On Sun, 2011-11-13 at 12:50 -0500, Richard Hipp wrote: > > > On Sun, Nov 13, 2011 at 6:39 AM, ST <smn...@gmail.com> wrote: > Hi, > > I'm new to fossil and have several questions: > > 1) how do I open new tickets on fossil-scm.org? I didn't see > something > like "new ticket" on the web UI... > > Anonymous ticketing was turned off because it was being flooded with > support requests, rather than actual bug reports. For example, if it > had been turned on, you probably would have written a bug report for > this very question, wouldn't you?
You are astute ;) > We prefer to reserve tickets for reporting actual malfunctions, and > so on fossil-scm.org, we require a username/password in order to write > a new ticket. That goes a long way toward keeping down the noise. > > It has been suggested that we create a "hold for moderation" system > for tickets, such that anonymous tickets can be input, but do not > actually go into the system until approved by a registered user. That > would allow random passers-by on the internet to write tickets, but > would also let us filter the tickets to keep real bug reports and > discard support requests, "test tickets", and spam. I'll probably add > a moderator system at some point, when I get a chance, if somebody > else doesn't volunteer to do it first. But it isn't available right > this moment. Sorry. With such excellent responses there is no need for this feature :) > > 2) why do I have to do this > http://www.fossil-scm.org/index.html/doc/trunk/www/custom_ticket.wiki > manually? Shouldn't this be there out of the box? It's kind of > basic > functionality that one finds in any ticket tracking app... > > It is there out-of-the-box. The page above merely shows you how to > modify the default setup, in case you want to do something a little > different from what the out-of-the-box configuration does. Pardon. I'm on a debian stable with fossil version from 2010-08-08 21:16:13 . I didn't see this functionality in my old fossil version and assumed (after reading that page) that it is intentionally not implemented. > > > 3) as far as I understand if one accidentally starts fossil > server/fossil ui - it will provide insecure access to the > repository > even if one had configured inetd/stunnel/fossil to use SSL, > right? Is > there a way to avoid such situations and force fossil to > always use SSL? > > "fossil ui" binds to 127.0.0.1 only, so it is not accessible from > other machines on the network. If you do "fossil server" then your > repository will be accessible remotely (on port 8080 by default) but > people still need to know user names and passwords in order to log in. Yes, but data stream is unencrypted. > But it seems rather difficult to "accidently" run "fossil server", no? > How do you accidentally start a server? Well, only the universe can come into existence completely "accidently", what I meant was when somebody types "fossil server" without realizing or forgetting for a moment that the data will be sent unencrypted. Another possible reason for misusing "fossil server" could be laziness: two employers decide to exchange data ad hoc using fossil server without SSL because, let's say, certificate has expired, or wasn't issued (yet) for the client, even though the client is allowed to access the repo. So if there were option like "always use SSL" - disabling it would be as "difficult" as issuing new certificate and the two would prefer the later. Thank you, ST _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
