Yes, but isn't that basically what we have now?
Making two seperate options would be an option, allthough I feel it would confuse a bit.

Whatever is decided, it won't be put into place until 3.5 goes Gold anyhow.

Not, what you have now disallows viewing who installed this hack, like it was before.

...which is basically what we have now. Except that it's not labeled as a subscription...

So why not use that? Restore "who installed this hack", and use a button for security notifcation.

Why disable the feature, if you have the option to either subscribe to the thread, subscribe for security updates, and/or click install the hack.

If it's trivial, why disable a non trivial feature, to avoid implementing a trivial one?

Not sure if you understood me correctly, what I wanted to say was that what the install button currently does is work in the way you described above, not that it's actually using the subscription system.

Having said that, I don't understand what you mean by disabling a non trivial feature.


Repeating myself, this won't be implemented until 3.5 and even then we have other features that will most likely have a higher priority.
I'm sure we'll reconsider your suggestions at a later date, but at this time it's not really an issue.

Still, thanks for your comments/input. :)

What I meant was:

1. There was a "who installed this hack" system, prior to 3.5. This is a major feature, non trivial., and many here found it useful.

That system was removed, because you think it represents privacy and/or security issues to a limited number of uses who think removing that feature from everyone will protects them somehow.

2. There are trivial meathods to control and address those fears. Thread subscription, install button with hack update emails, and a security notification email. And of the 3, or combo thereof, are trivial solutions, that can resolve that issue. Someone with extreme concerns and does not want anyone to know they installed a hack, and does not want to subscribe to a thread, can still subscribe to a security update notification, without revealing the fact they installed a hack.

Implementation is not an issue, IMHO, since nothing new needs to be done. It's an existing hack that just needs to be re-installed if vb.org ever decide to change this "privacy" policy.

1. Is not removed "prior to 3.5". If it has ever been removed, it was more then a year ago.

2. That is exactly how it is working now, and already have been working for a long time.

1. Removed "more than a year ago" still means "removed". Prior to 3.5 is to illustrate you really don't need to "implement" anything, or wait for 3.5.

2. No it's not. You only have thread subscription, ans send updates. A 3rd notification, as explained, is needed, if extreme privacy was the real reason.

The list of of members to send a security update is exactly the same as the list of people to send an update to. It is just a matter of using a different text. There don't need to be a seperate feature for sending an update or a security warning.

I personally think there's no need to seperate them.

But you will need to seperate them if you are convinced about this priavacy issue, and still want to allow send update, without showing that person as someone who installed the hack.

But this privacy protection is a two-edged sword. You say you don't want to reveal the person as someone who installed a hack. Yet you display that information if they reply to the thread for support.

This means they cannot seek support from the author in a thread, since they will be "exploited" or "exposed", so they resort to PM's and emails, which is more work for the author, who is not allowed to see them as soemone who installed the hack......

I can live without that feature, but it's a shame not to have it, and the various reasons given so far don't make any sense, at least to me.

Hmm ... no. If I click Install but never post in the Thread, nobody knows that I do have this Hack installed. So Updated Notifications and Security Warnings are the same basically.

Right. But that's the users decision: If he posts in the Thread he is aware that others know he is using the Hack.

IMHO, it's not important to have a list of Users who are using a Hack.
On the other Hand I do understand why there is request for such a feature.

Umm, no, it will show in the "who installed this hack". As stated a few times above, there will need to be alternative notification, if, as promised, that feature will be reinstated in the future.

The third notification is to help those who don't want to click install, don't want to subscribe to thread, yet still expect to get security updates. If that's what vb.org is worried about, a 3rd notification can address that concern.

Yes, it is, and it will put you, as the developer, in the position of supporting them by PM, or being "rude" and telling them they have to post to that thread to receive support.

Which gets us back to the extreme lengths we're going through, to protext a few members sense of false security. They have the right to be too cautious or paranoid, but they need to keep tabs on security updates. They have to do it for vB, Apache, PHP, their control panels etc., so why not keep tabs on vB hack updates.

There is no "who installed this hack", there have been no promise that it will be reinstated, nor is there a need for an alternative notification.

I doubt there will ever be a notification for those who don't click on installed.


And can we please get this discussion back to normal proportions (or better just stop):
- There is no need for a coder to see the names of those who have installed. It is just curiosity.
- Everything that is needed is already in place and working as designed.
- There won't be any non-urgent changes made to this site until vB3.5 Gold.

The is a need, if the reasons given were valid. If there are other reasons beside the ones stated, then maybe.

Not sure what that means.

There's no need for most hacks here either. I can click on other dev's profiles, and see what hacks they wrote, because I'm curious, and enjoy this feature. But I don't need to see them.

Our needs vary, that's we open feedback areas.

No one said it's urgent, at least not me.

There is no "Who Installed" Hack, and most likely will never be again.

AFAIK nobody promised that.

Now, could you please just accept our decision and stop arguing?
Thank you.

While you've all gone off on a tangent, i would like to show my support for a list (for hack authors) to show who's installed their hacks, i actually think it's an injustice that we can't see who's using our work, we put in the effort to release em so surely it's not much to ask to see who we're benefitting.

No one so far stated it was a made decision. But now that you say it is, I will definitly accept it.

Just for the records:

https://vborg.vbsupport.ru/showthread.php?p=726679

Just for the record, the wasn't the only quote, nor the whole post, nor the only statement by vb.org staff on this matter. :)

I do accept the decision, just don't know which of the reasons stated is the real reason, if any. First was privacy, then security, then implementation.

You have to realise that it's best not to give a reason, than argue different reasons, if you have already made a decision, and aren't open to other views.


------------------ Message auto-merged ---

O.k., I hope no one considers this further arguing :) I just thought this is a new option, that may remove some of the concerns.

If a member has a concerns about privacy and/or security, they do have a simple option. They can leave the home page field in their profile empty https://vborg.vbsupport.ru/external/2011/07/3.gif

This way, even if their username shows up as having installed a specific hack, no one knows their home page or forum, so the information would be useless, and does not present any concerns for privacy or security.

Me ducks :)

Wow... :)

Put it this way, if a hack has a security exploit, and a bad person finds out, if there is a list, he can very easily go to each site and attempt to exploit the loophole.

Hence why there is no list, and why the old list which we had was removed. (Members didn't want to be on the list too - they contacted to be removed, but still wanted to get hack updates).

The hack author can still see who has installed his hack, but we assume the hack author is not a bad person. :)

One thing I DO miss is the ability to see how many people have downloaded the attachments. Many people don't click install, and I always prefered the downloaded stats.

how about a UCP option "don't show me in install lists" checked default to all members.

I can do that in my usercp. not sure you mean unique members

Erwin, doesn't any of you guys (vbulletin.org) at least find it curious that you have to go to these lenghts, while vbuleltin.com doesn't do any of that? There has been exploits to vbulletin in the past, and they have never delisted any of the forums on their directory, in sigs, or in user profiles....

When vbulletin has an exploit, they just post a release in the announcement area, that's it.

If those who contacted you to remove that hack had the courtesy to just not flaunt their URL in their profile and sigs, the rest of us don't have to deal with their paranoia.

Cool. I didn't know about that. I was just looking for the number in the postbit that used to be there.

But it resets to zero after each new version :)

so how comes theirs no list for hack authors then?

***sigh***

In that case a list CAN be provided for the HACK AUTHOR ONLY.
That's what were saying all the time already. Or have I missed something? :ermm:

Yes you missed something.

The numerous replies stating that even giving the only hack author access to the list of names is not going to happen. And if it ever will be done, then it will for sure not be until 3.5 Gold and will have a very low priority.

Ok, if everything is so sure about this,
Close the thread and avoid 5 pages of discussion if it will result in nothing :/

from what i've read that's the only time that's been stated so clearly :)

To clarify:
I meant that if this is implemented, it will not be before 3.5.

Please excuse me for formulating it unclearly. :)

Bad Colin :p

Satan

73 reply's on one single question w0oot! :)

Not a surprise if that single question is repeated 36 times.

... and the same lame answer is churned out 36 times. :rolleyes:

What is shows is that multiple people would like the option, and vb.org seem to have little interest in listening. I can't, off the top of my head, think of a single time when you don't seem to argue against requests for change - and the excuses in this thread border on pathetic.

If you really believe that hack authors are going to use a list [on here] to try and find out which boards have their faulty hack installed - for exploit purposes - then you are living in paranoia land. There are far easier ways to do this.

Clearly we are wasting our time asking for any changes, but for the record, my main reason/interest is in the installation pattern - I want to see the date/time of each install - to see the pattern over time. Why ? - because I do - and - since I have spent the time writing and releasing it, why shouldn't I see who's using it ?

It isn't, everyone is stating his/her opinion on the fact.
That isn't forbidden is it.

That would make 72 reply's instead of 73 :rolleyes:

Date/time patterns that is something that i can understand it could be usefull, especially if you have updated your hack a few times.

And people have been getting the same 'lame' answers because they make the same request over and over, without providing any new motivation for it. (BTW it isn't that many people requesting it, it is more the same few people asking teh same question over and over).

Somewhere in the beginning a question was asked, that all requesters have been ignoring:
- Give us 1 good reason why it would benefit the community if coders can see the names. And 'because i like it' is NOT a good reason if you ask me. All other reasons given, like sending a security notice, have no need at all to see the names.

And about asking for any change, if good enough motivation is given, it will always be considered. This don't mean that any request would be fullfilled.

Precisely.

Why does everything have to 'benefit' the 'community' ? (aren't we part of this community ?). Some things are just nice to have. :)

So how about a compromise then - display a list of each installs date/time, without the name (or to be really smart, display the name if they have posted in the topic) :)

Sorry, couldn't resist answering this ;)
Have a look at this: https://vborg.vbsupport.ru/misc.php?...threadid=91039

Not that many people anymore, as a few people have posted multiple times...


To conclude: I'm sure we'll review this when the appropriate time comes. Decisions won't be made before that, so I don't think it'll help to continue discussing this. But do whatever you like :)