[Savannah-hackers-public] Re: log_accum at Savannah

[Sylvain Beucler]

On Mon, May 15, 2006 at 10:59:20AM -0400, Derek R. Price wrote:
> Hey Sylvain,
> 
> Okay, it took a little longer than I thought it would, but I've
> committed something that should be close to usable on Savannah.  It
> should support nested config files, file and directory names with
> spaces, and all the features the log_accum.pl on Savannah had, except
> for the gnats-interface option (which looked like it wasn't set up for
> Savannah anyhow) and the old `cvs status' output, which I wasn't sure
> you were using.

That's a start :) Diffs should be sent to a different e-mail, and
apparently multiple diffs are not cumulated in the separate mail. I'll
investigate tomorrow unless you beat me into doing it.

I don't remember of using GNATS at Savannah, that's not an immediate
issue.

All the loginfo I configured use the '-s' option to suppress the 'cvs
status' output, so that's no problem either.


> The way things are set up now, it would be very easy to insert a few
> lines to send an email to an address that would auto-annotate related
> artifacts in the patch/bug trackers or even squirt some SQL into the
> right port.  Are we any closer to this, re:
> <https://savannah.gnu.org/support/?func=detailitem&item_id=104643>?

I have given it some thoughts.

The situation at Savannah now has improved, since we do not rely on
per-project jails anymore, so we can start thinking about more complex
CVS hooks.

However, the hook cannot be 3-lines long, because there's a boring
issue: identifying users. We do not want anybody to be able to close a
bug in another project, or a non-privileged project member to edit the
tracker.

I'd be interested in any thought about properly identifying users on
the remote side. Imagine that in most cases the tracker and the CVS
services are located on different machines, and users can add custom
hooks (aka "shell access").

I have something in mind where the tracker service trusts the CVS
_machine_; then loginfo calls a setuid program that identify the user
using its system uid, and calls the tracker using credentials stored
in a private file.


I also gave another look at scmbug, which uses a TCP/IP connection
without authentication, which doesn't satisfy me - although I still
like the N-to-1 approach.


Meanwhile, using logging and mail notifications could ensure enough
after-the-fact security to start a quick hack, that we would hopefully
improve later on.


> Incidentally, installing this on Savannah with the default settings (or
> with --send-empty if you have overridden the defaults in a config file)
> should close:
> <https://savannah.gnu.org/support/?func=detailitem&item_id=104562>.

Yes, this merge should fix a couple bugs (including the one about
irrelevant diffs during branch creation -
https://savannah.gnu.org/support/?func=detailitem&item_id=104373) :)

-- 
Sylvain