Re: [SMW-devel] Security backports
On Thu, May 16, 2013 at 3:43 PM, Jeroen De Dauw wrote: > Hey, > > Great. So all security fixes in master are always backported here? >> > > They should be yes. If this does not happen, feel free to shout at me. > > > I was basing this off of past experience, where wikis I managed were often >> broken due to SMW running trunk. >> > > If it does still break at some point, make some noise, and the fix/revert > will probably arrive pretty quickly. > > > Sounds good. Thanks! - Ryan -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] Security backports
Hey, Great. So all security fixes in master are always backported here? > They should be yes. If this does not happen, feel free to shout at me. I was basing this off of past experience, where wikis I managed were often > broken due to SMW running trunk. > If it does still break at some point, make some noise, and the fix/revert will probably arrive pretty quickly. Cheers -- Jeroen De Dauw http://www.bn2vs.com Don't panic. Don't be evil. -- -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] Security backports
On Thu, May 16, 2013 at 3:29 PM, Jeroen De Dauw wrote: > Hey, > > > So... is the 1.8.x branch currently secure, or insecure? > > Apart from master it is the most secure branch we have. > > Great. So all security fixes in master are always backported here? > > > Using master isn't really an option as breaking changes land very often > in SMW. > > What kind of breaking changes are you talking about? From a user > perspective there are very rarely changes that break existing usage. And > master should not contain real broken code. Since we used to not have > tests, not have CI and not have reviews at all as short as a year and a > half ago, the later point used to not be respected as much as it is now. > > We have a lot of people running master, including some that got some > random revision and then did not update for a long time: > http://wikiapiary.com/wiki/Extension:Semantic_MediaWiki > > Good to know. I was basing this off of past experience, where wikis I managed were often broken due to SMW running trunk. - Ryan -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] Security backports
Hey, > So... is the 1.8.x branch currently secure, or insecure? Apart from master it is the most secure branch we have. > Using master isn't really an option as breaking changes land very often in SMW. What kind of breaking changes are you talking about? From a user perspective there are very rarely changes that break existing usage. And master should not contain real broken code. Since we used to not have tests, not have CI and not have reviews at all as short as a year and a half ago, the later point used to not be respected as much as it is now. We have a lot of people running master, including some that got some random revision and then did not update for a long time: http://wikiapiary.com/wiki/Extension:Semantic_MediaWiki Cheers -- Jeroen De Dauw http://www.bn2vs.com Don't panic. Don't be evil. -- -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] Security backports
On Thu, May 16, 2013 at 3:06 PM, Jeroen De Dauw wrote: > Hey, > > Until very recently we did not have stable branches to which we backported > anything. This was mainly due to lack of dev manpower. With the last big > release (1.8) we decided to try and maintain a branch to backport things > to, which we named 1.8.x. The general notion here is to backport all > non-trivial fixes that can easily be backported, esp if they are > significant such as is always the case with security related bugs. Though > that is the goal, we have only backported a limited number of things so > far, and could do better. Then again, there are many other things we ought > to do better, and only so little time people have. > > Personally I've been wanting to do a new minor release ever since the fix > you are talking about, though have not found the time so far. We need more > devs! :) > > So... is the 1.8.x branch currently secure, or insecure? If it's insecure, what alternative is there? Using master isn't really an option as breaking changes land very often in SMW. - Ryan -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] Security backports
Hey, Until very recently we did not have stable branches to which we backported anything. This was mainly due to lack of dev manpower. With the last big release (1.8) we decided to try and maintain a branch to backport things to, which we named 1.8.x. The general notion here is to backport all non-trivial fixes that can easily be backported, esp if they are significant such as is always the case with security related bugs. Though that is the goal, we have only backported a limited number of things so far, and could do better. Then again, there are many other things we ought to do better, and only so little time people have. Personally I've been wanting to do a new minor release ever since the fix you are talking about, though have not found the time so far. We need more devs! :) Cheers -- Jeroen De Dauw http://www.bn2vs.com Don't panic. Don't be evil. -- -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
[SMW-devel] Security backports
I recently noticed that a vulnerability we had fixed in SMW master hadn't been applied to any of the stable branches. We pushed it into the stable branches and merged it. This made us wonder how things were being handled, though. Are security fixes that go into master also applied in the stable branches? What's the security release process of SMW? - Ryan -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] branch policy
Hi, No objections, eradicate those that are not needed. Cheers On 5/16/13, Jeroen De Dauw wrote: > Hey, > > Master has the latest code and holds 1.9 alpha. > > 1.8.x holds the latest code for the 1.8 branch. > > These are all relevant branches for current development. > > We also have 1.9.x which might confuse people a bit and which therefore we > ought to get rid off since it is obsolete anyway. James - any objections > against this? > > There is also a querycache branch which Nischay was working on - similarly > it can probably be removed. Nischay? > > https://github.com/wikimedia/mediawiki-extensions-SemanticMediaWiki/branches > > Cheers > > -- > Jeroen De Dauw > http://www.bn2vs.com > Don't panic. Don't be evil. > -- > -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d ___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] branch policy
Hey, Master has the latest code and holds 1.9 alpha. 1.8.x holds the latest code for the 1.8 branch. These are all relevant branches for current development. We also have 1.9.x which might confuse people a bit and which therefore we ought to get rid off since it is obsolete anyway. James - any objections against this? There is also a querycache branch which Nischay was working on - similarly it can probably be removed. Nischay? https://github.com/wikimedia/mediawiki-extensions-SemanticMediaWiki/branches Cheers -- Jeroen De Dauw http://www.bn2vs.com Don't panic. Don't be evil. -- -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] branch policy
Thanks James! - Yury Katkov, WikiVote On Thu, May 16, 2013 at 4:43 PM, James HK wrote: > Hi, > > You only need the master branch (which runs all necessary unit tests), > all others are for internal use (1.9-features isn't used at all as > certain features are not handled differently) > > Cheers > > On 5/16/13, Yury Katkov wrote: >> Hi developers! >> >> The current version of SMW is 1.8, but in gerrit I can see the >> branches that are called 1.9 and 1.9-features. Plus of course we have >> the "master". WHere is the most recent code and how all these branches >> differ from each other? >> - >> Yury Katkov, WikiVote >> >> -- >> AlienVault Unified Security Management (USM) platform delivers complete >> security visibility with the essential security capabilities. Easily and >> efficiently configure, manage, and operate all of your security controls >> from a single console and one unified framework. Download a free trial. >> http://p.sf.net/sfu/alienvault_d2d >> ___ >> Semediawiki-devel mailing list >> Semediawiki-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/semediawiki-devel >> -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d ___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
Re: [SMW-devel] branch policy
Hi, You only need the master branch (which runs all necessary unit tests), all others are for internal use (1.9-features isn't used at all as certain features are not handled differently) Cheers On 5/16/13, Yury Katkov wrote: > Hi developers! > > The current version of SMW is 1.8, but in gerrit I can see the > branches that are called 1.9 and 1.9-features. Plus of course we have > the "master". WHere is the most recent code and how all these branches > differ from each other? > - > Yury Katkov, WikiVote > > -- > AlienVault Unified Security Management (USM) platform delivers complete > security visibility with the essential security capabilities. Easily and > efficiently configure, manage, and operate all of your security controls > from a single console and one unified framework. Download a free trial. > http://p.sf.net/sfu/alienvault_d2d > ___ > Semediawiki-devel mailing list > Semediawiki-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/semediawiki-devel > -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d ___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
[SMW-devel] branch policy
Hi developers! The current version of SMW is 1.8, but in gerrit I can see the branches that are called 1.9 and 1.9-features. Plus of course we have the "master". WHere is the most recent code and how all these branches differ from each other? - Yury Katkov, WikiVote -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d ___ Semediawiki-devel mailing list Semediawiki-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
