Hey Brett, Glad to see you're jumping in again and thanks for commenting on the clean urls patch.
In regards to "what happened to Ryan", I'm still leading the project but am currently swamped with taking on a new job while still transitioning away from some of my consulting work. I have nominated Jon to work as the release manager for 0.8.5 since he has history with the project and has been given svn commit priviledges. As you can see, I'm still watching over things and will pipe up if necessary but I'm happy to see the community pushing this forward. Cheers, Ryan On Mon, May 4, 2009 at 10:57 PM, Brett R. Edgar <[email protected]> wrote: > I guess it’s time I get involved again. J I am TheWalrus. (Goo goo > g’joob.) We have been using the clean URLs patch for quite a while now, > probably at least six months. I have yet to experience any problems wrt the > clean URLs patch. Also, since I’m in the computer security business, I > convinced myself the patch (and .htaccess file) was correct and did not > affect security. I’ve also scanned PP with a commercial web-app scanner and > it didn’t find any problems related to the clean URLs. It also didn’t find > anything that offended my security consciousness enough to go fix, as I > recall. :D > > > > So what happened to Ryan? I guess I got real busy at work and kind of > dropped off the project for a bit, but I thought he was still leading it. > I’m glad to see some movement on it now! > > > > -- > > =================== > > Brett Edgar, CISSP, CSSLP > > True Digital Security, Inc./DESA Research, LLC. > > [email protected] > > 866.430.2595 x 103 > > www.truedigitalsecurity.com > > > > From: Timothée Boucher [mailto:[email protected]] > Sent: Friday, May 01, 2009 5:25 PM > To: [email protected] > Subject: Re: [PP-dev] Roadmap for 0.8.5 discussion > > > > Hi Jon, > > > > I'll be honest, I forgot some of the details of what I did, but after > looking over the last patch I submitted, I can tell you that I added the > detection in the installation steps, so that if mod_rewrite is not loaded > (through apache_get_modules(), so should work if not using Apache), the > checkbox is disabled. If mod_rewrite is loaded, it doesn't set it > automatically though. > > At this point, I left this configuration option inside config/config.php so > that it can be changed manually at will. (including in case of problems) > > To sum up: > > mod_rewrite loaded => checkbox allowed* > > checkbox checked => option CLEAN_URL set to true in config/config.php > > when a URL is created, it checks for that option. If false, it stays as it > is right now. > > > > But I share your concern about the slight risks included with this. For one > thing, I never tested it with another web-server than Apache (partly because > I didn't have access to IIS for example, partly because the current PP > requirements say to use Apache :) ) > > Also, if anybody is familiar with .htaccess files, I'd be very happy if you > can have another look on this. > > > > Regarding bugs, I would say that for my use, it didn't bring up any problem > (confirmed by TheWalrus as well). However, I don't use every feature, so I > might have literally worked around a bug without knowing it. > > All in all, I'm pretty sure it works fine (Apache or not), but the fact that > it was over a year ago lowers my confidence a little. I'll have another look > myself but, once again, an exterior critical look would be welcome. > > > > Cheers, > > > > Tim > > > > * I realize that there is a potential though quite unlikely bug: loading the > page with mod_rewrite on, checking the box, reloading the install page and > disabling mod_rewrite, checkbox staying on and saved in the config file... > > > > On Fri, May 1, 2009 at 2:49 PM, Jon DeGenova <[email protected]> > wrote: > > Hi Tim, > > Yes, that's definitely worth considering, if not for this version then for > the next. My concern would be installation. I suppose some people are > running PP on IIS or other non-Apache systems or don't have mod_rewrite > installed. Do we say it's available in the installation documentation but > must be activated manually or do we try to detect mod_rewrite during > installation and activate it automatically if the system supports it? It > sounds like you've been using it for a while and are comfortable that there > aren't any bugs? > > -Jon > > Timothée Boucher wrote: > > Hi Jon, > > > > thanks for the detailed email. > > I'll try to have a look at the patches you mentioned and see if I can add to > the validation of some of them. > > > > If I may add something, one patch I would like to see included is the one > for clean URLs (à la http://yourserver.net/13/message/view/4/ instead of > http://yourserver.net/index.php?id=4&c=message&a=view&active_project=13). > > Granted I'm the one who submitted it and am thus guilty of self-promotion > :). But after having installed PP without it for dev purposes, I miss having > it. > > No worries if you're set on the list though. It's only a "patch -p0" away > > > > Cheers, > > > > Tim > > > > On Sun, Apr 19, 2009 at 6:39 PM, Jon DeGenova <[email protected]> > wrote: > > I would like to propose the follow roadmap for version 0.8.5 of > ProjectPier. This is open for discussion, so don't be shy about replying > with your opinion. Each item listed below includes a status, description > and a link back to the item on projectpier.org where you can get more > detailed information. The list is broken down into items that will be > included for certain (items that are basically already done), items that > will be done if they pass Beta 2 testing (again items mostly already done, > they just need to be tested and tweaked), and the last category are items > that are only going to get done if someone steps forward and takes ownership > by replying back to this email by the end of the month. If you take > ownership of an item you don't have to work on it alone, you just need to > drive the issue and make sure a tested patch is submitted. If your patch > doesn't fully work by the deadline then we just push that item back to the > next release - no harm done. > > As I've already stated on the blog, I would like to finalize this roadmap by > the end of April, so your quick attention is very much appreciated. > > ------ > Goals > ------ > > This release will concentrate specifically on cleanup of bugs that have > already been reported. The one major new feature being added is a calendar > view of milestones. > > -------- > Timeline > -------- > > 30-May-09 - Beta 1 release, incomplete features. > 27-Jun-09 - Beta 2 release, feature freeze. > 18-Jul-09 - Release Candidate 1 > 8-Aug-09 - Final Release > > -------------------------------- > Items to be included for certain > -------------------------------- > > Status: Committed to SVN, requires final validation. > If you have a milestone set for the next or the previous day, it will say > "one days" instead of "one day" > http://www.projectpier.org/node/685 > > Status: Committed to SVN, complete. > Typo: "created new account for you" Should be "created *a* new account for > you" (in the notification email) > http://www.projectpier.org/node/506 > > Status: Committed to SVN, requires final validation. > No email notification when comments added with 0.8.0.2 > http://www.projectpier.org/node/721 > > Status: Committed to SVN, requires final validation. > Cookies not expiring when the browser closes > http://www.projectpier.org/node/843 > > Status: Committed to SVN, requires final validation. > Added a calendar view of milestones > http://www.projectpier.org/node/28 > > Status: Committed to SVN, requires final validation. > If you add several times the same tag to an object, the list is not reduced > to the minimum set of tags. Besides being redundant, that means that the > object is listed twice on the tag page. > http://www.projectpier.org/node/797 > > Status: Committed to SVN, requires final validation. > GIF format company logo with transparency does not display properly > http://www.projectpier.org/node/743 > > Status: Needs committed. > File names like changes.txt, readme.txt, license.txt & upgrade.txt should be > capitalized per the Code Standards. > http://www.projectpier.org/node/1262 > > Status: Patch needs committed, then final testing as part of the next build. > The pagination for searching doesn't work right. > http://www.projectpier.org/node/1038 > > ------------------------------------------------ > Items to be included if they pass Beta 2 testing > ------------------------------------------------ > > Status: Patch needs tested. > Private messages should default to private comments. Currently if you > comment on a private message, the comment is *not* private by defalut. > http://www.projectpier.org/node/1237 > > Status: Patch needs reviewed > Users can download files from projects they are not assigned to by > manipulating the URL. > http://www.projectpier.org/node/437 > > Status: Patch needs reviewed > User can manipulate URL to view projects they are not assigned to > http://www.projectpier.org/node/1044 > > Status: Patch needs reviewed > When non-company users trying to attach files to message comments - they > can't do it. > http://www.projectpier.org/node/719 > > Status: Patch needs reviewed > http://www.projectpier.org/node/294 > Problems with file upload under linux > > Status: Patch needs code review > Files were being downloaded with a leading " in the name. > http://www.projectpier.org/node/1355 > > Status: Patch needs code review > User getting an error when trying to install the latest stable version. > Found out the solution to it is that its 'GMT' on line 17, instead on 'gmt'. > http://www.projectpier.org/node/1250 > > Status: Patch needs code review > When you try and comment on a file you are presented with a blank page > instead of redirected to the file. > http://www.projectpier.org/node/1228 > > Status: Patch needs code review > When tasks are displayed, they lose formatting (paragraphs and line breaks). > http://www.projectpier.org/node/260 > > Status: Patch needs code review > At the some places local db_link is omitted, fixed occurrences of lost > variable > http://www.projectpier.org/node/720 > > Status: Patch needs code review > When a transparent PNG is uploaded for a company logo the transparency is be > replaced by a solid dark color. > http://www.projectpier.org/node/1113 > > ------------------------------------------------------------------------------ > Items to be included if a developer volunteers to take ownership by April > 30th > ------------------------------------------------------------------------------ > > Status: Patch needs code work > On the dashboard of overview, the "Today" and "yesterday" events are > timeshifted > http://www.projectpier.org/node/646 > > Status: Patch code needs work > RSS Item description not being generated > http://www.projectpier.org/node/1049 > > Status: Patch code needs work > RSS Feed affects user activity. Although a user has not been logged in for > several hours they are listed under 'active over the past 15 minutes' on the > dashboard of other users because they are accessing the RSS feed. > http://www.projectpier.org/node/493 > > Status: Logged, coding needed! HIGH IMPORTANCE! > Private messages linked to milestone: Subject line is not private. When you > attach a private message to a milstone (private meaning for company memebers > eyes only), members of *client* companies can still see the subject line of > the message. > http://www.projectpier.org/node/1157 > > Status: Logged, coding needed! HIGH IMPORTANCE! > Private task lists are not really hidden. When you declare a task list as > hidden AND assign it to a milestone, its title still shows up within the > milestone it was assigned to. When a client clicks on the title he gets the > message: "You don't have permissions to access requested page". A private > task list should be completely hidden (including title). > http://www.projectpier.org/node/123 > > Status: Patch needs code work > The current icon the denotes a comment is private is small and not always > noticed. A patch will be made to make private comments more noticeable. > http://www.projectpier.org/node/1238 > > Status: Needs coded! > The system administrator should be able to change a setting so that all > messages default to private. > http://www.projectpier.org/node/1258 > > ------------------------------------------------------------------------------ > Stay on top of everything new and different, both inside and > around Java (TM) technology - register by April 22, and save > $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. > 300 plus technical and hands-on sessions. Register today. > Use priority code J9JMT32. http://p.sf.net/sfu/p > _______________________________________________ > Projectpier-development mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/projectpier-development > > > > ________________________________ > > > > ------------------------------------------------------------------------------ > > Register Now & Save for Velocity, the Web Performance & Operations > > Conference from O'Reilly Media. Velocity features a full day of > > expert-led, hands-on workshops and two days of sessions from industry > > leaders in dedicated Performance & Operations tracks. Use code vel09scf > > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > > ________________________________ > > > > _______________________________________________ > > Projectpier-development mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/projectpier-development > > > > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O'Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > Projectpier-development mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/projectpier-development > > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O'Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > Projectpier-development mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/projectpier-development > > ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Projectpier-development mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/projectpier-development
