Combined Effort

Locked
welby
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Fri Feb 10, 2006 3:43 pm

Combined Effort

Post by welby » Thu Sep 07, 2006 1:32 pm

Hi, after the recent spates of security scares etc etc......

Would it not make sense to release Joomla in the way that linux is released? We all know what the best components/modules/ are so why not release Joomla as a package, with an options to install other "approved add-ons"

This way the "release" would be verified as all working together in harmony, instead of the stiuation we find ourselves in of late. I just find that if you create a Joomla website using components other than the supplied core, you are at risk of compromising your integrity and security of you website. The scenario is: Joomla releases new version, now we find that some of our components/modules don't work or have limited functionality, then we frantically search for fixes, "official" and "unofficial".

It would mean that the major contributors would need to satisfy that their contributions conform to "Compatibility Guidelines" and would have to be tested to reach that compatibility. The benefit that we would have a Joomla that works right out of the box, together with recognised components/modules that are guranteed to work with the core Joomla product.

Yes I know Joomla relies on the contributions of many hours of unpaid work by dedicated individuals. I just fear that if Joomla is not careful, people will look for an alternative solution that offer a more secure option.

Right now I have visions all the IT fraternity frantically patching and fixing their Joomla installations, many of which are multi-installations for some.

For me, my simple requirements are as follows:

True ACL implimented
Integrated Community/Members
Members Calendar
Automatic online verfied upgrades ( similar to Linux RPC)

I know everyone's requirments are different which make it difficult when coming to priorities, but lets at least get the basic core right to please most folk.

Kind regards

Welby

User avatar
Hackwar
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3783
Joined: Fri Sep 16, 2005 8:41 pm
Location: NRW - Germany
Contact:

Re: Combined Effort

Post by Hackwar » Thu Sep 07, 2006 9:14 pm

You can have your Joomla distribution when you pay for it, I'm sure. I don't know a lot of distributions that are maintained regularly, are up-to-date and don't have REALLY big companys behind them that pay big money for this. Besides that, this is what OS is. You will have to live with it. The Joomla team surely can't do the work. Otherwise I see us with 1.0 for another year and with 1.5 for 5 years. But I want my Joomla 2.0 in 1 year!
god doesn't play dice with the universe. not after that drunken night with the devil where he lost classical mechanics in a game of craps.

Since the creation of the Internet, the Earth's rotation has been fueled, primarily, by the collective spinning of English teachers in their graves.

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11771
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Combined Effort

Post by brian » Thu Sep 07, 2006 9:19 pm

Or you end up with the situation tht debian is in.

By shiping with all "verfied" applications for the OS they are not only several versions behind but have bloated into a distro that fits on 15 cds.

s opposed to ubuntu which is based on the same core as debian but ismore upto date and yet there set of applications that everyone needs reduces the OS distribution to a single CD


(I do however agree with you about the need for  a method of online automated AND verfied downloads/upgrades - iirc this was a SoC project)
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

welby
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Fri Feb 10, 2006 3:43 pm

Re: Combined Effort

Post by welby » Fri Sep 08, 2006 8:23 am

Hi, great comments and I respect you for them.

I would be happy to pay for a good core product, but please lets not go down the route of debian.

After trawling the forums here, rightly or wrongly I just sense the vibes that many Joomla users would love to have the core functionality of Joomla extended to incorporate the most popular features which are only available as "add-ons".

I'm not advocating that the Joomla development team take on the work themselves, but more about working in harmony with the most popular producers of favourite components/modules.

Would it not make sense to release a "dev" version to these valuable contributors before the core Joomla is released to all. That way contributors would have time to make sure that what they developed was compatible with the core. Therfore avoiding the mad panic that seems to be happening now. Any contributor that didn't validate their product should then go on a list as not tested as compatible, so that the end-user could make a judgement as to whether or not, risk installing it.

I always remember my parents saying "if it's worth having, it's worth waiting for". It's just reinforces my thinking that maybe Joomla releases should be handled in a different manner.

And please let's do away with the release/installation method and incorporate an update mechanism that would also verify that what your actually putting on your servers is correct and correctly stated file permissions. And as an added bonus a "roll-back" method should things go wrong.

For me I only run one website and that was grief enough to get everything working again after updating to Joomla v1.011. I spent over three days putting things right. I did at one point, get very frustrated with Joomla. So much so that I have taken the decision to strip out all non-essential third-party components.

Where needed I have now sourced alternative "stand-alone" products and hooked them into Joomla. The rational behind this is that when Joomla updates again I won't need to spend a lot of time debugging the site. I have sourced external things such as membership system, calendar, advertising, events calendar etc etc.

I just feel sad that I have had to resort to these means to enable my website to remain live to keep my 2000 registered users happy.

User avatar
Hackwar
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3783
Joined: Fri Sep 16, 2005 8:41 pm
Location: NRW - Germany
Contact:

Re: Combined Effort

Post by Hackwar » Fri Sep 08, 2006 1:51 pm

I think you don't understand the situation we have here. Joomla 1.0.11 didn't change a bit. The only thing that it changed, besides patching up some security holes, was showing the warning in the backend about unsecurely configured servers and the emulation. Now people finally realised, that they have to do a little bit more to their server then just put Joomla on it and never look anywhere else. Its like with a car. You can buy it and drive it for years, but don't come complainin when it had a break down just because you didn't go to a mechanic on a fairly regular basis and filled up the oil. Now Joomla has added this nice little warning that every new car has: "You have to do some stuff for your car to work properly and securely!"

The extensions that are broken due to the rg_emulation = off are not worth the disk space they are using. The handling of input variables and not relying on register_globals is the really most basic thing. I can't even express how basic it is. The tutorial on how to create a component is years old. It has been around for years even in Mambo days and the VERY FIRST listing in that tutorial shows the usage of mosGetParam(), which would make ALL these problems of not working extensions obsolete. Just because the third party devs can't even use the tools the Joomla team provides them with, does not make Joomla bad. This is not something the Joomla team is responsible for or could change. The only way would be, by checking each and every line of code of every extension out there and certifying them. And thats something not possible to be achieved by the man hours we have. And quite basically, I don't want to do the job. Both because I don't want to and because its the job of the developer and not mine.
god doesn't play dice with the universe. not after that drunken night with the devil where he lost classical mechanics in a game of craps.

Since the creation of the Internet, the Earth's rotation has been fueled, primarily, by the collective spinning of English teachers in their graves.

welby
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Fri Feb 10, 2006 3:43 pm

Re: Combined Effort

Post by welby » Fri Sep 08, 2006 2:11 pm

Hi,

thank you for pointing me in the right direction as far as responsibility for compatibility of 3rd party components and modules lies.  :-[

The basic point I was trying to make was: Can we please have some added functionility added to the core product so as to avoid compatibility problems in the future with upgrades?

That way us mortals would not need to rely on developers that do not follow basic instructions to get extra functionality.

Does that not make sense?

User avatar
Hackwar
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3783
Joined: Fri Sep 16, 2005 8:41 pm
Location: NRW - Germany
Contact:

Re: Combined Effort

Post by Hackwar » Fri Sep 08, 2006 2:32 pm

And here lies the problem. A lot of people allready think that we would need a Joomla lite and they want to reduce functionality. Others want to have way more features and the core team tries to fulfill both demands by finding a nice way between both parties.
god doesn't play dice with the universe. not after that drunken night with the devil where he lost classical mechanics in a game of craps.

Since the creation of the Internet, the Earth's rotation has been fueled, primarily, by the collective spinning of English teachers in their graves.

User avatar
pollen8
Joomla! Explorer
Joomla! Explorer
Posts: 350
Joined: Wed Aug 17, 2005 10:32 pm
Location: la Rochelle - France
Contact:

Re: Combined Effort

Post by pollen8 » Mon Oct 02, 2006 9:05 pm

Would it not make sense to release a "dev" version to these valuable contributors before the core Joomla is released to all. That way contributors would have time to make sure that what they developed was compatible with the core. Therfore avoiding the mad panic that seems to be happening now.
The 1.5 code base of Joomla is available to those developers via SVN.

@ Hakwar
Joomla 1.0.11 didn't change a bit.
hmm although you're technically correct, i think the addition of the spoof code caught quite a few by suprise (e.g. any component/module that overrode the 1.0.10 Joomla login fell over - I can think of a couple of mine that did this as well as virtuemart) -
aka


Locked

Return to “Wishlist Archives - Archived”