Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #21  
Old 09-11-2009, 06:55 PM
HMBeaty's Avatar
HMBeaty HMBeaty is offline
 
Join Date: Sep 2005
Posts: 4,141
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Also, you will find in the ToS here:

Quote:
8. IN NO EVENT SHALL VBULLETIN.ORG BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED

1. WITH THE USE OR PERFORMANCE OF THIS WEB SITE,
2. WITH THE DELAY OR INABILITY TO USE THIS WEB SITE,
3. WITH THE PROVISION OF OR FAILURE TO PROVIDE SERVICES, OR
4. FOR ANY INFORMATION, SOFTWARE, PRODUCTS, SERVICES AND RELATED GRAPHICS OBTAINED THROUGH THIS WEB SITE, OR OTHERWISE ARISING OUT OF THE USE OF THIS WEB SITE, WHETHER BASED ON CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE, EVEN IF VBULLETIN.ORG HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.
  #22  
Old 09-11-2009, 07:13 PM
JacquiiDesigns's Avatar
JacquiiDesigns JacquiiDesigns is offline
 
Join Date: Dec 2008
Location: Tennessee
Posts: 687
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've read the TOS - I understand the concept of cheap motor oil. But at the same time - do you guys seriously think that implementing a system which will ultimately benefit the vB.org Memberbase is a BAD thing? I mean - Seriously?

Again - I will say - I did not post this thread so that we can argue the virtues of "Sorry bud, you're on your own. You've purchased the product. Good luck with the maintenance, especially if you've modified your product..." --- I think we each understand responsibility.

I'm simply suggesting that the .org might implement a simple policy of information share with Members who have installed a product. It's not about liability Redlinemotors - I'm not trying to take Jelsoft to court - are you kidding - can barely afford to pay my electricity bill - What the hell can I do with a lawyers invoice accept to ball it up and toss it in the trash LOL

Meh - maybe it's just a horrible suggestion and just too dang difficult for a community of coders to implement and I just don't realize it? I tell you one thing I do realize though is that I'm a bit peeved at the notion that the current policy is to simply send out an email with absolutely no information in it. IMO it kinda defeats the purpose of sending out the email in the first place. And yes - I do realize that the email itself is infact a courtesy.

All I'm saying is that the system can be bettered. I think Lynne said it can be bettered as well... And for me = bettered in favor of the vB.org Member is aces in my book.

Jacquii.
  #23  
Old 09-11-2009, 07:25 PM
Link14716's Avatar
Link14716 Link14716 is offline
 
Join Date: Jun 2002
Location: Georgia, USA
Posts: 2,519
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If they didn't care, they wouldn't send an email about it and they certainly wouldn't quarantine it.

All the information you need to know is that is contains a security hole large enough to warrant a quarantine and you should disable it until a fix is posted.
  #24  
Old 09-11-2009, 08:07 PM
TNCclubman's Avatar
TNCclubman TNCclubman is offline
 
Join Date: Sep 2008
Posts: 690
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Shelley_c View Post
Suggestion - Extract the uninstall .txt file from the .zip archive and allow members to view this. Not a fully fledged solution if the file didn't come with uninstall instructions but it's something. I'm guessing that a proportion of scripts that have an exploit found within them will have a .txt file within the archive and or/post.
yes, this.
  #25  
Old 09-11-2009, 10:59 PM
Wayne Luke's Avatar
Wayne Luke Wayne Luke is offline
Senior Member
 
Join Date: Jan 2002
Location: Southern California
Posts: 1,694
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Redlinemotorsports View Post
Thats why I ALWAYS keep a copy of the .zip file on my hard drive and on my server in case something like this happens
I do the same. I can't rely on the file being here under any circumstance. The author could just delete it one night while I am sleeping. It has happened in the past so one has to protect themselves. Anyway, I treat each and every download on this site as if it could vaporize the second after I download it.

Also one should consider any quarantine a serious matter and continue running an addon in such a state as a security risk to your site.
  #26  
Old 09-11-2009, 11:29 PM
Medtech's Avatar
Medtech Medtech is offline
 
Join Date: Oct 2007
Posts: 310
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

just a thaught on my part, seeing as issues with mods are encouraged to be discussed in threads under the modification, a vulnerability should also be considered an issue as the same. By all rights, it should be shared so others can learn from it as well. and know to not repeat someone else's mistake. I do understand not wanting to share the info so others that see it can exploit it. this is a two way street that has a dead end in both directions. Ultimately we end up with more modifications that are vulnerable because of lack of knowlege.

Like i said, just a thaught. :erm:
  #27  
Old 09-12-2009, 10:32 AM
mikey1991's Avatar
mikey1991 mikey1991 is offline
 
Join Date: Oct 2008
Location: United Kingdom
Posts: 654
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

How about this, in the notification email, saying it's been quarantined, also list the files contained in the quarantined mod, so that the user would be able to fully uninstall it..

So something like this

Quote:
** DO NOT REPLY TO THIS MESSAGE **

* Quarantine Notification *

The following modification has been 'quarantined' by vBulletin.org.

https://vborg.vbsupport.ru/showthread.php?t=1

The author of the modification has been informed and asked to address the quarantine reason(s), until this is done the modification will remain in the vbulletin.org graveyard.

If you are currently using this modification then you may wish to consider disabling it.
If the modification consists of a product then disabling the product should be all that is required. Do not uninstall the product as this may delete any data associated with it. If the modification also included new files then you may remove (or rename) them.

The files which were included in the quarantined modification were;

mikey.php
admincp/mikey.php
includes/xml/bitfield_mikeyrocks.xml
includes/xml/cpnav_mikeyrocks.xml
product_mikeyisthebest.xml

Once the author has responded to the issues you will be notified that it has been restored.

Thank you,

vBulletin.org Staff
Etc
  #28  
Old 09-12-2009, 05:40 PM
JacquiiDesigns's Avatar
JacquiiDesigns JacquiiDesigns is offline
 
Join Date: Dec 2008
Location: Tennessee
Posts: 687
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

^ That's actually a very nice idea Mikey
Simple, yet effective and has more information added for the enduser.
I'd also like to see info about why the modification has been quarantined or graveyarded as well.

Jacquii.

includes/xml/bitfield_mikeyrocks.xml?!?!? HAHAHA - too funny
  #29  
Old 09-13-2009, 07:19 AM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by JacquiiCooke View Post
I think so too - and that's what my post is about - it's about improving the vB.org community - I think it's a valid suggestion anyway. I wouldn't have posted it again if I didn't think it was an important one - and honestly - I was a bit insulted by Paul's flippant comment. I suppose it's a good thing I do not wear my emotions on my sleeve LOL

Anyway - I do quite hope that the suggestion is just not dismissed as the ranting of Jacquii ((sigh...))

Jacquii.
When you post in such an aggressive manner using words like "hell", no-one will take you seriously Jacquii. Try posting your suggestions in a more polite way and people may listen, although I think you may have already burned most of your bridges here with your actions in the past
  #30  
Old 09-13-2009, 11:23 PM
JacquiiDesigns's Avatar
JacquiiDesigns JacquiiDesigns is offline
 
Join Date: Dec 2008
Location: Tennessee
Posts: 687
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Please do not patronize me Dean, though I do appreciate your feedback on the suggestion at hand. And if a group of people such as vB.org Members who I have personally witnessed using stronger words than "hell" are condemning me for doing the same - well - it's not I who have the issue dude --- And I particularly would like to say, "Grow up and stop being hypocrits!" --- So yes - If you have a comment on the suggestion I've made - then feel free to make it or otherwise I would advise that you not post in this thread at all.

Jacquii.
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:52 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05189 seconds
  • Memory Usage 2,264KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete