Feature changed by: Hendrik Vogelsang (hennevogel) Feature #306625, revision 17 Title: automatic email alias, irc cloak, lizards data generation on users.o.o - Hackweek IV: Evaluation by project manager + Hackweek IV: Done Priority Requester: Important Requested by: Hendrik Vogelsang (hennevogel) Requested by: Joe Brockmeier (jbrockmeier) Partner organization: openSUSE.org Description: To be able to maintain the list of @opensuse.org email aliases, freenode irc cloaks and lizards.o.o logins for members the openSUSE board is looking for a ruby hacker willing to implement automatic generation of aliases/cloaks in users.opensuse.org. users.o.o is a ruby on rails application. Each opensuse member has 2 email aliases (login@opensuse.org, forename. surname@opensuse.org) an freenode IRC cloak and a wordpress login to lizards.opensuse.org. At the moment this data is exported and imported manualy to the different systems. What we would need is a way to make this automatic and have the data changeable by the user. Additionally the member check for contribution should be automized. We check participation with the following defaults: bugzilla login, bugs, wiki edits, user page, contrib on mls. An automatic check could shorten the evaluation as well if it simply shows in a yes/no style if there is any. And Zonker would like to see the adresses to be put in there as well (yes, on a voluntary base) to have them if eg. people go to a conference and get some stuff sent to. Discussion: #1: Pavol Rusnak (prusnak) (2009-08-27 16:08:59) The whole users.o.o portal should be rewritten to include the features like the ones we could find in launchpad.net (e.g. https://launchpad.net/~stick84) or Fedora Accounts System. (Uncomplete) Feature list (or the list of the user attributes): * email contact * jabber contact * openpgp keys * SSH keys * openid logins * spoken languages * computer languages * location + time zone * group membership (packager, wiki editor, reviewer, board member, ...) * avatar * opensuse.org email aliases * freenode irc cloaks * ... We'll discuss this in more detail during Multipliers Kickoff and I would like to work on this afterwards. #2: Scott Couston (zczc2311) (2011-04-03 04:27:42) Preface: Please forgive my Verbose comment and/or suggestions here. The following may well have already been undertaken, and if so: my apologies. The main reason for my comment is that after 4 years I have never seen any reference to any ISO; nor seen one adopted etc.. - I may be horribly incorrect here Well before we look at the functional nuts and bolts aspects to this request, l would suggest that Policy needs discussion. The functional creation of 'Connect' needs to function according to policy. If there is a Policy Document and Functional Specification; please provide URL's Rather than reinvent the wheel, I would suggest that a Data Policy documents should follow the guidelines already available in various ISO's. ISO- International Standards - Quality Assurance documents have been in refinement for several decades as a result of the E.U meetings in Brussels. The ISO's are many and varied and cover manufacturing, construction, marketing, mining, safe handling and storage of food, mining and distribution of Rare Earth Minerals, I.T...and endless levels of any creative development of Man! http://www.questanalytical.com/Document%20Control/documentation.html It is not unusual for an entity to follow parts of a few ISO's. - For example the bulk of our I.T International Standards are covered in ISO 9002, 9004 (Off the Top of my head). I would suggest we examine the existing ISO on the aspect of Data Security well before we construct such an application - From what I have seen this may well be far too late to bring the 'Connect' Applications' development into line with International Standards of Data Security! Online Databases containing vast amounts of personal information scream out for having their design comply along International Data Security Standards of Quality. #4: Per Jessen (pjessen) (2011-04-13 08:03:33) (reply to #2) "International Standards of Data Security" - to my knowledge, there are no such standards. ISO9001 is about quality management, ISO27001 is about information security, but that's different. Standards such as HIPAA and PCI are not international nor do they really apply to openSUSE. #5: Scott Couston (zczc2311) (2011-04-14 01:18:48) (reply to #4) Per, the above statement frightens the hell out of me....ISO are our World Standard of both Quality and establishing the best processes to fulfil it and to state fundamentals that must be included in design and manufacturing markets. I would suggest you obtain the Index list from Brussels ISO Office or just the net....Off the top of my head some of the ISO's that made up our industry are taken from the following: ISO 15489-1:2001 Information and documentation - Records management - Part 1: General International Organization for Standardization / 01-Sep-2001 / 26 pages ISO/TR 15489-2:2001 Information and documentation - Records management - Part 2: Guidelines International Organization for Standardization (Technical Report) / 01-Sep-2001 / 46 pages ISO 19011: 2002 Guidelines for quality and/or environmental management systems auditing SO/IEC 90003:2004 Software engineering - Guidelines for the application of ISO 9001:2000 to computer software International Organization for Standardization/International Electrotechnical Commission / 01-Feb-2004 / 54 pages ISO's Apply to ever endeavour that man does, except in the US where they have legislated Quality aspects after the SOX.litigation and loss of data required legislation as the US Market could not reply on everyone adhering to QA ISO...They dont use QA at all in the USA. - They just legislate the holes in data security when something big falls through it - I am very surprised you cannot recall the SOX...etc... Legislation in the US as it represented the biggest enforceable bit of legislation to effect ANY Country since history began purely on Data Security had occurred ... http://en.wikipedia.org/wiki/Sarbanes%E2%80% 93Oxley_Act (http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act) http://www.sox-online.com/basics.html http://www.soxlaw.com/index.htm Your Analysis have the job of conforming to ISO and being aware of US Legislation well before the Programmer writes the first line of code... Bugzilla and all PMS Systems are designed to enforce quality, however our current philosophy use negates all its benefit that it a PMS is designed to do #3: Scott Couston (zczc2311) (2011-04-13 04:18:01) I am very alarmed at: The connect database is a default opt-in The default visibility, clocked or otherwise, is either public or logged in users. I am not specifically concerned with myself...but to have a opt- in default for all users/members from old lists and the default visibility being either public or logged in users is just asking for a flood of complaints..I am not concerned with myself, my concerns are about this project possibly hurting opensuse and its members. I would suggest that urgent action be taken on ALL contact info be bulk changed to private and for every member o the database to be emailed requesting them to change add or modify their profile as they see fit! This could be very ugly in my humble opinion #6: Scott Couston (zczc2311) (2011-04-14 01:58:49) The absolute Key to Managing Bugzilla and openFATE is the Quality Manager. Without having complete project Authority and the ability to set time frames for fix or developer our PMS Projects are doomed to failure. The Role of the QA in terms of software Problem management tools can be found in the following; and perhaps if we collectively support a well experienced QA the project will go ahead leaps and hounds. Please don’t think I am criticising current processes at all...far from it..I still want to see opensuse of every desktop and server in the World. http://wiki.en.it-processmaps.com/index.php/Roles_within_ITIL (http://wiki.en.it-processmaps.com/index.php/Roles_within_ITIL) http://wiki.en.it-processmaps.com/index.php/Roles_within_ITIL_V3 http://wiki.en.it-processmaps.com/index.php/ITIL_Implementation_-_ITIL_Roles http://wiki.en.it-processmaps.com/index.php/Problem_Management http://www.e-ictsupport.org/fits/Sec/proactive-processes/problem-management/... http://www.forrester.com/rb/Research/problem_manager_new_it_service_manageme... http://www.softwareqatest.com/qatfaq2.html http://en.wikipedia.org/wiki/Software_configuration_management http://www.itservicestrategy.com/it-project-management-audit-templates In reading the above keep the though in the back of your mind. Many Models about the QA are based on and subsequent to US Legislation rather than ISO. The best way to understand the role of the QA Manager is to obtain the ISO written specifically on the subject of QA Manager, wirkflow, Assessment, conformation etc...all based on the ISO's. A lot of the above material templates are US based and have been designed by the US Legislation.' Due to your international market, I would suggest you follow all the guide lines, including the rob of the QA as defined in the ISO's. ...for the record the whole .E.U wrangle about antitrust with Microsoft would never have see the light IF the US had adopted the IOS's as the standard rather than follow their own legislation on the very small subject of Data Security, Trust and Open Dialogue. If free enterprise companies that stored vast numbers of data including CC details etc - and then lost aprox 250,000 records by both hack and someone walking out the door with a DVD; there would never have been the Sarbanes–Oxley Act in the US. Being next door to Brussels and the E.U the lack of understanding of all these matters is probably due to having a very bright and enthusiastic young group; where histories insubstantial are neither unknown not not understood...Its all good...we all lern every day, even me + #7: Hendrik Vogelsang (hennevogel) (2011-12-05 14:32:55) + Except lizards credentials, which is most probably going to be + discontinued in the future, this is now done in connect. -- openSUSE Feature: https://features.opensuse.org/306625