Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback

Reply
 
Thread Tools Display Modes
  #11  
Old 03-25-2007, 10:40 PM
Distance's Avatar
Distance Distance is offline
 
Join Date: Jul 2006
Location: Boston, Uk
Posts: 725
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If I ever wished to remove anything I would be shocked to get a reply saying they will not remove my work.

However this is a good thread to bring up the problem with simply removing vulnerabilities.

If a vulnerability is found you simply remove the thread. I feel this is not the way to go as this will confuse users and the others won't know of the exploit leaving many forums hackable.

I feel the way to go is remove the download and instruction parts to the thread, add a big note at the bottom and close the thread.

If you wish have the thread url just redirecting to a vulnerability error page.

Also when you remove a modification users have no idea what they uploaded or what changes they made to install it meaning they have no idea how to uninstall!!

I feel this is also a big problem. The ideal thing to do would be to make something that would tell them how to uninstall and a list of the files. Also a mail of all the installs telling them of the exploit.

Feedback?

Distance
Reply With Quote
  #12  
Old 03-26-2007, 07:30 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

We already do email all members that have clicked Install if a vulnerability is found.

You say that you want us to:
A) Remove the download
B) "when you remove a modification users have no idea what they uploaded or what changes they made "

Is that not he same result?
Reply With Quote
  #13  
Old 03-26-2007, 07:53 AM
Talisman's Avatar
Talisman Talisman is offline
 
Join Date: Aug 2002
Location: USA/West Coast
Posts: 371
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

While I agree that the mod, itself, belongs to the author (always) and that work can be withdrawn at his or her choosing... that ownership should not extend to everyone else's posts submitted to the related support thread...... which also becomes a discussion thread of it's own. The rest of "our" posts either belong to us or to the vBulletin.org site, depending on whatever it says in the terms for this site.

On another issue... what good does it do any of us if it's okay for someone to release a hack one day and then wipe out the entire thread whenever they want to? Isn't it in our better interest as a hacking community to encourage the coders willing to leave behind their body of work if they decide they don't want to keep doing it ... and be less encouraging to those who think it's okay to yank out chunks of our hack forum if they get mad at someone and decide they want nothing more to do with this place?
Reply With Quote
  #14  
Old 03-26-2007, 08:06 AM
Distance's Avatar
Distance Distance is offline
 
Join Date: Jul 2006
Location: Boston, Uk
Posts: 725
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Marco van Herwaarden View Post
We already do email all members that have clicked Install if a vulnerability is found.

You say that you want us to:
A) Remove the download
B) "when you remove a modification users have no idea what they uploaded or what changes they made "

Is that not he same result?
Marco, if a vulnerability is found you obviously need to remove the download.

However a list should be replaced there (as said a) on the files that was uploaded and the install instructions.

Distance
Reply With Quote
  #15  
Old 03-26-2007, 11:21 AM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ATM any removed modifications go to a private "Graveyard" that only staff have access to.

However, we are looking at the possibility of a public archive where some could be moved to, where you would still be able to read the threads, but not access the downloads.
Reply With Quote
  #16  
Old 03-26-2007, 01:36 PM
Reeve of shinra's Avatar
Reeve of shinra Reeve of shinra is offline
 
Join Date: Oct 2001
Location: NYC
Posts: 1,896
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I understand this is a tricky issue but I firmly believe that its against the best interests of the community if modifications can be arbitrarily removed.

Maybe there should be a "VB modification license" which modifactions posted here should be released under. The license can hopefully take into consideration many of these sticking points that keep occurring.

... and thats my 2 cents.
Reply With Quote
  #17  
Old 03-26-2007, 02:20 PM
Distance's Avatar
Distance Distance is offline
 
Join Date: Jul 2006
Location: Boston, Uk
Posts: 725
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M View Post
However, we are looking at the possibility of a public archive where some could be moved to, where you would still be able to read the threads, but not access the downloads.
Thank you!
Reply With Quote
  #18  
Old 03-26-2007, 02:28 PM
d8tabyte's Avatar
d8tabyte d8tabyte is offline
 
Join Date: Nov 2005
Location: Michigan
Posts: 239
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Talisman View Post
While I agree that the mod, itself, belongs to the author (always) and that work can be withdrawn at his or her choosing... that ownership should not extend to everyone else's posts submitted to the related support thread...... which also becomes a discussion thread of it's own. The rest of "our" posts either belong to us or to the vBulletin.org site, depending on whatever it says in the terms for this site.
Good point here
Reply With Quote
  #19  
Old 03-26-2007, 02:41 PM
Princeton's Avatar
Princeton Princeton is offline
 
Join Date: Nov 2001
Location: Vineland, NJ
Posts: 6,693
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

In an idea world, leaving the information open to the public is a good choice.

HOWEVER

While this is helpful, it can also put our members (installers) at risk. For example, a scrupulous hacker can come along .. deduce who has vulnerable modification installed and cause havoc.
Reply With Quote
  #20  
Old 03-26-2007, 02:45 PM
d8tabyte's Avatar
d8tabyte d8tabyte is offline
 
Join Date: Nov 2005
Location: Michigan
Posts: 239
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Couldn't they just do that by looking through the countless threads that say "omg this hack was removed because of a vulnerability!?"

Removing the hundreds of support posts under a mod won't make the mod any more secure - remove the files, lock the thread with a final post stating the mod was removed due to vulnerability and all future support is ceased until a secure version can be released

just my opinion
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:34 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05176 seconds
  • Memory Usage 2,256KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete