Package Management - was: Translations / styles

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The current feature release of phpBB 3 is 3.3/Proteus.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
code reader
Registered User
Posts: 653
Joined: Wed Sep 21, 2005 3:01 pm

Re: [End user][Admin] Translations / styles

Post by code reader »

maybe this deteriorates into a pointless discussion, but let me address you points:
DavidIQ wrote:I'm pretty familiar with the license but have no idea what relevancy you think the license has with "at your own risk".
(almost?) every phpbb source file contain this line:
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
which in itself contains:
GPL wrote:NO WARRANTY

11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
i painted a small portion of it to help you understand the relevancy of the license to "at your own risk".
DavidIQ wrote:They don't hint at internet attacks but they certainly give you ample warnings of security/stability problems before letting you install something not from their site which was what I was referring to:
this is not precise.
they do not prevent you from installing stuff *not from their site*.
they prevent you from installing stuff from site *you yourself did not declare as safe*.
this is exactly what i suggest phpbb should do: allow users to declare as safe sources for installation.

as to signing:
i am absolutely in favor of supporting signing of packages (though i myself have little to no knowledge how to do it).
you might have noticed that the signing of firefox extension *is not done by mozilla* but by the extension author.
this signature's validity is 100% unrelated to the question whether you downloaded the extension from mozilla or from somewhere else.
if you figure out how to support signing, i strongly suggest that phpbb will issue a stern warning before installing an unsigned plugin, regardless of whether this plugin was downloaded from phpbb.com or elsewhere.
DavidIQ wrote:If we follow FF's example, we'd allow the searching of MODs and styles from phpbb.com and perform automatic download and installation all from an interface in the admin panel and still allow for installation of non-phpbb.com items by providing a spot for the user to maybe paste a link to the external MOD or Style instead. I don't see how that's "punishing" anyone.
not only this is not "punishing", but this is *exactly* my initial proposition that you are so fiercely arguing against.
i suggested to allow the user to define additional plugin sources, and once those are defined (*by the user*), treat them the same as the central repository of plugins.
so, if i understand the last quote correctly, there is absolutely no argument between us...

peace.
Last edited by code reader on Tue Dec 15, 2009 6:13 pm, edited 2 times in total.

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1904
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: [End user][Admin] Translations / styles

Post by DavidIQ »

code reader wrote:maybe this deteriorates into a pointless discussion, but let me address you points:
DavidIQ wrote:I'm pretty familiar with the license but have no idea what relevancy you think the license has with "at your own risk".
(almost?) every phpbb source file contain this line:
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
which in itself contains:...
You were diverting to the license and clouding the point I was making... Any MOD or Style that has not been validated can be a potential security or stability risk, this includes MODs/Styles that are in our MODs/Styles in Development forums, which are MODs or Styles hosted outside of phpbb.com. There is a lot less risk of you damaging your board with a MOD or Style that has been validated. You can't deny that there is a lot more risk involved if there has been no validation by our staff.
code reader wrote:that is, "as tight as you can". as you pointed out yourself, you can't prevent the user from *manually* install stuff. if you say you would allow it if it was in your control i have to believe you, but your general line of reasoning points in the other direction.
Ok...so the user has to find the MOD or style anyways. Once they find it, in your opinion, why isn't the ability to paste a link to the MOD or Style into the admin panel a suitable solution?
Image

code reader
Registered User
Posts: 653
Joined: Wed Sep 21, 2005 3:01 pm

Re: [End user][Admin] Translations / styles

Post by code reader »

so we are splitting hair now:
i think it would be nicer to the users to allow them to add a link to a whole repository of plugins/styles/translations, and you think that they should be allowed only to provide a direct link to a specific plugin/style/translation.

i could live with your idea, but it would be suboptimal, because this way we won't be able to support the "check for updates", "get and install updates", and "look for new plugins" in any repo other than phpbb.com.

so i think it's inferior to paste a link vs. adding an alternative repo, but i admit the difference is not huge, and i could live with either.

from your earlier posts it seemed you want consumers of "external" (i.e. not phpbb supplied) plugins to have to execute the "download/upload/install" cycle manually, which is significantly worse than "paste a link, press a button" cycle we are discussing now.

(of course, in either case you would always need to configure and enable a plugin *after* installing it. every plugin should be disabled after installation regardless where it came from, and configured and enabled in a separate step)


peace.

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1904
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: [End user][Admin] Translations / styles

Post by DavidIQ »

code reader wrote:so i think it's inferior to paste a link vs. adding an alternative repo, but i admit the difference is not huge, and i could live with either.
Hmmm...maybe if we allowed admins to have a list of MOD or Style databases of their own and not just phpbb.com. So for instance they find a repository with MODs and they would like to browse from there as well so they'd just add it to their list. It would be a bit of an effort though to have those external repositories conform to a certain standard for this to work but it could turn out rather well in the end. Sound about right?
Image

User avatar
naderman
Consultant
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Berlin, Germany
Contact:

Re: [End user][Admin] Translations / styles

Post by naderman »

My point of view on this:
  • We want a package management in the ACP through which you can browse, install, uninstall and update packages
  • There needs to be an open source implementation and an interface definition for package repositories
  • By default the phpbb.com repository is used
  • The user should be able to add any number of custom repositories
  • The user should be able to remove the phpbb.com repository
  • The fact that a package has been audited on phpbb.com should still be highlighted in some form, so a concerned user can stick to those ones, maybe a warning should be displayed for other packages
  • Package contents should be signed and verified - afterall they contain executable code
Would someone volunteer to write down on the wiki what the consensus is here and then point out which areas we should discuss further?

code reader
Registered User
Posts: 653
Joined: Wed Sep 21, 2005 3:01 pm

Re: [End user][Admin] Translations / styles

Post by code reader »

DavidIQ wrote:Hmmm...maybe if we allowed admins to have a list of MOD or Style databases of their own and not just phpbb.com. So for instance they find a repository with MODs and they would like to browse from there as well so they'd just add it to their list. It would be a bit of an effort though to have those external repositories conform to a certain standard for this to work but it could turn out rather well in the end. Sound about right?
i absolutely meant that there should be some "plugin repo interface" that is defined by the phpbb group, and both the phpbb.com repo *and any external plugins repo* will have to adhere to.
the interface will provide details about available plugins, per plugin it will provide details such as name, category, general description, version, author, last update date, list of compatible phpbb versions, whether or not it was approved by the phpbb group, (optionally) user rating, (optional) demo site, and of course, the package itself.
all these will be provided in a structured way, according to a well-defined interface that phpbb group will publish.
probably this interface will also include filtering/searching capabilities ("show me only plugins compatible with my version", or "show me only plugins approved by phpbb.com", or "show me all plugins by a specific author", "in a specific category" etc.)
a site that fail to meet the required interface is not a "repo" and the system will not be able to pull updates from such a site.
it is very much possible that the only site ever to meet these standards will be phpbb.com, but it is also possible that others will decide to create their own repos.

i expect every external repo will, as first thing, mirror a large part, or even the entire phpbb.com repo.
i do not think this is very different than what we had in the past with sites like phpbbhacks.com, except for the automation part.

peace.

User avatar
Dog Cow
Registered User
Posts: 271
Joined: Wed May 25, 2005 2:14 pm

Re: [End user][Admin] Translations / styles

Post by Dog Cow »

DavidIQ wrote: If we follow FF's example, we'd allow the searching of MODs and styles from phpbb.com and perform automatic download and installation all from an interface in the admin panel and still allow for installation of non-phpbb.com items by providing a spot for the user to maybe paste a link to the external MOD or Style instead. I don't see how that's "punishing" anyone.
IMO, we definitely need to allow for this sort of in-built system. While not every user has problems finding and installing MODs, I think that we should make it easy for the new users to add whatever features they want on to phpBB with little headache.

We should build a system which complements everyone.
naderman wrote:My point of view on this:
  • We want a package management in the ACP through which you can browse, install and uninstall packages
And also get updates for previously-installed packages.

User avatar
naderman
Consultant
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Berlin, Germany
Contact:

Re: Package Management - was: Translations / styles

Post by naderman »

I entirely agree with code reader's post. I also changed the title of the topic to reflect what's actually being discussed ;-)
Dog Cow wrote:
naderman wrote:My point of view on this:
  • We want a package management in the ACP through which you can browse, install and uninstall packages
And also get updates for previously-installed packages.
I've edited that in. Thanks.

ToonArmy
Registered User
Posts: 335
Joined: Fri Mar 26, 2004 7:31 pm
Location: Bristol, UK
Contact:

Re: [End user][Admin] Translations / styles

Post by ToonArmy »

naderman wrote:My point of view on this: [...]
Agreed 100%. As far as I'm concerned a user should have full control of their package sources, prohibiting this ability is severely limiting.
Chris SmithBlogXMOOhlohArea51WikiNo support via PM/IM
Image

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: Package Management - was: Translations / styles

Post by EXreaction »

Lurttinen wrote:Encourage style authors to give .psd files from their buttons. (or some other convenient format) Either let translators work with them or somehow create automatic translation which is imposed on top of the image.
I really hope phpBB doesn't continue to use buttons with text drawn on them (other than perhaps the default logo). There really is no reason to do so other than someone wanting to use crazy fonts.

Post Reply