2016 01_Meeting_IRC_Log

07:00 < ibennetch> We appear to be waiting for a few members, but I guess we'll begin anyway.
07:01 < Marc9> Let's wait 5 minutes
07:01 < ibennetch> Sure thing.
07:02 < nijel> Hello everybody
07:07 < udan11> Hello! I might be a little unresponsive. I'm at the university in the middle of a course.
07:08 < Marc9> udan11 ok
07:08  * Marc9 just emailed Deven
07:08 < Marc9> So I guess we can start
07:08 < ibennetch> Thanks for joining us at the cost of your education ;)
07:08 < ibennetch> Great. First up are a few issues we'd like to close.
07:08 < ibennetch> Mine is about BSD support.
07:09 < ibennetch> Kasun and I thought it should already be implemented, the original poster didn't respond.
07:09 < Marc9> Fine to close for me
07:09 < nijel> I agree as well
07:10 < ibennetch> Thanks, Marc proposes one about decreased cookie usage
07:10 < ibennetch> This has a lack of feedback also
07:10 < Marc9> The user was using an old cookie spec
07:10 < nijel> I think decreasing cookie usage kind of makes sense, though I really don't see it as a priority...
07:11 < Marc9> ok so we can leave open
07:11 < ibennetch> I agree with nijel, this could be reduced but isn't a big priority for me.
07:11 < Marc9> Also it can be a good project to propose to students
07:12 < nijel> Indeed
07:12 < ibennetch> Last: inbuilt VCS question
07:12  * nijel just added newbie tag to cookie reducing
07:12 < Marc9> I find that very vague
07:12 < nijel> VCS is IMHO really out of scope for web tool
07:12 < ibennetch> This sounds difficult, vague, and out of scope
07:12 < nijel> to make it work reliably this needs to be done on the server side...
07:13 < ibennetch> In an ideal world, sure it would be great, but would require more control over the server than we can assume we have.
07:13 < Marc9> Issue is closed :)
07:13 < ibennetch> Now some old bugs
07:14 < ibennetch> 9673 is about revolking privileges
07:14 < Marc9> For a privileged user who lacks some privileges
07:15 < ibennetch> nijel's last comment is interesting. Just from that, I wonder if there is still some improvement we can make here.
07:16 -!- DevenB [73f91219@gateway/web/freenode/ip.115.249.18.25] has joined #phpmyadmin
07:16 < Marc9> Hi Deven
07:16 < ibennetch> The rest seems like something we could just document as Marc suggested
07:16 < DevenB> Hi Marc
07:16 < DevenB> Sorry for delay
07:16 < Marc9> ibennetch but this will need to be tested on new MySQL versions
07:17 < Marc9> Deven we are here https://wiki.phpmyadmin.net/pma/2016-01_Meeting#Old_bugs_-.3E_Known_limitations_.3F
07:17 < nijel> I'm not really sure here it's still causes problems with current MySQL servers...but as there was no activity since 2011 there, I think it's not really an issue these days
07:18 < Marc9> nijel so we better close it for now, it will resurface if needed
07:18 < ibennetch> Is there anything to document or is it no longer an issue at all?
07:19 < Marc9> Not sure
07:19 < ibennetch> Fine by me to close, we can move on to the "auto-redirect to login page after timeout"
07:19 < ibennetch> About the permissions, it's better to close due to no feedback than commit a wrong fix :)
07:21 < ibennetch> I think this could use some help.
07:21 < Marc9> Is everyone fine with documenting this as a known limitation?
07:21 < ibennetch> You mean the privilege question?
07:21 < Marc9> No, the auto-redirect to login page problem
07:21 < ibennetch> Oh, okay.
07:22 < ibennetch> My mistake
07:22 < Marc9> The priv one is closed
07:23 < ibennetch> There appear to be two problems here. First, the original poster is asking that the page stays where it is when a page times out.
07:23 < nijel> I think using AJAX to extend session validity is quite good idea, but still we want to logout inactive users after some time.
07:23 < Marc9> The one about timeout is related to my other question in this meeting, regarding LoginCookieValidity
07:23 < nijel> What I've seen on several pages is that just before the timeout would happen they interactively ask if user wants to continue in the current session and if he confirms that, the session is extended.
07:24 < Marc9> nijel if we extend we'll run into security problems (sessions kept open)
07:24 < Marc9> nijel your suggestion could work
07:24 < DevenB> I think that would be nice. To confirm before extending.
07:25 < nijel> This way the user data would not be lost, but we let expire unused sessions...
07:25 < Marc9> Another good student project :)
07:25 < Marc9> ?
07:25 < ibennetch> It seems reasonable to me to keep the session open until LoginCookieValidity is reached. I don't think we should extend it past that, and if the PHP gc_maxlifetime is less than LoginCookieValidity we should extend it by AJAX.
07:25 < Marc9> ibennetch we already have a function for that, I believe (done by Smita)
07:26 < Marc9> UpdateIdleTime()
07:26 < ibennetch> Which seems to me to be the proper solution.
07:26 < Marc9> but it does not ask for confirmation
07:27 < ibennetch> Okay, when we're approaching LoginCookieValidity we can prompt the user to extend their session. That seems reasonable.
07:27 < nijel> maybe the confirmation is not really needed if user is active (eg. editing SQL query for long time)...
07:27 < Marc9> nijel the function takes care of that, I think
07:27 < nijel> Marc9 great, didn't know that
07:28 < Marc9> (but this needs a confirmation from a js expert)
07:28 < ibennetch> Are we finished with this issue, then?
07:29 < Marc9> yes we leave it open
07:29 < nijel> yes
07:29 < Marc9> I changed its title
07:29 < DevenB> I agree.
07:29 < ibennetch> Great
07:29 < ibennetch> Next up is discussion of the unhex() in exports.
07:30 < Marc9> The question is to force unhex in all exports
07:31 < Marc9> I would prefer it being an option
07:32 < nijel> Having it as an option sounds okay, but I'd still keep it disabled by default
07:32 < DevenB> yes. an added option provided would be better instead of forcing it on all.
07:32 < Marc9> I agree
07:32 < ibennetch> That's what I was thinking.
07:32 < Marc9> forcing would make the exports very weird to read
07:32 < Marc9> (by a human)
07:33 < Marc9> and would provoke new issues opened
07:33 < ibennetch> True
07:33 < nijel> In SQL dumps I'd really try to behave same as mysqldump (as much as possible), which definitely doesn't do this
07:33 < Marc9> nijel very good point
07:33 < Marc9> nijel I'm not sure they even have an option for that
07:33 < nijel> (I don't think it even has that option...)
07:34 < nijel> from quick look it has only --hex-blob
07:34 < Marc9> nijel yes and it makes sense for BLOBs
07:34 < ibennetch> It seems we're decided on this.
07:35 < nijel> okay
07:35 < ibennetch> Next up, voting on the resignations.
07:35 < Marc9> issue updated
07:35 < nijel> no problem with accepting the resignations from me
07:35 < Marc9> I am in favor of both resignations
07:35 < ibennetch> It's always sad when members step down, but I agree to accept their resignations.
07:36 < DevenB> I am in favor of both too.
07:36 < nijel> ibennetch you really can not force them to stay  ;-)
07:36 < Marc9> or be active
07:36 < ibennetch> nijel: can you handle the details of contacting Conservancy and verifying they're removed from Github and the team mailing list, etc?
07:36 < nijel> ibennetch: okay will do so
07:37 < ibennetch> Good points nijel  and Marc9
07:37 < Marc9> they are already removed
07:38 < ibennetch> Next: suggested donation amount.
07:38 < Marc9> I wrote a long justification :)
07:38 < Marc9> May I add that this is in spirit of what Conservancy is trying to do
07:39 < ibennetch> Not a bad suggestion, as a user I do like having a suggested amount.
07:39 < Marc9> for their own donations
07:39 < Marc9> (seeking support from the general public)
07:39 < Marc9> If the suggestion is politely done, people should not feel hurt
07:40 < Marc9> (especially now that some of the donations directly go on development)
07:41 < Marc9> ok I stop talking :)
07:41 < nijel> I think it's good idea
07:42 < Marc9> DevenB udan11 feedback?
07:42 < ibennetch> It might be interesting to do some calculation of the dollar value in terms of code produced -- that way, the donation page could say something like "$100 - funds developer work for one day, providing an average of 10,000 lines of code and 50 bugfixes"
07:43 < Marc9> ibennetch not so sure about that. Remember what Atul said about keeping the spirit of volunteering ?
07:43 < ibennetch> Ah, that's a good point.
07:43 -!- DevenB_ [73f91219@gateway/web/freenode/ip.115.249.18.25] has joined #phpmyadmin
07:43 < Marc9> (but this is maybe another debate)
07:44 < Marc9> Hi DevenB_ we're talking about suggesting a donation
07:44 < ibennetch> You would just have a list of suggested donations and an area to enter their own donation amount. This is fine. Most non-profits I've seen use some similar means to suggest an amount.
07:44 < DevenB_> Yes. My internet connection is having some problem. Sorry.
07:44 -!- DevenB [73f91219@gateway/web/freenode/ip.115.249.18.25] has quit [Ping timeout: 252 seconds]
07:44 < Marc9> How about suggesting at download time?
07:45 < Marc9> (well, at the places I suggested on the wiki)
07:45 < DevenB_> From a user perspective, I like the idea of suggesting it on Donate page, but not sure on the Download page.
07:45 < Marc9> My point is explicitely to suggest on Download page and button
07:46 < nijel> I think that suggesting donation just after download is good idea
07:46 < DevenB_> Can be we can add it after he/she clicks the Download button.
07:46 < Marc9> DevenB_ do you feel we would press the user too much?
07:46 < DevenB_> yes. exactly. that was my point
07:46 < Marc9> That's why the wording is important,
07:46 < Marc9> and remember that most users do not download,
07:47 < Marc9> they just use it from a package and donate to their distro, if ever
07:47 < ibennetch> What about some text (either before of after downloading) saying "We hope you enjoy phpMyAdmin. Please consider donating to support our development." which would link to the donate page?
07:47 < Marc9> I like that
07:48 < ibennetch> Marc9 is correct, many users would be exposed due to XAMPP, WAMP, or their package manager.
07:48 < nijel> sounds okay
07:48 < DevenB_> This sounds good. :)
07:48 < ibennetch> But there's nothing to be done about those other download sources unless we put a "nag screen" in the main code itself, which I'm probably against.
07:49 < Marc9> nijel can you ask Conservancy if a choice of donate amounts makes sense?
07:49 < ibennetch> Then on the donation page itself we can have some suggested amounts.
07:49 -!- nickROMANCEr [~cRAn@103.242.190.130] has joined #phpmyadmin
07:49 < Marc9> I assume that the Paypal form permits a choice of amounts, and also to enter one
07:50 < Marc9> by the way, in the ledger I mostly see 10$ donations
07:50 < nijel> Marc9: I'm not sure it does, let me check on my paypal...
07:51 < Marc9> I would even suggest an amount like this:
07:52 < Marc9> We hope you enjoy phpMyAdmin. Please consider donating to support our development (suggested amount: 10 USD).
07:52 -!- cRAn [~cRAn@103.242.190.130] has quit [Ping timeout: 240 seconds]
07:52 < Marc9> Because if in the text there is no suggestion, it defeats my intention
07:52 < ibennetch> At least one organization I've seen has their own page where the user selects the amount (from a dropdown or by typing in an amount), then that page links to PayPal. It's a bit cumbersome, but maybe a PayPal limitation.
07:52 < ibennetch> Yes, Marc9 that is fine by me.
07:53 < DevenB_> That one looks good, Marc9.
07:53 < Marc9> nijel do you expect much work to update the site?
07:54 < ibennetch> 6 minutes remain with one topic to discuss.
07:54 < ibennetch> *one more*
07:54 < nijel> okay, PayPal allows either one fixed amount or user entered one, no choices or alternatives...
07:55 < Marc9> so, no choices but a suggestion in the text
07:55 < nijel> I think showing something after download should not be hard...
07:55 < Marc9> I am not ashamed of asking 10 USD in the text
07:56 < nijel> I'm fine with that
07:56 < Marc9> nijel, showing also after clicking on the download button?
07:57 < nijel> I can implement it if you wish, please add issue for that on website repo (you're way better in writing polite English than me)
07:57 < Marc9> will do
07:57 < ibennetch> Okay, let's wrap up discussion of this item and move on the the final one, okay?
07:57 < Marc9> but we'll use the text suggested by Isaac and amended by me
07:57 < Marc9> ok to move on
07:58 < Marc9> Is LoginCookieValidity still a good idea?
07:59 < Marc9> My belief is that removing that would leave workstations open to unauthorized usage
07:59 < ibennetch> I think so. We need a way to allow administrators to force a timeout.
07:59 < Marc9> https://docs.phpmyadmin.net/en/latest/config.html?highlight=logincookievalidity#cfg_LoginCookieValidity
07:59 < nijel> I also think having way to set timeout is needed, gc_maxlifetime doesn't guarantee much
08:00 < Marc9> nijel, also it's better to fine-tune the limit for phpMyAdmin instead of just relying to the PHP one
08:01 < Marc9> So I was right to suggest in the pull request the need to respect that directive?
08:01 < nijel> yes
08:01 < ibennetch> Yes
08:02 < DevenB_> yes
08:03 < Marc9> I think this concludes this point, but I have another short one :)
08:03 < ibennetch> I have a moment, go ahead.
08:03 < Marc9> I need testers to reproduce that: https://github.com/phpmyadmin/phpmyadmin/issues/11849
08:04 < Marc9> because it would be a show stopper for 4.6.0
08:04 < Marc9> it's easy to try and I would appreciate confirmations
08:04 < Marc9> I have a hard time bisecting that one
08:04 < Marc9> dates back to September 2015
08:05 < Marc9> thanks in advance
08:05 < nijel> Marc9: I will look at it (probably tomorrow)
08:05 < Marc9> ok
08:06 < ibennetch> Thanks to everyone for attending.
08:06 < Marc9> yeah it was productive!
08:08 < nijel> thanks, and see you next month :-)
08:08 < DevenB_> Bye everyone :)
08:09 < Marc9> Bye!
08:09 < ibennetch> I'll post the log later today. Bye