Re: [fossil-users] RFC before trunking 'usage' command
On Sun, Sep 15, 2013 at 01:52:49PM +0200, Stephan Beal wrote: On Sun, Sep 15, 2013 at 12:56 PM, BohwaZ boh...@bohwaz.net wrote: provides that, but it's ok as long as it's not turned on by default and we can clear the history, like before copying a repository file to publish it online. It's stored in the checkout db, so it's _never_ synced. The '-c' flag clears the history. My understanding is that the concern raised was about copying (i.e. shell command cp, or maybe scp), not syncing. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] RFC before trunking 'usage' command
On Sun, Sep 29, 2013 at 6:14 PM, Chad Perrin c...@apotheon.net wrote: My understanding is that the concern raised was about copying (i.e. shell command cp, or maybe scp), not syncing. It would only be copied if someone copies their checkout db file, which would be a highly unusual thing to do. Of course, when copying your whole home dir or some such it would be copied along with anything else, but there is _certainly_ more sensitive info under one's home dir than the list of fossil commands one called while under a given checkout. i.e. i don't personally consider this to be any sort of security thread, but... there are those with a better eye for this sort of thing. For example, i'm not going to add saving of command arguments (only the command name) because BohwaZ pointed out the case of passing a password to the commands which take a URL, and i do not want to special-case any of the arguments to handle that (there's always another corner case which will slip by...). In any case, this feature is very low on the prio list, and it's still not clear whether it should really be added or allowed to die off quietly. While i find it an interesting feature, it's certainly not vital and it does have a number of touchy questions associated with it. Opinions are of course welcomed. -- - stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] RFC before trunking 'usage' command
Le Wed, 11 Sep 2013 22:58:56 +0200, Stephan Beal sgb...@googlemail.com a écrit : If you don't find the idea offensive/abusive, you needn't say anything. If you do, please voice your concerns. If there is sufficient outcry i'll drop that branch instead of integrating it. If we do decide to add it, i will add a config option to toggle it on and off (disabled by default). I don't think I have any use for that as my shell history already provides that, but it's ok as long as it's not turned on by default and we can clear the history, like before copying a repository file to publish it online. Logging arguments may pose some risk as if you do: $ fossil remote-url https://bohwaz:secretpassw...@fossil.dev.org/ (yes you can omit the password and fossil will ask you for it, I know) The password will be logged in cleartext fossil in that case, and that may be a problem. PS: feel free to suggest a better command name than 'usage'. 'history' would be the obvious choice (due to it's analog in Unix shells), but that command name potentially has better uses in a future fossil version, so i don't want to steal that one. 'cmdhist' seems fine for me, as I would think that 'history' provides the history of last checkins, and 'usage' would provide me with some help on fossil command line. -- BohwaZ ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] RFC before trunking 'usage' command
On Sun, Sep 15, 2013 at 12:56 PM, BohwaZ boh...@bohwaz.net wrote: provides that, but it's ok as long as it's not turned on by default and we can clear the history, like before copying a repository file to publish it online. It's stored in the checkout db, so it's _never_ synced. The '-c' flag clears the history. Logging arguments may pose some risk as if you do: $ fossil remote-url https://bohwaz:secretpassw...@fossil.dev.org/ VERY good point. So far that's not implemented, though. (yes you can omit the password and fossil will ask you for it, I know) The password will be logged in cleartext fossil in that case, and that may be a problem. Definitely. Thanks for pointing that out. (That said, i've only ever used the password that way when cloning.) 'cmdhist' seems fine for me, as I would think that 'history' provides the history of last checkins, and 'usage' would provide me with some help on fossil command line. i agree on all points, i just find cmdhist clumsy to type ;). cmdhist. Fossil would, however, allow an abbreviation of 'cm', so it wouldn't be that bad. -- - stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] RFC before trunking 'usage' command
On Thu, Sep 12, 2013 at 12:14:01AM +0200, Stephan Beal wrote: On Wed, Sep 11, 2013 at 11:58 PM, B Harder brad.har...@gmail.com wrote: fossil set tracker [on|off] ? IIRC Trac was Fossil's predecessor for ticket tracking, and tracker always implies tickets to me (as a by-day/by-night developer). How about... fossil set nsa-mode on|off If anyone asks, just say NSA stands for Normal Shell Access. Then, to solve the cmdhist doesn't roll off the fingers naturally problem, we can use nsahist, which I think flows a little better when typing. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] RFC before trunking 'usage' command
[Default] On Wed, 11 Sep 2013 22:58:56 +0200, Stephan Beal sgb...@googlemail.com wrote: Hi, all, Once 1.27 officially goes out the door, i plan on pulling the new 'usage' command into the trunk (for 1.28). My question to you is: is there anyone who finds the idea of fossil recording which commands (not their arguments) and the times of their usage in the local checkout database offensive or insecure? These data are _only_ local to the current checkout and are never synchronized. The 'usage' command is only intended for informal personal statistics gathering, and not for spying on developer's activity within a given tree (that would be possible if devs have access to each others' checkout directories). I wouldn't mind logging the arguments as well, especially for commands that modify the repository or a stash. I wouldn't be interested in logging query-class commands, like fossil ls, fossil status, fossil timeline If you don't find the idea offensive/abusive, you needn't say anything. If you do, please voice your concerns. If there is sufficient outcry i'll drop that branch instead of integrating it. If we do decide to add it, i will add a config option to toggle it on and off (disabled by default). PS: feel free to suggest a better command name than 'usage'. 'history' would be the obvious choice (due to it's analog in Unix shells), but that command name potentially has better uses in a future fossil version, so i don't want to steal that one. usage - commandtrace or commandhistory or cmdtrace or cmdhistory Note: on Linux/unix, it doesn't add much, history [-OPTIONS] | grep fossil will do fine, on MS Windows, I think it really adds value. -- Groet, Cordialement, Pozdrawiam, Regards, Kees Nuyt ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] RFC before trunking 'usage' command
Hi, all, Once 1.27 officially goes out the door, i plan on pulling the new 'usage' command into the trunk (for 1.28). My question to you is: is there anyone who finds the idea of fossil recording which commands (not their arguments) and the times of their usage in the local checkout database offensive or insecure? These data are _only_ local to the current checkout and are never synchronized. The 'usage' command is only intended for informal personal statistics gathering, and not for spying on developer's activity within a given tree (that would be possible if devs have access to each others' checkout directories). If you don't find the idea offensive/abusive, you needn't say anything. If you do, please voice your concerns. If there is sufficient outcry i'll drop that branch instead of integrating it. If we do decide to add it, i will add a config option to toggle it on and off (disabled by default). PS: feel free to suggest a better command name than 'usage'. 'history' would be the obvious choice (due to it's analog in Unix shells), but that command name potentially has better uses in a future fossil version, so i don't want to steal that one. -- - stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] RFC before trunking 'usage' command
On Wed, Sep 11, 2013 at 11:26 PM, Kees Nuyt k.n...@zonnet.nl wrote: I wouldn't mind logging the arguments as well, especially for commands that modify the repository or a stash. i considered it, but the code overhead just wasn't worth it at that time of night. One of these days i'll miss having that, add it, and add a -verbose option which also shows the args. I wouldn't be interested in logging query-class commands, like fossil ls, fossil status, fossil timeline Do you mean the SQL code itself? If so, try: f time -n 1 -sqltrace One can learn a lot about how fossil works by using that. usage - commandtrace or commandhistory or cmdtrace or cmdhistory i think 3 of those might mess up the column alignment in 'help' ;). Note: on Linux/unix, it doesn't add much, history [-OPTIONS] | grep fossil will do fine, on MS Windows, I think it really adds value. Me, too, but i'm aware that many other people have much greater concerns regarding any sort of usage protocols. For me it's harmless, but it's not just about me. -- - stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] RFC before trunking 'usage' command
On Thu, Sep 12, 2013 at 12:08 AM, Ron Wilson ronw.m...@gmail.com wrote: On Wed, Sep 11, 2013 at 5:58 PM, B Harder brad.har...@gmail.com wrote: fossil set tracker [on|off] ? Or 'fossil set cmdhist [on|off]' i like cmdhist but my fingers don't like typing it :/. cmdhist. Just feels awkward to type. Kind of like the word awkward. cmdhist. cmdhist. Maybe it'll grow on me after a while. cmdhist. It's a bit better now, anyway. -- - stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] RFC before trunking 'usage' command
On Wed, Sep 11, 2013 at 5:58 PM, B Harder brad.har...@gmail.com wrote: fossil set tracker [on|off] ? Or 'fossil set cmdhist [on|off]' Good idea. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] RFC before trunking 'usage' command
On Wed, Sep 11, 2013 at 5:56 PM, Kees Nuyt k.n...@zonnet.nl wrote: [Default] On Wed, 11 Sep 2013 23:32:10 +0200, Stephan Beal sgb...@googlemail.com wrote: usage - commandtrace or commandhistory or cmdtrace or cmdhistory i think 3 of those might mess up the column alignment in 'help' ;). Yeah, I'm happy with 'cmdhist' or 'chghist' or 'modhist' or 'shhist' ;) I'd say 'cmdhist'. Is both short and clear what it does. While 'usage' is technically correct as well, in Unix/Linux/POSIX, usage generally refers to how-to-use, not history if use. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] RFC before trunking 'usage' command
fossil set tracker [on|off] ? On Sep 11, 2013 2:32 PM, Stephan Beal sgb...@googlemail.com wrote: On Wed, Sep 11, 2013 at 11:26 PM, Kees Nuyt k.n...@zonnet.nl wrote: I wouldn't mind logging the arguments as well, especially for commands that modify the repository or a stash. i considered it, but the code overhead just wasn't worth it at that time of night. One of these days i'll miss having that, add it, and add a -verbose option which also shows the args. I wouldn't be interested in logging query-class commands, like fossil ls, fossil status, fossil timeline Do you mean the SQL code itself? If so, try: f time -n 1 -sqltrace One can learn a lot about how fossil works by using that. usage - commandtrace or commandhistory or cmdtrace or cmdhistory i think 3 of those might mess up the column alignment in 'help' ;). Note: on Linux/unix, it doesn't add much, history [-OPTIONS] | grep fossil will do fine, on MS Windows, I think it really adds value. Me, too, but i'm aware that many other people have much greater concerns regarding any sort of usage protocols. For me it's harmless, but it's not just about me. -- - stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] RFC before trunking 'usage' command
[Default] On Wed, 11 Sep 2013 23:32:10 +0200, Stephan Beal sgb...@googlemail.com wrote: I wouldn't be interested in logging query-class commands, like fossil ls, fossil status, fossil timeline Do you mean the SQL code itself? No, I now realize query is a confusing word. I mean the class of commands that doesn't change anything to a repository or a checkout is not interesting for logging. So, fossil {ls|status|timeline|changes|extra| ... } don't have to be logged, fossil {pull|push|sync|open|commit|stash| ... } are interesting though. usage - commandtrace or commandhistory or cmdtrace or cmdhistory i think 3 of those might mess up the column alignment in 'help' ;). Yeah, I'm happy with 'cmdhist' or 'chghist' or 'modhist' or 'shhist' ;) -- Groet, Cordialement, Pozdrawiam, Regards, Kees Nuyt ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users