Hi,
Earlier in the evening today Ralph, Fabian and I had a chat about the present state of the language subsites. This email sort of summarises the main issue ( s/w ).
We seem to have run into a slight technical hitch with punbb/fluxbb. They dont support LDAP as a backend. And we had decided a few months back that all new rollouts must have ldap backend so we can rollin CentOS-DS / openldap based backend.
So we need to look at alternatives, and since the primary focus of these international sites is going be forums : Here is a shortlist ( if there is anything else that people are aware of, please add to this list ) - phpBB - SMF - Fudforum - phorum - fluxbb
Requirements: - Must be able to scale ( couple of hundred thousand msgs ) - Must be able to handle ldap auth ( if it cant, whats involved in writing the ldap-auth portion ) - Must address the specific requirements raised by the present www.centos.org forum users ( Can you please fill this section in ? ) - Must support all languages we need ( pure utf8 support would be good ) - Secure - Skin'able
Nice to have: - Capable of running multiple instances from a single deployment - responsive community :D
Things we will need to do: - Decide on what s/w to use. - Give the ArtWork people enough time to get the look & feel sorted. - Migrate newbb forums from www.centos.org to $system ( hey, english is a language too :D ). - Migrate fr.centos.org into the final s/w - setup {de/es/ja/it/pt_br}.centos.org
Actions: Ralph and Fabian are going to work on setting up a test ldap server, once that is online we will then start by installing into our test-vm-farm the various s/w to eval them.
If anyone would like to help, please feel free to jump right in.
I'll setup a wiki page for this issue, which might be a good place to track progress.
Karanbir Singh wrote:
Hi,
Earlier in the evening today Ralph, Fabian and I had a chat about the present state of the language subsites. This email sort of summarises the main issue ( s/w ).
We seem to have run into a slight technical hitch with punbb/fluxbb. They dont support LDAP as a backend. And we had decided a few months back that all new rollouts must have ldap backend so we can rollin CentOS-DS / openldap based backend.
So we need to look at alternatives, and since the primary focus of these international sites is going be forums : Here is a shortlist ( if there is anything else that people are aware of, please add to this list )
- phpBB
- SMF
- Fudforum
- phorum
- fluxbb
Purely from a users (and moderators) PoV, SMF would get my vote IF it meets the requirements outlined below. I believe it meets the key usability features that our users are looking for from the forums software as outlined in this feedback thread:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14921&forum=1...
Requirements:
- Must be able to scale ( couple of hundred thousand msgs )
- Must be able to handle ldap auth ( if it cant, whats involved in
writing the ldap-auth portion )
- Must address the specific requirements raised by the present
www.centos.org forum users ( Can you please fill this section in ? )
- Must support all languages we need ( pure utf8 support would be good )
- Secure
- Skin'able
Nice to have:
- Capable of running multiple instances from a single deployment
- responsive community :D
<snip>
If there's anything I can do to help move this process forward, then I'm a willing volunteer - I'm just not sure where I could help out.
Dear Karan.
I can still suggest Joomla/Fireboard which is customizable and scales well. Joomla is also LDAP capable and offers some nice features like FAQs, News Headings and so on. Fireboard currently works in compatibility mode on Joomla 1.5 but should do it's job either. I am personally well known with Joomla Templates.
If you are just looking for a forum, phpBB is very nice. There are also some Board/Portal attempts available for phpBB like Board3.
Fudforum does not scale so well and is AFAIK text based.
Simplemachines is also nice and there is a portal software available for it, too.
Best Regards Marcus
Marcus Moeller wrote:
Dear Karan.
I can still suggest Joomla/Fireboard which is customizable and scales well. Joomla is also LDAP capable and offers some nice features like FAQs, News Headings and so on. Fireboard currently works in compatibility mode on Joomla 1.5 but should do it's job either. I am personally well known with Joomla Templates.
Simplemachines is also nice and there is a portal software available for it, too.
I really think that we are "just" looking for a forum software at the moment - not a portal.
Ralph
Ralph Angenendt napsal(a):
I really think that we are "just" looking for a forum software at the moment - not a portal.
David Hrbáč wrote:
Ralph Angenendt napsal(a):
I really think that we are "just" looking for a forum software at the moment - not a portal.
Yeah i looked at that site yesterday during the conf call but for example it doesn't list all the features we want .. For example it doesn't say if a forum software supports ldap auth so you have to visit all of them to discover it yourself ...
Ralph Angenendt wrote:
Marcus Moeller wrote:
Dear Karan.
I can still suggest Joomla/Fireboard which is customizable and scales well. Joomla is also LDAP capable and offers some nice features like FAQs, News Headings and so on. Fireboard currently works in compatibility mode on Joomla 1.5 but should do it's job either. I am personally well known with Joomla Templates.
Simplemachines is also nice and there is a portal software available for it, too.
I really think that we are "just" looking for a forum software at the moment - not a portal.
Ralph
Right, but on the other hand, if a portal (that conforms to our standards) can be added easily on top, why not ? That's what we did (but i've never said that it was the best solution ...) for the fr.centos.org .. punbb for the forum and puntal (that is a small portal on top of punbb) ...
Good Evening.
I really think that we are "just" looking for a forum software at the moment - not a portal. Ralph
Right, but on the other hand, if a portal (that conforms to our standards) can be added easily on top, why not ? That's what we did (but i've never said that it was the best solution ...) for the fr.centos.org .. punbb for the forum and puntal (that is a small portal on top of punbb) ...
I think we are definitely in need of a Portal software unless we won't use the wiki for that. SMF can be extended with:
which may also be an good option.
Best Regards Marcus
Marcus Moeller wrote:
I can still suggest Joomla/Fireboard which is customizable and scales well. Joomla is also LDAP capable and offers some nice features like FAQs, News Headings and so on. Fireboard currently works in compatibility mode on Joomla 1.5 but should do it's job either. I am personally well known with Joomla Templates.
Go ahead and add that to the list, if you like. My only issue with joomla is the sheer number of security issues that come up with it are quite disturbing.
On 9/25/08, Karanbir Singh mail-lists@karan.org wrote:
Marcus Moeller wrote:
I can still suggest Joomla/Fireboard which is customizable and scales well. Joomla is also LDAP capable and offers some nice features like FAQs, News Headings and so on. Fireboard currently works in compatibility mode on Joomla 1.5 but should do it's job either. I am personally well known with Joomla Templates.
Go ahead and add that to the list, if you like. My only issue with joomla is the sheer number of security issues that come up with it are quite disturbing.
But with a large community, and strong core developers, the number of issues decreases over time, and are at a point now of 0 security issues. Suffice to say that the past has lead key teams within Joomla to circle the wagons. The current releases are solid - I use 1.5.x for personal sites, and 1.0.x at $dayjob.
jerry
Karanbir Singh wrote:
So we need to look at alternatives, and since the primary focus of these international sites is going be forums : Here is a shortlist ( if there is anything else that people are aware of, please add to this list )
- phpBB
- SMF
- Fudforum
- phorum
- fluxbb
Would someone take a quick look at the SMF license to see if it meets the project's minimum requirements or not:
http://www.simplemachines.org/about/license.php
At least then we can either tick a box or eliminate one possibility taking a little step closer to a solution :)
Requirements:
<snip>
- Must address the specific requirements raised by the present
www.centos.org forum users ( Can you please fill this section in ? )
This is a task I can do. Where/how would you like the information?
Once we have a slightly shorter shortlist, I'm happy to go off and test some existing forum sites (using said shortlist) for end-user usability in this regard too.
Ned Slider wrote:
Would someone take a quick look at the SMF license to see if it meets the project's minimum requirements or not:
"Any Distribution of a Modified Package or derivative requires express written consent from Simple Machines LLC" turns me off a bit. http://cmsreport.com/node/1777 has some more information about that.
"Any Distribution of this Package, whether as a Modified Package or not, requires express written consent from Simple Machines LLC." doesn't really sound better.
At least then we can either tick a box or eliminate one possibility taking a little step closer to a solution :)
I don't like the license :)
Requirements:
<snip> > - Must address the specific requirements raised by the present > www.centos.org forum users ( Can you please fill this section in ? )
This is a task I can do. Where/how would you like the information?
Why not here in this thread first?
Once we have a slightly shorter shortlist, I'm happy to go off and test some existing forum sites (using said shortlist) for end-user usability in this regard too.
Cool. Thank you.
Cheers,
Ralph
Ralph Angenendt wrote:
Ned Slider wrote:
Would someone take a quick look at the SMF license to see if it meets the project's minimum requirements or not:
"Any Distribution of a Modified Package or derivative requires express written consent from Simple Machines LLC" turns me off a bit. http://cmsreport.com/node/1777 has some more information about that.
"Any Distribution of this Package, whether as a Modified Package or not, requires express written consent from Simple Machines LLC." doesn't really sound better.
At least then we can either tick a box or eliminate one possibility taking a little step closer to a solution :)
I don't like the license :)
I don't like it either - that's why I raised it. Is it a show stopper discounting SMF from further consideration or is it something we can still work with (the license) and keep it on the shortlist? No point doing a lot of ldap integration work or whatever to only find out down the line the license isn't tolerable.
Requirements:
<snip> > - Must address the specific requirements raised by the present > www.centos.org forum users ( Can you please fill this section in ? ) This is a task I can do. Where/how would you like the information?
Why not here in this thread first?
Here is a summary of issues raised by forum users so far:
*Major* - Persistent logins (users currently have to re-login every 24h) - The remember me, keep cookie for 1 year option looks broken (relates to point 1 above and is presumably a xoops issue) - View/jump to first unread post within thread feature - Remember read/unread posts across multiple PCs/logins (per user, not per machine) - Ability for users to change/edit their registered email address. - Better management of subscribed threads
*Minor* - Thank User button/feature - Quick links feature
I'm guessing this list is fairly final as no new issues have been raised for quite a while now in the forum feedback thread. For reference, the thread may be found here:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14921&forum=1...
My understanding is that most all modern forums software caters to these requirements - users are just asking for the features/usability they are accustomed to elsewhere, nothing out of the ordinary, but that is missing from the current xoops solution.
Dear Ned.
...
I don't like the license :)
I don't like it either - that's why I raised it. Is it a show stopper discounting SMF from further consideration or is it something we can still work with (the license) and keep it on the shortlist? No point doing a lot of ldap integration work or whatever to only find out down the line the license isn't tolerable.
I agree. This license makes it nealy impossible to use/distribute it.
- Must address the specific requirements raised by the present
www.centos.org forum users ( Can you please fill this section in ? )
This is a task I can do. Where/how would you like the information?
Why not here in this thread first?
Here is a summary of issues raised by forum users so far:
*Major*
- Persistent logins (users currently have to re-login every 24h)
- The remember me, keep cookie for 1 year option looks broken (relates to
point 1 above and is presumably a xoops issue)
- View/jump to first unread post within thread feature
- Remember read/unread posts across multiple PCs/logins (per user, not per
machine)
- Ability for users to change/edit their registered email address.
- Better management of subscribed threads
*Minor*
- Thank User button/feature
- Quick links feature
I think phpBB addresses nearly all of these issues. It scales well and is GPL licensed. It also inculdes an easy update/patch management system which is really necessary in my pov.
The main disadvantage of phpBB is that there is no good portal software available for it. There have been some attempts of XOOPS integration (X-phpBBi) but they are afaik no longer supported. The 'only' active portal project for phpBB3 that I know is Board3.
Best Regards Marcus
Marcus Moeller wrote:
Dear Ned.
...
I don't like the license :)
I don't like it either - that's why I raised it. Is it a show stopper discounting SMF from further consideration or is it something we can still work with (the license) and keep it on the shortlist? No point doing a lot of ldap integration work or whatever to only find out down the line the license isn't tolerable.
I agree. This license makes it nealy impossible to use/distribute it.
I don't really see any restrictions on it's use, only it's distribution. I just don't particularly like the language per se.
- Must address the specific requirements raised by the present
www.centos.org forum users ( Can you please fill this section in ? )
This is a task I can do. Where/how would you like the information?
Why not here in this thread first?
Here is a summary of issues raised by forum users so far:
*Major*
- Persistent logins (users currently have to re-login every 24h)
- The remember me, keep cookie for 1 year option looks broken (relates to
point 1 above and is presumably a xoops issue)
- View/jump to first unread post within thread feature
- Remember read/unread posts across multiple PCs/logins (per user, not per
machine)
- Ability for users to change/edit their registered email address.
- Better management of subscribed threads
*Minor*
- Thank User button/feature
- Quick links feature
I think phpBB addresses nearly all of these issues. It scales well and is GPL licensed. It also inculdes an easy update/patch management system which is really necessary in my pov.
Can you (or anyone) point me to any good examples of phpBB forum deployments where I could register to get a feel for it's end-user features/usability? (I'm already familiar with some SMF based forums and it certainly meets end user requirements).
Ned Slider wrote: <big snip>
Can you (or anyone) point me to any good examples of phpBB forum deployments where I could register to get a feel for it's end-user features/usability? (I'm already familiar with some SMF based forums and it certainly meets end user requirements).
hmm, why not using the forums at the source : http://www.phpbb.com/support/forums/ ;-)
Regarding data migration from one system to the other , Guillaume (the fedora guy who was behind the initial request for the fr.centos.org website) is willing to help : he wrote a script to migrate from xoops (does that ring a bell ? :D) to punbb for the http://www.fedora-fr.org website/forum . I told him that because fluxbb (successor of punbb) doesn't have (yet, but on the roadmap) a ldap auth feature, it could be abandoned .. but he said that if that was needed he can have a look to write the ldap_auth_hook for fluxbb .
It seems that because of the license, SMF can be removed from the forum candidates list ?
Ralph Angenendt wrote:
Fabian Arrotin wrote:
It seems that because of the license, SMF can be removed from the forum candidates list ?
In my opinion: Yes. We cannot redistribute a version adapted to CentOS (RHEL) packaging guidelines without getting written permission.
I've updated the wiki page, added point I. Friendly license, and marked off SMF, and moved decision to 'Rejected' Leave it in the list so we know its been considered.
On Thu, Sep 25, 2008 at 5:43 PM, Karanbir Singh mail-lists@karan.org wrote:
I've updated the wiki page, added point I. Friendly license, and marked off SMF, and moved decision to 'Rejected' Leave it in the list so we know its been considered.
Sometime ago, we briefly talked about fluxBB as a candidate. You showed some concerns at that time:
[Fri Jul 11 2008] [08:48:29] <z00dax> its got to be mainstream, its got to be something with a secure reputation and its got to be something that is going to be around for a while
The fact that fluxBB is on the list means this is no longer a factor against it ?? One positive aspect of fluxBB is that llaumgui offered to help with migration from xoops to fluxBB:
http://www.centos.org/modules/newbb/viewtopic.php?viewmode=thread&topic_...
So, I added "Yes" to column H of fluxBB in the candidate matrix.
Akemi
Akemi Yagi wrote:
Sometime ago, we briefly talked about fluxBB as a candidate. You showed some concerns at that time:
I've not looked into it again, I dont know what the state of fluxbb is at the moment, however it does seem that punbb is pretty much eol'ing now.
http://www.centos.org/modules/newbb/viewtopic.php?viewmode=thread&topic_...
So, I added "Yes" to column H of fluxBB in the candidate matrix.
Lets mark that as a Yes once we've seen the data move over. Is there a migration script ?
On Thu, Sep 25, 2008 at 7:07 PM, Karanbir Singh mail-lists@karan.org wrote:
Akemi Yagi wrote:
Sometime ago, we briefly talked about fluxBB as a candidate. You showed some concerns at that time:
I've not looked into it again, I dont know what the state of fluxbb is at the moment, however it does seem that punbb is pretty much eol'ing now.
http://www.centos.org/modules/newbb/viewtopic.php?viewmode=thread&topic_...
So, I added "Yes" to column H of fluxBB in the candidate matrix.
Lets mark that as a Yes once we've seen the data move over. Is there a migration script ?
We have to check with llaumgui but he offered to do a migration test from xoops to fluxBB using his script. Therefore, I would think he can try that as soon as the vm farm has been set up.
Akemi
Akemi Yagi wrote:
On Thu, Sep 25, 2008 at 7:07 PM, Karanbir Singh mail-lists@karan.org wrote:
Akemi Yagi wrote:
Sometime ago, we briefly talked about fluxBB as a candidate. You showed some concerns at that time:
I've not looked into it again, I dont know what the state of fluxbb is at the moment, however it does seem that punbb is pretty much eol'ing now.
http://www.centos.org/modules/newbb/viewtopic.php?viewmode=thread&topic_...
So, I added "Yes" to column H of fluxBB in the candidate matrix.
Lets mark that as a Yes once we've seen the data move over. Is there a migration script ?
We have to check with llaumgui but he offered to do a migration test from xoops to fluxBB using his script. Therefore, I would think he can try that as soon as the vm farm has been set up.
Akemi
Just for information : in my previous mail i was talking about Guillaume offering his help for the migration .. : his nickname is llaumgui ;-)
- Fabian Arrotin fabian.arrotin@arrfab.net "Internet network currently down, TCP/IP packets delivered now by UPS/Fedex ..."
Ned Slider wrote: <snip>
... forum deployments where I could register to get a feel for it's
end-user
features/usability?
Talking about tests, there is plan to setup a 'sandbox' system in a vm-farm so that we can simulate different instances of forums against a temporary ldap so that people can play with, experiment and validate first migration tests when the final decision will be made.
Fabian Arrotin wrote:
Ned Slider wrote:
<snip> >... forum deployments where I could register to get a feel for it's end-user > features/usability?
Talking about tests, there is plan to setup a 'sandbox' system in a vm-farm so that we can simulate different instances of forums against a temporary ldap so that people can play with, experiment and validate first migration tests when the final decision will be made.
Excellent. I'll look out for an announcement for that :)
Ned Slider wrote:
Marcus Moeller wrote:
I agree. This license makes it nealy impossible to use/distribute it.
I don't really see any restrictions on it's use, only it's distribution. I just don't particularly like the language per se.
It would mean that we'd use a forum software but wouldn't really be able to package it - especially if we had to change some code to make it work smoothly on a (for example) SELinux enabled CentOS install (or just put files somewhere else than SMF expects them to be and we would have to change code for that).
For me this is a real showstopper.
Ralph
Ralph Angenendt wrote:
Ned Slider wrote:
Marcus Moeller wrote:
I agree. This license makes it nealy impossible to use/distribute it.
I don't really see any restrictions on it's use, only it's distribution. I just don't particularly like the language per se.
It would mean that we'd use a forum software but wouldn't really be able to package it - especially if we had to change some code to make it work smoothly on a (for example) SELinux enabled CentOS install (or just put files somewhere else than SMF expects them to be and we would have to change code for that).
For me this is a real showstopper.
Ralph
+1 ... actually punbb/fluxbb works on a CentOS 5.x DomU with Selinux enabled and it's working ok (nothing to change, except allowing httpd to send smtp mail for the mail notification part of the forum)
On Fri, 26 Sep 2008, Fabian Arrotin wrote:
Ralph Angenendt wrote:
Ned Slider wrote:
Marcus Moeller wrote:
I agree. This license makes it nealy impossible to use/distribute it.
I don't really see any restrictions on it's use, only it's distribution. I just don't particularly like the language per se.
It would mean that we'd use a forum software but wouldn't really be able to package it - especially if we had to change some code to make it work smoothly on a (for example) SELinux enabled CentOS install (or just put files somewhere else than SMF expects them to be and we would have to change code for that).
For me this is a real showstopper.
Ralph
+1 ... actually punbb/fluxbb works on a CentOS 5.x DomU with Selinux enabled and it's working ok (nothing to change, except allowing httpd to send smtp mail for the mail notification part of the forum)
Did anyone look at the Forum capabilities of Drupal ? Or at some of the Drupal modules that add Forum capabilities.
I don't know what is important for forums, but it is used quite succesfully for lots of websites and the integration with a Drupal portal would mean that where necessary posts could be hightlighted on the frontpage (or some subsequent portal-page).
On Fri, Sep 26, 2008 at 12:31:33PM +0200, Dag Wieers wrote:
Did anyone look at the Forum capabilities of Drupal ? Or at some of the Drupal modules that add Forum capabilities.
I don't know what is important for forums, but it is used quite succesfully for lots of websites and the integration with a Drupal portal would mean that where necessary posts could be hightlighted on the frontpage (or some subsequent portal-page).
I'd agree with Dag - Drupal is definitely worth a look. License is good, integration with all sorts of other things is good, they actively hunt down security problems and fix them timeously, and a packages are already available on Fedora, so just plugging it into CentOS should not be too difficult.
OBDisclaimer: I'm still implementing my first site with it, so there may be issues I'm not aware of.
Dag Wieers wrote:
Did anyone look at the Forum capabilities of Drupal ? Or at some of the Drupal modules that add Forum capabilities.
If you add drupal to the list on the wiki, I am sure someone will look at it ( maybe me, I am considering using it for my own website as well ).
I don't know what is important for forums, but it is used quite succesfully for lots of websites and the integration with a Drupal portal would mean that where necessary posts could be hightlighted on the frontpage (or some subsequent portal-page).
Looks like there is a phpBB module for drupal, so would be worth a look, please add to the list
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
Is there also a FluxBB module for eZ Publish. Fedora-fr use a plateforme with FluxBB/eZ Publish/MediaWiki.
Karanbir Singh a écrit :
Dag Wieers wrote:
Did anyone look at the Forum capabilities of Drupal ? Or at some of the Drupal modules that add Forum capabilities.
If you add drupal to the list on the wiki, I am sure someone will look at it ( maybe me, I am considering using it for my own website as well ).
I don't know what is important for forums, but it is used quite succesfully for lots of websites and the integration with a Drupal portal would mean that where necessary posts could be hightlighted on the frontpage (or some subsequent portal-page).
Looks like there is a phpBB module for drupal, so would be worth a look, please add to the list
- -- Guillaume Kulakowski French Fedora Ambassador http://fedoraproject.org/wiki/GuillaumeKulakowski Webmaster of the French Fedora Core related website http://www.fedora-fr.org Jabber : llaumgui@jabber.ru MSN Messenger : llaumgui@hotmail.com
<big snip> Guillaume also looked at the fluxbb source and said that it should be easy to integrated ldap auth in fluxbb, so without having to modify the fluxbb source code itself (by using hooks) See his post on the fluxbb forum : http://fluxbb.org/forums/post/16062/#p16062 .. and Guillaume also agreed on the fact that because he knows fluxbb (and fluxbb developers very well), he could write such ldap_auth hook .. (and he proposed also to test the newbb -> fluxbb migration : see the tool he wrote for fluxbb here : http://www.punbb.fr/mods/mod.php?id=56 ) Can Guillaume have write script on the http://wiki.centos.org/WebsiteVer2/forums page ? his Wiki name should normally be GuillaumeKulakowski
Dear Fabian.
Guillaume also looked at the fluxbb source and said that it should be easy to integrated ldap auth in fluxbb, so without having to modify the fluxbb source code itself (by using hooks) See his post on the fluxbb forum : http://fluxbb.org/forums/post/16062/#p16062 .. and Guillaume also agreed on the fact that because he knows fluxbb (and fluxbb developers very well), he could write such ldap_auth hook .. (and he proposed also to test the newbb -> fluxbb migration : see the tool he wrote for fluxbb here : http://www.punbb.fr/mods/mod.php?id=56 ) Can Guillaume have write script on the http://wiki.centos.org/WebsiteVer2/forums page ? his Wiki name should normally be GuillaumeKulakowski
FluxBB seems to be a fork of PunBB which is currently used on fr...org (Fabian, you was involved in this attempt I guess).
I am not sure if the Portal Software for FluxBB (which is also Puntal I guess) is still maintained and/or if there are any alternatives available. I am also not sure why a relatively small project like PunBB has been forked.
Maybe Guillaume could join the discussion to point that out.
Best Regards Marcus
Hi all.
For Joomla / phpBB there is an non-invasive bridge available supporting all authentication backends that Joomla provides:
http://rocketwerx.com/products/rokbridge/overview
This is quite nice as all other solutions require code modifications which may lead to upgrade problems.
The latest Bridge available for Drupal is for v5.7:
phpBB in general is my favorite forum software as is scales very well and is easy to handle. Theming phpBB is a bit harder than e.g. fluxBB but still possible.
Best Regards Marcus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
for Fedora-Fr (http://www.fedora-fr.org), I use eZ Publish. For that, I have developed a FluxBB extension for eZ Publish : eZFluxBB (http://ez.no/developer/contribs/applications/ezfluxbb).
eZ Publish is the most powerfull enterprise CMS and open source. Some eZ reference : - http://www.fedora-fr.org (eZ P + eZFluxBB) - http://planet.fedora-fr.org (eZ P + planet extension) - http://calendrier2.fedora-fr.org (eZ P + eZiCal my new extension in developement)
The 3 virtualhost use the same instance of eZ. - and more (http://ez.no/customers/ez_publish_users)
Marcus Moeller a écrit :
FluxBB seems to be a fork of PunBB which is currently used on fr...org (Fabian, you was involved in this attempt I guess).
I am not sure if the Portal Software for FluxBB (which is also Puntal I guess) is still maintained and/or if there are any alternatives available. I am also not sure why a relatively small project like PunBB has been forked.
- -- Guillaume Kulakowski French Fedora Ambassador http://fedoraproject.org/wiki/GuillaumeKulakowski Webmaster of the French Fedora Core related website http://www.fedora-fr.org Jabber : llaumgui@jabber.ru MSN Messenger : llaumgui@hotmail.com
Dear Guillaume.
for Fedora-Fr (http://www.fedora-fr.org), I use eZ Publish. For that, I have developed a FluxBB extension for eZ Publish : eZFluxBB (http://ez.no/developer/contribs/applications/ezfluxbb).
eZ Publish is the most powerfull enterprise CMS and open source. Some eZ reference :
- http://www.fedora-fr.org (eZ P + eZFluxBB)
- http://planet.fedora-fr.org (eZ P + planet extension)
- http://calendrier2.fedora-fr.org (eZ P + eZiCal my new extension in
developement)
The 3 virtualhost use the same instance of eZ.
- and more (http://ez.no/customers/ez_publish_users)
Sounds very interesting. Does eZ support LDAP backends? And what about i18n?
Best Regards Marcus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear Marcus,
there is a login handler in eZ Publish and a LDAP extension exist. There is so l10n/i18n support
Marcus Moeller a écrit :
Dear Guillaume.
for Fedora-Fr (http://www.fedora-fr.org), I use eZ Publish. For that, I have developed a FluxBB extension for eZ Publish : eZFluxBB (http://ez.no/developer/contribs/applications/ezfluxbb).
eZ Publish is the most powerfull enterprise CMS and open source. Some eZ reference :
- http://www.fedora-fr.org (eZ P + eZFluxBB)
- http://planet.fedora-fr.org (eZ P + planet extension)
- http://calendrier2.fedora-fr.org (eZ P + eZiCal my new extension in
developement)
The 3 virtualhost use the same instance of eZ.
- and more (http://ez.no/customers/ez_publish_users)
Sounds very interesting. Does eZ support LDAP backends? And what about i18n?
Best Regards Marcus _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
- -- Guillaume Kulakowski French Fedora Ambassador http://fedoraproject.org/wiki/GuillaumeKulakowski Webmaster of the French Fedora Core related website http://www.fedora-fr.org Jabber : llaumgui@jabber.ru MSN Messenger : llaumgui@hotmail.com
Hi Guillaume,
There is so l10n/i18n support
On the eZ Website there are only a few translations available:
http://ez.no/download/translations
Are there any additional resources for language packs?
Best Regards Marcus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
there are official translation certified and include in eZ Publish, communauty translation, include in contribution, etc... There are a lot off language pack.
Marcus Moeller a écrit :
Hi Guillaume,
There is so l10n/i18n support
On the eZ Website there are only a few translations available:
http://ez.no/download/translations
Are there any additional resources for language packs?
Best Regards Marcus _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
- -- Guillaume Kulakowski French Fedora Ambassador http://fedoraproject.org/wiki/GuillaumeKulakowski Webmaster of the French Fedora Core related website http://www.fedora-fr.org Jabber : llaumgui@jabber.ru MSN Messenger : llaumgui@hotmail.com
On Fri, 26 Sep 2008, Karanbir Singh wrote:
Dag Wieers wrote:
Did anyone look at the Forum capabilities of Drupal ? Or at some of the Drupal modules that add Forum capabilities.
If you add drupal to the list on the wiki, I am sure someone will look at it ( maybe me, I am considering using it for my own website as well ).
There have been some interesting comments from Drupal users on my blog-post that compared the requirements with modules and features.
http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-972 http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-973 http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-978
I guess that is a first stop when assessing Drupal's capabilities.
Dear Dag.
Did anyone look at the Forum capabilities of Drupal ? Or at some of the Drupal modules that add Forum capabilities.
If you add drupal to the list on the wiki, I am sure someone will look at it ( maybe me, I am considering using it for my own website as well ).
There have been some interesting comments from Drupal users on my blog-post that compared the requirements with modules and features.
In general most of these comments are very interesting and Drupal is of course a great CMS., but I think the forums (even the Advanced Forums) does not scale that well.
There is a phpBB bridge available which might be an option.
Concerning Pun/FluxBB I have also talked to the (ex)developer of Puntal who said that his software is final and will no longer be developed. Puntal relies on the authentication framework of Pun/FluxBB which also needs to be extended to use LDAP auth.
But I guess Puntal is no real option as it's no longer maintained.
Best Regards Marcus
Marcus Moeller wrote:
In general most of these comments are very interesting and Drupal is of course a great CMS., but I think the forums (even the Advanced Forums) does not scale that well.
This seems to be my impression as well. However, I'd still like to see this myself on a local install.
There is a phpBB bridge available which might be an option.
yup.
Concerning Pun/FluxBB I have also talked to the (ex)developer of Puntal who said that his software is final and will no longer be developed. Puntal relies on the authentication framework of Pun/FluxBB which also needs to be extended to use LDAP auth.
But I guess Puntal is no real option as it's no longer maintained.
I think you missed some of the discussions around this issue since they happened a few months back - but yes, puntal/punbb are not on the agenda since fluxbb was the fork we are following.
Also, there were licensing issues around punbb which made a few people uncomfortable.
Dag Wieers wrote:
There have been some interesting comments from Drupal users on my blog-post that compared the requirements with modules and features. http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-972 http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-973 http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-978 I guess that is a first stop when assessing Drupal's capabilities.
That is good, however they dont say anything more than whats already available on google searches for these things. What we really would need before deciding is to have someone offer to take ownership of the effort to evaluate drupal, do the setup, setup some of these features and see how usable it really is.
eg. I am looking at Drupal for my own site and I find venturing into the modules portion of drupal immediately drops the quality of code, and even the ownership of security issues. It seems Drupal guys dont take on security issues for things that come from the modules or related projects that are being used inside drupal.
Karanbir Singh wrote:
eg. I am looking at Drupal for my own site and I find venturing into the modules portion of drupal immediately drops the quality of code, and even the ownership of security issues. It seems Drupal guys dont take on security issues for things that come from the modules or related projects that are being used inside drupal.
We (in my day job) see the same security issues for Joomla based sites when modules are used to extend core functionality. Site developers/owners are quick to extend functionality by installing additional plugins but then don't want the responsibility of maintaining multiple packages/plugins on the server. It just adds a further layer of complexity as any plugins need to also be separately monitored (and maintained) for security updates.
Good Evening.
eg. I am looking at Drupal for my own site and I find venturing into the modules portion of drupal immediately drops the quality of code, and even the ownership of security issues. It seems Drupal guys dont take on security issues for things that come from the modules or related projects that are being used inside drupal.
We (in my day job) see the same security issues for Joomla based sites when modules are used to extend core functionality. Site developers/owners are quick to extend functionality by installing additional plugins but then don't want the responsibility of maintaining multiple packages/plugins on the server. It just adds a further layer of complexity as any plugins need to also be separately monitored (and maintained) for security updates.
That's definitly true and why I try to leave most of the code as-is and add nearly no additional modules. I personally like Joomla very much. There where some annoying security issues in the past but I still believe in the stable code-base.
The Joomla phpBB bridge is non-invasive and should just work fine. If someone is interested in testing I could give him/her an account on gcug.de which will be merged when de.centos.org is going to happen.
This makes use of Fireboard, but I think I could also offer an phpBB installation. I could also transfer the installation to a testing VM if someone could grant me access.
Best Regards Marcus
Marcus Moeller wrote:
The Joomla phpBB bridge is non-invasive and should just work fine. If someone is interested in testing I could give him/her an account on gcug.de which will be merged when de.centos.org is going to happen.
you should request a vm on *.dev.centos.org and setup joomla there with the phpBB bridge.
Were only really going to consider options that get setup on *.dev.centos.org and ca demonstrate they work for the issues raised.
2008/9/29 Karanbir Singh mail-lists@karan.org:
Marcus Moeller wrote:
The Joomla phpBB bridge is non-invasive and should just work fine. If someone is interested in testing I could give him/her an account on gcug.de which will be merged when de.centos.org is going to happen.
you should request a vm on *.dev.centos.org and setup joomla there with the phpBB bridge.
Were only really going to consider options that get setup on *.dev.centos.org and ca demonstrate they work for the issues raised.
So Ralph, could you please set up a basic LAMP VM for that?
Best Regards Marcus
That's definitly true and why I try to leave most of the code as-is and add nearly no additional modules. I personally like Joomla very much. There where some annoying security issues in the past but I still believe in the stable code-base.
I've been lurking here a little while and thought I'd add my 2 cents on this topic ...
The strategy above is a sensible one. I've found that while many open source CMS products are very good at what they do, they are not "enterprise" products in the sense that development sometimes proceeds very quickly, driven by the laudable enthusiasm of the developers, but creating headaches for users who face a constant upgrade treadmill (apart from security fixes). To make matters worse, plug-in developers don't always keep up with the code base in a timely manner. Take the Drupal project for example, which is currently juggling concurrent support for versions 5 and 6 with 7 just around the corner.
Personally, I am now avoiding CMSs for my own projects (mainly documentation type stuff from now on) for the reasons above and tending more towards XML (DocBook) and XSLT. This frees me from the CMS upgrade treadmill and the constant potential for security issues needing fixing, and has the added benefits of being very flexible in how content is formatted and presented. Content can either be pre-generated and uploaded as static HTML, or generated on the fly with one pretty basic script. I realise that such a solution would be unworkable for a community site, however.
Ned Slider wrote:
We (in my day job) see the same security issues for Joomla based sites when modules are used to extend core functionality. Site developers/owners are quick to extend functionality by installing additional plugins but then don't want the responsibility of maintaining multiple packages/plugins on the server. It just adds a further layer of complexity as any plugins need to also be separately monitored (and maintained) for security updates.
yes, and its things like this :
which are quite scary.
Karanbir Singh wrote:
Ned Slider wrote:
We (in my day job) see the same security issues for Joomla based sites when modules are used to extend core functionality. Site developers/owners are quick to extend functionality by installing additional plugins but then don't want the responsibility of maintaining multiple packages/plugins on the server. It just adds a further layer of complexity as any plugins need to also be separately monitored (and maintained) for security updates.
Drupal 6 core has a built-in Update Status feature to keep the site admin up to date with new releases (contributed modules and security releases). It synchronizes with drupal.org and warns you when there are new releases for your modules. The update path is fairly easy and automated. using cvs to check out Drupal and its modules can save you a lot of time.
yes, and its things like this :
which are quite scary.
This is what happens when you don't use the Drupal API http://api.drupal.org/, which saves the developers from having to worry about common security issues like XSS, CSRF, SQL injection etc. In that way it's very quick to evaluate the quality of a module: you just need to check whether they make good use of the API or not...
Stephane Corlosquet wrote:
yes, and its things like this :
which are quite scary.
This is what happens when you don't use the Drupal API http://api.drupal.org/, which saves the developers from having to worry about common security issues like XSS, CSRF, SQL injection etc. In that way it's very quick to evaluate the quality of a module: you just need to check whether they make good use of the API or not...
Surely this is the responsibility of the drupal devteam and not the userbase to ensure stuff like this is not included. That specific module was at some time distributed from the drupal.org website wasent it ?
I dont really want to sit here and audit every bit of code that is going to come along with drupal. I'd much rather just plonk something together in pylons, in perhaps a day or so that would give me a better match for requirements.
On Tue, 30 Sep 2008, Karanbir Singh wrote:
Stephane Corlosquet wrote:
yes, and its things like this :
which are quite scary.
This is what happens when you don't use the Drupal API http://api.drupal.org/, which saves the developers from having to worry about common security issues like XSS, CSRF, SQL injection etc. In that way it's very quick to evaluate the quality of a module: you just need to check whether they make good use of the API or not...
Surely this is the responsibility of the drupal devteam and not the userbase to ensure stuff like this is not included. That specific module was at some time distributed from the drupal.org website wasent it ?
Does the absense of such bug-reports make a solution more secure ?
Dag Wieers wrote:
Surely this is the responsibility of the drupal devteam and not the userbase to ensure stuff like this is not included. That specific module was at some time distributed from the drupal.org website wasent it ?
Does the absense of such bug-reports make a solution more secure ?
well, does a widely circulated known exploit that isnt going to get a fix instill confidence in you ?
Note that this module was NOT part of Drupal core and that the amount of site using it was therefore limited (I myself never heard of it before). This is an edge case: the module was found to be badly designed and has been unpublished until the author rewrites it. This should be sorted out shortly. This case should not be generalized and in 99% of the cases, a new release is provided with the Security Announcement.
scor.
On Tue, Sep 30, 2008 at 8:39 PM, Karanbir Singh kbsingh@centos.org wrote:
Dag Wieers wrote:
Surely this is the responsibility of the drupal devteam and not the
userbase to ensure stuff like this is not included. That specific module was at some time distributed from the drupal.org website wasent it ?
Does the absense of such bug-reports make a solution more secure ?
well, does a widely circulated known exploit that isnt going to get a fix instill confidence in you ?
-- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos@irc.freenode.net _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
On Tue, 30 Sep 2008, Karanbir Singh wrote:
Dag Wieers wrote:
Surely this is the responsibility of the drupal devteam and not the userbase to ensure stuff like this is not included. That specific module was at some time distributed from the drupal.org website wasent it ?
Does the absense of such bug-reports make a solution more secure ?
well, does a widely circulated known exploit that isnt going to get a fix instill confidence in you ?
At least there is a process of reporting out-of-core security problems.
Why should the Drupal team be responsible of code they clearly do no support ? Go and talk to the module's developers to see what processes they have before you use it.
Dag Wieers wrote:
At least there is a process of reporting out-of-core security problems.
I dont see how that is relevant, CVE's are open to anyone to report against / for ? so whats your point ?
Why should the Drupal team be responsible of code they clearly do no support ? Go and talk to the module's developers to see what processes they have before you use it.
Sure, that should be something that whoever decided to test and look after drupal ( should we select it ) should do, if the built in core modules are unable to handle the issues we need it to.
KeyZ is offering a "Sample of CentOS.org implementation using Drupal" see http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-988 http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-983
scor.
On Tue, Sep 30, 2008 at 10:04 PM, Karanbir Singh kbsingh@centos.org wrote:
Dag Wieers wrote:
At least there is a process of reporting out-of-core security problems.
I dont see how that is relevant, CVE's are open to anyone to report against / for ? so whats your point ?
Why should the Drupal team be responsible of code they clearly do no
support ? Go and talk to the module's developers to see what processes they have before you use it.
Sure, that should be something that whoever decided to test and look after drupal ( should we select it ) should do, if the built in core modules are unable to handle the issues we need it to.
-- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos@irc.freenode.net _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
Hello all -
My name is David Newkerk, and have posted under the user name Keyz on Dag's blog post regarding Drupal. Dag requested that I post directly to the mailing list instead so that the info I am compiling can be more readily seen by everyone. Apologies if I have posted incorrectly with this first reply, as I'm not yet accustomed to using the mailing list. I will post several longer replies once I'm sure I've posted correctly.
Thanks!
- David
On Tue, Sep 30, 2008 at 2:04 PM, Karanbir Singh kbsingh@centos.org wrote:
Dag Wieers wrote:
At least there is a process of reporting out-of-core security problems.
I dont see how that is relevant, CVE's are open to anyone to report against / for ? so whats your point ?
Why should the Drupal team be responsible of code they clearly do no support ? Go and talk to the module's developers to see what processes they have before you use it.
Sure, that should be something that whoever decided to test and look after drupal ( should we select it ) should do, if the built in core modules are unable to handle the issues we need it to.
-- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos@irc.freenode.net _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
Stephane has kindly recommended I simply refer to my already-posted info, and continue from here on in the mailing list. Please read these posts, as I have tried to offer insight into the mindset behind Drupal's way of releasing modules, as well as covered security/update topics. As a recap to better organize links to the info posted thus far:
Drupal answers for CentOS forum user requests, theme, multi-site: http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-973
Drupal forum performance test results: http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-978
Sample of CentOS.org implementation using Drupal: http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-988
From within the above link (Sample of CentOS.org implementation using
Drupal), these are important to point to:
IA and implementation of CentOS.org with Drupal: http://www.davidnewkerk.com/book/52
Recipe of modules to build the CentOS.org website using Drupal (minus core forum, and including background info on each of the module Maintainers, so you can see that the modules, when wisely selected, are reliable): http://www.davidnewkerk.com/module-recipes/r-centos
I'm available to help if a custom demo of Drupal is desired. If you'd like I will set up a copy on my local server tailored for your needs, and send you a tar.gz of the files and a database dump, so you can set it up on your server. If you want to grant any access I will be happy to set it up that way.
Also, I'd like to see if I can help fill in the requirements more completely in a few areas, such as the Y/N in requirement D, and the empty column for requirement a. If anyone could clarify these 2 areas, I will research how best to fulfill them with Drupal.
I'm sure whichever CMS you choose will serve you well. It's my goal to present Drupal as a viable option to allow you to make an educated decision and help you bypass any learning curve if you select Drupal (as Drupal is more complex and powerful than most CMSes and can thus take more time to understand without a guide).
Thanks!
- David
On Tue, Sep 30, 2008 at 2:11 PM, David Newkerk centosml@davidnewkerk.com wrote:
Hello all -
My name is David Newkerk, and have posted under the user name Keyz on Dag's blog post regarding Drupal. Dag requested that I post directly to the mailing list instead so that the info I am compiling can be more readily seen by everyone. Apologies if I have posted incorrectly with this first reply, as I'm not yet accustomed to using the mailing list. I will post several longer replies once I'm sure I've posted correctly.
Thanks!
- David
I have updated my suggested list of modules for CentOS.org to include a tag stating whether a given module is supported by Acquia (Acquia, co-founded by Drupal's original creator Dries Buytaert, is a commercially supported package of Drupal 6 core + a selection of modules to form an easy/seamless, pre-configuerd experience for users). To learn about what this means, see: http://acquia.com/products-services/acquia-drupal-modules http://acquia.com/products-services/acquia-frequently-asked-questions#fork http://www.linux.com/feed/149212
The modules are the precise same releases as available on drupal.org (and Acquia Drupal is precisely the same as Drupal 6.x released on drupal.org... still 100% GPL), however a selection of contributed modules have been chosen to be part of the commercially-supported Acquia Drupal release/service - they remain contributed and completely independent modules, but receive the full benefits of Acquia's support (patches, upgraded features, etc), as they are pouring resources into the improvement of these modules specifically. Though you can put significant confidence in the modules I am carefully listing overall, you can put complete confidence in the modules marked as supported by Acquia.
Here is my module recommendation page for CentOS.org: http://www.davidnewkerk.com/module-recipes/r-centos
The majority of the modules I've recommended in this list are supported by Acquia (and are also almost exclusively "top tier" modules that are broadly used by a significant percentage of the Drupal community, as well as by a variety of variety of notable sites/companies/organizations that run Drupal). Several others such as Views and Nodequeue are additionally supported by other notable sources (such as Sony, which the creator of those modules, Earl Miles, works for and develops his modules full time). Many are maintained by Drupal core contributors and/or well-established Drupal development companies. CentOS.org would need "only" the modules I have listed, give or take a few (dependent on the actual requirements of the site, or possibly introducing new functionality that hasn't yet been discussed). In the current Drupal environment, CCK and Views eliminates the need for a wide variety of other modules, being able to reproduce an extremely versatile array of functionality with only those two modules and a small selection of well-supported Field and Display format plug-in modules (such as ImageField, etc). From the Case Studies I previously mentioned, you can see many of the same modules coming up again and again: http://drupal.org/success-stories
It's important to note that "no" CMS (even a high priced commercial one) will give you freedom from security flaws (we all know that, regarding "certain" operating systems that will not be named haha). The best recourse is with a system that works hard to discover security flaws and deliver solutions for them effectively and rapidly to users (which I believe Drupal does an excellent job of). Also, with any CMS where community members are permitted to freely share their own modules and themes to be made available to the rest of the community, extra judgment is necessary to determine the quality and safety of a module for your site, especially if you do not yet possess the experience in the community/software to successfully separate the "chaff from the grain" as it were. This applies equally to Drupal, Joomla, and any other CMS which operates its community contributions in this way (which to its credit, encourages amazing innovation, sharing of knowledge and resources, etc). On the plus side for Drupal as compared to most other CMSes, there is an active Security team going through contributed modules seeking out security flaws, and due to their centralized repository, all Drupal modules are "known of and always accessible" and consequently able to be assessed - this can only be done as rapidly as volunteer man-power can accommodate, due to the huge quantity of available modules.
I hope this info proves helpful in your decision. Please don't hesitate to ask me any questions, as I'll be happy to help clarify anything.
- David
On Tue, Sep 30, 2008 at 2:52 PM, David Newkerk centosml@davidnewkerk.com wrote:
Stephane has kindly recommended I simply refer to my already-posted info, and continue from here on in the mailing list. Please read these posts, as I have tried to offer insight into the mindset behind Drupal's way of releasing modules, as well as covered security/update topics. As a recap to better organize links to the info posted thus far:
Drupal answers for CentOS forum user requests, theme, multi-site: http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-973
Drupal forum performance test results: http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-978
Sample of CentOS.org implementation using Drupal: http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-988
From within the above link (Sample of CentOS.org implementation using Drupal), these are important to point to:
IA and implementation of CentOS.org with Drupal: http://www.davidnewkerk.com/book/52
Recipe of modules to build the CentOS.org website using Drupal (minus core forum, and including background info on each of the module Maintainers, so you can see that the modules, when wisely selected, are reliable): http://www.davidnewkerk.com/module-recipes/r-centos
I'm available to help if a custom demo of Drupal is desired. If you'd like I will set up a copy on my local server tailored for your needs, and send you a tar.gz of the files and a database dump, so you can set it up on your server. If you want to grant any access I will be happy to set it up that way.
Also, I'd like to see if I can help fill in the requirements more completely in a few areas, such as the Y/N in requirement D, and the empty column for requirement a. If anyone could clarify these 2 areas, I will research how best to fulfill them with Drupal.
I'm sure whichever CMS you choose will serve you well. It's my goal to present Drupal as a viable option to allow you to make an educated decision and help you bypass any learning curve if you select Drupal (as Drupal is more complex and powerful than most CMSes and can thus take more time to understand without a guide).
Thanks!
- David
On Tue, Sep 30, 2008 at 2:11 PM, David Newkerk centosml@davidnewkerk.com wrote:
Hello all -
My name is David Newkerk, and have posted under the user name Keyz on Dag's blog post regarding Drupal. Dag requested that I post directly to the mailing list instead so that the info I am compiling can be more readily seen by everyone. Apologies if I have posted incorrectly with this first reply, as I'm not yet accustomed to using the mailing list. I will post several longer replies once I'm sure I've posted correctly.
Thanks!
- David
Hi David,
David Newkerk wrote:
I'm available to help if a custom demo of Drupal is desired. If you'd like I will set up a copy on my local server tailored for your needs, and send you a tar.gz of the files and a database dump, so you can set it up on your server. If you want to grant any access I will be happy to set it up that way.
thanks for all this work, much of it looks at first sight, to be quite impressive. But, there is one point I want to stress here, Please dont spend time looking at www.centos.org replacements - were not looking at doing that right now. The focus of this effort, now, is to find a forum system and a light weight portal around it that can display news and host urls pointing at wiki content, issue tracker etc.
On Tue, 30 Sep 2008, Karanbir Singh wrote:
Dag Wieers wrote:
At least there is a process of reporting out-of-core security problems.
I dont see how that is relevant, CVE's are open to anyone to report against / for ? so whats your point ?
It is relevant in the sense that:
1. You seem to hold Drupal responsible, while they merely put contributed modules on their website
2. They at least respond to security problems by removing them from the website and providing that information
Why are you picking on me again while I just respond to what you say and try to put it into context ?
Again I am questioning why I even bother if every thread ends into something like this...
Dag Wieers wrote:
I dont see how that is relevant, CVE's are open to anyone to report against / for ? so whats your point ?
It is relevant in the sense that:
- You seem to hold Drupal responsible, while they merely put contributed modules on their website
do you then mean to say that packages we host in the centos mirrors should not be something we should even be concerned about ? Since they are not something we write, we just package and put them up here ?
- They at least respond to security problems by removing them from the website and providing that information
Why are you picking on me again while I just respond to what you say and try to put it into context ?
I dont think I am picking on you at all, this is a conversation that Marcus started and you joined. If you merely want to say something and have no replies to that, thats fine. I wont bother replying.
On Tue, 30 Sep 2008, Karanbir Singh wrote:
Dag Wieers wrote:
I dont see how that is relevant, CVE's are open to anyone to report against / for ? so whats your point ?
It is relevant in the sense that:
- You seem to hold Drupal responsible, while they merely put contributed modules on their website
do you then mean to say that packages we host in the centos mirrors should not be something we should even be concerned about ? Since they are not something we write, we just package and put them up here ?
Did I say that ? Did I even imply that by explaining to you how Drupal contributed modules work ? I don't think so...
You could have said that you misinterpreted how Drupal worked with contributed modules and leave it at that.
On Mon, 29 Sep 2008, Karanbir Singh wrote:
Dag Wieers wrote:
There have been some interesting comments from Drupal users on my blog-post that compared the requirements with modules and features. http: //dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-972 http: //dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-973 http: //dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-978 I guess that is a first stop when assessing Drupal's capabilities.
That is good, however they dont say anything more than whats already available on google searches for these things. What we really would need before deciding is to have someone offer to take ownership of the effort to evaluate drupal, do the setup, setup some of these features and see how usable it really is.
I can certainly ask the people the reacted on the blog-post, but in that case (s)he should have access to the system to configure it.
eg. I am looking at Drupal for my own site and I find venturing into the modules portion of drupal immediately drops the quality of code, and even the ownership of security issues. It seems Drupal guys dont take on security issues for things that come from the modules or related projects that are being used inside drupal.
I think that is the difference between the core modules and the contributed stuff. As soon as they would take ownership it would be as part of the core.
Of course, core developers also contribute modules, so it largely depend on the module itself.
Hi all,
Karanbir Singh wrote:
Dag Wieers wrote:
There have been some interesting comments from Drupal users on my blog-post that compared the requirements with modules and features. http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-972 http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-973 http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-978 I guess that is a first stop when assessing Drupal's capabilities.
That is good, however they dont say anything more than whats already available on google searches for these things. What we really would need before deciding is to have someone offer to take ownership of the effort to evaluate drupal, do the setup, setup some of these features and see how usable it really is.
eg. I am looking at Drupal for my own site and I find venturing into the modules portion of drupal immediately drops the quality of code, and even the ownership of security issues.
Drupal core has a greater code quality than Drupal modules since each patch going into core gets reviewed by a lot of developers before it gets committed. Contributed modules however can be authored by anybody. It's the reason why, before using one of them, one should consider the code quality, the author of the module, the issue queue and what people generally say about the module - see http://drupalmodules.com/ for module ratings. Some well know core contributor also author modules. There are some well know contributed modules which are very common and therefore get a lot of review (CCK, Views, Panels, fivestars...). I don't think this is very different from other Open Source projects where anybody can share their plugin/module/code.
It seems Drupal guys dont take on security issues for things that come from the modules or related projects that are being used inside drupal.
Being a member of the Drupal security team, I can assure you that we also handle the contributed modules hosted on drupal.org (given the resources of our team) and we reply to every legitimate security report and release a security announcement when necessary. see http://drupal.org/security-team for more details.
scor.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
you can forget (Flux|Pun)BB for the next version. The 1.3 won't released and the next version (1.4) don't permit external authantification...
This features will be in 2.0 who is not planed.
Cdt.
Karanbir Singh a écrit :
Dag Wieers wrote:
Did anyone look at the Forum capabilities of Drupal ? Or at some of the Drupal modules that add Forum capabilities.
If you add drupal to the list on the wiki, I am sure someone will look at it ( maybe me, I am considering using it for my own website as well ).
I don't know what is important for forums, but it is used quite succesfully for lots of websites and the integration with a Drupal portal would mean that where necessary posts could be hightlighted on the frontpage (or some subsequent portal-page).
Looks like there is a phpBB module for drupal, so would be worth a look, please add to the list
- -- Guillaume Kulakowski French Fedora Ambassador http://fedoraproject.org/wiki/GuillaumeKulakowski Webmaster of the French Fedora Core related website http://www.fedora-fr.org Jabber : llaumgui@jabber.ru MSN Messenger : llaumgui@hotmail.com
Ned Slider wrote:
- Must address the specific requirements raised by the present
www.centos.org forum users ( Can you please fill this section in ? )
This is a task I can do. Where/how would you like the information?
http://wiki.centos.org/WebsiteVer2/forums
Also, w.r.t testing, I think we will need it to be on one of our VM's before any OK decisions are made.
Karanbir Singh wrote:
I'll setup a wiki page for this issue, which might be a good place to track progress.
http://wiki.centos.org/WebsiteVer2/langSubsites and http://wiki.centos.org/WebsiteVer2/forums
Karanbir Singh wrote:
Ralph and Fabian are going to work on setting up a test ldap server, once that is online we will then start by installing into our test-vm-farm the various s/w to eval them.
That has been done now, see http://wiki.centos.org/WebsiteVer2/forums.
As that page states: Password on request (oh yes, and I do have to know you).
It's a very basic setup, but it should work. If one of those forum softwares has special requirements about schemas or so, please note that either here or in the wiki.
Cheers,
Ralph
Hi everyone,
I'm back on the internet (and still alive) and I'll will start having some time again for CentOS.
About the forums. I've already posted my ideas in these threads a while back :
http://lists.centos.org/pipermail/centos-devel/2008-June/thread.html http://lists.centos.org/pipermail/centos-devel/2008-August/003098.html
To recap my shortlist is :
1) phpBB 2) SMF 3) phorum
If I read the current threads correctly some people are going to setup some of the softwares mentioned and I think nobody offered to setup phpBB so I've there is a VM available I'm willing to setup a phpBB instance for testing.
For the rest I like all the opinions offered :-)
Regards, Tim
Hi Tim,
Tim Verhoeven wrote:
I'm back on the internet (and still alive) and I'll will start having some time again for CentOS.
And there was much rejoicing!
To recap my shortlist is :
- phpBB
- SMF
- phorum
4) CentOS Directory Server and IPA ?
Glad to have you back!
On Mon, Sep 29, 2008 at 10:02 PM, Brandon Davidson brandond@uoregon.edu wrote:
To recap my shortlist is :
- phpBB
- SMF
- phorum
- CentOS Directory Server and IPA ?
That is a different project altogether :-) I'm will get to it, promised !
Glad to have you back!
Thanks !
Regards, Tim
Tim Verhoeven wrote:
To recap my shortlist is :
- phpBB
- SMF
License issues :)
- phorum
If I read the current threads correctly some people are going to setup some of the softwares mentioned and I think nobody offered to setup phpBB so I've there is a VM available I'm willing to setup a phpBB instance for testing.
As soon as we can create new instances - sure. They're still doing maintenance on the system afaics.
But: You seem to have access to 92.60.118.133 already - why not put up one instance on the ldap server itself? If you have the time and don't want to wait, that is.
Ralph
Am 29.09.2008 um 22:11 schrieb Ralph Angenendt ra+centos@br-online.de:
Tim Verhoeven wrote:
To recap my shortlist is :
- phpBB
- SMF
License issues :)
What's wrong with the phpBB licence?
- phorum
If I read the current threads correctly some people are going to setup some of the softwares mentioned and I think nobody offered to setup phpBB so I've there is a VM available I'm willing to setup a phpBB instance for testing.
As soon as we can create new instances - sure. They're still doing maintenance on the system afaics.
But: You seem to have access to 92.60.118.133 already - why not put up one instance on the ldap server itself? If you have the time and don't want to wait, that is.
I have already started evaluating phpBB and am willed to setup an Installation with a Joomla Bridge.
I'm just waitting for an test VM.
So Tim, you just might wamt to join then.
Marcus
On Tue, Sep 30, 2008 at 7:32 AM, Marcus Möller mm@gcug.de wrote:
Am 29.09.2008 um 22:11 schrieb Ralph Angenendt ra+centos@br-online.de:
Tim Verhoeven wrote:
To recap my shortlist is :
- phpBB
- SMF
License issues :)
What's wrong with the phpBB licence?
I'm guessing Ralph is referring to the SMF license, not the phpBB one.
...snip...
I have already started evaluating phpBB and am willed to setup an Installation with a Joomla Bridge.
I'm just waitting for an test VM.
So Tim, you just might wamt to join then.
Alright, perfect. Give me a ring when you have it running.
Regards, Tim
Marcus Möller wrote:
Am 29.09.2008 um 22:11 schrieb Ralph Angenendt ra+centos@br-online.de:
Tim Verhoeven wrote:
To recap my shortlist is :
- phpBB
- SMF
License issues :)
What's wrong with the phpBB licence?
Nothing.
I have already started evaluating phpBB and am willed to setup an Installation with a Joomla Bridge.
I'm just waitting for an test VM.
So are we. Still waiting for the service provider to end the system maintenance. We cannot create new VMs at the moment.
So Tim, you just might wamt to join then.
I thought he wanted to do fluxbb?
Ralph
Hi Ralph.
Tim Verhoeven wrote:
To recap my shortlist is :
- phpBB
- SMF
License issues :)
What's wrong with the phpBB licence?
Nothing.
I thought so, just wonderd about the quotation ;)
I have already started evaluating phpBB and am willed to setup an Installation with a Joomla Bridge.
I'm just waitting for an test VM.
So are we. Still waiting for the service provider to end the system maintenance. We cannot create new VMs at the moment.
So Tim, you just might wamt to join then.
I thought he wanted to do fluxbb?
<insert> If I read the current threads correctly some people are going to setup some of the softwares mentioned and I think nobody offered to setup phpBB so I've there is a VM available I'm willing to setup a phpBB instance for testing. </insert>
Not really.
Best Regards Marcus
Hey, so I'd like to see CentOS 5.3, and I understand that everyone here is busy (and giving me the fruits of their labor for free- Thank you! I am not trying to complain about that. CentOS is something that I have personally extracted quite a lot of value from.)
What I have is a whole lot of CentOS/Xen Virtual private servers (and I will shortly have some real hardware up, too.) and a pretty good SysAdmin who can handle any setup and/or custom sysadmin needs.
At this moment, I can give temporary CentOS images on my test server (It's a dual 1.9Ghz quad-core opteron with 32GB ram) I would assume test/build images would have 2gb to 4gb ram each. You can run the cpu and disk as much as you want, but I'm trying to keep my 95th percentile on that box below 10Mbps. (so it's great for testing, not so much for mirroring. My new location, that I'm moving into on the 21st, has cheaper bandwidth, so it won't be as much of a concern.)
Would this be useful?
Luke S Crawford wrote:
What I have is a whole lot of CentOS/Xen Virtual private servers (and I will shortly have some real hardware up, too.) and a pretty good SysAdmin who can handle any setup and/or custom sysadmin needs.
cool.
At this moment, I can give temporary CentOS images on my test server
....
Would this be useful?
no.
Physical machines that we can host within our buildsetup is what would help the most. Ideally 16/32GB ram, 4 or 8 core machines, with 4 or more spindles and gigabit network capability.
Hey there,
It's great to hear that you've been getting a lot of value from CentOS! However, CentOS 5.3 is quite an old version (released back in 2009), and it's no longer officially supported. The community has moved on to newer versions with more features, better security, and updated packages.
If you need CentOS 5.3 specifically for a legacy system or for historical purposes, you might still find old ISO images from archive sites or mirrors. But be cautious—using an outdated OS in production can be risky due to security vulnerabilities that are no longer patched.
If your project allows, I’d recommend considering an upgrade to a more recent version of CentOS or moving to alternatives like CentOS Stream, Rocky Linux, or AlmaLinux, which have active support and are more secure.
On Fri, Aug 16, 2024 at 2:19 PM xowin52012--- via devel devel@lists.centos.org wrote:
Hey there,
It's great to hear that you've been getting a lot of value from CentOS! However, CentOS 5.3 is quite an old version (released back in 2009), and it's no longer officially supported. The community has moved on to newer versions with more features, better security, and updated packages.
If you need CentOS 5.3 specifically for a legacy system or for historical purposes, you might still find old ISO images from archive sites or mirrors. But be cautious—using an outdated OS in production can be risky due to security vulnerabilities that are no longer patched.
*This*. The httpd associated with CentOS 5.3 is old enough to have numerous vulnerabilities in an exposed, modern environment. Even if the server is entirely internal, it's begging to be rootkitted and your internal codebase and services exposed.
If your project allows, I’d recommend considering an upgrade to a more recent version of CentOS or moving to alternatives like CentOS Stream, Rocky Linux, or AlmaLinux, which have active support and are more secure.
https://pdfrani.net/ _______________________________________________ devel mailing list -- devel@lists.centos.org To unsubscribe send an email to devel-leave@lists.centos.org
-
admin -
Akemi Yagi -
Brandon Davidson -
Dag Wieers -
David Hrbáč -
David Newkerk -
Fabian Arrotin -
Guillaume Kulakowsi -
Guillaume Kulakowski
-
Jerry Amundson -
Karanbir Singh -
Karanbir Singh -
Luke S Crawford -
Marcus Moeller -
Marcus Möller
-
Ned Slider -
Neil Thompson -
Nico Kadel-Garcia -
Ralph Angenendt -
Stephane Corlosquet -
Tim Verhoeven -
xowin52012@acpeak.com