FYI: JIRA is created to fix T&C's check in DevSuite to use stable link in download-manager. ORG-3469 Check T&C's signing status without referencing to specific file in download-manager
Denis ----- Original Message ----- > From: "Pete Muir" <[email protected]> > To: "Denis Golovin" <[email protected]> > Cc: [email protected], "Rick Wagner" <[email protected]>, > [email protected] > Sent: Tuesday, July 12, 2016 12:23:39 AM > Subject: Re: [Devtools] Fix an installer problem with a server-side change? > > David H and mark N are the right people. > On 12 Jul 2016 7:31 a.m., "Denis Golovin" <[email protected]> wrote: > > > Pete, > > > > it seems T&C's workflow is really simple now, T&C's just signed > > when registrations is done. It seems that this request could be > > just https://developers.redhat.com/download-manager/rest/tc-accepted > > without any additional parameters. > > > > Who should I discuss it with? Is David Hladky right person? > > > > Thanks, > > Denis > > > > ----- Original Message ----- > > > From: "Pete Muir" <[email protected]> > > > To: "Denis Golovin" <[email protected]> > > > Cc: "Pavol Pitonak" <[email protected]>, [email protected], "Rick > > Wagner" <[email protected]> > > > Sent: Monday, July 11, 2016 4:32:56 AM > > > Subject: Re: [Devtools] Fix an installer problem with a server-side > > change? > > > > > > Exactly - I'm worried that in a couple of years time, someone will > > > delete that download, or upgrade the REST interface, not realising > > > that the installer is (ab)using it for something else... > > > > > > On 9 July 2016 at 08:43, Denis Golovin <[email protected]> wrote: > > > > There is no issue opened for this. Do you mean rest service should > > support > > > > requests to check T&C's using product-id instead of specific file. > > > > Something similar to > > > > > > https://developers.redhat.com/download-manager/rest/tc-accepted?productId=cdk > > > > > > > > ----- Original Message ----- > > > >> From: "Pete Muir" <[email protected]> > > > >> To: "Denis Golovin" <[email protected]> > > > >> Cc: "Pavol Pitonak" <[email protected]>, [email protected], "Rick > > > >> Wagner" <[email protected]> > > > >> Sent: Friday, July 8, 2016 7:52:30 AM > > > >> Subject: Re: [Devtools] Fix an installer problem with a server-side > > > >> change? > > > >> > > > >> Do we have an issue to replace this with a proper T&C check that > > > >> doesn't involve the name of a file that might get changed without > > > >> someone understanding the installer depends on it? > > > >> > > > >> On 8 July 2016 at 00:27, Denis Golovin <[email protected]> wrote: > > > >> > That is correct answer. This url is only to verify T&C's are signed. > > > >> > > > > >> > ----- Original Message ----- > > > >> >> From: "Pavol Pitonak" <[email protected]> > > > >> >> To: "Pete Muir" <[email protected]> > > > >> >> Cc: [email protected], "Rick Wagner" <[email protected]> > > > >> >> Sent: Thursday, July 7, 2016 4:50:19 AM > > > >> >> Subject: Re: [Devtools] Fix an installer problem with a server-side > > > >> >> change? > > > >> >> > > > >> >> It's not installing CDK 2.0.0-beta3 but the one specified in [1]. > > The > > > >> >> mentioned URL is only used for finding out whether the user > > provided > > > >> >> correct > > > >> >> username/password and whether he had agreed with T&C. > > > >> >> > > > >> >> [1] > > > >> >> > > https://github.com/redhat-developer-tooling/developer-platform-install/blob/master/requirements.json#L7 > > > >> >> > > > >> >> On Thu, Jul 7, 2016 at 1:40 PM, Pete Muir < [email protected] > > > wrote: > > > >> >> > > > >> >> > > > >> >> On 6 July 2016 at 20:02, Rick Wagner < [email protected] > wrote: > > > >> >> > Hello DevTools, > > > >> >> > > > > >> >> > It seems we have a problem with the current version of the > > > >> >> > Development > > > >> >> > Suite > > > >> >> > installer. We have at least 2 new customer cases reporting > > inability > > > >> >> > to > > > >> >> > install due to the message dialogue "Terms and Conditions for > > the CDK > > > >> >> > have > > > >> >> > not been signed". > > > >> >> > > > > >> >> > This is concerning because we're also seeing similar activity on > > > >> >> > non-support > > > >> >> > channels. It's also worth noting that not every user that has a > > > >> >> > problem > > > >> >> > reports it-- some just give up and move on. There is enough > > volume > > > >> >> > here > > > >> >> > that we probably should treat this with some urgency. > > > >> >> > > > > >> >> > It seems likely the relevant code (thanks for highlighting this, > > > >> >> > Alexey) > > > >> >> > is > > > >> >> > below: > > > >> >> > > > > >> >> > ------------------------------------------------- > > > >> >> > > > > >> >> > login() { > > > >> >> > this.authFailed = false; > > > >> >> > this.tandcNotSigned = false; > > > >> >> > > > > >> >> > let req = { > > > >> >> > method: 'GET', > > > >> >> > url: > > > >> >> > ' > > > >> >> > > > https://developers.redhat.com/download-manager/rest/tc-accepted?downloadURL=/file/cdk-2.0.0-beta3.zip > > > >> >> > ', > > > >> >> > <<<<<<<<<---- returns 'false' when not approved > > > >> >> > > > >> >> I noticed when reading this that this code appears to be > > downloading > > > >> >> CDK 2.0.0-beta3 which implies that either this is an old version of > > > >> >> the installer, or the installer is installing a very old CDK... > > > >> >> > > > >> >> > headers: { > > > >> >> > 'Authorization': 'Basic ' + this.base64.encode(this.username + > > ':' + > > > >> >> > this.password) > > > >> >> > } > > > >> >> > }; > > > >> >> > > > > >> >> > this.http(req) > > > >> >> > .then(this.handleHttpSuccess.bind(this)) > > > >> >> > .catch(this.handleHttpFailure.bind(this)); > > > >> >> > } > > > >> >> > > > > >> >> > --------------------------------- > > > >> >> > > > > >> >> > > > > >> >> > So we have users getting denied use of our product. Do we > > require a > > > >> >> > rebuild > > > >> >> > immediately? Maybe. > > > >> >> > > > > >> >> > How about if we changed the rest service > > > >> >> > ( > > https://developers.redhat.com/download-manager/rest/tc-accepted ) > > > >> >> > so > > > >> >> > it > > > >> >> > includes a peak at an override database as well as whatever it's > > > >> >> > currently > > > >> >> > doing now? > > > >> >> > > > > >> >> > In that way, we could have the users pop over to a 'yes, I agree > > to > > > >> >> > the > > > >> >> > terms' page to insert an entry into the database. The rest > > service > > > >> >> > could > > > >> >> > use something like the provided username as a key to ensure a > > 'true' > > > >> >> > is > > > >> >> > returned. > > > >> >> > > > > >> >> > > > > >> >> > Or not. Is there a better way to fix this? > > > >> >> > > > > >> >> > Please consider, we need to fix this sooner rather than later.... > > > >> >> > > > > >> >> > Thanks, > > > >> >> > > > > >> >> > Rick > > > >> >> > > > > >> >> > > > > >> >> > _______________________________________________ > > > >> >> > Devtools mailing list > > > >> >> > [email protected] > > > >> >> > https://www.redhat.com/mailman/listinfo/devtools > > > >> >> > > > > >> >> > > > >> >> _______________________________________________ > > > >> >> Devtools mailing list > > > >> >> [email protected] > > > >> >> https://www.redhat.com/mailman/listinfo/devtools > > > >> >> > > > >> >> > > > >> >> _______________________________________________ > > > >> >> Devtools mailing list > > > >> >> [email protected] > > > >> >> https://www.redhat.com/mailman/listinfo/devtools > > > >> >> > > > >> > > > > > > _______________________________________________ Devtools mailing list [email protected] https://www.redhat.com/mailman/listinfo/devtools
