Jump to content

Suggestion: Security Updates in own section


CheersnGears

Recommended Posts

I admit... I am terrible about doing security updates for my board software.

Rather than putting Security Updates in the general "News and Information" forum, perhaps it would be better to put security updates by themselves in a forum or blog exclusive to this type of notice. That way, someone (like me) can go back reference all the security updates and perform them. It could even be used to post instructions on what site owners need to do in the event of major security issues like heartbleed. (i.e. It's not IPS related, call your hosting provider, change your passwords).

Right now, they are mixed in with every other type of announcement and might be missed.

So how about it... a Security Announcements forum or Blog for this sort of thing?

Link to comment
Share on other sites

It's a good idea but won't really apply come 4.0 as we will no longer do "patches" but instead increment the version number. You won't be able to miss it that way as the system will rant at you.

oh boy .. can just imagine ... 4.0.999

Link to comment
Share on other sites

It's a good idea but won't really apply come 4.0 as we will no longer do "patches" but instead increment the version number. You won't be able to miss it that way as the system will rant at you.

But you still could be doing security patches between now and 4.0.... and possibly even after since there will be a large number of sites that cannot upgrade on day one of 4.0 Gold.

Link to comment
Share on other sites

My Point being... people are still using Windows XP and Microsoft is only just now ending support for security updates. I understand that IPS plans to continue to offer security updates 3.4.x for a while even after 4.0 comes out.

I'm really excited for 4.0, but I also know that I won't be able to upgrade for at least a couple months after it is released.

Link to comment
Share on other sites

  • Management

We're generally overhauling the entire distribution system for 4, so these ideas can be easily integrated. Right now we have to manually create patches and updates which is very time consuming whereas we'll be looking to automate the system for 4.

When we do release a security patch, we do the following things:

  • Post on this forum
  • Issue an email to customers
  • Tweet the announcement
  • Issue a bulletin that is visible inside every IP.Board installed.

One might say that if all those passed you by, then having the actual announcement in its own section won't really help.

Link to comment
Share on other sites

I'm not looking for another source of notification. That's my own fault. I'm looking for a consolidated repository of all official IPS security notices in a single place and not mixed in with other notices or customer threads.

Really, just a sub-forum somewhere containing the notices would be fine as long as only IPS can create a thread in there.

Link to comment
Share on other sites

Playing devils advocate here...

Is there a reason you can't open the News and information forum and do a search for 'security' or 'patch' that will pull results from just that forum to create your 'consolidated repository'?

Link to comment
Share on other sites

  • Management

CheersnGears suggestion is valid :) It's just that with 4.0 we have a much better plan in place for security patches. For 3.x we might implement something like this as a quick-glance for people running 3.x since we don't want to mix them up.

Link to comment
Share on other sites

CheersnGears suggestion is valid :smile: It's just that with 4.0 we have a much better plan in place for security patches. For 3.x we might implement something like this as a quick-glance for people running 3.x since we don't want to mix them up.

For implementing the the patches, I'm glad to hear it.

For announcement and discussion of them too though?

Aiwa - Would it work? Sure... but that doesn't really make it a quick and easy reference now does it?

Link to comment
Share on other sites

Aiwa - Would it work? Sure... but that doesn't really make it a quick and easy reference now does it?

Quick and easy is subjective. I perform searches of these forums hundreds of times per day, so I, personally, don't consider performing a search difficult or intrusive.

I was offering an alternative solution that you could use today. Sounds like Charles is taking the suggestion and looking at the best way to get you what you're after.

Link to comment
Share on other sites

CheersnGears suggestion is valid :smile: It's just that with 4.0 we have a much better plan in place for security patches. For 3.x we might implement something like this as a quick-glance for people running 3.x since we don't want to mix them up.

How will that work in terms of cases where we have made some modifications to certain files?

I like the current way of just issuing security patches with the changed files. If we would have to upload the whole suite when a security patch comes around, then it would also be a lot more work to review the changes and ensure that our own modifications are still left in. Especially as you increment the version number in every single file for each properly released version (which makes it hard to see actual changes between versions in git diff btw)

Link to comment
Share on other sites

CheersnGears suggestion is valid :smile: It's just that with 4.0 we have a much better plan in place for security patches. For 3.x we might implement something like this as a quick-glance for people running 3.x since we don't want to mix them up.

Quick solution would be to use tags and / or prefixes.

Aiwa - Would it work? Sure... but that doesn't really make it a quick and easy reference now does it?

If you want a link and not type it yourself, here you go: http://community.invisionpower.com/index.php?app=core&module=search&do=search&fromMainBar=1&search_app=forums:forum:1&search_term=security

Link to comment
Share on other sites

Version 4.0's upgrade process will be different than 3.x's so those concerns won't be a problem.

I am interested in more information about this. Maybe a blog post on the mechanics behind how the 4.0 upgrades won't (generally, I assume) break other modification we make to our boards.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...