Re: [warzone2100-dev] [Warzone2100-commits] SF.net SVN: warzone2100:[11426] branches/2.3/po/de.po
On Thursday, 12 August 2010 at 19:51, Christian Ohm wrote: Now we just need someone to be your underling, to see how it works (maybe I'll add another test account for that). I'm not sure how access works, I hope the coordinator can add people, then review their translations and commit them (either through the web interface, or direct commits), and possibly give them commit rights. Hm, looks like underlings also push directly to the repo (and the diffs are horrible, one changed translation, and it reformats a lot of other stuff as well), and the review process is stupid, it offers the complete .po file for download instead of showing only the changed translations... ___ Warzone-dev mailing list Warzone-dev@gna.org https://mail.gna.org/listinfo/warzone-dev
Re: [warzone2100-dev] [Warzone2100-commits] SF.net SVN: warzone2100:[11426] branches/2.3/po/de.po
Christian Ohm wrote: Well, it is an experiment currently, to see what it can do. From the looks of it, we can assign a maintainer to each language, who can then add others to work together, and commit stuff. So my management overhead decreases significantly, since I just have to add one person per language, who can then work mostly autonomically. So, since you already started that experiment, let's go and see where that leads us. First thing: The FAQ misses yet another question (or it's just me not asking _frequently_ asked questions): With transifex in place can you still edit po files by hand and commit them or are you forced to use whatever solution they decide is best for you (web-based? *shiver*)? Well, I registered there, guess the username :P You mean the one person getting more and more annoyed because people can't read and nobody else cares model? Please explain this allusion, because I do not get it. People making the same mistakes again and again, like wrong encoding, starting from another translation, getting the tokens wrong... despite there being a wiki page that (hopefully) explains all that. I'm bad at telling people the same things over and over (well, I can do that, if you don't care about the tone...), and transifex should check at least some of the things automatically. WOW. I would have never thought that it is even possible to fail at these things. ;_; It should only ever touch files in po/. As long as it does, I'll trust it. Of course you cannot trust it anymore, when something different than a file in /po is touched, but that does not give any reason for why to trust it at all. Transifex.net is the main showcase product of Indifex.com. They have a monetary interest in not having it get compromised. The same is true for Flash and Adobe... When I registered at transifex I wondered why the registration isn't done encrypted. I was glad to see that (at least) signing in is encrypted just to see that after the login things are unencrypted again, changing password, too. Seems their monetary interest in not being compromised isn't that strong... Interesting questions: What would be if transifex has been around for a year and people are more or less using it and then such an incident happens? Would you vote for the immediate and permanent ban of transifex? Revoke commit access immediately. If if gets enabled again depends on how they handle it. So, the answer is No, I would not vote for a permanent ban per se.. Regards, - Kreuvf signature.asc Description: OpenPGP digital signature ___ Warzone-dev mailing list Warzone-dev@gna.org https://mail.gna.org/listinfo/warzone-dev
Re: [warzone2100-dev] [Warzone2100-commits] SF.net SVN: warzone2100:[11426] branches/2.3/po/de.po
On Thursday, 12 August 2010 at 19:09, Kreuvf wrote: So, since you already started that experiment, let's go and see where that leads us. First thing: The FAQ misses yet another question (or it's just me not asking _frequently_ asked questions): With transifex in place can you still edit po files by hand and commit them or are you forced to use whatever solution they decide is best for you (web-based? *shiver*)? It is optional, or I wouldn't have considered it. Well, I registered there, guess the username :P And you're the German coordinator now! Congratulations! Now we just need someone to be your underling, to see how it works (maybe I'll add another test account for that). I'm not sure how access works, I hope the coordinator can add people, then review their translations and commit them (either through the web interface, or direct commits), and possibly give them commit rights. Transifex.net is the main showcase product of Indifex.com. They have a monetary interest in not having it get compromised. The same is true for Flash and Adobe... Well, Adobe is well-known already, and they have other prominent products, like Photoshop. Also, Windows people tend to care less about security issues... When I registered at transifex I wondered why the registration isn't done encrypted. I was glad to see that (at least) signing in is encrypted just to see that after the login things are unencrypted again, changing password, too. Seems their monetary interest in not being compromised isn't that strong... Having user accounts compromised in this case, while earlier you were talking about having the Sourceforge etc. transifex accounts themselves compromised. Though for both I don't see much use for an attacker (but then, I never was interested in hacking stuff), since normal users can't access much more than translations, and if the transifex user does suspicious things, it should become immediately apparent. ___ Warzone-dev mailing list Warzone-dev@gna.org https://mail.gna.org/listinfo/warzone-dev
Re: [warzone2100-dev] [Warzone2100-commits] SF.net SVN: warzone2100:[11426] branches/2.3/po/de.po
transi...@users.sourceforge.net wrote: Revision: 11426 http://warzone2100.svn.sourceforge.net/warzone2100/?rev=11426view=rev Author: transifex Date: 2010-08-10 20:30:29 + (Tue, 10 Aug 2010) Log Message: --- l10n: Updated German (de) translation to 98% New status: 2690 messages complete with 16 fuzzies and 13 untranslated. Transmitted-via: Transifex (www.transifex.net). Modified Paths: -- branches/2.3/po/de.po Who is transifex? Why does transifex have commit access? More questions: Why do we need this? Hasn't the benevolent dictator model worked out well? Most important question: Why should we trust transifex? Especially since that site is an interesting target (getting commit access to whatever number of repositories transifex has access to) for attackers. - Kreuvf signature.asc Description: OpenPGP digital signature ___ Warzone-dev mailing list Warzone-dev@gna.org https://mail.gna.org/listinfo/warzone-dev
Re: [warzone2100-dev] [Warzone2100-commits] SF.net SVN: warzone2100:[11426] branches/2.3/po/de.po
On 2010-08-11 20:23, Kreuvf wrote: Most important question: Why should we trust transifex? Especially since that site is an interesting target (getting commit access to whatever number of repositories transifex has access to) for attackers. sf.net can get hacked to, wz2100.net to but sf.net and also transifex is good secured i think. They trust transifex: http://www.transifex.net/projects/featured/ Can't you guys them to? Kind regards, Fastdeath ___ Warzone-dev mailing list Warzone-dev@gna.org https://mail.gna.org/listinfo/warzone-dev
Re: [warzone2100-dev] [Warzone2100-commits] SF.net SVN: warzone2100:[11426] branches/2.3/po/de.po
On Wednesday, 11 August 2010 at 20:23, Kreuvf wrote: Who is transifex? Why does transifex have commit access? More questions: Why do we need this? Because all talk about a private Pootle (or similar) installation fell on deaf ears. Hasn't the benevolent dictator model worked out well? You mean the one person getting more and more annoyed because people can't read and nobody else cares model? Most important question: Why should we trust transifex? Especially since that site is an interesting target (getting commit access to whatever number of repositories transifex has access to) for attackers. It should only ever touch files in po/. As long as it does, I'll trust it. ___ Warzone-dev mailing list Warzone-dev@gna.org https://mail.gna.org/listinfo/warzone-dev
Re: [warzone2100-dev] [Warzone2100-commits] SF.net SVN: warzone2100:[11426] branches/2.3/po/de.po
Fastdeath wrote: On 2010-08-11 20:23, Kreuvf wrote: Most important question: Why should we trust transifex? Especially since that site is an interesting target (getting commit access to whatever number of repositories transifex has access to) for attackers. sf.net can get hacked to, wz2100.net to but sf.net and also transifex is good secured i think. Blablabla, that completely misses the point and does not even slightly answer my question, it's pure appeasement talk. transifex is yet another possible target. Period. And transifex doesn't even mention security in their FAQ, so at least I do not trust them at all. They trust transifex: http://www.transifex.net/projects/featured/ Can't you guys them to? People also think that AV software is good. So, I do not trust non-trustworthy people (aka people I do not know or certain people I know ;)) to determine how much I trust transifex. Regards, - Kreuvf signature.asc Description: OpenPGP digital signature ___ Warzone-dev mailing list Warzone-dev@gna.org https://mail.gna.org/listinfo/warzone-dev
Re: [warzone2100-dev] [Warzone2100-commits] SF.net SVN: warzone2100:[11426] branches/2.3/po/de.po
Christian Ohm wrote: On Wednesday, 11 August 2010 at 20:23, Kreuvf wrote: Why do we need this? Because all talk about a private Pootle (or similar) installation fell on deaf ears. I've never seen such talk, but I don't read any forums except the internal ones regularly :X And still I wonder what we need this for. Perhaps that fell on deaf ears, because it's just not needed? I mean... aren't translations one of the few areas of this project that work extremely well? And please don't get me wrong: I am deeply convinced that translations can only be good (aka consistent) as long as there is one maintainer. I've already been through this everybody can edit translations like stupid shit at Launchpad (translation suggestions wouldn't be any better). It just did not work out (apart from the drawbacks of Launchpad): People would just drop in, translate or change some strings (quality doesn't increase necessarily...) and then you may never hear from them again. And in the end the maintainer will just go with the old version. The only thing that causes is more management overhead, so much more that it cannot be justified by the increase in translation quality (if any). Hasn't the benevolent dictator model worked out well? You mean the one person getting more and more annoyed because people can't read and nobody else cares model? Please explain this allusion, because I do not get it. Most important question: Why should we trust transifex? Especially since that site is an interesting target (getting commit access to whatever number of repositories transifex has access to) for attackers. It should only ever touch files in po/. As long as it does, I'll trust it. Of course you cannot trust it anymore, when something different than a file in /po is touched, but that does not give any reason for why to trust it at all. That way it's like: You trust it without a reason as long as you have a reason to mistrust it. Interesting questions: What would be if transifex has been around for a year and people are more or less using it and then such an incident happens? Would you vote for the immediate and permanent ban of transifex? Regards, - Kreuvf signature.asc Description: OpenPGP digital signature ___ Warzone-dev mailing list Warzone-dev@gna.org https://mail.gna.org/listinfo/warzone-dev
Re: [warzone2100-dev] [Warzone2100-commits] SF.net SVN: warzone2100:[11426] branches/2.3/po/de.po
On Wednesday, 11 August 2010 at 21:18, Kreuvf wrote: And please don't get me wrong: I am deeply convinced that translations can only be good (aka consistent) as long as there is one maintainer. I've already been through this everybody can edit translations like stupid shit at Launchpad (translation suggestions wouldn't be any better). It just did not work out (apart from the drawbacks of Launchpad): People would just drop in, translate or change some strings (quality doesn't increase necessarily...) and then you may never hear from them again. And in the end the maintainer will just go with the old version. The only thing that causes is more management overhead, so much more that it cannot be justified by the increase in translation quality (if any). Well, it is an experiment currently, to see what it can do. From the looks of it, we can assign a maintainer to each language, who can then add others to work together, and commit stuff. So my management overhead decreases significantly, since I just have to add one person per language, who can then work mostly autonomically. You mean the one person getting more and more annoyed because people can't read and nobody else cares model? Please explain this allusion, because I do not get it. People making the same mistakes again and again, like wrong encoding, starting from another translation, getting the tokens wrong... despite there being a wiki page that (hopefully) explains all that. I'm bad at telling people the same things over and over (well, I can do that, if you don't care about the tone...), and transifex should check at least some of the things automatically. It should only ever touch files in po/. As long as it does, I'll trust it. Of course you cannot trust it anymore, when something different than a file in /po is touched, but that does not give any reason for why to trust it at all. Transifex.net is the main showcase product of Indifex.com. They have a monetary interest in not having it get compromised. Interesting questions: What would be if transifex has been around for a year and people are more or less using it and then such an incident happens? Would you vote for the immediate and permanent ban of transifex? Revoke commit access immediately. If if gets enabled again depends on how they handle it. ___ Warzone-dev mailing list Warzone-dev@gna.org https://mail.gna.org/listinfo/warzone-dev