- Fixed an issue with task queue tasks not running on the dev_appserver whenusing Python 2.6.
+1
--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
+12010/10/6 Greg <g.fa...@gmail.com>
--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
> --
> You received this message because you are subscribed to the Google Groups "Google App Engine" group.
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
Make it optional - default to on is ok. As long as it can be disabled.
+1
No download was a feature. AND it helped people with poor practices
learn the value of version control. :)
I'm an advocate of "NO Download allowed".
But in case it will be allowed make it OFF by default. You MUST turn
it ON in your app.yaml. This way the behavior is compatible with
previous versions. And there is no action needed by the people who
don't want it. There is always a gap between the time you roll it out
and you announce the availability of a new release on the production
servers. During this time it would be possible to download the source
code if you tried regularly.
And I could be away at the moment of the announcement and leave a door
wide open for quite some time.
2010/10/6 alf <alber...@gmail.com>:
- The developer who uploaded an app version can download that version's code
using the appcfg.py download_app command. You can use this to download both
Python and Java application code.
I agree with Geoffrey, the balance is right if you have to have this
feature. But, personally I would just prefer either not having this
option OR just make it something that must be enabled. For me this
feature creates questions that do not exist now. And, yes I know that
if Appstats enabled you can sit there and browse through the code.
Not being able to _easily_ download the code is like a door-lock, it
keeps the honest people honest.
Robert
1) Malicious user gets your pw
2) Malicious user downloads your existing codebase
3) Malicious user makes subtle change - say, funneling sensitive data
to external site
4) Malicious user uploads this over running version
This would be almost impossible to detect. At least with the source
code separate, a malicious hacker has to either 1) re-implement enough
of the site to make it convincing, or 2) figure out the actual code
repository and credentials separately.
Honestly, I think this code download idea is unwise. Yes, it will
quiet down all the clueless folks that didn't back up their code, but
let's be realistic - these are not people who are serious about
software development and they are unlikely to be the ones building
apps that will ultimately generate revenue for appengine. GAE is not
google sites, you don't need to cater to the idiot 20%.
Jeff
You should learn about mercurial, git, or subversion.
http://bitbucket.org/
http://github.com/
Robert
Does it really help to make it configurable? Once the account is
compromised, an attacker could easily opt-in and steal the code.
--
On Wed, Oct 6, 2010 at 5:48 PM, Greg <g.fa...@gmail.com> wrote:
> On Oct 6, 1:28 pm, "Ikai Lan (Google)" <ikai.l+gro...@google.com>
> wrote:
>> - The developer who uploaded an app version can download that version's code
>> using the appcfg.py download_app command.
>
> I'm not at all happy about this. I know how frequent plaintive "I lost
> my code how can I get it back?" messages are in this group, but the
> write-only nature of appengine gave me a lot of confidence that our
> source code is safe. Now a single password is all that stands between
> our competitors and our IP.
>
> Why expose ALL users to risk (and open Google to lawsuits) for the
> sake of a few inexperienced developers? Star this post if you agree.
>
> I guess one solution would be to make downloading optional. A setting
> to disable source downloading in app.yaml would be safe, because
> uploading a new version would destroy the existing code.
>
> Greg.
>
> --
> You received this message because you are subscribed to the Google Groups "Google App Engine" group.
> To post to this group, send email to google-a...@googlegroups.com.
> To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
>
>
--
edel