[Collab-qa-commits] r1709 - in udd: sql udd web/cgi-bin

Lucas Nussbaum lucas at alioth.debian.org
Wed Mar 3 08:49:23 UTC 2010 

Author: lucas
Date: 2010-03-03 08:49:22 +0000 (Wed, 03 Mar 2010)
New Revision: 1709

Modified:
   udd/sql/setup.sql
   udd/sql/upgrade.sql
   udd/udd/pts_gatherer.py
   udd/web/cgi-bin/pts-check.cgi
Log:
Attempt to solve the privacy problems with PTS subscribers data

- drop the pts_public table completely. PTS subscribers data isn't available
  from non-DDs anymore. Using the guestdd account is required to access it.
- change the CGI to use the guestdd account. The rest of the functionality of
  the CGI isn't changed.

Consequences:
The pts_public table (which contained the (package, md5(email)) list) doesn't
exist anymore. Only the pts table (which contains the non-hashed version
remains, but this table is only accessible using the guestdd account, whose
password is only available to DDs.
The CGI still exists, and still provide the same information. I still believe
that the information it provides is reasonable (see
http://lists.debian.org/debian-project/2010/03/msg00011.html).
It is harder to use that data from !samosa.debian.org, but we can probably
live with it.


Modified: udd/sql/setup.sql
===================================================================
--- udd/sql/setup.sql	2010-03-01 22:01:44 UTC (rev 1708)
+++ udd/sql/setup.sql	2010-03-03 08:49:22 UTC (rev 1709)
@@ -724,13 +724,6 @@
 );
 GRANT SELECT ON pts TO guestdd;
 
-CREATE TABLE pts_public (
-  source text,
-  email text,
-  PRIMARY KEY(source, email)
-);
-GRANT SELECT ON pts_public TO public;
-
 -- HISTORICAL DATA
 CREATE SCHEMA history;
 GRANT USAGE ON SCHEMA history TO public;

Modified: udd/sql/upgrade.sql
===================================================================
--- udd/sql/upgrade.sql	2010-03-01 22:01:44 UTC (rev 1708)
+++ udd/sql/upgrade.sql	2010-03-03 08:49:22 UTC (rev 1709)
@@ -319,11 +319,3 @@
 );
 GRANT SELECT ON pts TO guestdd;
 
-CREATE TABLE pts_public (
-  source text,
-  email text,
-  PRIMARY KEY(source, email)
-);
-GRANT SELECT ON pts_public TO public;
-
-

Modified: udd/udd/pts_gatherer.py
===================================================================
--- udd/udd/pts_gatherer.py	2010-03-01 22:01:44 UTC (rev 1708)
+++ udd/udd/pts_gatherer.py	2010-03-03 08:49:22 UTC (rev 1709)
@@ -35,8 +35,6 @@
         sub = sub.strip()
         c.execute("EXECUTE pts_insert(%s, %s)", (package, sub))
 
-    c.execute("DELETE FROM pts_public")
-    c.execute("INSERT INTO pts_public SELECT source, md5(lower(email)) FROM pts")
     c.execute("DEALLOCATE pts_insert")
     c.execute("ANALYZE pts")
     c.execute("ANALYZE pts_public")

Modified: udd/web/cgi-bin/pts-check.cgi
===================================================================
--- udd/web/cgi-bin/pts-check.cgi	2010-03-01 22:01:44 UTC (rev 1708)
+++ udd/web/cgi-bin/pts-check.cgi	2010-03-03 08:49:22 UTC (rev 1709)
@@ -15,10 +15,11 @@
 
 if cgi.has_key?('email')
 allpkgs = cgi.has_key?('allpkgs')
-dbh = DBI::connect('DBI:Pg:dbname=udd;port=5441;host=localhost', 'guest')
+pw = IO::read('/org/udd.debian.org/guestdd-password').chomp
+dbh = DBI::connect('DBI:Pg:dbname=udd;port=5441;host=localhost', 'guestdd', pw)
 maint = dbh.select_all("select source from sources where distribution='debian' and release='sid' and maintainer_email=#{dbh.quote(cgi['email'])}").map { |e| e[0] }.uniq
 upload = dbh.select_all("select source from uploaders where distribution='debian' and release='sid' and email=#{dbh.quote(cgi['email'])}").map { |e| e[0] }.uniq
-pts = dbh.select_all("select source from pts_public where md5(lower(#{dbh.quote(cgi['email'])}))=email").map { |e| e[0] }
+pts = dbh.select_all("select source from pts where #{dbh.quote(cgi['email'])}=email").map { |e| e[0] }
 puts "<h1>PTS subscriptions check for #{cgi['email']}</h1>"
 if (maint - pts).length > 0
 puts "Packages you maintain but are not subscribed to:<br/><ul>"

More information about the Collab-qa-commits mailing list