Upgrade Now Front End Message

[craigf136]

1 minute ago, Koby said:

If a mod has ACP access, they're not a mod. Mods only have MCP access.

Only admins have ACP access; if you have given your 'mods' the ability to access it, then you're technically lying about their position as you're calling your 'admins' simply 'mods.

Nonsense - I also take the accusation of lying to be insulting. A moderator can have ACP access with restrictions on what they can access applied, doesn't make them an admin - it makes them a moderator with the power to carry our certain functions out-with the "administration" of the site.

[Koby]

Just now, craigf136 said:

Nonsense - I also take the accusation of lying to be insulting. A moderator can have ACP access with restrictions on what they can access applied, doesn't make them an admin - it makes them a moderator with the power to carry our certain functions out-with the "administration" of the site.

They very name is in the title ACP = Admin CP; they're a limited admin, but admin regardless.

Call them what you want though; but they'll get admin notifications by IPS because they're classified as admins for having such access.

[chilihead]

Semantics aside, if they can't perform the upgrade they don't need to see it.  

[Koby]

Just now, chilihead said:

Semantics aside, if they can't perform the upgrade they don't need to see it.  

True, but IPS have no way of determining which admin does or does not have the ability to perform it.

[chilihead]

I have one regular member (not even mod) with acp access to one depart of support tickets because he answers product review requests.

1 minute ago, Koby said:

True, but IPS have no way of determining which admin does or does not have the ability to perform it.

Administrator group.

[craigf136]

They are a moderator, they moderate the site & users of the site. As a result they have the ability to access certain functions not available in the MCP but should be available in the MCP (such as resetting a users password for example). Just because Invision doesn't have this function within the MCP, doesn't mean it shouldn't be there - which is why limited ACP access is granted.

Certain functions we think they should have available to them as moderators are available to them.

9 minutes ago, chilihead said:

I have one regular member(not even mod) with acp access to one depart of support tickets because he answers product review requests.

Administrator group.

Exactly, not in the administrator group, they don't see the message - very simple.

[Vikestart]

I don't like this sort of software behaviour, even if it's about security updates. Don't shove things in our face if we don't want it. It's our responsibility to upgrade, not yours. Making it come back every so and so often would be okay I suppose, such as once every week.

[Lindy]

1 hour ago, craigf136 said:

I would normally, but with previous releases and fixes, something doesn't work and 4.1.3.1, then 4.1.3.2 is released etc and having any downtime as a result of a bug (not security fix) but a bug is critical & we are already diminished because we have no Mod CP, we have no activity stream, we have no user profiles accessible and risking the site being down because of the security issue - was a risk I was prepared to take.

The message irrespective of how it appears is available to Admins but also moderators with ACP access and that shouldn't be the case. We where told admins only and it's not.

Admin permissions are something that are going to be overhauled in a not-too-terribly-distant update. We will be introducing a special "owner" type flag (more details at a later date) and we can then visit tying certain things like license and update notifications into that. Currently, there's no provision for such and knowing we're overhauling that area later, we're not interested in adding one for something so seemingly minor. 

Also - while "moderator" may be a job role within your community, we define "admin" as someone with access to the AdminCP. Semantics, I know - but hopefully that explains where we're coming from when we say "an admin." On a code level, if you have access to the ACP, you're considered by the suite to be an admin. What you can do as an admin, of course, is determined by individual permissions. 

14 minutes ago, Vikestart said:

I don't like this sort of software behaviour, even if it's about security updates. Don't shove things in our face if we don't want it. It's our responsibility to upgrade, not yours. Making it come back every so and so often would be okay I suppose, such as once every week.

I really hate to seem so blunt and "forceful" about this, but if you don't want to maintain the software and perform your obligation of keeping your users protected - maybe you should consider software from developers that share the security is optional philosophy. As I've mentioned before, we weren't forceful enough in IPB3. As a result, people ignored security notices, perhaps with the "I'll get it later" mentality and not understanding the gravity of the consequences. When they get hacked, few say "we willfully ignored the software update notifications and now your e-mail addresses, profile fields and password hashes are in a dump on a teenager's hard drive." Instead, the software company is thrown under the bus and this was the case even with a couple of prominent clients who were hacked because they were not up to date. 

So, we take feedback as it pertains to how you use the software, how we can make it better and how we can help your community further succeed -- in fact, that's all we do is listen, absorb, decide and implement based on majority interests. Remember, however, our name is affixed to the software and we have certain inherent obligations. At the end of the day, name recognition and reputation play a large role in one's purchasing decision and I'd rather be known as the company that is "pushy" with security updates than the one who takes the "meh" approach and gently reminds you "once every week" that your community is insecure -- at the potential expense of your users and our reputation. 

We don't typically like to close off feedback, but in this case, we're not soliciting further feedback and continuing the topic is only serving to confuse and perhaps unjustly frighten others that would have otherwise been appreciative of the proactive development (not to mention, it's making my head hurt.) Most of us read "critical update" and think "hmm, that looks important... I shall click upgrade." I completely and totally understand there's a few of you that are offended to your core and/or feel there's a principle of the matter involved. Unfortunately, I don't have any further answers for you - but you're welcome to send me hate e-mail/PMs and we'll continue a dialogue.

Another tl;dr recap: Standard updates can be dismissed. Critical/security updates cannot. Such a notice does NOT impact functionality of your community, it does not take the community offline nor require you to click the update button that very second, but it won't go away until you do. That's by design and we're not open to changing that at this time, however, when we revamp admin permissions, we can evaluate incorporating the display of update and license notices to "key admins" only based on the flag. Right now, there is no such (reliable) designation we'd be willing to hang our hats on - an admin is an admin. 

Thank you.