youtubetomp3converterapi / opengse Goto Github PK

FileServingServlet is a global concept, and likely the welcome files, such
as index.html are only defined in the global web.xml. 

Currently, it reloads (parse) the local web.xml to be able to get access to
the welcome files, which isn't efficient too. 

What steps will reproduce the problem?
1. Create a webapp with no WEB-INF/classes dir
2. Try to deploy

What is the expected output? What do you see instead?

It should deploy correctly. Instead, GSE complains about the classes dir
not existing:

Exception in thread "main"
com.google.opengse.configuration.WebAppConfigurationException: Directory
'/Users/headius/projects/jruby/testapp2/testapp2/WEB-INF/classes' does not
exist
    at
com.google.opengse.webapp.WebAppFactory.checkDirectory(WebAppFactory.java:122)
    at com.google.opengse.webapp.WebAppFactory.createWebApp(WebAppFactory.java:59)
    at com.google.opengse.webapp.war.WarDeployer.deployWar(WarDeployer.java:110)
    at com.google.opengse.webapp.war.WarDeployer.deploy(WarDeployer.java:80)
    at com.google.opengse.webapp.war.Main.getWebApp(Main.java:155)
    at com.google.opengse.webapp.war.Main.getWebApps(Main.java:134)
    at com.google.opengse.webapp.war.Main.getWebAppCollection(Main.java:124)
    at com.google.opengse.webapp.war.Main.main(Main.java:67)


What version of the product are you using? On what operating system?

Current downloadable jar as of today. Does not appear to have a version number.

Please provide any additional information below.

App is a JRuby on Rails application, but I don't see that it should matter.

We contact legal team with a laundry list of potential legal issues.

We need to contact cdibona and dannyb with any and all potential legal
issues that we can think of.

It's not up to us to judge whether or not they actually *are* legal
issues...it's just up to us to give the lawyers everything that we can
think of that *might* be problematic, and let them sort out the details.

We should get this done in time for us to make any changes *before*
launch...if the lawyers say that you can't release X, where X is an
important part of our story, then we need time to adjust.

We need to have the Apache license at the top of every source file.

We have checkstyle verifying this for Java files, so assuming that people
are checking and fixing warnings, we should have this configured for Java
files.  Check our continuous build for details.

However, we don't have any mechanism to enforce this for non-Java files. 
Also, what's the license for watchdog?

As per the steps on
http://wiki.corp.google.com/twiki/bin/view/Main/HowToOpenSourceGoogleCode#Scrubb
ing_Comments

We need to remove internal Googlers' usernames.

As per
http://wiki/Main/HowToOpenSourceGoogleCode#Documentation_and_Sample_Code:

"Documentation and Sample Code

The goal when releasing code as open source is usually to encourage others
to use it, and that will be a lot easier for people if they know how! You
should include some sort of documentation, even if it is just some notes in
the README file to help people get started.

If you are releasing a library or something else that exposes APIs, be sure
to include sample code. If possible, sample code should be licensed so that
people can cut-and-paste it into their own programs."

Who is taking responsible for writing sample code?  Who is taking
responsibility for writing documentation?  Where does this go in the heirarchy?

Marking this as Priority-High, but perhaps we want it to be
Priority-Critical?  A servlet engine with no examples and no documentation
probably isn't particularly useful.

Need to refactor a bit

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


Please use labels and text to provide additional information.

Is there enough benefit in using Google Collections that we should have an
explicit dependency on it?

e.g. for serving static files? Double check this against the spec.

We need to contact [email protected] to confirm that we have signoff.

From http://wiki/Main/HowToOpenSourceGoogleCode :

"When open-sourcing code that is part of google3, there is always a risk
that publishing the code might expose information about our software or
systems. A good example is protocol buffers: when open-sourced, it will be
easier for users to extract information from data that might have
previously looked like binary blobs. In these cases it is important to keep
the security team in the loop so that the risk can be assessed and
ameliorated."

It is entirely possible that they will think of OpenGSE as a threat to the
security of our extant GSE-based applications, so we should be prepared for
them to ask us tough questions like:

"Someone looks at the source for OpenGSE and discovers a vulnerability in
OpenGSE that is *also* present in GSE that allows them to poke around
inside Google prod.  What tests do you have in place and/or what code
review process have you been through to assure us that this isn't an
additional risk?"

I understand that the process requires someone to go over the entire body
of code (line by line), and review it for security issues.  To expedite
this, we may want to get them involved *very* early, and we may wish to do
*extra* cleanups in the code so that it's *very* clear what the code is
doing.  I don't know how this process works, but this may mean that we have
to hand over a snapshot and wait for them to review it before releasing.

Gimme docs!!

What steps will reproduce the problem?
1. Register a servlet to /*
2. Try to invoke it

What is the expected output? 
The original servlet

What do you see instead?
The FileServingServlet is invoked instead

From http://wiki/Main/HowToOpenSourceGoogleCode#Trademarks

"It is very important that your project's name doesn't infringe any third
party's trademarks. Before you can release your code, you need to file a
trademark request. The naming process for Open Source projects is
relatively simple process, but begin it early."

Other items that are particularly relevant to use:

"1. File a trademark request. Submit a preferred name and 1-3 alternate
names that are sufficiently different from each other. When you fill out
the request form, be sure to select "yes" for the "open source" field."

Have we filed a trademark request?

"3. Most open source names do not follow the 'Google + generic word' model
(e.g. Google Maps, Google Reader). There are exceptions for certain Open
Source projects that will be long-term initiatives for Google (e.g., Google
Gears and Google Web Toolkit). If your project may be in this boat, contact
Chris DiBona ([email protected]) for confirmation. You'll then proceed
down a full naming process which is more complex. Have your project manager
find a PMM to work with and use the process outlined on the Naming Wiki.

4. We no longer support G naming for any products (e.g., Gmail). "

Since OpenGSE is both "G-naming" and has (implied) Google in in the name,
this suggests that we have to go down the full naming process with a PMM,
as per the Naming Wiki.

We've had some tension lately as developers (ok, Mike and I) have gone back
and forth:

"You broke my test!"
"What do you mean?  Your test never worked in the first place!"
"Yes it did!"
"Not on my machine!"
"Well, your machine must be screwed up!"
"No, your machine is screwed up!"
"You should have checked with me before you did that!"
"No, *you* should have checked with *me* before *you* did that!"
etc.

So...how can we move forward without these conflicts?  

What's our presubmit criteria?  What tests must be run before checking in?
 And do we want to allow roll-backs when a change breaks something?  Do we
want to enforce code reviews?  

We currently lack a working process, and we have different ideas about what
that process should be.

As a straw man, we have two separate continuous builds at:
  http://opengse.euw.corp.google.com:8000

(One is built by Maven and one is built by Ant, both under Java 5.)  

Do we wish to take the bold step of saying that any change that breaks
either of those builds should either be "claimed" by the reviewer and fixed
or rolled back?