Bug #35671
closed
Reports module should not show warnings for "excludeFromUpdates" extensions
Added by Steffen Müller over 12 years ago.
Updated over 12 years ago.
Category:
Extension Manager
Description
If an extension is marked as insecure, the reports module shows a warning and suggests to update the extension.
This happens also for extensions which have the "excludeFromUpdates" state.
Extensions with this state are meant to be hosted independently from TER. Therefore in reports module neither a warning about TER updates nor insecure version make sense.
Solution is to exclude these extensions from the reports submodule of the em sysext.
- Status changed from New to Under Review
- Status changed from Under Review to On Hold
IMO this should be first discussed with the security team!
I mark extensions as "exclude from updates" if I change inside it something. Still I would like to see if there is a security issue in the version I use. If I have fixed it locally , then I just need to increase the version number too and everything is fine!
furtheremore an extension author can even set this state himself.
if you wanna exclude your own versions of ter extensions, just use as version number 999.99.0 and you are save but don't change the securiy related behaviour
I agree with all points Georg made here.
The same with me; please do not change the current behaviour!
- Status changed from On Hold to Rejected
- % Done changed from 0 to 100
steffen: please abort the change in gerrit
The problem is that in most cases extension from forge svn/git have a lower version number than ter releases have. Most ext developers do not care about version numbers in forge repositories (even extension-news lacks of proper version ;-)
Of course I could change the version in ext_emconf.php myself, but that leads to ugly untracked changes in git/svn or even conflicts once something changes in remote/origin.
Not satisfying.
you explain it yourself: the problem is not in the core but lazy developers/wrong extensions. so please open an issue at their bugtracker and push a change there instead of for the core. I will do that btw for news in a minute
- Status changed from Rejected to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by