Feature changed by: Scott Couston (zczc2311) Feature #306625, revision 15 Title: automatic email alias, irc cloak, lizards data generation on users.o.o Hackweek IV: Evaluation by project manager Priority Requester: Important Requested by: Hendrik Vogelsang (hennevogel) Requested by: Joe Brockmeier (jbrockmeier) Project Manager: (Novell) Engineering Manager: (Novell) Partner organization: openSUSE.org Description: To be able to maintain the list of @opensuse.org email aliases, freenode irc cloaks and lizards.o.o logins for members the openSUSE board is looking for a ruby hacker willing to implement automatic generation of aliases/cloaks in users.opensuse.org. users.o.o is a ruby on rails application. Each opensuse member has 2 email aliases (login@opensuse.org, forename. surname@opensuse.org) an freenode IRC cloak and a wordpress login to lizards.opensuse.org. At the moment this data is exported and imported manualy to the different systems. What we would need is a way to make this automatic and have the data changeable by the user. Additionally the member check for contribution should be automized. We check participation with the following defaults: bugzilla login, bugs, wiki edits, user page, contrib on mls. An automatic check could shorten the evaluation as well if it simply shows in a yes/no style if there is any. And Zonker would like to see the adresses to be put in there as well (yes, on a voluntary base) to have them if eg. people go to a conference and get some stuff sent to. Discussion: #1: Pavol Rusnak (prusnak) (2009-08-27 16:08:59) The whole users.o.o portal should be rewritten to include the features like the ones we could find in launchpad.net (e.g. https://launchpad.net/~stick84) or Fedora Accounts System. (Uncomplete) Feature list (or the list of the user attributes): * email contact * jabber contact * openpgp keys * SSH keys * openid logins * spoken languages * computer languages * location + time zone * group membership (packager, wiki editor, reviewer, board member, ...) * avatar * opensuse.org email aliases * freenode irc cloaks * ... We'll discuss this in more detail during Multipliers Kickoff and I would like to work on this afterwards. #2: Scott Couston (zczc2311) (2011-04-03 04:27:42) Preface: Please forgive my Verbose comment and/or suggestions here. The following may well have already been undertaken, and if so: my apologies. The main reason for my comment is that after 4 years I have never seen any reference to any ISO; nor seen one adopted etc.. - I may be horribly incorrect here Well before we look at the functional nuts and bolts aspects to this request, l would suggest that Policy needs discussion. The functional creation of 'Connect' needs to function according to policy. If there is a Policy Document and Functional Specification; please provide URL's Rather than reinvent the wheel, I would suggest that a Data Policy documents should follow the guidelines already available in various ISO's. ISO- International Standards - Quality Assurance documents have been in refinement for several decades as a result of the E.U meetings in Brussels. The ISO's are many and varied and cover manufacturing, construction, marketing, mining, safe handling and storage of food, mining and distribution of Rare Earth Minerals, I.T...and endless levels of any creative development of Man! http://www.questanalytical.com/Document%20Control/documentation.html It is not unusual for an entity to follow parts of a few ISO's. - For example the bulk of our I.T International Standards are covered in ISO 9002, 9004 (Off the Top of my head). I would suggest we examine the existing ISO on the aspect of Data Security well before we construct such an application - From what I have seen this may well be far too late to bring the 'Connect' Applications' development into line with International Standards of Data Security! Online Databases containing vast amounts of personal information scream out for having their design comply along International Data Security Standards of Quality. #4: Per Jessen (pjessen) (2011-04-13 08:03:33) (reply to #2) "International Standards of Data Security" - to my knowledge, there are no such standards. ISO9001 is about quality management, ISO27001 is about information security, but that's different. Standards such as HIPAA and PCI are not international nor do they really apply to openSUSE. + #5: Scott Couston (zczc2311) (2011-04-14 01:18:48) (reply to #4) + Per, the above statement frightens the hell out of me....ISO are our + World Standard of both Quality and establishing the best processes to + fulfil it and to state fundamentals that must be included in design and + manufacturing markets. I would suggest you obtain the Index list from + Brussels ISO Office or just the net....Off the top of my head some of + the ISO's that made up our industry are taken from the following: ISO + 15489-1:2001 Information and documentation - Records management - Part + 1: General International Organization for Standardization / 01-Sep-2001 + / 26 pages ISO/TR 15489-2:2001 Information and documentation - Records + management - Part 2: Guidelines International Organization for + Standardization (Technical Report) / 01-Sep-2001 / 46 pages ISO 19011: + 2002 Guidelines for quality and/or environmental management systems + auditing SO/IEC 90003:2004 Software engineering - Guidelines for the + application of ISO 9001:2000 to computer software International + Organization for Standardization/International Electrotechnical + Commission / 01-Feb-2004 / 54 pages + ISO's Apply to ever endeavour that man does, except in the US where + they have legislated Quality aspects after the SOX.litigation and loss + of data required legislation as the US Market could not reply on + everyone adhering to QA ISO...They dont use QA at all in the USA. - + They just legislate the holes in data security when something big falls + through it - I am very surprised you cannot recall the SOX...etc... + Legislation in the US as it represented the biggest enforceable bit of + legislation to effect ANY Country since history began purely on Data + Security had occurred ... http://en.wikipedia.org/wiki/Sarbanes%E2%80% + 93Oxley_Act (http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act) + http://www.sox-online.com/basics.html http://www.soxlaw.com/index.htm + Your Analysis have the job of conforming to ISO and being aware of US + Legislation well before the Programmer writes the first line of code... + Bugzilla and all PMS Systems are designed to enforce quality, however + our current philosophy use negates all its benefit that it a PMS is + designed to do #3: Scott Couston (zczc2311) (2011-04-13 04:18:01) I am very alarmed at: The connect database is a default opt-in The default visibility, clocked or otherwise, is either public or logged in users. I am not specifically concerned with myself...but to have a opt- in default for all users/members from old lists and the default visibility being either public or logged in users is just asking for a flood of complaints..I am not concerned with myself, my concerns are about this project possibly hurting opensuse and its members. I would suggest that urgent action be taken on ALL contact info be bulk changed to private and for every member o the database to be emailed requesting them to change add or modify their profile as they see fit! This could be very ugly in my humble opinion -- openSUSE Feature: https://features.opensuse.org/306625