Advertisement:

Author Topic: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5  (Read 1033755 times)

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 16,369
  • 戦場ヶ原、蕩れ!
    • @motokochan on Twitter
    • Animeneko Network
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #40 on: February 11, 2011, 07:15:58 PM »
I don't understand why a change in licence is preventing the release of 2.0 final. Shouldn't a change in licence be able to be made quickly and easily if properly planned in advance? 5 years and 2.0 final is still baking... Honestly, i think it's just a clever way for the developers to say that the final version is not yet ready! Packing my non-existent admin hopes until 2012! LOL

You assume that the license change had been planned well in advance and that things were straightened. You would be seriously wrong. While there had been license change discussions for multiple years, including work on an OSI-compatible license based on the current one, the decision to tie a license change with the release of 2.0 appears to have been made fairly recently as far as i can tell. Only about a year ago, at most.

Combine that short of a time with the need to get signoff from all historical contributors (or at least major efforts to contact contributors) as there was no central copyright holder (CLAs have also recently been passed out to prevent this situation in the future) with the pegging of the 2.0 release on the finalization of the non-profit group and you get a huge cluster****** blocking any release.

Personally, I'd release 2.0 already with the old license and migrate to a new license as soon as it becomes possible rather than holding up an actual production release because of disfunction. Of course, that would probably cause even further schism and bull****** to fly around. Basically, the release table for 2.0 is ******ed because of politics.


So, can we take from this that the final release is no where near being released? sigh

Who knows. The release of 2.0 is tied to a lot of political bull****** and the NPO stuff is still not finalized as far as I know (no announcements on that yet and quite a bit of dodging the question). RC5 would otherwise probably have been the final release if it wasn't for the crack-addled plans.
Motoko-chan
Director, Simple Machines

Just like... making of enemies / 負ける気しない やめるきない / You are cool but fool - Charisma.com 『HATE』

Note: I am not a member of the Simple Machines Forum project.


Offline b4pjoe

  • Jr. Member
  • **
  • Posts: 368
  • Gender: Male
    • B4print.com
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #41 on: February 11, 2011, 07:23:12 PM »
Personally, I'd release 2.0 already with the old license and migrate to a new license as soon as it becomes possible rather than holding up an actual production release because...

I agree with this wholeheartedly.

Offline -=[Vyorel]=-

  • Full Member
  • ***
  • Posts: 676
  • Gender: Male
  • SMF Wiki Writer
    • DSKVyorel on Facebook
    • xeromzone on LinkedIn
    • @XeromZoneCom on Twitter
    • Xerom Zone Community
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #42 on: February 11, 2011, 07:24:13 PM »
Nice work. Thank you! :o
My mods for SMF - [5].

Offline grafitus

  • SMF Hero
  • ******
  • Posts: 3,038
    • beratdogan on LinkedIn
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #43 on: February 11, 2011, 07:28:48 PM »
Yep, exactly what I need! Integration hooks for permissions!

Offline Labradoodle-360

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,985
  • Gender: Male
    • matthew.kerle on Facebook
    • @matthew_kerle on Twitter
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #44 on: February 11, 2011, 07:31:32 PM »
That is great!
Yep, exactly what I need! Integration hooks for permissions!
Former SMF Developer
My Modifications

Offline Μπράιαν Poύνικ Ντίκεν

  • SMF Super Hero
  • *******
  • Posts: 20,868
  • Gender: Male
  • Sitting Silently Waiting
    • bryan.deakin.1 on Facebook
    • @bryandeakin on Twitter
    • Bryan Deakin dot com
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #45 on: February 11, 2011, 07:40:06 PM »
glad to see this another step towards final :)

and this reminds me

* Runic shoots Norv
Μπράιαν Poύνικ Ντίκεν
Former Project Manager @ SMF
Former Vice President @ Simple Machines
Admin @ idesign360.com
Owner @ Bryan Deakin dot Com

Offline JBlaze

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 10,960
  • Gender: Male
  • Et tu, Brute?
    • jasonclemons1 on LinkedIn
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #46 on: February 11, 2011, 08:09:27 PM »
* JBlaze shoots Runic

Offline FfdG

  • Semi-Newbie
  • *
  • Posts: 40
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #47 on: February 11, 2011, 08:15:29 PM »
Where are the changed files? Ever counted the files in "Small update"? Your update package sucks again.

Offline IchBin™

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,103
  • Gender: Male
  • I don't speak German.
    • IchBin.us
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #48 on: February 11, 2011, 08:36:03 PM »
Where are the changed files? Ever counted the files in "Small update"? Your update package sucks again.

Care to look in the changelog? What sucks about a security update? And even if you couldn't find any info on that at this site, what's so hard about running a diff?
Brad "IchBin™" Grow        TinyPortal        Themes
Coding Guidelines       

Offline Antechinus

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 22,349
  • Master of BBC Abuse
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #49 on: February 11, 2011, 08:41:54 PM »
About the only files that would not be changed in RC5 are images. All php files have at least had the version number updated. That's the only change in some of them but a lot have other changes too. If you want to speed up the FTP upload process you can assume that no images have to be uploaded. That should save a fair amount of time.

ETA: Ich Bin, not all admins know how to run a diff. Some of them are very new to website management and coding.
President for life - Righteous League of GitHub Haterz

 "Seems brilliantly designed to match the intuitions of demented ferrets"

Offline FfdG

  • Semi-Newbie
  • *
  • Posts: 40
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #50 on: February 11, 2011, 09:06:48 PM »
Care to look in the changelog? What sucks about a security update? And even if you couldn't find any info on that at this site, what's so hard about running a diff?
Vice versa. What's so hard in bundling a set of files? I don't want more than 1000 files, Smileys, unchanged Themes and periodically changed empty lines before EOF. Diff is nice but I still have to build my own patch.

Offline Road Rash Jr.

  • Sr. Member
  • ****
  • Posts: 765
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #51 on: February 11, 2011, 09:25:26 PM »

What sucks about a security update?

I think the security update is great. It made one of my sites so secure there are no longer any members in the database and no one can register. Plenty secure now  :o
Thank the good Lord for backups.
 
Edit : Just used the large upgrade and all is well again  ;)  Good job people.
« Last Edit: February 11, 2011, 09:36:31 PM by Road Rash »
Never argue with an Idiot like myself, they just drag you down to their level then beat you with experience.

Offline ~DS~

  • SMF Hero
  • ******
  • Posts: 2,599
  • Gender: Male
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #52 on: February 11, 2011, 10:15:39 PM »
* Dismal Shadow foresee RC6...

* Dismal Shadow runs away
“There is no god, and that’s the simple truth. If every trace of any single religion were wiped out and nothing were passed on, it would never be created exactly that way again. There might be some other nonsense in its place, but not that exact nonsense. If all of science were wiped out, it would still be true and someone would find a way to figure it all out again."
~Penn Jillette – God, NO! – 2011

Offline Bolt™

  • Semi-Newbie
  • *
  • Posts: 51
  • Gender: Male
  • Gay Furry Husky
    • Ultimate Gaming Forum
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #53 on: February 11, 2011, 10:18:01 PM »
Nice but I just finley got my forum updated to SMF 4 and am sticking to it

Offline IchBin™

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,103
  • Gender: Male
  • I don't speak German.
    • IchBin.us
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #54 on: February 11, 2011, 10:20:06 PM »

Vice versa. What's so hard in bundling a set of files? I don't want more than 1000 files, Smileys, unchanged Themes and periodically changed empty lines before EOF. Diff is nice but I still have to build my own patch.

You don't have to build a patch. A security patch was provided. So it's not necessary to do the large upgrade. I could understand a full patch being made in a final version update. I don't think we have ever done patches for updates when in RC.

Nice but I just finley got my forum updated to SMF 4 and am sticking to it

At least make sure you install the security patch then.
Brad "IchBin™" Grow        TinyPortal        Themes
Coding Guidelines       

Offline Norv

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 18,314
  • Blue Wolf
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #55 on: February 11, 2011, 10:22:47 PM »
This time, the upgrade is completely optional, in order to benefit from the security fixes: please feel free to find those fixes only in the RC4 Security Patch.
http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip

It won't be a full upgrade, but it will secure your forum, therefore it is highly recommended, and you can of course stick with RC4, while taking advantage of the security fixes.
To-do lists are for deferral. The more things you write down the later they're done… until you have 100s of lists of things you don't do.
File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

Offline Labradoodle-360

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,985
  • Gender: Male
    • matthew.kerle on Facebook
    • @matthew_kerle on Twitter
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #56 on: February 11, 2011, 10:57:54 PM »
Not gonna happen.
* Dismal Shadow foresee RC6...

* Dismal Shadow runs away
Former SMF Developer
My Modifications

Offline kingkingston

  • Full Member
  • ***
  • Posts: 650
  • Gender: Male
    • @ozzysportsforum on Twitter
    • aussiesportsforum.com
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #57 on: February 11, 2011, 11:49:45 PM »
I think someone forget the update package for SMF 1.1.13 :P
1.1 brand would almost be dead

Offline AmaZulu

  • Semi-Newbie
  • *
  • Posts: 80
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #58 on: February 12, 2011, 12:10:38 AM »
I've been using version 1.1 for about 5 years now. By next month I will be using IP.Board and giving them $$$ for the privilege. I wish I could stay with SMF and contribute the money here, but RC5?

Come on. It's just software, not the goddamn declaration of independence. >:(

Offline N3lson

  • Sr. Member
  • ****
  • Posts: 808
  • Gender: Male
Re: SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5
« Reply #59 on: February 12, 2011, 02:42:35 AM »
Thank you
I´m Portuguese Yeah