continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nacho Gonzalez Mac Dowell <na...@visual-ma.com>
Subject Re: Questions/Ideas about Continuum
Date Mon, 30 Jan 2006 13:44:39 GMT
Emmanuel Venisse escribió:

> Nacho Gonzalez Mac Dowell a écrit :
>
>> Hi all, I have a couple of questions regarding continuum's webapp. 
>> I've been looking through jira and haven't found these issues tackled.
>>
>> 1. Is it just me or permissions are not checked when adding/removing 
>> projects? If I log in, copy the url for deleting a project and then 
>> logout, it seems that I can delete the project anyways. After going 
>> through the sources, I didn't find where permissions are checked.
>
>
> You're right, it's a big problem in actual code that will be fixed in 
> 1.1 (not in 1.0.3).
> We'll use acegi security framework for that.

Is there a branch or anything yet for this issue?

>
>>
>> 2. What is the use of parsing the pom when introducing a new maven1 
>> project? IMHO the pom should be parsed after checkout. This would 
>> allow building projects which extend from others if the extension 
>> project is included first. Maybe it would be useful to specify the 
>> relative url of the pom when the checkout is performed. IMO all you 
>> need to build a maven project is the scm connection url and 
>> parameters and the relative url to the pom.
>
>
> We need to parse the pom when we add it for initializing it in 
> Continuum. We'll can perhaps allow to add maven1 project which extend 
> an other but only for parent project in the same checkout tree.

In the same checkout tree or, maybe, from an already parsed pom? 
Obviestly the order in which projects are added would then be quite 
important.

Also, why does Continuum need to know from the project except its scm 
url and the relative path to the pom? If it does need more things (which 
I may be missing) it could perform a checkout when adding a project, 
rather than uploading (for the upload case, not for the url case).

I am also worried that if the pom changes substantially with time, then 
a reparse of the pom would be needed if uploaded?

>
>>
>> 3. Isn't the scm password stored as clear text on the db? Usually 
>> this is a unix user/password from the scm machine... I would consider 
>> making a certificate for ssh connection or something like that. Then 
>> the public key for the user could be available for download and put 
>> in the scm machine.
>
>
> It's a possible solution to implement.

The only problem I see with this issue is that the only ssh-keygen java 
port I know is from mindterm which is now propietary. How could we do 
this maintaining portability? Any ideas? Does anybody see any other 
solution for not storing clear text password on the db?

best regards,

nacho

Mime
View raw message