How Not To Do Updates



  • OK, SMF ranting time again.

    Let's just quickly recap. Version x is the current version, y was shipped months ago but had to be recalled due to lots of issues and was resupplied later that day, fixed.

    Updates are shipped as both a set of find/replace instructions and a complete set of fresh files, because a lot of people have modified installs.

    In all cases, post 'stable' releases are done as patches first and then converted to full sets of install/upgrade files.

    Version x's patch was mostly written by me in May. They added some goodness to it in June, and after a week's testing shipped it as stable. The night before the x release was stable, they were alerted to a new bug, and fixed it that night with inadequate testing.

    There is a typo in the code. It's relatively harmless, won't throw any errors, just introduces a difficult to debug edge case under some conditions. Basic testing may or may not have picked it up, but then again testing really isn't their strong point.

    Anyway, that was almost a month ago. The typo was fixed after release and the patch updated. Only today I learn they haven't updated the master builds with the typo fix, meaning that when the next version comes out, they need to apply that as a patch too.

    And that assumes they fix the issue I highlighted a month ago which is an XSS hole in the admin panel that can be exploited without too much difficulty.

    Ugh.



  • It gets better. I've found more inconsistencies between their master install package and what the patches do.



  • @Arantor said:

    There is a typo in the code. It's relatively harmless, won't throw any errors, just introduces a difficult to debug edge case under some conditions. Basic testing may or may not have picked it up, but then again testing really isn't their strong point.

    If it's harmless, and they've already run a bunch of tests (read: monkeys pounding away at keyboards), changing it would mean that they would need to regression test. And you already said that testing isn't their strong point. Minimizing code changes helps to reduce the variables when you need to investigate an issue that's possibly caused by a code change.



  • I tried to suggest these things but some people feel I'm being unfair to them with suggesting such things, since 'we're volunteers' handwaves a lot of things.



  • @Arantor said:

    I tried to suggest these things but some people feel I'm being unfair to them with suggesting such things, since 'we're volunteers' handwaves a lot of things.

    It could be worse. You could be in a professional environment with one manual tester, no unit testing, no exception reporting, no project managers, and every other part of the company wanting Vogon-esque paperwork.



  • True.



  • Or work for a company that decides to implement a code freeze on an application that's core to the service of said company, but plans to replace it with what will no doubt just be a rewrite. And learning from history, that the rewrite will not change much except include a whole bunch of fancy new scripts, leave in the bugs that we already know about, and miss a bunch of functionality that was working correctly in the first place.

    sigh


  • Discourse touched me in a no-no place

    @Arantor said:

    I tried to suggest these things but some people feel I'm being unfair to them with suggesting such things, since 'we're volunteers' handwaves a lot of things.

    If you're a “volunteer” too, then “volunteer” to only work on automated testing and not on anything else.



  • Then they'll never get anywhere at all.

    5 years for 1.1 to 2.0, 3 years and counting for 2.0 to 2.1...


  • Discourse touched me in a no-no place

    @Arantor said:

    Then they'll never get anywhere at all.

    Perhaps that is their fate…? Look, not to jump on you specifically, but it is important to sometimes let it go. (I need to keep telling that to myself too.) With a volunteer-run project, they have to roll with what you're willing to contribute.

    If they want to dictate what you do, they can pay you for the privilege.



  • Perhaps. Like I said when I made the topic stating that "I am TRWTF", I can't seem to let it go. I'd love to. But I can't seem to do so.



  • The "F" in SMF actually stands for "forever"



  • Simple Machines Forever? Though we were debating at one point whether DNF would be out before SMF 2.0 final was.


Log in to reply