*** fatema__ has quit IRC | 00:00 | |
*** jamesmcarthur has joined #storyboard | 00:02 | |
*** jamesmcarthur has quit IRC | 00:07 | |
EmilienM | diablo_rojo: hey, do you know how can I change the email used by storyboard? | 00:21 |
---|---|---|
EmilienM | is it in launchpad? | 00:21 |
diablo_rojo | EmilienM, thats actually a really good question lol | 01:03 |
EmilienM | diablo_rojo: I changed in launchpad and I keep getting emails in my old email | 01:03 |
EmilienM | diablo_rojo: is that something you can change in the database directly? I'm not sure | 01:03 |
diablo_rojo | I think the email that exists when we do the import is what gets put into the db | 01:04 |
EmilienM | but then is it updated? | 01:05 |
diablo_rojo | I would think the next time we import a project you have touched it would be updated. | 01:05 |
EmilienM | ok | 01:05 |
diablo_rojo | But I would have to look through the code to be sure. | 01:06 |
EmilienM | do you think it would be possible to update it via mysql in the meantime? | 01:06 |
diablo_rojo | We shouuld be able to add something to the sb gui to edit your notficiation email and it updates the db. | 01:06 |
diablo_rojo | EmilienM, yeah I would think that would work | 01:06 |
EmilienM | I'll pm you my old and new email | 01:06 |
EmilienM | yeah the option in UI would be awesome | 01:07 |
diablo_rojo | Should be able to edit it while youre logged in- just add an update email button in the email settings that allows you to fill in a field and then send that to the db to replace what exiss. | 01:12 |
diablo_rojo | *exists | 01:12 |
persia | Actually, that's probably a bug. I expect the correct behaviour is to update the email address on every authentication or something. | 02:23 |
persia | I think the assumption behind the current behaviour is that the email address used at Ubuntu One is long-lived. Given the number of orgs that want to get credit for having their domain in commits, that's probably a risky assumption. | 02:24 |
*** dmsimard|cave is now known as dmsimard | 02:29 | |
*** lodowa has joined #storyboard | 02:50 | |
*** udesale has joined #storyboard | 03:55 | |
*** lodowa has quit IRC | 04:27 | |
*** mridu has quit IRC | 05:13 | |
*** jtomasek has joined #storyboard | 07:15 | |
*** tosky has joined #storyboard | 07:54 | |
*** udesale_ has joined #storyboard | 10:03 | |
*** udesale__ has joined #storyboard | 10:05 | |
aspiers | Subject: Task "<script>alert(1);</script>" was created. | 10:07 |
aspiers | Hopefully that was done by some benign pen-tester, not a potential attacker? | 10:07 |
*** udesale has quit IRC | 10:07 | |
*** udesale_ has quit IRC | 10:08 | |
*** tosky__ has joined #storyboard | 10:25 | |
*** tosky is now known as Guest72548 | 10:25 | |
*** tosky__ is now known as tosky | 10:25 | |
persia | aspiers: If new, I suspect a potential attacker. There was some pentesting of Storyboard back in 2014, after which it was determined that the data wasn't trusted anywhere. The changes in markdown parsing might be a reason to repeat the exercise, but I haven't heard of anyone doing so. | 10:48 |
aspiers | persia: https://storyboard.openstack.org/#!/story/2 | 10:51 |
*** udesale__ has quit IRC | 10:51 | |
aspiers | created by "Mohamed" | 10:51 |
aspiers | fungi, diablo_rojo: ^^^ | 10:52 |
persia | That's someone pentesting, but a new pentester, and not someone who gave warning. | 10:57 |
persia | On the other hand, it proves the protections put in place previously work :) | 10:57 |
aspiers | does it? | 11:10 |
aspiers | It proves Javascript was passed intact via email. Not sure it says anything about the web UI | 11:10 |
*** openstackgerrit has quit IRC | 11:33 | |
*** dtantsur|afk is now known as dtantsur | 11:34 | |
dtantsur | fungi, SotK, I'm totally okay with GET only. but I think the really safe approach will be just to disallow sending the cookies, so that all such requests are not authenticated. Is it possible with CORS? | 11:35 |
*** udesale has joined #storyboard | 11:47 | |
persia | dtantsur: We should audit to make sure we're clean REST and GET safe anyway. | 12:10 |
dtantsur | well /<resource>/search is not quite REST, but otherwise looks okay ;) | 12:11 |
*** fatema__ has joined #storyboard | 12:24 | |
*** fatema__ has quit IRC | 12:56 | |
persia | Ah, hrm. We've been discussing merging search and browse in other contexts, maybe that route should change to be under stories/ somehow. | 12:59 |
persia | Or, rather, /#!/story/... : there is some potential for DoS, but I think that it doesn't make a difference for raw API vs, JS integration, and I think the user can't do anything special with that endpoint because of authentication. | 13:00 |
persia | Or maybe it should be done unauthenticated, as authenticated view of private stories is exploitable. | 13:01 |
persia | (and maybe my prior imagination of everyone building their own dashboards and reports doesn't work properly in a world of javascript browser security, and a reporting interface belongs in storyboard proper, rather than in a tools repo) | 13:02 |
dtantsur | heh | 13:04 |
*** fatema__ has joined #storyboard | 13:18 | |
*** jamesmcarthur has joined #storyboard | 13:46 | |
*** openstackgerrit has joined #storyboard | 14:09 | |
openstackgerrit | Merged openstack-infra/storyboard master: Finish fixing account duplication on import https://review.openstack.org/555957 | 14:09 |
dtantsur | my very first attempt to create a story has failed :( first with a database deadlock, then 400: POST /api/v1/stories/2001745: Invalid input for field/attribute story. Value: '2001745'. unable to convert to Story | 14:18 |
SotK | second part suggests the story was created successfully in the first failure, probably its the bug that others have reported iirc where some tasks fail to be created | 14:20 |
dtantsur | SotK: yep, it was. only the first task was not created | 14:31 |
*** fatema__ has quit IRC | 14:32 | |
*** fatema__ has joined #storyboard | 14:34 | |
fatema__ | Hey, I have met an error while solving the issue | 14:34 |
fatema__ | now that 'resolved' replaces merged succefully in the ui | 14:34 |
fatema__ | but gives me an error IMHO it is related to the database "500: PUT /api/v1/tasks/2: (DataError) (1265, u"Data truncated for column 'status' at row 1") u'UPDATE tasks SET updated_at=%(updated_at)s, status=%(status)s WHERE tasks.id = %(tasks_id)s' {'tasks_id': 2, | 14:34 |
fatema__ | 'updated_at': datetime.datetime(2018, 3, 27, 13, 4, 51, 518813), 'status': u'resolved'} " | 14:34 |
*** fatema__ has quit IRC | 14:35 | |
*** fatema__ has joined #storyboard | 14:35 | |
*** fatema__ has joined #storyboard | 14:38 | |
*** fatema__ has quit IRC | 14:40 | |
*** fatema__ has joined #storyboard | 14:41 | |
*** fatema__ has joined #storyboard | 14:41 | |
fatema__ | Hey, I have met an error while solving the issue, now that 'resolved' replaces merged succefully in the ui | 14:41 |
fatema__ | but gives me an error IMHO it is related to the database "500: PUT /api/v1/tasks/2: (DataError) (1265, u"Data truncated for column 'status' at row 1") u'UPDATE tasks SET updated_at=%(updated_at)s, status=%(status)s WHERE tasks.id = %(tasks_id)s' {'tasks_id': 2,'updated_at': datetime.datetime(2018, 3, 27, 13, 4, 51, 518813), 'status': u'resolved'} " | 14:41 |
*** fatema__ has quit IRC | 14:44 | |
SotK | looking at https://review.openstack.org/#/c/556648, I suspect the issue is because you modified the first database migration rather than creating a new one, so your database will still expect merged rather than resolved in the enum for that column (unless this database was created after making the patch) | 15:00 |
dtantsur | do we have some documentation on which tags to use in git commit messages with storyboard? I noticed people using Story: and Task: together with only Story: being highlighted. is it correct? | 15:28 |
SotK | dtantsur: its correct, the documentation is in https://docs.openstack.org/infra/manual/developers.html#development-workflow | 15:42 |
dtantsur | oh, makes sense :) thanks! | 15:42 |
fatema_ | Hey, as I'm going through the proposal I'd need to discuss the time plan with a mentor | 16:30 |
fatema_ | as the project idea includes "storyboard-webclient : Implement per-user theming " is what caught my eye but I don't see it divided into tasks to be put in a time plan ! | 16:39 |
*** fatema__ has joined #storyboard | 16:40 | |
*** udesale has quit IRC | 16:41 | |
*** fatema__ has quit IRC | 16:47 | |
*** jamesmcarthur has quit IRC | 17:25 | |
fungi | diablo_rojo: EmilienM: SotK: mordred: i figured out the missing link. needed to _also_ update the character set for the connection. see https://review.openstack.org/555787 for the remainder. when combined with https://review.openstack.org/556626 we can import tripleo-ui and any other projects with 4-byte codepoints in their lp bug content now (tested and works on storyboard-dev) | 17:35 |
EmilienM | woot | 17:36 |
fungi | the tripleo-ui test import is still underway, but it at least got past the lp bug with the problem content | 17:40 |
mordred | fungi: hrm. that's going to be slightly run to roll out | 17:41 |
mordred | s/run/fun/ | 17:41 |
fungi | whyso? | 17:41 |
mordred | fungi: actually - yeah, nevermind. we can land the storyboard change, then land the puppet change and then restart storyboard api | 17:42 |
fungi | and which part? the alembic migration or the config change? | 17:42 |
fungi | right, that was what i figured would happen | 17:42 |
fungi | it's the order i ended up doing those bits on storyboard-dev anyway | 17:42 |
mordred | fungi: I agree with your figuring, having taken a few extra minutes to get there | 17:42 |
fungi | i suspect landing them in either order will work as long as nobody tries to shove a 4-byte character into sb ni between the two | 17:43 |
*** jamesmcarthur has joined #storyboard | 17:49 | |
*** diablo_rojo has quit IRC | 18:08 | |
fungi | okay, the tripleo-ui import on storyboard-dev completed successfully, so we should be all set once 555787 and 556626 merge | 18:09 |
fungi | though i wonder whether i should also adjust 556626 to set the overall database character set encoding in that migration so that any new tables which are created also inherit utf8mb4. i'll add that now | 18:11 |
*** diablo_rojo has joined #storyboard | 18:13 | |
openstackgerrit | Jeremy Stanley proposed openstack-infra/storyboard master: For utf8mb4 shorten teams.name and users.email https://review.openstack.org/556626 | 18:14 |
fungi | there we go ^ | 18:14 |
*** jamesmcarthur has quit IRC | 18:17 | |
*** dtantsur is now known as dtantsur|afk | 18:25 | |
*** jamesmcarthur has joined #storyboard | 18:33 | |
*** jamesmcarthur has quit IRC | 19:13 | |
*** jamesmcarthur has joined #storyboard | 19:14 | |
*** jamesmcarthur has quit IRC | 19:14 | |
*** jamesmcarthur has joined #storyboard | 19:14 | |
*** fatema__ has joined #storyboard | 19:16 | |
*** diablo_rojo has quit IRC | 19:49 | |
*** jtomasek has quit IRC | 19:52 | |
openstackgerrit | Kendall Nelson proposed openstack-infra/storyboard-webclient master: Add details to Search https://review.openstack.org/557024 | 19:55 |
*** diablo_rojo has joined #storyboard | 20:04 | |
*** jamesmca_ has joined #storyboard | 20:20 | |
openstackgerrit | Jeremy Stanley proposed openstack-infra/storyboard master: For utf8mb4 shorten teams.name and users.email https://review.openstack.org/556626 | 20:21 |
fungi | diablo_rojo: ^ that was the typo | 20:21 |
fungi | mea culpa | 20:21 |
fungi | i ran it correctly in mysqlclient but transcribed it incorrectly into the migration patch. hooray for testing i guess | 20:21 |
*** jamesmcarthur has quit IRC | 20:24 | |
*** tosky has quit IRC | 20:25 | |
*** tosky has joined #storyboard | 20:30 | |
fatema__ | I am trying to commit and git review gives me "To ssh://FatemaKhalid@review.openstack.org:29418/openstack-infra/storyboard.git | 20:31 |
fatema__ | ! [remote rejected] HEAD -> refs/publish/master/bug/6142 ([918ae9d] missing Change-Id in commit message footer) error: failed to push some refs to 'ssh://FatemaKhalid@review.openstack.org:29418/openstack-infra/storyboard.git'" | 20:31 |
fungi | fatema__: you probably hadn't initially done a `git review -s` after cloning the repo, so git review hadn't yet retrieved the commit hook which adds change-id footers for you | 20:33 |
fungi | fatema__: do a `git commit --amend` and you should hopefully see one appear at the end of your commit message now | 20:33 |
fungi | then save/exit the commit message editor and try to git review again | 20:34 |
fatema__ | this line opens text editor | 20:34 |
fungi | yes, git commit normally opens an editor so you can create or modify a commit message | 20:35 |
fatema__ | ok and what modification should I do | 20:35 |
fatema__ | ? | 20:35 |
fungi | you shouldn't need to make any modification now if it shows a Change-Id line at the end of your commit message | 20:36 |
fungi | just save and exit | 20:36 |
fatema__ | ok | 20:38 |
fungi | the first time you run git review in a fresh clone of any repository, it'll retrieve a git commit hook which then inserts a change-id footer into any commit message you create or modify after that point. this is why our contributor workflow documentation recommends running `git review -s` initially after cloning | 20:39 |
*** jamesmca_ has quit IRC | 20:41 | |
*** jamesmcarthur has joined #storyboard | 21:04 | |
*** lodowa has joined #storyboard | 21:04 | |
*** jamesmcarthur has quit IRC | 21:09 | |
*** lodowa has quit IRC | 21:25 | |
*** lodowa has joined #storyboard | 21:32 | |
*** lodowa has quit IRC | 21:34 | |
*** lodowa has joined #storyboard | 21:45 | |
openstackgerrit | Fatema Khalid Sherif proposed openstack-infra/storyboard master: Partial-Bug: # 6142 https://review.openstack.org/557070 | 21:47 |
persia | fatema__: If you keep the "Change-Id" footer in your commit message, pushing a new revision of a change will appear as part of the ongoing discussion of that change. | 22:36 |
fatema__ | so now I made a different PR ? | 22:38 |
fatema__ | ok then I'll keep this in mind of course | 22:49 |
fatema__ | persia, Who should I discuss the timeplan with ? | 22:49 |
persia | I'm not sure: I would hope that the interface for the effort has some indication of who is mentoring you. | 22:50 |
persia | Maybe diablo_rojo knows? | 22:51 |
fatema__ | Actually yes it says that diablo_rojo and SotK | 23:02 |
diablo_rojo | Hello fatema__ :) Yeah I am the main mentor with SotK backing me up (and fungi too it seems) | 23:05 |
fatema__ | ok then | 23:05 |
*** lodowa has quit IRC | 23:06 | |
fatema__ | firstly I'd like to know about the time plan | 23:06 |
fatema__ | as the tasks aren't really specific so how should they be put in the time plan ? | 23:07 |
diablo_rojo | fatema__, I'm not actually sure what time plan you are referring to | 23:15 |
diablo_rojo | We can pick some out and put them in order if you want and then its kind of working at your own/ the community's pace. | 23:15 |
diablo_rojo | Whether you get through the whole list we pick or not will depend a lot on the speed the community gets things merged- sometimes its quicker than others. | 23:16 |
fatema__ | diablo_rojo, ok then I mean that this should be specified in the application | 23:18 |
fatema__ | also, what are the chances that my application gets accepted ? | 23:18 |
persia | As someone not involved in the process, I can confirm that you're welcome to work on storyboard whether the application is accepted or not. I suspect that for most of the named mentors, this is the first time for them to use the process as well, so it might take some time to get a real answer. | 23:20 |
persia | I've seen traffic from three people who were interested, and two (including yourself) appear to have set up an environment, to give some guidance as to the level of expressed interest. | 23:21 |
* persia may have missed some traffic, of course | 23:21 | |
diablo_rojo | fatema__, so far very good from what I can tell- you would be the first applicant for this openstack project (this being working on the task tracker storyboard). Not sure how many there are for others, but I thiiiink it is one intern per project. | 23:21 |
diablo_rojo | fatema__, persia is correct, even if you don't get accepted, you are still welcome to work on storyboard and build up your resume on your own- I would even offer a letter of reference down the road. We just wouldn't be able to compensate you with anything but appreciation :) | 23:22 |
diablo_rojo | Also yes, this is my first time being a mentor for outreachy so I don't know the process all that well yet. | 23:23 |
fatema__ | diablo_rojo, if I recall correctly you are setting three outlines but didn't mention number of interns needed | 23:24 |
fungi | my first time mentoring for outreachy, i drafted this spec for the intern: http://specs.openstack.org/openstack-infra/infra-specs/specs/code-search.html | 23:25 |
fungi | i made sure the work items section was detailed | 23:25 |
persia | fatema__: Likely subject to verification by a large number of folk who may not be reachable at this hour, but I strongly suspect that if OpenStack has three outlines submitted for interns, there is backing funding for three interns (one for each). I could be mistaken. | 23:25 |
*** tosky has quit IRC | 23:25 | |
diablo_rojo | fatema__, Ah yes, its three different repositories you could work in depending on what you are more interested in. Its the storyboard repo, the webcline and the python-storyboardclient (cli). | 23:26 |
persia | fungi: Excellent suggestion: having the "timeplan" discussion result in a spec is likely to provide good documentation for everyone along the way. | 23:26 |
fungi | the end result of that internship was the service which now runs at http://codesearch.openstack.org/ so it was definitely both a successful and useful endeavor | 23:26 |
diablo_rojo | I think I only asked for a single intern. | 23:26 |
diablo_rojo | In my defense we only decided to see if we could get accepted the day applications were due :) And so I only had a few hours to write the application and submit. | 23:27 |
fatema__ | diablo_rojo, one intern to work on the three repos ? | 23:27 |
fatema__ | diablo_rojo, so to get things clear Outreachy have to approve me then the mentors have to approve my application ! | 23:29 |
fatema__ | Also is there other applicants ? | 23:30 |
fatema__ | persia, Actually that's a very nice plan, detailed and organized. It'd be great to prepare one | 23:35 |
diablo_rojo | fatema__, yeah, our application to have intern(s) had to be approved and then interns apply. One intern to work on whatever repo(s) interest them. The work we need done spans all three repos, but if you don't like UI and know javascript, I wouldn't expect you to work on the webclient repo. There is plenty of work to be done in the other two. | 23:35 |
persia | fatema__: If you have an idea of what to do, maybe start drafting one? If not, then maybe diablo_rojo or SotK can suggest something. | 23:35 |
diablo_rojo | persia, start drafting what? | 23:36 |
persia | diablo_rojo: A spec, similar to the one fungi linked | 23:36 |
diablo_rojo | Ah. | 23:37 |
fatema__ | the thing to be discussed is as I guess if it'll be a set of small bugs or more of feature like the one fungi sent | 23:37 |
diablo_rojo | fatema__, I think that depends on what you are most interested in. Do you want more small tasks or something larger? | 23:38 |
fungi | yep, if it's going to be a collection of bugs then maybe we just outline the tasks for them in their respective stories in as much detail as you can manage so they can be shoehorned into a timeplan | 23:38 |
diablo_rojo | We have both :) | 23:39 |
fatema__ | fungi, this seems like a good idea but I guess working on collection of different bugs timeplan would be hard to estimate the time required for each | 23:41 |
diablo_rojo | fatema__, true. | 23:41 |
fatema__ | As you are the developers with more experience in the code I would wish for your recommendation about the features that could fit in three months including testing | 23:43 |
*** jamesmcarthur has joined #storyboard | 23:43 | |
diablo_rojo | fatema__, you prefer not working on UI correct? | 23:44 |
fatema__ | It's fine by me, I have worked with CSS ,JS before | 23:45 |
persia | fatema__: The testing isn't the slow bit: the slow bit is that some of us are fairly opinionated about how things should work (and a lot of the features haven't been sufficiently bikeshedded). You have demonstrated a willingness to engage in discussion, which I suspect will serve you well in causing change. | 23:45 |
fatema__ | for me it depends more on the project scope | 23:47 |
diablo_rojo | Oh cool. Opens things up a bit more then. | 23:47 |
*** jamesmcarthur has quit IRC | 23:47 | |
diablo_rojo | So here are a few things that could each individually be done inside three months. https://storyboard.openstack.org/#!/story/2001746 https://storyboard.openstack.org/#!/story/2001677 https://storyboard.openstack.org/#!/story/2001476 | 23:47 |
diablo_rojo | fatema__, I think you could get one done of any of those for sure, potentially even two. | 23:48 |
diablo_rojo | I don't think this one would be too difficult either https://storyboard.openstack.org/#!/story/2001634 | 23:49 |
fatema__ | diablo_rojo, I'll go through them, Thank you ^^ | 23:54 |
persia | I think 2001746, 20011677, and 2001634 should be relatively easy (although one has to learn a fair bit about the relevant technologies to implement them), and are good choices. 2001677 is part of a larger set of navigation issues related to browsing and searching, and could probably consume the rest of teh time. | 23:55 |
persia | Err, 2001746, 2001634, and 2001476 are the easier ones, rather. | 23:56 |
diablo_rojo | No problem fatema__ :) | 23:57 |
persia | Note that 2001634 probably wants to be integrated with the wider bots refactoring effort underway: it would be nice to have a storyboard plugin somewhere, which could be consumed more widely (as not everyone wants to use openstack bots), but that's an implementation detail. | 23:58 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!