W3C home > Mailing lists > Public > public-council@w3.org > July 2011

Re: W3C Community Site Issues

From: Ian Jacobs <ij@w3.org>
Date: Thu, 14 Jul 2011 15:00:36 -0500
Cc: Community Council <public-council@w3.org>, David Lehn <dlehn@digitalbazaar.com>
Message-Id: <2A6D7FD7-87B0-43C0-BF90-1F28FD60E042@w3.org>
To: Manu Sporny <msporny@digitalbazaar.com>

On 14 Jul 2011, at 2:11 PM, Manu Sporny wrote:

> Provided below are a list of issues that Dave Lehn collected during the
> the course of having a few Digital Bazaar engineers sign up to the Web
> Payments Community Group in early July. Apologies if some of these bugs
> have already been fixed. I'm cc'ing Dave Lehn so that he may provide
> more feedback if necessary.

Hi Manu,

Thanks to you and Dave for writing these up!

> 
> ---------------------
> 
> Users get an email with a temporary password but after updating the
> password the new password gets sent back to user over unencrypted email
> in clear text! (CRITICAL)
> 
> Suggested changes: Passwords should never be stored or sent over
> email in clear text.

Yes. Already on the todo list.

> 
> ---------------------
> 
> HTTPS not used even on login pages. (IMPORTANT)
> 
> Suggested changes: Please ensure that login pages force HTTPS mode.

Added to todo list.

> 
> ---------------------
> 
> Dave Longley joined the web payments group and I (David Lehn) was
> ejected from the group at the same time he was added?! (CRITICAL)
> 
> Suggested changes: Ensure that people joining/leaving a group has
> minimal impact on the rest of the people in the group.

I have no idea why one person joining would affect another. My only suspicion is that this is a coincidence and tied to delays between joining and our ldap information being updated.

I agree: The delay must be fixed/reduced. 

> 
> ---------------------
> 
> Constant browser auth popup though you can usually cancel and still
> browse around.

I think we fixed that this morning; there was a resource that was not public that now is. Can you reconfirm?

> 
> 
> Suggested changes: Remove Basic Auth support - tie W3C's authentication
> system into the WordPress platform, if possible.

Yes, that's already on the todo list. We started dissecting the WP cookie but vacations have interrupted that work. I expect it to resume as of 20 July.

> 
> ---------------------
> 
> Website requires both wordpress and basic auth logins to function
> properly.
> 
> Suggested changes: Would be better if it was just one login through the
> WordPress platform.

Agreed; see above. 

> 
> ---------------------
> 
> Long delay between creating account and getting email response.
> 
> Suggested changes: Feedback on creating an account, joining and leaving
> groups needs to be immediate.

We are working to decrease that delay. (This delay, IMO, is the culprit for a number of issues.)

> 
> ---------------------
> 
> When you join a group you get a confirmation message send to various
> w3 people with subject "Digital Bazaar, Inc. has joined the Web
> Payments Community Group" that starts with "Digital Bazaar, Inc.
> joined the Web Payments Community Group as representative of Digital
> Bazaar, Inc.".
> 
> Suggested changes: Looks like template errors in subject and content
> where the company name is used where it should be a user name.

Indeed. I will ask Dom to help fix that.

> 
> ---------------------
> 
> We accidentally created "Digital Bazaar, Inc." and "Digital Bazaar"
> because a number of engineers were asked to join, they did so, but
> without coordinating with one another (which will most likely happen
> elsewhere as well). There needs to be some way to merge or change
> companies when this happens.

Agreed. I think the answer is "tell us on site-comments." at least for now. 

Which one do you want, btw? (with Inc or without?)

> 
> Newly created companies need to show up immediately in the list of
> companies to choose from

Added to the todo list.

> so multiple people don't create the same
> ones. (There's a race condition here so changing and deleting
> companies features are needed too.)

I am not sure we will provide editing capabilities via a UI for companies added to the system. 

> 
> Mike Johnson had to leave the group before he could join the group.
> (?!) Page only had leave group form. He agreed to leave. Then he got
> join form and could join.

I think this is related to the delay issue.

> 
> ---------------------
> 
> Web content issues:
> 
> http://www.w3.org/community/webpayments/participants
> Link to reports is bogus with "@@" in the URL.

Right. That means "This will be filled in later."

> 
> http://www.w3.org/community/reports/
> Obviously has bogus test data on it.

Will be filled in later.

> 
> http://www.w3.org/2000/09/dbwg/details?group=47952

How did you get to that page?

> 
> Don't have consistent companies and links for everyone.

Please provide more detail on what you are observing on that page...


> 
> Regular group members are "Invited experts"?

Since we don't expect people to get to this page, it may not be that important.

> 
> Can get the "blue screen" version if you logged in with basic auth on
> another page (like your account page). But can't edit anything without
> a new auth request that doesn't accept same user/pw.  In any case, can
> get through to see phone numbers, skype names, etc.

I don't think that page will be visible to people.

> 
> http://www.w3.org/Systems/db/userInfo
> 
> (minor) Doesn't handle back navigation between tabs properly (hash
> changes but content doesn't update).
> 
> http://www.w3.org/community/webpayments/join
> Link to unknown page for changing representative:
> http://www.w3.org/community/webpayments/change

I believe we've fixed that. Please confirm.

> 
> Top says "Your organization is participating in group and you can
> resign using this form..." even though there is no resign option. Next
> paragraph starts talking about how to join.

Probably fixed. Please try again

> 
> Missing a space after period after policies link.

Fixed

> 
> Text or layout needs to be fixed so that both options make sense.  The
> initial "I, David Lehn, ..." part will flow into the first option but
> the second option starts with a new sentence.

Yes. FIxed.

> 
> The older participant list had pic links to "/" and company links for
> some people to "#". I think this was partly fixed by just totally
> removing links. Would be nice to put back company links and a personal
> link.

Fixed for now. We hope to add individual pages (but not at launch).

> 
> -------------------------------------------------------------------
> 
> -- manu
> 
> -- 
> Manu Sporny (skype: msporny, twitter: manusporny)
> President/CEO - Digital Bazaar, Inc.
> blog: PaySwarm Developer Tools and Demo Released
> http://digitalbazaar.com/2011/05/05/payswarm-sandbox/
> 
> 

--
Ian Jacobs (ij@w3.org)    http://www.w3.org/People/Jacobs/
Tel:                                      +1 718 260 9447
Received on Thursday, 14 July 2011 20:00:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:16:34 UTC