On 09/10/2009 06:49 AM, Max Spevack wrote: > On Thu, 10 Sep 2009, Mel Chua wrote: > >> 2. https://admin.fedoraproject.org/community/, a site that helps keep >> track of who is packaging what, and what state those packages are in. > > Whether on purpose or simply because there is a need to differentiate, > most people refer to this as the Fedora Community Portal, at least that > I've seen. > <nod> -- I think Fedora Portal would be one way to rename this if that's the way we end up going. > Maybe it should have its own domain name, as opposed to what is > currently a pretty convoluted domain name for what is a really awesome > webapp? > There's actually some technical reasons, and one social reason to keep the app on admin.fp.o. Due to the same origin policy_ in web browsers (a very important piece of browser security), information can't be shared across hosts. So things like single sign-on between Fedora Community Portal and Bodhi, packagedb, etc would not work. Currently this isn't a big issue as we're taking the username and password on the Portal page if we don't have an authentication cookie and proxying it to the other web apps to generate a cookie. But it will be a showstopper if we move to SSL certificates or another means of authenticating users as we can't proxy those. This doesn't mean we can't have something like https://community.fedoraproject.org that's a redirect to https://admin.fedoraproject.org/community but it would only be a redirect. The browser won't send authentication tokens to community.fedoraproject.org that came from admin.fedoraproject.org. The social reason is that we do not want to get people used to giving their Fedora username and password to third party sites. Right now you should only be putting your Fedora username and password pair into fedoraproject.org domains. If we had something like fedoracommunity.org go to The Fedora Community Portal, people would need to put their username and password in there as well. And from there, how are they to know that fedorafriends.org, fedorasolved.org, fedora.org, fedoraharvestpasswords.org are legitimate or illegitimate sites? .. _: http://en.wikipedia.org/wiki/Same_origin_policy#Origin_determination_rules >> 3. http://fedoracommunity.org, the top-level domain for a few (only 2 >> so far, it sounds like) local group homepages (such as >> http://ph.fedoracommunity.org/ for the Philippines). >> http://fedoracommunity.org itself is not up and running, but was >> supposed to be a directory for all such homepages. > > Given what we use *.fedoracommunity.org for, the main index page of > fedoracommunity.org should (ignoring all design options) make it easy > for people to find out what all the subdomains are, right? > That seems to be where this thread started off (n websites list) and I agree with it. I had to go find the DNS records we're serving to find out that ph.fc.o and bd.fc.o were the active domains. An index page listing the sites would be much better.
Description: OpenPGP digital signature