Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - ownCloud 8.1 is out with little features but more stability (owncloud.org)

jospoortvliet writes: ownCloud has made the 8.1 release available, talking about under the hood improvements, increasing scalability and performance rather than features. There are some but it seems mostly minor which is exactly what many users have been asking for. Much security and documentation work was done, too. Get more information on https://owncloud.org/blog/ownc...

Part of the stabilization has been working with the Atom Smashers in CERN on a testing tool called Smashbox:
Blog 1: https://owncloud.org/blog/ownc...
Blog 2: https://owncloud.org/blog/smas...

Submission + - Linux Distributions and Open Source projects (owncloud.org)

An anonymous reader writes: Some recent articles such as “ownCloud Asks Canonical to Remove Their Software from Ubuntu Repos, Sparks Fly“, and “ownCloud Ubuntu package affected by multiple critical security issues, nobody to fix it” got published and caused a stir in social media. The issue was even featured on Slashdot. Those articles were based on a request sent by one of our security team members to Ubuntu requesting the removal of an older “ownCloud” package on Ubuntu. While initially a subject for debate, the request was later approved by the Ubuntu Council, and prompted them to develop a policy to deal with outdated software in their repositories. The incident shows how independent open source projects sometimes struggle to deliver stable and secure software to their users within the current Linux Distribution Model.
from https://owncloud.org/blog/linu...

Comment Re:Clarification regarding backports (Score 5, Interesting) 126

Advising your users to use your own repository is not a satisfying answer. If there's a package in Debian, then it should be fine using it. It should as well receive (security) updates if needed.

Absolutely, that said: the Debian maintainers are doing great work and the ownCloud Debian packages are absolutely up-to-date.

Now, it's looking like you didn't choose to have your package "synced" in Ubuntu universe. It just happened just like with many other software. My advice then would be to explicitely ask that the owncloud package is not synced again in any future release of Ubuntu, so you don't run into the same trouble again.

As a project we did not add our package anywhere. The point here is that we *are* responsible and actively maintaining our packages and we do it as a central place which is OBS. The problem is only that there is not yet a way to make that easy usable in Ubuntu or other distributions.

As for updating packages in Ubuntu, my experience is that it's not that hard. Just prepare a new package, and send the link to the Ubuntu security team, and basically, they can take care of the rest.

Why should we have to maintain our own repositories and the ones of every distribution out there? - This is okay as a short-term solution where we only have to to minor updates, but as soon as we have another major update it gets somewhat trickier :-)
I think this shows a bigger problem with the Universe repository: In our case we complained, but most other packages in there are most likely quite outdated as well but in their case no-one bothers to complain.

Comment Re:Why not allow the update into the repos? (Score 2) 126

As noted in another reply from myself:

Additionally, some people in the comments seem to claim that "one developer of ownCloud is noted as maintainer for the Debian package". This entry is a legacy entry and as you can see in the changelog at http://metadata.ftp-master.deb... [debian.org] Thomas did last modify the packages at 11 Oct 2012.

(Disclaimer: Opinions expressed in this post are solely my own and do not necessarily also express the views of the ownCloud project or my employer)

Comment Re: Why not allow the update into the repos? (Score 3, Informative) 126

This would require to follow processes such as SRU. - While it may sounds like an easy solution this is a heavy burden which we do not want to take on us.
Especially, if we want to do security releases at the same time we could - even if we would maintain the Ubuntu packages ourself - not guarantee that this would happen at the same time. We're therefore providing our own repositories at owncloud.org/install
But if you want to do this "trivially easy" job for us over the whole lifetime of the distribution (5 years) we'd really appreciate it.

Comment Clarification regarding backports (Score 5, Informative) 126

Lukas from ownCloud here (the one mentioned in that article). I have to say, that this quickly escalated in a way that I did certainly not intend to. However, I'd like to clarify one thing.

The article states "for which no fixes have been backported". With that I meant to refer to the Ubuntu packages and not Version 5 or 6. We still support ownCloud 5 for security patches and critical bugfixes and ownCloud 6 for bugfixes and security patches. This might have been unclear.

I sent this request to Ubuntu because we're very much concerned about our users. While some of us might know that using the "Universe" repository is not a that great idea for internet facing software, most people don't. Furthermore, I don't believe it's the responsibility of the developer to update packages in every single distribution out there. Especially with distributions such as Ubuntu you have to follow quite complex processes such as SRU which consumes a lot of time.
Additionally, some people in the comments seem to claim that "one developer of ownCloud is noted as maintainer for the Debian package". This entry is a legacy entry and as you can see in the changelog at http://metadata.ftp-master.deb... Thomas did last modify the packages at 11 Oct 2012.

We're always recommending to our users to use one of the supported installation methods such as owncloud.org/install where we even provide our own repositories for most distributions.

(Disclaimer: Opinions expressed in this post are solely my own and do not necessarily also express the views of the ownCloud project or my employer)

Slashdot Top Deals

Whom computers would destroy, they must first drive mad.

Working...