[03:33] !lilo:*! New project channel, #fossie .... "Welcome to fossie, a project to fiddle around with the idea of a small, modular, event-driven communications framework and probably write a bit of code. :) | dlopen(), bind(), posix signals, and some miscellaneous."
[03:33] !lilo:*! stop by if you code and it sounds interesting
[12:11] <lulu> SteveA: ping
[12:11] <SteveA> hi
[12:12] <lulu> SteveA: hi Stevo. I've just sent u an email regarding Upfront and a quote on the authentication work. pls could u have a look and respond asap. Tx :o)
[12:13] <lulu> elmo: ping
[12:15] <SteveA> lulu: Roche and I still need to have some discussion about exactly what he'll be doing.
[12:16] <SteveA> he has sent me his suggestion of the API.  Now, I need to reply to that and propose some changes.
[12:18] <lulu> SteveA: ok - no doubt there will be a revised quote based on that. If we can get the spec finalised and an updated quote before close of play today, that would be great. Tx Steve.
[12:19] <SteveA> on the ubuntu plone website, do all users basically have the same rights?
[12:19] <SteveA> As I understand it, there are no different classes of user
[12:20] <SteveA> For example, all users can access the same things, all users can comment on or edit the same things.
[12:20] <lulu> Mark and I discussed this yesterday. He wants anyone to be able to contribute to the content of the site.
[12:21] <lulu> But, we need to have an editor/publisher that has the final say - does a check for grammar/spelling/bad language etc etc before letting it go live.
[12:21] <SteveA> Is the editor / publisher a Person in launchpad?
[12:21] <lulu> Yes
[12:21] <lulu> I don't see users being able to edit docs....unless it's their own....
[12:21] <SteveA> how do we know which Person or Persons is an editor and which is not?
[12:22] <lulu> what if someone decided to edit Ubuntu's Philosophy or license.....not good
[12:22] <lulu> ok - How many levels of user does Plone have in it's normal form?
[12:23] <SteveA> I don't know
[12:23] <lulu> Looked to me like an owner and a manager....but i ahven't had a chance to investigate everything yet.
[12:23] <SteveA> the API roche has proposed has an attribute for the "security roles assigned to the user"
[12:23] <SteveA> in zope2 in general, the owner is the person who created an object, and a manager can do anything at all
[12:24] <SteveA> if we are to specify who has different roles, for example, who is a manager and who is just an ordinary user, then we need to represent this in the launchpad database.
[12:24] <lulu> that's good. surely there has been a need for different levels of user in the workflow of publishing content.....in plone.....let's ask Roche if he knows of any.
[12:25] <SteveA> I think plone has workflows that you can plug in
[12:25] <SteveA> and these workflows use different roles such as "editor" and "content author"
[12:25] <SteveA> I really don't know how it works, though, other than some notion that it has these things
[12:25] <carlos> morning
[12:25] <SteveA> hi carlos
[12:25] <lulu> Launchpad database - need the same user permissions as on the website?
[12:25] <lulu> hi Carlos
[12:26] <lulu> SteveA: the workflow plugin, Limi and I spoke about. I thought it was inherent in Plone workflow already. I'll check with Roche then.
[12:27] <SteveA> the main thing is that we need to know what "security roles" the plone site needs
[12:27] <SteveA> and we need to think how to represent these in the launchpad database
[12:28] <SteveA> But, if we can agree that they will definitely be in the launchpad database, and not elsewhere, then I can move forward with the API for authentication / users
[12:29] <lulu> SteveA: the Launchpad roles and what people can do in the tools/apps like Rosetta, Malone, Soyuz, are different to the content creators/editors for the website.
[12:30] <SteveA> what people can do in rosetta etc. is based on what packages etc. that they own
[12:30] <lulu> indeed
[12:30] <SteveA> so yes, this is different to the website
[12:30] <SteveA> I think we need mark's input at this point.  I'll give him a call in a few minutes.
[12:30] <lulu> so yes, Launchpad authentication will be different to content workflow.
[12:31] <SteveA> I need to take a "no typing" break for a few minutes.
[12:32] <lulu> Ok - any community member of Ubuntu should be allowed to contribute content to the website, so if they are recognised by Launchpad (logged in) then they can add content too.
[12:34] <SteveA> ok.
[12:34] <SteveA> what about this "publisher / editor" role?
[12:35] <SteveA> Can we simplify things, and say that we have two lots of people: people recognised in launchpad, and website admins.
[12:35] <SteveA> the website admins are users just in plone, not in launchpad.  They are "managers" of the site.
[12:39] <lulu> That sounds fine for the web requirements. 
[12:39] <lulu> But in launchpad, you will have different permissions for a translator, maintainer, developer, release manager, security manager etc...
[12:40] <SteveA> in launchpad, a person will be able to do different things depending on their relationship to those things
[12:41] <lulu> so for Roche - anyone who is logged into Launchpad can contribute to the site. Then we have Web admins who control what content is published. That's fine.
[12:42] <SteveA> so, we need just one class of user in the API between plone and launchpad 
[12:42] <lulu> Launchpad - I assume that's what Spiv will be writing - relationships with things.
[12:42] <SteveA> no
[12:42] <SteveA> let's stick to talking about the plone site, and what launchpad needs to say to the plone site
[12:42] <lulu> ok
[12:43] <SteveA> so, andrew will be writing a simple XML-RPC server, probably using Twisted, that the plone site will talk to.
[12:43] <lulu> classes of user  - would we not need 2, because a webadmin would need to be saved in the launchpad database too.
[12:43] <SteveA> An XML-RPC server is like a web server, but instead of serving up documents, it serves up an API that you can call from python code.
[12:43] <SteveA> the plone site already needs some "managers" defined just in the plone site, separately from launchpad
[12:44] <SteveA> these are needed to set up the software etc., including the software that allows plone to talk to launchpad
[12:45] <SteveA> I am suggesting that maybe we can define other users just in plone to act as editors/publishers.  I do not know if this is a workable idea or not, because I don't know much about what the ubuntu website needs to do, and how it uses different roles.
[12:45] <SteveA> It may be a better idea to have a "WebsiteRoles" table in the database
[12:46] <SteveA> where we can store the "plone security roles" that a person has on the ubuntu website
[12:47] <lulu> Steve - simple roles on the website. Contributor and publisher.
[12:47] <SteveA> are publishers People in launchpad?
[12:47] <SteveA> how many publishers will there be in total?
[12:47] <lulu> contributer should be able to add and edit their own content, but the rest is read only
[12:48] <lulu> publisher - someone in charge of content for the website. A few people like Mako, Jeff, Jane, Mark etc who will need to moderate and accept material for publishing.
[12:48] <SteveA> how many of them will there be?
[12:49] <SteveA> if it is just mako, jeff, jane and mark, and that is it, then we can have them defined in plone
[12:49] <SteveA> if it might be more later, or it might change, then we should define them in launchpad
[12:49] <lulu> that's not a definitive list - don't know how many at this stage. Perhaps more - I think this should definitely all be defined in launchpad
[12:49] <SteveA> I'm coming around to the idea that we should store roles in the launchpad database
[12:49] <SteveA> ok
[12:49] <lulu> cool
[12:50] <SteveA> so, we need to talk to mark about adding a suitable table.
[12:50] <lulu> we are in agreement. So a user in launcpad may have a relationship with the website.
[12:51] <SteveA> from what roche said, in plone terms, a users has a number of "security roles"
[12:51] <lulu> Talk to Mark - yes. So we need a list of all the possible roles/relationships in the system and then what their permissions will be.
[12:51] <lulu> define security roles
[12:52] <lulu> ?
[12:52] <SteveA> I can't do that.  Roche used the term.  All I know is that in roche's proposed api, a person has a number of "security roles"
[12:53] <SteveA> >     roles = Attribute("security roles assigned to user")
[12:53] <lulu> When you finalise requirements with Roche, I'm sure you'll clarify it with him today?
[12:59] <SteveA> daf: ping
[01:36] <SteveA> lulu: I just spoke to mark
[01:36] <lulu> yes?
[01:37] <SteveA> we can't change the database at the moment, so initially, the ubuntu website will need to let plone and its zodb manage any distinctions of roles
[01:37] <SteveA> I'll mail roche, and we'll see what he says.
[01:38] <lulu> database - how will people log into Rosetta or Malone? is that covered in Launchpad already? via rosetta.ubuntulinux.org and malone.ubuntulinbux.org?
[01:39] <SteveA> yes, that's covered already
[01:40] <SteveA> for the alpha, people will access it anonymously, or be able to log in.
[01:40] <SteveA> they will need to log in to edit / change things
[01:40] <carlos> SteveA: is it working now? (the login dialog)
[01:43] <lulu> ok Steve - When will the database be allowed to change next?
[01:45] <SteveA> probably when stuart gets back
[01:46] <carlos> SteveA: we cannot use the current production database with final rosetta, will Stub come back before 15th?
[01:47] <SteveA> what is supposed to happen on the 15th?
[01:47] <SteveA> The rosetta alpha, which is not using the main database
[01:48] <cprov> SteveA: sorry, for the interruption, I have some few, but really urgent, patches to apply in DB, could we arrange a faster way to do it ? I mean before 15th.
[01:50] <SteveA> rob collins is the acting dba
[01:51] <cprov> SteveA: tks, I will contact him directly
[01:51] <SteveA> the procedure for getting changes to the db is documented
[01:52] <SteveA> launchpad/database/schema/README
[01:52] <carlos> ok, I think I have a concept error. I thought the 15th was the time to release rosetta Phase1 so we could use it to translate Warty
[01:52] <SteveA> follow the procedure there
[01:52] <carlos> In fact, I thought that we are late with alpha/beta phase...
[01:52] <SteveA> https://www.warthogs.hbd.com/RosettaAlpha
[01:52] <SteveA> that's what I understand is planned to happen on the 15th 
[01:52] <carlos> SteveA: https://www.warthogs.hbd.com/RosettaSchedule
[01:53] <carlos> SteveA: the schedule says that 1st of september, the beta is launched, and on 1st of october, the final release is done
[01:54] <SteveA> that page is clearly out of date
[01:54] <lulu> guys - we need to update that schedule - taskboard and schedule is responsibility of the team leader. Daf - shall we chat about this and get it up to date?
[01:54] <carlos> but then, the ubuntu's website launch was moved to 15th of september and I thought that the phase1 release was also moved
[01:54] <lulu> carlos: yes that's correct.
[01:55] <carlos> ok
[01:55] <lulu> carlos: I'll speak with Daf and get it all up to date. 15 Sept is Alpha release goal.
[01:55] <carlos> lulu: oohh, I thought that was moved the final release. I thought we were late for the alpha...
[01:59] <lulu> carlos: oops - nope - 15 Sept is when "global"Rosetta should be released for Warty with a hardcoded home page with warty apps to be translated . It should be bug free and working. When was your new Alpha deadline set for? Daf and Steve were managing the process and redefining names etc, so I'm not up to speed.
[02:00] <lulu> SteveA: Daf needs to update the schedule based on all your discussions.
[02:00] <SteveA> we discussed an "alpha" with a throw-away database
[02:00] <SteveA> starting on the 15th
[02:00] <SteveA> with specific features
[02:01] <SteveA> as described in RosettaAlpha
[02:01] <SteveA> this gives us a reasonable goal to work towards, and a useful outcome
[02:01] <SteveA> translation work will not be wasted, as PO files can be downloaded from it
[02:02] <SteveA> where is daf?
[02:02] <SteveA> dafdafdafdafdaf!
[02:02] <lulu> so when is the new delivery date for Rosetta to be available for Warty apps to be translated online at rosetta.ubuntulinux.org?
[02:04] <SteveA> we can put the alpha at that address
[02:04] <SteveA> and put warty apps into it
[02:04] <SteveA> it just won't be the main database
[02:04] <SteveA> it will have a different set of Persons who can log in
[02:15] <lulu> right - so you see the alpha launching with the Ubuntu site then?
[03:35] <lulu> elmo:ping
[03:37] <elmo> lulu: yeah?
[03:38] <lulu> elmo: hi James! Roche answered some questions on the Zope installation via email I had yesterday, and I wondered if you'd had a chance to have a look and action them. 
[03:39] <elmo> not yet, I've been trying to get the machine orders completed - I can take a look now if it's urgent
[03:39] <lulu> thank you - yes - it's to do with the Plone products. Thanks - catch u later when you've had a look :o)
[04:00] <roche> Hi there
[04:02] <SteveA> hi roche
[04:03] <SteveA> I'll be back in 30s!
[04:03] <roche> 'k
[04:03] <lulu> Hi Roche!
[04:03] <roche> Hi lu
[04:03] <roche> Is everything going according to schedule with the sites?
[04:04] <roche> Are you busy uploading content yet?
[04:04] <lulu> not according to schedule but we're getting there. 
[04:04] <roche> Why is there such a rush to get the sites live so quickly?
[04:04] <lulu> James has just answered your email, so after the convo with Steve, I'd be grateful if we could make sure everything is done.
[04:05] <roche> Ok
[04:05] <lulu> Ubunntu the preview release, comes out on the 15th, so we need to get critical content up there.
[04:05] <lulu> Ubuntu I meant!
[04:05] <SteveA> so, let's talk about authentication and such
[04:05] <sabdfl> roche, the name is confidential,  esp in sa
[04:05] <roche> oik
[04:06] <roche> ok
[04:06] <SteveA> hi stu
[04:06] <lulu> Hi Mark  and Stu :o)
[04:06] <SteveA> so, we'll make an XML-RPC service available that plone can use to authenticate against
[04:06] <SteveA> we won't be deleting users at all, so plone shouldn't allow that either
[04:07] <SteveA> We need to be very clear on what the api is, and that it will work.
[04:07] <SteveA> Let's look at the API you suggested
[04:08] <SteveA> >     def getUser(name):
[04:08] <SteveA> >         """Returns a dictionary with the users data, otherwise returns
[04:08] <SteveA> >            None.
[04:08] <SteveA> >         """
[04:08] <SteveA> if we're using XML-RPC, then I think None will be a problem
[04:08] <SteveA> but we can return 0 or even {}
[04:08] <SteveA> what would "name" be?
[04:09] <roche> The login name
[04:09] <SteveA> ok
[04:09] <SteveA> >     def addUser(name, **kw):
[04:09] <SteveA> >         """Adds a user whose id is given as 'user_id'. Additional user
[04:09] <SteveA> >         data is passed as keyword arguments.
[04:10] <roche> that's supposed to be "given as 'name'"
[04:10] <SteveA> we'll be using email address to log in
[04:10] <SteveA> but, the user will be identified in the database by an integer id
[04:11] <SteveA> if people change their email address, then it would be good if their id didn't change
[04:12] <roche> So people cannot choose any username, it must be an email address?
[04:12] <SteveA> yes
[04:12] <SteveA> there is no support in our database at present for a username
[04:12] <lulu> email address plus password?
[04:12] <roche> So in the above API, name should really be email_address
[04:13] <lulu> anyone can access someone else's account with only an email address
[04:13] <SteveA> no
[04:13] <SteveA> can we define a few distinct concepts:
[04:14] <SteveA> * login id:  the id that someone uses to log into plone.  We're using an email address for this.
[04:14] <lulu> ok
[04:14] <SteveA> * person id: a user's integer id that will not ever change, even if their name and email address does
[04:14] <SteveA> * email address: a person will have at least one email address 
[04:15] <SteveA> that's it
[04:15] <SteveA> so, plone can ask for a user by login id
[04:16] <roche> yes
[04:16] <SteveA> plone needs to get back a dict containing information about the person who has the login id
[04:16] <SteveA> that dict will include the 'id' which is the person id
[04:16] <SteveA> if local roles or whatever are stored in plone, then it is the person id that is important
[04:17] <SteveA> only the database can assign a new person their person id
[04:18] <SteveA> so, if plone wants to register a new user, the call to newUser() will need to return their person id.  It could return the whole dict, of course.
[04:18] <SteveA> does this sound like it will work with plone so far?
[04:18] <roche> yes
[04:19] <SteveA> ok
[04:19] <roche> to be clear
[04:19] <SteveA> we need to decide what goes in the dict
[04:19] <roche> plone does not make a distinction between login id and person id so
[04:19] <roche> the plugin that gets written for exUserFolder will have to aware of this
[04:20] <SteveA> ok
[04:22] <SteveA> inside the dict will be 'id': person id, 'password': SSHA digested password, 'displayname': full name of the person, 'emailaddresses': list of email addresses
[04:22] <SteveA> can the rest of the plone member data be stored in the zodb?
[04:23] <roche> yes, that would simplify things a lot in that we don't have to update the interface for
[04:23] <roche> member metadata all the time.
[04:25] <SteveA> getUser(login_id)
[04:25] <SteveA>     returns user dict
[04:25] <SteveA> createUser(login_id, ssha_digested_password, displayname, emailaddresses)
[04:25] <SteveA>     returns user dict
[04:25] <SteveA> a user dict contains
[04:25] <SteveA>     id              person id (integer, doesn't change ever)
[04:25] <SteveA>     password        ssha encrypted password
[04:25] <SteveA>     displayname     full name, for display
[04:25] <SteveA>     emailaddresses  list of email addresses
[04:25] <SteveA> do we need an "editUser" too?
[04:26] <roche> if want to allow editing of password and email addresses from plone then yes.
[04:28] <SteveA> hmm
[04:28] <SteveA> when you do this kind of thing with ldap, does plone basically have free read/write access to the ldap server?
[04:30] <roche> yes, but it has to authenticate as an administrative LDAP user
[04:30] <SteveA> so, the ldap password is held in plone
[04:31] <roche> yes
[04:31] <SteveA> elmo: ping?
[04:31] <SteveA> elmo is our sysadmin.  I'd like to ask him what he thinks about this.
[04:33] <SteveA> hmm
[04:34] <SteveA> roche: you definitely want the API to return a digested password to you, rather than having to give a digested password?
[04:36] <elmo> stevea: ?
[04:36] <SteveA> hi elmo
[04:36] <roche> no, the password can be encrypted before calling addUser
[04:36] <roche> in that sense
[04:37] <SteveA> we will be having a plone server that needs to authenticate and get some data from launchpad
[04:37] <SteveA> rather than have the plone server directly access the database on emperor, we're going to set up an xml-rpc server
[04:37] <roche> the server only stores encrypted passwords, it doesn't have to do any encryption itself
[04:37] <SteveA> so that launchpad can give it just the information it requires
[04:38] <elmo> stevea: ok...
[04:39] <SteveA> the api of the xml rpc server we're discussing looks like this:
[04:40] <SteveA> getUser(login_id)
[04:40] <SteveA>     returns user dict
[04:40] <SteveA> createUser(login_id, ssha_digested_password, displayname, emailaddresses)
[04:40] <SteveA>     returns user dict
[04:40] <SteveA> a user dict contains
[04:40] <SteveA>     id              person id (integer, doesn't change ever)
[04:40] <SteveA>     password        ssha encrypted password
[04:40] <SteveA>     displayname     full name, for display
[04:40] <SteveA>     emailaddresses  list of email addresses
[04:40] <SteveA> roche: I'm wondering whether getUser should require a digested password
[04:40] <SteveA> at or whether we should have an authUser(login_id, digested_password)
[04:41] <SteveA> I'm concerned about being able to get the digested password for any user just by asking for it
[04:41] <SteveA> elmo: we're discussing also having an editUser operation.
[04:41] <SteveA> elmo: what I'm wondering is what kind of security measures you'd want on this.
[04:42] <SteveA> the xml rpc server should be accessible from just the plone server, not from the outside world
[04:42] <roche> what do you do if a users forgets their password if getuser requires a digested password
[04:42] <SteveA> getUser can require no password
[04:42] <SteveA> but wouldn't return a password either
[04:42] <SteveA> but would return the rest of the user dict
[04:42] <elmo> stevea: where's this xml-rpc server going to live? and is anything other than the plone server(s) going to be using it?
[04:43] <SteveA> elmo: same machine as launchpad app server.  nothing other than plone server(s)
[04:43] <stub> Morning
[04:44] <elmo> stevea: I don't see that it's necessarily got any security requirements beyond the obvious/normal ones, really
[04:45] <SteveA> elmo: okay, so you're not totally negative about it ;-)
[04:46] <SteveA> roche: how about this then:
[04:46] <SteveA> getUser(login_id)
[04:46] <SteveA>     returns user dict, or empty dict if no such login_id
[04:46] <SteveA> createUser(login_id, ssha_digested_password, displayname, emailaddresses)
[04:46] <SteveA>     returns user dict
[04:46] <SteveA> authUser(login_id, ssha_digested_password)
[04:46] <SteveA>     returns user dict, or empty dict if not authenticated
[04:46] <elmo> stevea: well, sure, I am but nobody takes me seriously when I rant about xml-rpc is going to claw out your eyes, and shoot random kittens :(
[04:46] <SteveA> editUser(login_id, ssha_digested_password, displayname, emailaddresses)
[04:46] <SteveA>     returns user dict
[04:46] <SteveA> a user dict contains
[04:46] <SteveA>     password        ssha encrypted password
[04:46] <SteveA>     displayname     full name, for display
[04:46] <SteveA>     emailaddresses  list of email addresses
[04:47] <SteveA> elmo: sounds a bit extreme
[04:48] <roche> what's the difference between getUser and authUser?
[04:48] <SteveA> authUser checks that the password matches the login
[04:48] <SteveA> getUser gets you the user information
[04:49] <SteveA> editUser works only if the password matches
[04:49] <roche> and the password is not included in the dict returned by getUser then?
[04:49] <SteveA> right
[04:49] <SteveA> oops, I left it in above
[04:50] <SteveA> I removed 'id' instead
[04:50] <SteveA> a user dict contains
[04:50] <SteveA>     id              person id (integer, doesn't change ever)
[04:50] <SteveA>     displayname     full name, for display
[04:50] <SteveA>     emailaddresses  list of email addresses
[04:50] <roche> so what happens if a user forgets his password?
[04:50] <SteveA> what would normally happen?
[04:51] <stub> One thing that may have already been discussed - do we want to add a 'name' column to the database, which can be used as a login name? I was thinking that we might want a unique, short string to display on pages to identify a person rather than the existing displayname, which is not unique (ping me later if this is off topic)
[04:52] <SteveA> stub: there have been various discussions of this on-list
[04:52] <SteveA> I proposed deferring this until the soyuz sprint
[04:52] <roche> either you send them an email with their password (which won't be possible here )
[04:53] <SteveA> hmm, or you need an api to set the password
[04:53] <roche> or you generate a temporary password and mail that to them so that they can change there
[04:53] <roche> password themselves - this is also not possible here
[04:53] <SteveA> stub: it is a popular idea.  it really needs to pass through mark
[04:54] <SteveA> stub: mark suggested having a short nickname associated with each "thing" a person is involved in 
[04:54] <SteveA> stub: like, I'm SteveA most of the time, but there's another SteveA on sourceforge, who isn't me
[04:55] <SteveA> roche: I think we can say that we won't allow password changes via plone
[04:55] <SteveA> there will be a way to do this in the launchpad application
[04:55] <SteveA> so, when that's done, plone can point to there
[04:56] <roche> ok, that's fine
[04:56] <SteveA> I'm inclined to say the same thing about changing displayname and email addresses
[04:56] <SteveA> lulu: what do you think?  Does the plone website need to offer people the ability to change email addresses and displaynames?
[04:57] <SteveA> I think it would be simpler making people go to the launchpad app for all changes
[04:57] <SteveA> but to still allow people to sign up for the first time via plone
[04:57] <lulu> SteveA: if Ubuntu is to be the link in to all the tools for ubuntu, i think that would be useful...
[04:58] <SteveA> the ubuntu site will be linking to the person's dashboard on launchpad
[04:58] <SteveA> the ubuntu site can also link to the person's "change my details" page on launchpad
[04:58] <lulu> yes - but to the user, they think it's the ubuntu dashboard
[04:58] <lulu> yes - makes sense to me and seamless for the user
[04:58] <SteveA> ok, then that keeps the API, and roche's work, simpler
[04:59] <SteveA> and means that it is less possible to do bad things via xml-rpx
[05:00] <SteveA> so, one last time...
[05:00] <SteveA> 
[05:00] <SteveA> getUser(login_id)
[05:00] <SteveA>     returns user dict if login_id exists, otherwise empty dict
[05:00] <SteveA> authUser(login_id, ssha_digested_password)
[05:00] <SteveA>     returns user dict if authenticated, otherwise empty dict
[05:00] <SteveA> createUser(login_id, ssha_digested_password, displayname, emailaddresses)
[05:00] <SteveA>     returns user dict
[05:00] <SteveA> a user dict contains
[05:00] <SteveA>     id              person id (integer, doesn't change ever)
[05:00] <SteveA>     displayname     full name, for display
[05:01] <SteveA>     emailaddresses  list of email addresses
[05:01] <SteveA> 
[05:01] <SteveA> spiv: can you write a Twisted XML-RPC service that offers that API to the launchpad database?
[05:01] <SteveA> hmm, I guess we don't need login_id in createUser
[05:02] <lulu> one question....from a user perspective - However the backend handles registration, the user doesn't need to know. To them it should be the same thing. 
[05:02] <SteveA> what's the question?
[05:02] <lulu> do they enter email address and password (design purposes - number of login text boxes required)
[05:02] <lulu> Log into plone = basic launchpad. When we need further security, will it be a javascript login like on warthogs?
[05:02] <lulu> or now will it be the same thing?
[05:03] <SteveA> there is no javascript login
[05:03] <lulu> so via the web interface - email address and password?
[05:03] <SteveA> do you mean the box asking for username and password that your browser pops up?
[05:03] <lulu> yup - but only for https
[05:03] <SteveA> that's not javascript.  that's your browser doing basic authentication or digest authentication
[05:04] <lulu> thanks for clarifying
[05:04] <SteveA> in plone, there will be a webpage with a form to log in
[05:04] <lulu> home page - little portlet
[05:04] <SteveA> in launchpad, there will initially not be this, but instead the dialog that the browser pops up.  later, we'll do cookie authentication
[05:05] <SteveA> with a login form for launchpad
[05:05] <lulu> oh - sorry - you mean register......not login for the plone site.
[05:05] <roche> API seems fine
[05:05] <SteveA> great.  I'll mail this shortly.
[05:06] <spiv> SteveA: at a glance, yes, will do more than glance when workrave lets me :)
[05:07] <lulu> Roche - please could you amend your quote accordingly and resend thereafter. Tx :o)
[05:07] <roche> will do so
[05:09] <roche> are we done?
[05:09] <SteveA> yes, thanks!
[05:09] <lulu> roche: could you and James ensure all is ok with the plone products please. Tx :o)
[05:10] <roche> I'll have a look at his mail now
[05:10] <lulu> much obliged
[05:10] <roche> keep well everybody, cheers.
[05:11] <lulu> SteveA: thank you for finalising this :o)
[05:45] <SteveA> spiv: ping?
[05:47] <carlos> I'm confused
[05:47] <carlos> When I try to execute a python script I'm writing I get:
[05:47] <carlos> from: can't read /var/mail/zope.component.tests.placelesssetup
[05:47] <carlos> from: can't read /var/mail/canonical.database.sqlbase
[05:47] <carlos> from: can't read /var/mail/canonical.rosetta.sql
[05:47] <carlos> from: can't read /var/mail/sqlobject
[05:47] <carlos> from: can't read /var/mail/optparse
[05:48] <carlos> I'm not at /var/mail and my PYTHONPATH env var points to /home/carlos/Work/launchpad/lib/
[05:48] <spiv> carlos: You have /var/mail on your $PYT -- oh.
[05:48] <spiv> Well, it looks like something is adding /var/mail to python's sys.path :)
[05:48] <carlos> carlos@frodo ~/Work/rosetta/scripts $ export PYTHONPATH=/home/carlos/Work/launchpad/lib/
[05:48] <carlos> carlos@frodo ~/Work/rosetta/scripts $ ./createuser.py --help
[05:48] <SteveA> spiv: can you write an XML-RPC server, using twisted, to the api I mailed out?
[05:49] <spiv> SteveA: Yes, when do you want it by?
[05:49] <SteveA> friday morning?
[05:49] <SteveA> is that too much of a stretch?
[05:50] <spiv> Ok, that should be easily achievable, I think.
[05:50] <spiv> Unless other things get in the way...
[05:50] <spiv> I should do a proper estimate for it, I guess :)
[05:50] <SteveA> please do
[05:53] <SteveA> spiv: I filed a bug on it for you
[05:53] <daf> spiv: you're arriving here on Thursday?
[05:56] <spiv> daf: I was, but I've just been informed that there's a spare ticket to a TMBG concert that evening.
[05:56] <daf> spiv: wow!
[05:56] <spiv> daf: So it now looks like I'm arriving Friday ;)
[05:56] <daf> spiv: cool, enjoy the show :)
[05:56] <daf> spiv: have you seen them live before?
[05:57] <spiv> Yeah, twice in Sydney.
[05:57] <daf> they are really good live
[05:57] <spiv> When they were touring to promote Mink Car.
[05:57] <daf> I saw them around the same time
[05:57] <daf> it was just before it was released, I think
[05:58] <daf> (in the UK, that is)
[09:59] <doko> stevea: around?
[10:11] <debonzi> spiv, are you around?
[11:10] <jblack> spiv: Ping
[11:17] <spiv> debonzi, jblack: Hi, sorry, I really need to sleep.  Catch you guys tomorrow.