From drupal at oadaeh.net  Mon Sep  1 17:37:28 2008
From: drupal at oadaeh.net (Jason Flatt)
Date: Mon, 1 Sep 2008 10:37:28 -0700
Subject: [development] Drupal 7 branch maintainer
In-Reply-To: <61bca48a0808300221x8986623paf96e79eb4979c38@mail.gmail.com>
References: <61bca48a0808300221x8986623paf96e79eb4979c38@mail.gmail.com>
Message-ID: <200809011037.29095.drupal@oadaeh.net>

On Sat Aug 30 2008 2:21:37 am Dries Buytaert wrote:
> Hello all,
>
> during my keynote presentation at DrupalCon Szeged this week, I
> announced that Angela "webchick" Byron will be my Drupal 7
> co-maintainer. For the duration of one release cycle, she will help me
> coordinate Drupal 7 development.  Additional detail at
> http://buytaert.net/angela-webchick-byron.
>
> Kind regards,

Shouldn't this be in News and announcements, or at least somewhere other than 
just the closing of http://drupal.org/node/254640?

There was one for Gabor (http://drupal.org/node/136957) and one for Gerhard & 
Neil (http://drupal.org/node/51536).


Congratulations, Angie, and thanks for taking on this huge responsibility.


-- 
Jason Flatt
http://www.oadaeh.net/
Father of Six:  http://www.flattfamily.com/ (Joseph, 15; Cramer, 13; Travis, 
11; Angela; Harry, 8; and William, 2)
Linux User:     http://www.kubuntu.org/
Drupal Fanatic: http://drupal.org/

From info at erikstielstra.nl  Tue Sep  2 11:38:54 2008
From: info at erikstielstra.nl (Erik Stielstra)
Date: Tue, 2 Sep 2008 13:38:54 +0200
Subject: [development] Usability issues
Message-ID: <1D546C68-F426-4B52-BA12-6F0F90B61F46@erikstielstra.nl>

In order to collect all usability issues in one queue and to focus the  
usability efforts, all core usability issues have been re-organized.
During the documentation sprint in Szeged last sunday, the active User  
experience issues have been moved to the Usability component of the  
Drupal project issue queue. And further 'Usability' titled issues from  
other core components have been moved to the Usability component too.

Please file you new core usability issues in the Drupal project issue  
queue under the Usability component

Regards,
Erik Stielstra




From drupal at rocktreesky.com  Tue Sep  2 12:16:11 2008
From: drupal at rocktreesky.com (Addison Berry)
Date: Tue, 2 Sep 2008 08:16:11 -0400
Subject: [development] API documentation issues moved to core
Message-ID: <863A2B1E-FF6C-4EAF-8410-0CB988A28EF9@rocktreesky.com>

Hello all, during the Documentation sprint in Szeged we moved a bunch  
of issues from the Documentation project queue over to Drupal core  
queue pursuant to http://drupal.org/node/296364. Basically what  
happened is any issue that was marked for Documentation project,  
Documentation in CVS component was changed to Drupal project,  
Documentation component.

API documentation was not getting very much attention in the Docs  
queue since most of the devs who both care about it and know how to  
fix it were not trolling the Docs queue to see where help was needed.  
This also allows the core maintainers to mark API documentation issues  
as critical so that a new version of Drupal doesn't go out with  
*dozens* of functions undocumented, as happened with D6. If you find  
other issues with the API docs, please file them under Drupal core and  
not the Docs queue.

Thanks
Addi (add1sun)

From kika at trip.ee  Tue Sep  2 13:38:41 2008
From: kika at trip.ee (Kristjan Jansen)
Date: Tue, 2 Sep 2008 16:38:41 +0300
Subject: [development] Usability issues
In-Reply-To: <1D546C68-F426-4B52-BA12-6F0F90B61F46@erikstielstra.nl>
References: <1D546C68-F426-4B52-BA12-6F0F90B61F46@erikstielstra.nl>
Message-ID: <37a603d00809020638t29e28fa3gbd98a05ffbf1b938@mail.gmail.com>

And prefix "Usability:" is not needed for new issues, right?

On Tue, Sep 2, 2008 at 2:38 PM, Erik Stielstra <info at erikstielstra.nl> wrote:
> In order to collect all usability issues in one queue and to focus the
> usability efforts, all core usability issues have been re-organized.
> During the documentation sprint in Szeged last sunday, the active User
> experience issues have been moved to the Usability component of the Drupal
> project issue queue. And further 'Usability' titled issues from other core
> components have been moved to the Usability component too.
>
> Please file you new core usability issues in the Drupal project issue queue
> under the Usability component
>
> Regards,
> Erik Stielstra
>
>
>
>

From drupal-devel at webchick.net  Tue Sep  2 16:28:51 2008
From: drupal-devel at webchick.net (Angela Byron)
Date: Tue, 02 Sep 2008 12:28:51 -0400
Subject: [development] Usability issues
In-Reply-To: <37a603d00809020638t29e28fa3gbd98a05ffbf1b938@mail.gmail.com>
References: <1D546C68-F426-4B52-BA12-6F0F90B61F46@erikstielstra.nl>
	<37a603d00809020638t29e28fa3gbd98a05ffbf1b938@mail.gmail.com>
Message-ID: <48BD69C3.6060000@webchick.net>

Kristjan Jansen wrote:
> And prefix "Usability:" is not needed for new issues, right?

Nah. That was a hack from before we had the usability component.

From drumm at delocalizedham.com  Tue Sep  2 18:12:47 2008
From: drumm at delocalizedham.com (Neil Drumm)
Date: Tue, 2 Sep 2008 11:12:47 -0700
Subject: [development] API documentation issues moved to core
In-Reply-To: <863A2B1E-FF6C-4EAF-8410-0CB988A28EF9@rocktreesky.com>
References: <863A2B1E-FF6C-4EAF-8410-0CB988A28EF9@rocktreesky.com>
Message-ID: <c96281260809021112t8db61d1je448f68f5dd63587@mail.gmail.com>

Thanks. I try to make the places to report bugs clear at
http://api.drupal.org/support. API module itself does have a few bugs,
which should be improving in the next weeks.

-Neil

On Tue, Sep 2, 2008 at 5:16 AM, Addison Berry <drupal at rocktreesky.com> wrote:
> Hello all, during the Documentation sprint in Szeged we moved a bunch of
> issues from the Documentation project queue over to Drupal core queue
> pursuant to http://drupal.org/node/296364. Basically what happened is any
> issue that was marked for Documentation project, Documentation in CVS
> component was changed to Drupal project, Documentation component.
>
> API documentation was not getting very much attention in the Docs queue
> since most of the devs who both care about it and know how to fix it were
> not trolling the Docs queue to see where help was needed. This also allows
> the core maintainers to mark API documentation issues as critical so that a
> new version of Drupal doesn't go out with *dozens* of functions
> undocumented, as happened with D6. If you find other issues with the API
> docs, please file them under Drupal core and not the Docs queue.
>
> Thanks
> Addi (add1sun)
>



-- 
Neil Drumm
http://delocalizedham.com

From pushyamitra at gmail.com  Wed Sep  3 09:25:26 2008
From: pushyamitra at gmail.com (Pushyamitra Navare)
Date: Wed, 3 Sep 2008 14:55:26 +0530
Subject: [development] Can I Indicate failure from hook_user?
In-Reply-To: <f27865f50807210323j1f447b05g9e5a5a4a8ad6baa0@mail.gmail.com>
References: <c1fc17d60807210226l61095f39m90548b0caa7e8e83@mail.gmail.com>
	<f27865f50807210323j1f447b05g9e5a5a4a8ad6baa0@mail.gmail.com>
Message-ID: <c1fc17d60809030225j52849f7fyfeb8680b9a38a091@mail.gmail.com>

Hello there,

On Mon, Jul 21, 2008 at 3:53 PM, Steven Jones <darthsteven at gmail.com> wrote:

> Always good to see someone new to Drupal.
>
> You'll probably want to do something with the $op == "validate"
> argument of hook_user. Throw an error if you don't want the
> update/insert to continue.
>


I am back with a question related to this.

What is order in which hooks are called? For e.g. let's say there's a
captcha module. Now as I see on my machine, hook_user is called first. After
that, validation of captcha happens.

Is there any way I can control the sequence in which validations occur? What
I want to do is, after all other modules have done their validations and
everything is ok, only then should my function be called, in the end. My
validation function should be final validation function. Is there any way to
do it?

Any help on this appreciated. Any document which explains how actually hooks
are called would help too.

Thanks, Pushya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080903/b793a772/attachment.htm 

From fgm at osinet.fr  Wed Sep  3 09:38:54 2008
From: fgm at osinet.fr (FGM)
Date: Wed, 3 Sep 2008 11:38:54 +0200
Subject: [development] Can I Indicate failure from hook_user?
References: <c1fc17d60807210226l61095f39m90548b0caa7e8e83@mail.gmail.com><f27865f50807210323j1f447b05g9e5a5a4a8ad6baa0@mail.gmail.com>
	<c1fc17d60809030225j52849f7fyfeb8680b9a38a091@mail.gmail.com>
Message-ID: <8270AB9F6EA14604B843871C77109434@pcosi>

I think you can make sure of this by defining the weight of your module as > 
0. It will then be invoked after all core modules and all contrib modules 
with lower weights. See includes/module.inc#module_list to see how Drupal 
builds and orders the list of modules invoked in a module_invoke_all call.

----- Original Message ----- 
From: "Pushyamitra Navare" <pushyamitra at gmail.com>
To: <development at drupal.org>
Sent: Wednesday, September 03, 2008 11:25 AM
Subject: Re: [development] Can I Indicate failure from hook_user?


Hello there,

On Mon, Jul 21, 2008 at 3:53 PM, Steven Jones 
<darthsteven at gmail.com<mailto:darthsteven at gmail.com>> wrote:
Always good to see someone new to Drupal.

You'll probably want to do something with the $op == "validate"
argument of hook_user. Throw an error if you don't want the
update/insert to continue.


I am back with a question related to this.

What is order in which hooks are called? For e.g. let's say there's a 
captcha module. Now as I see on my machine, hook_user is called first. After 
that, validation of captcha happens.

Is there any way I can control the sequence in which validations occur? What 
I want to do is, after all other modules have done their validations and 
everything is ok, only then should my function be called, in the end. My 
validation function should be final validation function. Is there any way to 
do it?

Any help on this appreciated. Any document which explains how actually hooks 
are called would help too.

Thanks, Pushya




From pushyamitra at gmail.com  Wed Sep  3 11:47:21 2008
From: pushyamitra at gmail.com (Pushyamitra Navare)
Date: Wed, 3 Sep 2008 17:17:21 +0530
Subject: [development] Can I Indicate failure from hook_user?
In-Reply-To: <8270AB9F6EA14604B843871C77109434@pcosi>
References: <c1fc17d60807210226l61095f39m90548b0caa7e8e83@mail.gmail.com>
	<f27865f50807210323j1f447b05g9e5a5a4a8ad6baa0@mail.gmail.com>
	<c1fc17d60809030225j52849f7fyfeb8680b9a38a091@mail.gmail.com>
	<8270AB9F6EA14604B843871C77109434@pcosi>
Message-ID: <c1fc17d60809030447s4659a768o410d75c634ab2ad@mail.gmail.com>

On Wed, Sep 3, 2008 at 3:08 PM, FGM <fgm at osinet.fr> wrote:

> I think you can make sure of this by defining the weight of your module as
> > 0. It will then be invoked after all core modules and all contrib modules
> with lower weights. See includes/module.inc#module_list to see how Drupal
> builds and orders the list of modules invoked in a module_invoke_all call.
>

Cool! Much simpler than I thought.

Looking at code in module.inc I can see that one way to adjust weight is by
changing value in system table in database. Just to confirm, is there other
way to change weight for a module (like defining weight in module.info file
etc.)?

- Pushya



>
> ----- Original Message ----- From: "Pushyamitra Navare" <
> pushyamitra at gmail.com>
> To: <development at drupal.org>
> Sent: Wednesday, September 03, 2008 11:25 AM
> Subject: Re: [development] Can I Indicate failure from hook_user?
>
>
> Hello there,
>
>
> On Mon, Jul 21, 2008 at 3:53 PM, Steven Jones <darthsteven at gmail.com
> <mailto:darthsteven at gmail.com>> wrote:
> Always good to see someone new to Drupal.
>
> You'll probably want to do something with the $op == "validate"
> argument of hook_user. Throw an error if you don't want the
> update/insert to continue.
>
>
> I am back with a question related to this.
>
> What is order in which hooks are called? For e.g. let's say there's a
> captcha module. Now as I see on my machine, hook_user is called first. After
> that, validation of captcha happens.
>
> Is there any way I can control the sequence in which validations occur?
> What I want to do is, after all other modules have done their validations
> and everything is ok, only then should my function be called, in the end. My
> validation function should be final validation function. Is there any way to
> do it?
>
> Any help on this appreciated. Any document which explains how actually
> hooks are called would help too.
>
> Thanks, Pushya
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080903/6ae6130a/attachment.htm 

From drupal at samboyer.org  Wed Sep  3 12:20:52 2008
From: drupal at samboyer.org (Sam Boyer)
Date: Wed, 3 Sep 2008 07:20:52 -0500
Subject: [development] Can I Indicate failure from hook_user?
In-Reply-To: <c1fc17d60809030447s4659a768o410d75c634ab2ad@mail.gmail.com>
References: <c1fc17d60807210226l61095f39m90548b0caa7e8e83@mail.gmail.com>
	<8270AB9F6EA14604B843871C77109434@pcosi>
	<c1fc17d60809030447s4659a768o410d75c634ab2ad@mail.gmail.com>
Message-ID: <200809030720.56248.drupal@samboyer.org>

On Wednesday 03 September 2008 06:47:21 Pushyamitra Navare wrote:
> On Wed, Sep 3, 2008 at 3:08 PM, FGM <fgm at osinet.fr> wrote:
> > I think you can make sure of this by defining the weight of your module
> > as
> >
> > > 0. It will then be invoked after all core modules and all contrib
> > > modules
> >
> > with lower weights. See includes/module.inc#module_list to see how Drupal
> > builds and orders the list of modules invoked in a module_invoke_all
> > call.
>
> Cool! Much simpler than I thought.
>
> Looking at code in module.inc I can see that one way to adjust weight is by
> changing value in system table in database. Just to confirm, is there other
> way to change weight for a module (like defining weight in module.info file
> etc.)?
>
> - Pushya

No, there is no other way to change your module's weight. The standard 
practice is to change the module's weight in hook_install() (which also means 
writing a hook_update() if necessary).

Sam

>
> > ----- Original Message ----- From: "Pushyamitra Navare" <
> > pushyamitra at gmail.com>
> > To: <development at drupal.org>
> > Sent: Wednesday, September 03, 2008 11:25 AM
> > Subject: Re: [development] Can I Indicate failure from hook_user?
> >
> >
> > Hello there,
> >
> >
> > On Mon, Jul 21, 2008 at 3:53 PM, Steven Jones <darthsteven at gmail.com
> > <mailto:darthsteven at gmail.com>> wrote:
> > Always good to see someone new to Drupal.
> >
> > You'll probably want to do something with the $op == "validate"
> > argument of hook_user. Throw an error if you don't want the
> > update/insert to continue.
> >
> >
> > I am back with a question related to this.
> >
> > What is order in which hooks are called? For e.g. let's say there's a
> > captcha module. Now as I see on my machine, hook_user is called first.
> > After that, validation of captcha happens.
> >
> > Is there any way I can control the sequence in which validations occur?
> > What I want to do is, after all other modules have done their validations
> > and everything is ok, only then should my function be called, in the end.
> > My validation function should be final validation function. Is there any
> > way to do it?
> >
> > Any help on this appreciated. Any document which explains how actually
> > hooks are called would help too.
> >
> > Thanks, Pushya

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.drupal.org/pipermail/development/attachments/20080903/336255f8/attachment.pgp 

From Greg at GrowingVentureSolutions.com  Wed Sep  3 12:38:39 2008
From: Greg at GrowingVentureSolutions.com (Greg Knaddison - GVS)
Date: Wed, 3 Sep 2008 06:38:39 -0600
Subject: [development] Can I Indicate failure from hook_user?
In-Reply-To: <200809030720.56248.drupal@samboyer.org>
References: <c1fc17d60807210226l61095f39m90548b0caa7e8e83@mail.gmail.com>
	<8270AB9F6EA14604B843871C77109434@pcosi>
	<c1fc17d60809030447s4659a768o410d75c634ab2ad@mail.gmail.com>
	<200809030720.56248.drupal@samboyer.org>
Message-ID: <3861c6770809030538x4767cabek2857c9ef347ab786@mail.gmail.com>

On Wed, Sep 3, 2008 at 6:20 AM, Sam Boyer <drupal at samboyer.org> wrote:
> On Wednesday 03 September 2008 06:47:21 Pushyamitra Navare wrote:
>>
>> Cool! Much simpler than I thought.
>>
>> Looking at code in module.inc I can see that one way to adjust weight is by
>> changing value in system table in database. Just to confirm, is there other
>> way to change weight for a module (like defining weight in module.info file
>> etc.)?
>
> No, there is no other way to change your module's weight. The standard
> practice is to change the module's weight in hook_install() (which also means
> writing a hook_update() if necessary).

And there's some great documentation on how to do this:

http://drupal.org/search/node/update+module+weight+type%3Abook

Or more specifically http://drupal.org/node/110238

Regards,
Greg

-- 
Greg Knaddison
Denver, CO | http://knaddison.com | 303-800-5623
Growing Venture Solutions, LLC | http://growingventuresolutions.com

From earnie at users.sourceforge.net  Wed Sep  3 13:05:14 2008
From: earnie at users.sourceforge.net (Earnie Boyd)
Date: Wed, 03 Sep 2008 09:05:14 -0400
Subject: [development] Can I Indicate failure from hook_user?
In-Reply-To: <3861c6770809030538x4767cabek2857c9ef347ab786@mail.gmail.com>
References: <c1fc17d60807210226l61095f39m90548b0caa7e8e83@mail.gmail.com>
	<8270AB9F6EA14604B843871C77109434@pcosi>
	<c1fc17d60809030447s4659a768o410d75c634ab2ad@mail.gmail.com>
	<200809030720.56248.drupal@samboyer.org>
	<3861c6770809030538x4767cabek2857c9ef347ab786@mail.gmail.com>
Message-ID: <20080903090514.3ld0grib1waoogsw@mail.progw.org>

Quoting Greg Knaddison - GVS <Greg at GrowingVentureSolutions.com>:

> On Wed, Sep 3, 2008 at 6:20 AM, Sam Boyer <drupal at samboyer.org> wrote:
>> On Wednesday 03 September 2008 06:47:21 Pushyamitra Navare wrote:
>>>
>>> Cool! Much simpler than I thought.
>>>
>>> Looking at code in module.inc I can see that one way to adjust weight is by
>>> changing value in system table in database. Just to confirm, is there other
>>> way to change weight for a module (like defining weight in module.info file
>>> etc.)?
>>
>> No, there is no other way to change your module's weight. The standard
>> practice is to change the module's weight in hook_install() (which 
>> also means
>> writing a hook_update() if necessary).
>
> And there's some great documentation on how to do this:
>
> http://drupal.org/search/node/update+module+weight+type%3Abook
>
> Or more specifically http://drupal.org/node/110238
>

Be a nice feature request for myMod.info to contain

weight = 10
weight = taxonomy + 1

I'll do some further research.

Earnie -- http://for-my-kids.com/
-- http://give-me-an-offer.com/


From merlin at logrus.com  Wed Sep  3 19:26:03 2008
From: merlin at logrus.com (Earl Miles)
Date: Wed, 03 Sep 2008 12:26:03 -0700
Subject: [development] Attention Views API developers
Message-ID: <48BEE4CA.20601@logrus.com>

http://www.angrydonuts.com/attention-views-api-developers

I have just checked in a major change to the Views API. Details can be 
found in the advanced help under api.html (and the handlers and plugins) 
pages, but the short version is that all handlers and plugins are now 
separated into their own files in order to conserve memory and not 
loaded unneeded code. This required implementing an API versioning 
system, and the upshot of this is that a new hook must be implemented by 
all Views modules: hook_views_api(). Without the proper use of this 
hook, the *.views.inc files will not be included.

If your module includes its *.views.inc files itself or keeps its 
handlers in the .module file, this is wrong and will cause sites to crash.

From dmitrig01 at gmail.com  Thu Sep  4 02:23:59 2008
From: dmitrig01 at gmail.com (Dmitri G)
Date: Wed, 3 Sep 2008 19:23:59 -0700
Subject: [development] Attention Views API developers
In-Reply-To: <48BEE4CA.20601@logrus.com>
References: <48BEE4CA.20601@logrus.com>
Message-ID: <9d2095ce0809031923g22df4397o3dc43428d48cdc5c@mail.gmail.com>

Can't you make a default, so it's backwards-compatible?

Dmitri

On Wed, Sep 3, 2008 at 12:26 PM, Earl Miles <merlin at logrus.com> wrote:
> http://www.angrydonuts.com/attention-views-api-developers
>
> I have just checked in a major change to the Views API. Details can be found
> in the advanced help under api.html (and the handlers and plugins) pages,
> but the short version is that all handlers and plugins are now separated
> into their own files in order to conserve memory and not loaded unneeded
> code. This required implementing an API versioning system, and the upshot of
> this is that a new hook must be implemented by all Views modules:
> hook_views_api(). Without the proper use of this hook, the *.views.inc files
> will not be included.
>
> If your module includes its *.views.inc files itself or keeps its handlers
> in the .module file, this is wrong and will cause sites to crash.
>

From merlin at logrus.com  Thu Sep  4 03:56:52 2008
From: merlin at logrus.com (Earl Miles)
Date: Wed, 03 Sep 2008 20:56:52 -0700
Subject: [development] Attention Views API developers
In-Reply-To: <9d2095ce0809031923g22df4397o3dc43428d48cdc5c@mail.gmail.com>
References: <48BEE4CA.20601@logrus.com>
	<9d2095ce0809031923g22df4397o3dc43428d48cdc5c@mail.gmail.com>
Message-ID: <48BF5C84.6000402@logrus.com>

Dmitri G wrote:
> Can't you make a default, so it's backwards-compatible?

Yes. The default is "prior to the current" which, if loaded, would crash 
the system in ways that are unrecoverable. Thus, backward compatible as 
much as PHP will allow.

BTW thanks for publicly assuming that I went through all this effort to 
be annoying.

From drupal at dwwright.net  Thu Sep  4 04:10:46 2008
From: drupal at dwwright.net (Derek Wright)
Date: Wed, 3 Sep 2008 21:10:46 -0700
Subject: [development] Attention Views API developers
In-Reply-To: <48BF5C84.6000402@logrus.com>
References: <48BEE4CA.20601@logrus.com>
	<9d2095ce0809031923g22df4397o3dc43428d48cdc5c@mail.gmail.com>
	<48BF5C84.6000402@logrus.com>
Message-ID: <1BFD577F-7E98-40D2-8D9C-A7DB6A66B501@dwwright.net>


On Sep 3, 2008, at 8:56 PM, Earl Miles wrote:

> BTW thanks for publicly assuming that I went through all this  
> effort to be annoying.

I think the intention of his question wasn't "you're just being  
annoying" but rather, "you must have thought of this -- so can you  
explain why it can't just be backwards compatible?".

Cheers,
-Derek (dww)




From merlin at logrus.com  Thu Sep  4 05:48:42 2008
From: merlin at logrus.com (Earl Miles)
Date: Wed, 03 Sep 2008 22:48:42 -0700
Subject: [development] Attention Views API developers
In-Reply-To: <1BFD577F-7E98-40D2-8D9C-A7DB6A66B501@dwwright.net>
References: <48BEE4CA.20601@logrus.com>	<9d2095ce0809031923g22df4397o3dc43428d48cdc5c@mail.gmail.com>	<48BF5C84.6000402@logrus.com>
	<1BFD577F-7E98-40D2-8D9C-A7DB6A66B501@dwwright.net>
Message-ID: <48BF76BA.8000301@logrus.com>

Derek Wright wrote:
> 
> On Sep 3, 2008, at 8:56 PM, Earl Miles wrote:
> 
>> BTW thanks for publicly assuming that I went through all this effort 
>> to be annoying.
> 
> I think the intention of his question wasn't "you're just being 
> annoying" but rather, "you must have thought of this -- so can you 
> explain why it can't just be backwards compatible?".

Because when you try to inherit classes that aren't loaded, PHP dies a 
horrible awful death. I'm pretty sure I mentioned the 'causes sites to 
crash' part already.

From drupal at dwwright.net  Thu Sep  4 06:45:48 2008
From: drupal at dwwright.net (Derek Wright)
Date: Wed, 3 Sep 2008 23:45:48 -0700
Subject: [development] Attention Views API developers
In-Reply-To: <48BF76BA.8000301@logrus.com>
References: <48BEE4CA.20601@logrus.com>	<9d2095ce0809031923g22df4397o3dc43428d48cdc5c@mail.gmail.com>	<48BF5C84.6000402@logrus.com>
	<1BFD577F-7E98-40D2-8D9C-A7DB6A66B501@dwwright.net>
	<48BF76BA.8000301@logrus.com>
Message-ID: <C4244AFD-F550-430D-8508-EFF03444114C@dwwright.net>


On Sep 3, 2008, at 10:48 PM, Earl Miles wrote:

> Because when you try to inherit classes that aren't loaded, PHP  
> dies a horrible awful death.

Duly noted, thanks.

> I'm pretty sure I mentioned the 'causes sites to crash' part already.

Indeed.  However, you didn't explain why, which is completely natural  
in a summary email that's painting the "short version".  That left  
people with a justifiable curiosity about why the naive solution  
(having a default implementation of this hook) wouldn't work.   
Between your latest message in this thread and reading api- 
handlers.html[1] I now fully understand.  Thanks.

Speaking only for myself (and probably Dmitri), let me add that I'm  
not out to get you, blame you, or prove you wrong. ;)  I love you and  
deeply respect your work.  I only wanted to give Dmitri the benefit  
of the doubt, and to learn from your efforts.

Thanks,
-Derek (dww)


[1] http://cvs.drupal.org/viewvc.py/drupal/contributions/modules/ 
views/help/api-handlers.html?revision=1.2





From dries.buytaert at gmail.com  Thu Sep  4 07:32:12 2008
From: dries.buytaert at gmail.com (Dries Buytaert)
Date: Thu, 4 Sep 2008 09:32:12 +0200
Subject: [development] Vote, vote, vote
Message-ID: <61bca48a0809040032q209fdae4u3e5b161bd2154bf3@mail.gmail.com>

http://drupal.org/Packt-2008-Open-Source-CMS-Award-Finalist-Drupal

-- 
Dries Buytaert :: http://buytaert.net/

From ckwu at ck-erp.net  Thu Sep  4 07:46:25 2008
From: ckwu at ck-erp.net (C K Wu)
Date: Thu, 04 Sep 2008 15:46:25 +0800
Subject: [development] CK-ERP (Open Source ERP / CRM / MRP) v.0.28.1
 released (with Drupal 6.3 connector)
Message-ID: <48BF9251.5080703@ck-erp.net>

Hi, folks,

I have posted a new release, v.0.28.1, of CK-ERP, at SourceForge.Net, 
http://sourceforge.net/projects/ck-erp .

New features include,
Sample school chart of accounts,
System upgrade script,
menu choice for warehouse, retail store,
tree view for BOM, inventory category, service category,
import of eGroupWare addressbook,
full (draft) Spanish translation [improvement suggestions most welcome], 
and,
connector for CATS, php-residence, Open-Realty, phpScheduleIT, 
PSCafePOS, OpenBiblio, Centre/SIS, ClaSS, Care2X

CK-ERP is an open source accounting/MRP/ERP/CRM system that runs on top 
of multiple middlewares.  It comprises 23 modules - Administration, 
i18n, Data Import, Contact Management, Customer Relationship, Customer 
Self Service, Vendor Relationship, Ledger, Bank Reconciliation, MRP, 
Warehouse, Inventory, Service, AP, AR, PO, SO, Quotation, POS for 
Cashier, POS for Manager, HR, Staff Self Service and Payroll.  It 
provides accounting and back office functionalities to SMEs and utilizes 
the underlying middleware to administer accounts/groups.  Please report 
error and suggestion to the discussion group / mailing list, 
CK-ERP-en(at)googlegroups.com or CK-ERP-zh_CN(at)googlegroups.com .  
General history and expected development is available at the discussion 
group's Archive.

Supported MiddleWares:  Centre/SIS, ClaSS; OpenBiblio; CATS; 
php-residence, phpScheduleIT; AssetMan; Coppermine, Gallery2; 
phpMyTicket; phpMySport; PSCafePOS, MyHandyRestaurant; 
FreightFleetManagementSystem; OpenX, LandShop, Open-Realty, FreeRealty; 
IRM; LegalCase; ClearHealth, OpenEMR, Care2X; eGroupWare, 
Horde-GroupWare; Zencart, osCommerce; Drupal, Joomla, Mambo, e107, 
XOOPS, Xaraya; Moodle, Atutor; vTiger; WordPress, b2evolution; TikiWiki; 
phpBB.

Information/Demo Websites:
http://ck-erp.org
http://ck-erp.net

Download is available from,
http://sourceforge.net/projects/ck-erp
http://gro.clinux.org/projects/ck-ledger


Cheers,
Wu Chiu Kay, aka CK Wu, aka CK (CK is the preferred alias)
Hong Kong

From dmitrig01 at gmail.com  Fri Sep  5 02:58:31 2008
From: dmitrig01 at gmail.com (Dmitri G)
Date: Thu, 4 Sep 2008 19:58:31 -0700
Subject: [development] Attention Views API developers
In-Reply-To: <C4244AFD-F550-430D-8508-EFF03444114C@dwwright.net>
References: <48BEE4CA.20601@logrus.com>
	<9d2095ce0809031923g22df4397o3dc43428d48cdc5c@mail.gmail.com>
	<48BF5C84.6000402@logrus.com>
	<1BFD577F-7E98-40D2-8D9C-A7DB6A66B501@dwwright.net>
	<48BF76BA.8000301@logrus.com>
	<C4244AFD-F550-430D-8508-EFF03444114C@dwwright.net>
Message-ID: <9d2095ce0809041958y6204965es85349a692eecc19b@mail.gmail.com>

Derek, you were absolutely correct about what I was thinking.

No, I didn't think you were trying to be annoying. I'm sorry if I
conveyed that message.

I was simply wondering what reason was behind needing to implement the
hook. After reading the documentation again, it's more clear to me.

Thanks,

Dmitri

On Wed, Sep 3, 2008 at 11:45 PM, Derek Wright <drupal at dwwright.net> wrote:
>
> On Sep 3, 2008, at 10:48 PM, Earl Miles wrote:
>
>> Because when you try to inherit classes that aren't loaded, PHP dies a
>> horrible awful death.
>
> Duly noted, thanks.
>
>> I'm pretty sure I mentioned the 'causes sites to crash' part already.
>
> Indeed.  However, you didn't explain why, which is completely natural in a
> summary email that's painting the "short version".  That left people with a
> justifiable curiosity about why the naive solution (having a default
> implementation of this hook) wouldn't work.  Between your latest message in
> this thread and reading api-handlers.html[1] I now fully understand.
>  Thanks.
>
> Speaking only for myself (and probably Dmitri), let me add that I'm not out
> to get you, blame you, or prove you wrong. ;)  I love you and deeply respect
> your work.  I only wanted to give Dmitri the benefit of the doubt, and to
> learn from your efforts.
>
> Thanks,
> -Derek (dww)
>
>
> [1]
> http://cvs.drupal.org/viewvc.py/drupal/contributions/modules/views/help/api-handlers.html?revision=1.2
>
>
>
>
>

From pushyamitra at gmail.com  Fri Sep  5 12:22:57 2008
From: pushyamitra at gmail.com (Pushyamitra Navare)
Date: Fri, 5 Sep 2008 17:52:57 +0530
Subject: [development] Module to create and populate CCK nodes from existing
	database table
Message-ID: <c1fc17d60809050522g251818cflc97d779aff1fa441@mail.gmail.com>

Hello all,

I need a module which will create CCK nodes according to structure of an
existing database table.

More specifically, the idea is following:

I have a few tables containing some data. I would like to represent them as
Drupal content so that it becomes easier to add/modify/delete the entries.
1. So I am planning to create a new "content type" for each table looking at
its columns.
  ( For e.g. if a database table called "db_table" contains columns called
"column1", "column2", "column3", then I wish to create a new content type
called say "db_table_node" with members as textfields called "column1",
"column2" and "column3". )

2. I am planning to import data in that table into drupal as nodes.

I was not able to find any module to do this (I'm using D6). Seems like no
choice but to write a new module for this. All suggestion welcome!

- Pushya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080905/2efba59d/attachment-0001.htm 

From gina.beisel at gmail.com  Fri Sep  5 14:46:15 2008
From: gina.beisel at gmail.com (Gina Beisel)
Date: Fri, 5 Sep 2008 10:46:15 -0400
Subject: [development] Module to create and populate CCK nodes from
	existing database table
In-Reply-To: <c1fc17d60809050522g251818cflc97d779aff1fa441@mail.gmail.com>
References: <c1fc17d60809050522g251818cflc97d779aff1fa441@mail.gmail.com>
Message-ID: <94f215be0809050746m6acb03dre5e2874b4f753d62@mail.gmail.com>

I would love to see a module do this. I often have a need for something like
this. It would be great if it could use data created by other Content types
also.

On Fri, Sep 5, 2008 at 8:22 AM, Pushyamitra Navare <pushyamitra at gmail.com>wrote:

> Hello all,
>
> I need a module which will create CCK nodes according to structure of an
> existing database table.
>
> More specifically, the idea is following:
>
> I have a few tables containing some data. I would like to represent them as
> Drupal content so that it becomes easier to add/modify/delete the entries.
> 1. So I am planning to create a new "content type" for each table looking
> at its columns.
>   ( For e.g. if a database table called "db_table" contains columns called
> "column1", "column2", "column3", then I wish to create a new content type
> called say "db_table_node" with members as textfields called "column1",
> "column2" and "column3". )
>
> 2. I am planning to import data in that table into drupal as nodes.
>
> I was not able to find any module to do this (I'm using D6). Seems like no
> choice but to write a new module for this. All suggestion welcome!
>
> - Pushya
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080905/97ab5d89/attachment.htm 

From csillagasz at gmail.com  Fri Sep  5 14:54:14 2008
From: csillagasz at gmail.com (Balazs Dianiska)
Date: Fri, 5 Sep 2008 15:54:14 +0100
Subject: [development] Module to create and populate CCK nodes from
	existing database table
In-Reply-To: <94f215be0809050746m6acb03dre5e2874b4f753d62@mail.gmail.com>
References: <c1fc17d60809050522g251818cflc97d779aff1fa441@mail.gmail.com>
	<94f215be0809050746m6acb03dre5e2874b4f753d62@mail.gmail.com>
Message-ID: <372ed1ba0809050754w26ca843ar73ec25b49559dd1d@mail.gmail.com>

> I would love to see a module do this. I often have a need for something like
> this. It would be great if it could use data created by other Content types
> also.

Well I wrote autonode (drupal.org/project/autonode) a while ago, its a
bit different, but might be what you eventually need for, or a base to
start from if you want to code. Its only for D5 though.

Balazs

From gina.beisel at gmail.com  Fri Sep  5 15:02:40 2008
From: gina.beisel at gmail.com (Gina Beisel)
Date: Fri, 5 Sep 2008 11:02:40 -0400
Subject: [development] Module to create and populate CCK nodes from
	existing database table
In-Reply-To: <372ed1ba0809050754w26ca843ar73ec25b49559dd1d@mail.gmail.com>
References: <c1fc17d60809050522g251818cflc97d779aff1fa441@mail.gmail.com>
	<94f215be0809050746m6acb03dre5e2874b4f753d62@mail.gmail.com>
	<372ed1ba0809050754w26ca843ar73ec25b49559dd1d@mail.gmail.com>
Message-ID: <94f215be0809050802q1010f81bg5e3980da6261963c@mail.gmail.com>

I will check that out!!! Thnks for the tip.

Gina

On Fri, Sep 5, 2008 at 10:54 AM, Balazs Dianiska <csillagasz at gmail.com>wrote:

> > I would love to see a module do this. I often have a need for something
> like
> > this. It would be great if it could use data created by other Content
> types
> > also.
>
> Well I wrote autonode (drupal.org/project/autonode) a while ago, its a
> bit different, but might be what you eventually need for, or a base to
> start from if you want to code. Its only for D5 though.
>
> Balazs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080905/33a3394e/attachment.htm 

From news at unleashedmind.com  Fri Sep  5 15:09:08 2008
From: news at unleashedmind.com (Daniel F. Kudwien)
Date: Fri, 5 Sep 2008 17:09:08 +0200
Subject: [development] Module to create and populate CCK nodes
	fromexisting database table
In-Reply-To: <372ed1ba0809050754w26ca843ar73ec25b49559dd1d@mail.gmail.com>
Message-ID: <004b01c90f69$58b63a50$0200a8c0@structworks.com>

> > I would love to see a module do this. I often have a need for 
> > something like this. It would be great if it could use data 
> created by 
> > other Content types also.
> 
> Well I wrote autonode (drupal.org/project/autonode) a while 
> ago, its a bit different, but might be what you eventually 
> need for, or a base to start from if you want to code. Its 
> only for D5 though.

Really, this is more of a support question.  See http://drupal.org/support

FWIW, node_import is probably what you are looking for.

Daniel


From clemens at build2be.nl  Fri Sep  5 14:57:36 2008
From: clemens at build2be.nl (Clemens Tolboom)
Date: Fri, 05 Sep 2008 16:57:36 +0200
Subject: [development] Module to create and populate CCK nodes
	from	existing database table
In-Reply-To: <c1fc17d60809050522g251818cflc97d779aff1fa441@mail.gmail.com>
References: <c1fc17d60809050522g251818cflc97d779aff1fa441@mail.gmail.com>
Message-ID: <1220626656.8075.6.camel@localhost>

You could try node_factory together with drush. Hmmm ... the drush
integration is only for 5.x-1.x-dev

And node_factory is not tested for D6 ... so if you test node_factory
from within the devel php block I will do a upstream to node_factory
drush integration.

[1] http://drupal.org/project/node_factory
[2] http://drupal.org/project/drush

On Fri, 2008-09-05 at 17:52 +0530, Pushyamitra Navare wrote:
> Hello all,  
> 
> I need a module which will create CCK nodes according to structure of
> an existing database table. 
> 

-- 
Clemens Tolboom
http://build2be.com


From clemens at build2be.nl  Fri Sep  5 15:15:09 2008
From: clemens at build2be.nl (Clemens Tolboom)
Date: Fri, 05 Sep 2008 17:15:09 +0200
Subject: [development] Module to create and populate CCK nodes
	from	existing database table
In-Reply-To: <94f215be0809050802q1010f81bg5e3980da6261963c@mail.gmail.com>
References: <c1fc17d60809050522g251818cflc97d779aff1fa441@mail.gmail.com>
	<94f215be0809050746m6acb03dre5e2874b4f753d62@mail.gmail.com>
	<372ed1ba0809050754w26ca843ar73ec25b49559dd1d@mail.gmail.com>
	<94f215be0809050802q1010f81bg5e3980da6261963c@mail.gmail.com>
Message-ID: <1220627709.8075.12.camel@localhost>

You could use node_factory module (not tested for D6) and if you want
command line interface you can use drush.

node_factory knows a few cck fields, og, free format tags

With drush you can insert your nodes from the command line too.

drush nf create json 'json-string'

If you are willing to test node_factory for D6 I will apply your
findings asap :-)

Regards,
Clemens














From pushyamitra at gmail.com  Sat Sep  6 03:06:26 2008
From: pushyamitra at gmail.com (Pushyamitra Navare)
Date: Sat, 6 Sep 2008 08:36:26 +0530
Subject: [development] Module to create and populate CCK nodes from
	existing database table
In-Reply-To: <372ed1ba0809050754w26ca843ar73ec25b49559dd1d@mail.gmail.com>
References: <c1fc17d60809050522g251818cflc97d779aff1fa441@mail.gmail.com>
	<94f215be0809050746m6acb03dre5e2874b4f753d62@mail.gmail.com>
	<372ed1ba0809050754w26ca843ar73ec25b49559dd1d@mail.gmail.com>
Message-ID: <c1fc17d60809052006h269714b4rd9c7c08a07c7708d@mail.gmail.com>

On Fri, Sep 5, 2008 at 8:24 PM, Balazs Dianiska <csillagasz at gmail.com>wrote:

>
> Well I wrote autonode (drupal.org/project/autonode) a while ago, its a
> bit different, but might be what you eventually need for, or a base to
> start from if you want to code. Its only for D5 though.
>

Yes, I will use it as starting point when I start coding a module. I can
also try and use/modify it to work with D6 (If you're willing to help,
cool!). How much work is involved? Is there some major difference between D5
and D6 for autonode to work?

What I can probably do is:
 1. Create a new CCK node type ( programatically ) based on table name.
 2. _All_ node fields can be handled by keeping them CCK autonode fields
referring to columns in table. ( Will I need nid, vid columns in existing
table? )

This way, node details can be loaded from existing table; any node edits
will be reflected in existing table. And we will be providing existing table
in editable form as Drupal nodes.

Anyone with spare time willing to help? :-)

- Pushya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080906/4b47601c/attachment.htm 

From pushyamitra at gmail.com  Sat Sep  6 03:11:04 2008
From: pushyamitra at gmail.com (Pushyamitra Navare)
Date: Sat, 6 Sep 2008 08:41:04 +0530
Subject: [development] Module to create and populate CCK nodes from
	existing database table
In-Reply-To: <1220627709.8075.12.camel@localhost>
References: <c1fc17d60809050522g251818cflc97d779aff1fa441@mail.gmail.com>
	<94f215be0809050746m6acb03dre5e2874b4f753d62@mail.gmail.com>
	<372ed1ba0809050754w26ca843ar73ec25b49559dd1d@mail.gmail.com>
	<94f215be0809050802q1010f81bg5e3980da6261963c@mail.gmail.com>
	<1220627709.8075.12.camel@localhost>
Message-ID: <c1fc17d60809052011m22b5b191rf3c2e84e03b78875@mail.gmail.com>

On Fri, Sep 5, 2008 at 8:45 PM, Clemens Tolboom <clemens at build2be.nl> wrote:

> You could use node_factory module (not tested for D6) and if you want
> command line interface you can use drush.
>
> node_factory knows a few cck fields, og, free format tags
>
> With drush you can insert your nodes from the command line too.
>
> drush nf create json 'json-string'
>
> If you are willing to test node_factory for D6 I will apply your
> findings asap :-)
>

Hey, Thanks for the tip. My guess is that I will end up testing it for D6.
Will update you with findings quite soon. :-)

Pushya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080906/f1de51c8/attachment-0001.htm 

From mangeshmss at gmail.com  Sat Sep  6 06:15:47 2008
From: mangeshmss at gmail.com (mangesh s)
Date: Sat, 6 Sep 2008 11:45:47 +0530
Subject: [development] integrating oscommerce & drupal
Message-ID: <354002510809052315q736ba866nd9727c90f4686d8e@mail.gmail.com>

hi all,

i want to sell some products on my website ,for tht i need some e-commerce
solution.
can u tell me how can i use oscommerce in my website(installation &
congiguration).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080906/97e8fe7d/attachment.htm 

From antoinesolutions at gmail.com  Sat Sep  6 06:27:27 2008
From: antoinesolutions at gmail.com (Jon Antoine)
Date: Fri, 5 Sep 2008 23:27:27 -0700
Subject: [development] Full HTML output in profile fields of type textarea
Message-ID: <445719130809052327j379e401bwa5933000846f1acf@mail.gmail.com>

Hi all,

I am trying to crate profile fields that allow full HTML output.  I
have struggled with this for a long time and finally came up with a
solution I am not happy with.  After tracking it down, I found on line
560 in the profile.module file that the field value is being passed
through check_markup function which is filtering out a lot of the
HTML.  I ended up replacing the check_markup call with a
filter_xss_admin call, but I hate that I had to modify core to
accomplish this.  Can anyone suggest a better workaround to this
problem?  I would greatly appreciate it.

-- 
Cheers,

Jon Antoine
www.antoinesolutions.com

From pavan.k.murthy at gmail.com  Sat Sep  6 06:59:07 2008
From: pavan.k.murthy at gmail.com (Pavan Keshavamurthy)
Date: Sat, 6 Sep 2008 12:29:07 +0530
Subject: [development] integrating oscommerce & drupal
In-Reply-To: <354002510809052315q736ba866nd9727c90f4686d8e@mail.gmail.com>
References: <354002510809052315q736ba866nd9727c90f4686d8e@mail.gmail.com>
Message-ID: <46b9cfab0809052359h153e0aa7j20cfcdee1e6dab09@mail.gmail.com>

This is a development list. You should be taking this question to the
support forums: http://drupal.org/support

Anyway, There's a full fledged Drupal ecommerce module already:
http://drupal.org/project/ecommerce
And there's some kind of OSCommerce integration too:
http://drupal.org/project/oscommerce

Regards
-Pavan Keshavamurthy

2008/9/6 mangesh s <mangeshmss at gmail.com>

> hi all,
>
> i want to sell some products on my website ,for tht i need some e-commerce
> solution.
> can u tell me how can i use oscommerce in my website(installation &
> congiguration).
>
>


-- 
_PK
Skype: pavankeshavamurthy
http://grahana.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080906/fa6501c7/attachment.htm 

From gina.beisel at gmail.com  Sat Sep  6 12:10:20 2008
From: gina.beisel at gmail.com (Gina Beisel)
Date: Sat, 6 Sep 2008 08:10:20 -0400
Subject: [development] integrating oscommerce & drupal
In-Reply-To: <46b9cfab0809052359h153e0aa7j20cfcdee1e6dab09@mail.gmail.com>
References: <354002510809052315q736ba866nd9727c90f4686d8e@mail.gmail.com>
	<46b9cfab0809052359h153e0aa7j20cfcdee1e6dab09@mail.gmail.com>
Message-ID: <94f215be0809060510y4b6cdb31j4bf620ee8f1cf9e7@mail.gmail.com>

Don't forget to check into ubercart.

On Sat, Sep 6, 2008 at 2:59 AM, Pavan Keshavamurthy <
pavan.k.murthy at gmail.com> wrote:

> This is a development list. You should be taking this question to the
> support forums: http://drupal.org/support
>
> Anyway, There's a full fledged Drupal ecommerce module already:
> http://drupal.org/project/ecommerce
> And there's some kind of OSCommerce integration too:
> http://drupal.org/project/oscommerce
>
> Regards
> -Pavan Keshavamurthy
>
> 2008/9/6 mangesh s <mangeshmss at gmail.com>
>
>> hi all,
>>
>> i want to sell some products on my website ,for tht i need some e-commerce
>> solution.
>> can u tell me how can i use oscommerce in my website(installation &
>> congiguration).
>>
>>
>
>
> --
> _PK
> Skype: pavankeshavamurthy
> http://grahana.net/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080906/d76eb594/attachment.htm 

From yched.drupal at free.fr  Sat Sep  6 14:48:21 2008
From: yched.drupal at free.fr (Yves Chedemois)
Date: Sat, 06 Sep 2008 16:48:21 +0200
Subject: [development] CCK field modules maintainers - D6 upgrade path
Message-ID: <48C29835.20105@free.fr>

To all CCK field modules maintainers :
please read http://drupal.org/node/304813

(also posted on g.d.o/cck)

yched


From predofaria at gmail.com  Sun Sep  7 12:58:52 2008
From: predofaria at gmail.com (Pedro Faria)
Date: Sun, 07 Sep 2008 09:58:52 -0300
Subject: [development] Full HTML output in profile fields of
	type	textarea
In-Reply-To: <445719130809052327j379e401bwa5933000846f1acf@mail.gmail.com>
References: <445719130809052327j379e401bwa5933000846f1acf@mail.gmail.com>
Message-ID: <1220792332.7615.0.camel@pedro-laptop>

hi,

you can create your own filter...

cya,


Pedro Faria.

On Fri, 2008-09-05 at 23:27 -0700, Jon Antoine wrote:
> Hi all,
> 
> I am trying to crate profile fields that allow full HTML output.  I
> have struggled with this for a long time and finally came up with a
> solution I am not happy with.  After tracking it down, I found on line
> 560 in the profile.module file that the field value is being passed
> through check_markup function which is filtering out a lot of the
> HTML.  I ended up replacing the check_markup call with a
> filter_xss_admin call, but I hate that I had to modify core to
> accomplish this.  Can anyone suggest a better workaround to this
> problem?  I would greatly appreciate it.
> 


From jpetso at gmx.at  Sun Sep  7 16:07:45 2008
From: jpetso at gmx.at (Jakob Petsovits)
Date: Sun, 7 Sep 2008 18:07:45 +0200
Subject: [development] CCK field modules maintainers - D6 upgrade path
In-Reply-To: <48C29835.20105@free.fr>
References: <48C29835.20105@free.fr>
Message-ID: <200809071807.46090.jpetso@gmx.at>

On Saturday 06 September 2008, Yves Chedemois wrote:
> To all CCK field modules maintainers :
> please read http://drupal.org/node/304813

It would make a lot of sense to also have this in the handbook, at 
http://drupal.org/node/191796

Of course, with inter-dependent module stacks getting popular, the nifty 
solution would be a solution in Drupal core, like, say,

mymodule.install:
...
/**
 * Implementation of hook_update_dependencies().
 * Not necessary to implement if this module's update functions do not
 * depend on other module's updates.
 */
function mymodule_update_dependencies() {
  return array(
    6000 => array(
      'content' => 6000, // needs at least CCK 6.x
      'filefield' => 6301, // and filefield-6.x-3.1 (made up the update no.)
    ),
  );
}
...

Those upgrade dependencies are (still?) so much of an edge case that a lot of 
module developers are apt to ignore them, while with a centralized framework 
it would be easy to implement, with updates being less error prone. Plus 
instead of aborting the whole process like in the above CCK note, those 
updates could run correctly in one go.

Seems easy enough, but I don't exactly feel strong enough about that idea to 
implement it :P


From yosry at hotmail.com  Sun Sep  7 16:45:51 2008
From: yosry at hotmail.com (yousry shady)
Date: Sun, 7 Sep 2008 18:45:51 +0200
Subject: [development] remove me plz
In-Reply-To: <200809071807.46090.jpetso@gmx.at>
References: <48C29835.20105@free.fr> <200809071807.46090.jpetso@gmx.at>
Message-ID: <BAY126-W32E32CF84C0793A6446DF8A15A0@phx.gbl>

remove me plz
Yosry SHADY 

> From: jpetso at gmx.at> To: development at drupal.org> Date: Sun, 7 Sep 2008 18:07:45 +0200> Subject: Re: [development] CCK field modules maintainers - D6 upgrade path> > On Saturday 06 September 2008, Yves Chedemois wrote:> > To all CCK field modules maintainers :> > please read http://drupal.org/node/304813> > It would make a lot of sense to also have this in the handbook, at > http://drupal.org/node/191796> > Of course, with inter-dependent module stacks getting popular, the nifty > solution would be a solution in Drupal core, like, say,> > mymodule.install:> ...> /**> * Implementation of hook_update_dependencies().> * Not necessary to implement if this module's update functions do not> * depend on other module's updates.> */> function mymodule_update_dependencies() {> return array(> 6000 => array(> 'content' => 6000, // needs at least CCK 6.x> 'filefield' => 6301, // and filefield-6.x-3.1 (made up the update no.)> ),> );> }> ...> > Those upgrade dependencies are (still?) so much of an edge case that a lot of > module developers are apt to ignore them, while with a centralized framework > it would be easy to implement, with updates being less error prone. Plus > instead of aborting the whole process like in the above CCK note, those > updates could run correctly in one go.> > Seems easy enough, but I don't exactly feel strong enough about that idea to > implement it :P> 
_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080907/0f76531e/attachment-0001.htm 

From eric.schaefer at eas-consulting.de  Sun Sep  7 18:19:42 2008
From: eric.schaefer at eas-consulting.de (Eric-Alexander Schaefer)
Date: Sun, 07 Sep 2008 20:19:42 +0200
Subject: [development] nodeapi data flow
Message-ID: <48C41B3E.5030307@eas-consulting.de>

Hi list,

are there any docs describing the data flow for 
creating/editing/previewing nodes (hook_nodeapi)?

Thanks,
Eric

From fgm at osinet.fr  Sun Sep  7 18:29:58 2008
From: fgm at osinet.fr (FGM)
Date: Sun, 7 Sep 2008 20:29:58 +0200
Subject: [development] nodeapi data flow
References: <48C41B3E.5030307@eas-consulting.de>
Message-ID: <FED62A41A477413E8CDF0293668B0BE9@pcosi>

Maybe you are looking for something like http://drupal.org/node/112180 ?


----- Original Message ----- 
From: "Eric-Alexander Schaefer" <eric.schaefer at eas-consulting.de>
To: <development at drupal.org>
Sent: Sunday, September 07, 2008 8:19 PM
Subject: [development] nodeapi data flow



Hi list,

are there any docs describing the data flow for
creating/editing/previewing nodes (hook_nodeapi)?

Thanks,
Eric

From eric.schaefer at eas-consulting.de  Sun Sep  7 19:06:06 2008
From: eric.schaefer at eas-consulting.de (Eric-Alexander Schaefer)
Date: Sun, 07 Sep 2008 21:06:06 +0200
Subject: [development] nodeapi data flow
In-Reply-To: <FED62A41A477413E8CDF0293668B0BE9@pcosi>
References: <48C41B3E.5030307@eas-consulting.de>
	<FED62A41A477413E8CDF0293668B0BE9@pcosi>
Message-ID: <48C4261E.8040300@eas-consulting.de>

FGM schrieb:
> Maybe you are looking for something like http://drupal.org/node/112180 ?

No. I want to know with which $op's hook_nodeapi() is called and the 
state of the node data during the call.
E.g.: When the user clicks "preview", hook_nodeapi() is called with 
$op='validate'. $node contains all the fields from the form in 
unprocessed state.

I am trying to fix a bug in scheduler.module. The user enters a time and 
date for a node to be published automatically (like "2008-09-10 
10:00:00). On $op=='validate' the entered string is converted to a 
timestamp if $node->publish_on is nonnumeric (eg a string). The same is 
done on $op=='presave'. Works like a charm, except if the user clicks 
"preview" a second time. I don't know why. The form processing should be 
the same as for the first preview.
Maybe I need to dig into node.module and find out which functions are 
called and which how the node data is processed. Sleep is overrated 
anyway. ;-)

Thanks,
Eric

From Greg at GrowingVentureSolutions.com  Sun Sep  7 19:36:12 2008
From: Greg at GrowingVentureSolutions.com (Greg Knaddison - GVS)
Date: Sun, 7 Sep 2008 13:36:12 -0600
Subject: [development] nodeapi data flow
In-Reply-To: <48C4261E.8040300@eas-consulting.de>
References: <48C41B3E.5030307@eas-consulting.de>
	<FED62A41A477413E8CDF0293668B0BE9@pcosi>
	<48C4261E.8040300@eas-consulting.de>
Message-ID: <3861c6770809071236t17d3f09ds5d31bb7e205dd0d7@mail.gmail.com>

On Sun, Sep 7, 2008 at 1:06 PM, Eric-Alexander Schaefer
<eric.schaefer at eas-consulting.de> wrote:
> FGM schrieb:
>>
>> Maybe you are looking for something like http://drupal.org/node/112180 ?
>
> No. I want to know with which $op's hook_nodeapi() is called and the state
> of the node data during the call.

At least for me http://www.google.com/search?q=hook_nodeapi finds the
best resource on the topic:
http://api.drupal.org/api/function/hook_nodeapi

The resources at http://api.drupal.org are great for things like this.

Regards,
Gre

-- 
Greg Knaddison
Denver, CO | http://knaddison.com | 303-800-5623
Growing Venture Solutions, LLC | http://growingventuresolutions.com

From jpetso at gmx.at  Sun Sep  7 21:22:25 2008
From: jpetso at gmx.at (Jakob Petsovits)
Date: Sun, 7 Sep 2008 23:22:25 +0200
Subject: [development] remove me plz
In-Reply-To: <BAY126-W32E32CF84C0793A6446DF8A15A0@phx.gbl>
References: <48C29835.20105@free.fr> <200809071807.46090.jpetso@gmx.at>
	<BAY126-W32E32CF84C0793A6446DF8A15A0@phx.gbl>
Message-ID: <200809072322.25181.jpetso@gmx.at>

On Sunday 07 September 2008, yousry shady wrote:
> remove me plz
> Yosry SHADY

herez ur link:
http://lists.drupal.org/listinfo/development

You need to unsubscribe yourself, in the same place where you subscribed 
yourself. Makes sense, doesn't it?

In other news (hi infrastructure team), shouldn't there be the standard footer 
appended to each mail that links to the mailman page?

From eric.schaefer at eas-consulting.de  Sun Sep  7 21:33:09 2008
From: eric.schaefer at eas-consulting.de (Eric-Alexander Schaefer)
Date: Sun, 07 Sep 2008 23:33:09 +0200
Subject: [development] nodeapi data flow
In-Reply-To: <3861c6770809071236t17d3f09ds5d31bb7e205dd0d7@mail.gmail.com>
References: <48C41B3E.5030307@eas-consulting.de>	<FED62A41A477413E8CDF0293668B0BE9@pcosi>	<48C4261E.8040300@eas-consulting.de>
	<3861c6770809071236t17d3f09ds5d31bb7e205dd0d7@mail.gmail.com>
Message-ID: <48C44895.2060506@eas-consulting.de>

Greg Knaddison - GVS schrieb:
> http://api.drupal.org/api/function/hook_nodeapi

But it only tells you _what_, not _when_ or _how_.

Thanks,
Eric

From kb at 2bits.com  Sun Sep  7 22:50:47 2008
From: kb at 2bits.com (Khalid Baheyeldin)
Date: Sun, 7 Sep 2008 18:50:47 -0400
Subject: [development] nodeapi data flow
In-Reply-To: <48C44895.2060506@eas-consulting.de>
References: <48C41B3E.5030307@eas-consulting.de>
	<FED62A41A477413E8CDF0293668B0BE9@pcosi>
	<48C4261E.8040300@eas-consulting.de>
	<3861c6770809071236t17d3f09ds5d31bb7e205dd0d7@mail.gmail.com>
	<48C44895.2060506@eas-consulting.de>
Message-ID: <4a9fdc630809071550w2a9e4ca4ya703e5591d0f4450@mail.gmail.com>

You may want to try the trace module http://drupal.org/project/trace

It will show you what hooks are being called, but perhaps not the arguments
to the hooks.

For that, you can get xdebug installed, and use an IDE that supports PHP and
xdebug tracing.
-- 
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080907/47a498de/attachment.htm 

From matt at mattfarina.com  Sun Sep  7 23:17:22 2008
From: matt at mattfarina.com (Matthew Farina)
Date: Sun, 7 Sep 2008 19:17:22 -0400
Subject: [development] nodeapi data flow
In-Reply-To: <4a9fdc630809071550w2a9e4ca4ya703e5591d0f4450@mail.gmail.com>
References: <48C41B3E.5030307@eas-consulting.de>
	<FED62A41A477413E8CDF0293668B0BE9@pcosi>
	<48C4261E.8040300@eas-consulting.de>
	<3861c6770809071236t17d3f09ds5d31bb7e205dd0d7@mail.gmail.com>
	<48C44895.2060506@eas-consulting.de>
	<4a9fdc630809071550w2a9e4ca4ya703e5591d0f4450@mail.gmail.com>
Message-ID: <35765872-039E-447C-B312-7E17E65F2E30@mattfarina.com>

Using xdebug or trace seems like a little overkill for many things.

I think this highlights that we are missing some nice flow diagrams  
for when hooks and actions are taking place when a drupal page is  
created.

On Sep 7, 2008, at 6:50 PM, Khalid Baheyeldin wrote:

> You may want to try the trace module http://drupal.org/project/trace
>
> It will show you what hooks are being called, but perhaps not the  
> arguments to the hooks.
>
> For that, you can get xdebug installed, and use an IDE that supports  
> PHP and xdebug tracing.
> -- 
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> http://2bits.com
> Drupal optimization, development, customization and consulting.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080907/412fd333/attachment.htm 

From yched.drupal at free.fr  Sun Sep  7 23:32:56 2008
From: yched.drupal at free.fr (Yves Chedemois)
Date: Mon, 08 Sep 2008 01:32:56 +0200
Subject: [development] CCK field modules maintainers - D6 upgrade path
In-Reply-To: <200809071807.46090.jpetso@gmx.at>
References: <48C29835.20105@free.fr> <200809071807.46090.jpetso@gmx.at>
Message-ID: <48C464A8.1000804@free.fr>

Jakob Petsovits a ecrit le 07/09/2008 18:07:
> On Saturday 06 September 2008, Yves Chedemois wrote:
>   
>> To all CCK field modules maintainers :
>> please read http://drupal.org/node/304813
>>     
>
> It would make a lot of sense to also have this in the handbook, at 
> http://drupal.org/node/191796
True - done.

From killshot91 at comcast.net  Sun Sep  7 23:34:28 2008
From: killshot91 at comcast.net (Steve Edwards)
Date: Sun, 07 Sep 2008 16:34:28 -0700
Subject: [development] nodeapi data flow
In-Reply-To: <35765872-039E-447C-B312-7E17E65F2E30@mattfarina.com>
References: <48C41B3E.5030307@eas-consulting.de>	<FED62A41A477413E8CDF0293668B0BE9@pcosi>	<48C4261E.8040300@eas-consulting.de>	<3861c6770809071236t17d3f09ds5d31bb7e205dd0d7@mail.gmail.com>	<48C44895.2060506@eas-consulting.de>	<4a9fdc630809071550w2a9e4ca4ya703e5591d0f4450@mail.gmail.com>
	<35765872-039E-447C-B312-7E17E65F2E30@mattfarina.com>
Message-ID: <48C46504.2030305@comcast.net>

There's one for node access on page 104 of the first Pro Drupal Development, and 157 and 162 on the second edition.

Steve

Matthew Farina wrote:
> Using xdebug or trace seems like a little overkill for many things.
> 
> I think this highlights that we are missing some nice flow diagrams for 
> when hooks and actions are taking place when a drupal page is created. 
> 
> On Sep 7, 2008, at 6:50 PM, Khalid Baheyeldin wrote:
> 
>> You may want to try the trace module http://drupal.org/project/trace
>>
>> It will show you what hooks are being called, but perhaps not the 
>> arguments to the hooks.
>>
>> For that, you can get xdebug installed, and use an IDE that supports 
>> PHP and xdebug tracing.
>> -- 
>> Khalid M. Baheyeldin
>> 2bits.com <http://2bits.com>, Inc.
>> http://2bits.com
>> Drupal optimization, development, customization and consulting.
> 

From amont at 5net.hu  Mon Sep  8 07:50:35 2008
From: amont at 5net.hu (=?ISO-8859-2?Q?=C1mon_Tam=E1s?=)
Date: Mon, 08 Sep 2008 09:50:35 +0200
Subject: [development] hook elements problem
Message-ID: <48C4D94B.1030703@5net.hu>

Hello,

I like to make some own form elements:

function atleta_elements() {
    $type['meter'] = array('#input' => TRUE, '#size' => 60);
    return $type;
}

but when I like to use it:

    $form['meter2'] = array(
      '#title' => 'meter2',
      '#type' => 'meter',
    );

I do not see this element. What is the solution?


?mon Tam?s
Sitefejleszt? ?s programoz?
-- 
5NET Informatikai Kft.
1062 Budapest, Aradi utca 38. A 3/11
telefon: (1) 461-0205  |  fax: (1) 461-0206
e-mail: amont at 5net.hu  |  web: http://www.5net.hu

From kkaefer at gmail.com  Mon Sep  8 09:13:24 2008
From: kkaefer at gmail.com (=?ISO-8859-2?Q?Konstantin_K=E4fer?=)
Date: Mon, 8 Sep 2008 11:13:24 +0200
Subject: [development] hook elements problem
In-Reply-To: <48C4D94B.1030703@5net.hu>
References: <48C4D94B.1030703@5net.hu>
Message-ID: <1D7B78D4-FA19-4488-9B91-D5F0732FBBF2@gmail.com>

Hi,

You need a rendering function or template file.

Konstantin

On 08.09.2008, at 09:50, ?mon Tam?s wrote:

> Hello,
>
> I like to make some own form elements:
>
> function atleta_elements() {
>   $type['meter'] = array('#input' => TRUE, '#size' => 60);
>   return $type;
> }
>
> but when I like to use it:
>
>   $form['meter2'] = array(
>     '#title' => 'meter2',
>     '#type' => 'meter',
>   );
>
> I do not see this element. What is the solution?
>
>
> ?mon Tam?s
> Sitefejleszt? ?s programoz?
> -- 
> 5NET Informatikai Kft.
> 1062 Budapest, Aradi utca 38. A 3/11
> telefon: (1) 461-0205  |  fax: (1) 461-0206
> e-mail: amont at 5net.hu  |  web: http://www.5net.hu


From mistknight at gmail.com  Mon Sep  8 10:59:09 2008
From: mistknight at gmail.com (Ashraf Amayreh)
Date: Mon, 8 Sep 2008 13:59:09 +0300
Subject: [development] menu problem
Message-ID: <a53d1b3b0809080359y7e240f05jd8f231657c8f7020@mail.gmail.com>

Hello all,

Really frustrated with this problem. When I'm logged out as anonymous, this
call

menu_get_active_nontask_item()

returns -202

This is the first user's (admin's) blog page (blog/1) which I cannot begin
to understand why it's being returned when I'm not even logged in. This is
the result regardless of the page I'm on, so it's ruining the page titles,
the breadcrumbs, the secondary tabs and many other things and I'd welcome
any tips on where to begin to figure out why it's happening or how to fix
it.

-- 
Ashraf Amayreh
http://aamayreh.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080908/d5cc1c38/attachment.htm 

From mistknight at gmail.com  Mon Sep  8 11:06:22 2008
From: mistknight at gmail.com (Ashraf Amayreh)
Date: Mon, 8 Sep 2008 14:06:22 +0300
Subject: [development] menu problem
In-Reply-To: <a53d1b3b0809080359y7e240f05jd8f231657c8f7020@mail.gmail.com>
References: <a53d1b3b0809080359y7e240f05jd8f231657c8f7020@mail.gmail.com>
Message-ID: <a53d1b3b0809080406p293594d3qbe85657ec7e1e807@mail.gmail.com>

OK. Forgot to mention I'm using Drupal 5. Thanks!

On Mon, Sep 8, 2008 at 1:59 PM, Ashraf Amayreh <mistknight at gmail.com> wrote:

> Hello all,
>
> Really frustrated with this problem. When I'm logged out as anonymous, this
> call
>
> menu_get_active_nontask_item()
>
> returns -202
>
> This is the first user's (admin's) blog page (blog/1) which I cannot begin
> to understand why it's being returned when I'm not even logged in. This is
> the result regardless of the page I'm on, so it's ruining the page titles,
> the breadcrumbs, the secondary tabs and many other things and I'd welcome
> any tips on where to begin to figure out why it's happening or how to fix
> it.
>
> --
> Ashraf Amayreh
> http://aamayreh.org
>



-- 
Ashraf Amayreh
http://aamayreh.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080908/ebe99d9f/attachment.htm 

From earnie at users.sourceforge.net  Mon Sep  8 11:19:50 2008
From: earnie at users.sourceforge.net (Earnie Boyd)
Date: Mon, 08 Sep 2008 07:19:50 -0400
Subject: [development] remove me plz
In-Reply-To: <200809072322.25181.jpetso@gmx.at>
References: <48C29835.20105@free.fr> <200809071807.46090.jpetso@gmx.at>
	<BAY126-W32E32CF84C0793A6446DF8A15A0@phx.gbl>
	<200809072322.25181.jpetso@gmx.at>
Message-ID: <20080908071950.h0ed3m7h0k4gkgck@mail.progw.org>

Quoting Jakob Petsovits <jpetso at gmx.at>:

>
> In other news (hi infrastructure team), shouldn't there be the 
> standard footer
> appended to each mail that links to the mailman page?
>

My experience is this is just ignored anyway.  Why clutter the list 
mail when you'll just have to respond again anyway?

Earnie -- http://for-my-kids.com/
-- http://give-me-an-offer.com/


From earnie at users.sourceforge.net  Mon Sep  8 11:26:50 2008
From: earnie at users.sourceforge.net (Earnie Boyd)
Date: Mon, 08 Sep 2008 07:26:50 -0400
Subject: [development] nodeapi data flow
In-Reply-To: <48C4261E.8040300@eas-consulting.de>
References: <48C41B3E.5030307@eas-consulting.de>
	<FED62A41A477413E8CDF0293668B0BE9@pcosi>
	<48C4261E.8040300@eas-consulting.de>
Message-ID: <20080908072650.5lu0y0urdao0wwc8@mail.progw.org>

Quoting Eric-Alexander Schaefer <eric.schaefer at eas-consulting.de>:

> FGM schrieb:
>> Maybe you are looking for something like http://drupal.org/node/112180 ?
>
> No. I want to know with which $op's hook_nodeapi() is called and the 
> state of the node data during the call.
> E.g.: When the user clicks "preview", hook_nodeapi() is called with 
> $op='validate'. $node contains all the fields from the form in 
> unprocessed state.
>
> I am trying to fix a bug in scheduler.module. The user enters a time 
> and date for a node to be published automatically (like "2008-09-10 
> 10:00:00). On $op=='validate' the entered string is converted to a 
> timestamp if $node->publish_on is nonnumeric (eg a string). The same 
> is done on $op=='presave'. Works like a charm, except if the user 
> clicks "preview" a second time. I don't know why. The form processing 
> should be the same as for the first preview.
> Maybe I need to dig into node.module and find out which functions are 
> called and which how the node data is processed. Sleep is overrated 
> anyway. ;-)
>

Is it possible that the FAPI #validated is set to TRUE so that validate 
is no longer executed?

Earnie -- http://for-my-kids.com/
-- http://give-me-an-offer.com/


From antoinesolutions at gmail.com  Mon Sep  8 14:32:21 2008
From: antoinesolutions at gmail.com (Jon Antoine)
Date: Mon, 8 Sep 2008 07:32:21 -0700
Subject: [development] Full HTML output in profile fields of type
	textarea
In-Reply-To: <1220792332.7615.0.camel@pedro-laptop>
References: <445719130809052327j379e401bwa5933000846f1acf@mail.gmail.com>
	<1220792332.7615.0.camel@pedro-laptop>
Message-ID: <445719130809080732k6d219908j9220853add3dece2@mail.gmail.com>

Hi Pedro,

Thank for the advice, but profile fields don't allow you to select a
filter to use.  It is hard coded, hence why I had to modify the code.

-- 
Cheers,

Jon Antoine
www.antoinesolutions.com

On Sun, Sep 7, 2008 at 5:58 AM, Pedro Faria <predofaria at gmail.com> wrote:
> hi,
>
> you can create your own filter...
>
> cya,
>
>
> Pedro Faria.
>
> On Fri, 2008-09-05 at 23:27 -0700, Jon Antoine wrote:
>> Hi all,
>>
>> I am trying to crate profile fields that allow full HTML output.  I
>> have struggled with this for a long time and finally came up with a
>> solution I am not happy with.  After tracking it down, I found on line
>> 560 in the profile.module file that the field value is being passed
>> through check_markup function which is filtering out a lot of the
>> HTML.  I ended up replacing the check_markup call with a
>> filter_xss_admin call, but I hate that I had to modify core to
>> accomplish this.  Can anyone suggest a better workaround to this
>> problem?  I would greatly appreciate it.
>>
>
>

From Greg at GrowingVentureSolutions.com  Mon Sep  8 15:03:16 2008
From: Greg at GrowingVentureSolutions.com (Greg Knaddison - GVS)
Date: Mon, 8 Sep 2008 09:03:16 -0600
Subject: [development] Full HTML output in profile fields of type
	textarea
In-Reply-To: <445719130809052327j379e401bwa5933000846f1acf@mail.gmail.com>
References: <445719130809052327j379e401bwa5933000846f1acf@mail.gmail.com>
Message-ID: <3861c6770809080803o43ec7560j89725e50fb41e92@mail.gmail.com>

On Sat, Sep 6, 2008 at 12:27 AM, Jon Antoine <antoinesolutions at gmail.com> wrote:
> I am trying to crate profile fields that allow full HTML output.  I
> have struggled with this for a long time and finally came up with a
> solution I am not happy with.  After tracking it down, I found on line
> 560 in the profile.module file that the field value is being passed
> through check_markup function which is filtering out a lot of the
> HTML.  I ended up replacing the check_markup call with a
> filter_xss_admin call, but I hate that I had to modify core to
> accomplish this.  Can anyone suggest a better workaround to this
> problem?  I would greatly appreciate it.

The call to check_markup without a specified filter (as it is in
profile.module) will use whichever filter format is the default for
the site.  So, if you wish to change which tags are filtered or not
you can modify your default input filter.

I will caution you that bad configuration and improper use of input
formats can lead to security holes.  Two resources on the subject:
http://drupal.org/node/224921 and
http://heine.familiedeelstra.com/input-formats-beware

Regards,
Greg

-- 
Greg Knaddison
Denver, CO | http://knaddison.com | 303-800-5623
Growing Venture Solutions, LLC | http://growingventuresolutions.com

From antoinesolutions at gmail.com  Mon Sep  8 16:19:23 2008
From: antoinesolutions at gmail.com (Jon Antoine)
Date: Mon, 8 Sep 2008 09:19:23 -0700
Subject: [development] Full HTML output in profile fields of type
	textarea
In-Reply-To: <3861c6770809080803o43ec7560j89725e50fb41e92@mail.gmail.com>
References: <445719130809052327j379e401bwa5933000846f1acf@mail.gmail.com>
	<3861c6770809080803o43ec7560j89725e50fb41e92@mail.gmail.com>
Message-ID: <445719130809080919h18e9b1bdw22fb53cc261992eb@mail.gmail.com>

Greg,

That was exactly what I needed.  I was able to add a few tags to the
default role and revert the changes made to core.  Thanks so much, and
also for the great links.

-- 
Cheers,

Jon Antoine
www.antoinesolutions.com

On Mon, Sep 8, 2008 at 8:03 AM, Greg Knaddison - GVS
<Greg at growingventuresolutions.com> wrote:
> On Sat, Sep 6, 2008 at 12:27 AM, Jon Antoine <antoinesolutions at gmail.com> wrote:
>> I am trying to crate profile fields that allow full HTML output.  I
>> have struggled with this for a long time and finally came up with a
>> solution I am not happy with.  After tracking it down, I found on line
>> 560 in the profile.module file that the field value is being passed
>> through check_markup function which is filtering out a lot of the
>> HTML.  I ended up replacing the check_markup call with a
>> filter_xss_admin call, but I hate that I had to modify core to
>> accomplish this.  Can anyone suggest a better workaround to this
>> problem?  I would greatly appreciate it.
>
> The call to check_markup without a specified filter (as it is in
> profile.module) will use whichever filter format is the default for
> the site.  So, if you wish to change which tags are filtered or not
> you can modify your default input filter.
>
> I will caution you that bad configuration and improper use of input
> formats can lead to security holes.  Two resources on the subject:
> http://drupal.org/node/224921 and
> http://heine.familiedeelstra.com/input-formats-beware
>
> Regards,
> Greg
>
> --
> Greg Knaddison
> Denver, CO | http://knaddison.com | 303-800-5623
> Growing Venture Solutions, LLC | http://growingventuresolutions.com
>

From dmitrig01 at gmail.com  Tue Sep  9 03:13:37 2008
From: dmitrig01 at gmail.com (Dmitri G)
Date: Mon, 8 Sep 2008 20:13:37 -0700
Subject: [development] hook elements problem
In-Reply-To: <1D7B78D4-FA19-4488-9B91-D5F0732FBBF2@gmail.com>
References: <48C4D94B.1030703@5net.hu>
	<1D7B78D4-FA19-4488-9B91-D5F0732FBBF2@gmail.com>
Message-ID: <9d2095ce0809082013y4c9b45c6v89f590057e23770d@mail.gmail.com>

As Konstantin said, but in more understandable terms:

You need a theme function for your element - how does Drupal know what
your element is supposed to look like?

You can register it with hook_theme - see
http://api.drupal.org/api/function/hook_theme/6.

Then, your theme function accepts one argument, $element. You can
return HTML.  See http://api.drupal.org/api/function/theme_fieldset/6
for an example.

Dmitri

2008/9/8 Konstantin K?fer <kkaefer at gmail.com>:
> Hi,
>
> You need a rendering function or template file.
>
> Konstantin
>
> On 08.09.2008, at 09:50, ?mon Tam?s wrote:
>
>> Hello,
>>
>> I like to make some own form elements:
>>
>> function atleta_elements() {
>>  $type['meter'] = array('#input' => TRUE, '#size' => 60);
>>  return $type;
>> }
>>
>> but when I like to use it:
>>
>>  $form['meter2'] = array(
>>    '#title' => 'meter2',
>>    '#type' => 'meter',
>>  );
>>
>> I do not see this element. What is the solution?
>>
>>
>> ?mon Tam?s
>> Sitefejleszt? ?s programoz?
>> --
>> 5NET Informatikai Kft.
>> 1062 Budapest, Aradi utca 38. A 3/11
>> telefon: (1) 461-0205  |  fax: (1) 461-0206
>> e-mail: amont at 5net.hu  |  web: http://www.5net.hu
>
>

From drewish at katherinehouse.com  Tue Sep  9 04:37:28 2008
From: drewish at katherinehouse.com (andrew morton)
Date: Mon, 8 Sep 2008 21:37:28 -0700
Subject: [development] hook elements problem
In-Reply-To: <9d2095ce0809082013y4c9b45c6v89f590057e23770d@mail.gmail.com>
References: <48C4D94B.1030703@5net.hu>
	<1D7B78D4-FA19-4488-9B91-D5F0732FBBF2@gmail.com>
	<9d2095ce0809082013y4c9b45c6v89f590057e23770d@mail.gmail.com>
Message-ID: <fab053ce0809082137x27d71622u67f9a4eb10146ac2@mail.gmail.com>

Or, you could take a look at the example_element module:
http://api.drupal.org/api/file/developer/examples/example_element.module/6

2008/9/8 Dmitri G <dmitrig01 at gmail.com>:
> As Konstantin said, but in more understandable terms:
>
> You need a theme function for your element - how does Drupal know what
> your element is supposed to look like?
>
> You can register it with hook_theme - see
> http://api.drupal.org/api/function/hook_theme/6.
>
> Then, your theme function accepts one argument, $element. You can
> return HTML.  See http://api.drupal.org/api/function/theme_fieldset/6
> for an example.
>
> Dmitri
>
> 2008/9/8 Konstantin K?fer <kkaefer at gmail.com>:
>> Hi,
>>
>> You need a rendering function or template file.
>>
>> Konstantin
>>
>> On 08.09.2008, at 09:50, ?mon Tam?s wrote:
>>
>>> Hello,
>>>
>>> I like to make some own form elements:
>>>
>>> function atleta_elements() {
>>>  $type['meter'] = array('#input' => TRUE, '#size' => 60);
>>>  return $type;
>>> }
>>>
>>> but when I like to use it:
>>>
>>>  $form['meter2'] = array(
>>>    '#title' => 'meter2',
>>>    '#type' => 'meter',
>>>  );
>>>
>>> I do not see this element. What is the solution?
>>>
>>>
>>> ?mon Tam?s
>>> Sitefejleszt? ?s programoz?
>>> --
>>> 5NET Informatikai Kft.
>>> 1062 Budapest, Aradi utca 38. A 3/11
>>> telefon: (1) 461-0205  |  fax: (1) 461-0206
>>> e-mail: amont at 5net.hu  |  web: http://www.5net.hu
>>
>>
>

From drupal-devel at webchick.net  Tue Sep  9 20:15:17 2008
From: drupal-devel at webchick.net (Angela Byron)
Date: Tue, 09 Sep 2008 16:15:17 -0400
Subject: [development] Local repository best practices
Message-ID: <48C6D955.6050200@webchick.net>

I've been doing some research for a client on best practices surrounding 
repository management, and wanted to take this discussion to the 
developer list and see if we could get some general consensus, and 
document it as a best practice in the handbooks.

I found a bunch of discussion on this topic:
* http://drupal.org/node/118936
* http://www.workhabit.com/labs/svn-repository-structure-drupal-projects
* http://ceardach.com/blog/2008/06/development-environment-drupal
* http://pingv.com/blog/cyberswat/200706/project-management-drupal
* http://www.svntalk.com/node/6
* 
http://agaricdesign.com/agarics-svn-repository-structure-for-site-maintenance-and-web-development
* https://svn.bryght.com/dev/browser
* http://www.advantagelabs.com/advantage_labs_svn_repository_structure
* http://www.codegobbler.com/svn-repository-structure-drupal-projects

Most of these discussions are around Drupal *shops* who setup SVN to 
manage the development of their clients' sites, or who host their 
clients' Drupal sites and manage updates via SVN.

However, I'm curious what people generally use in terms of repository 
structure/deployment strategy *after* development is complete, and they 
hand the site over to the client so that they can be self-sustaining? It 
doesn't really seem like they need a vendor branch with various versions 
of Drupal and contributed modules. The repository is around just their 
own site.

We typically do something like this:

/branches:
   This is where "crazy" development happens that will break other stuff.
- /drupal-6-port
- /crazy-new-feature

/tags:
   This is where deployments go. Whenever we move a deployment to prod,
   we tag it first so that we can see a historical record of things that
   were put 'live'
- /2008-09-03-description-of-deployment
- /2008-09-08-description-of-deployment

/trunk:
   The latest development code in preparation of deployment.
   Should be kept stable at all times. Minor fixes can go in here, but
   major ones (particularly porting tasks) get a dedicated branch.

Beneath each directory above is something like this:

- /www:    Drupal files, modules, etc.
- /assets: Things like wireframes, TinyMCE .zip files, and anything else
            that shouldn't be web acessible.
- /db:     Database backup files

What are other people doing for this use case?

-Angie

From metzlerd at metzlerd.com  Wed Sep 10 02:16:08 2008
From: metzlerd at metzlerd.com (David Metzler)
Date: Tue, 9 Sep 2008 19:16:08 -0700
Subject: [development] Local repository best practices
In-Reply-To: <48C6D955.6050200@webchick.net>
References: <48C6D955.6050200@webchick.net>
Message-ID: <B1C2C62D-E66E-4142-89FA-75E035315FD9@metzlerd.com>

I doubt you'll find consensus, but good luck on trying ;).

I'm writing this from the perspective of a client.  I don't develop  
modules for other people, but just for use in house.  Here's what I  
do, but I confess to not using svn for version management of modules  
we don't develop.   Rather we rely on release module and the  
drupal.org infrastructure for releases we don't care about but rather  
only use svn for the code that's specific to us.    Some of the folks  
at our college are trying out using SVN to manage drupal deployment,  
they often complain that it's more trouble than its worth.

  I organize my SVN tree around deployable units, and for me that's  
designed and organized around the test plan.  That makes it easier to  
understand what's been tested and ready for deployment.

themes/trunk - all the themes for my site
custom_module_a/trunk  The version tree for that module

Projects that have database changes have a db_api directory within  
them, so that we can tag/branch accordingly. Here's some real  
examples of project paths.  In the example ilc refers to a large  
project that handles independent learning contracts at my college.

projects/themes/trunk/evergreen_app
projects/ilc/trunk/db_api
projects/ilc/trunk/modules/myilc
projects/ilc/trunk/xsl
projects/ilc/1.0/db_api
projects/ilc/1.0/modules/myilc
et.c.


I then write svn export scripts to deploy the bundles to test and  
production sites.  This leaves me free to deploy verson_1 of  
module_x  or version 2 of module_y, and have separate test plans/ 
release dates for each of these.  Doing this cuts down on the work of  
creating a bunch of branches every time I have a separate development  
track going on.  I tag within the themes trunk at major theme rev  
changes.

I explain this only to suggest that best practices should really be  
built around your sites test and deployment strategies.  For small  
organizations with small number of projects, this might be properly  
organized around the site, but as you grow, (we use drupal for our  
school's portal) there's a lot of need to design svn repositiories  
around the project rather than the site.   We do use tags branches  
and trunks as you've indicated.

This may n ot be what you're asking and if not, I apologize.  ;)

Dave
On Sep 9, 2008, at 1:15 PM, Angela Byron wrote:

> I've been doing some research for a client on best practices  
> surrounding repository management, and wanted to take this  
> discussion to the developer list and see if we could get some  
> general consensus, and document it as a best practice in the  
> handbooks.
>
> I found a bunch of discussion on this topic:
> * http://drupal.org/node/118936
> * http://www.workhabit.com/labs/svn-repository-structure-drupal- 
> projects
> * http://ceardach.com/blog/2008/06/development-environment-drupal
> * http://pingv.com/blog/cyberswat/200706/project-management-drupal
> * http://www.svntalk.com/node/6
> * http://agaricdesign.com/agarics-svn-repository-structure-for-site- 
> maintenance-and-web-development
> * https://svn.bryght.com/dev/browser
> * http://www.advantagelabs.com/advantage_labs_svn_repository_structure
> * http://www.codegobbler.com/svn-repository-structure-drupal-projects
>
> Most of these discussions are around Drupal *shops* who setup SVN  
> to manage the development of their clients' sites, or who host  
> their clients' Drupal sites and manage updates via SVN.
>
> However, I'm curious what people generally use in terms of  
> repository structure/deployment strategy *after* development is  
> complete, and they hand the site over to the client so that they  
> can be self-sustaining? It doesn't really seem like they need a  
> vendor branch with various versions of Drupal and contributed  
> modules. The repository is around just their own site.
>
> We typically do something like this:
>
> /branches:
>   This is where "crazy" development happens that will break other  
> stuff.
> - /drupal-6-port
> - /crazy-new-feature
>
> /tags:
>   This is where deployments go. Whenever we move a deployment to prod,
>   we tag it first so that we can see a historical record of things  
> that
>   were put 'live'
> - /2008-09-03-description-of-deployment
> - /2008-09-08-description-of-deployment
>
> /trunk:
>   The latest development code in preparation of deployment.
>   Should be kept stable at all times. Minor fixes can go in here, but
>   major ones (particularly porting tasks) get a dedicated branch.
>
> Beneath each directory above is something like this:
>
> - /www:    Drupal files, modules, etc.
> - /assets: Things like wireframes, TinyMCE .zip files, and anything  
> else
>            that shouldn't be web acessible.
> - /db:     Database backup files
>
> What are other people doing for this use case?
>
> -Angie


From drupal at dave-cohen.com  Wed Sep 10 04:09:20 2008
From: drupal at dave-cohen.com (David Cohen)
Date: Tue, 09 Sep 2008 21:09:20 -0700
Subject: [development] Local repository best practices
In-Reply-To: <48C6D955.6050200@webchick.net>
References: <48C6D955.6050200@webchick.net>
Message-ID: <1221019760.18921.1273141051@webmail.messagingengine.com>

Webchick,

When I hand over source code to a client, I tell them to treat it like a
vendor branch (as documented in the subversion manual).  Then, they
might customize if further for themselves.  But most of my clients would
ask me to make changes.  I would give them updated files, they'd run the
update.php script and be good to go.

I've considered documenting my own source code repository, as I've put a
lot of thought into it.  But have not had time to write it up.  I use
subversion, and arrange it like this:

drupal/5/ contains everything for drupal-5 based sites (drupal/6/ for
6.x and so on)

drupal/5/vendor/ contains unmodified drupal core.  For example
drupal/5/vendor/5.6 contains Drupal-5.6.

drupal/5/custom contains drupal with my patches.  Yes, from time to time
drupal must be patched.  For example, drupal/5/custom/5.6 is modified
Drupal-5.6

drupal/5/modules contains all the modules I use in all my sites. 
Sometimes modules need patching, too.  I don't bother to keep a vendor
branch of each one.  I just keep the version I prefer.  Usually I've
checked a particular version of the module out of drupal cvs.  Sometimes
I keep multiple versions of a module around, for example
drupal/5/modules/location is the latest location module while
drupal/5/modules/location-1.x is an older version.  I also have
directories drupal/5/themes and drupal/5/profiles.

drupal/5/sites contains the "sites/all" directory of the sites I'm
working on.  For example, drupal/5/sites/orphanage/modules contains
modules used by theorphanage.com, while
drupal/5/sites/drupalforfacebook/modules contains modules used by
drupalforfacebook.org.  These directories do not actually "contain"
modules.  Instead, I use svn:externals to refer to modules in
drupal/5/modules/. By using svn:externals, I can patch one of my modules
for one site, check in the change, then all my sites get the fix when I
update them.  This approach may not work for everyone, but it works for
me.

drupal/5/work contains the root of each project I'm working on.  Again,
I use svn:externals here.  Each work directory contains htdocs/ (an
svn:externals link to drupal/5/custom/X.y), and also svn:externals to
the drupal/5/sites/something.  (I use some well-placed symbolic links to
keep the site-specific code completely separate from Drupal core).  The
work directory also contains documentation and other files specific to a
particular site, which are not part of the website itself.

So the key feature of my approach is the use of the svn:externals
property.  Using this, I can change a module (or version of core) for
one site, and easily propagate the change to other sites.  Another
recommendation of mine is to not make the drupal root directory the root
of the project.  Instead, put drupal in a directory (I call it htdocs/)
and keep documentation (or comps, or anything not part of the site) in
source control, but not separate from the website files.

I think this is a great question and look forward to reading other
responses.

-Dave


On Tue, 09 Sep 2008 16:15:17 -0400, "Angela Byron"
<drupal-devel at webchick.net> said:
> 
> However, I'm curious what people generally use in terms of repository 
> structure/deployment strategy *after* development is complete, and they 
> hand the site over to the client so that they can be self-sustaining? It 
> doesn't really seem like they need a vendor branch with various versions 
> of Drupal and contributed modules. The repository is around just their 
> own site.
> 

From drupal at ryancross.com  Wed Sep 10 04:53:24 2008
From: drupal at ryancross.com (Ryan Cross)
Date: Wed, 10 Sep 2008 14:53:24 +1000
Subject: [development] Local repository best practices
In-Reply-To: <48C6D955.6050200@webchick.net>
References: <48C6D955.6050200@webchick.net>
Message-ID: <4e983be00809092153l48c1a0b7of164f881338e8e80@mail.gmail.com>

I have a client that really wants to use GIT to manage their code. So, if
anyone would like to chime in with non-svn development
workflows/organization that would be great too.

I'm also curious if people would expand a bit more about how they manage
their DB changes. It sounds like angie/lullabot store a DB dump in the
repository and then upload that with their deployment. Is this standard
practice for other people?

-Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080910/54d81436/attachment.htm 

From drupal at samboyer.org  Wed Sep 10 05:41:58 2008
From: drupal at samboyer.org (Sam Boyer)
Date: Wed, 10 Sep 2008 00:41:58 -0500
Subject: [development] Local repository best practices
In-Reply-To: <4e983be00809092153l48c1a0b7of164f881338e8e80@mail.gmail.com>
References: <48C6D955.6050200@webchick.net>
	<4e983be00809092153l48c1a0b7of164f881338e8e80@mail.gmail.com>
Message-ID: <200809100042.09250.drupal@samboyer.org>

On Tuesday 09 September 2008 23:53:24 Ryan Cross wrote:
> I have a client that really wants to use GIT to manage their code. So, if
> anyone would like to chime in with non-svn development
> workflows/organization that would be great too.

There are really an _enormous_ number of different ways one can use git to 
manage a drupal project, but the right implementation with git would be highly 
dependent on your client's workflow.

For example, I've made my local development environment into something of a 
git proof-of-concept: I regularly rsync off of cvs.drupal.org to provide a 
local mirror (for speed purposes), pull those into git repos using git-
cvsimport, then push them into bare git repos that I also maintain locally 
(I've yet to find just the right mojo to get git-cvsimport to interact directly 
with bare git repos). I do this for both contrib and core. Then, I structure 
out individual drupal installs using git subprojects, wherein each drupal 
module retains the remote reference to the appropriate location within the 
contrib repo, so it can automatically be aware of and gobble up any upstream 
changes. I can also make small tweaks to a particular install on a new branch, 
or I can also pop off a new branch if I'm looking to set up a new site with a 
slightly different configuration.

Most of that is utter and complete overkill for only one machine (as I said, 
proof of concept!), but the place where it gets nifty is the push/pulling 
between my laptop and desktop. It's getting to easy to keep the two synced up 
in all the right ways that I find myself forgetting which machine I made a 
given change on - then laughing as I `git pull` and remember that it doesn't 
matter :)

However, that kind of a setup probably wouldn't be much use for a single site. 
If your client is really gung-ho about using git, and they're sufficiently 
familiar with using git on the command line, AND there are a few folks who'll 
be working on the site simultaneously, I'd personally recommend pulling down 
as much of the necessary code via drush as possible to your dev server, then 
setting up each developer with access to the dev server's git repo; clone off 
of that, then let people push/pull to each other and the dev server basically 
willy nilly (git is largely capable of taking care of the details, barring big 
sticky conflicts) until you're ready to push out to live. From there, it starts 
getting more complicated, and into questions about deployment. And on that...

>
> I'm also curious if people would expand a bit more about how they manage
> their DB changes. It sounds like angie/lullabot store a DB dump in the
> repository and then upload that with their deployment. Is this standard
> practice for other people?

You should probably have a looksee at last months' discussion:

http://lists.drupal.org/pipermail/development/2008-August/030745.html

>
> -Ryan

cheers,
Sam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.drupal.org/pipermail/development/attachments/20080910/6a3788da/attachment-0001.pgp 

From gordon at heydon.com.au  Wed Sep 10 05:51:52 2008
From: gordon at heydon.com.au (Gordon Heydon)
Date: Wed, 10 Sep 2008 15:51:52 +1000
Subject: [development] Local repository best practices
In-Reply-To: <4e983be00809092153l48c1a0b7of164f881338e8e80@mail.gmail.com>
References: <48C6D955.6050200@webchick.net>
	<4e983be00809092153l48c1a0b7of164f881338e8e80@mail.gmail.com>
Message-ID: <E837964E-A941-43F3-ADB6-BD0AE835A608@heydon.com.au>

Hi,

I actually use git to manage all my clients, (Including the ones with  
SVN as git has a great SVN connector).

Basically I have my base systems which I use to roll out to all  
clients and then I create a local system which pulls from the base  
repository and then loads on any additional modules.

To do any db updates I push this through the hook_update_n() and then  
I use update.sh http://drupal.org/node/233091 to automatically run the  
updates as soon as the new version is committed to the repository and  
it will put the system into maintenance mode and do the updates and  
take it out of maintenance module if there are no errors.

That is for the test system. Then I use branches to build a release  
version and once this has past muster I use tag and then do a fetch in  
the live system to bring in the code and then I check out the release  
branch.

Works really good. I just wish more people would use git.

Also this means that I don't have to give people commit access to  
systems, then can just email me the changes and I can sign them off  
and move them into live. If there is a problem I can see there patches  
and who signed off the patch and who committed it.

Git has a great chain of evidence. Nothing comes even close to this.

Also because of the extremely strong branch management in git moving  
fixes between the rc branches and the master is usually a single  
command with no messing around with fixing up broken patches.

You will have 1 problem with git. which is what I have. every other  
SRM pails in comparison, esp once you start using branches that way  
they are meant be.

An example of this is that I am doing a lot of changes to simple  
access and upgrading to D6, and most of the commits that I do in 5,  
with git I can move to 6 with generally no intervention from me. So  
keeping the 2 releases in sync is very easy.

please excuse the rant.

Gordon.

On 10/09/2008, at 2:53 PM, Ryan Cross wrote:

> I have a client that really wants to use GIT to manage their code.  
> So, if anyone would like to chime in with non-svn development  
> workflows/organization that would be great too.
>
> I'm also curious if people would expand a bit more about how they  
> manage their DB changes. It sounds like angie/lullabot store a DB  
> dump in the repository and then upload that with their deployment.  
> Is this standard practice for other people?
>
> -Ryan
> !DSPAM:1000,48c757c671618992556831!


From fgm at osinet.fr  Wed Sep 10 06:35:49 2008
From: fgm at osinet.fr (=?utf-8?Q?Fr=C3=A9d=C3=A9ric_G._MARAND?=)
Date: Wed, 10 Sep 2008 08:35:49 +0200
Subject: [development] Local repository best practices
In-Reply-To: <4e983be00809092153l48c1a0b7of164f881338e8e80@mail.gmail.com>
References: <48C6D955.6050200@webchick.net>
	<4e983be00809092153l48c1a0b7of164f881338e8e80@mail.gmail.com>
Message-ID: <CDC47F0E3E6D429AB9A3495877041FE5@PCdeMarand>

Apparently, the Drupal e-commerce project is essentially being developed 
under GIT and synced from time to time to Drupal CVS.

----- Original Message ----- 
From: Ryan Cross
To: development at drupal.org
Sent: Wednesday, September 10, 2008 6:53 AM
Subject: Re: [development] Local repository best practices


I have a client that really wants to use GIT to manage their code. So, if 
anyone would like to chime in with non-svn development 
workflows/organization that would be great too.
[...] 


From winborn at advomatic.com  Wed Sep 10 11:53:16 2008
From: winborn at advomatic.com (Aaron Winborn)
Date: Wed, 10 Sep 2008 07:53:16 -0400
Subject: [development] Questions for Drupal Multimedia
Message-ID: <48C7B52C.2080909@advomatic.com>

As you probably know by now, the book Drupal Multimedia is nearly ready 
for publication. Before it goes to press however, I want to acknowledge 
all the work Drupal developers have done towards making Drupal the 
choice for multimedia on the web.

I want to include a final section, "In their words" kind of thing, and 
am posing some open questions here. I would love to include your words 
in the book, so please feel free to answer any or all of these questions 
with a paragraph or three. If you do answer them here, please also 
indicate a byline for attribution, such as "Alice Boyd (abc on Drupal), 
Co-maintainer of the Mega Multimedia Module," "Wile. E. Coyote, 
Developer for Acme, Inc.", or "Tim Berners-Lee, Inventor of the WWW."

I know it's short notice, but I need these by Saturday. I figure this is 
the best time for these questions, as many contributed modules for media 
handling in Drupal 6 are just about ready for deployment, and there are 
many production sites already using Drupal 6.

1) What modules, tools and/or techniques do you use (and/or have you 
created) for multimedia handling in Drupal 6?

2) What advice do you have for new developers and/or themers?

3) What do you envision for the future of multimedia in Drupal, for 
Drupal 7, Drupal 8, and/or beyond?

Feel free to respond to this thread or to e-mail me personally at 
winborn at advomatic.com.

Thanks!
Aaron

-- 
Aaron Winborn

Advomatic, LLC
http://advomatic.com/

Drupal Multimedia available in September!
http://www.packtpub.com/create-multimedia-website-with-drupal/book

My blog:
http://aaronwinborn.com/


From earnie at users.sourceforge.net  Wed Sep 10 13:12:16 2008
From: earnie at users.sourceforge.net (Earnie Boyd)
Date: Wed, 10 Sep 2008 09:12:16 -0400
Subject: [development] Local repository best practices
In-Reply-To: <4e983be00809092153l48c1a0b7of164f881338e8e80@mail.gmail.com>
References: <48C6D955.6050200@webchick.net>
	<4e983be00809092153l48c1a0b7of164f881338e8e80@mail.gmail.com>
Message-ID: <20080910091216.ozicaptpzz4kocs4@mail.progw.org>

Quoting Ryan Cross <drupal at ryancross.com>:

> I have a client that really wants to use GIT to manage their code. So, if
> anyone would like to chime in with non-svn development
> workflows/organization that would be great too.
>
> I'm also curious if people would expand a bit more about how they manage
> their DB changes. It sounds like angie/lullabot store a DB dump in the
> repository and then upload that with their deployment. Is this standard
> practice for other people?
>

Maybe http://drupal.org/node/288873 will help.

Earnie -- http://for-my-kids.com/
-- http://give-me-an-offer.com/


From drupal at dave-cohen.com  Wed Sep 10 16:55:13 2008
From: drupal at dave-cohen.com (Dave Cohen)
Date: Wed, 10 Sep 2008 09:55:13 -0700
Subject: [development] Local repository best practices
In-Reply-To: <4e983be00809092153l48c1a0b7of164f881338e8e80@mail.gmail.com>
References: <48C6D955.6050200@webchick.net>
	<4e983be00809092153l48c1a0b7of164f881338e8e80@mail.gmail.com>
Message-ID: <200809100955.13760.drupal@dave-cohen.com>

I wrote up how I move database changes from development to deployment a while 
back: http://www.dave-cohen.com/node/1779
Since then, there was a thread on this list about using unique/random ids in 
place of serial ids in drupal's db.  I think that would be a great change and 
eliminate some of the hoops I jump through.

If you're looking for standard practice, I think most shops share a common 
install (perhaps a copy of the live site).  One developer makes configuration 
changes to that install, then the others copy the full database to their 
development copies.  This is burdensome and blows away changes made to local 
copies.  Managing this is a headache that gets discussed often.  As far as I 
can tell there is no ideal solution.

-Dave

On Tuesday 09 September 2008, Ryan Cross wrote:
> I'm also curious if people would expand a bit more about how they manage
> their DB changes. It sounds like angie/lullabot store a DB dump in the
> repository and then upload that with their deployment. Is this standard
> practice for other people?



From merlin at logrus.com  Wed Sep 10 18:09:18 2008
From: merlin at logrus.com (Earl Miles)
Date: Wed, 10 Sep 2008 11:09:18 -0700
Subject: [development] Views 1 maintainership?
Message-ID: <48C80D4E.2080101@logrus.com>

Would anyone be interested in taking on the role of maintaining Views 1? 
The fact that it is a completely different piece of software from Views 
2 makes it very difficult for me to spend much time on it, and there are 
lots of patches and bugfixes that it could stand to have used.

Please be aware that such a maintainership would be no small task, but 
you would have the interesting (and maybe terrifying) responsibility for 
a piece of software that is used across almost all of Drupal.

From Matt at NinjitsuHosting.com  Wed Sep 10 21:42:03 2008
From: Matt at NinjitsuHosting.com (Matt Chapman)
Date: Wed, 10 Sep 2008 17:42:03 -0400
Subject: [development] Local repository best practices
In-Reply-To: <CDC47F0E3E6D429AB9A3495877041FE5@PCdeMarand>
References: <48C6D955.6050200@webchick.net>	<4e983be00809092153l48c1a0b7of164f881338e8e80@mail.gmail.com>
	<CDC47F0E3E6D429AB9A3495877041FE5@PCdeMarand>
Message-ID: <48C83F2B.1050407@NinjitsuHosting.com>

I'm very curious about GIT...

Anyone have any response to the criticism that decentralized 
repositories (GIT) result in more need for manual merging than 
centralized (SVN) ?

-Matt



Fr?d?ric G. MARAND wrote:
> Apparently, the Drupal e-commerce project is essentially being 
> developed under GIT and synced from time to time to Drupal CVS.
>
> ----- Original Message ----- From: Ryan Cross
> To: development at drupal.org
> Sent: Wednesday, September 10, 2008 6:53 AM
> Subject: Re: [development] Local repository best practices
>
>
> I have a client that really wants to use GIT to manage their code. So, 
> if anyone would like to chime in with non-svn development 
> workflows/organization that would be great too.
> [...]

From edward.peters at uk.iofc.org  Thu Sep 11 10:53:20 2008
From: edward.peters at uk.iofc.org (Edward  Peters)
Date: Thu, 11 Sep 2008 11:53:20 +0100
Subject: [development] 'OR' not multilingual in search module?
Message-ID: <01a301c913fc$9ba0c1e0$d2e245a0$@peters@uk.iofc.org>

As far as I can see, Drupal's search engine does not allow us to translate
the 'OR' separator offered in the instructions when no result is found. This
English word seems to be hard coded into the module. Does anyone have any
experience/solution on this issue?

Many thanks,

Edward Peters
Oxford, UK
www.iofc.org




From gabor at hojtsy.hu  Thu Sep 11 10:58:25 2008
From: gabor at hojtsy.hu (=?ISO-8859-1?Q?G=E1bor_Hojtsy?=)
Date: Thu, 11 Sep 2008 12:58:25 +0200
Subject: [development] 'OR' not multilingual in search module?
In-Reply-To: <9191293749077603156@unknownmsgid>
References: <9191293749077603156@unknownmsgid>
Message-ID: <86ca3ccb0809110358g20ad86f9k61d760d546d6e61a@mail.gmail.com>

I never tried it, but what you could do is to use hook_form_alter()
and add a submit handler before the standard search handler. Then just
translate your special words in the query to Drupal's special words,
and let the real submit function take on. I've never tried this, and
you need some development experience to do it obviously.

G?bor

On Thu, Sep 11, 2008 at 12:53 PM, Edward  Peters
<edward.peters at uk.iofc.org> wrote:
> As far as I can see, Drupal's search engine does not allow us to translate
> the 'OR' separator offered in the instructions when no result is found. This
> English word seems to be hard coded into the module. Does anyone have any
> experience/solution on this issue?
>
> Many thanks,
>
> Edward Peters
> Oxford, UK
> www.iofc.org
>
>
>
>

From andrewberry at sentex.net  Fri Sep 12 00:34:50 2008
From: andrewberry at sentex.net (Andrew Berry)
Date: Thu, 11 Sep 2008 20:34:50 -0400
Subject: [development] Userscript for inserting issue links for use in
	comments
Message-ID: <75EAC7FC-5FE7-438C-B2FE-C3646B0D6BEC@sentex.net>

Hi all,

I've created a greasemonkey script which does a few things which might  
be useful to those of us who spend a lot of time in issue queues:

1. Adds the issue number to the issue title, and sets the whole thing  
as a link for easy copying to other sites where rich text editors  
might be in use or other programs which understand links in a clipboard.

2. Adds a plain-text anchor tag to the issue suitable for copying into  
a comment, below the issue title. It's of the farily standard format  
<issue number>: <issue title>.

3. Adds a plain-text anchor tag below each comment in an issue, for  
linking to a specific comment. The format is <issue number>: <issue  
title> (<comment number).

I've submitted the script on userscripts.org here: http://userscripts.org/scripts/show/33565

While userscripts.org has a comments section, for feedback about this  
I'd appreciate using this thread for now. I'm open to suggestions /  
improvements; my javascript-fu is fairly rough. Also, assuming there  
are no major issues, where is a good place to host this on drupal.org?

Enjoy!
--Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2692 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20080911/77bc82b7/attachment.bin 

From kb at 2bits.com  Fri Sep 12 00:43:38 2008
From: kb at 2bits.com (Khalid Baheyeldin)
Date: Thu, 11 Sep 2008 20:43:38 -0400
Subject: [development] Userscript for inserting issue links for use in
	comments
In-Reply-To: <75EAC7FC-5FE7-438C-B2FE-C3646B0D6BEC@sentex.net>
References: <75EAC7FC-5FE7-438C-B2FE-C3646B0D6BEC@sentex.net>
Message-ID: <4a9fdc630809111743x43b58734mce11b2eabf4431f5@mail.gmail.com>

On Thu, Sep 11, 2008 at 8:34 PM, Andrew Berry <andrewberry at sentex.net>wrote:

> Hi all,
>
> I've created a greasemonkey script which does a few things which might be
> useful to those of us who spend a lot of time in issue queues:
>
> 1. Adds the issue number to the issue title, and sets the whole thing as a
> link for easy copying to other sites where rich text editors might be in use
> or other programs which understand links in a clipboard.
>
> 2. Adds a plain-text anchor tag to the issue suitable for copying into a
> comment, below the issue title. It's of the farily standard format <issue
> number>: <issue title>.
>
> 3. Adds a plain-text anchor tag below each comment in an issue, for linking
> to a specific comment. The format is <issue number>: <issue title> (<comment
> number).
>
> I've submitted the script on userscripts.org here:
> http://userscripts.org/scripts/show/33565
>

Good work. Let us see more contributions Andrew.


> While userscripts.org has a comments section, for feedback about this I'd
> appreciate using this thread for now. I'm open to suggestions /
> improvements; my javascript-fu is fairly rough. Also, assuming there are no
> major issues, where is a good place to host this on drupal.org?
>

On Drupal.org, in the handbook, create a page describing how this script is
helpful, what FireFox versions work with it, ...etc. Attach the link to
userscripts.org from there.

Then create an issue for webmasters, with the link to your just created page
and ask someone to put it in the right section (I am guessing developers
guide).
-- 
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080911/6bccfcf1/attachment.htm 

From news at unleashedmind.com  Fri Sep 12 02:25:55 2008
From: news at unleashedmind.com (Daniel F. Kudwien)
Date: Fri, 12 Sep 2008 04:25:55 +0200
Subject: [development] Userscript for inserting issue links for use
	incomments
In-Reply-To: <75EAC7FC-5FE7-438C-B2FE-C3646B0D6BEC@sentex.net>
Message-ID: <093301c9147e$e2e73d90$0200a8c0@structworks.com>

> I've created a greasemonkey script which does a few things 
> which might be useful to those of us who spend a lot of time 
> in issue queues:
...
> Enjoy!
> --Andrew

Funny - I finished a first version of a CSS override for drupal.org just in
time you posted.  Like your greasemonkey script, I thought about enhancing
drupal.org's styles for the very same audience.

This style override implements Drupal Administration Menu's menu hovering
behavior to place all menu blocks from the right sidebar into
fixed-positioned dropdown menus at the top of the viewport.

http://unleashedmind.com/drupal/drupal.org.unleashed/projects.png

So, maybe we should start a project at d.o to have a central place for
further improvements?  If you are interested, let's discuss off-list.

Cheerio,
Daniel


From mike at mikeyp.net  Fri Sep 12 17:32:47 2008
From: mike at mikeyp.net (Michael Prasuhn)
Date: Fri, 12 Sep 2008 10:32:47 -0700
Subject: [development] Userscript for inserting issue links for use
	incomments
In-Reply-To: <093301c9147e$e2e73d90$0200a8c0@structworks.com>
References: <093301c9147e$e2e73d90$0200a8c0@structworks.com>
Message-ID: <B00B6933-3925-4590-9B10-75E868925775@mikeyp.net>

Just a suggestion, why don't you forward this on, or participate in  
the drupal.org redesign process?

At his time, they are looking for all the user generated wireframes  
they can get.

http://www.disambiguity.com/drupalorg-come-wireframe-with-me/

http://groups.drupal.org/drupal-org-redesign-analysis

-Mike


On Sep 11, 2008, at 7:25 PM, Daniel F. Kudwien wrote:

>> I've created a greasemonkey script which does a few things
>> which might be useful to those of us who spend a lot of time
>> in issue queues:
> ...
>> Enjoy!
>> --Andrew
>
> Funny - I finished a first version of a CSS override for drupal.org  
> just in
> time you posted.  Like your greasemonkey script, I thought about  
> enhancing
> drupal.org's styles for the very same audience.
>
> This style override implements Drupal Administration Menu's menu  
> hovering
> behavior to place all menu blocks from the right sidebar into
> fixed-positioned dropdown menus at the top of the viewport.
>
> http://unleashedmind.com/drupal/drupal.org.unleashed/projects.png
>
> So, maybe we should start a project at d.o to have a central place for
> further improvements?  If you are interested, let's discuss off-list.
>
> Cheerio,
> Daniel
>

__________________
Michael Prasuhn
mike at mikeyp.net
http://mikeyp.net





From Louis.Suarez-Potts at Sun.COM  Fri Sep 12 18:28:30 2008
From: Louis.Suarez-Potts at Sun.COM (Louis Suarez-Potts)
Date: Fri, 12 Sep 2008 21:28:30 +0300
Subject: [development] University of Sao Paulo
Message-ID: <E3172780-58BA-4A19-862B-55EA90780B7C@Sun.COM>

Mark Surman, now of Mozilla but previously of the Shuttleworth  
Foundation, sent me a note recently about the work that some  
instructors are doing at the University of Sao Paulo. They are Felipe  
Gomes and Marcio Galli. In a nutshell, they want a stronger Mozilla  
presence there, in the CS dept., and to work with Moz. to teach  
students Foss, programming. There are also contests, such as the  
wonderfully named, "Obscure Code Contest." (In Portuguese it may  
differ.)

I'd like to see if Marcio and Felipe would be interested in Sun  
technology. It might also be worthwhile to collaborate with Mozilla in  
endeavours like this, rather than, as it would seem, competing for  
resources--instructors, that is.

So: do we have a presence at this university? Do we already have a  
relationship with Felipe or Marcio? (And, I can send in more  
information on USP's events.)

cheers,
Louis

From Louis.Suarez-Potts at Sun.COM  Fri Sep 12 19:15:43 2008
From: Louis.Suarez-Potts at Sun.COM (Louis Suarez-Potts)
Date: Fri, 12 Sep 2008 22:15:43 +0300
Subject: [development] University of Sao Paulo
In-Reply-To: <E3172780-58BA-4A19-862B-55EA90780B7C@Sun.COM>
References: <E3172780-58BA-4A19-862B-55EA90780B7C@Sun.COM>
Message-ID: <9F7E6241-BF0B-4587-BA3F-48EAC25610D6@Sun.com>

My apologies, everyone! My address book got quite confused. ;-(, and I  
didn't check.
On the other hand, the points I made are worthy: I would love to see  
more Foss projects included in universities, and as a Sun community  
manager, I naturally have a certain bent.

But, my apologies again.
-louis


On 2008-09-12, at 21:28 , Louis Suarez-Potts wrote:

> Mark Surman, now of Mozilla but previously of the Shuttleworth  
> Foundation, sent me a note recently about the work that some  
> instructors are doing at the University of Sao Paulo. They are  
> Felipe Gomes and Marcio Galli. In a nutshell, they want a stronger  
> Mozilla presence there, in the CS dept., and to work with Moz. to  
> teach students Foss, programming. There are also contests, such as  
> the wonderfully named, "Obscure Code Contest." (In Portuguese it may  
> differ.)
>
> I'd like to see if Marcio and Felipe would be interested in Sun  
> technology. It might also be worthwhile to collaborate with Mozilla  
> in endeavours like this, rather than, as it would seem, competing  
> for resources--instructors, that is.
>
> So: do we have a presence at this university? Do we already have a  
> relationship with Felipe or Marcio? (And, I can send in more  
> information on USP's events.)
>
> cheers,
> Louis


From agentrickard at gmail.com  Fri Sep 12 20:34:10 2008
From: agentrickard at gmail.com (Ken Rickard)
Date: Fri, 12 Sep 2008 16:34:10 -0400
Subject: [development] University of Sao Paulo
In-Reply-To: <9F7E6241-BF0B-4587-BA3F-48EAC25610D6@Sun.com>
References: <E3172780-58BA-4A19-862B-55EA90780B7C@Sun.COM>
	<9F7E6241-BF0B-4587-BA3F-48EAC25610D6@Sun.com>
Message-ID: <25b45da00809121334x77336f6n9637648706910751@mail.gmail.com>

Well, we do have http://groups.drupal.org/node/11859 for the Knight
Drupal Initiative. Nick Vidal, the sponsor, is specifically asking for
money for scholarships, which I think is a great idea.

More applications from universities would be welcome.

-- 
Ken Rickard
agentrickard at gmail.com
http://ken.therickards.com

From david at fourkitchens.com  Sun Sep 14 01:37:44 2008
From: david at fourkitchens.com (David Timothy Strauss)
Date: Sat, 13 Sep 2008 20:37:44 -0500 (CDT)
Subject: [development] Codeathon for Non-profits in Austin from Nov 21-23
In-Reply-To: <1375166950.1396421221355604973.JavaMail.root@mail-2.01.com>
Message-ID: <209568526.1396751221356264318.JavaMail.root@mail-2.01.com>

Drupalers:
I'd like to invite Drupal developers interested in supporting non-profit causes to come to Austin for a Codeathon this November. Email me personally if you need a place to stay or would like consideration for flight sponsorship. Many of the NPOs we work with will be interested in Drupal-based and other open-source solutions.

While I know there's a seemingly endless stream of paying Drupal work, it's sometimes nice to take a bit of time to just give back. People with the skills of the Drupal development community are hard to find at any price. Let's give non-profits a shot as some top-notch talent, if only for a few days.

Thanks,
David

== The official invitation ==
Supercomputing 2008 is coming to Austin Texas Nov 15-21.  As soon as
Supercomputing ends we will be begin coding like rabid monkeys from 1pm
on Friday Nov 21 til 1pm Nov 23.  By ending at 1pm our travelers can fly
home that Sunday afternoon.

We promise entertainment, food, fame, places to crash and time spent on
some very worthwhile causes.

There are only 3 rules for a codeathon:
1) must be Open Source
2) must be sponsored by a NonProfit ( not a 501c3 but an NPO or NGO)
3) must be a universal solution

Last time we worked on a number of modules. (
http://www.youtube.com/watch?v=ccDORj0syyE )  This year we are gonna
kick it up a notch and try to at least match up the team leads with the
NPO's beforehand to work on design online.   We are talking to some
pretty well known ones but don't want to write them until we get
official confirmation.

We are putting together a new website at http://code-a-thon.org soon.  
But for now you can see the old wiki at http://codeathon.pbwiki.com

Programming committee:
Erica O'Grady- fundraising goddess
David Strauss - geek wrangler
Silona Bonewald - NPO wrangler
Joshua Gay - geek and NPO wrangler
Michelle DeFrance - finance mistress
Randy Zagar - infrastructure guru
Doryan Rice - food and entertainment planner
J Robinson Wheeler - video and streamcast crew lead

From david at fourkitchens.com  Sun Sep 14 03:23:27 2008
From: david at fourkitchens.com (David Timothy Strauss)
Date: Sat, 13 Sep 2008 22:23:27 -0500 (CDT)
Subject: [development] Codeathon for Non-profits in Austin from Nov 21-23
In-Reply-To: <209568526.1396751221356264318.JavaMail.root@mail-2.01.com>
Message-ID: <2002338210.1398501221362607269.JavaMail.root@mail-2.01.com>

Sorry for sending a sort of retraction but, just for now, hold off on making firm plans. I've been informed by the organizer that some aspects of the event may be affected by a sponsorship change. Please still email me if you're interested in attending.

----- "David Timothy Strauss" <david at fourkitchens.com> wrote:

> Drupalers:
> I'd like to invite Drupal developers interested in supporting
> non-profit causes to come to Austin for a Codeathon this November.
> Email me personally if you need a place to stay or would like
> consideration for flight sponsorship. Many of the NPOs we work with
> will be interested in Drupal-based and other open-source solutions.
> 
> While I know there's a seemingly endless stream of paying Drupal work,
> it's sometimes nice to take a bit of time to just give back. People
> with the skills of the Drupal development community are hard to find
> at any price. Let's give non-profits a shot as some top-notch talent,
> if only for a few days.
> 
> Thanks,
> David
> 
> == The official invitation ==
> Supercomputing 2008 is coming to Austin Texas Nov 15-21.  As soon as
> Supercomputing ends we will be begin coding like rabid monkeys from
> 1pm
> on Friday Nov 21 til 1pm Nov 23.  By ending at 1pm our travelers can
> fly
> home that Sunday afternoon.
> 
> We promise entertainment, food, fame, places to crash and time spent
> on
> some very worthwhile causes.
> 
> There are only 3 rules for a codeathon:
> 1) must be Open Source
> 2) must be sponsored by a NonProfit ( not a 501c3 but an NPO or NGO)
> 3) must be a universal solution
> 
> Last time we worked on a number of modules. (
> http://www.youtube.com/watch?v=ccDORj0syyE )  This year we are gonna
> kick it up a notch and try to at least match up the team leads with
> the
> NPO's beforehand to work on design online.   We are talking to some
> pretty well known ones but don't want to write them until we get
> official confirmation.
> 
> We are putting together a new website at http://code-a-thon.org soon. 
> 
> But for now you can see the old wiki at http://codeathon.pbwiki.com
> 
> Programming committee:
> Erica O'Grady- fundraising goddess
> David Strauss - geek wrangler
> Silona Bonewald - NPO wrangler
> Joshua Gay - geek and NPO wrangler
> Michelle DeFrance - finance mistress
> Randy Zagar - infrastructure guru
> Doryan Rice - food and entertainment planner
> J Robinson Wheeler - video and streamcast crew lead

From winborn at advomatic.com  Sun Sep 14 16:05:10 2008
From: winborn at advomatic.com (Aaron Winborn)
Date: Sun, 14 Sep 2008 12:05:10 -0400 (EDT)
Subject: [development] CCK Field Indexing
In-Reply-To: <25304375.48771221408139912.JavaMail.root@zimbra>
Message-ID: <15340453.48791221408310446.JavaMail.root@zimbra>

At DrupalCampNYC, a small group of us have been discussing a common performance issue we've experienced with Views/CCK, and have come up with a possible solution.

Often, Views will create difficult queries that sometimes require examining a slow query log and tweaking field column indexing. It might be good for developers to be able to easily tweak indexing before it gets to that place. For instance, a library might have a node type with book title, author, summary, isbn, and not want indexing on isbn (as a hypothetical).

When scaling, some indexes are unnecessary and grow exponentially. In other cases with obscure queries, there are not indexes where you really need them.

A possible solution, probably using a contrib module, would be to add a field set for 'advanced settings' or 'advanced indexing settings', with a big red warning for people, telling them not to touch it unless they absolutely know what they're doing. Inside would be a check-box or selector for primary key, key index, and no index. With indexing on by default.

Firstly, is there already something like this? Secondly, although we could certainly use this functionality, is there a preferred way to handle this? Thirdly, if we created this module, what's a good name? CCK Field Indexing? It would need to plugin at the very least with the core cck fields, maybe with .inc files for other types.

Related, I think that Views 2 should have an 'explain query' built in when building the view, maybe as part of the 'analyze' button, or as part of the query displayed, which would help tweak your queries well before it gets to production.

Thoughts?

Thanks,
Aaron Winborn

From Greg at GrowingVentureSolutions.com  Sun Sep 14 16:10:34 2008
From: Greg at GrowingVentureSolutions.com (Greg Knaddison - GVS)
Date: Sun, 14 Sep 2008 10:10:34 -0600
Subject: [development] CCK Field Indexing
In-Reply-To: <15340453.48791221408310446.JavaMail.root@zimbra>
References: <25304375.48771221408139912.JavaMail.root@zimbra>
	<15340453.48791221408310446.JavaMail.root@zimbra>
Message-ID: <3861c6770809140910w5a89531fif60ebee6028f6fb1@mail.gmail.com>

On Sun, Sep 14, 2008 at 10:05 AM, Aaron Winborn <winborn at advomatic.com> wrote:
> Thoughts?

There's some decent discussion on this from a little while ago on
g.d.o http://groups.drupal.org/node/7614

I think the idea is good, obviously.  I'd suggest a more generic name
for it without "cck" in the title since there are other areas which
might benefit from some additional indexes.

Regards,
Greg

-- 
Greg Knaddison
Denver, CO | http://knaddison.com | 303-800-5623
Growing Venture Solutions, LLC | http://growingventuresolutions.com

From earnie at users.sourceforge.net  Sun Sep 14 18:15:17 2008
From: earnie at users.sourceforge.net (Earnie Boyd)
Date: Sun, 14 Sep 2008 14:15:17 -0400
Subject: [development] CCK Field Indexing
In-Reply-To: <3861c6770809140910w5a89531fif60ebee6028f6fb1@mail.gmail.com>
References: <25304375.48771221408139912.JavaMail.root@zimbra>
	<15340453.48791221408310446.JavaMail.root@zimbra>
	<3861c6770809140910w5a89531fif60ebee6028f6fb1@mail.gmail.com>
Message-ID: <20080914141517.paefat0rbgkk8ksk@mail.progw.org>

Quoting Greg Knaddison - GVS <Greg at GrowingVentureSolutions.com>:

> On Sun, Sep 14, 2008 at 10:05 AM, Aaron Winborn 
> <winborn at advomatic.com> wrote:
>> Thoughts?
>
> There's some decent discussion on this from a little while ago on
> g.d.o http://groups.drupal.org/node/7614
>
> I think the idea is good, obviously.  I'd suggest a more generic name
> for it without "cck" in the title since there are other areas which
> might benefit from some additional indexes.
>

You mean something like http://drupal.org/node/265604?

Earnie -- http://for-my-kids.com/
-- http://give-me-an-offer.com/


From david at fourkitchens.com  Sun Sep 14 19:21:01 2008
From: david at fourkitchens.com (David Timothy Strauss)
Date: Sun, 14 Sep 2008 14:21:01 -0500 (CDT)
Subject: [development] CCK Field Indexing
In-Reply-To: <15340453.48791221408310446.JavaMail.root@zimbra>
Message-ID: <853003536.1440231221420061040.JavaMail.root@mail-2.01.com>

----- "Aaron Winborn" <winborn at advomatic.com> wrote:

> At DrupalCampNYC, a small group of us have been discussing a common
> performance issue we've experienced with Views/CCK, and have come up
> with a possible solution.
> 
> Often, Views will create difficult queries that sometimes require
> examining a slow query log and tweaking field column indexing. It
> might be good for developers to be able to easily tweak indexing
> before it gets to that place. For instance, a library might have a
> node type with book title, author, summary, isbn, and not want
> indexing on isbn (as a hypothetical).

My larger-scale solution to this problem is denormalization with configurable indexing.

From stella at stellapower.net  Wed Sep 17 13:23:51 2008
From: stella at stellapower.net (Stella Power)
Date: Wed, 17 Sep 2008 14:23:51 +0100
Subject: [development] lightbox2 module - co-maintainer needed!
Message-ID: <cdcea3940809170623u9e274eek8a22efe60484726d@mail.gmail.com>

Hi all,

The lightbox2 <http://drupal.org/project/lightbox2> module's issue queue is
just getting too large and busy for me to cope with all by myself.  This is
going to become increasingly difficult when I start a part-time course next
month - I just won't have as many free hours to devote to lightbox2.

So I'm looking for a co-maintainer!  You don't need to be a PHP or
JavaScript wizz kid - though if you are, great!  Experience with JavaScript
and Firebug would help, however as long as you have some time to help out
with the issue queue by investigating support issues, etc, then send me a
mail.

Cheers,
Stella
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080917/c93ab37a/attachment.htm 

From amont at 5net.hu  Thu Sep 18 08:10:22 2008
From: amont at 5net.hu (=?ISO-8859-2?Q?=C1mon_Tam=E1s?=)
Date: Thu, 18 Sep 2008 10:10:22 +0200
Subject: [development] Active select(?)
Message-ID: <48D20CEE.4030205@5net.hu>

Hello,

I have a table with 10000+ record (id, name). I like to make a field
like autocomplete but I like to get back the id not the name. Now I make 
this:

function autocomplete_athlete($string = '') {
     $matches = array();
     if ($string) {
       $result = db_query_range("SELECT a.item_id, a.name FROM names as 
a WHERE a.name LIKE LOWER('%s%%')", $string, 0, 10);
       while ($user = db_fetch_object($result)) {
         $matches[$user->name. '#'.$user->item_id] = $user->name;
       }
     }
   drupal_json($matches);
}

And on the onblur javascript event I change the field to the id with a 
split. But I think this is not a very nice solution.

How can I make it to nice?

?mon Tam?s
Sitefejleszt? ?s programoz?
-- 
5NET Informatikai Kft.
1062 Budapest, Aradi utca 38. A 3/11
telefon: (1) 461-0205  |  fax: (1) 461-0206
e-mail: amont at 5net.hu  |  web: http://www.5net.hu


From drupal at dwwright.net  Thu Sep 18 23:57:36 2008
From: drupal at dwwright.net (Derek Wright)
Date: Thu, 18 Sep 2008 16:57:36 -0700
Subject: [development] Better validation for CVS tags now deployed on
	cvs.drupal.org
Message-ID: <15C6AC42-5B66-4C42-8042-91A101457193@dwwright.net>

The CVS repository used to be very forgiving in what it considered a  
valid release tag, especially in the 'extra' portion of the tag  
name.  This lead to all sorts of wonky tags that creative developers  
came up with.  My least favorite are the official release tags that  
end in "-dev", utterly blurring the distinction between official  
releases and development snapshots.

Now, your official release tags must match the format documented here:
http://drupal.org/node/93999

For the regexp-enabled, your tag must match this:

@^DRUPAL-[567]--(\d+)-(\d+)(-(ALPHA|BETA|RC)[0-9]+)?$@

For the non-regexp-enabled, that basically means that the optional  
part after the drupal core branch name (e.g. "DRUPAL-6") and the  
required two digits for your version string (e.g. "--1-0") must be  
either "ALPHA", "BETA" or "RC" followed by 1 or more numbers.

This will also prevent people from abusing the "extra" portion of the  
tag name as if it was another digit in the version string.  5.x-1.2-1  
or 5.x-1.2.1 is no longer allowed.  This was never supported, never  
intended, never documented, and update_status doesn't know what to do  
with it.  Now, you can no longer create tags like this.  The next  
release after 5.x-1.2 should be 5.x-1.3...

For history and discussion of this change, see this issue:
http://drupal.org/node/252473

Apologies I never locked down this regexp earlier. ;)

Cheers,
-Derek (dww)


p.s. Please don't reply here.  If you'd like to discuss this change,  
reply to issue #252473.  Thanks.

p.p.s. Nothing changed about the format of valid branch names.  Those  
never had much flexibility in the first place, so there's no problem  
there.

p.p.p.s. Before you write a nastygram about what a tyrant I am,  
please be aware that webchick, killes, merlinofchaos and pwolanin  
(among others) all support this change. ;)




From cxjohnson at gmail.com  Fri Sep 19 01:13:20 2008
From: cxjohnson at gmail.com (Chris Johnson)
Date: Thu, 18 Sep 2008 20:13:20 -0500
Subject: [development] Better validation for CVS tags now deployed on
	cvs.drupal.org
In-Reply-To: <15C6AC42-5B66-4C42-8042-91A101457193@dwwright.net>
References: <15C6AC42-5B66-4C42-8042-91A101457193@dwwright.net>
Message-ID: <9ea8d6030809181813va4ab6dbgbec3845488c143af@mail.gmail.com>

I support this change as well.  Thank you, Derek!

..chris

On Thu, Sep 18, 2008 at 6:57 PM, Derek Wright <drupal at dwwright.net> wrote:

>
> p.p.p.s. Before you write a nastygram about what a tyrant I am, please be
> aware that webchick, killes, merlinofchaos and pwolanin (among others) all
> support this change. ;)
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080918/c220226f/attachment.htm 

From mathews.kyle at gmail.com  Fri Sep 19 01:14:56 2008
From: mathews.kyle at gmail.com (Kyle Mathews)
Date: Thu, 18 Sep 2008 19:14:56 -0600
Subject: [development] Better validation for CVS tags now deployed on
	cvs.drupal.org
In-Reply-To: <9ea8d6030809181813va4ab6dbgbec3845488c143af@mail.gmail.com>
References: <15C6AC42-5B66-4C42-8042-91A101457193@dwwright.net>
	<9ea8d6030809181813va4ab6dbgbec3845488c143af@mail.gmail.com>
Message-ID: <efeed12d0809181814o3d2811e6he567adb32e8fc14a@mail.gmail.com>

Me too! I misspelled one of my releases without noticing which was rather
embarrassing. Now there's a built-in spell checker!


Kyle

Research Assistant
eBusiness Center @ BYU
kyle.mathews2000.com/blog


On Thu, Sep 18, 2008 at 7:13 PM, Chris Johnson <cxjohnson at gmail.com> wrote:

> I support this change as well.  Thank you, Derek!
>
> ..chris
>
> On Thu, Sep 18, 2008 at 6:57 PM, Derek Wright <drupal at dwwright.net> wrote:
>
>>
>> p.p.p.s. Before you write a nastygram about what a tyrant I am, please be
>> aware that webchick, killes, merlinofchaos and pwolanin (among others) all
>> support this change. ;)
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080918/42dc8c3d/attachment.htm 

From mikkel at hoegh.org  Fri Sep 19 07:19:36 2008
From: mikkel at hoegh.org (=?ISO-8859-1?Q?Mikkel_H=F8gh?=)
Date: Fri, 19 Sep 2008 09:19:36 +0200
Subject: [development] Better validation for CVS tags now deployed on
	cvs.drupal.org
In-Reply-To: <15C6AC42-5B66-4C42-8042-91A101457193@dwwright.net>
References: <15C6AC42-5B66-4C42-8042-91A101457193@dwwright.net>
Message-ID: <9033F433-1AAB-4D03-8EA6-190DD0E153DB@hoegh.org>

No nastyness from me either. I think that these standards are a good  
thing, and you are to be commended for your effort in introducing them.
--
Kind regards,

Mikkel H?gh <mikkel at hoegh.org>

On 19/09/2008, at 01.57, Derek Wright wrote:

> p.p.p.s. Before you write a nastygram about what a tyrant I am,  
> please be aware that webchick, killes, merlinofchaos and pwolanin  
> (among others) all support this change. ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1929 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20080919/a3feb35b/attachment.bin 

From amont at 5net.hu  Fri Sep 19 18:59:04 2008
From: amont at 5net.hu (=?ISO-8859-2?Q?=C1mon_Tam=E1s?=)
Date: Fri, 19 Sep 2008 20:59:04 +0200
Subject: [development] creating new cck field
Message-ID: <48D3F678.1070207@5net.hu>

Hello,

I like to make a new cck field type, but I am very confused with it. I 
do not get back the field in the form. I try to see the example_field 
and simple_field and optionwidgets module but do not find the solution.

I like to make a number_integer field with an autocomplete feature. This 
is my code now. What is missing? I use drupal 6.

Thanks for help!

function atletafield_atleta_process($element, $edit, &$form_state, $form) {
   $field_name = $element['#field_name'];
   $field = $form['#field_info'][$field_name];
   $field_key  = $element['#columns'][0];
   $element[$field_key] = array(
     '#type' => 'textfield',
     '#maxlength' => 60,
     '#title' => $element['#title'],
     '#description' => $element['#description'],
     '#required' => $field['required'],
     '#autocomplete_path' => 'atleta/autocomplete_athlete',
     '#default_value' => isset($element['#value'][$field_key]) ? 
$element['#value'][$field_key] : NULL,
     '#attributes' => array('class' => 'atletafield')
   );
   return $element;
}

function atletafield_elements() {
     $elements['atletafield_atleta'] = array(
       '#input' => TRUE,
       '#columns' => array('value'), '#delta' => 0,
       '#process' => array('atletafield_atleta_process'),
       );
       return $elements;
}
/* I think this part is good */
function atletafield_widget_info() {
   return array(
     'atletafield_atleta' => array(
       'label' => t('Atleta selector'),
       'field types' => array('number_integer'),
       'multiple values' => CONTENT_HANDLE_CORE,
       'callbacks' => array(
         'default value' => CONTENT_CALLBACK_DEFAULT,
         ),
     ));
}

function atletafield_theme() {
return array(
     'atletafield_atleta' => array(
       'arguments' => array('element' => NULL),
     ),
   );
}

function theme_atletafield_atleta($element) {
   return $element['#children'];
}
function atletafield_content_is_empty($item, $field) {
   if (empty($item['value'])) {
     return TRUE;
   }
   return FALSE;
}
function atletafield_widget(&$form, &$form_state, $field, $items, $delta 
= 0) {
   $element = array(
     '#type' => $field['widget']['type'],
     '#default_value' => !empty($items) ? $items : array(),
   );
   return $element;
}

?mon Tam?s
Sitefejleszt? ?s programoz?
-- 
5NET Informatikai Kft.
1062 Budapest, Aradi utca 38. A 3/11
telefon: (1) 461-0205  |  fax: (1) 461-0206
e-mail: amont at 5net.hu  |  web: http://www.5net.hu

From drupal at dave-cohen.com  Mon Sep 22 01:09:01 2008
From: drupal at dave-cohen.com (David Cohen)
Date: Sun, 21 Sep 2008 18:09:01 -0700
Subject: [development] Active select(?)
In-Reply-To: <48D20CEE.4030205@5net.hu>
References: <48D20CEE.4030205@5net.hu>
Message-ID: <1222045741.6034.1275190387@webmail.messagingengine.com>

Amon,

Check out the form_set_value() function.  It's intended (I think) to be
called from your field's validate function.  There you can convert a
list of names into ids.
Also look into your field's _value() callback.  There, you can convert a
default value (list of ids) into a string.

-Dave

On Thu, 18 Sep 2008 10:10:22 +0200, "?mon Tam?s" <amont at 5net.hu> said:
> Hello,
> 
> I have a table with 10000+ record (id, name). I like to make a field
> like autocomplete but I like to get back the id not the name. Now I make 
> this:
> 

From eric.schaefer at eas-consulting.de  Mon Sep 22 17:32:59 2008
From: eric.schaefer at eas-consulting.de (Eric-Alexander Schaefer)
Date: Mon, 22 Sep 2008 19:32:59 +0200
Subject: [development] nodeapi data flow
In-Reply-To: <20080908072650.5lu0y0urdao0wwc8@mail.progw.org>
References: <48C41B3E.5030307@eas-consulting.de>	<FED62A41A477413E8CDF0293668B0BE9@pcosi>	<48C4261E.8040300@eas-consulting.de>
	<20080908072650.5lu0y0urdao0wwc8@mail.progw.org>
Message-ID: <48D7D6CB.3040609@eas-consulting.de>

Earnie Boyd schrieb:
>> I am trying to fix a bug in scheduler.module. The user enters a time 
>> and date for a node to be published automatically (like "2008-09-10 
>> 10:00:00). On $op=='validate' the entered string is converted to a 
>> timestamp if $node->publish_on is nonnumeric (eg a string). The same 
>> is done on $op=='presave'. Works like a charm, except if the user 
>> clicks "preview" a second time. I don't know why. The form processing 
>> should be the same as for the first preview.
>> Maybe I need to dig into node.module and find out which functions are 
>> called and which how the node data is processed. Sleep is overrated 
>> anyway. ;-)
>>
> 
> Is it possible that the FAPI #validated is set to TRUE so that validate 
> is no longer executed?

I dug a bit deeper now. I got it all confused. The second preview works, 
but if the node was already posted and is then edited again the preview 
looses the data:
($op==validate) gets called and does what it is supposed to do. At the 
end of ($op=='view') $node->publish_on has the right content, but it 
does not show in the form. It always shows the value that was posted.

Any ideas?

Thanks,
Eric

From nan_wich at bellsouth.net  Wed Sep 24 14:49:56 2008
From: nan_wich at bellsouth.net (Nancy Wichmann)
Date: Wed, 24 Sep 2008 10:49:56 -0400
Subject: [development] Handling optional parameters
Message-ID: <NCEKJGCAHKMOLJLHNKLJOECIEFAA.nan_wich@bellsouth.net>


I have a module that may accept several optional parameters from the user.
The "standard" way of doing this is something like
"my-module/action/123/0/3/list/xyz" where everything after "123" is
optional, so doesn't show up in the menu entry.

I'm not crazy about this technique, although the menu system does make it
easy to use.
A)    The user has to remember, or look up, the order of those parameters (I
have to look them up because I can't remember them, and I wrote it).
B)    If the user is happy with an intermediate value (e.g. the "3" above),
they still have to specify it in order to use "list."
C)    There is no flexibility.

I was playing around and realized that $_GET makes getting input parameters
from the query string pretty easy. It also gives me more flexibility in
adding (or removing) the optional parameters, means the user doesn't have to
remember the order, and means only values that are desired have to be
entered.

Will I be tarred and feathered for going the $_GET route?

Nancy E. Wichmann, PMP


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080924/3d35bfb9/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 5675 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20080924/3d35bfb9/attachment.jpeg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: multipart/alternative
Size: 0 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20080924/3d35bfb9/attachment.bin 
-------------- next part --------------

No virus found in this outgoing message.
Checked by AVG - http://www.avg.com 
Version: 8.0.169 / Virus Database: 270.7.0/1685 - Release Date: 9/22/2008 4:08 PM

From gabor at hojtsy.hu  Wed Sep 24 14:53:43 2008
From: gabor at hojtsy.hu (=?ISO-8859-1?Q?G=E1bor_Hojtsy?=)
Date: Wed, 24 Sep 2008 16:53:43 +0200
Subject: [development] Handling optional parameters
In-Reply-To: <NCEKJGCAHKMOLJLHNKLJOECIEFAA.nan_wich@bellsouth.net>
References: <NCEKJGCAHKMOLJLHNKLJOECIEFAA.nan_wich@bellsouth.net>
Message-ID: <86ca3ccb0809240753j60332aa1gd322f4f0f4dcda10@mail.gmail.com>

On Wed, Sep 24, 2008 at 4:49 PM, Nancy Wichmann <nan_wich at bellsouth.net> wrote:
> I was playing around and realized that $_GET makes getting input parameters
> from the query string pretty easy. It also gives me more flexibility in
> adding (or removing) the optional parameters, means the user doesn't have to
> remember the order, and means only values that are desired have to be
> entered.
>
> Will I be tarred and feathered for going the $_GET route?

It certainly makes more sense to use in-path arguments when they are
simple and obvious, and as soon as you start using filter parameters,
etc, Drupal core itself uses _GET parameters. Google also advises to
do so, especially if you need to move around parameters:
http://googlewebmastercentral.blogspot.com/2008/09/dynamic-urls-vs-static-urls.html

G?bor

From rob at robshouse.net  Wed Sep 24 15:14:17 2008
From: rob at robshouse.net (Robert Douglass)
Date: Wed, 24 Sep 2008 17:14:17 +0200
Subject: [development] Desperately seeking speaker: Danish Open Source Days
	conference - Copenhagen Oct. 3
Message-ID: <19F9AFCF-66D7-4057-ABDD-C6B3FDE70BFD@acquia.com>

Hi everyone,

I had signed up to be a speaker at the Danish Open Source Days  
conference in Copenhagen, Oct. 3. I'm not able to be there and the  
conference organizers are looking for a replacement that can thrill  
the crowd with some Drupal goodness. Which Drupal ambassador can step  
up to the plate and deliver a mouth watering demo? I believe they will  
pay for your hotel and travel (need to confirm that). Please contact  
me off list if you're interested. Tell me what you'd be presenting so  
I can present them with the right info. Thanks!

http://opensourcedays.org/2008/about/

Robert Douglass

Senior Drupal Advisor, Acquia
+1 978 289 4250 (US)
+49 228 4097 197 (Germany)






From drupal at dwwright.net  Wed Sep 24 18:47:50 2008
From: drupal at dwwright.net (Derek Wright)
Date: Wed, 24 Sep 2008 11:47:50 -0700
Subject: [development] Handling optional parameters
In-Reply-To: <NCEKJGCAHKMOLJLHNKLJOECIEFAA.nan_wich@bellsouth.net>
References: <NCEKJGCAHKMOLJLHNKLJOECIEFAA.nan_wich@bellsouth.net>
Message-ID: <D41AD1D9-DAC5-44B6-B872-2AF05CF04376@dwwright.net>


On Sep 24, 2008, at 7:49 AM, Nancy Wichmann wrote:

> Will I be tarred and feathered for going the $_GET route?

Not if you're careful with the input. ;)

Also, you shouldn't be taking any action just from a GET request, or  
you're opening yourself to CSRF (Cross site request forgery).  To  
avoid this, you need a confirm form that uses POST to actually  
trigger the action.

Regards from the security team,
-Derek (dww)




From steven at acko.net  Wed Sep 24 20:09:18 2008
From: steven at acko.net (Steven Wittens)
Date: Wed, 24 Sep 2008 13:09:18 -0700
Subject: [development] Handling optional parameters
In-Reply-To: <D41AD1D9-DAC5-44B6-B872-2AF05CF04376@dwwright.net>
References: <NCEKJGCAHKMOLJLHNKLJOECIEFAA.nan_wich@bellsouth.net>
	<D41AD1D9-DAC5-44B6-B872-2AF05CF04376@dwwright.net>
Message-ID: <2D9DB01F-7469-4C42-A48A-BD272CDB2418@acko.net>

> Also, you shouldn't be taking any action just from a GET request, or  
> you're opening yourself to CSRF (Cross site request forgery).  To  
> avoid this, you need a confirm form that uses POST to actually  
> trigger the action.


This isn't really about GET vs POST, but rather about using session- 
derived tokens (which you get for free with Form API). To avoid the  
annoyance of a confirm form, you can add and verify tokens manually  
with drupal_get_token() and drupal_valid_token(). Which you should be  
doing for ajax callbacks anyway, regardless of whether they are POST  
or GET.

Steven


From johan at forngren.com  Wed Sep 24 21:02:24 2008
From: johan at forngren.com (Johan Forngren)
Date: Wed, 24 Sep 2008 23:02:24 +0200
Subject: [development] Handling optional parameters
In-Reply-To: <2D9DB01F-7469-4C42-A48A-BD272CDB2418@acko.net>
References: <NCEKJGCAHKMOLJLHNKLJOECIEFAA.nan_wich@bellsouth.net>
	<D41AD1D9-DAC5-44B6-B872-2AF05CF04376@dwwright.net>
	<2D9DB01F-7469-4C42-A48A-BD272CDB2418@acko.net>
Message-ID: <2e2a8fca0809241402v1682b555v580c65c758f10120@mail.gmail.com>

On Wed, Sep 24, 2008 at 10:09 PM, Steven Wittens <steven at acko.net> wrote:

> Also, you shouldn't be taking any action just from a GET request, or you're
>> opening yourself to CSRF (Cross site request forgery).  To avoid this, you
>> need a confirm form that uses POST to actually trigger the action.
>>
>
>
> This isn't really about GET vs POST, but rather about using session-derived
> tokens (which you get for free with Form API). To avoid the annoyance of a
> confirm form, you can add and verify tokens manually with drupal_get_token()
> and drupal_valid_token(). Which you should be doing for ajax callbacks
> anyway, regardless of whether they are POST or GET.
>
> Steven


This is why you should use sessionsbased tokens,
http://www.codinghorror.com/blog/archives/001171.html

Regards,
Johan Forngren :: http://johan.forngren.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080924/93141bdd/attachment.htm 

From nan_wich at bellsouth.net  Wed Sep 24 23:26:15 2008
From: nan_wich at bellsouth.net (Nancy Wichmann)
Date: Wed, 24 Sep 2008 19:26:15 -0400
Subject: [development] Handling optional parameters
In-Reply-To: <D41AD1D9-DAC5-44B6-B872-2AF05CF04376@dwwright.net>
Message-ID: <NCEKJGCAHKMOLJLHNKLJKECOEFAA.nan_wich@bellsouth.net>

Derek Wright wrote
> Not if you're careful with the input. ;)

After merging the entered data with $_GET and unsetting a few unnecessary
things, I do array_walk($params, 'check_plain') - is that safe enough?

Nancy E. Wichmann, PMP


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: multipart/alternative
Size: 0 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20080924/8016ec74/attachment.bin 
-------------- next part --------------

No virus found in this outgoing message.
Checked by AVG - http://www.avg.com 
Version: 8.0.169 / Virus Database: 270.7.0/1685 - Release Date: 9/22/2008 4:08 PM

From yuval at avramzon.net  Thu Sep 25 09:10:16 2008
From: yuval at avramzon.net (Yuval Hager)
Date: Thu, 25 Sep 2008 12:10:16 +0300
Subject: [development] Handling optional parameters
In-Reply-To: <2D9DB01F-7469-4C42-A48A-BD272CDB2418@acko.net>
References: <NCEKJGCAHKMOLJLHNKLJOECIEFAA.nan_wich@bellsouth.net>
	<D41AD1D9-DAC5-44B6-B872-2AF05CF04376@dwwright.net>
	<2D9DB01F-7469-4C42-A48A-BD272CDB2418@acko.net>
Message-ID: <200809251210.18779.yuval@avramzon.net>

On Wednesday 24 September 2008, Steven Wittens wrote:
> > Also, you shouldn't be taking any action just from a GET request, or
> > you're opening yourself to CSRF (Cross site request forgery).  To
> > avoid this, you need a confirm form that uses POST to actually
> > trigger the action.
>
> This isn't really about GET vs POST, but rather about using session-
> derived tokens (which you get for free with Form API). To avoid the
> annoyance of a confirm form, you can add and verify tokens manually
> with drupal_get_token() and drupal_valid_token(). Which you should be
> doing for ajax callbacks anyway, regardless of whether they are POST
> or GET.
>
> Steven

Do I need a verification token for GET (=idempotent) calls? My impression was 
that as long nothing changes on the server (besides view counts), this token 
is not really needed. I try to avoid the practice of adding long verification 
tokens to GET URLs, since it is ugly.

--yuval
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.drupal.org/pipermail/development/attachments/20080925/98365f11/attachment.pgp 

From dan at drob.org  Fri Sep 26 05:28:34 2008
From: dan at drob.org (Dan Robinson)
Date: Thu, 25 Sep 2008 22:28:34 -0700
Subject: [development] Threading problems?
Message-ID: <48DC7302.60300@drob.org>

Hi,

I'm seeing a difficult to understand error that looks like a threading
issue.

My application

1. Takes data from an anonymous user (node add).
2. Creates a filename based on an md5 of a secret, the endusers email,
and time()
3. Saves data to the file
4. Sends an email to user with a link to the file created
5. Displays a "complete" page that has the link to the file.

Operations 2 and 3 happen within a single procedure

The filename is determined thusly:

    $filename = md5($conf['myapp_secret_salt'] +
$form_state['values']['Qualifyers']['Email'] + time());

Then I prepare data and write the file, then stash the filename in
$_SESSION (for use later)

    $_SESSION['myapp']['filename'] = $filename;
    $_SESSION['myapp']['UserRegFormUrl'] = $params['filenameurl'];
    setcookie('myapp:filename', $filename);  // this is somewhat of a
hack to trap errors - see below.
    drupal_mail('myapp', 'notify',
$form_state['values']['AdditionalQs']['Email'], NULL, $params, NULL, TRUE);

myapp_mail receives the filename from $params above, prepares and sends
an email with a link to the file to the end-user.

In step 1 above in the form I:

    $form['#redirect'] = 'registration/complete';

The node at registration/complete has some php in it that fetches the
global variables (with the filename) and outputs a link to the file in
the browser.

So that is the whole process.  The problem I'm having is that some users
are being pointed to files that belong to other users.  I believe this
is happening both in the email as well as on the registration/complete
form.  Some people have reported receiving links to files that were for
another user.  Also I put some trap code in the registration/complete
form. The form fetches the filename from $_SESSION and compares it to
the filename in the cookie - if they don't match it errors.  That code
is being tripped.

I looked at recent occurrence of the error and the two nodes involved
(one for each of the users) had exactly the same time created timestamp.

My assumptions have been:

- Anonymous sessions are tied to a particular connection and data in
$_SESSION is not shared.
- PHP procedures are threadsafe

I'm running PHP 5 on Red Hat.

What am I doing wrong?

Thanks,

Dan






From drupal at dwwright.net  Fri Sep 26 08:05:42 2008
From: drupal at dwwright.net (Derek Wright)
Date: Fri, 26 Sep 2008 01:05:42 -0700
Subject: [development] Threading problems?
In-Reply-To: <48DC7302.60300@drob.org>
References: <48DC7302.60300@drob.org>
Message-ID: <BD4A5051-BF32-4FC4-A9C9-D4E4AE17A310@dwwright.net>


On Sep 25, 2008, at 10:28 PM, Dan Robinson wrote:

>     $filename = md5($conf['myapp_secret_salt'] +
> $form_state['values']['Qualifyers']['Email'] + time());

...

> What am I doing wrong?

You're using arithmetic on your strings, not concatenation.  Try this:

$filename = md5($conf['myapp_secret_salt'] . $form_state['values'] 
['Qualifyers']['Email'] . time());

I didn't completely audit the rest of your description, but that  
seems like the heart of the problem.


Cheers,
-Derek (dww)




From dan at drob.org  Fri Sep 26 14:57:19 2008
From: dan at drob.org (Dan Robinson)
Date: Fri, 26 Sep 2008 07:57:19 -0700
Subject: [development] Threading problems?
In-Reply-To: <BD4A5051-BF32-4FC4-A9C9-D4E4AE17A310@dwwright.net>
References: <48DC7302.60300@drob.org>
	<BD4A5051-BF32-4FC4-A9C9-D4E4AE17A310@dwwright.net>
Message-ID: <48DCF84F.2030105@drob.org>

oh - cool - much thanks - that potentially explains some of it.  I
changed the code and crossed my fingers.

The part I still don't get is that when I get to the "confirmation"
page, and am pulling values from $_SESSION, sometimes it seems that the
sessions are getting crossed.  To re-cap this part of the puzzle -

- enter procedure, store value in $_SESSION and a cookie
- leave procedure
- drupal does a redirect
- on that redirected page I check to see if the values in $_SESSION and
cookie are the same
- in high traffic situations I get intermittent errors here - values are
NOT the same.

I suspect this is a different problem.  There is more detail in my
original message.

Thanks in advance,

Dan
>
> On Sep 25, 2008, at 10:28 PM, Dan Robinson wrote:
>
>>     $filename = md5($conf['myapp_secret_salt'] +
>> $form_state['values']['Qualifyers']['Email'] + time());
>
> ...
>
>> What am I doing wrong?
>
> You're using arithmetic on your strings, not concatenation.  Try this:
>
> $filename = md5($conf['myapp_secret_salt'] .
> $form_state['values']['Qualifyers']['Email'] . time());
>
> I didn't completely audit the rest of your description, but that seems
> like the heart of the problem.
>
>
> Cheers,
> -Derek (dww)
>
>
>
>



From Greg at GrowingVentureSolutions.com  Fri Sep 26 17:51:07 2008
From: Greg at GrowingVentureSolutions.com (Greg Knaddison - GVS)
Date: Fri, 26 Sep 2008 11:51:07 -0600
Subject: [development] Threading problems?
In-Reply-To: <48DCF84F.2030105@drob.org>
References: <48DC7302.60300@drob.org>
	<BD4A5051-BF32-4FC4-A9C9-D4E4AE17A310@dwwright.net>
	<48DCF84F.2030105@drob.org>
Message-ID: <3861c6770809261051w1424ae9dyfeb05ccf844aadf4@mail.gmail.com>

On Fri, Sep 26, 2008 at 8:57 AM, Dan Robinson <dan at drob.org> wrote:
> The part I still don't get is that when I get to the "confirmation"
> page, and am pulling values from $_SESSION, sometimes it seems that the
> sessions are getting crossed.  To re-cap this part of the puzzle -

Rather than storing the data in $_SESSION I think you could use a
drupal_set_message ( see
http://api.drupal.org/api/function/drupal_set_message for details).

It shows a specific message to a user based on their session.

Regards,
Greg

-- 
Greg Knaddison
Denver, CO | http://knaddison.com | 303-800-5623
Growing Venture Solutions, LLC | http://growingventuresolutions.com

From dan at drob.org  Fri Sep 26 19:36:08 2008
From: dan at drob.org (Dan Robinson)
Date: Fri, 26 Sep 2008 12:36:08 -0700
Subject: [development] Threading problems?
In-Reply-To: <3861c6770809261051w1424ae9dyfeb05ccf844aadf4@mail.gmail.com>
References: <48DC7302.60300@drob.org>	<BD4A5051-BF32-4FC4-A9C9-D4E4AE17A310@dwwright.net>	<48DCF84F.2030105@drob.org>
	<3861c6770809261051w1424ae9dyfeb05ccf844aadf4@mail.gmail.com>
Message-ID: <48DD39A8.2080604@drob.org>

Hmmm... Interesting idea.  But I'm not sure that would work from a user
flow point of view.

My bigger question still stands which is:

How is it that I set the value in a cookie and in $_SESSION, test later
and they don't match?

This is an intermittent problem under load.

Thanks,

Dan
> On Fri, Sep 26, 2008 at 8:57 AM, Dan Robinson <dan at drob.org> wrote:
>   
>> The part I still don't get is that when I get to the "confirmation"
>> page, and am pulling values from $_SESSION, sometimes it seems that the
>> sessions are getting crossed.  To re-cap this part of the puzzle -
>>     
>
> Rather than storing the data in $_SESSION I think you could use a
> drupal_set_message ( see
> http://api.drupal.org/api/function/drupal_set_message for details).
>
> It shows a specific message to a user based on their session.
>
> Regards,
> Greg
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080926/08b20b96/attachment.htm 

From paolomainardi at gmail.com  Sat Sep 27 00:50:24 2008
From: paolomainardi at gmail.com (Paolo Mainardi)
Date: Sat, 27 Sep 2008 02:50:24 +0200
Subject: [development] Threading problems?
In-Reply-To: <48DD39A8.2080604@drob.org>
References: <48DC7302.60300@drob.org>
	<BD4A5051-BF32-4FC4-A9C9-D4E4AE17A310@dwwright.net>
	<48DCF84F.2030105@drob.org>
	<3861c6770809261051w1424ae9dyfeb05ccf844aadf4@mail.gmail.com>
	<48DD39A8.2080604@drob.org>
Message-ID: <c538f9410809261750x58a6c2acs2146f6bd2fb2d968@mail.gmail.com>

On Fri, Sep 26, 2008 at 9:36 PM, Dan Robinson <dan at drob.org> wrote:

>  Hmmm... Interesting idea.  But I'm not sure that would work from a user
> flow point of view.
>
> My bigger question still stands which is:
>
> How is it that I set the value in a cookie and in $_SESSION, test later and
> they don't match?
>
> This is an intermittent problem under load.
>
> Thanks,
>

It's strange, i think that you have to write some test for reproducing this
kind of behaviour.

You are working with IIS ? Fastcgi ? ISAPI ? Linux.

More details please :)

-- 
Paolo Mainardi

Vice Presidente Assoc.ILDN (http://www.ildn.net)
Blog: http://www.mainardipaolo.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080927/31ec4f9f/attachment.htm 

From drupal-devel at webchick.net  Sat Sep 27 04:43:52 2008
From: drupal-devel at webchick.net (Angela Byron)
Date: Sat, 27 Sep 2008 00:43:52 -0400
Subject: [development] Patch Spotlight 2.0
Message-ID: <48DDBA08.7030506@webchick.net>

Back during the Drupal 6.x release, a bunch of us in #drupal pioneered 
an idea called "Patch Spotlight" (http://drupal.org/patch/spotlight). 
The idea was to pick the single most critical issue in the queue, put it 
"bubble it up" to give it more attention, so we could hammer *all* 
development efforts at it until it was resolved. The page includes 
information for those new to patch reviewing on how to get started, as 
well as an overview of what the patch does to help save people from 
reading 100+ replies.

This actually worked pretty well towards the end of 6.x release, and 
helped us hammer through some critical bugs pretty quickly.

However, it does have some drawbacks:
1. Only one patch is featured at a time. There might be many highly 
critical issues at any given time, but we can only pick one. Since there 
are over 5,000 issues in the queue, this mechanism is unsustainable for 
plowing through the patch queue.

2. Said issue might be very complex (such as the current one) or only be 
reviewable by only a very small number of people with a particular area 
of expertise (such as the current one) and as such, may stagnate for 
months on end (such as the current one ;)). This causes the spotlight to 
be less effective, because people start to ignore it.

3. People have domain expertise in different areas, and it's been 
challenging finding enough themers, people with JS knowledge, 
translators, etc. to test relevant patches in the queue. Patch spotlight 
doesn't reach those people; only the active core developer community.

So, here comes... Patch Spotlight 2.0!

http://groups.drupal.org/node/5647/patch-spotlight

This is a collection of wiki pages in the "Improvements to Core" group 
(http://groups.drupal.org/improvements-core), cross-posted to the 
relevant working groups, that contains a "short-list" of core issues in 
a variety of areas that need code written, or patches reviewed. The 
issues are categorized in the following way, each with its own wiki 
page, editable by any members of the group:

* Killer feature-enablers: Issues in the critical path for enabling us 
to meet Dries's Drupal 7 hit list.
* OMG WTF BBQ: *Seriously* critical bugs that *need* to get fixed.
* DX patches: API tweaks and such that help improve the developer 
experience.

Also, patches that affect:
* Performance: Cross-posted to the High Performance group.
* Usability: Cross-posted to Usability group.
* Theme system: Cross-posted to the Theme Development group.
* Documentation: Cross-posted to the Documentation Team group.
* JavaScript: Cross-posted to the JavaScript working group.
* Translations: Cross-posted to the Translations group.
* Quality Assurance: Cross-posted to the Testing/QA group

This list is a result of brainstorming tonight on #drupal, so might have 
some glaring holes. I've added a couple of starter issues to each, but 
feel free to take over and add additional ones to self-organize. 
Obviously, the fewer issues in each page, the quicker they can be moved 
through, so avoid using this as a personal soapbox for all your pet 
patches unless they really are of wider interest to folks in a 
particular area.

So now we have:

1. A way to "spotlight" several dozen patches rather than just one.
2. A way to alert people in working groups of core issues that affect 
them, so that they can give input on them well before Drupal 7 is released.
3. A way for working groups to self-select important patches in their 
area, and prioritize and focus on them.
4. Panels! With curvy borders, even! ;)

Downside is this list needs to be maintained manually, which is kind of 
a pain, but if enough people help out, it should go pretty slick.

Looking forward to reviewing and committing your RTBC patches! :)

-Angie

From drupal.beginner at wechange.org  Sat Sep 27 10:26:29 2008
From: drupal.beginner at wechange.org (augustin (beginner))
Date: Sat, 27 Sep 2008 18:26:29 +0800
Subject: [development] Patch Spotlight 2.0
In-Reply-To: <48DDBA08.7030506@webchick.net>
References: <48DDBA08.7030506@webchick.net>
Message-ID: <200809271826.29595.drupal.beginner@wechange.org>

On Saturday 27 September 2008 12:43:52 Angela Byron wrote:
> each with its own wiki
> page, editable by any members of the group:

The wiki on groups.d.o is broken. One cannot view revisions and diffs between 
revisions, so one never know what has changed. For that reason I gave up 
using it a long time ago.


A.



From drupal-devel at webchick.net  Sun Sep 28 01:00:34 2008
From: drupal-devel at webchick.net (Angela Byron)
Date: Sat, 27 Sep 2008 21:00:34 -0400
Subject: [development] Patch Spotlight 2.0
In-Reply-To: <200809271826.29595.drupal.beginner@wechange.org>
References: <48DDBA08.7030506@webchick.net>
	<200809271826.29595.drupal.beginner@wechange.org>
Message-ID: <48DED732.8090500@webchick.net>

augustin (beginner) wrote:
> On Saturday 27 September 2008 12:43:52 Angela Byron wrote:
>> each with its own wiki
>> page, editable by any members of the group:
> 
> The wiki on groups.d.o is broken. One cannot view revisions and diffs between 
> revisions, so one never know what has changed. For that reason I gave up 
> using it a long time ago.

While I agree this is typically a real problem in wiki pages on g.d.o (I 
asked Moshe about this and he said he'd accept a patch that works around 
this in the theme layer for Drupal 5 -- probably go to 
http://groups.drupal.org/maintenance if you're interested in helping), 
in the case of this page the log of changes is less important than 
"what's actually on the page atm?" which makes them really helpful here.

Incidentally, Earl made a nice alias 
http://groups.drupal.org/patch-spotlight to this page, and Moshe did a 
bunch of work to make it look nicer. We fixed quite a few of these 
today. Thanks, guys! :D

-Angie


From davin at nomadsland.com  Mon Sep 29 20:58:48 2008
From: davin at nomadsland.com (Davin Hutchins)
Date: Mon, 29 Sep 2008 16:58:48 -0400
Subject: [development] Seeking Drupal Consultant / Individual Developer
In-Reply-To: <64e7d5a30809291354m35e165a6kb4d01e4993a2e5a6@mail.gmail.com>
References: <64e7d5a30809291307m35f71de6w998a94281e0ac14@mail.gmail.com>
	<64e7d5a30809291354m35e165a6kb4d01e4993a2e5a6@mail.gmail.com>
Message-ID: <64e7d5a30809291358y14641e81gb856475990f49fca@mail.gmail.com>

Dear Drupalers,

   We have hired a firm with little Drupal experience to build a Drupal 5.x
site for us. They have found Drupal to be challenging and need to phase out
their development.

   We are seeking a Drupal developer local to the Washington D.C. area to
consult for us in three ways:

1.) Third-party audit of the site to see what has been installed
incorrectly, built incorrectly, etc. with
   recommendations for fixing it

2.) We have some content and theme alterations (and a mockup) to add a
simple blog and other items we would like implement by Nov. 15th

3.) On going consultation (on retainer) to modify the site, install and test
relevant modules, make strategic recommendations

   We are a well-funded non-profit staffed by video producers and
journalists have worked with CNN, National Geographic, BBC, PBS. The site
can be viewed at www.americannewsproject.com

 Please e-mail here info at newsproject.org with: Drupal Consultant in the
subject line. NO PHONE CALLS PLEASE.

-- 
Davin Hutchins
Managing Producer
American News Project (http://www.americannewsproject.com)
1050 17th Street NW, Suite 550
Washington, D.C. 20036

Video Reel:
http://link.brightcove.com/services/player/bcpid1726689966

LinkedIn CV:
http://www.linkedin.com/in/nomadsland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080929/d0d6fd0e/attachment.htm 

From saintsjd at gmail.com  Tue Sep 30 15:14:03 2008
From: saintsjd at gmail.com (Jon Saints)
Date: Tue, 30 Sep 2008 09:14:03 -0600
Subject: [development] Certify Drupal for use in Government (US) Projects
Message-ID: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>

On a recent project for the US government, half way through the development
process, our work was stopped by a government security review which said
that Drupal (and open source software in general) is not suitable for use in
government projects that house personal information due to security
concerns.

Because our project had been approved by higher ups within the department,
we were paid for our work up to that point and asked to stop.  Now, its up
to the tax payers to foot a much larger bill for other developers to
implement a proprietary and more "secure" (or secretive) solution.

The "transparency" of the Drupal project was one of the government's big
objections.  In their eyes, disclosing and fixing securit holes in a timely
manner, is not the same thing as security.  They pointed out the 100+
security disclosures since drupal 4.0 as a reason that the system could not
be used.  We noted that all these disclosures where quickly addressed, but
that did not seem to matter.

I notice other governments around the world are using Drupal with great
success and savings to citizens:
http://buytaert.net/new-zealand-government-using-drupal

The standards we would need to meet with drupal are:
http://csrc.nist.gov/groups/SMA/fisma/index.html

My questions are the following:
 - Have any other developers run into this cerfication problem before?
 - Is anyone in the drupal community currently working to get Drupal
certified for use in US Government projects?
 - Does anyone know exactly what cerfication would require from a
development standpoint?

If there is interest in investigating this type of certification further,
let me know. NIST, the department that certifies software, is just down the
road from me.  I could go investigate further.

Thanks
Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080930/c1d312bc/attachment-0001.htm 

From matt at mattfarina.com  Tue Sep 30 15:24:58 2008
From: matt at mattfarina.com (matt at mattfarina.com)
Date: Tue, 30 Sep 2008 11:24:58 -0400
Subject: [development] Certify Drupal for use in Government (US)	Projects
In-Reply-To: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
References: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
Message-ID: <20080930112458.71lf61wyqsocc0ks@webmail.mattfarina.com>

Jon,

Thanks for your interest in this. I'm interested in this as well.

Some of their concerns seem to be over some misconceptions that might  
help to be cleared up.

Someone correct me if I'm wrong but drupal 4.0 was 10 major releases  
ago. 100 + advisories over 10 major releases isn't as many as the 3  
which the numbering might look like. Before drupal 5 the major  
releases were point releases and not full number releases. On top of  
that, the security advisories cover contributed modules and have  
included other libraries used by drupal modules, such as getID3.

The security team handles things in a tight way. When something is  
reported it's not opened up to the world. If the issue is valid it's  
handled behind closed doors until a fix and advisory is sent out.  
Those advisories come out on Wednesdays so they can immediately be  
acted on.

I would be very curious as to what it would take to certification as  
well as their concerns.

Matt

Quoting Jon Saints <saintsjd at gmail.com>:

> On a recent project for the US government, half way through the development
> process, our work was stopped by a government security review which said
> that Drupal (and open source software in general) is not suitable for use in
> government projects that house personal information due to security
> concerns.
>
> Because our project had been approved by higher ups within the department,
> we were paid for our work up to that point and asked to stop.  Now, its up
> to the tax payers to foot a much larger bill for other developers to
> implement a proprietary and more "secure" (or secretive) solution.
>
> The "transparency" of the Drupal project was one of the government's big
> objections.  In their eyes, disclosing and fixing securit holes in a timely
> manner, is not the same thing as security.  They pointed out the 100+
> security disclosures since drupal 4.0 as a reason that the system could not
> be used.  We noted that all these disclosures where quickly addressed, but
> that did not seem to matter.
>
> I notice other governments around the world are using Drupal with great
> success and savings to citizens:
> http://buytaert.net/new-zealand-government-using-drupal
>
> The standards we would need to meet with drupal are:
> http://csrc.nist.gov/groups/SMA/fisma/index.html
>
> My questions are the following:
>  - Have any other developers run into this cerfication problem before?
>  - Is anyone in the drupal community currently working to get Drupal
> certified for use in US Government projects?
>  - Does anyone know exactly what cerfication would require from a
> development standpoint?
>
> If there is interest in investigating this type of certification further,
> let me know. NIST, the department that certifies software, is just down the
> road from me.  I could go investigate further.
>
> Thanks
> Jon
>



From saintsjd at gmail.com  Tue Sep 30 15:30:11 2008
From: saintsjd at gmail.com (Jon Saints)
Date: Tue, 30 Sep 2008 09:30:11 -0600
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <20080930112458.71lf61wyqsocc0ks@webmail.mattfarina.com>
References: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
	<20080930112458.71lf61wyqsocc0ks@webmail.mattfarina.com>
Message-ID: <8e779d5d0809300830i6a491bc9j7cc65340321c21fb@mail.gmail.com>

I agree with your assessment of the misconceptions:

If you search their database you will see that most of vulnerabilities they
are pointing to are for contributed modules.  That said, this is the
explanation we received.  There seems to be no room to argue in this case
due to deadlines for the project.

The Database:
http://nvd.nist.gov/

For future projects we could definitely argue to have these misconceptions
clarified in the governments eyes.

Thanks
Jon


On Tue, Sep 30, 2008 at 9:24 AM, <matt at mattfarina.com> wrote:

> Jon,
>
> Thanks for your interest in this. I'm interested in this as well.
>
> Some of their concerns seem to be over some misconceptions that might help
> to be cleared up.
>
> Someone correct me if I'm wrong but drupal 4.0 was 10 major releases ago.
> 100 + advisories over 10 major releases isn't as many as the 3 which the
> numbering might look like. Before drupal 5 the major releases were point
> releases and not full number releases. On top of that, the security
> advisories cover contributed modules and have included other libraries used
> by drupal modules, such as getID3.
>
> The security team handles things in a tight way. When something is reported
> it's not opened up to the world. If the issue is valid it's handled behind
> closed doors until a fix and advisory is sent out. Those advisories come out
> on Wednesdays so they can immediately be acted on.
>
> I would be very curious as to what it would take to certification as well
> as their concerns.
>
> Matt
>
>
> Quoting Jon Saints <saintsjd at gmail.com>:
>
>  On a recent project for the US government, half way through the
>> development
>> process, our work was stopped by a government security review which said
>> that Drupal (and open source software in general) is not suitable for use
>> in
>> government projects that house personal information due to security
>> concerns.
>>
>> Because our project had been approved by higher ups within the department,
>> we were paid for our work up to that point and asked to stop.  Now, its up
>> to the tax payers to foot a much larger bill for other developers to
>> implement a proprietary and more "secure" (or secretive) solution.
>>
>> The "transparency" of the Drupal project was one of the government's big
>> objections.  In their eyes, disclosing and fixing securit holes in a
>> timely
>> manner, is not the same thing as security.  They pointed out the 100+
>> security disclosures since drupal 4.0 as a reason that the system could
>> not
>> be used.  We noted that all these disclosures where quickly addressed, but
>> that did not seem to matter.
>>
>> I notice other governments around the world are using Drupal with great
>> success and savings to citizens:
>> http://buytaert.net/new-zealand-government-using-drupal
>>
>> The standards we would need to meet with drupal are:
>> http://csrc.nist.gov/groups/SMA/fisma/index.html
>>
>> My questions are the following:
>>  - Have any other developers run into this cerfication problem before?
>>  - Is anyone in the drupal community currently working to get Drupal
>> certified for use in US Government projects?
>>  - Does anyone know exactly what cerfication would require from a
>> development standpoint?
>>
>> If there is interest in investigating this type of certification further,
>> let me know. NIST, the department that certifies software, is just down
>> the
>> road from me.  I could go investigate further.
>>
>> Thanks
>> Jon
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080930/f32b56ae/attachment-0001.htm 

From kb at 2bits.com  Tue Sep 30 15:32:05 2008
From: kb at 2bits.com (Khalid Baheyeldin)
Date: Tue, 30 Sep 2008 11:32:05 -0400
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
References: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
Message-ID: <4a9fdc630809300832u3c7471c5r3733063d63ebc84b@mail.gmail.com>

On Tue, Sep 30, 2008 at 11:14 AM, Jon Saints <saintsjd at gmail.com> wrote:

> On a recent project for the US government, half way through the development
> process, our work was stopped by a government security review which said
> that Drupal (and open source software in general) is not suitable for use in
> government projects that house personal information due to security
> concerns.
>

Hello Jon

Apart from the "100+ since 4.0" mentioned below, what else did they
criticize?

If there is a report that they issued, you can share it with the security
team for a review.

Email it to security at drupal.org.


> Because our project had been approved by higher ups within the department,
> we were paid for our work up to that point and asked to stop.  Now, its up
> to the tax payers to foot a much larger bill for other developers to
> implement a proprietary and more "secure" (or secretive) solution.
>
> The "transparency" of the Drupal project was one of the government's big
> objections.  In their eyes, disclosing and fixing securit holes in a timely
> manner, is not the same thing as security.  They pointed out the 100+
> security disclosures since drupal 4.0 as a reason that the system could not
> be used.  We noted that all these disclosures where quickly addressed, but
> that did not seem to matter.
>
> I notice other governments around the world are using Drupal with great
> success and savings to citizens:
> http://buytaert.net/new-zealand-government-using-drupal
>
> The standards we would need to meet with drupal are:
> http://csrc.nist.gov/groups/SMA/fisma/index.html
>
> My questions are the following:
>  - Have any other developers run into this cerfication problem before?
>  - Is anyone in the drupal community currently working to get Drupal
> certified for use in US Government projects?
>  - Does anyone know exactly what cerfication would require from a
> development standpoint?
>
> If there is interest in investigating this type of certification further,
> let me know. NIST, the department that certifies software, is just down the
> road from me.  I could go investigate further.
>
> Thanks
> Jon
>



-- 
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080930/ebead3e1/attachment-0001.htm 

From chuck at acquia.com  Tue Sep 30 15:34:44 2008
From: chuck at acquia.com (Chuck D'Antonio)
Date: Tue, 30 Sep 2008 11:34:44 -0400
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
References: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
Message-ID: <3FA2DE63-C6EC-441E-8900-666281DBA78C@acquia.com>

Jon,

I've used Open Source and on government projects before, primarily on  
the defense side -- I'm not sure if this was a civilian or defense  
project.  I know that in my previous company, we even needed our  
commercial software certified, and it was a pretty lengthy process to  
get it completed based on the updates I heard of the course of several  
months.  Unfortunately, I was only peripherally involved so I don't  
have many details of the process.

I do know from some folks I've talked to quite recently that multiple  
agencies in the Defense Department are using Drupal -- though  
primarily for non-classified work.  There is an arduous process to get  
your software cleared for deployment on the classified networks and it  
typically involves not only the software itself, but lots of  
bureaucratic questions about how it's created.

Chuck

	Chuck D'Antonio
Sr. Director Professional Services
Acquia, Inc.
Mobile +1.617.388.1120


On Sep 30, 2008, at 11:14 AM, Jon Saints wrote:

> On a recent project for the US government, half way through the  
> development process, our work was stopped by a government security  
> review which said that Drupal (and open source software in general)  
> is not suitable for use in government projects that house personal  
> information due to security concerns.
>
> Because our project had been approved by higher ups within the  
> department, we were paid for our work up to that point and asked to  
> stop.  Now, its up to the tax payers to foot a much larger bill for  
> other developers to implement a proprietary and more "secure" (or  
> secretive) solution.
>
> The "transparency" of the Drupal project was one of the government's  
> big objections.  In their eyes, disclosing and fixing securit holes  
> in a timely manner, is not the same thing as security.  They pointed  
> out the 100+ security disclosures since drupal 4.0 as a reason that  
> the system could not be used.  We noted that all these disclosures  
> where quickly addressed, but that did not seem to matter.
>
> I notice other governments around the world are using Drupal with  
> great success and savings to citizens:
> http://buytaert.net/new-zealand-government-using-drupal
>
> The standards we would need to meet with drupal are:
> http://csrc.nist.gov/groups/SMA/fisma/index.html
>
> My questions are the following:
>  - Have any other developers run into this cerfication problem before?
>  - Is anyone in the drupal community currently working to get Drupal  
> certified for use in US Government projects?
>  - Does anyone know exactly what cerfication would require from a  
> development standpoint?
>
> If there is interest in investigating this type of certification  
> further, let me know. NIST, the department that certifies software,  
> is just down the road from me.  I could go investigate further.
>
> Thanks
> Jon




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080930/a106d1bc/attachment-0001.htm 

From gerhard at killesreiter.de  Tue Sep 30 15:35:50 2008
From: gerhard at killesreiter.de (Gerhard Killesreiter)
Date: Tue, 30 Sep 2008 17:35:50 +0200
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
References: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
Message-ID: <48E24756.4050900@killesreiter.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jon Saints schrieb:

> On a recent project for the US government, half way through the
> development process, our work was stopped by a government security
> review which said that Drupal (and open source software in general)
> is not suitable for use in government projects that house personal
> information due to security concerns.

Just out of interest: What kind of information are we talking about?
Tax numbers, bank accounts?

[...]

> I notice other governments around the world are using Drupal with great
> success and savings to citizens:
> http://buytaert.net/new-zealand-government-using-drupal

Seems like a showcase site only.

Cheers,
	Gerhard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFI4kdWfg6TFvELooQRArp1AKCdXFYZDMztJ7wrhhiOJOFG4q3/lACfbsXK
BX1vLaioeWG348yH/V/ufKs=
=yFhK
-----END PGP SIGNATURE-----

From saintsjd at gmail.com  Tue Sep 30 15:40:18 2008
From: saintsjd at gmail.com (Jon Saints)
Date: Tue, 30 Sep 2008 09:40:18 -0600
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <48E24756.4050900@killesreiter.de>
References: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
	<48E24756.4050900@killesreiter.de>
Message-ID: <8e779d5d0809300840s68501af1peb2501b849ad8d21@mail.gmail.com>

The names of Citizens are collected on the website along with some personal
contact information.  We were told that our application required the Medium
level security certification.

For collecting more sensitive information, certification becomes nearly
impossible.

Thanks
Jon

On Tue, Sep 30, 2008 at 9:35 AM, Gerhard Killesreiter <
gerhard at killesreiter.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jon Saints schrieb:
>
> > On a recent project for the US government, half way through the
> > development process, our work was stopped by a government security
> > review which said that Drupal (and open source software in general)
> > is not suitable for use in government projects that house personal
> > information due to security concerns.
>
> Just out of interest: What kind of information are we talking about?
> Tax numbers, bank accounts?
>
> [...]
>
> > I notice other governments around the world are using Drupal with great
> > success and savings to citizens:
> > http://buytaert.net/new-zealand-government-using-drupal
>
> Seems like a showcase site only.
>
> Cheers,
>        Gerhard
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFI4kdWfg6TFvELooQRArp1AKCdXFYZDMztJ7wrhhiOJOFG4q3/lACfbsXK
> BX1vLaioeWG348yH/V/ufKs=
> =yFhK
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080930/4bebd234/attachment.htm 

From sepeck at gmail.com  Tue Sep 30 16:06:44 2008
From: sepeck at gmail.com (Steven Peck)
Date: Tue, 30 Sep 2008 09:06:44 -0700
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <8e779d5d0809300840s68501af1peb2501b849ad8d21@mail.gmail.com>
References: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
	<48E24756.4050900@killesreiter.de>
	<8e779d5d0809300840s68501af1peb2501b849ad8d21@mail.gmail.com>
Message-ID: <a151b5a00809300906y71a6c8cdk5e8da40c05efee88@mail.gmail.com>

Which government security review/standard?

There are dozens if not hundreds of competing standards/programs and
levels of auditing and determination depending on which department you
are dealing with.  For example just one program was formerly known as
DITSCAP and is now DIACAP.

Many of these have more to do with procedures and policies then code.

Steven

On Tue, Sep 30, 2008 at 8:40 AM, Jon Saints <saintsjd at gmail.com> wrote:
> The names of Citizens are collected on the website along with some personal
> contact information.  We were told that our application required the Medium
> level security certification.
>
> For collecting more sensitive information, certification becomes nearly
> impossible.
>
> Thanks
> Jon
>
> On Tue, Sep 30, 2008 at 9:35 AM, Gerhard Killesreiter
> <gerhard at killesreiter.de> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Jon Saints schrieb:
>>
>> > On a recent project for the US government, half way through the
>> > development process, our work was stopped by a government security
>> > review which said that Drupal (and open source software in general)
>> > is not suitable for use in government projects that house personal
>> > information due to security concerns.
>>
>> Just out of interest: What kind of information are we talking about?
>> Tax numbers, bank accounts?
>>
>> [...]
>>
>> > I notice other governments around the world are using Drupal with great
>> > success and savings to citizens:
>> > http://buytaert.net/new-zealand-government-using-drupal
>>
>> Seems like a showcase site only.
>>
>> Cheers,
>>        Gerhard
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.6 (GNU/Linux)
>>
>> iD8DBQFI4kdWfg6TFvELooQRArp1AKCdXFYZDMztJ7wrhhiOJOFG4q3/lACfbsXK
>> BX1vLaioeWG348yH/V/ufKs=
>> =yFhK
>> -----END PGP SIGNATURE-----
>
>

From nan_wich at bellsouth.net  Tue Sep 30 18:14:58 2008
From: nan_wich at bellsouth.net (Nancy Wichmann)
Date: Tue, 30 Sep 2008 14:14:58 -0400
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
Message-ID: <NCEKJGCAHKMOLJLHNKLJOEGGEFAA.nan_wich@bellsouth.net>

Every government department for which I worked also used Windows ? how many
security holes in that have been fixed in just this year, let alone the last
several?  So much for proprietary products being secure


Many of the projects on which I worked also used open source products ?
including for a large department that is involved every time you travel by
air.

On that same project, I was responsible for QA ? but it was not my only job.
The agency had 18 people on their QA staff (don't ask me why) and every one
of those people felt that they HAD to find something to write up.  After a
half dozen iterations, the company I worked for (a very large services
organization) had to tell their management to stop that nonsense.

The agency's management can get around virtually any policy if they want.
However, I never found an agency that cared about the taxpayer's money ?
even though they are also taxpayers.

I would encourage you to visit with NIST.  My guess is that there is a
simple misunderstanding, quite possibly arising from not having to pay for
open source products (they can, however, make a donation if they really want
to spend money).


Nancy E. Wichmann, PMP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080930/f2cb6cdb/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: multipart/alternative
Size: 0 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20080930/f2cb6cdb/attachment.bin 
-------------- next part --------------

Internal Virus Database is out of date.
Checked by AVG - http://www.avg.com 
Version: 8.0.169 / Virus Database: 270.7.0/1685 - Release Date: 9/22/2008 4:08 PM

From cxjohnson at gmail.com  Tue Sep 30 20:10:36 2008
From: cxjohnson at gmail.com (Chris Johnson)
Date: Tue, 30 Sep 2008 15:10:36 -0500
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <NCEKJGCAHKMOLJLHNKLJOEGGEFAA.nan_wich@bellsouth.net>
References: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
	<NCEKJGCAHKMOLJLHNKLJOEGGEFAA.nan_wich@bellsouth.net>
Message-ID: <9ea8d6030809301310u53005412o72c58a8be9639b01@mail.gmail.com>

I think the agency in question just didn't get the memo.  The U.S.
Government, including the Department of Defense, is using open source
software in a big way.  See the following links:

 * http://www.gcn.com/blogs/tech/47100.html

-- Quote from the above link:

''It's worth noting, though, that the House Armed Forces Committee addresses
the matter.

"The committee acknowledges the availability of proprietary software and
encourages its development and acquisition as necessary and appropriate. The
committee believes, however, the widespread implementation of an OSS
standard will not only lead to more secure software, but will also foster
broader competition by minimizing traditional constraints imposed by an
overreliance on proprietary software systems," it stated.''


 * http://www.terrybollinger.com/dodfoss/dodfoss_html/index.html

-- A 2003 report by Terry Bollinger of The Mitre Corp. on the use of FOSS in
the U.S. Dept. of Defense.


The Dept. of Defense is likely the single largest spender in the Drupal
market; it's just behind the scenes.

According to the same database referred to above, Windows had 694 security
holes in the last 3 years -- considerably more than Drupal over the same
period.


On Tue, Sep 30, 2008 at 1:14 PM, Nancy Wichmann <nan_wich at bellsouth.net>wrote:

>  Every government department for which I worked also used Windows ? how
> many security holes in that have been fixed in just this year, let alone the
> last several?  So much for proprietary products being secure?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080930/501b65de/attachment-0001.htm 

From nan_wich at bellsouth.net  Tue Sep 30 20:37:43 2008
From: nan_wich at bellsouth.net (Nancy Wichmann)
Date: Tue, 30 Sep 2008 16:37:43 -0400
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <9ea8d6030809301310u53005412o72c58a8be9639b01@mail.gmail.com>
Message-ID: <NCEKJGCAHKMOLJLHNKLJOEGIEFAA.nan_wich@bellsouth.net>

Chris Johnson wrote:
> The Dept. of Defense is likely the single largest spender in the Drupal
market;

Just think if the DOD contributed 1% of 1% of its budget to OSS, the market
would be booming with products.

Nancy E. Wichmann, PMP




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080930/fdfb84fc/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: multipart/alternative
Size: 0 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20080930/fdfb84fc/attachment.bin 
-------------- next part --------------

Internal Virus Database is out of date.
Checked by AVG - http://www.avg.com 
Version: 8.0.169 / Virus Database: 270.7.0/1685 - Release Date: 9/22/2008 4:08 PM

From pinglaura at gmail.com  Tue Sep 30 20:55:22 2008
From: pinglaura at gmail.com (Laura Scott)
Date: Tue, 30 Sep 2008 14:55:22 -0600
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
References: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
Message-ID: <4E66D931-C881-4AD7-ABE9-74C3971E92C1@gmail.com>

Consider that one big difference between proprietary and open source  
is lobbying and existing contract relationships. Chris DiBona I  
believe spoke about how a defense contractor tried to get OSS banned  
from military systems, but after an internal audit of such systems  
revealed that a huge % of such systems (30%? More? I confess I don't  
recall) depended upon OSS, the DOD rejected the proposal.

There is more to this than simple perceptions about FOSS.

Laura


On Sep 30, 2008, at 9:14 AM, Jon Saints wrote:

> On a recent project for the US government, half way through the  
> development process, our work was stopped by a government security  
> review which said that Drupal (and open source software in general)  
> is not suitable for use in government projects that house personal  
> information due to security concerns.
>
> Because our project had been approved by higher ups within the  
> department, we were paid for our work up to that point and asked to  
> stop.  Now, its up to the tax payers to foot a much larger bill for  
> other developers to implement a proprietary and more "secure" (or  
> secretive) solution.
>
> The "transparency" of the Drupal project was one of the government's  
> big objections.  In their eyes, disclosing and fixing securit holes  
> in a timely manner, is not the same thing as security.  They pointed  
> out the 100+ security disclosures since drupal 4.0 as a reason that  
> the system could not be used.  We noted that all these disclosures  
> where quickly addressed, but that did not seem to matter.
>
> I notice other governments around the world are using Drupal with  
> great success and savings to citizens:
> http://buytaert.net/new-zealand-government-using-drupal
>
> The standards we would need to meet with drupal are:
> http://csrc.nist.gov/groups/SMA/fisma/index.html
>
> My questions are the following:
>  - Have any other developers run into this cerfication problem before?
>  - Is anyone in the drupal community currently working to get Drupal  
> certified for use in US Government projects?
>  - Does anyone know exactly what cerfication would require from a  
> development standpoint?
>
> If there is interest in investigating this type of certification  
> further, let me know. NIST, the department that certifies software,  
> is just down the road from me.  I could go investigate further.
>
> Thanks
> Jon

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080930/2bdc1660/attachment.htm 

From cxjohnson at gmail.com  Tue Sep 30 21:30:36 2008
From: cxjohnson at gmail.com (Chris Johnson)
Date: Tue, 30 Sep 2008 16:30:36 -0500
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <4E66D931-C881-4AD7-ABE9-74C3971E92C1@gmail.com>
References: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
	<4E66D931-C881-4AD7-ABE9-74C3971E92C1@gmail.com>
Message-ID: <9ea8d6030809301430k436907ady8c416fbe15feee09@mail.gmail.com>

Indeed.  In the article I provided the first link to, there is also this
quote:

"Not everyone has been pleased with how the bill calls out open-source
software by name, though. Analysts at the Business Software Alliance met
with members of the committee to voice their concern that the bill
unfavorably offers open-source software products an unfair competitive
advantage over other commercial software, according to a BSA spokesperson
who declined to be named."

I think we all know who the BSA is, and who they represent.  Clearly the
proprietary software vendors are upset and lobbying against FOSS.


On Tue, Sep 30, 2008 at 3:55 PM, Laura Scott <pinglaura at gmail.com> wrote:

> Consider that one big difference between proprietary and open source is
> lobbying and existing contract relationships. Chris DiBona I believe spoke
> about how a defense contractor tried to get OSS banned from military
> systems, but after an internal audit of such systems revealed that a huge %
> of such systems (30%? More? I confess I don't recall) depended upon OSS, the
> DOD rejected the proposal.
> There is more to this than simple perceptions about FOSS.
>
> Laura
>
>
> On Sep 30, 2008, at 9:14 AM, Jon Saints wrote:
>
> On a recent project for the US government, half way through the development
> process, our work was stopped by a government security review which said
> that Drupal (and open source software in general) is not suitable for use in
> government projects that house personal information due to security
> concerns.
>
> Because our project had been approved by higher ups within the department,
> we were paid for our work up to that point and asked to stop.  Now, its up
> to the tax payers to foot a much larger bill for other developers to
> implement a proprietary and more "secure" (or secretive) solution.
>
> The "transparency" of the Drupal project was one of the government's big
> objections.  In their eyes, disclosing and fixing securit holes in a timely
> manner, is not the same thing as security.  They pointed out the 100+
> security disclosures since drupal 4.0 as a reason that the system could not
> be used.  We noted that all these disclosures where quickly addressed, but
> that did not seem to matter.
>
> I notice other governments around the world are using Drupal with great
> success and savings to citizens:
> http://buytaert.net/new-zealand-government-using-drupal
>
> The standards we would need to meet with drupal are:
> http://csrc.nist.gov/groups/SMA/fisma/index.html
>
> My questions are the following:
>  - Have any other developers run into this cerfication problem before?
>  - Is anyone in the drupal community currently working to get Drupal
> certified for use in US Government projects?
>  - Does anyone know exactly what cerfication would require from a
> development standpoint?
>
> If there is interest in investigating this type of certification further,
> let me know. NIST, the department that certifies software, is just down the
> road from me.  I could go investigate further.
>
> Thanks
> Jon
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080930/855ffd3a/attachment.htm 

From dan at drob.org  Tue Sep 30 23:02:28 2008
From: dan at drob.org (Dan Robinson)
Date: Tue, 30 Sep 2008 16:02:28 -0700
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <9ea8d6030809301430k436907ady8c416fbe15feee09@mail.gmail.com>
References: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>	<4E66D931-C881-4AD7-ABE9-74C3971E92C1@gmail.com>
	<9ea8d6030809301430k436907ady8c416fbe15feee09@mail.gmail.com>
Message-ID: <48E2B004.8020606@drob.org>


>
> I think we all know who the BSA is, and who they represent.  Clearly
> the proprietary software vendors are upset and lobbying against FOSS.
ya think ;)




From piermaria at maraziti.it  Tue Sep 30 23:02:15 2008
From: piermaria at maraziti.it (Piermaria Maraziti)
Date: Wed, 01 Oct 2008 01:02:15 +0200
Subject: [development] Certify Drupal for use in Government (US) Projects
In-Reply-To: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com
 >
References: <8e779d5d0809300814yf1c004bl154ce7693d0e1e5d@mail.gmail.com>
Message-ID: <20080930230359.675E31440B8@polimnia.eridia.it>

At 17.14 30/09/2008, you wrote:

>The "transparency" of the Drupal project was one of the government's 
>big objections.

Just as a quick note by a lurker: various organs of the Italian 
government (Finance Ministery but not only) judged the "open" is OS 
projects to be a very good element for the usual reasons addressed by 
OS evangelists, also about security issues. It's a priority, to them, 
also the active participation in community: giving help when they can 
to receive help when they need (yep: most utilitary, not so 
idealistic - but pragmatic and correct).

Ciao!


--8<-----------------------------------fnord-----
Piermaria Maraziti piermaria at maraziti.it KALLISTI
ICQ744473  MSN:kallisti at hotmail.it  +3934735GILDA
www.gilda.it   www.eridia.it   www.hovistocose.it