Re: [ease-dev] [EASE] Bugs to be posted on Bugzilla

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [ease-dev] [EASE] Bugs to be posted on Bugzilla

From: Christian Pontesegger <christian.pontesegger@xxxxxx>
Date: Wed, 18 May 2016 23:02:14 +0200
Delivered-to: ease-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/ease-dev>
List-help: <mailto:ease-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/ease-dev>, <mailto:ease-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/ease-dev>, <mailto:ease-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0

Hi Varun,
I have prepared a bug list to be placed on bugzilla. I thought I must be conforming it before posting.

do not have too big tasks that keep all the work in one piece, it might be hard to see progress here. Add small tasks for small chunks of functionality.

Here are the bugs and their description:

Provide libraries for Signing and Verifying scripts using Digital Signature

To check the integrity of online scripts, digital signature is a useful tool. The libraries will provide methods for signing scripts using keys from JAVA keystore and verifying signature using public key.
Libraries will also include method for extracting original script from signature file.

Eg I would split the library stuff into 2 for the basic API functionality:

* provide signature verification functionality for scripts
* provide signing support for scripts

These would go to the 'Core' category on bugzilla.

I do not understand the meaning of your last sentence, why would we want to extract the original script? The signature should be contained in a way that is ignored by the script interpreter. Practically we would encapsulate it into a comment block.

UI to support signing mechanism like context menu, window showing options to select private key from JAVA Keystore

Context menu will be provided to initiate signing mechanism. To select private key from JAVA Keystore, a dialog box will be provided. Dialog box to inform signer about his signed file and a warning dialog if he is signing using self-signed certificate, just as a reminder.

* [Script Explorer] provide context menu to sign scripts

Be specific. If it is a context menu, then state so. Also try to focus on short titles. We do want them in the first line of commit messages and are bound to <80 chars here.

as this is about UI functionality, it goes to that category.

UI to support signature verifying mechanism like Preference page, warning dialog box, descriptors

Using preference page, verifier can control whether he/she wants to make execution of unsinged and self-signed scripts default or not. A dialog box to warn user about invalid signatures and self-signed or expired certificate. Descriptors to show status of a online script file on Package Explorer pane whether it is certified or not.

Too much in one single bug

* [Script Explorer] provide decorator to show certificate status
* Provide confirmation dialogs when executing untrusted scripts
* Provide preferences for untrusted scripts confirmation dialogs

UI to support additional options on verifier side like showing signature properties

Verifier can see signature properties at time of verification or anytime later and it can be done by showing it in Properties View of Context Menu. There will be Context menu to import certificate so that verifier can chose at time of signature or later on to import certificate to his JAVA keystore to keep a record.

again, too much. One clear thing is the properties view, context menu to import certificates is another topic.

Changes into source code to merge UI functionality

Changes needs to be made in signature libraries to call UI modules. e.g. calling warning dialog box if signature is invalid while verifying.

This one is too generic and should be part of the other bugs you will open.

Also, for which component, the first and last bug regarding libraries should be posted? Is it General component or Core component?

If it does not depend on UI, then it can go to 'Core'. 'General' is a placeholder for 'everything that does not fit elsewhere'. It is not extremely important where you file it as we can change that later.

Which version should I keep? 0.2.0 or 0.3.0? I am keeping severity to 'enhancement'.

0.3.0

Great that you already come up with your bugs. The suggestions I made above should be seen as a guideline. You do not need to copy them word by word, it should just show you how to cluster these bugs. Provide small, trackable topics which denote a single functionality you want to implement. Maybe as a rule of thumb: if you think it takes you more than a week to implement a topic, consider splitting it into multiple parts.

It is also possible to create one umbrella bug '[GSoC] Implement script signing and verification for user scripts' and make all further tasks blockers for this one. Thus you can keep track of your overall project. It is up to you if you want to do it that way. What you definitely can do is put your name to Assignee, so you can filter on your open bugs using either the web frontend of bugzilla or Mylyn within Eclipse.

--
Christian

References:
- [ease-dev] [EASE] Bugs to be posted on Bugzilla
  - From: Varun Raval

Prev by Date: Re: [ease-dev] Script shell prints [null] on no result
Next by Date: Re: [ease-dev] Script shell prints [null] on no result
Previous by thread: [ease-dev] [EASE] Bugs to be posted on Bugzilla
Next by thread: [ease-dev] EASE magic keywords
Index(es):
- Date
- Thread

Breadcrumbs