[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config
Wolfgang Bornath
molch.b at googlemail.com
Sat Mar 24 12:48:26 CET 2012
2012/3/24 Michael Scherer <misc at zarb.org>:
> Le jeudi 22 mars 2012 à 08:18 +0100, Wolfgang Bornath a écrit :
>
>> He is talking about the update of the forum software phpBB3. The
>> version used at Mageia is outdated since summer 2011. New versions of
>> phpBB3 almost always are caused by security issues. This has been
>> mentioned several times in the forum threads. The point is that the
>> implementation of the forum software at Mageia (involving puppet,
>> etc.) was done this way to "ease forum software maintenance" (quoting
>> maât). :)
>
> Strictly speaking, what would have really helped the maintenance would
> have been to use :
> - a forum properly packaged, not one requiring specific deployment
> process like the current setup we have. Packages solved part of the
> problem since 15 years, maybe it would be a good moment to start using
> them.
> - a forum that do not requires to patch it for adding features
> - a forum that do not requires update on a regular basis.
- I know not much about packaging (just the essentials). But I doubt
there would be benefits by having a package for the forum software.
Quite to the contrary, a simple change of a character in one of the
php files would cause the need of an update of the whole package,
while as is you just need to exchange this one php file. If there
would be a benefit I guess there would have been phpBB packages for
years, phpBB being the most popular forum software, not only in the
Linux world. Ok, a weak point, I admit.
- How would you implement requested features which are not available
in the forum software other than by "MODs" (which is the same as a
patch?
- every php based forum software I know (I think I know almost all of
them at least from testing) gets regular updates from upstream. Most
of the changes between versions are not added functionalities or nicer
looks (where implementing an update could be a matter of discussions)
but needed bug fixes and even more needed security fixes. That's why
updates are unavoidable and should be done in due time. If you know a
forum software with equal functionality and which does not require
such updates, great, let's have it!
> We are open to discuss patches or even constructive comments to the
> puppet setup, but it seems that no one sent anything at all. I have
> justified everything we did, and the reason for not having a free for
> all system due to privacy and security requirements that I explained
> enough to not repeat myself.
Exactly these (privacy & security) are the reasons for forum software
updates. To me the current implementation was explained as a way to
ease maintenance. That's why I (and others) asked in the forum why
needed updates were not installed. I asked this in the forum because
for a forum user the forum admin is the right person to contact, not
any other group or person, not any other platform.
> I either didn't see any pull request of patch to upgrade the forum in
> git, nor any request to have write access to the aforementioned git by
> anyone. While I can imagine that puppet, despite being dead easy and
> very well documented, is too complex for a hobbyist sysadmin, I do not
> think that git is a so obscure and unknown technology that no one ever
> tried to do anything with it.
Maintaining the forum (implementing modifications, updates or starting
these by creating a bug report or whatever needed) is the most
prominent task of the forum admin, there's not much else for him to
do. It is not the user's job to care for such things. Maât himself
even explained the workflow once in the forum, so he knew exactly what
to do. So, if you blame somebody about missing requests or whatever,
pls knock on the right door.
> Also, it seemed obvious to me that security issues should be treated
> like the rest of the issues, on bugzilla and not on forums. I still see
> no bug opened for that on the bug tracker.
You're right, it's no topic for forum discussions. If updates are
available upstream, the admin should open a bugreport, adding an
"important" tag to ensure that it is done in due time. This was never
done.
Summary: this discussion only started because somebody did not do his
job (whatever reason). Hopefully exchanging people on the relevant
position will improve the situation.
--
wobo
More information about the Mageia-sysadm
mailing list