Textpattern Forum

You are not logged in. Register | Login | Help

#21 2005-09-06 21:26:32

tinyfly
Member
From: Dallas, Texas
Registered: 2004-05-10
Posts: 462
Website

Re: Textpattern 4.0.1 Released

Jeremie – It works fine for me. In an article form <code><txp:category1 title=“y” /></code> outputs the article’s category title otherwise <code><txp:category1 /></code> outputs the article’s category name.

Offline

#22 2005-09-06 21:32:30

Sencer
Developer emeritus
From: cgn, de
Registered: 2004-03-23
Posts: 1,803
Website

Re: Textpattern 4.0.1 Released

Is the security that bad in 4.0?

We decided not to disclose any information until people have had sufficient time to update their installations.

Could you guys please considering adding a small note to your release announcements about whether upgrading is “recommended”, “strongly advised”, “critical”, etc.?

Well, it does say:
> Updates are strongly recommended.

Offline

#23 2005-09-06 23:28:40

Jeremie
Member
From: Provence, France
Registered: 2004-08-11
Posts: 1,578
Website

Re: Textpattern 4.0.1 Released

tinyfly wrote:
Jeremie – It works fine for me. In an article form <code><txp:category1 title=“y” /></code> outputs the article’s category title otherwise <code><txp:category1 /></code> outputs the article’s category name.

My bad, I was checking for a whole other thing. The “title” wording can be quite confusing, since it’s already here in article paradigm, and of course in (x)HTML pardigm. Thanks for clearing that up.

Offline

#24 2005-09-07 00:24:01

ramanan
Plugin Author
From: Toronto
Registered: 2004-03-12
Posts: 323
Website

Re: Textpattern 4.0.1 Released

Ray, I wrote about hacking together better support for 404s, but this was for g1.19. I’m not sure how much still applies in 4.0.1. See this article: Building a 404 page in Textpattern. When I have a chance i’ll check if this is still a reasonable hack. Also, is it possible to submit stuff like this if it is deemed useful back into the code base.

Offline

#25 2005-09-07 00:39:03

Sencer
Developer emeritus
From: cgn, de
Registered: 2004-03-23
Posts: 1,803
Website

Re: Textpattern 4.0.1 Released

We have a txp-plugin list for plugin developers:
http://lists.textpattern.com/mailman/listinfo

there it has been discussed for a while already how to create exactly that with the help of a plugin. There is a callback you can use anda variable you can check, and then it’s only a matter of either including a page or doing whatever you want. People should not hack the code as it makes upgrading more difficult. A lot of things can be achieved by writing plugins, that should be your first choice.

There is also a list for people that are following development in svn (txp-dev), where we tried to get some feedback on some issues before the release. People interested in svn should probably subscribe.

Here it is explained how you can submit a patch:
http://forum.textpattern.com/viewtopic.php?id=6648

Offline

#26 2005-09-07 01:28:11

ramanan
Plugin Author
From: Toronto
Registered: 2004-03-12
Posts: 323
Website

Re: Textpattern 4.0.1 Released

Thanks for the info. I also think people shouldn’t hack the install. I’m still running 1.19 because it’s such a pain in the ass to move to the new version. If I figure out a good way to do what I did with my Hack using the new architecture in 4.0 I’ll let you guys know.

Offline

#27 2005-09-07 01:55:39

KurtRaschke
Plugin Author
Registered: 2004-05-16
Posts: 275

Re: Textpattern 4.0.1 Released

Caution, long-winded and now unnecessary rant follows. Please see my later post in this thread for the conclusion of this saga.

Sencer wrote:
We decided not to disclose any information until people have had sufficient time to update their installations.

And just how long exactly is “sufficient time”? If there’s been an announcement of “security fixes”, then anyone with enough time on their hands can go through the recent SVN changesets looking for something which could be exploited. Even if the commit message isn’t screaming “fixed vulnerable code here” (which they haven’t been recently), the diffs can still tell a lot. On a more practical note, though, if one has a production server running 4.0, one may not want to move to 4.0.1 without testing it first on a development server. Knowing the specific nature of the security fix would allow one to patch that specific issue in 4.0 without having to move to 4.0.1 without testing it first. That way the remainder of 4.0.1 could be tested at a later date, instead of under the pressure of trying to get a vulnerable server patched as quickly as possible.

Also, from a later post:

People should not hack the code as it makes upgrading more difficult.

Excuse me? Textpattern is an open-source project; people can do anything they want with the code, within the bounds of the GPL. My Textpattern install is pretty heavily-hacked, and guess what? It still runs just fine, and I just upgraded to 4.0.1 without a hitch. Sure, every once in a while I run into a conflict when I update to the latest SVN revision, and then I have to do some merging by hand, but hey, that’s what revision control is for. Now sure, if I break something, am I going to ask for help on the forums? Probably not. I’ll debug it myself, and try and replicate the problem on a ‘fresh’ TXP instance just checked out from the development sources. If I can still replicate it running off of the offical sources, then sure, I’ll report it on the forums.

So I can see a caveat telling people to stay off the forums unless they’re running an official release, but I can’t see telling them to stay out of the source, period. I can understand the idea that people with non-standard configurations shouldn’t take up the time of others while trying to troubleshoot problems that they may have brought on themselves. But a general admonition of hacking the code? To me, that’s just contrary to the whole idea of open-source. In a lot of other projects, the default response to a feature request is “Write a patch and send it in”, as where as with Textpattern it seems to be “It’s on the list to be done eventually, or you can write a plugin”.

I could see the logic behind that mentality if we were dealing with a very large, very fragile codebase which tended to break in nonintuitive ways, but truthfully Textpattern isn’t that big, and it doesn’t take very long to get up to speed on the internals of Textpattern.

Now, I’d like to make something clear. This isn’t meant to be a flame, but rather a constructive criticism of the Textpattern development process. Textpattern is a great piece of software, and I appreciate the work that everyone has put into it, but I do believe that certain changes might further improve the development process and improve relations between developers and users.

Finally, look at the Linux kernel. People hack the kernel to add functionality or fix bugs, they break things along the way, they ask for help on LKML, they fix the mess they’ve created, then they submit a patch. The patch goes in, and the cycle repeats itself.

I am not anti-plugin, but I do think that certain core functionality belongs in TXP proper. Additionally, if I’ve added the necessary code to one of my local TXP instances, it only takes a minute or two to release a diff of that code—”<code>svk diff</code>” makes it quite easy.

Yes, we do have callbacks and all that, but for a little one or two-liner fix I really don’t see how it’s worth the overhead of a plugin.

-Kurt

Last edited by KurtRaschke (2005-09-07 02:39:27)


kurt@kurtraschke.com

Offline

#28 2005-09-07 02:11:22

ramanan
Plugin Author
From: Toronto
Registered: 2004-03-12
Posts: 323
Website

Re: Textpattern 4.0.1 Released

I think you are reading way too much in to Sencer’s post. I think he was suggesting joe blow doesn’t hack his install up if he doesn’t know what he is doing. No more no less.

Offline

#29 2005-09-07 02:20:09

jdueck
Plugin Author
From: Minneapolis, MN
Registered: 2004-02-27
Posts: 146
Website

Re: Textpattern 4.0.1 Released

Excuse me? Textpattern is an open-source project; people can do anything they want with the code, within the bounds of the GPL.

Sencer didn’t say you weren’t allowed to hack the code, he just said people shouldn’t, since it makes things unnecessarily hard later on. You’re savvy enough to be able to mess around in the source (like I used to be when I had time); great for you. But you should also be savvy enough to know when general advice meant for typical users is being given.

So, you may consider yourself excused.

Offline

#30 2005-09-07 02:25:57

zem
Developer emeritus
From: Melbourne, Australia
Registered: 2004-04-08
Posts: 2,579
Website

Re: Textpattern 4.0.1 Released

I think he was suggesting joe blow doesn’t hack his install up if he doesn’t know what he is doing. No more no less.

Yes, precisely. Sencer is not a native English speaker (though his grasp of the language is often better than mine), and forum posts aren’t an ideal medium for subtle interpretations.

Textpattern is open source. By all means, hack away. But please plan ahead: running a modified version means you’ll have to port your modifications each upgrade. Writing modifications in plugin form usually makes this much easier. [also, we put quite a lot of effort into making sure that plugins can do almost anything. mods are usually an indication of something we’ve missed]


Alex
tstate

Offline

Board footer

Powered by FluxBB