Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
07:00 < ibennetch> We appear to be waiting for a few members, but I guess we'll begin anyway. 07:01 < Marc9> Let's wait 5 minutes 07:01 < ibennetch> Sure thing. 07:02 < nijel> Hello everybody 07:07 < udan11> Hello! I might be a little unresponsive. I'm at the university in the middle of a course. 07:08 < Marc9> udan11 ok 07:08 * Marc9 just emailed Deven 07:08 < Marc9> So I guess we can start 07:08 < ibennetch> Thanks for joining us at the cost of your education ;) 07:08 < ibennetch> Great. First up are a few issues we'd like to close. 07:08 < ibennetch> Mine is about BSD support. 07:09 < ibennetch> Kasun and I thought it should already be implemented, the original poster didn't respond. 07:09 < Marc9> Fine to close for me 07:09 < nijel> I agree as well 07:10 < ibennetch> Thanks, Marc proposes one about decreased cookie usage 07:10 < ibennetch> This has a lack of feedback also 07:10 < Marc9> The user was using an old cookie spec 07:10 < nijel> I think decreasing cookie usage kind of makes sense, though I really don't see it as a priority... 07:11 < Marc9> ok so we can leave open 07:11 < ibennetch> I agree with nijel, this could be reduced but isn't a big priority for me. 07:11 < Marc9> Also it can be a good project to propose to students 07:12 < nijel> Indeed 07:12 < ibennetch> Last: inbuilt VCS question 07:12 * nijel just added newbie tag to cookie reducing 07:12 < Marc9> I find that very vague 07:12 < nijel> VCS is IMHO really out of scope for web tool 07:12 < ibennetch> This sounds difficult, vague, and out of scope 07:12 < nijel> to make it work reliably this needs to be done on the server side... 07:13 < ibennetch> In an ideal world, sure it would be great, but would require more control over the server than we can assume we have. 07:13 < Marc9> Issue is closed :) 07:13 < ibennetch> Now some old bugs 07:14 < ibennetch> 9673 is about revolking privileges 07:14 < Marc9> For a privileged user who lacks some privileges 07:15 < ibennetch> nijel's last comment is interesting. Just from that, I wonder if there is still some improvement we can make here. 07:16 -!- DevenB [73f91219@gateway/web/freenode/ip.126.96.36.199] has joined #phpmyadmin 07:16 < Marc9> Hi Deven 07:16 < ibennetch> The rest seems like something we could just document as Marc suggested 07:16 < DevenB> Hi Marc 07:16 < DevenB> Sorry for delay 07:16 < Marc9> ibennetch but this will need to be tested on new MySQL versions 07:17 < Marc9> Deven we are here http://wiki.phpmyadmin.net/pma/2016-01_Meeting#Old_bugs_-.3E_Known_limitations_.3F 07:17 < nijel> I'm not really sure here it's still causes problems with current MySQL servers...but as there was no activity since 2011 there, I think it's not really an issue these days 07:18 < Marc9> nijel so we better close it for now, it will resurface if needed 07:18 < ibennetch> Is there anything to document or is it no longer an issue at all? 07:19 < Marc9> Not sure 07:19 < ibennetch> Fine by me to close, we can move on to the "auto-redirect to login page after timeout" 07:19 < ibennetch> About the permissions, it's better to close due to no feedback than commit a wrong fix :) 07:21 < ibennetch> I think this could use some help. 07:21 < Marc9> Is everyone fine with documenting this as a known limitation? 07:21 < ibennetch> You mean the privilege question? 07:21 < Marc9> No, the auto-redirect to login page problem 07:21 < ibennetch> Oh, okay. 07:22 < ibennetch> My mistake 07:22 < Marc9> The priv one is closed 07:23 < ibennetch> There appear to be two problems here. First, the original poster is asking that the page stays where it is when a page times out. 07:23 < nijel> I think using AJAX to extend session validity is quite good idea, but still we want to logout inactive users after some time. 07:23 < Marc9> The one about timeout is related to my other question in this meeting, regarding LoginCookieValidity 07:23 < nijel> What I've seen on several pages is that just before the timeout would happen they interactively ask if user wants to continue in the current session and if he confirms that, the session is extended. 07:24 < Marc9> nijel if we extend we'll run into security problems (sessions kept open) 07:24 < Marc9> nijel your suggestion could work 07:24 < DevenB> I think that would be nice. To confirm before extending. 07:25 < nijel> This way the user data would not be lost, but we let expire unused sessions... 07:25 < Marc9> Another good student project :) 07:25 < Marc9> ? 07:25 < ibennetch> It seems reasonable to me to keep the session open until LoginCookieValidity is reached. I don't think we should extend it past that, and if the PHP gc_maxlifetime is less than LoginCookieValidity we should extend it by AJAX. 07:25 < Marc9> ibennetch we already have a function for that, I believe (done by Smita) 07:26 < Marc9> UpdateIdleTime() 07:26 < ibennetch> Which seems to me to be the proper solution. 07:26 < Marc9> but it does not ask for confirmation 07:27 < ibennetch> Okay, when we're approaching LoginCookieValidity we can prompt the user to extend their session. That seems reasonable. 07:27 < nijel> maybe the confirmation is not really needed if user is active (eg. editing SQL query for long time)... 07:27 < Marc9> nijel the function takes care of that, I think 07:27 < nijel> Marc9 great, didn't know that 07:28 < Marc9> (but this needs a confirmation from a js expert) 07:28 < ibennetch> Are we finished with this issue, then? 07:29 < Marc9> yes we leave it open 07:29 < nijel> yes 07:29 < Marc9> I changed its title 07:29 < DevenB> I agree. 07:29 < ibennetch> Great 07:29 < ibennetch> Next up is discussion of the unhex() in exports. 07:30 < Marc9> The question is to force unhex in all exports 07:31 < Marc9> I would prefer it being an option 07:32 < nijel> Having it as an option sounds okay, but I'd still keep it disabled by default 07:32 < DevenB> yes. an added option provided would be better instead of forcing it on all. 07:32 < Marc9> I agree 07:32 < ibennetch> That's what I was thinking. 07:32 < Marc9> forcing would make the exports very weird to read 07:32 < Marc9> (by a human) 07:33 < Marc9> and would provoke new issues opened 07:33 < ibennetch> True 07:33 < nijel> In SQL dumps I'd really try to behave same as mysqldump (as much as possible), which definitely doesn't do this 07:33 < Marc9> nijel very good point 07:33 < Marc9> nijel I'm not sure they even have an option for that 07:33 < nijel> (I don't think it even has that option...) 07:34 < nijel> from quick look it has only --hex-blob 07:34 < Marc9> nijel yes and it makes sense for BLOBs 07:34 < ibennetch> It seems we're decided on this. 07:35 < nijel> okay 07:35 < ibennetch> Next up, voting on the resignations. 07:35 < Marc9> issue updated 07:35 < nijel> no problem with accepting the resignations from me 07:35 < Marc9> I am in favor of both resignations 07:35 < ibennetch> It's always sad when members step down, but I agree to accept their resignations. 07:36 < DevenB> I am in favor of both too. 07:36 < nijel> ibennetch you really can not force them to stay ;-) 07:36 < Marc9> or be active 07:36 < ibennetch> nijel: can you handle the details of contacting Conservancy and verifying they're removed from Github and the team mailing list, etc? 07:36 < nijel> ibennetch: okay will do so 07:37 < ibennetch> Good points nijel and Marc9 07:37 < Marc9> they are already removed 07:38 < ibennetch> Next: suggested donation amount. 07:38 < Marc9> I wrote a long justification :) 07:38 < Marc9> May I add that this is in spirit of what Conservancy is trying to do 07:39 < ibennetch> Not a bad suggestion, as a user I do like having a suggested amount. 07:39 < Marc9> for their own donations 07:39 < Marc9> (seeking support from the general public) 07:39 < Marc9> If the suggestion is politely done, people should not feel hurt 07:40 < Marc9> (especially now that some of the donations directly go on development) 07:41 < Marc9> ok I stop talking :) 07:41 < nijel> I think it's good idea 07:42 < Marc9> DevenB udan11 feedback? 07:42 < ibennetch> It might be interesting to do some calculation of the dollar value in terms of code produced -- that way, the donation page could say something like "$100 - funds developer work for one day, providing an average of 10,000 lines of code and 50 bugfixes" 07:43 < Marc9> ibennetch not so sure about that. Remember what Atul said about keeping the spirit of volunteering ? 07:43 < ibennetch> Ah, that's a good point. 07:43 -!- DevenB_ [73f91219@gateway/web/freenode/ip.188.8.131.52] has joined #phpmyadmin 07:43 < Marc9> (but this is maybe another debate) 07:44 < Marc9> Hi DevenB_ we're talking about suggesting a donation 07:44 < ibennetch> You would just have a list of suggested donations and an area to enter their own donation amount. This is fine. Most non-profits I've seen use some similar means to suggest an amount. 07:44 < DevenB_> Yes. My internet connection is having some problem. Sorry. 07:44 -!- DevenB [73f91219@gateway/web/freenode/ip.184.108.40.206] has quit [Ping timeout: 252 seconds] 07:44 < Marc9> How about suggesting at download time? 07:45 < Marc9> (well, at the places I suggested on the wiki) 07:45 < DevenB_> From a user perspective, I like the idea of suggesting it on Donate page, but not sure on the Download page. 07:45 < Marc9> My point is explicitely to suggest on Download page and button 07:46 < nijel> I think that suggesting donation just after download is good idea 07:46 < DevenB_> Can be we can add it after he/she clicks the Download button. 07:46 < Marc9> DevenB_ do you feel we would press the user too much? 07:46 < DevenB_> yes. exactly. that was my point 07:46 < Marc9> That's why the wording is important, 07:46 < Marc9> and remember that most users do not download, 07:47 < Marc9> they just use it from a package and donate to their distro, if ever 07:47 < ibennetch> What about some text (either before of after downloading) saying "We hope you enjoy phpMyAdmin. Please consider donating to support our development." which would link to the donate page? 07:47 < Marc9> I like that 07:48 < ibennetch> Marc9 is correct, many users would be exposed due to XAMPP, WAMP, or their package manager. 07:48 < nijel> sounds okay 07:48 < DevenB_> This sounds good. :) 07:48 < ibennetch> But there's nothing to be done about those other download sources unless we put a "nag screen" in the main code itself, which I'm probably against. 07:49 < Marc9> nijel can you ask Conservancy if a choice of donate amounts makes sense? 07:49 < ibennetch> Then on the donation page itself we can have some suggested amounts. 07:49 -!- nickROMANCEr [~cRAn@220.127.116.11] has joined #phpmyadmin 07:49 < Marc9> I assume that the Paypal form permits a choice of amounts, and also to enter one 07:50 < Marc9> by the way, in the ledger I mostly see 10$ donations 07:50 < nijel> Marc9: I'm not sure it does, let me check on my paypal... 07:51 < Marc9> I would even suggest an amount like this: 07:52 < Marc9> We hope you enjoy phpMyAdmin. Please consider donating to support our development (suggested amount: 10 USD). 07:52 -!- cRAn [~cRAn@18.104.22.168] has quit [Ping timeout: 240 seconds] 07:52 < Marc9> Because if in the text there is no suggestion, it defeats my intention 07:52 < ibennetch> At least one organization I've seen has their own page where the user selects the amount (from a dropdown or by typing in an amount), then that page links to PayPal. It's a bit cumbersome, but maybe a PayPal limitation. 07:52 < ibennetch> Yes, Marc9 that is fine by me. 07:53 < DevenB_> That one looks good, Marc9. 07:53 < Marc9> nijel do you expect much work to update the site? 07:54 < ibennetch> 6 minutes remain with one topic to discuss. 07:54 < ibennetch> *one more* 07:54 < nijel> okay, PayPal allows either one fixed amount or user entered one, no choices or alternatives... 07:55 < Marc9> so, no choices but a suggestion in the text 07:55 < nijel> I think showing something after download should not be hard... 07:55 < Marc9> I am not ashamed of asking 10 USD in the text 07:56 < nijel> I'm fine with that 07:56 < Marc9> nijel, showing also after clicking on the download button? 07:57 < nijel> I can implement it if you wish, please add issue for that on website repo (you're way better in writing polite English than me) 07:57 < Marc9> will do 07:57 < ibennetch> Okay, let's wrap up discussion of this item and move on the the final one, okay? 07:57 < Marc9> but we'll use the text suggested by Isaac and amended by me 07:57 < Marc9> ok to move on 07:58 < Marc9> Is LoginCookieValidity still a good idea? 07:59 < Marc9> My belief is that removing that would leave workstations open to unauthorized usage 07:59 < ibennetch> I think so. We need a way to allow administrators to force a timeout. 07:59 < Marc9> http://docs.phpmyadmin.net/en/latest/config.html?highlight=logincookievalidity#cfg_LoginCookieValidity 07:59 < nijel> I also think having way to set timeout is needed, gc_maxlifetime doesn't guarantee much 08:00 < Marc9> nijel, also it's better to fine-tune the limit for phpMyAdmin instead of just relying to the PHP one 08:01 < Marc9> So I was right to suggest in the pull request the need to respect that directive? 08:01 < nijel> yes 08:01 < ibennetch> Yes 08:02 < DevenB_> yes 08:03 < Marc9> I think this concludes this point, but I have another short one :) 08:03 < ibennetch> I have a moment, go ahead. 08:03 < Marc9> I need testers to reproduce that: https://github.com/phpmyadmin/phpmyadmin/issues/11849 08:04 < Marc9> because it would be a show stopper for 4.6.0 08:04 < Marc9> it's easy to try and I would appreciate confirmations 08:04 < Marc9> I have a hard time bisecting that one 08:04 < Marc9> dates back to September 2015 08:05 < Marc9> thanks in advance 08:05 < nijel> Marc9: I will look at it (probably tomorrow) 08:05 < Marc9> ok 08:06 < ibennetch> Thanks to everyone for attending. 08:06 < Marc9> yeah it was productive! 08:08 < nijel> thanks, and see you next month :-) 08:08 < DevenB_> Bye everyone :) 08:09 < Marc9> Bye! 08:09 < ibennetch> I'll post the log later today. Bye
Clone this wiki locally
Press h to open a hovercard with more details.