@jdstrand
Please see bug 1049946
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage notifications about this bug go to:
https://bugs.launchpad
Jamie and others. I've opened bug 107 to continue the MIR (and now,
FFe) discussion surrounding unity-lens-photos. The photo lens is a
distinct feature from the rest of this, which has already landed.
For now, as I mention in bug 107, I'm going down the path of
investigating using oauthl
I poked at unity-lens-photos some more:
* Packet analysis showed that clicking on a friend's photo opened a browser
window with an http:// url (facebook). This error should be rendered via http.
I'm guessing this didn't work right because I didn't have the browser addon.
* A quick look at the DBu
python-oauthlib is currently in main, but it is only shipping as py2. It
wasn't clear to me that it supported oauth 2, which is of course a
requirement for many of the providers. If it can do what we want, then
that is preferred (the server team's 'glance' pulls it into main, and
that is unlikely t
Regarding embedding oauth2... python-oauth2 is python2 only right now
and in universe. The recommeded oauth module is apparently python-
oauthlib in main.
I didn't want to go down the route of promoting python-oauth2 and having
competing oauth recommendations for other packages. But it wasn't
t
I am almost done with my review, but won't finish until tomorrow. In the
interest of time, I thought I would comment on what I have so far:
Security review:
* No CVE history in unity-lens-photos (new) or the embedded oauth2 module. The
upstream for python-oauth2 doesn't seem particularly active
unity-scope-gdocs promoted in quantal
** Changed in: unity-scope-gdocs (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] onlin
OK, njpatel string is gone in 0.2. The other nit is harmless, but
fixed. Seems fine.
** Changed in: unity-scope-gdocs (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpa
The desktop file is harmless, but I fixed it in unity-scope-
gdocs=0.2-0ubuntu2
** Changed in: unity-scope-gdocs (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs
Oh whoops, I didn't see that 0.2 had been uploaded. That resolves the
python3 issue. What of the questions? unity-2d-shell and njpatel seem
like typos.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
Blockers:
* Needs to be python3, not python2. Why are people still writing stuff for
main in python2?
Nits:
* What's the story with "source='njpatel-UnityLensGDocs-0.1'" in
unity-scope-gdocs?
* What's the story with unity-2d-shell.desktop
unity-scope-gdocs.application?
* Should be a bug subscr
** Also affects: unity-scope-gdocs (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage noti
** Changed in: unity-lens-photos (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Jamie Strandboge
(jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] onl
Packaging-wise and maintaining-wise, it's fine. But since it embeds a
copy of oauth2, I'm going to pass on to security team for a quick audit.
** Changed in: unity-lens-photos (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification be
** Changed in: account-plugins (Ubuntu)
Status: Fix Committed => Fix Released
** Changed in: signon-plugin-oauth2 (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bug
** Also affects: unity-lens-photos (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage noti
since security and MIR team gave an ack I promoted the component showing
up on component mismatch after the empathy upload, thanks everyone
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
libaccounts-glib promoted to main
** Changed in: libaccounts-glib (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-acc
signon-keyring-extension promoted to main
** Changed in: signon-keyring-extension (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
libaccounts-qt promoted to main
** Changed in: libaccounts-qt (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-account
signon-ui promoted to main
** Changed in: signon-ui (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and frie
signon promoted to main
** Changed in: signon (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
T
libsignon-glib promoted to main
** Changed in: libsignon-glib (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-account
gnome-control-center-signon promoted
** Changed in: gnome-control-center-signon (Ubuntu)
Importance: Undecided => High
** Changed in: gnome-control-center-signon (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bug
Approve signon-ui based on jdstrand's comments.
** Changed in: signon-ui (Ubuntu)
Status: In Progress => Fix Committed
** Changed in: signon-ui (Ubuntu)
Assignee: Alberto Mardegan (mardy) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Bugs filed, assigned and milestones set:
bug 1039084 Refuse non-https URLs
bug 1039085 navigating away from the authentication pages should open the url
in the default browser
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://b
ACK, but please file bugs, tageted at 12.10, for each of:
* requiring https-only URLs
* navigating away from the authentication pages causes the url to open in the
default browser
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
http
Just a quick summary of what was decided about signon-ui's use of
QtWebkit: signon-ui will refuse to load any non "https://"; URLs; and
those URLs which allow the user to navigate away from the OAuth
authentication pages will be opened on the default browser.
We currently have just two plugins usi
Jamie, about:
> * This was an interesting find in the code:
> ./lib/signond/signond.pc:prefix=/home/mardy/tmp/signond
> ./lib/signond/signond.pc:libdir=/home/mardy/tmp/signond/lib64
this is probably a bug in "make dist"; that file should not be shipped;
it's recreated during the build (from the
Review:
* No CVEs. Hardening options are enabled, but it would be nice to have this
compiled with PIE. No initscripts/upstart jobs, dbus services, setuid, use of
fscaps, use of sudoe/su/pkexec, or cron jobs
* coded in typical C++ and looks to have appropriate SSL handling. Spot
checking code l
Review:
* No CVEs,
* Hardening options are present. Would be nice to enable PIE.
* No initscript/upstart jobs, dbus system services, setuid, fscaps usage,
sudo/su/pkexec or cron jobs. Has two session services.
* does use malloc with strcpy, but these are safe. Spot-checking other
operations s
Same for signon-keyring-extension.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage notifications about this bug go to:
https://bugs.launchpa
Marking gnome-control-center-signon as Fix Committed, since the tests
require a little work and a separate milestoned bug was filed.
** Changed in: gnome-control-center-signon (Ubuntu)
Status: Incomplete => Fix Committed
** Changed in: signon-keyring-extension (Ubuntu)
Status: Incom
Oops! There is a dbus service (mis-pasted that line) which is started on
the session bus.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage no
** Changed in: signon-ui (Ubuntu)
Assignee: (unassigned) => Alberto Mardegan (mardy)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage no
signon-ui:
* No CVEs (new project), no initscript/upstart jobs, dbus services, setuid,
fscaps usage, sudo/su/pkexec or cron jobs. Hardening options are present.
* Uses standard C++ 'new' and no uses of dangerous C-style strings/memory
operations.
* has a testsuite with no errors in the build
Ok, ken-vandine is uploading a new accounts-plugins to have flickr use
the secure endpoint. account-plugin-sina and account-plugin-sohu are
flawed delivering web content over http. These need to be disabled or
left in universe.
** Changed in: account-plugins (Ubuntu)
Status: In Progress =>
In reference to bug #1037169 those services require http, so marking
that bug as invalid.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage no
FYI, I just filed bug #1037169 against accounts-plugins. Please get this
updated before promoting.
** Changed in: account-plugins (Ubuntu)
Status: Fix Committed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
htt
** Changed in: signon-plugin-oauth2 (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Jamie Strandboge
(jdstrand)
** Changed in: signon (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Jamie Strandboge
(jdstrand)
--
You received this bug notification because yo
gnome-control-center-signon bug 1035039 to mock keyring and signon-ui
access so we can enable the tests
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
signon-keyring-extension bug 1035037 to mock keyring access so we can
enable the tests
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage notif
With latest upload, signon is fine from a packaging point of view.
Still assigned to security team for quick pass though.
** Changed in: signon (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
online-accounts and its related packages should enter main.
The following packages are needed to complete the online-accounts
experience:
* signon
* libsignon-glib
* libaccounts-glib
* account-plugins
* gnome-control-center-signon
- * signon-plug
** Changed in: account-plugins (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage notifications ab
account-plugins:
* debian/watch
- added
* debian/patches/py3.patch
- ported account-console to python3
* debian/control, debian/rules
- python3
* debian/compat
- debhelper 9
The twitter secret has to be separated from the source, so the one in
the source is just for develop
** Changed in: libaccounts-qt (Ubuntu)
Status: New => Fix Committed
** Changed in: signon-plugin-oauth2 (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1
signon-plugin-oauth2:
The signon-plugin-oauth2-tests package doesn't seem to be used anywhere
yet, but it is something that could be useful for other plugin
developers to use in their test suites.
Good catch on the libqtwebkit-dev build depends, that is in fact no
longer needed, I removed it.
Up
libaccounts-qt tests enabled, should be good now.
** Changed in: libaccounts-qt (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-a
For signon-plugin-oauth2, it looks mostly fine. Love the tests! No
blockers, but I do have some questions.
Questions:
Why is libqtwebkit-dev a Build-Dependency? It didn't look like it was used.
Why is there a tests package in debian/control? Seems like that's not
something users would want to
account-plugins needs some work.
Blockers:
* The python build-dep and dependencies seem like they can be switched to
python3? tools/account-console would need to be ported, but that looks like a
small job.
Questions:
What's the deal with the twitter secret in debian/rules and configure.ac? I
signon-ui has a dep on qtwebkit, so assigning to jdstrand.
** Changed in: signon-ui (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/10
** Changed in: libaccounts-qt (Ubuntu)
Status: Fix Committed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage notificati
** Also affects: signon-plugin-oauth2 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage n
libaccounts-qt is fine once tests are enabled.
** Changed in: libaccounts-qt (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-a
** Also affects: signon-ui (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage notification
** Also affects: libaccounts-qt (Ubuntu)
Importance: Undecided
Status: New
** Also affects: account-plugins (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
online-accounts and its related packages should enter main.
The following packages are needed
** Changed in: gnome-control-center-signon (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage notific
** Also affects: gnome-control-center-signon (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To m
** Changed in: signon-keyring-extension (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage notificati
signon-keyring-extension NEWed, adding it to the list of packages on the
bug
** Also affects: signon-keyring-extension (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.l
Reviewed gnome-control-center-signon from NEW.
Blockers:
* Tests are disabled.
Nits:
Would be nice to use debhelper compat 9.
Love the symbols and the --fail-missing.
Bummer about using libdbus-glib, but not a blocker.
--
You received this bug notification because you are a member of Ubuntu
Bug
Reviewed signon-keyring-extension from NEW.
Blockers:
* Tests are disabled but Ken tells me some work is going into mocking
gnome-keyring in order to enable the tests, which sounds good.
Nits:
Would be nice to use debhelper compat 9.
Package installs /usr/bin unnecessarily (debian/rule can just
Same for libaccounts-glib.
** Changed in: libaccounts-glib (Ubuntu)
Status: Incomplete => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and
libsignon-glib is now fine. Tests, dh_python3, and dh9 were all fixed.
Thanks, Ken!
** Changed in: libsignon-glib (Ubuntu)
Status: Incomplete => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launch
signon:
* Some of the headers in /usr/include/signon-plugins/ are installed in the
signon-plugins-dev package, the ones that aren't shouldn't really be installed
at all.
* I'll work on making the tests work in pbuilder, drop gcc-4.6 and use
debhelper 9
--
You received this bug notification
libsignon-glib needs work:
* Should enable tests. Getting rid of the override_dh_auto_test in
debian/rules, gave me 6 failures out of 17. Do we know why those are failing?
* Should use dh_python3 instead of dh_python2 (doesn't seem like it needs
anything 2-only anyway).
Bummer about using dbus-
Which of these has the dependency on qtwebkit and the bits doing https?
Please assign to me.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1029549
Title:
[MIR] online-accounts and friends
To manage
signon needs work:
* Tests are disabled and fail when enabled due to "Could not access Signon
Database". Can they be made to run?
* /usr/include/signon-plugins/* should be installed as part of signond-dev.
* What's the story with requiring g++-4.6? I tried dropping that Build-Depend
and it stil
libaccounts-glib needs work:
* Should enable tests. Add dbus-test-runner to Build-Depends and get rid of
the override_dh_auto_test in debian/rules. I tested this and it seemed to work
fine.
* Should use dh_python3 instead of dh_python2 (doesn't seem like it needs
anything 2-only anyway).
Bumm
** Description changed:
online-accounts and its related packages should enter main.
- This description to be filled out.
+ The following packages are needed to complete the online-accounts
+ experience:
+
+ * signon
+ * libsignon-glib
+ * libaccounts-glib
+ * account-plugins(not upl
71 matches
Mail list logo
