[MLB-WIRELESS] Authority to change website question sparked by SSL debate

Steven Haigh netwiz at crc.id.au
Mon Jul 30 10:47:01 EST 2012

Hi Mike,

I kind of agree with you here - but I'm mainly focussing on the 
processes we should be following at this point. Obviously, people had 
issues with moving to SSL only. While I don't quite understand the 
reasoning, they are entitled to have an issue with it and we'll find a 
compromise somewhere.

What I believe is worthwhile now is to try and at least figure out the 
least objectionable path we take when making changes to the site. Sadly, 
the coders at wireless.org.au mailing list has been deadly quiet - with 
nobody looking at reviewing code changes or even offering insight. In my 
mind, this means it is broken and we need to agree on another way to 
make things work.

I do know of people that have submitted changes to the site only for the 
changes to be ignored and left in limbo with no outcome. This also makes 
me think the current process is broken.

After a week of no reply from anyone, there are still the following 
things to be done/implemented:

1) Figure out where we want to use SSL. Make sure SSL stuff stays secure 
and you don't get dropped to non-SSL anywhere. Actually make the 
changes. I have already made the mapping stuff work over SSL.

2) We need to move from the Google Maps API v2 to v3. We have 11 months 
to do this before the Google Maps integration stops completely as Google 
turn off v2 API access.

3) Figure out how we are going to utilise external help on making 
changes / updates to the site and how we approve / review / accept 
changes. It has to actually work.

Steven Haigh

Email: netwiz at crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299

On 30/07/2012 10:23 AM, Mike Everest wrote:
> In the past, the way I have obtained authority to do anything is to write this sort of message to the official lists:
> "Unless anyone objects, I propose that I will do <statement of intent>"
> Then if(/when) someone objects, modify the statement of intent and post again ;-)
> Regarding the web site, consensus seems (to me) that it is sensible to redirect only the login page to https - assuming that after logon, ssl continues (I can't think of any reason why it wouldn't) then the job is done.
> I suspect that the pages with embedded maps will probably complain about secure+insecure items, but that is not too hard to fix (I suspect)
> Cheers!
> -----Original Message-----
> From: melbwireless-bounces at lists.wireless.org.au [mailto:melbwireless-bounces at lists.wireless.org.au] On Behalf Of Steven Haigh
> Sent: Monday, 30 July 2012 10:03 AM
> To: coders at melbournewireless.org.au
> Cc: committee at melbournewireless.org.au; melbwireless at lists.wireless.org.au
> Subject: Re: [MLB-WIRELESS] Authority to change website question sparked by SSL debate
> Ok, so its been a week since any kind of input / reply from anyone on either the coders or committee mailing lists regarding this. Throwing it open to public debate and/or ideas.
> --
> Steven Haigh
> Email: netwiz at crc.id.au
> Web: http://www.crc.id.au
> Phone: (03) 9001 6090 - 0412 935 897
> Fax: (03) 8338 0299
> On 23/07/2012 8:13 PM, Steven Haigh wrote:
>> Hi Russell,
>> You hit the nail on the head here. There is no method that has been
>> established for any kind of approval / discussion process. In the
>> past, its been a case of just do it.
>> It has mainly been a do, test, communicate - which is what I still
>> followed. If this should change, then we need a way to actually
>> communicate it with people and also ensure communication doesn't
>> disappear into the black hole as has been the tendency.
>> At the moment, we still need to move the Google Maps API from v2 to v3
>> at some point, but everyone has been normally quiet on this one.
>> So, what do the fellows on these two lists suggest?
>> --
>> Steven Haigh
>> Email: netwiz at crc.id.au
>> Web: http://www.crc.id.au
>> Phone: (03) 9001 6090 - 0412 935 897
>> Fax: (03) 8338 0299
>> On 23/07/2012 7:27 PM, Russell Smith wrote:
>>> Hi,
>>> I don't wish to directly enter into the SSL debate here.  But Tyson
>>> and Steve's exchange below does highlight something I've had a
>>> question about for a while.  What and where does authority lie to
>>> actually change the website?  Following that, how do you interact
>>> with that process so decisions can be timely and reach an agreement.
>>> For example, a committee meeting that makes the call and it's done.
>>> But then there are technical changes as well that the committee don't
>>> have a direct interest in.
>>> I made substantial changes to the website structure and code and
>>> proposed it be reviewed, but I've seen nothing come of that.  Who
>>> would authorize the 'new' code to be used?  I've applied bug fixes as
>>> directed by committee/exec which is fine and would seem to follow and
>>> reasonable protocol.  I've also thought about doing exactly what
>>> Steve did here and directing all of the domain names to a single one.
>>> But who chooses which one? How do you get an authoritative answer
>>> that must be accepted by all?  Obviously Steve chose the right one as
>>> nobody complained about that!
>>> Which returning to the SSL debate in a less public way, should this
>>> be added to the agenda for a committee meeting, discussed and either
>>> approved or rejected.  Then we move on?  It would seem a clearer
>>> approach than emails expressing individual views.  If people feel
>>> strongly, they should make a submission to the committee as part of
>>> the process.  If that is reasonable should it be proposed for other
>>> website works as the way forward?
>>> Thanks
>>> Russell
>>> On 23/07/12 07:39, Steven Haigh wrote:
>>>>> You acted without authority by prematurely making the switch in
>>>>> spite what was said by our elected President.
>>>> I think the time frame is a little out there. I enabled SSL, tested
>>>> it over several days, then added the redirect. It was only when I
>>>> emailed the coders list that anyone even noticed the change had been
>>>> made. The discussion between myself and Tyson took place AFTER
>>>> everything was already functional. I have never been aware of any
>>>> other process we have used for web development - including changes
>>>> to the operational aspects of the web site.

More information about the Melbwireless mailing list