[sakai2-tcc] Anti-Samy and Sakai CLE 2.9.2
Neal Caidin
nealcaidin at sakaifoundation.org
Thu Mar 28 08:52:58 PDT 2013
Hi TCC,
This is not a proposal, but asking for input on
https://jira.sakaiproject.org/browse/KNL-1015 - Replace custom stuff in formattedtext with Antisamy processing
CLE team had some discussion this morning. I heard very strong support for this change overall but also a few concerns (which may have been addressed, I did not fully follow).
So the questions are, I think (others can correct me if I misspeak):
1) Should KNL-1015 become part of the 2.9.x maintenance release at some point?
2) Assuming the question to #1 is a yes (but good to get that confirmation), what would be the best way to roll it out? Factors might include, but not be limited to: quality of release, risk assessment to schools (and consider from viewpoint of schools with average administrative capability), security (KNL-1015 address a couple of "blocker" level security issues which have been around since at least 2.9.0 but maybe before), and timing (when schools upgrade to 2.9 are they going to easily be able to take advantage of this change?).
Here are some options which were discussed:
Options:
1) Release 2.9.2 as-is (with security blockers not yet addressed) . No change from current plan.
2) Release with anti-samy but with default off (which means the default will also not be addressing security blockers, but make it easier to add in later). Will likely impact schedule.
3) Release with anti-samy on - (A) set to low OR (B) set to high (either setting solves current security issues). Will likely impact schedule.
Variances:
------------------------
a) Delaying the release to find someone who can run it for a little while (for quality purposes). UCT was mentioned as a potential candidate. For U.S. schools timing does not seem ideal to get this change in.
B) release 2.9.2 as-is (option #1) and then make anti-samy the focus for a 2.9.3 release. So instead of a summer time release (which had not yet been decided, but just some discussion), we would base the schedule of 2.9.3 on the needs of the Antisamy fix (what would that schedule look like?). The hope/idea is that we would be able to flip this release out faster, since we would be focused just on that one goal (though may be a challenge to keep other things from creeping in).
Thoughts?
Cheers,
Neal Caidin
Sakai CLE Community Coordinator
nealcaidin at sakaifoundation.org
Skype: nealkdin
AIM: ncaidin at aol.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai2-tcc/attachments/20130328/c4efa9d1/attachment.html
More information about the sakai2-tcc
mailing list