Your Cloud, Your Data, Your Way! – ownCloud 4.0 On CentOS 6.2 + nginx + PostgreSQL
This document describes how to install and setup ownCloud by “ownCloud
Greetings. This is a reminder email about the end of life process for Fedora 15. Fedora 15 will reach end of life on 2012-06-26, and no further updates will be pushed out after that time. Additionally, with the recent release of Fedora 17, no new packages will be added to the Fedora 15 collection. Please […]
Reviews give us a lot of feedback and we pay special attention to them. They boost our motivation when talking about the good and help us pinpoint areas of improvement when talking about the bad. They also give us an opportunity to react to some of the points they make and to start a discussion […]
SMSC May 2012 Winners: 1: derajjared, 2:Enkort, 3: alexbaettig.
Regular Bug Fixing Initiatives Perhaps you, like many others, got interested in Ubuntu Development, but didn’t know what to start working on? Perfect, because we have something for you. From now on we will put together regular bug fixing initiatives, so all you need to do is head over to our bug fixing initiative page, […]
Up to 100% performance improvements thanks to the efforts of a diverse and growing developer and QA community Berlin, May 30, 2012 – The Document Foundation announces LibreOffice 3.5.4, the fifth version of the free office suite’s 3.5 family. LibreOffice 3.5.4 offers significant performance improvements over the previous versions of the product, which are the […]
Get trained and gear up for the second half of the year by taking advantage of the many courses offered by Magento U. Magento U helps you get the tools, expertise and best practices needed to maximize the value of your Magento deployments. Here’s the…
June 13, 2012 I 10:00AM PDT
Webinar: Migrating From Magento Community to Magento Go
This post aims to share information about the Drupal Security Team in 2011 and midway through 2012. The team processed a significant number of security advisories, added a few members, improved the free education materials in the handbooks, presented at dozens of camps and user groups, and made several improvements to our workflow (including some user facing changes, see below).
Some quick numbers:
You may notice that for the calendar year of 2011 there were fewer SAs than there were issues created. There are lots of reasons why that happens (mostly invalid issues or issues that affect versions not supported by our policy).
Improved security issue reporting process
This change is so exciting that it deserves its own section in addition to being listed below. The “Report a Security Issue” link on project pages now links directly to the security.drupal.org issue queue for that project. Using that link instead of sending an e-mail removes one of the final “copy/paste” jobs from the security team’s workflow.
We plan to always monitor firstname.lastname@example.org for issue submissions as well because that is a standard tool and we want to keep the barrier for reporters as low as possible. In January of 2012 there were 617 non-spam emails sent to that list and thousands of total e-mails which we have to moderate manually. So please remember: using the queue directly instead of emailing keeps us focused on our most important tasks.
Improvements to the team workflow
At events through the year like Drupalcon Chicago and BADCamp, several team members worked in sprints to improve the tools on Security.Drupal.org.
The Security Team process has historically been heavily reliant on email communication between the researchers reporting issues, the team, and drupal.org module/theme maintainers (see a recent high-level infographic on the team’s process). All three groups of people in that chain are volunteers who have other demands, so the e-mail communication was a common source of slowdown in progress toward issue resolution. While we created a private issue tracker in October of 2006 we were still reliant on private emails for much of the workflow. Many of the improvements below address this set of problems.
This work resulted in a number of positive outcomes for the team workflow.
This work required not only coding, testing, and deployment but also new documentation to help project maintainers to use it. These and other improvements to our workflow mean that we spend more of our volunteer hours working on the most valuable areas instead of manual tasks that don’t use the security team members special skills.
New members and role changes
As often happens, the team welcomed new members in the last year and a half. These new members had expressed interest in Drupal for several years and shown themselves to be good communicators who can be trusted with the confidential information that the team must handle.
During the year I (Greg Knaddison) took over as team lead from Heine Deelstra. Heine had been team lead for 5 years prior to that and stayed on the team as a member. Mori Sugimoto, Kieran Lal, and Matt Chapman continue in their roles as team coordinators.
I would like to re-iterate what I have already said to the team in private: Thank You! The job of the team keeps growing and growing and we are both working harder and smarter to keep up. If you encounter someone who is on the team I encourage you to thank them for their work. Security is often cited as a reason not to use Open Source software, so it’s important that we continue to have such a robust team working with effective processes so the Drupal project can continue to grow.
Last month we put out a call to the community to restaff the Ubuntu Membership Boards and announced a change from region-based applications to time-based boards, see: https://lists.ubuntu.com/archives/ubuntu-news-team/2012-April/001548.html Thanks to all the great candidates we had for the restaffing! It’s never easy to select from great lists and candidates, but we do have limited spots […]
(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. Issue #34 has just been released – download the magazine! The articles in this issue include: Fitness as a model for security Security and migrating to the cloud: Is it all doom and gloom? Solid state drives: Forensic […]
High-Availability Storage With GlusterFS 3.0.x On Debian Squeeze –
This tutorial shows how to set up a high-availability storage with two storage servers (Debian Squeeze) that use Gluste…
Welcome to the Ubuntu Weekly Newsletter. This is issue #267 for the week May 21 – 27, 2012, and the full version is available here. In this issue we cover: Ubuntu Stats Pretoria Precise Pangolin Release party with steak Data mining in Launchpad How bug information types work with privacy Ready to try ARM on […]
“At the heat of a thousand hot dog cookers, the seventeenth release of Fedora shall be forged by contributors the world over, and it will be known as: Beefy Miracle. The mustard shall indicate progress. For six months, participants in the Fedora Project shall freely contribute to the release of the distribution, in the spirit […]
The Perfect Desktop – Linux Mint 13 (Maya)
Welcome to this year’s eleventh issue of DPN, the newsletter for the Debian community. Topics covered in this issue include: * Bits from the Release Team * Removal of Qt3 from Debian * Report from Debian Utsavam * Interviews * Other news * Upcoming events * New Debian Contributors * Release-Critical bugs statistics for the […]
== PostgreSQL Weekly News – May 27 2012 == PostgreSQL Day Argentina 2012 will be held on November 13th in Bernal, Buenos Aires, at the National University of Quilmes. It will cover topics for PostgreSQL users, developers and contributors, as well as decision and policy makers. For more information about the conference, please see the […]
A number of packages have undergone a point release today: cairo, glib, gstreamer, gtk2hs-buildtools, gtksourceview2, svgcairo, and webkit. The only changes are to allow these packages to build on a wider variety of GHC, gtk, and cabal-install version…
It’s a warm and lazy Sunday afternoon here at FCM Towers*, so I thought I’d put up a post showing some of the data from our visitors map (aka: The FCM Map of Awesomeness) and Google Analytics. I mean what proper geek doesn’t like numbers and graphs? * We don’t actually have a tower, but […]
The first release candidate (RC1) for WordPress 3.4 is now available. If you haven’t tested WordPress 3.4 yet, now is the time!