Create account



CodeIgniter.com Twitter      


  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
CI Reactor 2.0.2 is a disaster

El Forum
Guest
 
#1
04-09-2011, 04:29 AM
[eluser]patwork[/eluser]
Cmon' guys, latest version of Reactor (2.0.2) is a disaster, it looks like it wasn't even tested before commit on bitbucket.

Cache class is not working at all (!):
https://bitbucket.org/ellislab/codeignit...cache_file

Security config for CSRF is completly ignored:
https://bitbucket.org/ellislab/codeignit...ng-ingored

There is some new bug with ENVIRONMENT:
https://bitbucket.org/ellislab/codeignit...onfig-with

I know it's "work in progress" and new features can have errors, but these are things which were working properly before 2.0.2. It's over 2 days after release now and nobody seems to care...

Don't get me wrong, I'm willing to help. I'm trying to fix some bugs in my own Reactor fork on bitbucket.
https://bitbucket.org/patwork/codeignite...ifications

El Forum
Guest
 
#2
04-13-2011, 09:31 AM
[eluser]kenjis[/eluser]
CRSF protection does not work at all.
https://bitbucket.org/ellislab/codeignit...when-using

And news says:
"The security fix patches a small vulnerability in the cross site scripting filter."
but there is no documentation about the fix in User Guide Change Log.


BTW does anybody know the security issue affects CI 1.7 or not?
Or detail of the security issue?

El Forum
Guest
 
#3
04-13-2011, 10:14 AM
[eluser]InsiteFX[/eluser]
Thats because they are spending all their time over at Fuel Framework!
Don't belive me look in their forums.

Nothing done in Reactor for over 5 days now!
111 Issues - un-solved.

Never had problems like this when the EllisLab Team handled thing!

Had to wait a long time for updates, but at least they worked!

I think that it's time for EllisLabs to put a stop to this and get CodeIgniter back on the right track!!!!

Just my opinon...

InsiteFX

El Forum
Guest
 
#4
04-13-2011, 11:41 AM
[eluser]Developer13[/eluser]
I think the simplest solution would be to just use CI Core instead of Reactor... or don't use the bleeding edge 2.0.2.

El Forum
Guest
 
#5
04-13-2011, 01:57 PM
[eluser]WanWizard[/eluser]
@InsiteFX:

I believe of the Reactor team (6 the last time I looked), only Phil works on Fuel as well.
Phil is currently very busy with CICON2011, so I can imagine he doesn't have a lot of spare time.

If I check the changesets, I see mainly activity from Phil (apart from pkriete), what are the other 5 doing?

El Forum
Guest
 
#6
04-13-2011, 02:32 PM
[eluser]InsiteFX[/eluser]
Good question, maybe there should be more on the team!

I know Phil is busy, this really pointed at the others. That was my main point why are none of the others
doing anything help out?

If they do not want to help then get rid of them and find some others
that want to help.

InsiteFX

El Forum
Guest
 
#7
04-13-2011, 04:13 PM
[eluser]WanWizard[/eluser]
I'd rather have one that does the job, than 5 looking at it in amazement... Wink

El Forum
Guest
 
#8
04-13-2011, 04:39 PM
[eluser]Phil Sturgeon[/eluser]
I'd like to be the first to say - it was a disaster.

2.0.2 is a mess for several reasons, but it cannot be put entirely on the shoulders of the Reactor team. Myself and Eric have been working on Reactor a fair amount while Kenny and John have been putting the hours in on GetSparks.org, which while it is not a direct part of CI will benefit us all greatly.

Now, the Cache library is broken on case-sensitive environments. Check, we have that fix done. That was an error I introduced when trying to make extending packages work, and fixing the fact that packages do not actually support the CI_ prefix. This meant the Cache class was causing all sorts of conflicts. A pretty complicated issue to sort out, but it worked fine with all the tests I ran on my case INSENSITIVE AMP stack.

As for the CSRF issue that was actually an error introduced by the Core team. They made some fields protected but didn't update the references to them in the form_helper (I'm looking at you Greg!). This was not an issue until the Core team ran their emergency merge of Core into Reactor and published the latest version without any warning. I only found out about 2.0.2 on the way back from the pub when I saw someone tweeting it!

What is the cause of these problems? Well, testing sucks plain and simple. The main problem here was that we had put a few new features into BitBucket only a day before. Normally there are a bunch of developers who are using the tip who can tell us when something new breaks a feature, but this 2.0.2 emergency release was banged out so quickly that nobody ever had a chance.

So what should we be doing? Using a shitload more branches. If this was Git I would be ramming Git-Flow down everyone's throat, but we're using Hg. For a while I've been saying that Hg had terrible/weak branching but it turns out I was just uneducated on the matter. Derek Jones has written a great article on the matter and we'll be folloing this in the future.

Essentially it will mean that new features go in one place and bug fixes happen in another. This will in turn means that if the Core team need to bang out a hotfix release for whatever reason, then they can do so without any new features (from the Reactor team OR the Core guys) causing problems. We've all been a bit slack and we know how to improve it. This is still a very early stage in the game.

Update: Can we all stop going on about Fuel? I am the only one of the team who works on that and recently I've had a very minor role. I've actually been working my ass off on putting CICON2011 together. Tickets on sale next week.

Also, fair play on patwork. He has expressed his concerns and done something about it. His bug fixes have been merged and CI is back on track. Let's not just sit around complaining about things guys. Developer13 and InsiteFX: I don't think you have sent a single pull request.

El Forum
Guest
 
#9
04-13-2011, 05:04 PM
[eluser]kenjis[/eluser]
Thank you, Phil.

I understand that this is a merely release engnineering problem, and you can improve it.


I think explanation about the xss security bug is less.
Is it caused by EllisLab?

In general, security bug disclouser needs what version affected. There is no info about
CI 1.7.3 is affected or not. In Japan, there are many CI 1.7 users.

And CI 2.0.2 is disaster after all, we need a only patch to the security bug.
Because many users can't update from 2.0.1 to 2.0.2, because of the disaster.

El Forum
Guest
 
#10
04-13-2011, 05:09 PM
[eluser]kenny.katzgrau[/eluser]
Yep.

1. GetSparks.org - like Phil said, it will, and already has done a lot of good. Go check out the packages on there. We've got scaffolding, the most famous CI auth lib, and a bunch of other high-quality, easily-installable packages.

Haven't 90% of CI feature requests essentially been fulfilled with GetSparks? We're working very hard on pushing out the beta.

2. Testing, yes. Regression tests on a framework with 0 unit tests can be difficult. That's why it's being planned: http://podcasts.oconf.org/episode2.mp3 (also on codeigniterpodcast.com)

3. CICON 2011 — I've researched and checked the venues, dealt with the event coordinators, and picked the NYC location.

The Reactor engineers are doing a lot more than it might appear. Don't forget, there's an open spot on the team if you've got the volunteer time to spend helping us out.

Also, I don't disagree with the mishandling of the 2.0.2 release. I have a little more to say about that, but ... [I'll leave it at that]


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.