Software Portal/Tasks

From openSUSE

List of tasks, currently unordered and unevaluated, requires milestones.

Applications

• in-place editing of applications and translations for authenticated+authorized users ?
• EditApplication:
  • tags
  • screenshots
  • comments
• comments and screenshots only for authenticated users
• mark comment or screenshot as offensive
  • queue of reported items to check (for admins) in the database
  • email/XMPP notifications (later)
• annotate screenshots (just text), store userid (requires authentication for screenshots)
• editing applications:
  • log (just a message, similar to wiki)
  • userid for each change log
  • datetime of change
  • diff / revisions ? (evil)
•  ? resize icons to fixed sizes to include them in the application list
  • needs storing the size of icons in the database (with the image blob and the application_id)
  • how to cache resized icons ? no cache at all ? filesystem on demand ? database on demand ? database on upload ?
• validate icon size or resize automatically (at the very least, the icon should be square, and at least 64x64 or the resized image will look like crap)
•  ? inherit default icon from tag, RPM group/category (not implemented nor considered in the domain at this point, not even sure we need that explicitly), from repository (prolly not) ?

Tagging

• tag cloud (started)
• list applications by tag
•  ? icon per tag (22x22 ?)

Build Service Bonus

• additional information, links, services when applications/packages are provided by an OBS repository
  • infer OBS project/package location from repository + package name (source package name, rather)
  • per repository specifics (different backend/viewer implementations and contributors)
  • discuss with Adrian which additional OBS information we could display + how to fetch it
• generally speaking, discuss with Adrian what shall be stored where (OBS or SWP), how it will be retrieved (cached, or not, pull or push, ...) and provided (WS/SOAP, XMLRPC, ...)
• if notifications are used, define how to secure those as the channel won't be internally and physically protected to avoid denial of service attacks with public trigger URLs (use certifications, authentication+authorization, ...)

RPM Groups

• what to do with them ? we haven't considered them at all in our domain model until now
• make them "Categories" (which are mappable through a static configuration)... would be needed if we also want to support other package formats and distributions (e.g. Fedora uses other RPM groups, Debian uses debs and has other grouping structures) (later)
• would require navigating the tree (breadcrumb ?)

Security

• authenticate and authorize against OpenID once available on http://users.opensuse.org (poke darix)
  • see [1] and [2] for opensource OpenID implementations for Java
• OBS package maintainers should automatically have the right to edit information about their packages (e.g. tags, description, links, ...) without having to request the maintainer role in SWP... problems:
  • bound to package/application and not global (not really an issue, just that our roles are currently global and not bound to specific domain objects, have to check how it can be handled by Acegi and/or Wicket)
  • have to sync or retrieve from the OBS (explicit sync in user's profile, nightly sync, online on sign in)