Who installed the hack.

[Colin F]

Quote:

Originally Posted by tamarian

This is vbulletin.org, which is hacked to death. It's trivial to add a "send security update", that is merely a special case of notification.

You can just say "we don't want to do it or put it back", and it would be your prerogative. But the reasons given are too weak, IMHO, considering that they are no protection, and can be address if necessary by trivial changes.

Yes, but isn't that basically what we have now?
Making two seperate options would be an option, allthough I feel it would confuse a bit.

Whatever is decided, it won't be put into place until 3.5 goes Gold anyhow.

[tamarian]

Quote:

Originally Posted by Colin F

Yes, but isn't that basically what we have now?

Not, what you have now disallows viewing who installed this hack, like it was before.

[Colin F]

Quote:

Originally Posted by tamarian

It's trivial to add a "send security update", that is merely a special case of notification.

...which is basically what we have now. Except that it's not labeled as a subscription...

[tamarian]

Quote:

Originally Posted by Colin F

...which is basically what we have now. Except that it's not labeled as a subscription...

So why not use that? Restore "who installed this hack", and use a button for security notifcation.

Why disable the feature, if you have the option to either subscribe to the thread, subscribe for security updates, and/or click install the hack.

If it's trivial, why disable a non trivial feature, to avoid implementing a trivial one?

[Colin F]

Not sure if you understood me correctly, what I wanted to say was that what the install button currently does is work in the way you described above, not that it's actually using the subscription system.

Having said that, I don't understand what you mean by disabling a non trivial feature.


Repeating myself, this won't be implemented until 3.5 and even then we have other features that will most likely have a higher priority.
I'm sure we'll reconsider your suggestions at a later date, but at this time it's not really an issue.

Still, thanks for your comments/input.

[tamarian]

Quote:

Originally Posted by Colin F

Not sure if you understood me correctly, what I wanted to say was that what the install button currently does is work in the way you described above, not that it's actually using the subscription system.

Having said that, I don't understand what you mean by disabling a non trivial feature.


Repeating myself, this won't be implemented until 3.5 and even then we have other features that will most likely have a higher priority.
I'm sure we'll reconsider your suggestions at a later date, but at this time it's not really an issue.

Still, thanks for your comments/input.

What I meant was:

1. There was a "who installed this hack" system, prior to 3.5. This is a major feature, non trivial., and many here found it useful.

That system was removed, because you think it represents privacy and/or security issues to a limited number of uses who think removing that feature from everyone will protects them somehow.

2. There are trivial meathods to control and address those fears. Thread subscription, install button with hack update emails, and a security notification email. And of the 3, or combo thereof, are trivial solutions, that can resolve that issue. Someone with extreme concerns and does not want anyone to know they installed a hack, and does not want to subscribe to a thread, can still subscribe to a security update notification, without revealing the fact they installed a hack.

Implementation is not an issue, IMHO, since nothing new needs to be done. It's an existing hack that just needs to be re-installed if vb.org ever decide to change this "privacy" policy.

[Marco van Herwaarden]

1. Is not removed "prior to 3.5". If it has ever been removed, it was more then a year ago.

2. That is exactly how it is working now, and already have been working for a long time.

[tamarian]

1. Removed "more than a year ago" still means "removed". Prior to 3.5 is to illustrate you really don't need to "implement" anything, or wait for 3.5.

2. No it's not. You only have thread subscription, ans send updates. A 3rd notification, as explained, is needed, if extreme privacy was the real reason.

[Marco van Herwaarden]

The list of of members to send a security update is exactly the same as the list of people to send an update to. It is just a matter of using a different text. There don't need to be a seperate feature for sending an update or a security warning.

[tamarian]

Quote:

Originally Posted by MarcoH64

The list of of members to send a security update is exactly the same as the list of people to send an update to. It is just a matter of using a different text. There don't need to be a seperate feature for sending an update or a security warning.

I personally think there's no need to seperate them.

But you will need to seperate them if you are convinced about this priavacy issue, and still want to allow send update, without showing that person as someone who installed the hack.

But this privacy protection is a two-edged sword. You say you don't want to reveal the person as someone who installed a hack. Yet you display that information if they reply to the thread for support.

This means they cannot seek support from the author in a thread, since they will be "exploited" or "exposed", so they resort to PM's and emails, which is more work for the author, who is not allowed to see them as soemone who installed the hack......

I can live without that feature, but it's a shame not to have it, and the various reasons given so far don't make any sense, at least to me.