[Suggestion] Re: Reason For Graveyarding
 

This is just a simple suggestion - I'm not sure if it has been made before, probably has IDK... But I think it's an important suggestion. Within my forum communities - I've always valued the concept of keeping everybody in the know - so this is what my "Modification Graveyard" suggestion is all about: transparency and keeping Members in the know.

So... I just visited the following thread: https://vborg.vbsupport.ru/showthread.php?t=220517 ==> 1 post having nothing to do with the closed, graveyarded thread... I've seen rather many posts very similar and it simply gets on my last nerve, seeing ditched threads with no explanation as to what the issue is. It especially drives me nuts when a modification I've actually downloaded and installed on my board has been sent to the graveyard...

Suggest: For each graveyarded thread - Whenever the thread is graveyarded or whatever it's called - the vB.org Staff Member who closed the thread enters into a formfield (at time of closure of course) a brief description of why the thread has been locked, closed, graveyarded, given to the spirit realm, whatever.... That brief description should then show for all registered & licensed Members somewhere within the original post.

I'm sure it's a relatively easy modification to accomplish this suggestion. I think giving a bit of information to us regular folks (read: registered and licensed vBulletin customers who care about the modifications shared in this community) can only go to show that there is a bit of respect on part of the vB.org Staff Members given to us who are interested in knowing why a modification has been swiped away and given no further download priviledge. At bare minimum - some consideration/explanation should be given to those who have downloaded/installed the modification.

Thanks,

Jacquii.

A reason is posted in the thread (visible to staff only) and also sent to the mods Author.

The only time it is really any concern of anyone else is if its been quarantined due to a security issue, in which case the standard precedure includes contacting all members who have downloaded it and/or marked it as installed.

JFYI, excluding security issues, almost all GY mods are either due to author request, or because they no longer have files attached.

Ah - okay - I've just been concerned a few times with trying to delete a modification completely - especially recently after new server migration - and a couple mods had been graveyarded. I had to seek other means to download the mod to see what files needed to be deleted and such... It would be a good idea perhaps that if the mod is still available that it can be downloaded at least to find out the correct uninstall procedure.

Jacquii.

The basic point of a mod being in the GY is that it is no longer available for download.

In the past they were simply removed from public view entirely, the GY was created so that the thread would still be visible, without the mod actually being downloadable anymore.

I know - but that still kinda leaves the people who've downloaded/installed who actually want to totally remove the modification (especially if there's a vulnerability) up s**t creek with no paddle. I like the idea of at least having a paddle with which to row if I'm up s**t creek.

Jacquii.

Ideally, uninstall instructions, or at least a list of all files uploaded or edited along with database changes, would be listed in the first post. That way those instructions would always be available. Unfortunately, we can't make the mod continue to be available for download since that defeats the purpose of removing the modification.

Why don't we all screw our heads on and use a little common sense. We don't allow the files to be downloaded but allow the txt file with the uninstall instructions to be downloaded so that any security issues can be acted upon and dealt with by the people who have the script installed.

It's easy to say that the instructions are in the first post but this is not always the case they are usually in the txt doc.

What your basically doing is sending an email out alerting of an exploit, security issue but not giving the info to the person to uninstall the script and files.

Just a suggestion, I haven't made one of those for a while. :)

Yeah - It's kinda like taking away the kids toy (by recommendation of the FDA of course) without telling the kid that if he bites it, his head may explode... Or in this case - if you don't uninstall it - you could perhaps have some leacherous web trash hacking in to your hard work, exploiting, not giving a damn about the repercussions.

And it's this point alone which would make at least allowing some sort of transparent information share once a thread has been put in the graveyard. Because just slapping a This modification cannot be downloaded. label on the thread without really giving a care for those who might want to promptly uninstall the tainted modification...

IDK... Just seems like an exception to the rule can be made if it goes to benefit the Members of the community. Anyway - without going into detail - I did have to scour the web - finally finding another venue for which to download the modification I had issue with - and me as a licensed member having to go to another vBulletin site in order to download a modification for instructions so that my forum can have no exploits... Well - it seems a bit ridiculous kinda. Perhaps there should be a big bold red note which says Save Your Downloads because You Never Know When It may be Deleted from view. Luckily for my newest forum - I've done just that....

Jacquii.

Actually, at this point, the best thing to do is what Jacquii suggested:
I seem to recall another thread where we went round and round about uninstall instructions and whether we should *require* the users to post them (or, as the user was suggesting, require the moderators to write them). It was eventually decided that that wasn't going to happen. Users also aren't required to actually include a text file with their modifications. I know I have downloaded several with only the product file and then try to remember to copy the first post into a text file to keep with the modification.

Having a graveyarded product available is extremely helpful if one has to do a manual uninstall of it. Personally I think that the mod graveyard itself is just a terrible idea to begin with.

I'm listening to ideas. :) Seriously, I am. What do you suggest we do instead of having the GY?

Dismounted I offered up a solution why don't you allow the txt files to be downloaded only if your listening. Not an idea but a solution that will stop people creating threads that they can't uninstall the product. That's a first step.

we know the version of listening here people will offer up their suggestions and then it's forgotten about.

What I'm basically saying, is, instead of going around in circles there's a partial solution right there before your very eyes unless the response by me was overlooked.

And, don't take this personally as a moan but simply a solution to those who can't uninstall the script and/or don't know all the files to delete or code in the templates to remove.

I understand your only a senior moderator and have to go through the powers that be but that isn't my problem. I would say instead of giving people false hope to a means to an end ensure you have permission to make such promises that a solution will be implemented if the suggestions are being entertained.

I do like the idea of allowing the text file to still be downloaded, Shelley, however there is a problem (or two) with that. First, we need to get everyone to actually write a text file (as I said before, not everyone does), then we need to get them to attach it separately to the modification (instead of, or along with, zipping it up with the product), and then we need to change the code to allow text files to still be downloadable (I'm not involved in the coding here, but I would think that could be done without too much of a problem).

Yeah, I have to agree not everyone does attach the txt file. I'm sure that it would not take 1 minute of the staffs time to extract the txt file from the archive though. And, if by the offchance the uninstall instructions are in the thread then there's no issues members have access to that information and if the uninstall instructions weren't included you did your part and there's no reason for anyone to complain to you and will need to take this up with the author.

I'm not to fussed myself because I document everything (okay I'm BS) though I have a very good memory but others don't and install scripts like they are running out of fashion and before long they don't know what they installed and what to remove when an exploit mail is sent and the panic stations start and the threads about the GY are created.

Shelley,

Dismounted questioned the remark made by Chris where he states that the GY by itself is a terrible idea. You however choose to react on that with again a repeat of your own points, which doesn't answer the question Dismounted asked Chris (not you) at all.

You only repeat the idea that has been mentioned before that we should leave (some of) the files of a deleted modification. This is never going to happen. If the modification was removed on request of the author, then this is his choice to now have his work available for fowdnload on vB.org anymore. As it is his/her work, we have no other option then to remove it. If a modification is deleted because of vulnerabilites, we already sent out a notification to the users.

If the author of a modification wants to assist also his users with uninstalling his work, then he can post uninstall instructions in the thread.

This sounds good in principle - however, not all instructions are in TXT format, and some modifications may have more than one TXT file. I know I personally use "decorative" HTML files. I can think of two possible solutions:

• Allowing the author to "mark" a file as install/uninstall instructions (possibly even files inside archives).
• Mandating that the author paste instructions into a special box.

There are both upsides and downsides to both solutions - and that is what (could) be dabated on by the userbase, and more importantly, the coders themselves.

Also note that, as already mentioned, most modifications are graveyarded because the authors themselves have removed its files - there is nothing we can do (within reason) if this happens.
Look, I push issues up the chain if I think they are important. If certain issues need a bump - I will do that. But as you say yourself, I don't hold all the power to say feature x will be implemented, nor do any other single member of staff.

I said, Allow the Txt file, not some. You really need to start reading what I write marco and not come up with a conclusion that is way off the mark.

It's really that simple, 1 text file to be downloaded giving users information to access the information to uninstall that exploited modification.

Why would you want a customer to remain using a security risk script? I find that that contradicts what this place is all about. Doesn't take much to help people when they do indeed need that help in the way of some vital information. after all, majority of the users on here aren't experienced users otherwise they wouldn't need to come here for support.

Regardless of that marco, these are the threads I do document.


whenever there is an exploit at vb.com there is an announcement, information made available that will help people in fixing that exploit. ;)

Solution: Get rid of the graveyard! There is absolutely no reason that I can think of to even need a graveyard at vB.org - or rather the graveyard with undownloadable modifications. And like Paul said earlier - "JFYI, excluding security issues, almost all GY mods are either due to author request, or because they no longer have files attached." - Perhaps the threads can remain closed and in the graveyard for obvious purposes: there's a security risk, the author requested the thread closed, etc... BUT the archives & files can remain downloadable. That solves the issue of the vB.org Staff spending a minute and a half extracting the txt file (if there is even a text file to extract), solves the issue of if there isn't a text file to extract, one can still locate the extra files uploaded, and solves a realm of other issues.

The idea here is that if there is an exploit or security risk found - then the vB.org Member who has installed the modification can take the opportunity to remove the offending hack :) And as it is - only .org members are allowed download priviledges anyway... I see no reason to make archives no longer undownloadable at all.

Jacquii.

Leaving the files downloadable is not an option as previously posted. The authors own the copyright and if they want to remove it, then this is their right. If we would continue to offer them as downloads we are nothign better then the first warez site.

Meh - That may be true IDK...
But there should be some solution to this issue, as I'm sure not the only person to have voiced such concern. But then again - there are those warez sites that we are most all aware of that will have the archive available for download in abundance - so I suppose I'm making much to do about nothing. Also - warez = free share - vBulletin.org is a free share community - there's something quite ironic about the commonality.

Jacquii.

Warez is free share of work without the copyright holders permission. A minor detail maybe, but it makes a big difference.

Oh - yes - Minor details are fabulous - like the minor detail of protecting vBulletin license holders whenever there's an exploit found in one of the many shared modifications available on the official vBulletin modification site.

Jacquii.

No idea what thats supposed to mean, but Im sure you will delight in enlightening us :confused:

Um - no - in fact I won't.
It's not astrophysics Paul - and really - there's no need to spar round after round for the ultimate conclusion to have been half-answered/case-closed in post #2 :) --- That's called - a boring boxing match. And really - this entire thing is beginning to make me yawn.

Jacquii.

You posted the following:This message is unclear and we have no clue what you are trying to say. It almost looks like you are suggesting that we should sent out warning when a vulnerability is discovered. But i doubt that is what you mean as we already do that for a long time.

Seriously guys - this is not difficult to understand! I have stated previously that I had to scour the net to find a downloadable modification -- which I originally got on vB.org -- BECAUSE the modification was in the vB.org graveyard and no longer downloadable...

So what? You send a vulnerability email out to users... What good does it do...? Especially if the modification required one or more files be uploaded? I'll tell you. It does absolutely no good (or very minimal good) because after receiving the email - I cannot logon to vBulletin.org, download the modification and see the exact uninstall process and/or which files I should delete to make the uninstall process complete.

Understand? It's simple - nothing difficult about the concept at all.

Anyway - asked & answered. Suggested, recommended and considered (HA!) -- Thanks for entertaining the suggestion. :rolleyes:

Jacquii.

Nothing more to be said then, closed.