[Phpmyadmin-devel] Access control for the error reporting server
Dieter Adriaenssens
dieter.adriaenssens at gmail.com
Mon Jul 22 16:31:43 CEST 2013
2013/7/21 Mohamed Ashraf <mohamed.ashraf.213 at gmail.com>:
> On Sun, Jul 21, 2013 at 1:16 PM, Dieter Adriaenssens
> <dieter.adriaenssens at gmail.com> wrote:
>> 2013/7/21 Mohamed Ashraf <mohamed.ashraf.213 at gmail.com>:
>>> On Sun, Jul 21, 2013 at 11:36 AM, Dieter Adriaenssens
>>> <dieter.adriaenssens at gmail.com> wrote:
>>>> 2013/7/19 Mohamed Ashraf <mohamed.ashraf.213 at gmail.com>:
>>>>> On Mon, Jul 15, 2013 at 11:20 AM, Michal Čihař <michal at cihar.com> wrote:
>>>>>> Hi
>>>>>>
>>>>>> Dne Thu, 11 Jul 2013 18:45:03 +0200
>>>>>> Mohamed Ashraf <mohamed.ashraf.213 at gmail.com> napsal(a):
>>>>>>
>>>>>>> There are three levels of users that I can differentiate between in
>>>>>>> the error reporting system
>>>>>>> 1- A non logged in user
>>>>>>> 2- logged in user that does not have commit access to the phpmyadmin repo
>>>>>>> 3- logged in user with commit access to the phpmyadmin repo
>>>>>>>
>>>>>>> The system has a range of actions from viewing of error reports
>>>>>>> listing, full error reports to creating tickets on the error reporting
>>>>>>> system as well as changing the status of the report.
>>>>>>>
>>>>>>> do you need something to be for some privileged users or do you think
>>>>>>> that anyone should be able to do anything. should I require a login at
>>>>>>> any point or is there no use
>>>>>>
>>>>>> The error report should not contain anything private, so I'd go with
>>>>>> completely open access. Something like http://oops.kernel.org/
>>>>>
>>>>> do you want complete access to submit reports to the sourceforge
>>>>> ticket system as well as changing the report status as well as marking
>>>>> reports as related.
>>>>
>>>> I'd say yes here, following Michal's example of kernel bugs.
>>>> I'm a bit reluctant regarding the submission into the soruceforge
>>>> tracker, as it might get flooded, if people start pushing their error
>>>> reports without checking if they are related/identical to other
>>>> reports.
>>> we can use github authentication so as to add a small barrier to this
>>> step. The user doesn't need to have commit access but just have some
>>> login credentials with github. we will use his public github profile
>>> info to get his name so it may help us with logging who did the
>>> submission into sourceforge.
>>
>> Seems fine. Having the sourceforge account would be better, but
>> mapping the the github account with the sourceforge account will be
>> very difficult, if not impossible.
> why would it be better to check for a sourceforge account rather than
> a github account.
It doesn't matter.
We handle the submitted bug reports on the sourceforge bug tracker,
thus the submitter would be able to track progress on a bug, orcan be
contacted in case of a question.
But because the error reports are done anonymously, there is no way of
contacting the original submitter, so it doesn't make sense if any
username is added to the report. A generic username for the error
report server is sufficient info. That way it is clear that the issue
was reported by the error reporting server, and if more info is
needed, you can check the original report on the error reporting
server.
--
Kind regards,
Dieter Adriaenssens
More information about the Developers
mailing list