[Dehs-devel] News on last changes made to DEHS (and related news)

[Raphael Geissert]

Hello everybody,

Since yesterday I'm part of the team, here are some news on what I've 
done/caused and other DEHS-related news:

== Backend directory move ==

First of all, DEHS' 'backend' is not on Stefano's home directory anymore, it 
is now available at /home/groups/dehs/dehs_prj/dehs/
This move has lead to an easier way to modify the backend so we don't have to 
work under a home directory.

== SVN changes ==

The svn repository now has the latest and working/used code. And to make the 
best out of this the backend is nothing but a copy of the repository which 
can be updated by executing svn update.
This will hopefully make the maintenance of the backend a lot easier, this 
because everyone willing to modify it should commit the change to the 
repository and then update the work dir.

I've also enabled commit notifications to be emailed to the mailing list, 
hoping everybody is notified about any change.

== Code changes ==

Besides some minor bug fixing, the backend will now make two attempts to 
create a working watch file, hoping this will increase the number of 
generated watch files.
As soon as the data is updated I'll compare the results and see if it is a 
good idea to try twice.

A XSS and SQL injections vulnerability was also fixed in maintainer.php

Also, the backend is now using uscan.pl from devscripts' repository, and each 
run of the dehs.sh script will check for a new version of it and notify.
This change will hopefully make DEHS more accurate on its results by 
supporting the latest features of uscan.

The shell scripts will now abort in case any of the commands exit with a 
non-zero status (see below why).

The dehs_pg.php script when dying will now also exit with a custom status code 
(php returns '0' when a non-numeric value is passed to die/exit).

== DEHS data update ==

It was probably noticeable that the data on DEHS was older than usually.
This was caused because of a stalled uscan process, situation which Stefano 
solved by killing all the processes.

So today I started the update process with the refreshed backend, which caused 
some problems:
* .html pages were regenerated but emptied because my alioth user wasn't 
authorised to connect to the database
* For the same reason, the database wasn't updated at all

This was solved by Stephen Gran by creating a dehs group with UPDATE INSERT 
SELECT and DELETE privileges on the database and added me and Stefano to it.
This way it should be easier to manage the database access rights.

After this, I started again the update script which is at the time of typing 
still running (700 watch files left to check). I've also regenerated the html 
pages so they don't display the silly 'db error' message :)

As I mentioned above, the shell scripts will now abort if any of the commands 
exit with a non-zero status, trying to prevent what happened because of my 
user not having enough rights.




I think that for now this is it, I guess everybody reading this message is 
aware of my bug reporting on bogus watch files so I don't have to talk about 
it.
I hope I'm not missing any important information :)


Sincerely,
-- 
Atomo64 - Raphael

Please avoid sending me Word, PowerPoint or Excel attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/dehs-devel/attachments/20071126/cdebf99e/attachment.pgp