[12:51] *** Initial topic: http://twiki.org/cgi-bin/view/Codev/FreetownReleaseMeeting2007x07x16
[12:51] *** #twiki_release: PeterThoeny sven_ CDot SvenDowideit WikiRingBot 
[12:51] *** #twiki_release was created on Sat Mar 10 10:40:25 2007.
[13:00] PeterThoeny: hi crawford, sven
[13:01] *** ArthurClemens has joined #twiki_release.
[13:01] ArthurClemens: good evening
[13:02] PeterThoeny: hi arthur!
[13:02] ArthurClemens: I guess we will wait a little
[13:03] *** Lavr_ has joined #twiki_release.
[13:03] Lavr_: Good evening sorry I am late
[13:03] *** sayotte has joined #twiki_release.
[13:03] ArthurClemens: good evening
[13:03] PeterThoeny: hi kenneth!
[13:04] sayotte: evening gents
[13:04] PeterThoeny: hi sayotte & welcome here!
[13:05] CDot: heyho
[13:05] PeterThoeny: do you have a twiki.org account?
[13:06] sayotte: I do not
[13:06] PeterThoeny: how are you using twiki?
[13:06] PeterThoeny: for what?
[13:06] *** sayotte is n=sayotte@callgirl.alkaloid.net (Unknown)
[13:06] *** sayotte is on: #twiki_release #twiki 
[13:06] *** sayotte is using irc.freenode.net http://freenode.net/
[13:06] *** End of /WHOIS.
[13:07] sayotte: I (we, really) are currently using it as a knowledge management tool--- 
I work in an IT department attached to the engineering side of our company
[13:08] CDot: hmmm, t.o seems a bit tardy today
[13:09] PeterThoeny: very slow right now
[13:09] Lavr_: Yes I also have problems editing the minutes
[13:09] CDot: at last.... usual suspects for minutes and facilitation?
[13:09] *** OliverKrueger has joined #twiki_release.
[13:09] Lavr_: I am editing the minutes now so yes
[13:10] sayotte: our engineers use it to document various things (I don't pay close 
attention) to do with development, we in IT/IS use it to document processes / admin trivia 
/ errata about certain systems
[13:10] PeterThoeny: sayotte: please read 
http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x01Process to learn how we operate here 
in this meeting
[13:10] PeterThoeny: thanks for the intro
[13:10] PeterThoeny: and thanks for using twiki  :-)
[13:10] PeterThoeny: hi oli!
[13:11] sayotte: I planned on sitting in quietly, reading your link though
[13:11] OliverKrueger: HelloWorld
[13:11] PeterThoeny: SvenDowideit, sven_: are you here too?
[13:11] PeterThoeny: ok, lets start
[13:11] PeterThoeny: i can facilitate
[13:12] PeterThoeny: or if anyone would like to, is fine with me
[13:12] Lavr_: I think we need to make some queries on the best time for these meetings 
because there are too many that do not show up and it may have to do with the time
[13:12] PeterThoeny: good point
[13:13] PeterThoeny: lets ask that on twiki-dev
[13:13] PeterThoeny: who is taking the notes?
[13:13] PeterThoeny: http://twiki.org/cgi-bin/view/Codev/FreetownReleaseMeeting2007x07x16
[13:13] Lavr_: Or a Codev topic where people can add their favorite available times in a 
table
[13:14] Lavr_: I am on the notes already
[13:14] PeterThoeny: thanks
[13:14] PeterThoeny: ok, kenneth can you create a codev topic on preferred time?
[13:14] CDot: BTW while I remember, I mailed Colas and he was surprised to hear about the 
Rome meeting
[13:14] CDot: so perhaps you could mention it again on the twiki-dev mail :-)
[13:14] PeterThoeny: i will send out a request in twiki-dev
[13:15] PeterThoeny: yep
[13:15] PeterThoeny: i talked to colas over the weekend
[13:15] PeterThoeny: he will look into if he can participate in rome
[13:15] sayotte: ahh I am not prepared to listen, carefully consider, and vote on twiki 
proposals
[13:15] sayotte: excuse me, I'll be in the other room then :)
[13:15] *** sayotte has left #twiki_release.
[13:16] PeterThoeny: he mentioned that crawford sent him the mail and that he was surprised
[13:16] PeterThoeny: lets start
[13:16] PeterThoeny: proposed agenda:
 # 1. Action Item Review
 # 2. Review Urgent Bugs
 # 3. Coordinate TWiki Release 4.2
[13:16] PeterThoeny: anything to add?
[13:16] CDot: nope
[13:17] Lavr_: Nope I already added my points to existing agenda points
[13:17] PeterThoeny: ---+ 1. Action Item Review 
 # Fix bugs, make unit tests, stay away from enhancements. And test test test. 
 # All need to follow up on bugs waiting for feedback
[13:17] PeterThoeny: these are not SMART items, but where do we stand now?
[13:18] CDot: well, I've been adding unit tests, and creating failures
[13:18] CDot: but I think I'm the only one
[13:18] Lavr_: Yes. It has been slow on the bug fixing. I have mostly tested applications and 
looked at the security bug
[13:19] PeterThoeny: yes, main svn activity recently is by craford and arthur, and by sven
[13:19] PeterThoeny: s/craford/crawford/ sorry
[13:20] Lavr_: Looking at history - activity has always been low in the summer period. It was 
the same last year.
[13:21] CDot: yup
[13:21] PeterThoeny: another aspect is that bug fixing is less sexy than working on new 
features
[13:21] CDot: nah, it's fun
[13:21] CDot: especially when you write unit tests
[13:21] PeterThoeny: positive attitude :-)
[13:22] CDot: very satisfying to see the bugs disappear
[13:23] PeterThoeny: ok, let move on
[13:23] PeterThoeny: ---+  2. Review Urgent Bugs
[13:23] PeterThoeny: kenneth, you raised a concern
[13:23] PeterThoeny: can you elaborate?
[13:24] Lavr_: I raised the concern that the feature freeze is not maintained.
[13:24] Lavr_: I raised round 10 new bugs in 3 hours that were all injected in the skin update
[13:24] Lavr_: We never get a stable release if we keep on making enhancements
[13:26] ArthurClemens: You are right that I broke the freeze
[13:26] PeterThoeny: you raised concerns on two changes: revison info on bottom vs top; web 
indicator gone at sidebar
[13:26] ArthurClemens: I believe most bugs have been solved today
[13:26] ArthurClemens: since today I have a solid testing environment
[13:26] PeterThoeny: arthur is very responsive with bug fixes
[13:26] CDot: it's still shivering :-(
[13:27] Lavr_: The ones I found today. I bet more will show up. History says that a skin 
update creates a bug trail that lasts weeks
[13:27] PeterThoeny: i'd like to discuss the two ui changes though
[13:27] ArthurClemens: most changes have been cosmetic
[13:27] ArthurClemens: the major changes have been from template refactoring
[13:27] Lavr_: Yes also that but first we need to agree if we are on a feature freeze or not.
[13:27] ArthurClemens: the refactoring was not finished until 2 weeks ago
[13:28] Lavr_: The template refactoring was also breaking the feature freeze. We should all 
ONLY be bug fixing until 4.2.0 is out.
[13:28] ArthurClemens: we can't
[13:28] PeterThoeny: we are on a feature freeze
[13:28] ArthurClemens: twiki 5 will be out in more than one year
[13:28] ArthurClemens: it was not a new feature
[13:28] ArthurClemens: it was work in progress
[13:28] PeterThoeny: i think we asked arthur last meeting how long it takes to finish the 
template refactoring and he said two weeks
[13:29] PeterThoeny: so i think it was communicated
[13:29] ArthurClemens: so most changes have gone into that
[13:29] Lavr_: Template refactoring is one thing. Changing the user interface is another. 
[13:29] ArthurClemens: it is possible new bugs related to these refactorings are found
[13:29] ArthurClemens: strictly speaking yes
[13:31] Lavr_: There is nothing that can create bug reports and discussions as UI changes. 
They should go through the release process and not be implemented during a feature freeze.
[13:31] PeterThoeny: ok, we know what happend, lets focus how to move forward
[13:31] Lavr_: Well with the oppinion I hear now it does not seem that there is agreement 
that this has to stop
[13:31] ArthurClemens: I would like to invite you to my test site where I am trying out 
slightly different layout - it should address your points, Kenneth
[13:31] PeterThoeny: question is what to do with the two ui changes
[13:31] PeterThoeny: url?
[13:31] Lavr_: I do  not want to try alternatives. I want a stable TWiki released.
[13:32] ArthurClemens: I have agreement from a friend of mine, designer to use his suggestion
[13:32] Lavr_: Once TWiki 4.2.0 is out we can discuss anything. But if we want to release ALL 
must stop enhancing anything and only fix bugs and test
[13:32] Lavr_: Arthur your mindset is still "it is OK to change things" that is clear.
[13:33] sven_: there is another pov
[13:33] sven_: one that suggests that patternskin should be similar to natskin
[13:33] sven_: a very regularly used extension
[13:33] sven_: and to improve our ability to release
[13:33] Lavr_: Are we talking 4.2.0 or are we having a nice chat about 6.0 now?
[13:33] CDot: you mean, stop shipping pattern skin with the release?
[13:34] sven_: to make releases simpler and smaller
[13:34] OliverKrueger: back to classic skin?
[13:34] sven_: in the same way as we are now able to not ship twikitopic usermapping
[13:34] sven_: i'm not suggesting that users would be forced to use classic
[13:34] CDot: there's still a need for an "out of the box" configuration that "suits most 
people"
[13:35] sven_: rather that we re-classify what a release is
[13:35] OliverKrueger: ;)
[13:35] ArthurClemens: NatSkin is not that simple
[13:35] ArthurClemens: it requires a lot of other extensions
[13:35] Lavr_: TWiki without a well working default skin is not a product.
[13:35] sven_: y, i agree with you there ArthurClemens 
[13:35] PeterThoeny: intersting topic, but let's focus on the ui changes and what to do 
about it
[13:35] sven_: though i find pattern skin way too complex too
[13:35] sven_: especially when compared with mtskin :}
[13:36] ArthurClemens: mtskin is mainly view
[13:36] sven_: nope
[13:36] sven_: its fully and totally defined
[13:36] PeterThoeny: ArthurClemens: could you elaborate the design decisions for the ui 
change?
[13:36] sven_: and in use professionally
[13:36] ArthurClemens: (btw pattern skin also derives from default templates now)
[13:37] PeterThoeny: good
[13:37] sven_: yep, and i'm very thankful for the work you've put in
[13:37] ArthurClemens: main change has been to simpify the top of the page
[13:37] CDot: let's try and get back on track, please
[13:37] ArthurClemens: the old look is very crowded, lots of distraction.
[13:38] ArthurClemens: therefore I have removed the busy top banner as well
[13:38] ArthurClemens: I have improved visibility of the action buttons
[13:38] ArthurClemens: to give them more affordance
[13:38] ArthurClemens: (clickable)
[13:38] CDot: Lavr's reasonable point is that these changes - while valuable - are late in 
the day
[13:39] CDot: so, we want them, and they should be shipped - but should they be sjhipped in 
4.2?
[13:39] ArthurClemens: I agree
[13:39] ArthurClemens: they are late
[13:39] CDot: or should we fall back to something "safer"
[13:39] CDot: given the almost total lack of response on testing
[13:39] CDot: it's tempting to say we should.
[13:40] ArthurClemens: not that much has changed
[13:40] sven_: can you enumerate them?
[13:41] sven_: cos i only noticed the topic rev/author change
[13:41] sven_: the rest was consmetic to me
[13:41] ArthurClemens: that is what I am trying to say
[13:41] sven_: and the flicky ness thats really irritating me :)
[13:41] CDot: understood, but it appears to be enough to cause release-manager apoplexy
[13:41] PeterThoeny: on rev info on top, here is a proposal:
 - leave detailed rev info at bottom
 - add a short rev info to bread crumb, e.g.
 You are here:  TWiki >  Main Web > TWikiGroups (r5 - 16 Jul 2007)
[13:42] ArthurClemens: I still have this url
[13:42] sven_: who matters to me too :/
[13:42] ArthurClemens: but I am not allowed to give it, it appears
[13:42] sven_: You are here:  TWiki >  Main Web > TWikiGroups is covering 2 lines on mine 
atm :/
[13:43] ArthurClemens: are you on 80 chars?
[13:43] sven_: i'm on 1600 pixels!
[13:43] sven_: with small fonts
[13:43] PeterThoeny: i think we can plan for 1024 wide screens
[13:43] ArthurClemens: please post a screenshot
[13:44] sven_: and when i resize it flickers between one line and 2
[13:44] Lavr_: The point is not the actual changes. It is that the changes creates a lot of 
extra testing required and already now round 10 bugs have been reported. End of the week I 
bet it is 20. It takes the focus away from the already 20+ urgent bugs noone have touched
[13:44] sven_: previously it was flickering that way whenever i hovered over a link
[13:44] ArthurClemens: might be the pixel image underline
[13:44] Lavr_: This sets back the release by one month - seriously
[13:44] ArthurClemens: 10, most have been solved today
[13:45] ArthurClemens: 3 left: shivering, and 2 where you don't agree on placement
[13:45] Lavr_: You spent 6 of my hours having to do test I would otherwise not have had to do. 
And I will probably have to spend 30 hours more 
[13:46] sven_: i wonder if you could focus on the less obvious trouble spots 
[13:46] sven_: as the obvious stuffs will be noticed by less knowledgeable users
[13:46] Lavr_: The skin bugs are the most visible bugs you can have. Everyone will see them.
[13:46] PeterThoeny: ok, we learned the lesson on not breaking the feature freeze, and on 
setting a feature freeze date without half completed implementations
[13:47] ArthurClemens: next time I won't agree on a feature freeze in the state we were in
[13:47] PeterThoeny: question now is to indetify & fix bugs quickly, and what to do about the 
ui changes
[13:47] Lavr_: No - it is clear that not all have agreed yet. Tomorrow we will see more 
enhancements. And again the day after. it does not stop until ALL agree that the freeze 
applies for everyone and everything
[13:47] sven_: or re redefine the process and scope to be more realistic?
[13:48] Lavr_: This was a community decision and noone were against when we decided. 
[13:48] PeterThoeny: i learned my lesson: do not set a feature freeze if there are half 
implemented features/refactoring going on
[13:48] sven_: as using large company development methodologies in a low resourced opensource 
project is illogical
[13:49] sven_: personally i don't think thats the lesson
[13:49] PeterThoeny: so, we do not need to fix the process, just agree on it next time
[13:49] PeterThoeny: :-)
[13:49] Lavr_: Well. If you want me to release manage then there is a feature freeze before 
release. Anything else means a totally buggy release
[13:49] sven_: there _are_ other methodologies that work
[13:49] PeterThoeny: please lets go back to the topic
[13:50] sven_: though i think we need to work on changing what a release is next time
[13:50] PeterThoeny: what do we do with the ui changes?
[13:51] PeterThoeny: namly the two kenneth identified
[13:51] Lavr_: Am I the only one that have problem with the two I listed?
[13:51] PeterThoeny: on rev info change, i stated my suggested fix
[13:51] PeterThoeny: what do others think?
[13:52] Lavr_: I hate having to scroll to see when a topic was edited and by who. And I do not 
accept having to get my mouse and hover over some text to see it either
[13:52] *** OliverKrueger|1 has joined #twiki_release.
[13:52] PeterThoeny: options:
 - revert to old spec
 - leave as is (at bottom)
 - add short rev info on top (and leave detailed at bottom)
[13:52] Lavr_: What will you leave out?
[13:52] ArthurClemens: anyway: http://twiki4.visiblearea.com/twiki4/MAIN/bin/view/Main/WebHome
[13:52] CDot: I'm fine with the way it looks now, except for the shivering (which is a bug)
[13:53] PeterThoeny: time of day and user
[13:53] Lavr_: What I need is date and name
[13:53] sven_: personally i prefer to hae all the info where i click edit
[13:53] sven_: but i think i'm a techy user
[13:53] *** ktwilight_ has joined #twiki_release.
[13:53] ktwilight_: hello :)
[13:54] sven_: mmm, i'd put the top actions line in the top bar :}
[13:54] ktwilight_: don't mind me, please continue.
[13:54] sven_: looking at ArthurClemens's link
[13:54] ArthurClemens: so that design puts the web name back
[13:54] ArthurClemens: and the topic info at the right
[13:54] sven_: looks wasteful atm - presumable due to the shading
[13:54] ArthurClemens: working on that
[13:54] sven_: i figured :)
[13:55] ArthurClemens: its visually too heavy
[13:55] Lavr_: Yes a lot of estate wasted. I tried to add the revision text in the top bar just 
below the jump/search link. It adds no extra space because the Twiki logo sets the size of the 
top bar anyway
[13:55] sven_: to me the grey dotted underline looks lie a missing topic link
[13:56] CDot: uys, how do we resolve this
[13:57] sven_: its a simple css tweak
[13:57] CDot: I am worried that focus on the skin takes away attention from deeper bugs
[13:57] PeterThoeny: we can move the "you are here" into the second banner bar, with short rev 
info
[13:57] sven_: i would suggest that the experienced testers don't worry about it
[13:57] CDot: e.g. has anyne in the room tried doing a SEARCh type="query" yet? (except me, of 
course)
[13:57] sven_: and rather they focus on real core issues
[13:57] Lavr_: My only point is that do not want to scroll to see who and when a topic was 
edited. I do not care where it is at the top or how small it is or how grey it is.
[13:57] PeterThoeny: but question is, how does it look like with a long breadcrumb
[13:57] *** SvenDowideit has signed off IRC ("This computer has gone to sleep").
[13:57] sven_: the skin suff will be found and worked on by almost veryone
[13:58] *** SvenDowideit has joined #twiki_release.
[13:58] sven_: cos everyone will have an opinion
[13:58] ArthurClemens: the rev info is really long now
[13:58] OliverKrueger|1: CDot: in general or on a fresh checkout?
[13:58] PeterThoeny: time check: 58 min
[13:58] CDot: it was a rhetorical question
[13:59] PeterThoeny: You are here:  TWiki >  Main Web > TWikiGroups (r5 - 16 Jul 2007)
[13:59] CDot: I'm worried about the amount of "deep" testing (not) going on
[13:59] PeterThoeny: is short
[13:59] Lavr_: (CDot yes I have)
[13:59] CDot: :-)
[13:59] Lavr_: (and I love it)
[13:59] CDot: :-) :-)
[14:00] CDot: ok, I'll shut up and let you guys redesign the skin then
[14:00] OliverKrueger|1: I replaced all searches on one of my boxes in a 
cloak-and-dagger-operation. :)
[14:01] CDot: cool
[14:01] Lavr_: I try to keep my pattern skin as close to unmodified as possible because it 
makes it easier to upgrade
[14:01] CDot: ditto
[14:01] sven_: Lavr_, don't modify the skin
[14:01] sven_: over-ride it
[14:01] Lavr_: And possible to install betas
[14:01] sven_: then upgrade is still totally simple
[14:02] Lavr_: No because the over-ride is not compatible 10 minutes later
[14:02] sven_: giggle
[14:02] * sven_ pulls out his over-rides
[14:02] CDot: do we have a way ahead yet for 4.2?
[14:02] sven_: usermapping is testing ok
[14:03] sven_: openid part one is working
[14:03] CDot: where do we stand? All skin changes now complete, just bug fixing to do?
[14:03] sven_: the other mapping i released last week is ok too
[14:03] PeterThoeny: so, can we give arhur the ok to make the changes thoughfully?
[14:04] PeterThoeny: one feedback on ui change: i miss the playful background image. the new 
skin looks very plain
[14:04] Lavr_: If we accept a month delay yes. I am serious. I talk from experience. It has 
been the same each time we changed the UI. Bugs just pop out all the time.
[14:04] PeterThoeny: kenneth, are you suggesting to revert all patternskin changes?
[14:04] ArthurClemens: btw,  last time was 1.5 year ago
[14:05] Lavr_: I am saying that accepting probably cost a month.
[14:05] Lavr_: Unless some miracle happens. We are only 2-4 people active at the moment.
[14:05] Lavr_: Rest are playing with plugins
[14:05] * sven_ goes cooking for the love
[14:06] Lavr_: If this was september it may have cost 1-2 weeks but in the vacation it will 
take a month
[14:06] CDot: I don't find that unacceptable
[14:06] CDot: I would rather it took a month, than was release full of holes
[14:07] CDot: the testing is happening, but the feedback cycle is still way too slow for my 
liking
[14:07] CDot: and there are still no beta sites
[14:07] ktwilight_: is pattern glued on the core or is it like any other skin which can be 
upgraded separately?
[14:07] CDot: the latter
[14:07] Lavr_: yes. Problem is that the month is if ALL enhancements stops today. But if the 
extra month is interpreted as an invitation to do more enhancements (and leave bug fixing to 
others) then I fear that we never get anything released
[14:08] ktwilight_: so why not release 4.2 and have some time for pattern? then upgrade the 
latest pattern on the next version
[14:08] ktwilight_: gives some time to chew on the whole UI/UE thing
[14:08] Lavr_: Pattern is the default skin and the only one that really works. TWiki without 
Pattern is nothing
[14:08] CDot: well, you already nailed my hands to the table; I'm not doing any enhancements
[14:08] CDot: Arthur has just been nailed as well.....
[14:08] ktwilight_: i ain't saying no pattern. am just saying, revert it back to as it was, 
so no breakage. and continue to work on it for the next version or so
[14:08] CDot: Sven is finished his bit....
[14:08] Lavr_: I cannot nail anyone.
[14:09] ArthurClemens: ough
[14:09] Lavr_: People have to nail themselves. It is volunteer work.
[14:09] *** OliverKrueger has signed off IRC (Connection timed out).
[14:09] ktwilight_: but whoever wants to ugprade can do it of course...
[14:09] Lavr_: You cannot upgrade without the new version of Pattern.
[14:10] CDot: well, yes, it is vlunteer work; but we still need someone to keep us all in line
[14:10] ktwilight_: ah ok, so it's inevitable to have a delay...?
[14:11] CDot: Lavr_: if you like, you can build a release today and call it a beta
[14:11] CDot: it will still have bugs, but they won't be fixed any faster if you *don't* build
[14:12] Lavr_: Well. We cannot release a wobbly skin. And I would like to see the two issues I 
raised addressed.
[14:12] PeterThoeny: arthur: how much time do you need?
[14:12] Lavr_: Visible at the top rev info - and visible current Skin
[14:12] CDot: if you create the 4.2 branch now, then we go back to double-checkin duty
[14:12] CDot: which is a PITA, but necessary in the final stages
[14:13] Lavr_: Then I would rather svn co the revision from 2 days ago.
[14:13] Lavr_: svn copy I mean
[14:13] CDot: Arthur? What's your take on that?
[14:13] CDot: do you feel your recent work *has* to be in 4.2?
[14:14] ArthurClemens: yes
[14:14] CDot: you mean the refactoring, right?
[14:14] ArthurClemens: all of it
[14:14] CDot: ok
[14:15] PeterThoeny: time check: +90 min, 45 min max to go
[14:15] ArthurClemens: with the feedback I receive today
[14:15] PeterThoeny: sorry, +75 min
[14:15] Lavr_: Can we take a quick vote on what people think about the two UI issues then.
[14:16] PeterThoeny: arthur, how much time do you need before we can create a beta?
[14:16] sven_: I'm already planning on what user changes i do in 4.2.1
[14:16] Lavr_: First - should revinfo be visible without scrolling?
[14:16] CDot: I'm assuming that Arthur, you are not planning any more changes (just fixes)?
[14:16] sven_: so, i'm happier for where we are
[14:16] CDot: Lavr_: I really don't care
[14:16] PeterThoeny: CDot: no arthur should address the concerns raised
[14:16] CDot: revinfo is rarely used; scrolling is not a big deal
[14:16] sven_: twiki is the only wiki where its soooo prevalent
[14:16] ArthurClemens: what do you think about the new proposal?
[14:17] sven_: and its not necessarily the right thing
[14:17] sven_: i'm just used to having it
[14:17] sven_: so i vote to prefer whatever the skin designer thinks
[14:17] Lavr_: New proposal?
[14:17] sven_: (as i have my own skin too)
[14:17] ArthurClemens: with the web name and rev info?
[14:17] Lavr_: You mean on http://twiki4.visiblearea.com/twiki4/MAIN/bin/view/Main/WebHome?
[14:17] ArthurClemens: Lavr_: http://twiki4.visiblearea.com/twiki4/MAIN/bin/view/Main/WebHome
[14:18] ArthurClemens: It should address your concerns
[14:18] PeterThoeny: arthur's latest design (not yet checked in) does use more real estate than 
the one currently checked in
[14:18] Lavr_: It takes some real estate but it fullfills by requirements. 
[14:18] CDot: well, given the choice, I'd rather have the revinfo at the bottom, and only once. 
I like a clean area.
[14:18] Lavr_: I am a little sad we lost the web color.
[14:18] PeterThoeny: yes, web color is important
[14:18] ArthurClemens: that was exactly the point
[14:18] Lavr_: It is now a small square in the breadcrumb and otherwise gone
[14:18] ArthurClemens: the web colors are very ugly
[14:18] PeterThoeny: and a miss the playful paper roll background
[14:18] CDot: agreed
[14:19] ArthurClemens: I can try to make a quieter design for the top
[14:19] PeterThoeny: web color: can be done with a colored square icon next to the "Foobar web"
[14:19] Lavr_: Who did you agree with CDOt
[14:19] ArthurClemens: less distracting
[14:19] CDot: I agreed with Arthur about the web color
[14:20] CDot: and I agree with Peter about the paper cut image
[14:20] ArthurClemens: PeterThoeny: I can try to put it in a larger quare
[14:20] ArthurClemens: but it _is_ something people get used to
[14:20] ArthurClemens: if it is in the breadcrumb people look thre
[14:20] ArthurClemens: there
[14:20] PeterThoeny: ok, i think arthir has enough feeback
[14:21] PeterThoeny: arthur, can you give us an estimate how much time you need?
[14:21] Lavr_: Item 4370 must be a Linux FF thing because I do not see it on Windows
[14:21] PeterThoeny: web color acts like an icon, you know where you are even without reading 
text
[14:21] ArthurClemens: I think the browser has problems with floats
[14:22] Lavr_: But I saw something like that a while ago on bugs web.
[14:22] Lavr_: But only on specific bugs and only when hovering links at the bottom
[14:23] Lavr_: I will progress now with the 3 bugs items I singled out as - must discuss today
[14:24] Lavr_: Bugs:Item4333  OppsException allows anything from a URL to parse through to the 
generated HTML incl scripts 
[14:24] Lavr_: Under normal circumstances a Normal bug. But it was raised as a security issue 
from a large company and they seem to take it seriously
[14:24] Lavr_: So I think it should be addressed the best we can.
[14:24] Lavr_: The actual example given is easy to fix and I have a fix for that ready
[14:24] sven_: that stuff really needs a set of automated tests to cover al possiblities
[14:25] sven_: as we have previously fixed parts of the issue
[14:25] CDot: tricky
[14:25] Lavr_: The fix I have is a simple filtering of the renamed filename using same filter 
that we use for the rename itself
[14:26] CDot: I thought an audit of all the throws would do it
[14:26] sven_: even tricker to aledge that one has manually tested all permutations
[14:26] Lavr_: But I have the feeling that it is possible to make 100s of similar cases with 
unfiltered output to oops pages
[14:26] sven_: or that you re-audited it every release
[14:26] CDot: but I realise now that there is a lot of scope for leaks that way
[14:26] CDot: and Lavr's original suggestion is actually the best
[14:26] Lavr_: Question is - can we convert all > and < to html enties in the OopsException 
code
[14:27] CDot: probably
[14:27] sven_: not just oops i'll bet
[14:27] Lavr_: That will create garbage but scripts will not be possible
[14:27] CDot: I well, there's an argument that says it's a good idea anyway
[14:27] CDot: for presenting arbitrary error messages coming from perl
[14:28] Lavr_: Does anyone know of HTML being pushed to Oops pages through the %PARAM#% ?
[14:28] CDot: nope
[14:29] Lavr_: If we filter on all URL inputs I am  sure we will be resolving 4.2.0 bugs also 
round xmas
[14:29] CDot: why?
[14:29] CDot: OIC, sorry, yes
[14:29] Lavr_: You said that yourself.
[14:29] CDot: we need to filter the *output*, not the input
[14:30] sven_: anton will kill you for saying that :)
[14:30] Lavr_: But I was talking about filtering special chars on the INPUT - that would be 
causing trouble
[14:30] PeterThoeny: and we have to be careful not to break existing apps
[14:30] CDot: yes, I know
[14:30] CDot: but that is a huge, bug prone task
[14:30] CDot: and we are bound to get it wrong
[14:31] CDot: the output filter is an elastoplast over the crack
[14:31] sven_: incremenatlism is the new reality - and i'm not against it
[14:31] PeterThoeny: would it make sense to put a configurable limit on the url param length?
[14:31] CDot: no
[14:31] Lavr_: So I propose that we close 4333 by converting < and > to &lt; and &gt; at on the 
text strings that are sent to %PARAM
[14:31] CDot: ok
[14:32] Lavr_: And filtering the filename in the actual example.
[14:32] Lavr_: which i have code for  - simple - we already have the filter
[14:32] CDot: *all* web, topic and file names should be filter-in filtered when they are first 
pulled from the query
[14:33] PeterThoeny: how does that affect forms that send data to itself? such as WebSearch?
[14:33] CDot: not at all, as long as the web name is valid
[14:34] PeterThoeny: if i search for "<foo>" does that survive the submit?
[14:34] CDot: a *search* will, but a web name of <foo> will not
[14:34] Lavr_: Does that use PARAM1 PARAM2 etc etc?
[14:34] CDot: Lavr_: it's a more general q than that
[14:35] CDot: early filter-in makes some assumptions about how parameters will be used
[14:35] PeterThoeny: checking...
[14:35] CDot: Peter is concerned that it doesn;t make the *wrong* assumptions
[14:35] PeterThoeny: %SEARCH{  
 "%URLPARAM{search}%"  
 type="%URLPARAM{"type" default="word"}%" 
 scope="%URLPARAM{scope}%"  
 web="%URLPARAM{web}%"  
 nosearch="%URLPARAM{nosearch}%"  
 zeroresults="%IF{ "defined search" then="on" else="off" }%" 
 }%
 
[14:35] PeterThoeny: so does not seem to be affected
[14:36] CDot: anyway, let's move on
[14:36] Lavr_: No filtering the URLPARAM is the next challenge. There is also a bug item not yet 
raised in public on that.  DELETE ME FROM LOG!!!
[14:37] Lavr_: Next is Item2108
[14:38] Lavr_: I cannot really get that one done because part of it was renaming the configure 
settings for AdminUserLogin and AdminUserWikiName 
[14:38] * OliverKrueger|1 silently logs off. G'nite folks.
[14:38] *** OliverKrueger|1 has left #twiki_release.
[14:38] Lavr_: The current names suggests that these are the way you setup yourself as admin.
[14:38] Lavr_: But a simple rename will fix that mistake I would say
[14:39] Lavr_: I have proposed some alternatives.
[14:39] Lavr_: TemporaryAdminLogin  or SudoLogin 
[14:39] Lavr_: TemporaryAdminWikiName or SudoWikiName 
[14:39] sven_: for the reasons you raised, i'd avoid sudo
[14:40] Lavr_: yes I also prefer the first
[14:40] sven_: i don't like temporary at all
[14:40] * CDot doesn't see what's wrong with the names that are already there
[14:40] sven_: as it is a fully fledged user from a user pov
[14:40] Lavr_: When you are in configure the current names suggest that these are the login and 
wikiname that makes you admin.
[14:40] sven_: there is nothing temporary about it
[14:40] sven_: and thats what they do
[14:40] Lavr_: But this is not the case.
[14:41] sven_: just that its not quite prefect in 4.2
[14:41] Lavr_: No you sudo login with these and then you add yourself to the TWikiAdminGroup
[14:41] Lavr_: And then you are an admin user.
[14:41] sven_: no
[14:41] sven_: thats only one way of working
[14:41] CDot: hmmm. Can we (quickly) review the role of the 'sudo' login admin user please?
[14:41] CDot: cos i use it all the time now
[14:41] CDot: it's soooo much easier
[14:41] sven_: on bugs.t.o for eg
[14:41] sven_: no-one adds to admingroup
[14:42] sven_: you just log in as admin, and use it
[14:42] sven_: then log out back to your own user
[14:42] Lavr_: Using the sudo login - right?
[14:42] sven_: the admin group is somewhat redundant 
[14:42] Lavr_: You cannot authenticate using the normal authentication for this
[14:42] sven_: in 4.2 y
[14:42] sven_: in future, you will be able to do it in normal auth
[14:42] sven_: if you're using internal auth
[14:43] Lavr_: Not with ApacheLogin - unless the admin name is in .htpasswd. We have been there 
before
[14:43] sven_: i was just forced into feature freeze 
[14:43] sven_: apache is not interal auth
[14:43] sven_: and
[14:43] sven_: from my research
[14:43] sven_: thats only due to our rather simplistic use of apache auth
[14:43] Lavr_: Can I today put c12179 as AdminUserLogin and KennethLavrsen as AdminUserWikiName 
and then login using Apache LDAP auth and be admin? No
[14:44] sven_: the point is
[14:44] sven_: that Lavr_ 's way of working is not the only one
[14:44] Lavr_: And this is what the current naming strongly suggests
[14:45] sven_: ie, its not more relevant than the other use cases
[14:45] sven_: it is _a_ use case
[14:45] PeterThoeny: time check: +105 min, 15 min max left
[14:45] Lavr_: No. But this is what users will think with these settings named this way.
[14:45] PeterThoeny: i have a hard stop in 15 min
[14:46] sven_: i have no patience for this, as its bed time
[14:46] sven_: i don't need to be insulted 15 minutes before my birthday, so ;p
[14:46] PeterThoeny: sven, i have a related question
[14:46] PeterThoeny: META:TOPICINFO{author="TWikiUserMapping_PeterThoeny" date="1184485272" 
format="1.1" version="1.2"}
[14:46] Lavr_: Have I insulted you now?
[14:46] sven_: PeterThoeny, yup
[14:47] sven_: thats why we inc'd the format
[14:47] PeterThoeny: why yet another user name stored? TWikiUserMapping_PeterThoeny
[14:47] sven_: (or one reason)
[14:47] sven_: yet another?
[14:47] sven_: thats the cUID - it tells you the login and the mapping used
[14:47] PeterThoeny: there is a login name (jsmith) and a wikiname (JohnSmith)
[14:47] PeterThoeny: what is TWikiUserMapping_JohnSmith?
[14:48] sven_: here's the one i'm working on atm
[14:48] sven_: %META:TOPICINFO{author="OpenIDUserMapping_http_58_47_47svendowideit_46home_46org_
46au_47" date="1184609997" format="1.1" version="1.24"}%
[14:48] sven_: its a cUID - an id that is garranteed to be ok for rcs
[14:49] sven_: whereas a login of sven@home.org.au (a valid ldap login)
[14:49] sven_: kills twiki
[14:49] sven_: and the WikiName may not exist, or worse, be non-unique
[14:49] sven_: openid is one eg where this happens
[14:50] sven_: basically, once we work with more mature external auth system
[14:50] sven_: we need more sofistication
[14:50] sven_: mmmm
[14:50] sven_: sophistication
[14:50] PeterThoeny: i am wondering how that affects existing tools (extension) that work with 
the current name stored in rcs
[14:50] sven_: yep
[14:50] sven_: me too
[14:51] sven_: micha has already helped me resolve alot of cases
[14:51] sven_: which is why the Func api has matured in that respect
[14:51] PeterThoeny: wondering if there is a way to keep the 4.1 spec unless for the special 
case of openid
[14:51] PeterThoeny: for compatibility
[14:51] sven_: and why i added several hundred unit tests one w/e
[14:51] sven_: not anymore i fear
[14:51] sven_: (ie it would kill the feature freeze)
[14:52] sven_: and introduces very painful cornercases
[14:52] sven_: i was hoping that it could be done that way
[14:52] sven_: but i never managed to get it working 100%
[14:52] PeterThoeny: ok, we need to accept the spec change then (we already did a spec change 
in twiki 4 where we changed from rcs user name jsmith to JohnSmith
[14:52] PeterThoeny: )
[14:53] sven_: y
[14:53] sven_: that was in cario
[14:53] PeterThoeny: yes
[14:53] sven_: and i deeply regret that decision
[14:53] PeterThoeny: and that caused some issues
[14:53] sven_: it seemed like a clever thing
[14:53] sven_: but was way too myopic in outlook
[14:53] PeterThoeny: so we can expect some issues with the new spec change
[14:53] sven_: as i was focused on twiki at the time
[14:53] sven_: rather than integration
[14:54] sven_: it should not be as bad as cairo
[14:54] sven_: as there are many many unit tests
[14:54] CDot: I think Sven has done an amazing job in working out some of the horrible corner 
cases
[14:54] sven_: any extension that uses the Func api
[14:54] sven_: should be golden
[14:54] CDot: I have not encountered any problems with any extensions yet
[14:54] sven_: just the ones that assume they know what is in meta will have trouble
[14:54] CDot: which really surprised me
[14:55] sven_: and they were wrong
[14:55] PeterThoeny: ok
[14:55] sven_: (as there are 3 forms - login, wikiname, web.wikiname)
[14:55] sven_: that have been in topics
[14:55] PeterThoeny: up to cairo we had just one in rcs: login
[14:55] PeterThoeny: anyway, lets move on
[14:55] sven_: yup
[14:56] PeterThoeny: kenneth, any other bugs items to review?
[14:57] PeterThoeny: kenneth listed three bus item to focus on
[14:57] PeterThoeny: we talked about oopsexception
[14:57] PeterThoeny: Bugs:Item2108 Better installation doc for TWikiAdminGroup
[14:57] Lavr_: Bugs:Item4048 EditTablePlugin: Password in URL params after template login - 
This is a real security issue and must be fixed
[14:58] Lavr_: We need someone to look at this. Passing passwords in a url is a nono
[14:58] PeterThoeny: agreed
[14:59] CDot: I looked, and AFAICT the code removes the parameters from the query in all the 
right places
[14:59] CDot: really needs a testcase
[14:59] sven_: CDot, could we not remove the core pwd params right at the begning of 
TWiki::new ??
[15:00] sven_: store them somewhere safe, and get the login manager to get them from that 
crib?
[15:00] CDot: yes, we could; but if we did that, we would be better to recode to use an 
Authorization: HTTP header
[15:00] sven_: yep, v true
[15:00] CDot: which is a "feature too far" IMHO
[15:00] sven_: y
[15:00] sven_: i just don't like the way we remove at the end
[15:01] sven_: when i can 'play' with it in the middle
[15:01] sven_: but you're right, its an arch change in a sense
[15:02] * ktwilight_ bows out from the meeting
[15:02] ktwilight_: gnite
[15:02] ktwilight_: and happy birthday sven_ :)
[15:02] sven_: grin :)
[15:02] sven_: nite
[15:02] *** ktwilight_ has left #twiki_release.
[15:02] Lavr_: Happy birthday Sven
[15:02] Lavr_: Well we discussed the important ones
[15:03] sven_: yeah, now we just have to fix the darn things
[15:03] CDot: sven_: I'm honestly not sure what the best approach is there
[15:03] Lavr_: I unassigned myself from 2108. If I cannot understand it I cannot write the 
doc. Sorry.
[15:03] sven_: fair
[15:03] PeterThoeny: ah, happy b'day sven!
[15:03] sven_: :)
[15:04] sven_: CDot, we have a bug - think we know what we have to do :(
[15:04] CDot: rm -rf * ?
[15:04] sven_: i'll poke it this week, and if i don't get it, we'll brainstorm some more
[15:04] PeterThoeny: sorry, i have to bail out of the meeting (better than bailing out of a 
citabria ithout a parachute)
[15:04] Lavr_: I actually never tried to reproduce this password bug myself because I normally 
test with Apache login.
[15:04] Lavr_: because I used to have the impression that most others tested with template
[15:04] PeterThoeny: please continue
[15:05] sven_: later PeterThoeny 
[15:05] PeterThoeny: and if possible set a beta release date
[15:05] CDot: I always use TemplateLogin, but have never been able to reproduce it
[15:05] sven_: mmm, i use all 6 login impls
[15:05] sven_: maybe i should release a few
[15:05] CDot: I try a couple of times, then just give up unless a testcase is provided
[15:05] sven_: anyone want SSO?
[15:06] Lavr_: Well. Maybe the bug is gone then?
[15:06] sven_: yeah, without other people writing testcases
[15:06] CDot: sven_: I'd rather have a doc
[15:06] sven_: CDot, and I are just looping out own ideas
[15:06] CDot: one that explains to me (as a newbie) how to get admin rights
[15:06] sven_: mmm, i wasn't unhappy with Lavr_'s doc on that
[15:07] CDot: which one?
[15:07] * CDot missed that
[15:07] * sven_ is just reading whats there atm
[15:07] Lavr_: I did some doc work yes
[15:07] Lavr_: I took the user from Configure by adding some new doc at the top linking to the 
TWikiAdminUser topic.
[15:08] sven_: but it is very external auth centric
[15:08] Lavr_: ON this I added the steps you need to take. This doc is now a little out of date
[15:08] sven_: but quite functional
[15:08] CDot: where are you reading?
[15:08] Lavr_: Then we have the problem with the redirection after sudo login.
[15:08] sven_: Main/TWikiAdminGroup
[15:08] sven_: yeah - that was fixed i thought
[15:09] sven_: but i just saw it for the first time again today
[15:09] Lavr_: No I tried yesterday. You still end at WebHome after login.
[15:09] sven_: nm, i'm sure i have that bug assigned to me
[15:09] Lavr_: Yes there is a bug.
[15:09] sven_: or did ArthurClemens steal it?
[15:10] Lavr_: 4327
[15:10] Lavr_: There is also 4328
[15:10] CDot: ahhhhhh OK, that doc makes sense. Though how does a freshly-configuring user 
land up *there*?
[15:11] sven_: Hello, Gentlemen! - Would you be so kind as to put this the 
TWikiInstallationGuide? 
[15:11] Lavr_: I added some doc linking at the top of configure.
[15:11] CDot: their normal path is install-doc -> configure -> twiki front page
[15:11] Lavr_: Naturally it will also be in the installation guide. That was the open doc 
item I just resigned from.
[15:11] CDot: reading the absolute minimum at each step
[15:12] sven_: ok - CDot if you follow your 3 steps
[15:12] sven_: at what point do they need / want to be admin?
[15:12] Lavr_: It was during this work I had to give an explanation of the confusing configure 
settings
[15:12] CDot: ok, well, it makes sense for the instal doc too (though I might tweak the 
English just a *wee* bit
[15:12] sven_: i'm guessing a link to sudo login from the oppsaccessdenied would be right?
[15:12] Lavr_: Denglish is my best
[15:12] CDot: Lavr_: I don;t think they *are* confusing. Just highlight their "temporary 
nature" in TWiki.spec
[15:13] Lavr_: I think a renaming will remove the last confusion.
[15:13] Lavr_: Not saying my two proposals are perfect either