[sakai2-tcc] Anti-Samy and Sakai CLE 2.9.2

John Bush john.bush at rsmart.com
Thu Mar 28 09:04:42 PDT 2013 

anti-samy eh?  I bet the mneme supporters really like that name :)

On Thu, Mar 28, 2013 at 8:52 AM, Neal Caidin
<nealcaidin at sakaifoundation.org> wrote:
> Hi TCC,
>
> This is not a proposal, but asking for input on
>
> https://jira.sakaiproject.org/browse/KNL-1015 - Replace custom stuff in
> formattedtext with Antisamy processing
>
> CLE team had some discussion this morning. I heard very strong support for
> this change overall but also a few concerns (which may have been addressed,
> I did not fully follow).
>
> So the questions are, I think (others can correct me if I misspeak):
>
> 1) Should KNL-1015 become part of the 2.9.x maintenance release at some
> point?
>
> 2) Assuming the question to #1 is a yes (but good to get that confirmation),
> what would be the best way to roll it out?  Factors might include, but not
> be limited to:  quality of release, risk assessment to schools (and consider
> from viewpoint of schools with average administrative capability), security
> (KNL-1015 address a couple of "blocker" level security issues which have
> been around since at least 2.9.0 but maybe before), and timing (when schools
> upgrade to 2.9 are they going to easily be able to take advantage of this
> change?).
>
> Here are some options which were discussed:
>
> Options:
>
> 1) Release 2.9.2 as-is (with security blockers not yet addressed) . No
> change from current plan.
> 2) Release with anti-samy but with default off (which means the default will
> also not be addressing security blockers, but make it easier to add in
> later). Will likely impact schedule.
> 3) Release with anti-samy on - (A) set to low OR (B) set to high (either
> setting solves current security issues). Will likely impact schedule.
>
> Variances:
> ------------------------
> a)  Delaying the release to find someone who can run it for a little while
> (for quality purposes). UCT was mentioned as a potential candidate. For U.S.
> schools timing does not seem ideal to get this change in.
>
> B)  release 2.9.2 as-is (option #1) and then make anti-samy the focus for a
> 2.9.3 release. So instead of a summer time release (which had not yet been
> decided, but just some discussion), we would base the schedule of 2.9.3 on
> the needs of the Antisamy fix (what would that schedule look like?). The
> hope/idea is that we would be able to flip this release out faster, since we
> would be focused just on that one goal (though may be a challenge to keep
> other things from creeping in).
>
> Thoughts?
>
> Cheers,
>
>
> Neal Caidin
>
> Sakai CLE Community Coordinator
> nealcaidin at sakaifoundation.org
> Skype: nealkdin
> AIM: ncaidin at aol.com
>
>
>
>
>
>
> _______________________________________________
> sakai2-tcc mailing list
> sakai2-tcc at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>



-- 
John Bush
602-490-0470

More information about the sakai2-tcc mailing list