path: root/zarb-ml/mageia-sysadm/2012-March/004312.html
diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2012-March/004312.html')
1 files changed, 259 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2012-March/004312.html b/zarb-ml/mageia-sysadm/2012-March/004312.html
new file mode 100644
index 000000000..1ce2e225a
--- /dev/null
+++ b/zarb-ml/mageia-sysadm/2012-March/004312.html
@@ -0,0 +1,259 @@
+ <HEAD>
+ <TITLE> [Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config
+ </TITLE>
+ <LINK REL="Index" HREF="index.html" >
+ <LINK REL="made" HREF="">
+ <META NAME="robots" CONTENT="index,nofollow">
+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+ <LINK REL="Previous" HREF="004309.html">
+ <LINK REL="Next" HREF="004314.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+ <H1>[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config</H1>
+ <B>Michael Scherer</B>
+ <A HREF=""
+ TITLE="[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config">misc at
+ </A><BR>
+ <I>Sat Mar 24 14:45:34 CET 2012</I>
+ <P><UL>
+ <LI>Previous message: <A HREF="004309.html">[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config
+ <LI>Next message: <A HREF="004314.html">[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config
+ <LI> <B>Messages sorted by:</B>
+ <a href="date.html#4312">[ date ]</a>
+ <a href="thread.html#4312">[ thread ]</a>
+ <a href="subject.html#4312">[ subject ]</a>
+ <a href="author.html#4312">[ author ]</a>
+ </LI>
+ </UL>
+ <HR>
+<PRE>Le samedi 24 mars 2012 &#224; 12:48 +0100, Wolfgang Bornath a &#233;crit :
+&gt;<i> 2012/3/24 Michael Scherer &lt;<A HREF="">misc at</A>&gt;:
+</I>&gt;<i> &gt; Le jeudi 22 mars 2012 &#224; 08:18 +0100, Wolfgang Bornath a &#233;crit :
+</I>&gt;<i> &gt;
+</I>&gt;<i> &gt;&gt; He is talking about the update of the forum software phpBB3. The
+</I>&gt;<i> &gt;&gt; version used at Mageia is outdated since summer 2011. New versions of
+</I>&gt;<i> &gt;&gt; phpBB3 almost always are caused by security issues. This has been
+</I>&gt;<i> &gt;&gt; mentioned several times in the forum threads. The point is that the
+</I>&gt;<i> &gt;&gt; implementation of the forum software at Mageia (involving puppet,
+</I>&gt;<i> &gt;&gt; etc.) was done this way to &quot;ease forum software maintenance&quot; (quoting
+</I>&gt;<i> &gt;&gt; ma&#226;t). :)
+</I>&gt;<i> &gt;
+</I>&gt;<i> &gt; Strictly speaking, what would have really helped the maintenance would
+</I>&gt;<i> &gt; have been to use :
+</I>&gt;<i> &gt; - a forum properly packaged, not one requiring specific deployment
+</I>&gt;<i> &gt; process like the current setup we have. Packages solved part of the
+</I>&gt;<i> &gt; problem since 15 years, maybe it would be a good moment to start using
+</I>&gt;<i> &gt; them.
+</I>&gt;<i> &gt; - a forum that do not requires to patch it for adding features
+</I>&gt;<i> &gt; - a forum that do not requires update on a regular basis.
+</I>&gt;<i> - I know not much about packaging (just the essentials).
+I know packaging, and more than &quot;the essentials&quot;, I also know system
+administration, and also more the essential, partly because that's my
+&gt;<i> But I doubt
+</I>&gt;<i> there would be benefits by having a package for the forum software.
+</I>&gt;<i> Quite to the contrary, a simple change of a character in one of the
+</I>&gt;<i> php files would cause the need of an update of the whole package,
+</I>&gt;<i> while as is you just need to exchange this one php file. If there
+</I>&gt;<i> would be a benefit I guess there would have been phpBB packages for
+</I>&gt;<i> years, phpBB being the most popular forum software, not only in the
+</I>&gt;<i> Linux world. Ok, a weak point, I admit.
+The point is indeed weak.
+For the start, having a package would ease the testing, since right now,
+people just have no clue on how to replicate our setup. There is the
+puppet manifests, but I take for granted that the intersection of those
+that know how to use them and those interested into testing phpbb is
+near 0.
+Second part of having a package is that it would benefit to others if in
+the distribution. It would also ease the management of version by the QA
+( cause if stuff is really important, you want to have it checked before
+it goes live ).
+Another idea is to detect when there is change in the php files, by
+using the rpm -V feature. That's quite handy when there is a problem
+( again speaking of experience ).
+And having a rpm in the distribution also mean that we can benefit from
+the whole framework on making sure this is up to date, making sure that
+basic quality is respected, etc. Something that is far from being the
+case with a random zip taken from the web, especially from php software.
+And I do not even talk of more complex security system like tomoyo or
+It also mean that the packager is following the update policy, which is
+here to prevent unwanted breakage by minimizing changes.
+A package also mean we know what we can remove from the server, or what
+we need. If we say &quot;phpbb need php-zip&quot;, we know that the 2nd need to
+have a packager, or we are in trouble.
+If we wanted to use slackware-style package on our servers, we would
+have done so.
+Oh, and there is package for phpbb in debian. So the lack of package in
+mageia just show that no one is interested into it, and show there isn't
+much correlation about what users would want and what people are
+interested to do.
+&gt;<i> - How would you implement requested features which are not available
+</I>&gt;<i> in the forum software other than by &quot;MODs&quot; (which is the same as a
+</I>&gt;<i> patch?
+Usually, with well designed software, that work with plugins. Of course,
+with some stuff, that goes by &quot;let's duplicate the source code and deal
+with merging source code update&quot;. There is ton of example of why this is
+wrong ( search &quot;technical debt&quot; on a search engine for lots of articles
+on the topic ), hence the need to use a software properly designed, and
+to stay in a well designed process.
+For example, bugzilla has a rather clean API in the version 4.0.
+Firefox, evolution, kde, all can be extended because they were designed
+this way.
+In fact, every single software that we can consider extendable in the
+world has some form of plugin system, . Except for some web application,
+because people are too impatient or too enthusiast to do stuff more
+slowly and properly, because it take time to design a proper API.
+And that's not because others application are harder to edit. There is
+lots of python, ruby and perl application out there that are no more
+harder to edit in place than php. And yet, coders usually add extensions
+system rather than telling &quot;just edit the file and that's it&quot;.
+We did take the &quot;let's patch bugzilla to death&quot; during the mandrake era.
+This ended with a outdated bugzilla.
+And frankly, the whole idea of mod is a sign that phpbb is not suitable
+out of the box, as I said in the past. So while maybe the others are not
+either, that's still a signal that something is wrong.
+&gt;<i> - every php based forum software I know (I think I know almost all of
+</I>&gt;<i> them at least from testing) gets regular updates from upstream. Most
+</I>&gt;<i> of the changes between versions are not added functionalities or nicer
+</I>&gt;<i> looks (where implementing an update could be a matter of discussions)
+</I>&gt;<i> but needed bug fixes and even more needed security fixes. That's why
+</I>&gt;<i> updates are unavoidable and should be done in due time. If you know a
+</I>&gt;<i> forum software with equal functionality and which does not require
+</I>&gt;<i> such updates, great, let's have it!
+I never said that update should not be done in due time. But the fact
+that you need to patch the software is a clear blocker for doing
+upgrade. There is unit test in place in phpbb to ease everything, but I
+doubt that coders who know how to write tests would be ok with the whole
+&quot;patching the code&quot; style of extensions.
+And that's also a point for having a package in the distribution, where
+we have a proper process for upgrade. There is nothing more special
+about the forum software than for the rest of the system that would
+warrant being treated differently.
+&gt;<i> &gt; We are open to discuss patches or even constructive comments to the
+</I>&gt;<i> &gt; puppet setup, but it seems that no one sent anything at all. I have
+</I>&gt;<i> &gt; justified everything we did, and the reason for not having a free for
+</I>&gt;<i> &gt; all system due to privacy and security requirements that I explained
+</I>&gt;<i> &gt; enough to not repeat myself.
+</I>&gt;<i> Exactly these (privacy &amp; security) are the reasons for forum software
+</I>&gt;<i> updates. To me the current implementation was explained as a way to
+</I>&gt;<i> ease maintenance.
+Easing doesn't mean &quot;give a magical wand to do upgrade&quot;. If no one do
+it, it just doesn't happen.
+&gt;<i> That's why I (and others) asked in the forum why
+</I>&gt;<i> needed updates were not installed. I asked this in the forum because
+</I>&gt;<i> for a forum user the forum admin is the right person to contact, not
+</I>&gt;<i> any other group or person, not any other platform.
+There is what people may think regarding who to contact, and the
+reality. If the 2 doesn't match, that's usually the reality that win.
+&gt;<i> &gt; I either didn't see any pull request of patch to upgrade the forum in
+</I>&gt;<i> &gt; git, nor any request to have write access to the aforementioned git by
+</I>&gt;<i> &gt; anyone. While I can imagine that puppet, despite being dead easy and
+</I>&gt;<i> &gt; very well documented, is too complex for a hobbyist sysadmin, I do not
+</I>&gt;<i> &gt; think that git is a so obscure and unknown technology that no one ever
+</I>&gt;<i> &gt; tried to do anything with it.
+</I>&gt;<i> Maintaining the forum (implementing modifications, updates or starting
+</I>&gt;<i> these by creating a bug report or whatever needed) is the most
+</I>&gt;<i> prominent task of the forum admin, there's not much else for him to
+</I>&gt;<i> do. It is not the user's job to care for such things. Ma&#226;t himself
+</I>&gt;<i> even explained the workflow once in the forum, so he knew exactly what
+</I>&gt;<i> to do. So, if you blame somebody about missing requests or whatever,
+</I>&gt;<i> pls knock on the right door.
+&gt;<i>From my point of view, everybody can open a bug report or send patches.
+</I>No one did, and you can say as much as you want &quot;this is not my fault&quot;,
+that will not change anything nor retroactively make bug reports appear.
+I would add that if people have a pretension to become admin or
+anything, they should at least attempt to act as such. Ie, sending
+patchs, etc.
+The last &quot;git push&quot; is not harder than &quot;git send-email&quot;.
+&gt;<i> &gt; Also, it seemed obvious to me that security issues should be treated
+</I>&gt;<i> &gt; like the rest of the issues, on bugzilla and not on forums. I still see
+</I>&gt;<i> &gt; no bug opened for that on the bug tracker.
+</I>&gt;<i> You're right, it's no topic for forum discussions. If updates are
+</I>&gt;<i> available upstream, the admin should open a bugreport, adding an
+</I>&gt;<i> &quot;important&quot; tag to ensure that it is done in due time. This was never
+</I>&gt;<i> done.
+</I>&gt;<i> Summary: this discussion only started because somebody did not do his
+</I>&gt;<i> job (whatever reason). Hopefully exchanging people on the relevant
+</I>&gt;<i> position will improve the situation.
+No, the discussion started because no one did the job. We are not
+Mandriva, there is not &quot;someone is in charge so I do nothing&quot; bullshit
+state of mind with the company and the rest of the world separation. The
+system is open enough that someone skilled enough and motivated enough
+can do most of the job, except the last step.
+If people were really concerned on contributing instead of speaking how
+they would want to do something or how others didn't do what they
+wanted, they would have done something.
+Michael Scherer
+ <HR>
+ <P><UL>
+ <!--threads-->
+ <LI>Previous message: <A HREF="004309.html">[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config
+ <LI>Next message: <A HREF="004314.html">[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config
+ <LI> <B>Messages sorted by:</B>
+ <a href="date.html#4312">[ date ]</a>
+ <a href="thread.html#4312">[ thread ]</a>
+ <a href="subject.html#4312">[ subject ]</a>
+ <a href="author.html#4312">[ author ]</a>
+ </LI>
+ </UL>
+<a href="">More information about the Mageia-sysadm
+mailing list</a><br>