit access to the phpmyadmin repo
>>>>> 3- logged in user with commit access to the phpmyadmin repo
>>>>>
>>>>> The system has a range of actions from viewing of error reports
>>>>> listing, full error reports to creating tickets on the error reporting
>>>>> system as well as changing the status of the report.
>>>>>
>>>>> do you need something to be for some privileged users or do you think
>>>>> that anyone should be able to do anything. should I require a login at
>>>>> any point or is there no use
>>>>
>>>> The error report should not contain anything private, so I'd go with
>>>> completely open access. Something like http://oops.kernel.org/
>>>
>>> do you want complete access to submit reports to the sourceforge
>>> ticket system as well as changing the report status as well as marking
>>> reports as related.
>>
>> I'd say yes here, following Michal's example of kernel bugs.
>> I'm a bit reluctant regarding the submission into the soruceforge
>> tracker, as it might get flooded, if people start pushing their error
>> reports without checking if they are related/identical to other
>> reports.
> we can use github authentication so as to add a small barrier to this
> step. The user doesn't need to have commit access but just have some
> login credentials with github. we will use his public github profile
> info to get his name so it may help us with logging who did the
> submission into sourceforge.
Seems fine. Having the sourceforge account would be better, but
mapping the the github account with the sourceforge account will be
very difficult, if not impossible.
--
Kind regards,
Dieter Adriaenssens
More information about the Developers
mailing list