IRC log of #schooltool for Wednesday, 2009-04-15

ignas - Why Calendars are hard01:19
ignasmostly complete list01:19
ignasmissing a couple of things ;) like - questions "What events are happening today"01:19
ignasbut otherwise - very comprehensive01:20
Lumierehi ignas16:43
th1aignas:  I assume you saw our little security bug.16:47
ignassaw "translations adapter" bug16:53
ignasbut not a security bug16:53
ignasnow I see it16:54
ignaslet me check16:54
th1aIt is... major.16:57
ignasgood that ZODB can't forget the data17:02
ignasand you can always reroll it back17:03
ignascan reproduce it17:15
ignaslooking at how why and where17:15
ignastracked it dow17:19
Lumieredon't forget to push security fixes to stable branches that need it17:22
th1aHow would one roll it back?17:23
ignasth1a: it's not easy, but if someone will need it - i can help them with it17:24
ignasZope interface for doing that is a bit messy, but I have performed such a thing using VI once ;)17:24
ignasmessy as in - it does not really work17:24
th1aChop off the transaction in the file?17:24
th1aI've done that.17:24
th1aJust so I know what's possible -- could we release a patch that would undelete all deleted terms?17:25
th1aThat were still in the ZODB.17:25
ignasnot sure if possible to do it reliably17:29
ignasundeleting an object is not really doable17:29
ignasrerolling a bunch of transactions - kind of is, but is dangerous as you are losing "other" data17:29
th1aYou can just undo changes.17:29
ignasso if someone actually deleted a term a few days ago and added some persons - we'd automatically delete the persons without recovery possibility, so it's better to do it case by case17:31
ignasmaybe we should have some docs for "OMG I DID SOMETHING AND LOST ALL MY DATA" case in the future, just in case it happens to someone17:32
ignasthe bug was mine17:33
ignasI made a mistake in zcml describing ISchoolYear class17:33
ignasso model level security was off17:33
Lumiereignas: is there something in the wild on this?17:33
ignasin the wild?17:33
Lumiereignas: is someone actively exploiting this?17:34
ignaswill fix that and check if I can add another layer of security17:34
th1aA user in Japan spotted it.17:34
Lumiereor is it just a bug someone noticed that we need to fix17:34
ignasmaking delete views unaccessible17:34
th1aWell, I should have my laptop back with a new motherboard tomorrow.17:35
ignasok, so 2 bugs in one17:37
ignassecurity failure by the book :(17:37
*** replaceafill has joined #schooltool18:56
ignasLumiere: fixes are in 2009.04 2008.10 and trunk19:09
ignasLumiere: not in intrepid yet though19:09
ignasbut will be today I'd say19:10
LumiereI will push an update to cando today20:13
ignasreleased to PPA20:23
ignas16 hours for a security fix20:26
Lumierenot bad20:35
th1areplaceafill: Are you on the schooltoolers mailing list?21:45
replaceafillyes, just replying to thomas :)21:46
*** replaceafill has joined #schooltool22:55
Lumiereignas_: help23:40
LumiereXLRDError: No sheet named <'School Years'>23:41
LumiereSchoolYearOverlapError: SchoolYear '2008-2009' overlaps with SchoolYear(s) (2008-2009)23:41
Lumiereth1a: can you poke ignas for me?23:43
th1aUh... ignas_?23:44
th1aOr do you want me to log on to EVE?23:44
th1aAre you getting those errors at the same time or separately?23:44
Lumiereth1a: I added the SY sheet23:46
Lumierewith the full description of my SY23:46
th1aThis is in an existing instance?23:46
th1aWhat if you have the sheet, but blank?23:47
LumiereI am testing ignas's solution for groups23:47
Lumieretrying it with just an ID now23:47
Lumierethen blank23:47
th1aI think it needs to be blank.23:47
th1aAnd it needs to be at least fixed to not thow an exception if you don't have the sheet.23:48
Lumierewell now it wants terms23:49
Lumiereand for it not to be blank23:49
Lumiereor...     row += 123:49
LumiereUnboundLocalError: local variable 'row' referenced before assignment23:49
ignas_Lumiere, emm23:50
ignas_Lumiere, can you copy the header23:50
ignas_Lumiere, from the "empty" sheet23:50
ignas_and file a bug23:50
LumiereI can't find the empty sheet23:51
LumiereI can find sample23:51
Lumierebut nothing else23:51
ignas_ok, get sample23:51
ignas_look at sample school years23:51
ignas_copy the header row23:51
ignas_skip the rest23:51
Lumierethen it wanted terms23:52
LumiereI did the same23:52
Lumierecopied the header row23:52
Lumierekilled the rest23:52
Lumierethen I got the row error23:52
ignas_lisppaste5, url23:52
lisppaste5To use the lisppaste bot, visit and enter your paste.23:52
Lumiereand I don't even know where to start23:53
ignas_the full traceback please23:53
Lumiereon a bug report23:53
lisppaste5Lumiere pasted "row + 1 tb" at
ignas_add header row for terms23:54
ignas_Lumiere, you are using a pretty old checkout23:55
ignas_you are using 2008.1023:55
ignas_and I have merged most of the fixes into 2009.0423:55
ignas_Lumiere, are you there?23:59

