Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] https://pypi.org/project/Products.PloneHotfix20200121/
    [Alessandro Pisa (alepisa), irc.freenode.net] Hi :) that is because things went so smoothly lately
    T. Kim Nguyen
    @tkimnguyen
    The Plone security hotfix 20200121 has been released. Please visit https://plone.org/security/hotfix/20200121 for full details.
    pbauer it’s not supposed to be exciting :)
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] everything seems to work fine with the hotfix
    T. Kim Nguyen
    @tkimnguyen
    yeah we tested on several sites
    come on leute… it’s business as usual. Plone security is never exciting, AND THAT’S A GOOD THING :)
    Martin Peeters
    @mpeeters
    Maybe some of us will encounter an issue with PIP 20.0 (pypa/pip#7217)
    Maurits van Rees
    @mauritsvanrees
    Haven't looked at that pip version yet. But maybe some of us will encounter an issue with getting setuptools 45 which is incompatible with Python 2.7.
    T. Kim Nguyen
    @tkimnguyen
    well crikey now I’m feeling deflated… no crisis, no emergency
    ...back to the grind...
    Alexander Pilz
    @pilz
    If you are seeing the Error "Wheels are not supported", you probably need to upgrade zc.buildout to 2.10.0 or higher
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] All sites updatet. Thanks for the stellar work, security-team!
    Mikel Larreategi
    @erral
    indeed. Thanks @pbauer to you too, for updating the hotfix buildout file :) we were relying on it for our 5.2 sites. Danke!
    Maurits van Rees
    @mauritsvanrees
    Oops, I thought the individual pages with details of the vulnerabilities would be made public automatically when publishing the hotfix. Apparently not. I have done so now. https://plone.org/security/hotfix/20200121
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] erral: no problem. I'm happy it helped you
    T. Kim Nguyen
    @tkimnguyen
    pbauer which hotfix buildout file?
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] https://github.com/starzel/buildout#hotfixes
    [Philip Bauer (pbauer), irc.freenode.net] I guess they extend their buildout with e.g. https://raw.githubusercontent.com/starzel/buildout/master/linkto/hotfixes/5.2.1.cfg
    [Philip Bauer (pbauer), irc.freenode.net] you do not need to dring the whole starzel-buildout coolaid to use that
    T. Kim Nguyen
    @tkimnguyen
    pbauer: ah thx, good idea, but then you become a point of failure (well, potential point of failure)
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] we're a global company. too big to fail
    T. Kim Nguyen
    @tkimnguyen
    oh right, so very true!
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] *hrm*
    [Philip Bauer (pbauer), irc.freenode.net] plone.de is patched as well.
    T. Kim Nguyen
    @tkimnguyen
    demo.plone.org?
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] @kim, can you ping me when you add a new sponsor to plone.com?
    T. Kim Nguyen
    @tkimnguyen
    is there one in particular?
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] demo.plone.org will self-update in 4 hours
    T. Kim Nguyen
    @tkimnguyen
    sounds a bit lewd
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] and teh content will be deleted anyway
    [Philip Bauer (pbauer), irc.freenode.net] we show sponsors from de, at and ch
    [Philip Bauer (pbauer), irc.freenode.net] i.e. german speaking contries.
    T. Kim Nguyen
    @tkimnguyen
    Plone.com isn’t the entire sponsors list; it shows providers who are sponsors as well as providers who wanted just to be listed. The sponsors list is officially maintained at Plone.org/sponsors (though I am behind, mea culpa)
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] I don't care. We'll mirror it.
    T. Kim Nguyen
    @tkimnguyen
    but ok I will try to let you know
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] we basically only want to list sponsors who are also providers
    tkimnguyen @tkimnguyen mumbles something
    T. Kim Nguyen
    @tkimnguyen
    ok
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] we don't really want people asking slotenmakers for plone sites
    T. Kim Nguyen
    @tkimnguyen
    surely they know something about security
    Plone Chat
    @plone-chat
    [Philip Bauer (pbauer), irc.freenode.net] and slotens
    Mikel Larreategi
    @erral

    [Philip Bauer (pbauer), irc.freenode.net] I guess they extend their buildout with e.g. https://raw.githubusercontent.com/starzel/buildout/master/linkto/hotfixes/5.2.1.cfg

    indeed. we use a bobtemplates template to bootstrap our Plones and they extend from starzel hotfix files: https://github.com/codesyntax/bobtemplates.cs/blob/master/bobtemplates/cs/cs_plone_buildout/buildout.cfg.bob

    T. Kim Nguyen
    @tkimnguyen
    which begs the question: why don’t we do that in bobtemplates.plone directly and in the buildout.cfg we ship with, say, the unified installer?
    I wonder what @smcmahon would say to that :)
    new revisions of the unified installer do include the hotfix packages, but they’re explicitly listed rather than having the buildout.cfg extend from something else that tracks the actual hotfixes
    speaking of which...
    tkimnguyen @tkimnguyen goes to update the unified installer
    Maurits van Rees
    @mauritsvanrees
    What's up with Jenkins? Most jobs are failing since a week. https://jenkins.plone.org
    Maurits van Rees
    @mauritsvanrees
    I have reverted plone/plone.app.upgrade@0d9b9d0. That should help.