With Moodle 1.9 security patches currently on the docket to stop in June and my instutition likely to still be running M1.9 for a little while, I want to keep better on top of the security issues that are found. Does anyone have suggestions about how best to do that?
Thanks,
Nate Baxley
Hi Nate,
I don't have a response, but I am interested in this tread (subscribing) and then I'm actually going to ask one myself: WHhere is the information on 1.9 support your question is based on, AND what version of 1.9 are you running? Thanks
Emma - see here: http://docs.moodle.org/dev/Releases#Moodle_1.9
Nate - unfortunately I don't think this will be something that can be easily "tracked" by the "general public"
Security issues are usually reported in the Moodle tracker and if they are flagged as "serious" then only the Security team can view them and because 1.9 is no longer supported these bugs may be closed as "won't fix" but probably won't be made completely public as that could potentially cause more issues for users still running 1.9. If this is really important to you I'd suggest you engage your local Moodle Partner to help track this.
Thanks Dan. We're hosting our own Moodle, and it's fairly large, around 20 thousand users, and we don't really have a relationship with a Moodle Partner. What's involved in getting on the security team. It's going to be in our interest to make sure these things are fixed, and if it's an issue that effects us, I'd be happy to work on patches. Any idea who I should contact?
Nate, if you can commit to tracking the security bugs on 2.x and backporting them to 1.9 as necessary (which means keeping up with all the security issues being integrated for 2.x, producing clean, trustworthy, safe patches for 1.9.x as branches in a github repository and then creating new issues in the tracker and submitting them for integration), then we will continue integrating them. Contact me direct and I'll get you set up!
Just adding a link to Dan's recent post offering to fix serious security issues in 1.9 up to December 2012 - Re: Moodle end of life 1.9 plans.
Thanks Martin. I will bring it up at our team meeting on Monday. Sounds like we may get some help from Dan as well.
Martin (et all),
We discussed this at our meeting this morning and while we can't commit to taking on the role you described, we can put programming time toward fixing the issues as they come up, as long as we're still working with 1.9. I'll talk to Dan to see if I can work with him to share the programming load. Thanks for being open to this. Wish we could do more.