launchpad-dev team mailing list archive
-
launchpad-dev team
-
Mailing list archive
-
Message #06657
Re: Packaging permissions redux
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11-03-08 10:30 AM, Deryck Hodge wrote:
> I'm wondering if we're not overstating the danger here. Maybe not,
> but let's think this through fully first.
>
> In order to overwrite translations, we need a packaging link +
> translations enabled upstream + a potemplate with the same name on
> both sides. Given this, are we really in much danger? Or am I
> misunderstanding how this works or the danger?
We are already presuming the packaging link. And our UI will encourage
enabling translations.
Can the filenames be the same? Yes. AIUI, there are two main cases:
1. the template is named "messages.pot". This is often the case for
projects that have just started using translations.
2. a package and project $foo could have different software, but both
contain $foo.pot. AIUI, using the name $foo.pot is a best practise. In
this case, I believe Launchpad would *recommend* creating the bogus
packaging link.
I don't want to overstate the danger. I think that bogus packagings
will waste cycles, and can lose origin information, but I don't see us
losing anything critical. We will certainly not lose any approved
translations on either side.
> I recognize people set bad links regularly, but do we really think
> these 3 conditions will likely be set incorrectly as well?
So "people set bad links regularly" means we have the first part
"packaging link", regularly. The second part "translations enabled
upstream" should be common if the feature we're working on is
successful. In the absence of hard data, the last part, "a potemplate
with the same name on both sides" seems rare, but not so rare that we
should ignore it. If necessary, we could query the database to find out
more.
Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk12WYYACgkQ0F+nu1YWqI1aHwCePP+yGI9h8L9z7TLjhFD4AZml
VtEAnRL3+KHbjrUnnUGEvX3UDlAP5VnQ
=+G3I
-----END PGP SIGNATURE-----
Follow ups
References