On 07/02/2012 Rob Weir wrote:
On Tue, Feb 7, 2012 at 4:00 AM, Andrea Pescetti wrote:
2) Very likely the Drupal system on Extensions and Templates, upon
successful login, duplicated usernames. This is why you see "pescetti" at
http://extensions.services.openoffice.org/en/node/1204/releases ; however,
it didn't duplicate passwords or e-mail addresses.
So we think that the Drupal app used EIS for authentication?
Whatever it used, the login page on the Extensions site
http://extensions.services.openoffice.org/user
dies with "The login is currently not possible:
http://eis.services.openoffice.org/ - HTTP/1.1 404 Not Found".
3) The authentication mechanism on Extensions and Templates is changed so
that usernames are kept, but passwords and e-mail addresses are stored in
the local database instead of being retrieved from the (unavailable)
openoffice.org web services. Of course, we only have valid usernames at this
point, not passwords or e-mail addresses.
Are you saying that this has already been done? Or are you saying
that this should be done?
It should be done. I was listing steps. As far as I know, this didn't
happen yet, otherwise the login page would not show the error.
OK. So you are essentially saying that we need the forwarders to
continue in order to communicate with extension developers one more
time, to let them know that they need to reset their passwords.
Yes, but the "one more time" bit is incorrect: until the end of
December, users could login but couldn't change their e-mail address or
password (due to the single-sign-on being active); after the end of
December, users have not been able to login at all. So the Extensions
site users never had the possibility to change their password.
in order to upload a new version of the Italian dictionary I would have to
create a new account, a new extension and upload my new release (and of
course break extension updates on the client, i.e., breaking the update
check in OpenOffice).
Updates are broken already, because of the loss of Berkley DB, right?
So with AOO 3.4 all extensions will need to be reinstalled and the
update mechanism going forward will need to be adapted.
The fact that extensions will need to be reinstalled has little to do
with this: in general, extensions updates do not follow the OpenOffice
release cycle. So being able to update an extension properly on the
website by creating a new release (as opposed to create a new duplicate
extension and making the new releases there) will help.
So we'll want to wait until the
new server is ready for authors to login again, and then send the
temporary passwords. Then we can shut down the forwarder.
Does that make sense?
It does, with the only (minor) correction that Drupal does not set
temporary passwords but one-time login links, which is good for us since
users would be taken straight to their profile page and (with some
tweaks on the Drupal side) be forced to change their e-mail to something
not in the usern...@openoffice.org pattern and at the same time choose a
password.
Regards,
Andrea.
