User:Victor Grousset - tuxayo/Ready to paste messages

From Koha Wiki
Jump to navigation Jump to search

QA

Works, makes sense, QA script happy, code looks good, passing QA :)

RMaint

Backported: Pushed to 21.05.x branch for the upcoming release (21.05.21)

Not backported to oldoldstable (21.05.x). Feel free to ask if it's needed.

Nothing to document it seems, marking resolved.

Missing dependencies for 21.05.x, it shouldn't be affected, no backport.

Missing dependencies for 21.05.x, can't backport.

Enhancement, not backported to 21.05.x.

It's likely that the new strings won't be translated for oldoldstable at this point of the cycle for all but the few most actively translated languages. So that might actually be a translation regression even for languages that are almost fully translated.
All that is just guesswork though.

Can't backport to 21.05.x: can't solve a conflict.
If there is an interest in having this backported, please submit a patch for 21.05.

It doesn't apply cleanly on 21.05.x and the conflict isn't simple to solve.
If there is an interest in having this backported, feel free to submit a patch for 21.05.

Can't be backported to 21.05.x due to dependence on bug TODO.

So if someone is interested in this bug being backported to 21.05.x, send help to bug TODO ^^

Can't backport to 21.05.x, the code doesn't seem to have that part here (TODO_TODO_TODO).
Maybe the feature wasn't here, maybe it moved from another file
If interested, feel free to investigate further.

Meetings

Moving on, if we forgot something, say it so we come back to it later.

Conflict: explanation of the diff3 conflictStyle

Clarification of the diff3 conflictStyle display:
<<<<<<< HEAD

# code from current 20.05.x

=======

# code from upstream 20.11.x before the patch

||||||| parent of 123abc123abc

# code from upstream 20.11.x after the patch

>>>>>>> 123abc123abc

tl;dr it adds a middle conflict section that shows the code before the patch being applied/cherry-picked/merged. So for RMaint we can see what are the changes that are due from the different Koha versions and not the patch changes.

Asking for test plan

I would like to try to test this. But I need a test plan as I don't know well enough this part of Koha to improvise one.

It can looks like this:
1. Step to prepare some stuff
2. Another step
3. Do something else that exposes the current issue
4. Apply the patch
5. Redo some of the above steps
6. See that the issue is gone


Security ticket

When the topic of trusting the librarians comes up 

There are certainly pros to trust librarians. We have other fishes to fry about security anyway.
But even though that's not enough.

Their account can be compromised by
- a dictionary of common passwords
- a password leak from another website or service
- password social engineering
- fishing
- a malware stealing the password

Or just a malware doing the job directly with the user session cookie.

And also a privilege escalation attack can have much more impact if it allows to reach data that is too much trusted afterwards.
[...]
Retrieved from "https://wiki.koha-community.org/w/index.php?title=User:Victor_Grousset_-_tuxayo/Ready_to_paste_messages&oldid=31956"