ayoungethan
commented
9 years ago assign ethan admin privileges
Closed ayoungethan closed 9 years ago
ayoungethan
commented
9 years ago assign ethan admin privileges
ayoungethan
commented
9 years ago I'll check the backend for common plugins
ayoungethan
commented
9 years ago @guising some questions for you:
guising
commented
9 years ago * Backup is not needed. I have a script that does that without any problem. The main thing we need is a place to keep the backup(s), which I typically keep on my development workstation. That's secure enough unless both the website and my home server crash at the same time. * I installed buddypress at first but it had some side-effects I didn't like. At the moment, I don't remember what they were, but I can explore that again. The groups plugin gives some features that I was hoping buddypress would provide but did not. However, groups does not provide some of the things buddypress does. This will require more investigation. \ Not sure about the single sign-in for a couple reasons. It seems like a security vulnerability and it doesn't seem necessary -- but I'm willing to being persuaded. I would want to go with an "open" system like OpenID... not sure if that's the same as Auth0 or what.
ayoungethan
commented
9 years ago Reply inline
On Sun, Nov 30, 2014 at 5:36 PM, Roy Guisinger notifications@github.com wrote:
\ Backup is not needed. I have a script that does that without any problem. The main thing we need is a place to keep the backup(s), which I typically keep on my development workstation. That's secure enough unless both the website and my home server crash at the same time.
Agreed. I'm thinking about outsourcing the backup, if possible, to a user-manageable environment in conjunction with using wordpress.org as the food hub CMS. Basically, one less thing for you (or any developer) to worry about, especially if we'll be supporting a wordpress-based food hub platform overall. Then the backup script can serve as a backup (meta backup, haha?) if for some reason the plugin fails, but in the mean time, it becomes a user responsibility instead of a developer responsibility, but with a much more accessible front-end that increases the number of people able to manage it. That's a huge part of the idea behind CMS, anyway -- to shift more responsibility onto the site user-administrator and focus the responsibilities of the developer on actual development vs maintenance work. Not just "teaching users to fish" but making it easier for anyone to go fishing in the process.
\ I installed buddypress at first but it had some side-effects I didn't like. At the moment, I don't remember what they were, but I can explore that again. The groups plugin gives some features that I was hoping buddypress would provide but did not. However, groups does not provide some of the things buddypress does. This will require more investigation.
Yes, would love to know. buddypress looks very interesting and potentially very useful much beyond the groups plugin. I see them having very different roles, esp. with the docs plugin to provide a shared open-source workspace w/o people having to learn a technical wiki markup language. I think fundamentally
\ Not sure about the single sign-in for a couple reasons. It seems like a security vulnerability and it doesn't seem necessary -- but I'm willing to being persuaded. I would want to go with an "open" system like OpenID... not sure if that's the same as Auth0 or what.
Good point. My assumption about human behavior is it would be nice if people only had to login once to complete their transactions, and it would increase the # of sales. I think it has the potential to be a security vulnerability, but not necessarily. If it currently takes customers two logins to complete a transaction (login to food hub, then login to payment gateway), I think it's well-worth looking into a way to authenticate to the foodhub, dwolla and paypal all at the same time -- I think it would add a TON of value to the software. I mean direct translation to $$ value -- more sales.
It looks like OpenID had a fundamentally-different way of operating than OAuth, but both are open standards. Moreover, the latest version of OpenID actually sits on top of OAuth: https://en.wikipedia.org/wiki/OpenID#OpenID_vs._pseudo-authentication_using_OAuth
thoughts?
— Reply to this email directly or view it on GitHub https://github.com/openfoodsource/OFS_federation/issues/9#issuecomment-65011222 .
guising
commented
9 years ago On 12/02/2014 09:03 AM, ethan young wrote:
Reply inline
On Sun, Nov 30, 2014 at 5:36 PM, Roy Guisinger notifications@github.com wrote:
\ Backup is not needed. I have a script that does that without any problem. The main thing we need is a place to keep the backup(s), which I typically keep on my development workstation. That's secure enough unless both the website and my home server crash at the same time.
Agreed. I'm thinking about outsourcing the backup, if possible, to a user-manageable environment in conjunction with using wordpress.org as the food hub CMS. Basically, one less thing for you (or any developer) to worry about, especially if we'll be supporting a wordpress-based food hub platform overall. Then the backup script can serve as a backup (meta backup, haha?) if for some reason the plugin fails, but in the mean time, it becomes a user responsibility instead of a developer responsibility, but with a much more accessible front-end that increases the number of people able to manage it. That's a huge part of the idea behind CMS, anyway -- to shift more responsibility onto the site user-administrator and focus the responsibilities of the developer on actual development vs maintenance work. Not just "teaching users to fish" but making it easier for anyone to go fishing in the process.
In this, and other topics, we are running into possible confusion. I was talking about the openfoodsource.org parent website rather than any individually hosted OFS software site. The same general ideas apply, but we need to be careful to clarify the target of our discussion. There is some work already partly done to configure for backups on the OFS software, but it is not complete since it is most often handled by other methods -- since most hosting companies handle backups. I don't think this will make it into any near-upcoming versions.
\ I installed buddypress at first but it had some side-effects I didn't like. At the moment, I don't remember what they were, but I can explore that again. The groups plugin gives some features that I was hoping buddypress would provide but did not. However, groups does not provide some of the things buddypress does. This will require more investigation.
Yes, would love to know. buddypress looks very interesting and potentially very useful much beyond the groups plugin. I see them having very different roles, esp. with the docs plugin to provide a shared open-source workspace w/o people having to learn a technical wiki markup language. I think fundamentally
I infer we are talking about openfoodsource.org for this topic since that is where collaboration would be happening. Could create an issue around this on the OFS federation trunk, since that's really where revisions to the openfoodsource.org website itself should be handled. I think the OFS_trunk should be used just for software changes, updates, and issues. So this would be a good "issue" on OFS_federation for further investigation.
\ Not sure about the single sign-in for a couple reasons. It seems like a security vulnerability and it doesn't seem necessary -- but I'm willing to being persuaded. I would want to go with an "open" system like OpenID... not sure if that's the same as Auth0 or what.
Good point. My assumption about human behavior is it would be nice if people only had to login once to complete their transactions, and it would increase the # of sales. I think it has the potential to be a security vulnerability, but not necessarily. If it currently takes customers two logins to complete a transaction (login to food hub, then login to payment gateway), I think it's well-worth looking into a way to authenticate to the foodhub, dwolla and paypal all at the same time -- I think it would add a TON of value to the software. I mean direct translation to $$ value -- more sales.
It looks like OpenID had a fundamentally-different way of operating than OAuth, but both are open standards. Moreover, the latest version of OpenID actually sits on top of OAuth: https://en.wikipedia.org/wiki/OpenID#OpenID_vs._pseudo-authentication_using_OAuth
Here again, I thought the question was about OFS_federation (openfoodsource.org) but now I think you're talking about the OFS_software? I don't mind assigning it as an "issue", but it won't be a high priority for a while. There are too many other things waiting in the wings first. I have been reluctant to put the entire development list on the site yet because that's an awful lot of cans to keep kicking down the road. Ten or twenty seem manageable, but a hundred or more, less so. Not sure about a solution to this.
guising
commented
9 years ago OFS is currently converted to Wordpress back-end, so this action is completed. As additional changes are desired, new issues can be opened for them.
w/common WP plugins (https://wordpress.org/plugins/browse/popular/)