Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Older Versions in Addon DB

Just a suggestion :)

I've noticed that in the db there are a couple of versions of the same addons for download. I think that only the most recent version should be listed. If a new version has been released, it's usually a bug fix or improvement of some sort.
Which ones are old please?
I think he means that you should allow developers to update their infusions from the "Addon Dashborad", instead of resubmitting them as new ones. (Of course updates have to be verified)
This will be available in new AddonDB currently under construction

Quote

Philip wrote:
This will be available in new AddonDB currently under construction


Great.

Quote

khalid545 wrote:
I think he means that you should allow developers to update their infusions from the "Addon Dashborad", instead of resubmitting them as new ones. (Of course updates have to be verified)


This is what confused me about the current method. Why should they be verified after its been verified the first time? Its on the developer to keep them working and has nothing to do with PHP-Fusion site itself. Plus you already have a bug report button on the mod which should technically email / PM the developer when users submit one. This way it doesn't take away from the PHP-Fusion team resources. We build them so technically we support them. Maybe add functionality for us to update the add-on and submit patches to them for users to download once the initial release is known to be working. At least keep it so we can update for a certain PHP-Fusion version. Example: When PHP-Fusion 7.02 comes out force developers to go through the review process again but to update the original 7.01 release with patches we should be able to just publish an update. Just a thought / opinion. :) I think it would make it much smoother to publish the updates here and people who use PHP-Fusion would feel more comfortable since they can see updates more often for security patches / bug fixes etc. The only reason i have this opinion is because it took 6 days for my mod to be reviewed. If a mod has a security flaw and i resubmit a release i have to wait 6+ days for it to be reviewed instead of having it published to the community immediately through the infusion admin panel which notifies people there are updates for infusions etc. This way more sites get patched more often which gives admins piece of mind.

PS: Thanks for the awesome CMS! I always end up going back to it due to its ease of use!

Quote

Krazyone wrote:
This is what confused me about the current method. Why should they be verified after its been verified the first time?


An updated version can have security holes and functionality issues just the same as the original submission.

Quote

Example: When PHP-Fusion 7.02 comes out force developers to go through the review process again but to update the original 7.01 release with patches we should be able to just publish an update.


You're assuming the original authors returns here on a regular basis, this is not always the case.

Quote

The only reason i have this opinion is because it took 6 days for my mod to be reviewed.


We have you guys spoiled :P
In the past on the old mods site it regularly took up to a month or more. This is an open source project, meaning the approvers are doing it in their own spare time. We have come a long way for sure, but you can't expect the level of "service" you'd get from a commercial company.

Quote

If a mod has a security flaw and i resubmit a release i have to wait 6+ days for it to be reviewed instead of having it published to the community immediately through the infusion admin panel which notifies people there are updates for infusions etc


There's nothing to stop you posting a security patch or other important info in the support forum or the comments under your addon. However, for us to officially sign off on it, it has to be tested.

We make no apology for ensuring security and quality in anything we offer here to the public with the PHP-Fusion ""seal of approval". There are plenty of sites out there offering addons for downloads with little or no quality control.

Quote

PS: Thanks for the awesome CMS!


You're welcome :)
If a Security Exploit or venerability is discovered in an addon it would be the Addons Authors Job to patch it as quickly as possible and to notify a member of the Addons Approval Team. The Addons Approver would then make it a priority to get the download updated as soon as possible. In any other case Addons are checked when addon approvers have time, no priorities are taken and not time estimates are given, like Philip said we do it in our spare time.
Well spoken. :)

Quote

Philip wrote:
You're assuming the original authors returns here on a regular basis, this is not always the case.


I have used most Open Source CMS systems and currently support like 30+ sites using Drupal, Fusion and Joomla. I was just thinking of how they do it for Drupal. Its marked per version and the developer can upload and maintain there own add-on. If it becomes obsolete / out-dated then it gets removed and no longer is a supported add-on. With this there would be less resources used by admins & moderators of PHP-Fusion so you can support others with actual site issues and enhancements for future releases.

Also just to note, with the feature that PHP-Fusion has which checks for updates to infusions it would be worthwhile at least to link to download the update from the admin panel itself. This way admins can have a way to check there infusions are up to date via there own site and not have to surf around on the mods sites to find updates etc.

Quote

Krazyone wrote:
If it becomes obsolete / out-dated then it gets removed and no longer is a supported add-on


It cant be removed if its AGPL hehe.

All things licensed under AGPL must be publicly available. However it can be not supported.

Quote

Fangree_Craig wrote:
If a Security Exploit or venerability is discovered in an addon it would be the Addons Authors Job to patch it as quickly as possible and to notify a member of the Addons Approval Team. The Addons Approver would then make it a priority to get the download updated as soon as possible. In any other case Addons are checked when addon approvers have time, no priorities are taken and not time estimates are given, like Philip said we do it in our spare time.


Which enforces the point i made. Delay in a release of a security patch means more sites vulnerable which means people are less likely to use the CMS because of its lag in security patches. I for one dont like searching forums for updates. Sorry i guess its just me. Plus like i noted you check for updates to infusions in the core system so why not utilize this and make PHP-Fusion more proactive in this respect.


PS: I know i seem hard headed but my site was just sql injected and it looks to be from the calandar infusion / mod. It has been redirecting people to porn sites for last 2 days and i have been trying to figure out how it happened. I had the latest version released but who knows if he pushed out an update to fix it as it might be pending approval. Until then i had to remove the mod totally from my FTP as its being hit like 6000 times a day for vulnerabilities.
The way I see it, if you are going to use an infusion or mod on your site then it is your job to make sure the infusions and mods are up to date and is your job to search for updates.

Quote

Fangree_Craig wrote:
The way I see it, if you are going to use an infusion or mod on your site then it is your job to make sure the infusions and mods are up to date and is your job to search for updates.


All i got to say is wow. If that is the future of PHP-Fusion then that is sad. You curently provide the medium (PHP-Fusion Core) for the infusions AND you provide the central add-on database. What is the point in having an add-on db + the admin feature to check for updates if your not going to build on it and make it better? Pointless... Yes... As i see it most of my clients are worried about updates and patches so there sites are not vulnerable. I will refer them here to your reply so they know its there problem and nothing is being done about it. Thanks for the info. Have a nice day.
Thread Information
Author
Replies
13 posts
Views
1,016 times
Last Post
Last updated on 9 years ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Craig, Krazyone, HobbyMan, arat, khalid545