Log file Viewer

[05:41:49] <hazmat> pycon BEGINS

[15:15:19] <rzoz> what's the current favorite for integrated issue tracking + wiki + integrated source browsing? best i've used is still trac.

[15:25:14] <dandrinkard> o hai rzoz

[15:25:37] <rzoz> dandrinkard!

[15:25:48] <dandrinkard> this is the part where I say github and you ask for other people's opinions

[15:25:58] <dandrinkard> (also how's it going!?)

[15:26:09] <rzoz> dandrinkard -- need it to be internal and carry sensitive data

[15:26:18] <rzoz> dandrinkard: good, you?

[15:26:30] <dandrinkard> not bad

[15:26:52] <dandrinkard> there's github:fi if you have lotsa $

[15:27:24] <dandrinkard> i guess they call it enterprise now

[15:28:51] <rzoz> "enterprise"

[15:31:37] <dandrinkard> which normally is code for shitty and overpriced

[15:31:42] <dandrinkard> but in this case i think just means overpriced

[15:35:40] <dandrinkard> doesn't sound like a software problem

[15:36:01] <rzoz> ...ah, users

[15:39:21] <ScottK> rzoz: I'm partial to redmine these days, myself.

[15:47:05] <rzoz> ScottK: thanks, will take a look

[16:01:55] <j00bar> dandrinkard: also, if you don't mind your account being susceptible to mass assignment vulnerabilities.

[16:02:34] <j00bar> rzoz: sphinx ftw :)

[16:03:27] <dandrinkard> j00bar lol!

[16:03:50] <dandrinkard> (can't see a use case where that would be an issue behind a firewall)

[16:04:18] <j00bar> i mean, really, it's as if in django i said User.objects.filter(pk=user_id).update(**request.GET)

[16:05:34] <dandrinkard> I don't know anyone who would expect mass assignment to traverse relationships… what a nightmare

[16:05:47] <j00bar> dandrinkard: i didn't think it did?

[16:06:10] <dandrinkard> not in django, but that was what I understood the rails issue to be

[16:06:16] <dandrinkard> perhaps incorrectly

[16:06:47] <j00bar> there were two i think he found

[16:06:57] <j00bar> one was the "is_admin" flag on the User model wasn't guarded against mass assignment

[16:07:22] <j00bar> the second was that the UserSSHKey model's user_id field wasn't guarded against mass assignment

[16:07:37] <j00bar> so you could munge form data to upload a key into anybody's user account

[16:07:41] <j00bar> and you could make yourself the project admin

[16:08:00] <j00bar> also, less security related, you could munge form data to set the timestamp on any issue-tracker post/comment

[16:08:31] <dandrinkard> aha

[16:16:14] <rzoz> does anyone else find it mildly hilarious that there is extant work on "urllib3"?

[16:22:32] <leetrout> rzoz: saw your comment in the other channel

[16:22:56] <leetrout> i have had a really great experience with jira using SVN, crucible, and fisheye

[16:23:01] <leetrout> on par with github for svn

[16:24:46] <rzoz> leetrout: awesome -- thanks

[16:25:15] <leetrout> jira alone felt like bloatware

[16:25:47] <leetrout> but adding crucible especially made a big difference in productivity for peer reviews (at least for me)

[16:26:46] <leetrout> lets you do inline comments ala github and view the final diffs that combine several deltas so you don't have to go revision by revision

[17:05:42] <j00bar> also, what's up with atlassian?

[17:05:53] <j00bar> a java-centric truly enterprise-style tools shop

[17:05:59] <j00bar> buys bitbucket and now hipchat?

[17:22:31] <dandrinkard> j00bar: seems odd to me too

[17:23:45] <dandrinkard> my first experience with them was confluence, so my general feelings toward them are probably unnecessarily disdainful