SMF 1.1.13, SMF 2.0 RC4 Security Patch, and SMF 2.0 Release Candidate 5

Started by Norv, February 11, 2011, 03:16:35 PM

Previous topic - Next topic

青山 素子

Quote from: sharks on February 11, 2011, 03:58:40 PM
I don't understand why a change in licence is preventing the release of 2.0 final. Shouldn't a change in licence be able to be made quickly and easily if properly planned in advance? 5 years and 2.0 final is still baking... Honestly, i think it's just a clever way for the developers to say that the final version is not yet ready! Packing my non-existent admin hopes until 2012! LOL

You assume that the license change had been planned well in advance and that things were straightened. You would be seriously wrong. While there had been license change discussions for multiple years, including work on an OSI-compatible license based on the current one, the decision to tie a license change with the release of 2.0 appears to have been made fairly recently as far as i can tell. Only about a year ago, at most.

Combine that short of a time with the need to get signoff from all historical contributors (or at least major efforts to contact contributors) as there was no central copyright holder (CLAs have also recently been passed out to prevent this situation in the future) with the pegging of the 2.0 release on the finalization of the non-profit group and you get a huge cluster****** blocking any release.

Personally, I'd release 2.0 already with the old license and migrate to a new license as soon as it becomes possible rather than holding up an actual production release because of disfunction. Of course, that would probably cause even further schism and bull****** to fly around. Basically, the release table for 2.0 is ******ed because of politics.


Quote from: joec88 on February 11, 2011, 07:02:28 PM
So, can we take from this that the final release is no where near being released? sigh

Who knows. The release of 2.0 is tied to a lot of political bull****** and the NPO stuff is still not finalized as far as I know (no announcements on that yet and quite a bit of dodging the question). RC5 would otherwise probably have been the final release if it wasn't for the crack-addled plans.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


b4pjoe

Quote from: 青山 素子 on February 11, 2011, 07:15:58 PM
Personally, I'd release 2.0 already with the old license and migrate to a new license as soon as it becomes possible rather than holding up an actual production release because...

I agree with this wholeheartedly.

-=[Vyorel]=-

My mods for SMF - [6].

grafitus


Matthew K.


Deaks

glad to see this another step towards final :)

and this reminds me

* Runic shoots Norv
~~~~
Former SMF Project Manager
Former SMF Customizer

"For as lang as hunner o us is in life, in nae wey
will we thole the Soothron tae owergang us. In truth it isna for glory, or wealth, or
honours that we fecht, but for freedom alane, that nae honest cheil gies up but wi life
itsel."

JBlaze

Jason Clemons
Former Team Member 2009 - 2012

FfdG

Where are the changed files? Ever counted the files in "Small update"? Your update package sucks again.

IchBin™

Quote from: FfdG on February 11, 2011, 08:15:29 PM
Where are the changed files? Ever counted the files in "Small update"? Your update package sucks again.

Care to look in the changelog? What sucks about a security update? And even if you couldn't find any info on that at this site, what's so hard about running a diff?
IchBin™        TinyPortal

Antechinus

About the only files that would not be changed in RC5 are images. All php files have at least had the version number updated. That's the only change in some of them but a lot have other changes too. If you want to speed up the FTP upload process you can assume that no images have to be uploaded. That should save a fair amount of time.

ETA: Ich Bin, not all admins know how to run a diff. Some of them are very new to website management and coding.

FfdG

Quote from: IchBin™ on February 11, 2011, 08:36:03 PM
Care to look in the changelog? What sucks about a security update? And even if you couldn't find any info on that at this site, what's so hard about running a diff?
Vice versa. What's so hard in bundling a set of files? I don't want more than 1000 files, Smileys, unchanged Themes and periodically changed empty lines before EOF. Diff is nice but I still have to build my own patch.

Road Rash Jr.

Quote from: IchBin™ on February 11, 2011, 08:36:03 PM

What sucks about a security update?

I think the security update is great. It made one of my sites so secure there are no longer any members in the database and no one can register. Plenty secure now  :o
Thank the good Lord for backups.

Edit : Just used the large upgrade and all is well again  ;)  Good job people.
Never argue with an Idiot like myself, they just drag you down to their level then beat you with experience.

~DS~

"There is no god, and that's the simple truth. If every trace of any single religion were wiped out and nothing were passed on, it would never be created exactly that way again. There might be some other nonsense in its place, but not that exact nonsense. If all of science were wiped out, it would still be true and someone would find a way to figure it all out again."
~Penn Jillette – God, NO! – 2011

Bolt™

Nice but I just finley got my forum updated to SMF 4 and am sticking to it

IchBin™

Quote from: FfdG on February 11, 2011, 09:06:48 PM

Vice versa. What's so hard in bundling a set of files? I don't want more than 1000 files, Smileys, unchanged Themes and periodically changed empty lines before EOF. Diff is nice but I still have to build my own patch.

You don't have to build a patch. A security patch was provided. So it's not necessary to do the large upgrade. I could understand a full patch being made in a final version update. I don't think we have ever done patches for updates when in RC.

Quote from: Bolt3D08™ on February 11, 2011, 10:18:01 PM
Nice but I just finley got my forum updated to SMF 4 and am sticking to it

At least make sure you install the security patch then.
IchBin™        TinyPortal

Norv

This time, the upgrade is completely optional, in order to benefit from the security fixes: please feel free to find those fixes only in the RC4 Security Patch.
http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip

It won't be a full upgrade, but it will secure your forum, therefore it is highly recommended, and you can of course stick with RC4, while taking advantage of the security fixes.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

Matthew K.


kingkingston


AmaZulu

I've been using version 1.1 for about 5 years now. By next month I will be using IP.Board and giving them $$$ for the privilege. I wish I could stay with SMF and contribute the money here, but RC5?

Come on. It's just software, not the goddamn declaration of independence. >:(

N3lson

I´m Portuguese Yeah

Advertisement: