Feature changed by: Per Jessen (pjessen) Feature #306625, revision 14 Title: automatic email alias, irc cloak, lizards data generation on users.o.o Hackweek IV: Evaluation by project manager Priority Requester: Important Requested by: Hendrik Vogelsang (hennevogel) Requested by: Joe Brockmeier (jbrockmeier) Project Manager: (Novell) Engineering Manager: (Novell) Partner organization: openSUSE.org Description: To be able to maintain the list of @opensuse.org email aliases, freenode irc cloaks and lizards.o.o logins for members the openSUSE board is looking for a ruby hacker willing to implement automatic generation of aliases/cloaks in users.opensuse.org. users.o.o is a ruby on rails application. Each opensuse member has 2 email aliases (login@opensuse.org, forename. surname@opensuse.org) an freenode IRC cloak and a wordpress login to lizards.opensuse.org. At the moment this data is exported and imported manualy to the different systems. What we would need is a way to make this automatic and have the data changeable by the user. Additionally the member check for contribution should be automized. We check participation with the following defaults: bugzilla login, bugs, wiki edits, user page, contrib on mls. An automatic check could shorten the evaluation as well if it simply shows in a yes/no style if there is any. And Zonker would like to see the adresses to be put in there as well (yes, on a voluntary base) to have them if eg. people go to a conference and get some stuff sent to. Discussion: #1: Pavol Rusnak (prusnak) (2009-08-27 16:08:59) The whole users.o.o portal should be rewritten to include the features like the ones we could find in launchpad.net (e.g. https://launchpad.net/~stick84) or Fedora Accounts System. (Uncomplete) Feature list (or the list of the user attributes): * email contact * jabber contact * openpgp keys * SSH keys * openid logins * spoken languages * computer languages * location + time zone * group membership (packager, wiki editor, reviewer, board member, ...) * avatar * opensuse.org email aliases * freenode irc cloaks * ... We'll discuss this in more detail during Multipliers Kickoff and I would like to work on this afterwards. #2: Scott Couston (zczc2311) (2011-04-03 04:27:42) Preface: Please forgive my Verbose comment and/or suggestions here. The following may well have already been undertaken, and if so: my apologies. The main reason for my comment is that after 4 years I have never seen any reference to any ISO; nor seen one adopted etc.. - I may be horribly incorrect here Well before we look at the functional nuts and bolts aspects to this request, l would suggest that Policy needs discussion. The functional creation of 'Connect' needs to function according to policy. If there is a Policy Document and Functional Specification; please provide URL's Rather than reinvent the wheel, I would suggest that a Data Policy documents should follow the guidelines already available in various ISO's. ISO- International Standards - Quality Assurance documents have been in refinement for several decades as a result of the E.U meetings in Brussels. The ISO's are many and varied and cover manufacturing, construction, marketing, mining, safe handling and storage of food, mining and distribution of Rare Earth Minerals, I.T...and endless levels of any creative development of Man! http://www.questanalytical.com/Document%20Control/documentation.html It is not unusual for an entity to follow parts of a few ISO's. - For example the bulk of our I.T International Standards are covered in ISO 9002, 9004 (Off the Top of my head). I would suggest we examine the existing ISO on the aspect of Data Security well before we construct such an application - From what I have seen this may well be far too late to bring the 'Connect' Applications' development into line with International Standards of Data Security! Online Databases containing vast amounts of personal information scream out for having their design comply along International Data Security Standards of Quality. + #4: Per Jessen (pjessen) (2011-04-13 08:03:33) (reply to #2) + "International Standards of Data Security" - to my knowledge, there are + no such standards. ISO9001 is about quality management, ISO27001 is + about information security, but that's different. Standards such as + HIPAA and PCI are not international nor do they really apply to + openSUSE. #3: Scott Couston (zczc2311) (2011-04-13 04:18:01) I am very alarmed at: The connect database is a default opt-in The default visibility, clocked or otherwise, is either public or logged in users. I am not specifically concerned with myself...but to have a opt- in default for all users/members from old lists and the default visibility being either public or logged in users is just asking for a flood of complaints..I am not concerned with myself, my concerns are about this project possibly hurting opensuse and its members. I would suggest that urgent action be taken on ALL contact info be bulk changed to private and for every member o the database to be emailed requesting them to change add or modify their profile as they see fit! This could be very ugly in my humble opinion -- openSUSE Feature: https://features.opensuse.org/306625