[Users] Users Digest, Vol 14, Issue 13
David Sommerseth
dazo at eurephia.org
Tue Mar 14 23:50:42 CET 2017
On 13/03/17 14:36, Mark Nichols wrote:
> To further clarify, I have been in touch with Oracle a lot in the last
> year. They significantly modified the 7.x code base of Zimbra and
> swapped out the mysql database with the Oracle database.
>
> There are many other customers including a couple of ISP's still
> attempting to run older versions of Zimbra including some who are on 6.x
> in spite of the security issues. In the cases I am aware of, some made
> significant modifications to the core product such that a direct rolling
> upgrade is not possible and now require a full blown migration. Getting
> customers to a current version is a challenge we have attempted to
> address many times in many ways.
IMHO, both these approaches are really horrible ones. Oracle is
probably one who can have access to enough resources maintain such a
setup. But deliberately putting yourself into a situation where you end
up maintaining a fork of a product is absolutely not something neither
Synacor nor the wide Zimbra community can really consider viable.
There are probably many reasons why someone thinks this is a good idea
in a short term. But as a long term solution ... unless you're willing
to waste time, money and resources on duplicating others work, then this
is not a viable solution. Especially when security related issues
begins to show up, as the broader community of ZCS users will by far
have a better chance to have these fixes tested than a few large
entities maintaining their own isolated fork. Potentially a larger
community can definitely benefit
My point is: This must be _discouraged_ at all possible levels.
To achieve that in a viable way, I believe it is needed to:
- Educate users who fixes issues in ZCS how to contribute their fixes
- Have easy processes to receive, review and accept contributed patches
- Have good, simple and up-to-date documentation how to fetch source
code and build it without requiring much additional setup (except
needed software/build-dependencies)
- Establish a vibrant and active community of developers, with at least
no less than half of the community being *NON-*Synacor employees
- Open bugzilla/bug-tracker which provides all information needed
for the community to look at fixing issues. (== Forbid hidden/secret
bugzillas for non-NE editiion tickets, *including* security tickets)
(there are lots of more things; but right now, I consider these ones the
most crucial ones. AND! I do NOT say nothing of this is not happening,
I believe some of these things are at least in progress)
Of course, Zeta Alliance is trying to help out getting things into this
direction too. And I do have an impression Synacor is, at least trying
to, moving in the right direction. But the travel have just started and
it's a long road.
(Btw ... responding to these "Digest" mails, and in particular when not
trimming down and just do a top-post, makes it really hard to see the
context of your reply)
--
kind regards,
David Sommerseth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20170314/3c024c55/attachment.sig>
More information about the Users
mailing list