Weekly Scrum IRC Log: 2011-03-29

Tagged:
08:58 <@anarcat> alright, so we're 1 minute away from the scrum, but i'll start anyways :P
08:59 <@anarcat> i'm a bit in a rush since we're going to replace a switch at the datacenter in about an hour
08:59 <@mig5> np
08:59 <@anarcat> which could affect community.a.o momentarily
08:59 <@anarcat> we had a few issues with the server
08:59 <@anarcat> it was replaced with a spare recently and we diagnosed a problem with a corrupted bios
08:59 <@anarcat> our hw provider is running more tests and we hope to get the original server back online shortly
09:00 <@anarcat> as for actual dev
09:00 <@anarcat> i have worked on provisionacl recently and got it in good shape
09:00 <@anarcat> i hope to deploy it in production here this week and get rid of our ugly sudo -u aegir kludges we were giving to workers
09:00 < Aurorus> sounds interesting anarcat
09:00 <@anarcat> so now not only can worker access modules/ files/ etc without problems, but they can run drush commands as their regular user
09:01 <@anarcat> *plus* this gives access to the regular drush aliases
09:01 <@anarcat> although there are still warnings (fixed in drush 5 and drush 4-head)
09:01 <@anarcat> i'm working on having site aliases respect drush -i
09:01 <@anarcat> i have worked a lot on the debian packages too, they are mostly ready
09:02 < Aurorus> anarcat: Are there plans to allow the deletion of sites and platforms that fail verify?
09:02 <@anarcat> provision is packaged, and there's a meta-package for hostmaster that downloads provision
09:02 <@anarcat> i also want to get the debian packages finished this week and we'll update the docs accordingly
09:02 <@anarcat> hopefully we can ship 1.0 with debian
09:02 <@anarcat> i started coordination of the rc3 release, but we have a significant blocker with d.o that refuses to release hostmaster
09:03 <@anarcat> see http://drupal.org/node/1105824
09:03 <@anarcat> for the drush issues: http://drupal.org/node/1104450 and http://drupal.org/node/957182
09:04 <@anarcat> i am going to work more on security in the coming weeks, i plan to work two weeks in a retreat in the woods with internet access :)
09:04 <@anarcat> i will make sure we don't bootstrap evil modules so that allowing access to modules and themes is secure
09:04 <@anarcat> i'd like to release rc3 tomorrow
09:05 <@anarcat> i am thinking of starting work on the d7 port and ldap integration for 2.x during the next two weeks
09:05 <@anarcat> and koumbit has done its internal roadmap and we'll be working hard on 2.x for the summer
09:05 <@anarcat> i think that's pretty much it for me!
09:05 <@mig5> nice one. you have given yourself a lot of work as usual :)
09:05 <@anarcat> i am glad to see that crazy stuff darthsteven has been doing here :) http://www.computerminds.co.uk/articles/aegir-tasks-daemon
09:05 <@anarcat> i think it should be merged in
09:06 <@anarcat> well, if anyone wants to pick up rc3 or similar things, be my guest :)
09:06 <@mig5> i read that: i think the queue thing would be good in aegir, hopefully doesn't have too many dependencies?
09:06 <@anarcat> drush especially needs a lot of love - and we'll need to work with them for aegir 2.0, which i suspect will support only drush 5 or above
09:06 <@anarcat> mig5: seems to be standalone contrib!
09:06 <@mig5> ok cool
09:06 <@anarcat> it's just a ghetto php daemon :)
09:06 <@anarcat> what Vertice didn't want :)
09:06 <@mig5> i thought it deopeneded on some obscure launchd-like OSX daemon
09:07 <@mig5> but i admit i didn't read it thoroughly
09:07 <@anarcat> darthsteven: recommends supervisor, but it's just to keep the php script alive - you could use whatever you want
09:07 <@anarcat> hey, we could even use the cronjob to restart the daemon if it fails
09:07 <@mig5> anyway: not much from me, as usual. i basically encountered some significant stability issues with the master branch, and fixed it as best as I could, though I worry i broke some of your ideas there. http://drupal.org/node/1106768
09:08 <@mig5> i found the bug while writing my aegir build test in jenkins, which was exactly what it was designed to do (although it didn't literally fail the test :) )
09:08 <@mig5> and that's the other main thing i've been toying with (jenkins), although it's at an early stage in terms of aegir tests.
09:08 <@anarcat> cool :)
09:08 <@mig5> but i think we could use it more and more
09:08 <@anarcat> that is freakin awesome
09:08 <@anarcat> can you paste urls for that here?
09:08 <@anarcat> i'm really lazy, nevermind :)
09:09 <@mig5> sure http://jenkins.greenbeedigital.com.au:8080/job/aegir%20install/
09:09 <@mig5> i'd like to at least give you or other developers access to that properly, so you can run tests
09:09 <@mig5> at my expense :)
09:09 <@mig5> as i figure you might catch migressions, and do me a favour
09:09 <@mig5> :)
09:10 <@anarcat> haha
09:10 <@anarcat> well, in this case the regression was mine wasn't it ;)
09:10 <@mig5> no matter
09:10 <@mig5> one other thing:
09:10 <@mig5> i'm less worried than you re: drupal.org's issues in releasing hostmaster
09:10 <@mig5> i think it would be nice
09:10 <@mig5> but it's not a blocker in my opinion
09:10 <@anarcat> ok
09:10 <@mig5> as our design works around it already
09:11 <@anarcat> ... since we depend on git
09:11 <@mig5> yeah
09:11 <@anarcat> ok
09:11 <@anarcat> but the release.sh doesn't know that :p
09:11 <@mig5> ah, true :)
09:11 <@anarcat> so i almost released a broken rc3 here :)
09:11 <@mig5> don't worry, i broke rc2
09:11 <@mig5> but i ignored it :)
09:11 <@anarcat> eh
09:11 <@anarcat> ok
09:12 <@anarcat> so if you want to break^Wrelease rc3 tomorrow, or anytime, in fact, be my guest
09:12 <@mig5> don't want to make more work for us in the release.sh though. but, i'm afraid i'm still crippled with a 'don't wait for drupal.org to catch up with us' mentality :)
09:12 <@mig5> ok
09:12 <@anarcat> that's alright
09:13 <@anarcat> alright, anyone else?
09:13 <@mig5> i'll have some time, this time tomorrow
09:13 <@anarcat> omega8cc doesn't seem to be here, so i'll talk for her a little :)
09:13 <@anarcat> she found a vhost injection vulnerability in the alias
09:13 <@mig5> oh yeah
09:13 <@anarcat> it was fixed in head and I *think* i merged in stable
09:13 <@mig5> did the security team say anything?
09:13 <@anarcat> which is why i wanted to make a release
09:13 <@anarcat> yeah
09:13 <@anarcat> no embargo, just release
09:14 <@anarcat> since it's not a stable release, it's ok
09:14 <@mig5> ok
09:14 <@anarcat> so don't tag it as a security release either, because then it gets unpublished and all the shit
09:14 <@mig5> she has some nginx batch updates in the queue as well, since we never really test those ourselves, we should probably just roll them in
09:15 <@mig5> they missed rc2 already
09:15 <@mig5> http://drupal.org/project/issues?text=&projects=hosting%2C+provision%2C+...
09:15 <@anarcat> yup
09:15 <@anarcat> a good review of the needs review patches would be good, but not mandatory
09:15 <@anarcat> too bad we got that silly security issue otherwise that would have been 1.0 :P
09:15 <@mig5> oh well. i admit i didn't read the security vulnerability properly. how was it exploitable?
09:15 <@anarcat> darthsteven: please do submit a patch for that stuff, it seems like gold
09:15 <@mig5> i spose i could find the ticket
09:16 <@anarcat> oh and i think we should fix this too: http://drupal.org/node/1108810
09:16 <@anarcat> Files in sites/example.org/private are accessible.
09:16 <@mig5> yeah
09:16 <@anarcat> this is the security issue: http://drupal.org/node/1098304
09:16 <@anarcat> i thought the private files was already done
09:16 <@mig5> i thought we could stick it in the platform vhost
09:16 <@mig5> the deny all
09:16 <@mig5> his .htaccess is probably being ignored for that reason
09:17 <@mig5> in that we don't have AllowOverride
09:17 <@anarcat> yes, the .htaccess are ignored, on purpose
09:17 <@mig5> yep
09:17 <@anarcat> okay folks, i need to go!
09:17 <@mig5> so i thought we could inject that into the template ourselves
09:17 <@mig5> sound sane?
09:17 <@mig5> ok
09:17 <@anarcat> yep
09:17 <@mig5> have fun with your switch
09:17 <@mig5> cheers
09:17 <@anarcat> hehe i will :)
09:17 <@anarcat> ciao ciao