One of the major gripes with upgrades is the plugin situation. For example “tasks” and “news” have only recently released updates that add OC9 support.
Additionally, many Plugins support only one specific major release of OC. So when OC moves on, and the plugins move on, you’re left with “update core” or “keep the old plugin”.
The combination of the two leads to very undesireable dead-locks.
- I would love to update to OC9+
- I have two plugins that don’t support it
- I have another plugin with a security patch that is ONLY applied to it’s latest version
- That latest plugin version only supports OC9
Well. What do you do? You’re left with the choice of losing a feature (because you’re moving on to OC9) or having a gaping security hole (not updating that other plugin) or losing another feature (because you disable that other plugin).
I am unsure how to remedy such a situation. This is not really a problem of OC core, but the plugins.
The answer is as easy as it is unsatisfying: most people work on apps/plugins in their free time. If it is important for you to keep them up to date or to support older versions (that is backport security fixes) you can either commit your time and expertise to help them or set up bounties so that other people might do this for you
Let me know if you are interested in helping out at the News app front (I suppose that’s the security fix thing you are talking about)
[quote=“BernhardPosselt, post:2, topic:333”][News] (I suppose that’s the security fix thing you are talking about)
I was not referring to any specific plugin, it’s a relatively common thing. I also don’t blame any individual developer. I hope that the prolonged deprecation time that has been mentioned in other topics may help combat this.
BernhardPosselt is right. Most apps are best effort and available for the latest release or focus on the version of ownCloud that the developer is using. In my experience, the more complex an app is, the quicker it becomes abandonware unless the maintainer is a student or a company using it itself.
This will change once app studios smell an opportunity to make money by selling apps for the platform, just like what happened with the CMS business.
The tip for now is to stick with recommended apps and if there is only one release at a time, then decide the best course of action for you.
This is not meant to shame developers of extensions. I am looking for ways to solve this structurally in a central way. I hate to bring this example up again, but WordPress plugins usually stay stable across multiple versions. And they are best-effort, too (for the most part).
I don’t think you can solve this structurally. If you don’t have time, you don’t have time.
Comparing ownCloud to Wordpress is kinda unfair. Wordpress has been around since forever, has huge financial interests and a larger company backing it. Their APIs are basically set in stone. ownCloud however started a few years ago and was created from scratch with no or almost no mature libs or frameworks. Much still has to be changed in order to solve new requirements.
Let’s suppose ownCloud would never ever break backwards compatability in any form whatsoever then security backports would still be a pain. The same goes for testing. Most of the time I’ve bumped the requirements for a new ownCloud version was because I actually depended on new features (currently waiting for 9.1 so I can safely use 64bit integers).
The only solution I see is that the pain grows to such an extent that people are actually “getting off their lazy asses” and start contributing to these projects
That’s at least how I did it
What BernhardPosselt said. Their API is stabler. Having said that, if the plugin is impacted by API changes, you’ll run into similar problems. They also seem to have more testers of the betas and RCs.
That’s not my experience. I’ve been bit by the same abandonware problems on Wordpress and it makes sense. If the person maintaining the plugin isn’t getting paid one way or another, then sooner or later, the project becomes a low priority. The plugins which work across versions are maintained.
When a plugin isn’t any more, quite often someone forks the plugin or takes over and I expect this to happen more often on NC than in the past. because just like PHP has a bad rep because of poorly written code and security issues, building apps for ownCloud had a bad rep. It was awkward, you had to use lots of private APIs, things were breaking often or were unreliable and it wasn’t easy to collaborate, but things have changed with the AppFramework and I expect more people to be able to quickly deliver an app based on an idea and to build from there, with the help from others. I’ve been able to witness that with the GSoC where students would come up with a prototype within hours.
Also, one advantage Wordpress plugins have is that the base plugins are usually begging users for donations or trying to upsell their subscription packages. It’s fine for a CMS, but I don’t think people would like their private cloud to include content from and links to external site.
Ok folks. Thanks for all the reasons that it can’t work and that plugin developers can’t solve this one. I am aware of that already. That is why I am not raising this in 10 different plugin issue trackers. I am raising this with the nextCloud core team.
This is not a complaint about any individual project although I gave specific examples. I was not trying to point fingers or assign blame. I merely illustrated what I mean. I will not do this again, I am sorry.
Can we please either start collecting ideas to improve this for everyone (including plugin developers) or let this topic die altogether?
I don’t think you were pointing the finger, it’s just that what you’re asking for can’t be fixed with code, documentation, etc.
Find a way to build a healthy app ecosystem where app devs make money and you’ll have better app support (think mobile app store). The alternative is simply to wait for NC to get bigger to attract bigger players.
You can not solve this problem but you can minimize it. I think the problem is not, that developers have no time to update their apps for the latest release, but that they have to be updated. The Problem is, that an Update could break all interfaces between the server api and the app itself. We should minimize interface changes as much as we can, that would help to minimize the time effort for developers.
imho a stable framework with rarely changing interfaces would improve the app user experience.
Yes, but we’re not there yet, apps break at every single release. There is still a decent amount of technical debt in core.
Although you have to admit that most breakages recently were due to apps using private APIs which were removed.
Not for Gallery, but I’ll admit that that app is a bit special