The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#11
|
||||
|
||||
If I ever wished to remove anything I would be shocked to get a reply saying they will not remove my work.
However this is a good thread to bring up the problem with simply removing vulnerabilities. If a vulnerability is found you simply remove the thread. I feel this is not the way to go as this will confuse users and the others won't know of the exploit leaving many forums hackable. I feel the way to go is remove the download and instruction parts to the thread, add a big note at the bottom and close the thread. If you wish have the thread url just redirecting to a vulnerability error page. Also when you remove a modification users have no idea what they uploaded or what changes they made to install it meaning they have no idea how to uninstall!! I feel this is also a big problem. The ideal thing to do would be to make something that would tell them how to uninstall and a list of the files. Also a mail of all the installs telling them of the exploit. Feedback? Distance |
#12
|
|||
|
|||
We already do email all members that have clicked Install if a vulnerability is found.
You say that you want us to: A) Remove the download B) "when you remove a modification users have no idea what they uploaded or what changes they made " Is that not he same result? |
#13
|
||||
|
||||
While I agree that the mod, itself, belongs to the author (always) and that work can be withdrawn at his or her choosing... that ownership should not extend to everyone else's posts submitted to the related support thread...... which also becomes a discussion thread of it's own. The rest of "our" posts either belong to us or to the vBulletin.org site, depending on whatever it says in the terms for this site.
On another issue... what good does it do any of us if it's okay for someone to release a hack one day and then wipe out the entire thread whenever they want to? Isn't it in our better interest as a hacking community to encourage the coders willing to leave behind their body of work if they decide they don't want to keep doing it ... and be less encouraging to those who think it's okay to yank out chunks of our hack forum if they get mad at someone and decide they want nothing more to do with this place? |
#14
|
||||
|
||||
Quote:
However a list should be replaced there (as said a) on the files that was uploaded and the install instructions. Distance |
#15
|
||||
|
||||
ATM any removed modifications go to a private "Graveyard" that only staff have access to.
However, we are looking at the possibility of a public archive where some could be moved to, where you would still be able to read the threads, but not access the downloads. |
#16
|
||||
|
||||
I understand this is a tricky issue but I firmly believe that its against the best interests of the community if modifications can be arbitrarily removed.
Maybe there should be a "VB modification license" which modifactions posted here should be released under. The license can hopefully take into consideration many of these sticking points that keep occurring. ... and thats my 2 cents. |
#17
|
||||
|
||||
Thank you!
|
#18
|
||||
|
||||
Quote:
|
#19
|
||||
|
||||
In an idea world, leaving the information open to the public is a good choice.
HOWEVER While this is helpful, it can also put our members (installers) at risk. For example, a scrupulous hacker can come along .. deduce who has vulnerable modification installed and cause havoc. |
#20
|
||||
|
||||
Couldn't they just do that by looking through the countless threads that say "omg this hack was removed because of a vulnerability!?"
Removing the hundreds of support posts under a mod won't make the mod any more secure - remove the files, lock the thread with a final post stating the mod was removed due to vulnerability and all future support is ceased until a secure version can be released just my opinion |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|