incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrea Pescetti <>
Subject Re: Can we move forward with shutting down the email forwarder?
Date Tue, 07 Feb 2012 19:36:03 GMT
On 07/02/2012 Rob Weir wrote:
> On Tue, Feb 7, 2012 at 4:00 AM, Andrea Pescetti wrote:
>> 2) Very likely the Drupal system on Extensions and Templates, upon
>> successful login, duplicated usernames. This is why you see "pescetti" at
>> ; however,
>> it didn't duplicate passwords or e-mail addresses.
> So we think that the Drupal app used EIS for authentication?

Whatever it used, the login page on the Extensions site
dies with "The login is currently not possible: - HTTP/1.1 404 Not Found".

>> 3) The authentication mechanism on Extensions and Templates is changed so
>> that usernames are kept, but passwords and e-mail addresses are stored in
>> the local database instead of being retrieved from the (unavailable)
>> web services. Of course, we only have valid usernames at this
>> point, not passwords or e-mail addresses.
> Are you saying that this has already been done?  Or are you saying
> that this should be done?

It should be done. I was listing steps. As far as I know, this didn't 
happen yet, otherwise the login page would not show the error.

> OK.  So you are essentially saying that we need the forwarders to
> continue in order to communicate with extension developers one more
> time, to let them know that they need to reset their passwords.

Yes, but the "one more time" bit is incorrect: until the end of 
December, users could login but couldn't change their e-mail address or 
password (due to the single-sign-on being active); after the end of 
December, users have not been able to login at all. So the Extensions 
site users never had the possibility to change their password.

>> in order to upload a new version of the Italian dictionary I would have to
>> create a new account, a new extension and upload my new release (and of
>> course break extension updates on the client, i.e., breaking the update
>> check in OpenOffice).
> Updates are broken already, because of the loss of Berkley DB, right?
> So with AOO 3.4 all extensions will need to be reinstalled and the
> update mechanism going forward will need to be adapted.

The fact that extensions will need to be reinstalled has little to do 
with this: in general, extensions updates do not follow the OpenOffice 
release cycle. So being able to update an extension properly on the 
website by creating a new release (as opposed to create a new duplicate 
extension and making the new releases there) will help.

> So we'll want to wait until the
> new server is ready for authors to login again, and then send the
> temporary passwords.  Then we can shut down the forwarder.
> Does that make sense?

It does, with the only (minor) correction that Drupal does not set 
temporary passwords but one-time login links, which is good for us since 
users would be taken straight to their profile page and (with some 
tweaks on the Drupal side) be forced to change their e-mail to something 
not in the pattern and at the same time choose a 


View raw message