continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Venisse <emman...@venisse.net>
Subject Re: Questions/Ideas about Continuum
Date Mon, 30 Jan 2006 14:17:32 GMT


Nacho Gonzalez Mac Dowell a écrit :
> Emmanuel Venisse escribió:
> 
>> Nacho Gonzalez Mac Dowell a écrit :
>>
>>> Hi all, I have a couple of questions regarding continuum's webapp. 
>>> I've been looking through jira and haven't found these issues tackled.
>>>
>>> 1. Is it just me or permissions are not checked when adding/removing 
>>> projects? If I log in, copy the url for deleting a project and then 
>>> logout, it seems that I can delete the project anyways. After going 
>>> through the sources, I didn't find where permissions are checked.
>>
>>
>>
>> You're right, it's a big problem in actual code that will be fixed in 
>> 1.1 (not in 1.0.3).
>> We'll use acegi security framework for that.
> 
> 
> Is there a branch or anything yet for this issue?

We have a branch for 1.0.3, it's continuum-1.0.x
1.1 is in trunk, but acegi isn't there for the moment.

> 
>>
>>>
>>> 2. What is the use of parsing the pom when introducing a new maven1 
>>> project? IMHO the pom should be parsed after checkout. This would 
>>> allow building projects which extend from others if the extension 
>>> project is included first. Maybe it would be useful to specify the 
>>> relative url of the pom when the checkout is performed. IMO all you 
>>> need to build a maven project is the scm connection url and 
>>> parameters and the relative url to the pom.
>>
>>
>>
>> We need to parse the pom when we add it for initializing it in 
>> Continuum. We'll can perhaps allow to add maven1 project which extend 
>> an other but only for parent project in the same checkout tree.
> 
> 
> In the same checkout tree or, maybe, from an already parsed pom? 
> Obviestly the order in which projects are added would then be quite 
> important.

We can't extends an already parsed pom because extend feature in maven1 doesn't provide information

other than the relative path to parent pom, so we can't know which parent it is a project
list.
And, if we suppose that we can find it, we'll need to modify the relative path to the parent
in the 
child, because continuum store projects on filesystem differently that it is in scm or on
developer 
machine.

> 
> Also, why does Continuum need to know from the project except its scm 
> url and the relative path to the pom? If it does need more things (which 
> I may be missing) it could perform a checkout when adding a project, 
> rather than uploading (for the upload case, not for the url case).

We need groupId, artifactId, version, scm url, dependencies and notifiers when we add a project
in 
continuum.
groupId, artifactId, version and dependencies are necessary to find the correct build order.


> 
> I am also worried that if the pom changes substantially with time, then 
> a reparse of the pom would be needed if uploaded?
> 
>>
>>>
>>> 3. Isn't the scm password stored as clear text on the db? Usually 
>>> this is a unix user/password from the scm machine... I would consider 
>>> making a certificate for ssh connection or something like that. Then 
>>> the public key for the user could be available for download and put 
>>> in the scm machine.
>>
>>
>>
>> It's a possible solution to implement.
> 
> 
> The only problem I see with this issue is that the only ssh-keygen java 
> port I know is from mindterm which is now propietary. How could we do 
> this maintaining portability? Any ideas? Does anybody see any other 
> solution for not storing clear text password on the db?

ssh-keygen is available in jsch (http://www.jcraft.com/jsch/) too.

Emmanuel

> 
> best regards,
> 
> nacho
> 
> 
> 


Mime
View raw message