Home Home > Tag > gsoc
Sign up | Login

Deprecation notice: openSUSE Lizards user blog platform is deprecated, and will remain read only for the time being. Learn more...

Posts Tagged ‘gsoc’

[gsoc] summary of week 2

June 3rd, 2011 by

Hi,

here’s a small summary of the 2nd (coding) week. This
week I spent most of my time with working on an OO-style class
for doing http requests:

  • it’s possible to switch the http(s) implementation without touching any
    library code
  • supports response validation (if a schema was specified for the request)

Currently I’m still working on the “remote models”:

  • decided to use lxml.objectify:
  • – goal is to encapsulate the xml logic solely into the object itself
  • – example workflow:
    prj = RemoteProject(‘some_name’)
    prj.title = ‘dummy’
    prj.description = ‘foo bar’
    repo = prj.add_repository(name=’openSUSE_Factory’)
    repo.add_path(project=’openSUSE:Factory’, repository=’standard’)
    repo.add_arch(‘i586’)
    # change arch to x86_64
    repo.arch[0] = ‘x86_64’
    repo.save()

Minor stuff:

  • decided to use the “logging” module:
    this way we can easily add “debug” and “info” etc. messages and it’s up to
    the “client” which messages it wants to display (I’m not talking about
    the messages which are displayed when “osc up” is called or something like
    that)

GSoC – new osc user interface proposal

May 23rd, 2011 by

Hi,

as a part of our Google Summer of Code Project to cleanup osc our
first task was to define a new commandline user interface for osc.
The current user interface is quite “inconsistent” (with regard to
the expected arguments for different commands) and has some other
“flaws”.
Here are some examples to show some flaws of the current user
interface:

* inconsistent ui:
– osc results project package –repo repo –arch arch
– osc rebuild project package repo arch
– osc build repo arch
– osc ls project package repo arch -b
– osc ls project package -r repo -a arch -b
– osc undelete project package_1 … package_N
– osc rdelete project package_1

* counterintuitive commands:
– osc abortbuild project package
– osc abortbuild project package repo arch
– osc abortbuild (in a package working copy)
– osc abortbuild –repo repo –arch arch (in a package working copy)
– osc abortbuild repo arch (in a package working copy)
=> treats “repo” “arch” as “project” “package”

* “duplicated” commands:
– diff, rdiff
– buildlog, remotebuildlog, localbuildlog
– delete, rdelete, rremove

Additionally we support lots of commands and the output of
“osc –help”is quite long. In order to tackle this problem we decided
to introduce “groups” with subcommands, for instance:
attribute list
attribute create…
attribute set…

As a result we get rid of “god commands” (commands which supported
lots of different options for different things (like osc meta)) and
the new commands are easier to use because they support less arguments
and/or options (note: this doesn’t mean we lose functionality – the
functionality is just moved to another command/command group).

The attached table is just a _proposal_ for a new commandline user
interface.

Some additional explanations:

The biggest change with regard to our current user interface is the
introduction of an url-like syntax:
For example:
osc ls api://project/package
instead of
osc ls project package

In this case “api” means that the request is issued to the default
apiurl (in most cases https://api.opensuse.org) which can be
configured in the ~/.oscrc.
To issue the “list” request to a different obs instance one can use:
osc ls https://api.somehost/project/package
or
osc ls alias://project/package
“alias” is an alias for this apiurl which can be configured in the
~/.oscrc.

If you see this url-like syntax for the first time you might think
that it makes things much more complicated (and even more to type)
but it is advantageous:

– in most cases it is obvious if a command is a remote command or
local working copy command
– this way we get rid of ambiguities:
Suppose we support the following command (“<foo>” indicate that
“foo” is an optional argument):
binaries get api://project/package <repo/arch>
binaries get <repo/arch>
(if $PWD is a package working copy
the project and package arguments will be read from it)

Possible invocations are:
osc binaries get api://foo/bar standard/i586 # get all binaries
for this repo and arch
osc binaries get api://foo/bar # get all binaries for all repos
and all arches

# now suppose $PWD is a package working copy:
osc binaries get standard/i586 # get all binaries for this repo
and arch (project and package are read from the working copy)

osc binaries get api://foo/bar # gets all binaries for all repos
and all arches (project is “foo” and package is “bar”)

In the latter invocation we’re still in a package working copy
but ignore it and use the project and package arguments which
were specified.

Note: in this case a special (like the url-like) syntax is required
otherwise osc is unable to distinguish between a project/package and
repo/arch argument.

Once again this is just a _proposal_ – feedback is very welcome!
(please send the feedback to the opensuse-buildservice@opensuse.org mailinglist – thread)

Marcus

init, list, meta, attribute, request, submitrequest, review, link, copy, maintenance, branch, delete, undelete, diff, checkout, status, add, addremove, commit, update, resolved, distributions, results, buildlog, buildmeta, build, chroot, log, service, abortbuild, rebuild, binaries, search, my,
importsrcpkg, person, cat, less, repair, pull, signkey, vc, mv, config, revert, api, aggregate, mkpac, setlinkrev, linktobranch, detachbranch

setlinkrev, linktobranch and detachbranch might be grouped into group “other”.
Deleted commands:

cmd replacement reason
deleterequest args request create –delete args
reqeuestmaintainership args request create –role maintainer args
changedevelrequest args request create –changedevel args
request approvenew project <package> request –interactive-review could be used (but it’s no real replacement)
request log id request show id –log
linkpac link
copypac copy
releaserequest maintenance releaserequest
createincident maintenance createincident
maintenancerequest maintenance request
mbranch maintenance branch
getpac use branch
rdelete delete
updatepacmetafromspec
rdiff diff
linkdiff no replacement atm (current implementation partly broken); diff could support it
repourls isn’t needed IMHO
prjresults results
remotebuildlog buildlog
localbuildlog buildlog –local
buildinfo buildmeta info
buildconfig buildmeta config
triggerreason buildmeta triggerreason
dependson buildmeta dependson
buildhistory buildmeta history
jobhistory buildmeta jobhistory
info not needed anymore
getbinaries binaries get
wipebinaries binaries wipe
list –binaries binaries list
search –binary binaries search
bugowner no real replacement use person maintainer -b (if we support this)
maintainer person maintainer
maintainer project –add user –role role person add api://project role user
maintainer project –delete user person delete api://project user
whois person meta
meta user person meta
cat/less http://api/source/project/package/file not needed (IMHO)
repairlink repair link
repairwc repair wc
signkey signkey it’s not context-sensitive anymore
rremove do we really need this?
aggregatepac aggregate
develproject meta meta should display the xml in a nice way so that it’s easy to see whether a develprj is defined or not
repositories meta meta should display the xml in a nice way so that all repos are displayed

new commandline user interface

init

cmd subcmd prj wc pkg wc params/opts note
init api://project
init api://project/package

list

cmd subcmd prj wc pkg wc params/opts note
ls x list all remote packages for the wc project
ls x list all remote files for the wc package
ls api://
ls api://project
ls api://project/package
ls api://project/package/file just for backward compatibility

meta

cmd subcmd prj wc pkg wc params/opts note
meta x shows/edits project meta
meta x shows/edits package meta
meta api://project
meta api://project/package
meta api://project/_prjconf

attribute

cmd subcmd prj wc pkg wc params/opts note
attribute is not context sensitive
attribute list api://project show all attributes
attribute list api://project attribute show specific attribute
attribute set api://project attribute newval set attribute to newval
attribute create api://project attribute create new attribute
attribute delete api://project attribute delete attribute
attribute list api://project/package show all attributes
attribute list api://project/package/binary show all attributes – /binary works for all commands below, too
attribute list api://project/package attribute show specific attribute
attribute set api://project/package attribute newval set attribute to newval
attribute create api://project/package attribute create new attribute
attribute delete api://project/package attribute delete attribute

request

cmd subcmd prj wc pkg wc params/opts note
request is not context sensitive
request create –submit api://project/package api://tgt_projet/<package>
request create –submit api://project/package api://tgt_projet/<package>
request create –changedevel api://project/package api://tgt_projet/<package>
request create –role role user api://project/<package>
request create –grouprole role group api://project/<package>
request create –bugowner user api://project/<package> alternatively we treat bugowner as a “role” and use –role bugowner…
request create –delete api://project/<package>
request list api://<project>/<package> list all/project/package requests
in the following we support both: “api://id” and “id” (if the latter format is specified the default apiurl is used – regardless if the cmd is executed in a wc)
request show api://id apart from –brief also support –log which just shows the statehistory + current state
request supersede api://id api://supersede_id
request accept api://id
request decline api://id
request revoke api://id
request reopen api://id
request wipe api://id
request checkout (x) api://id if the package’s package belongs to the wc’s project the package will be added to this project (if it already exists an error will be printed)

submitrequest

cmd subcmd prj wc pkg wc params/opts note
submitrequest x semantic change: creates a sr for all local packages (instead of all remote)
submitrequest x wc has to be a source link
submitrequest x api://tgt_project/<tgt_package>
submitrequest api://project/package api://tgt_project/<tgt_package>

review

cmd subcmd prj wc pkg wc params/opts note
review accept api://id
review decline api://id
review reopen api://id
review susersede api://id api://supsersede_id
review add api://id –user user –group group –package package –project project at least one option is required
review list api://<project>/<package> just for convenience; “request list –state review” should lead to the same result

link

cmd subcmd prj wc pkg wc params/opts note
link api://link_project api://project
link api://link_project/link_package api://project/&tl;package>

copy

cmd subcmd prj wc pkg wc params/opts note
copy api://copy_project api://project could be supported
copy api://copy_project/copy_package api://project/&tl;package>

maintenance

cmd subcmd prj wc pkg wc params/opts note
maintenance releaserequest x
maintenance releaserequest api://project
maintenance createincident <api://project>
maintenance request api://project <api://tgt_project>
maintenance branch package <tgt_project> XXX: this voilates the url schema

branch

cmd subcmd prj wc pkg wc params/opts note
branch api://project/package <api://tgt_project/tgt_package>

undelete

cmd subcmd prj wc pkg wc params/opts note
undelete api://project/<package>

delete

cmd subcmd prj wc pkg wc params/opts note
delete api://project/<package> multiple arguments can be specified
delete /path/to/package
delete /path/to/file

diff

cmd subcmd prj wc pkg wc params/opts note
diff x
diff x
diff /path/to/file multiple args are supported
diff /path/to/package
diff /path/to/project
diff api://project/package
diff api://project/package api://original_project/original_package

checkout

cmd subcmd prj wc pkg wc params/opts note
checkout api://project/<package> checking out a file is not supported anymore
checkout x package adds the package to the wc
checkout x package adds the package to the wc

status

cmd subcmd prj wc pkg wc params/opts note
status x
status x
status /path/to/project_or_package_or_file multiple arguments are supported

add

cmd subcmd prj wc pkg wc params/opts note
add /path/to/dir_or_file multiple arguments are supported
add URL create a _service file

addremove

cmd subcmd prj wc pkg wc params/opts note
addremove x
addremove x
addremove /path/to/package multiple arguments are supported

commit

cmd subcmd prj wc pkg wc params/opts note
commit x
commit x
commit /path/to/project_or_package_or_file multiple arguments are supported

update

cmd subcmd prj wc pkg wc params/opts note
update x
update x
update /path/to/project_or_package multiple arguments are supported

resolved

cmd subcmd prj wc pkg wc params/opts note
resolved /path/to/file multiple arguments are supported

distributions

cmd subcmd prj wc pkg wc params/opts note
distributions api://

results

cmd subcmd prj wc pkg wc params/opts note
results x
results x
results api://project/<package>

buildlog
if repo/arch is not specified the config values will be used (default_repo, default_arch)

cmd subcmd prj wc pkg wc params/opts note
buildlog x <repo/arch>
buildlog x <repo/arch> –local
buildlog api://project/package <repo/arch>

buildmeta
if repo/arch is not specified the config values will be used (default_repo, default_arch)

cmd subcmd prj wc pkg wc params/opts note
buildmeta info x <repo/arch> <build_descr> distingiush between repo/arch build_descr, /arch build_descr via the file extension of build_descr
buildmeta info api://project/package <repo/arch> <build_descr> distingiush between repo/arch build_descr, /arch build_descr via the file extension of build_descr
buildmeta config x <repo/arch> <build_descr>
buildmeta config api://project/package <repo>
buildmeta triggerreason x <repo/arch>
buildmeta triggerreason api://project/package <repo/arch>
buildmeta dependson x <repo/arch>
buildmeta dependson api://project/package <repo/arch>
buildmeta log x <repo/arch> same as buildlog (just for consistency)
buildmeta log x <repo/arch> –local same as buildlog (just for consistency)
buildmeta log api://project/package <repo/arch> same as buildlog (just for consistency)
buildmeta history x <repo/arch>
buildmeta history api://project/package <repo/arch>
buildmeta jobhistory x <repo/arch>
buildmeta jobhistory x <repo/arch>
buildmeta jobhistory api://project/<package> <repo/arch>

build
if repo/arch is not specified the config values will be used (default_repo, default_arch)

cmd subcmd prj wc pkg wc params/opts note
build x <repo/arch> <build_descr>

chroot
if repo/arch is not specified the config values will be used (default_repo, default_arch)

cmd subcmd prj wc pkg wc params/opts note
chroot x <repo/arch> <build_descr> build_descr is not needed for the command itself

log

cmd subcmd prj wc pkg wc params/opts note
log x
log x
log api://project/<package>

service

cmd subcmd prj wc pkg wc params/opts note
service run x <service_name>
service disabledrun x
service remoterun api://project/package

abortbuild
if repo/arch is not specified the config values will be used (default_repo, default_arch)

cmd subcmd prj wc pkg wc params/opts note
abortbuild x <repo/arch> to abort all builds specifiy –all
abortbuild x <repo/arch> to abort all builds specifiy –all
abortbuild api://project/<package> <repo/arch> to abort all builds specifiy –all

rebuild
if repo/arch is not specified the config values will be used (default_repo, default_arch)

cmd subcmd prj wc pkg wc params/opts note
rebuild x <repo/arch> to rebuild all packages specifiy –all
rebuild x <repo/arch> to rebuild all packages specifiy –all
rebuild api://project/<package> <repo/arch> to rebuild all packages specifiy –all

rebuild
if repo/arch is not specified the config values will be used (default_repo, default_arch)

cmd subcmd prj wc pkg wc params/opts note
binaries get x <repo/arch> to get all binaries specifiy –all
binaries get x <repo/arch> to get all binaries specifiy –all
binaries get api://project/<package> <repo/arch> to get all binaries specifiy –all
binaries list x <repo/arch> to list all binaries specifiy –all
binaries list x <repo/arch> to list all binaries specifiy –all
binaries list api://project/<package> <repo/arch> to list all binaries specifiy –all
binaries wipe x <repo/arch> to wipe all binaries specifiy –all
binaries search api://<project> search_term
binaries wipe api://project/<package> <repo/arch> to wipe all binaries specifiy –all

my

cmd subcmd prj wc pkg wc params/opts note
my requests
my submitrequests
my projects
my packages

search

cmd subcmd prj wc pkg wc params/opts note
search search_term

importsrcpkg

cmd subcmd prj wc pkg wc params/opts note
importsrcpkg x /path/to/srpm

person
For groups we can add a new “group” command

cmd subcmd prj wc pkg wc params/opts note
person meta api://username <–edit>
person maintainer api://project/<package> show maintainer of the project/package
person maintainer api://project/<package> show maintainer of the project/package
person add api://project/<package> user role
person delete api://project/<package> user <role>

cat

cmd subcmd prj wc pkg wc params/opts note
cat api://project/package/file

less

cmd subcmd prj wc pkg wc params/opts note
cat api://project/package/file

repair

cmd subcmd prj wc pkg wc params/opts note
repair link x
repair link api://project/package <api://into_project/<into_package>>
repair wc x
repair wc x

pull

cmd subcmd prj wc pkg wc params/opts note
pull x

signkey

cmd subcmd prj wc pkg wc params/opts note
signkey api://project

vc

cmd subcmd prj wc pkg wc params/opts note
vc

mv

cmd subcmd prj wc pkg wc params/opts note
mv x filename new_filename should we support this for packages, too?

config

cmd subcmd prj wc pkg wc params/opts note
config section option
config section option value

revert

cmd subcmd prj wc pkg wc params/opts note
revert x
revert /path/to/file multiple arguments are supported

api

cmd subcmd prj wc pkg wc params/opts note
api api://path/to/something

aggregate

cmd subcmd prj wc pkg wc params/opts note
aggregate api://project/package api://tgt_project/<tgt_packge>

mkpac

cmd subcmd prj wc pkg wc params/opts note
mkpac x package_name

setlinkrev

cmd subcmd prj wc pkg wc params/opts note
setlinkrev x
setlinkrev api://project/<package>

linktobranch

cmd subcmd prj wc pkg wc params/opts note
linktobranch x
linktobranch api://project/package

detachbranch

cmd subcmd prj wc pkg wc params/opts note
detachbranch x
detachbranch api://project/package

(please send the feedback to the opensuse-buildservice@opensuse.org mailinglist – thread)

GSoC Idea: Build Service Plasma Widget Suite

March 24th, 2011 by

I’m blatantly abusing GSoC for a project that I would like to see in openSUSE but that I’ve never had time to work on. But really it’s a worthwhile thing to have: a set of Plasma widgets that users and developers can add to their workspace to make it easy to see what’s going on in OBS in the projects that matter to them. If you want to work on a fun project with cutting edge technologies such as Qt, QML, Plasma then head on over to the GSoC 2011 Ideas Page.

openSUSE & Google Summer of Code 2010

March 1st, 2010 by

The wonderful Vincent has already sent the initial call for participation, so who’s up for it then?

OK I’ll take it that there are several hands raised in the audience (I reckon I’m being overly cautious, I’m sure there are loads of hands up but as I don’t have my glasses on I can only see the first two rows).  So what do we need from our lovely community to help make GSoC 2010 a success?

* We need some admins for openSUSE in GSoC 2010. This mainly involves making sure that we do everything we need to participate in GSoC; making sure students feel comfortable in the project, and push our contributors a bit to publish ideas and mentor students.  Basically the GoTo contact points.

* We need people to maintain the GSoC 2010 wiki page.  I have already started the GSoC 2010 page on the wiki, yes it is pretty much a  copy/paste of last years but it gets the ball rolling 😉

* We need people to start thinking about ideas that students could work on.  If you have a good idea, why not put it in openFATE and put it on the wiki too (with a link to the openFate entry)?  That way we can utilise the voting feature of openFate and gauge how much the community would appreciate the student’s hard work.

So there’s nothing stopping you from joining in, so get to it! Oh and if you’re looking for a way to contribute to openSUSE but aren’t a coder this is a great way to get your feet wet with the community 🙂

GSoC – summary of this week’s meeting

August 12th, 2009 by

Since the rails oauth-plugin got support for oauth 1.0a I started to migrate the frontend so that it also supports 1.0a. This was a nice exercise to learn how certain things are done with rails. Additionally I did some code cleanups, bugfixing etc.

The goal for this week is more testing, bugfixing and writing a user documentation.

GSoC – summary of this week’s meeting

June 26th, 2009 by

The task for this week was to add support to the frontend so that desktop clients like osc can add the oauth specific parameters to the http “Authorization” header. The ruby library was already able to handle this and therefore I only needed to do a very small change in our urllib2 OAuthHandler which is used by osc.

Using the Authorization header has one drawback:
– the current flow looks like the following: a client makes an unauthorized API request, the API sends back a 401 to tell the client that it needs to authenticate. Therefore the response also contains the following http header: ‘WWW-Authenticate: basic realm=”Frontend login” ‘. This indicates that the client should use basic auth to authenticate with the API. The question is how we can tell the client that it could also use oauth? Sending back something like ‘WWW-Authenticate: basic, oauth realm=”Frontend login”‘ will probably break some clients. Fortunately darix had a great idea: the client simply tells the server which auth methods it supports. This can be done by adding a new http header like ‘Accept-Authentication: OpenID; OAuth;q=0.8, digest;q=0.7, Basic;q=0.5″ ‘ to each request (q indicates which method is preferred, see other http headers like ‘Accept-Language’ for the details). If the API needs authorization it looks at this header and picks the “preferred” method from this list and sends back ‘WWW-Authenticate: <preferred_and_supported_method>, realm=”Frontend login”‘ ‘. In case the Accept-Authentication header is omitted the application’s default method is used (in our case basic auth). Another thing which needs to be discussed is how the API should behave if the client only accepts methods which aren’t supported by the API (e.g. should the API send back a 401 or 406?).

Apart from thinking about this the other task for this week(end) is to add an UI for managing oauth tokens etc. The first part of this task is to decide which tasks the UI should support (like revoking tokens, authorize tokens etc.).

The next meeting will be on monday to discuss the first results.

GSoC – summary of this week’s meeting

June 18th, 2009 by

The goals for the last week were to implement oauth support into osc and add something like a “ttl” so that an access token expires after some time.

In order to implement it into osc I decided to write a simple OAuthHandler class which can be added as an “opener” to urllib2. So it should be possible to add custom “openers” for other protocols (but the interface might change again).

The next action item was to add a ttl for an access token. In fact this was just a “one-liner” (apart from a small migration script). I’m really impressed how easy it was to do this with rails.

One note about the osc integration:
At the moment osc sends all required authentification stuff (e.g. oauth_token etc.) via url parameters: http://0.0.0.0:3000/source/home:Admin?oauth_consumer_key=<key>&oauth_signature_method=HMAC-SHA1… because we cannot use POST requests. It might be “nicer” to add this kind of parameters to the http header – so our plan is to use the standard http authorization or www-authenticate headers (see also here).

Action item for the next week:

  • add support to the frontend so that it can handle oauth via the authorization header.

openSUSE@ARM/GSoC: Cross-compilation & speedup

June 16th, 2009 by

This weeks topic was the integration of the cross-compilation mode into the build environment. But it’s more than just a cross-toolchain – it’s a speed-boost for our ARM build environment. As of today, the source is deployed in the repository Base:build:arm:cross. It’s not fully bootstrapped because of the current high load and the upcoming downtime – so watch out for changes there and in Base:build:arm.

But what are these “speedup’s” ? First, you’ve to know that in our build environment the ARM binaries are executed through an emulation-layer. This works on the cost of speed. The goal is now, to exchange some key parts in a transparent manner with native x86 binaries: no emulation, no slowdown. Sounds reasonable, but is it easily possible ?
I had to take care not to mix stuff too much because the environment would break. But now I’ve to say:  WOW, this worked incredibly well  😉 .

The distinctive feature of our approach in comparison to usual cross-build environments is that we use the best of native environment emulation and the speed of cross-compilation. Because of this combination we don’t have to patch the individual packages to make them cross-compilation ready. This is a new way of cross-compiling suitable also for large number of packages. A detailed overview about the different crossbuild types can be found on this page.
Another feature to note is that the exchanged binaries (replacing ARM with x86 in the build environment) also don’t need heavy patching and there’s no need to compile them as static binaries. All of them are normal distribution packages.

A switch in the project enables/disables the new features. With the new changes in place, the speed could be vastly increased. Some figures:
* package rpm
* package glibc w/o locales

Build time in minutes
x86 native armv5tel native armv5tel cross factor native factor cross
rpm 8 107 17 13,38 2,13
glibc 33 505 63 15,3 1,91

overview cross-environment

Thats a drop from about x15 to x2 in comparison to the native x86 build-time !! See it yourself when the “crosscompiled” repo in Base:build:arm is up and running.

In other words: “Warp 5, Mr. Sulu !” 😉

GSoC – summary of this week’s meeting

May 29th, 2009 by

In the last days I had a closer look at the oauth rails plugin which requires some methods from the restful_authentification module. As the obs frontend doesn’t use this module we need to provide our own implementations of these methods. Fortunately it only uses a handful of methods (like authorized?, login_required, logged_in?, current_user etc.) so it shouldn’t be too hard to get it working without the restful_authentication module.

Another thing on my todo list was to look for possible workarounds for the session fixation attack. According to this thread it’ll be fixed in a new revision of the oauth spec. So after the user grants access to a specific application the oauth provider redirects the user to a callback url (if it’s specified by the consumer). Additionally it adds a parameter to this url (called oauth_verifier) which has an unpredictable value – so an attacker has no chance to “take over the session” (this is just a short summary – for more details have a look at the spec).

Last but not least I finished the test application and played around with it.

TODO:

  • start integrating oauth into the frontend
  • play around with the python library

Btw. my mentor pointed me to an interesting railscast about authlogic – it gives a great overview about this module.

GSoC – summary of this week’s meeting

May 21st, 2009 by

My mentor suggested to do a weekly meeting in order to discuss the current state of the project. I’m going to post a small summary after each meeting.

in progress:

  • build small rails test application in order to simulate a small environment to test the ruby libraries
  • used the “restful_authentication” module because it is required by the rails plugin generator

The test application is more or less working and it’s already possible to get an access token.

TODO:

  • find more information and possible workarounds for the session fixation attack
  • finish the test application
  • find out which method’s from the “restful_authentication” module are required by the oauth rails plugin. The plan is to “fake” this methods so that the rails plugin can be used.

Additionally we talked a bit about authlogic – we decided that we won’t use authlogic for this project but it might be useful for the future.