#musicbrainz

that'll do you a lot of good

this hadn't given any warning. It was a secondary drive in one of my spare boxes and I thought - ah, I'll make it primary, reinstall and let my nephew have the machine

that's no fun

luks: when you add your login to the CC in Trac does it send you an email on changes?

sounds like there probably wasn't anything very important on it, though right?

reinstalling stuff is a pain in the ass, though

wolfsong_: yes, it sends you emails if you are in CC, or you are reporter or owner of the ticket

Ok, seems like unsubscribing old address and moving new subscription to it did work. I thought mailman could complain on move, because that old address already registered for other lists.

i've never gotten one

where can i check the email? My Account just lets me change my pwd

ojnkpjg: fortunately nothing important on the drive. It's just inconvenient and means I'll need another drive before I can let him have the machine

wolfsong_: http://test.musicbrainz.org/trac/settings :)

hm, right, you don't have any email set there

i think i've reinstalled windows at least 6 times for my mother

the box is used a lot for word processing and internet, but they don't have the admin password

i took admin away until they started calling me up and bothering me to install things

no problems so far, no re-installs, no viruses etc :-)

i guess i can't have it both ways

thanks

luks: so why should 1029 be a style issue?

read the lengthy discussion in mb-style

"Release Country ReQUEST"

but my request really isn't tied to that

it's more about capturing the year not which country

it was something wrong with the mail server i guess

ah, ok

because i didn't get eny email either

and i usually get email on *all* trac changes :)

that thread seems to be about to EU or not to EU

but now it works again?

yes

k

oh, wolfsong, please use #XXXX for linking to other tickets

ok

Shepard` is now known as Shepard

FF is hateful

agreed

do you mean firefox?

okay, there is really somthing wrong. i've changed http://test.musicbrainz.org/trac/ticket/1029 and still no email

it crashes on my desktop box every time i try to save anything

works fine on windows

i think debian broke it

luks: try logging into test, maybe the mails are in the mail queue

yep

luks: it takes quite some time for trac mail to arrive

actually no, IME, they arrive very quickly

yes, the ones I received last week arrived almost immediately

ususally i click 'Submit' and after few seconds i have a new email

http://musicbrainz.org/showmod.html?modid=4229119 multi

it seems to be the trac issue :/

so the mail server isn't sitting on a pile of mails?

nope, they are not in queue

:-(

not even in logs

it seems to be specific for that one ticket

oh? for others mail is sent?

yes

did you try to reset the cc line? maybe there's something in there the parser doesn't like

but it should at least send a mail to wolfsong anyway

hmm, yes

bleh

time to enable trac's debug log

nice "07:01:43 Trac[web_ui] ERROR: Failure sending notification on change to ticket #1029: ..."

a variation of http://projects.edgewall.com/trac/ticket/1538

:/

Those japanese guys kill me with name changes. Say, what do you people think, what's best way to deal with case when signer changes her name by just one kanji, leaving same reading. Two entries for both names? Link them with some AR or what?

luks: so, does anyone have a blank email address set?

it's not me :-)

yes, probably

"Opened 9 months ago". yay

It'd be good to have separate entries for all those linked with some kind of "changed name to" AR that would link them in single discography. And ability to see entire such discography on MB's site, of course.

Would help a lot in cases of slight name changes, but remaining same "persona".

bye!

awww, this code is so broken :/

someone did not read the 'fragile' note on the box

'select whatever from wherever where str = %s' % (value)

is that actually in there?

yes

they're filtering the strings manually though

but of course, they forgot one, so they had an sql injection leak

probably more than one

almost 200 vulnerable trac installs are still out there

yup

just one found so far :/

hmm, i think they only use 'select whatever from wherever where str = %s', (value)

which escapes the strings

in this case, the db driver would do the filtering, but IIRC that's not how they do it

oh, it's mixed. sometimes they do, sometimes not :-)

:)

% (by, by))

haha

"WHERE milestone=%s ORDER BY value", (field, milestone))

they sound like a bunch of muppets

seems there was someone with a clue

one clue maybe

their design looks nice, but apparently they have some weak programmers

yep

this is trac code?

yup

better keep it on a DB on its own :-)

i can't believe this is really in their code:

cursor.execute("SELECT DISTINCT author,ticket FROM ticket_change "

"WHERE ticket=%s", (tktid,))

for author,ticket in cursor:

recipients.append(row[0])

notice the 'row' variable

hmmm.

is there any validation on that?

it's from previous block of code

validation on what?

the cursor.execute() is safe

the variables

the DB driver is used to expand the %s, not the python string interpolation (this time)

ah

form input

"from previous block of code"

Okay, there's the usual "submitting an album that's already listed"-types... and now I got one that *knew* the album existed because they submitted an edit for it, then submitted an Add Album for said album only a few minutes after editing the current listing..

hehe

there's a lot of sprintf and str{cpy,cat} in the musicbrainz libs, to be fair, though :P

not sure it's all safe

yup

fortunately, the MB server doesn't attack clients

YET.

unlike evil people on the internet, having access to trac

:-))

i'm more worried about possible malicious metadata in files

in tp

er, for tp

but i haven't looked closely at any of it

or even briefly, i just sort of skimmed

there are in fact a few strcpy()s in mb_client

"\"openURL(file://%s,new-window)\"");

stuff like this is no problem