Unity

[FFe] [MIR] unity-lens-photos in quantal

Bug #1044447 reported by Michael Terry
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Unity
Fix Released
Undecided
Unassigned
python-oauthlib (Ubuntu)
Fix Released
Undecided
Unassigned
unity (Ubuntu)
Fix Released
Undecided
Unassigned
unity-lens-photos (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

This bug is split off from MIR bug 1029549 (about online-accounts and friends).

The security review revealed two blockers:

* Flickr needs to use the secure API
* Can't embed oauth2.py

I'll leave aside the Flickr issue for now, since that is an upstream bug fix issue.

For oauth2... We have two modules in Ubuntu: python-oauthlib (main, python2-only, unclear oauth2 support) and python-oauth2 (universe, python2-only)

We also have several ways to move forward:
1) Port python-oauthlib to python3; update it to its latest release, which claims oauth2 support; and port unity-lens-photos to oauthlib instead of oauth2.
2) Port python-oauth2 to python3; promote it to main.
3) Port unity-lens-photos to python2 and oauthlib; port it back to python3 for 13.04

I view #1 as the Long Term Right Way and #2 and #3 as viable Short Cut Ways if the release team prefers those for expediency's sake.

Tags: ffe

Related branches

lp://staging/~mterry/unity-lens-photos/oauthlib
David Callé (community): Approve
Diff: 988 lines (+20/-904)
5 files modified
MANIFEST.in (+0/-2)
setup.py (+0/-2)
src/flickr_scope.py (+20/-18)
src/oauth2.py (+0/-864)
src/oauth2_version.py (+0/-18)
lp://staging/ubuntu/quantal/python-oauthlib
lp://staging/ubuntu/quantal/unity
lp://staging/~ken-vandine/unity/social_preview_quantal
Revision history for this message
Michael Terry (mterry) wrote :

To be clear, I'm starting down the path of #1 until told otherwise.

Revision history for this message
David Callé (davidc3) wrote :

While this is not the main point of the MIR, the secure API issue has been fixed upstream.

There is a fourth (last resort) solution: removing Flickr support from the distro package. It is the only scope of the lens that needs oauth2. Shotwell, Facebook, Picasa/Google+ support won't be affected.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I think is would be an exceedingly simple fix to use flickr's secure api. Online accounts was updated for it in bug #1037169 with I think only a URL change.

Revision history for this message
Michael Terry (mterry) wrote :

Regarding oauth2 support, it looks like option #1 is preferred:
<Laney> mterry: #1 sounds fine, as long as you don't expect it for B1 :-)

Revision history for this message
Michael Terry (mterry) wrote :

A version of oauthlib with OAuth2 and Python3 support is in https://launchpad.net/~mterry/+archive/ppa

Now I just need to package the latest version of the lens in the same PPA and port it to use -oauthlib instead of -oauth2.

Revision history for this message
Michael Terry (mterry) wrote : Re: [FFe, MIR] unity-lens-photos in quantal

OK, I have a branch to port to oauthlib here: https://code.launchpad.net/~mterry/unity-lens-photos/oauthlib/+merge/122738 Once it is merged into trunk, David will make a new upstream release, I'll package it up, and report back here, asking for the final FFe.

Note that we don't actually need OAuth2 support like I thought. Flickr only uses OAuth1. I was confused by the awful name python-oauth2, which is the *successor* to python-oauth. :-/

So while we don't technically need the oauthlib update to 0.3.0, my Python3 patch is against that version and I've already packaged it up, so I'd just as soon update the version anyway.

summary: - [FFe, MIR] unity-lens-photo in quantal
+ [FFe, MIR] unity-lens-photos in quantal
Revision history for this message
Michael Terry (mterry) wrote :

OK, my PPA https://launchpad.net/~mterry/+archive/ppa now has an updated python-oauthlib and unity-lens-photos. This should meet the requirements of the MIR review.

Now, all that remains is FFe signoff. Note specifically the features on offer in these uploads:

* oauthlib update from 1.1.3 to 0.3.0
 - Adds support for OAuth2
 - Adds support for Python3 via distro patch (sent upstream, but not landed yet)

* unity-lens-photos update from 0.2.1 to 0.4
 - Adds support for Picasa (which has its own FFe bug 1043217 actually)
 - Switches from embedded oauth2.py to python3-oauthlib

Revision history for this message
Michael Terry (mterry) wrote :

(and I left off the main feature here, enabling the photos lens by default)

Revision history for this message
Kate Stewart (kate.stewart) wrote :

Approved as long as can be incorporated by 9/11. Please send email to ubuntu-doc and ubuntu-translators team letting the them know the details of this change (include screen shots please).

Michael Terry (mterry)
summary: - [FFe, MIR] unity-lens-photos in quantal
+ [FFe] [MIR] unity-lens-photos in quantal
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-oauthlib - 0.3.0-0ubuntu1

---------------
python-oauthlib (0.3.0-0ubuntu1) quantal; urgency=low

  * New upstream release (FFe LP: #1044447)
    - Adds OAuth2 support
  * debian/patches/02_python3.patch:
    - Support Python3
  * debian/control, debian/rules:
    - Add python3-oauthlib
 -- Michael Terry <email address hidden> Fri, 31 Aug 2012 12:15:31 -0400

Changed in python-oauthlib (Ubuntu):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity-lens-photos - 0.4-0ubuntu1

---------------
unity-lens-photos (0.4-0ubuntu1) quantal; urgency=low

  * New upstream release (FFe LP: #1044447)
    - Adds Picasa support
  * debian/control:
    - Add Depends on gir1.2-gdata-0.0 and python3-oauthlib
  * debian/patches/signond_application.patch,
    debian/patches/new_shotwell_location.patch:
    - Dropped, applied upstream
  * debian/patches/dont_require_unreleased_unity.patch:
    - Refreshed
 -- Michael Terry <email address hidden> Tue, 04 Sep 2012 16:48:32 -0400

Changed in unity-lens-photos (Ubuntu):
status: New → Fix Released
Revision history for this message
Michael Terry (mterry) wrote :

Setting unity-lens-photos back to Fix Committed for the MIR portion of this bug, as it's not yet in main. (sorry for overloading)

Changed in unity-lens-photos (Ubuntu):
status: Fix Released → Fix Committed
Revision history for this message
David Callé (davidc3) wrote :

Thanks Kate, a message has been sent to both lists.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 6.4.0-0ubuntu5

---------------
unity (6.4.0-0ubuntu5) quantal; urgency=low

  [ Sebastien Bacher ]
  * debian/control: updated some build-depends

  [ Michael Terry ]
  * debian/control: Recommend unity-lens-photos (FFe LP: #1044447)
 -- Michael Terry <email address hidden> Fri, 07 Sep 2012 11:59:14 -0400

Changed in unity (Ubuntu):
status: New → Fix Released
Revision history for this message
Matthias Klose (doko) wrote :

Override component to main
unity-lens-photos 0.4-0ubuntu2 in quantal: universe/gnome -> main
unity-lens-photos 0.4-0ubuntu2 in quantal amd64: universe/gnome/optional -> main
unity-lens-photos 0.4-0ubuntu2 in quantal armel: universe/gnome/optional -> main
unity-lens-photos 0.4-0ubuntu2 in quantal armhf: universe/gnome/optional -> main
unity-lens-photos 0.4-0ubuntu2 in quantal i386: universe/gnome/optional -> main
unity-lens-photos 0.4-0ubuntu2 in quantal powerpc: universe/gnome/optional -> main
6 publications overridden.

Changed in unity-lens-photos (Ubuntu):
status: Fix Committed → Fix Released
Carsten Gerlach (carsteng)
tags: added: ffe
Marco Trevisan (Treviño) (3v1n0)
Changed in unity:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.