[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config

Michael Scherer misc at zarb.org
Sat Mar 24 11:43:53 CET 2012 

Le jeudi 22 mars 2012 à 08:18 +0100, Wolfgang Bornath a écrit :

> He is talking about the update of the forum software phpBB3. The
> version used at Mageia is outdated since summer 2011. New versions of
> phpBB3 almost always are caused by security issues. This has been
> mentioned several times in the forum threads. The point is that the
> implementation of the forum software at Mageia (involving puppet,
> etc.) was done this way to "ease forum software maintenance" (quoting
> maât). :)

Strictly speaking, what would have really helped the maintenance would
have been to use :
- a forum properly packaged, not one requiring specific deployment
process like the current setup we have. Packages solved part of the
problem since 15 years, maybe it would be a good moment to start using
them. 
- a forum that do not requires to patch it for adding features
- a forum that do not requires update on a regular basis.

But since people could neither wait nor volunteered to do the work
properly ( ie, real packages, or selecting a cleaner forum ), the
current setup is the best we could have achieved in the given time frame
( and with the constraint of "we will need to open lots of new forums",
and now, there is ... 2 ). 

We are open to discuss patches or even constructive comments to the
puppet setup, but it seems that no one sent anything at all. I have
justified everything we did, and the reason for not having a free for
all system due to privacy and security requirements that I explained
enough to not repeat myself. 

I either didn't see any pull request of patch to upgrade the forum in
git, nor any request to have write access to the aforementioned git by
anyone. While I can imagine that puppet, despite being dead easy and
very well documented, is too complex for a hobbyist sysadmin, I do not
think that git is a so obscure and unknown technology that no one ever
tried to do anything with it.

Also, it seemed obvious to me that security issues should be treated
like the rest of the issues, on bugzilla and not on forums. I still see
no bug opened for that on the bug tracker.

-- 
Michael Scherer

More information about the Mageia-sysadm mailing list