log of security fixes?

[Tim Wintle <ti...@teamrubber.com>]

We are currently running a relatively old version of [PHP] shindig
(considerably prior to the 1.0 release), and I was wondering if there is
an easy way to review security updates since the revision we have in
production.

I believe there was some major re-factoring of the code since the
revision we have, which is what has put me off upgrading to 1.0 -
although I did pull in a few security fixes along the way.


Thanks,

Tim Wintle

Re: log of security fixes?

[Chris Chabot <ch...@google.com>]

On Mon, Jun 15, 2009 at 2:06 AM, Tim Wintle <ti...@teamrubber.com>wrote:

> That's sounding good - I exported at the beginning of December, and
> we're only using the gadgets part of shindig at the moment.
>
> I'm only really looking for security updates for now, so wading through
> a massive patch file wouldn't be ideal, and hopefully I can avoid that.
>

Then diffing against the stable 1.0.x release branch is exactly what you
want to do; There's been no large changes there except for some small bug
fixes, so the resulting patch should be quite small and review-able.

    -- Chris

Re: log of security fixes?

[Tim Wintle <ti...@teamrubber.com>]

On Sun, 2009-06-14 at 21:25 +0200, Chris Chabot wrote:
> If you were already running a revision that supported 0.8.1, and
> you're looking to switch to the 1.0 release version, the amount of
> changes won't be to shocking, that's been relatively stable since nov
> 2008 or so.
> 
> If however you are running a 0.7 revision and/or want to upgrade to
> 0.9 support, the social API bit has been refactored quite a bit in the
> 0.7 -> 0.8.1 process, and the gadget rendering pipeline has seen a
> good bit of refactoring during the 0.8.1 -> 0.9 process, so the
> changes will be quite major and if you really want to review each
> change, well there's no way to make that easier for you.
> 
> Either way the best way to get an overview of the changes between your
> local revision and either the 1.0.x branch or trunk is by doing an svn
> checkout of both the local and target revisions, and running 
> # diff -urN shindig-local-revision shindig-target-revision >
> changes.txt
> And reviewing the resulting diff.

Thanks Chris,

That's sounding good - I exported at the beginning of December, and
we're only using the gadgets part of shindig at the moment. 

I'm only really looking for security updates for now, so wading through
a massive patch file wouldn't be ideal, and hopefully I can avoid that.

Thanks,

Tim

> 
>     -- Chris
> 
> On Sun, Jun 14, 2009 at 8:19 PM, Tim Wintle
> <ti...@teamrubber.com> wrote:
>         We are currently running a relatively old version of [PHP]
>         shindig
>         (considerably prior to the 1.0 release), and I was wondering
>         if there is
>         an easy way to review security updates since the revision we
>         have in
>         production.
>         
>         I believe there was some major re-factoring of the code since
>         the
>         revision we have, which is what has put me off upgrading to
>         1.0 -
>         although I did pull in a few security fixes along the way.
>         
>         
>         Thanks,
>         
>         Tim Wintle
>         
> 

Re: log of security fixes?

[Chris Chabot <ch...@google.com>]

Hey Tim,

It kind of depends on how far before the 1.0 release you're talking about;
And if you are looking to upgrade to the 1.0 version or switch over to the
trunk / 0.9 version once that's finalized.

If you were already running a revision that supported 0.8.1, and you're
looking to switch to the 1.0 release version, the amount of changes won't be
to shocking, that's been relatively stable since nov 2008 or so.

If however you are running a 0.7 revision and/or want to upgrade to 0.9
support, the social API bit has been refactored quite a bit in the 0.7 ->
0.8.1 process, and the gadget rendering pipeline has seen a good bit of
refactoring during the 0.8.1 -> 0.9 process, so the changes will be quite
major and if you really want to review each change, well there's no way to
make that easier for you.

Either way the best way to get an overview of the changes between your local
revision and either the 1.0.x branch or trunk is by doing an svn checkout of
both the local and target revisions, and running
# diff -urN shindig-local-revision shindig-target-revision > changes.txt
And reviewing the resulting diff.

    -- Chris

On Sun, Jun 14, 2009 at 8:19 PM, Tim Wintle <ti...@teamrubber.com>wrote:

> We are currently running a relatively old version of [PHP] shindig
> (considerably prior to the 1.0 release), and I was wondering if there is
> an easy way to review security updates since the revision we have in
> production.
>
> I believe there was some major re-factoring of the code since the
> revision we have, which is what has put me off upgrading to 1.0 -
> although I did pull in a few security fixes along the way.
>
>
> Thanks,
>
> Tim Wintle
>
>