diff options
| author | Nicolas Vigier <boklm@mageia.org> | 2013-04-14 13:46:12 +0000 |
|---|---|---|
| committer | Nicolas Vigier <boklm@mageia.org> | 2013-04-14 13:46:12 +0000 |
| commit | 1be510f9529cb082f802408b472a77d074b394c0 (patch) | |
| tree | b175f9d5fcb107576dabc768e7bd04d4a3e491a0 /zarb-ml/mageia-sysadm/2012-March/004312.html | |
| parent | fa5098cf210b23ab4f419913e28af7b1b07dafb2 (diff) | |
| download | archives-master.tar archives-master.tar.gz archives-master.tar.bz2 archives-master.tar.xz archives-master.zip | |
Diffstat (limited to 'zarb-ml/mageia-sysadm/2012-March/004312.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2012-March/004312.html | 259 |
1 files changed, 259 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2012-March/004312.html b/zarb-ml/mageia-sysadm/2012-March/004312.html new file mode 100644 index 000000000..1ce2e225a --- /dev/null +++ b/zarb-ml/mageia-sysadm/2012-March/004312.html @@ -0,0 +1,259 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5Bforums-discuss%5D%20Re%3A%20updating%20sysadmin%0A%20privileges%20in%20forum%20config&In-Reply-To=%3C1332596734.19822.59.camel%40localhost%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="004309.html"> + <LINK REL="Next" HREF="004314.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config</H1> + <B>Michael Scherer</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5Bforums-discuss%5D%20Re%3A%20updating%20sysadmin%0A%20privileges%20in%20forum%20config&In-Reply-To=%3C1332596734.19822.59.camel%40localhost%3E" + TITLE="[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config">misc at zarb.org + </A><BR> + <I>Sat Mar 24 14:45:34 CET 2012</I> + <P><UL> + <LI>Previous message: <A HREF="004309.html">[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config +</A></li> + <LI>Next message: <A HREF="004314.html">[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#4312">[ date ]</a> + <a href="thread.html#4312">[ thread ]</a> + <a href="subject.html#4312">[ subject ]</a> + <a href="author.html#4312">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Le samedi 24 mars 2012 à 12:48 +0100, Wolfgang Bornath a écrit : +><i> 2012/3/24 Michael Scherer <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">misc at zarb.org</A>>: +</I>><i> > Le jeudi 22 mars 2012 à 08:18 +0100, Wolfgang Bornath a écrit : +</I>><i> > +</I>><i> >> He is talking about the update of the forum software phpBB3. The +</I>><i> >> version used at Mageia is outdated since summer 2011. New versions of +</I>><i> >> phpBB3 almost always are caused by security issues. This has been +</I>><i> >> mentioned several times in the forum threads. The point is that the +</I>><i> >> implementation of the forum software at Mageia (involving puppet, +</I>><i> >> etc.) was done this way to "ease forum software maintenance" (quoting +</I>><i> >> maât). :) +</I>><i> > +</I>><i> > Strictly speaking, what would have really helped the maintenance would +</I>><i> > have been to use : +</I>><i> > - a forum properly packaged, not one requiring specific deployment +</I>><i> > process like the current setup we have. Packages solved part of the +</I>><i> > problem since 15 years, maybe it would be a good moment to start using +</I>><i> > them. +</I>><i> > - a forum that do not requires to patch it for adding features +</I>><i> > - a forum that do not requires update on a regular basis. +</I>><i> +</I>><i> - I know not much about packaging (just the essentials). +</I> +I know packaging, and more than "the essentials", I also know system +administration, and also more the essential, partly because that's my +job. + +><i> But I doubt +</I>><i> there would be benefits by having a package for the forum software. +</I>><i> Quite to the contrary, a simple change of a character in one of the +</I>><i> php files would cause the need of an update of the whole package, +</I>><i> while as is you just need to exchange this one php file. If there +</I>><i> would be a benefit I guess there would have been phpBB packages for +</I>><i> years, phpBB being the most popular forum software, not only in the +</I>><i> Linux world. Ok, a weak point, I admit. +</I> +The point is indeed weak. + +For the start, having a package would ease the testing, since right now, +people just have no clue on how to replicate our setup. There is the +puppet manifests, but I take for granted that the intersection of those +that know how to use them and those interested into testing phpbb is +near 0. + +Second part of having a package is that it would benefit to others if in +the distribution. It would also ease the management of version by the QA +( cause if stuff is really important, you want to have it checked before +it goes live ). + +Another idea is to detect when there is change in the php files, by +using the rpm -V feature. That's quite handy when there is a problem +( again speaking of experience ). + +And having a rpm in the distribution also mean that we can benefit from +the whole framework on making sure this is up to date, making sure that +basic quality is respected, etc. Something that is far from being the +case with a random zip taken from the web, especially from php software. +And I do not even talk of more complex security system like tomoyo or +selinux. + +It also mean that the packager is following the update policy, which is +here to prevent unwanted breakage by minimizing changes. + +A package also mean we know what we can remove from the server, or what +we need. If we say "phpbb need php-zip", we know that the 2nd need to +have a packager, or we are in trouble. + +If we wanted to use slackware-style package on our servers, we would +have done so. + + +Oh, and there is package for phpbb in debian. So the lack of package in +mageia just show that no one is interested into it, and show there isn't +much correlation about what users would want and what people are +interested to do. + + +><i> - How would you implement requested features which are not available +</I>><i> in the forum software other than by "MODs" (which is the same as a +</I>><i> patch? +</I> +Usually, with well designed software, that work with plugins. Of course, +with some stuff, that goes by "let's duplicate the source code and deal +with merging source code update". There is ton of example of why this is +wrong ( search "technical debt" on a search engine for lots of articles +on the topic ), hence the need to use a software properly designed, and +to stay in a well designed process. + +For example, bugzilla has a rather clean API in the version 4.0. +Firefox, evolution, kde, all can be extended because they were designed +this way. + +In fact, every single software that we can consider extendable in the +world has some form of plugin system, . Except for some web application, +because people are too impatient or too enthusiast to do stuff more +slowly and properly, because it take time to design a proper API. + +And that's not because others application are harder to edit. There is +lots of python, ruby and perl application out there that are no more +harder to edit in place than php. And yet, coders usually add extensions +system rather than telling "just edit the file and that's it". + +We did take the "let's patch bugzilla to death" during the mandrake era. +This ended with a outdated bugzilla. + +And frankly, the whole idea of mod is a sign that phpbb is not suitable +out of the box, as I said in the past. So while maybe the others are not +either, that's still a signal that something is wrong. + +><i> - every php based forum software I know (I think I know almost all of +</I>><i> them at least from testing) gets regular updates from upstream. Most +</I>><i> of the changes between versions are not added functionalities or nicer +</I>><i> looks (where implementing an update could be a matter of discussions) +</I>><i> but needed bug fixes and even more needed security fixes. That's why +</I>><i> updates are unavoidable and should be done in due time. If you know a +</I>><i> forum software with equal functionality and which does not require +</I>><i> such updates, great, let's have it! +</I> +I never said that update should not be done in due time. But the fact +that you need to patch the software is a clear blocker for doing +upgrade. There is unit test in place in phpbb to ease everything, but I +doubt that coders who know how to write tests would be ok with the whole +"patching the code" style of extensions. + +And that's also a point for having a package in the distribution, where +we have a proper process for upgrade. There is nothing more special +about the forum software than for the rest of the system that would +warrant being treated differently. + +><i> > We are open to discuss patches or even constructive comments to the +</I>><i> > puppet setup, but it seems that no one sent anything at all. I have +</I>><i> > justified everything we did, and the reason for not having a free for +</I>><i> > all system due to privacy and security requirements that I explained +</I>><i> > enough to not repeat myself. +</I>><i> +</I>><i> Exactly these (privacy & security) are the reasons for forum software +</I>><i> updates. To me the current implementation was explained as a way to +</I>><i> ease maintenance. +</I> +Easing doesn't mean "give a magical wand to do upgrade". If no one do +it, it just doesn't happen. + +><i> That's why I (and others) asked in the forum why +</I>><i> needed updates were not installed. I asked this in the forum because +</I>><i> for a forum user the forum admin is the right person to contact, not +</I>><i> any other group or person, not any other platform. +</I> +There is what people may think regarding who to contact, and the +reality. If the 2 doesn't match, that's usually the reality that win. + +><i> > I either didn't see any pull request of patch to upgrade the forum in +</I>><i> > git, nor any request to have write access to the aforementioned git by +</I>><i> > anyone. While I can imagine that puppet, despite being dead easy and +</I>><i> > very well documented, is too complex for a hobbyist sysadmin, I do not +</I>><i> > think that git is a so obscure and unknown technology that no one ever +</I>><i> > tried to do anything with it. +</I>><i> +</I>><i> Maintaining the forum (implementing modifications, updates or starting +</I>><i> these by creating a bug report or whatever needed) is the most +</I>><i> prominent task of the forum admin, there's not much else for him to +</I>><i> do. It is not the user's job to care for such things. Maât himself +</I>><i> even explained the workflow once in the forum, so he knew exactly what +</I>><i> to do. So, if you blame somebody about missing requests or whatever, +</I>><i> pls knock on the right door. +</I> +><i>From my point of view, everybody can open a bug report or send patches. +</I>No one did, and you can say as much as you want "this is not my fault", +that will not change anything nor retroactively make bug reports appear. + +I would add that if people have a pretension to become admin or +anything, they should at least attempt to act as such. Ie, sending +patchs, etc. + +The last "git push" is not harder than "git send-email". + +><i> > Also, it seemed obvious to me that security issues should be treated +</I>><i> > like the rest of the issues, on bugzilla and not on forums. I still see +</I>><i> > no bug opened for that on the bug tracker. +</I>><i> +</I>><i> You're right, it's no topic for forum discussions. If updates are +</I>><i> available upstream, the admin should open a bugreport, adding an +</I>><i> "important" tag to ensure that it is done in due time. This was never +</I>><i> done. +</I>><i> +</I>><i> Summary: this discussion only started because somebody did not do his +</I>><i> job (whatever reason). Hopefully exchanging people on the relevant +</I>><i> position will improve the situation. +</I> +No, the discussion started because no one did the job. We are not +Mandriva, there is not "someone is in charge so I do nothing" bullshit +state of mind with the company and the rest of the world separation. The +system is open enough that someone skilled enough and motivated enough +can do most of the job, except the last step. + +If people were really concerned on contributing instead of speaking how +they would want to do something or how others didn't do what they +wanted, they would have done something. + +-- +Michael Scherer + +</PRE> + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="004309.html">[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config +</A></li> + <LI>Next message: <A HREF="004314.html">[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#4312">[ date ]</a> + <a href="thread.html#4312">[ thread ]</a> + <a href="subject.html#4312">[ subject ]</a> + <a href="author.html#4312">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |