[User Engagement Content Project] Infrasec Review & IT Implementation (new theme for blog.mozilla.com)

RESOLVED FIXED

Status

Infrastructure & Operations
WebOps: Other
P2
normal
RESOLVED FIXED
6 years ago
4 years ago

People

(Reporter: mcbmoz, Unassigned)

Tracking

Details

(Whiteboard: [completed secreview], URL)

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
Opening for IT to help us launch a new theme and category to blog.mozilla.com. The process has been a little mysterious, so we'd like to document what works best for similar projects like this in the future.

Steven Garrity will check the theme into: https://svn.mozilla.org/projects/blog.mozilla.com/trunk/wp-content/themes/

I hate to ask, but we were hoping to hit a deadline of tomorrow, October 25, 2011. Please advise as to what is reasonable and works for everyone. We understand, and apologies for not quite knowing the process for blog.mozilla.com. I'll definitely help to document for the future.
(In reply to mcbmoz from comment #0)
> Opening for IT to help us launch a new theme and category to
> blog.mozilla.com. The process has been a little mysterious, so we'd like to
> document what works best for similar projects like this in the future.

1) We find/write up a new theme
2) Infrasec reviews the theme for security issues
3) IT installs the theme *after* Infrasec okays it
4) We activate the theme on blog.mozilla.com
5) You can then pick out the new theme if you're a blog admin

Out of the above, 2 is something we don't compromise on, ever. Without infrasec giving a go ahead, nothing gets installed on blog.mozilla.com.

Let me know if you have any more questions :)

If this is a new theme and it looks like it is, once Steven has it checked in, drop in a URL and it will have to be reviewed by Infrasec before we can install it. 

CC'ing mcoates from infrasec as well to add to the points I mentioned about and review this when we have a URL.
(In reply to mcbmoz from comment #0) 
> I hate to ask, but we were hoping to hit a deadline of tomorrow, October 25,
> 2011. Please advise as to what is reasonable and works for everyone. We
> understand, and apologies for not quite knowing the process for
> blog.mozilla.com. I'll definitely help to document for the future.

Depends on infrasec and the complexity of the theme. We might be able to have the blog up with an approved theme tomorrow, but it's hard to say if it'll be up with the new theme. 

A reasonable timeframe in general for blog themes are : number of days for infrasec evaluation (this varies depending on how busy infrasec are, how complex the theme code base is etc amongst other things) + 1 or 2 days for IT to get to it.

Comment 3

6 years ago
What is the ramifications of not having this up by Oct 25?  Which Engagement projects can I push off a bit to make room for this?  How important is it to get this up right now?
Process documented for future reference:

https://mana.mozilla.org/wiki/display/INFRASEC/Wordpress+Enhancements+Security+Review+Process

Infrasec has the same concerns/constrains that MRZ mentioned. Please prioritize this request amongst the other engagement projects.

Comment 5

6 years ago
Mrz and Michael - I will check with Jane this morning on engagement priorities.

Starting October 31 (I need time to publish to the blog) - we have social posts and our November email hinging on this blog being live. We also have information about a phishing scheme that a blog post has been crafted for and promised to push. This has been listed as a Q4 priority, but let me get Jane's $0.02 :)
(In reply to Carmen from comment #5)
> Starting October 31 (I need time to publish to the blog) - we have social
> posts and our November email hinging on this blog being live. We also have
> information about a phishing scheme that a blog post has been crafted for
> and promised to push. This has been listed as a Q4 priority, but let me get
> Jane's $0.02 :)

The point that mrz makes is that this stuff never made it to -our- Q4 list, let alone as a "priority" until there is not sufficient time to implement it, meaning we need to preempt another engagement project that we are already working on implementing to do this one. We need to know about this kind of stuff ahead of time.

This is just a blog and isn't that much work (bulk of it will be with infrasec) but the lack of sufficient notice is a recurring problem.  :(

thanks!
(In reply to Carmen from comment #5)
> Mrz and Michael - I will check with Jane this morning on engagement
> priorities.
> 
> Starting October 31 (I need time to publish to the blog) - we have social
> posts and our November email hinging on this blog being live. We also have
> information about a phishing scheme that a blog post has been crafted for
> and promised to push. This has been listed as a Q4 priority, but let me get
> Jane's $0.02 :)

Let me know what you find out.  We have availability in the InfraSec review schedule to look at this wordpress theme on Thursday 11/3.

Also, is this a new theme for an existing blog or a new blog entirely? In other words, if this theme isn't available until later can the posts be made on the existing blog?

Lastly, can you provide a link to the place where this is listed as a Q4 priority? As others have mentioned this item is not in our Q4 lists from engagement so we were caught of guard by this request.
Priority: -- → P2
Whiteboard: [pending secreview][scheduled: 11/3/2011]
(Reporter)

Comment 8

6 years ago
Hey all, a lot going on in this conversation, so let me try to respond to each item separately:

Background -

This blog request was a Q3 project that carried over into Q4. Last week, the date of October 25 for launch was brought to our attention, the hope being that it would go out with this week's .org/firefox weekly release. We've addressed the need to know deadlines well in advance with the product owner so we have more time on our end too, and now we've refocused on supporting the release, knowing we'll do better next time :-) Lots of learning here.

Q4 Engagement Goals & Priorities -

Cory/mrz, you both are 100%+++ right here, and I'm not sure I have the right answer, so Jane & John will need to respond directly. While, Carmen and myself aren't directly part of the prioritization process, we definitely understand and appreciate that your team provides support to the entire organization, not just to Engagement. Even a small project like this can turn up frustrations around the need for better planning.

We never want to make you feel like you're on call to serve us, rather we're in this together and planning and prioritization is what makes us a team and helps us get things done and done well. I apologize that this fell through the cracks and would like to take responsibility as "chief culprit," because I did not know the blog deployment process and was following what we did via bug 682913.

Technical ownership of blog.mozilla.com -

My intent in all of this is to learn who the technical owner is (can it be the .org/firefox website team? since it's integrated in our design and efforts?) so that I can be a better steward in the future. 

One of my Q4 projects is to consolidate disparate blogs across the organization (some that have been abandoned) into the blog.mozilla.com fold to make better use of our resources and efforts. If we can nail down module ownership at the technical level or transfer ownership to the .org/firefox website team, we can better serve the needs of the organization with our weekly release schedule.

Next steps -

Let's pause on this until Jane or John can weigh in on where this falls in Engagement's Q4 priorities.

Thanks for helping us figure out a better process, we'll get there together :-)

(In reply to Corey Shields [:cshields] from comment #6)
> (In reply to Carmen from comment #5)
> > Starting October 31 (I need time to publish to the blog) - we have social
> > posts and our November email hinging on this blog being live. We also have
> > information about a phishing scheme that a blog post has been crafted for
> > and promised to push. This has been listed as a Q4 priority, but let me get
> > Jane's $0.02 :)
> 
> The point that mrz makes is that this stuff never made it to -our- Q4 list,
> let alone as a "priority" until there is not sufficient time to implement
> it, meaning we need to preempt another engagement project that we are
> already working on implementing to do this one. We need to know about this
> kind of stuff ahead of time.
> 
> This is just a blog and isn't that much work (bulk of it will be with
> infrasec) but the lack of sufficient notice is a recurring problem.  :(
> 
> thanks!
Priority: P2 → --
Whiteboard: [pending secreview][scheduled: 11/3/2011]

Comment 9

6 years ago
Team - Jane needs to know what projects she is prioritizing in order to get this launched. 

What needs to move in order to get this done? What are the consequences (what, if anything, gets delayed?)

What is in the Infrasec timeline that would need to move to get this looked at sooner? Nov. 3 means that we miss our entire November goals completely. (And pardon me, but I'm new, can someone help me understand what that is and what it entails?)

Jane is locked away in an Apps work week, so I need to get all the info I can into one place so I can get her to make a call. She can make a call today if we can get all the information to her.

Would it even help to get everyone on the phone?
(Reporter)

Comment 10

6 years ago
(In reply to Michael Coates [:mcoates] from comment #7)
> (In reply to Carmen from comment #5)
> 
> Also, is this a new theme for an existing blog or a new blog entirely? 

A new theme for the existing blog.mozilla.com

> In other words, if this theme isn't available until later can the posts be made
> on the existing blog?

Yes. Carmen can make her posts on the existing blog.mozilla.com, under the category "User Engagement" - it just won't have the new branding in the specific theme.

> 
> Lastly, can you provide a link to the place where this is listed as a Q4
> priority? As others have mentioned this item is not in our Q4 lists from
> engagement so we were caught of guard by this request.

See comment 8

Thanks for helping Michael!

Comment 11

6 years ago
Hey there -- can you tell me what other things are in the queue w.r.t prioritization please?
Can this bug be updated with a link to the theme code? We are planning on reviewing on Monday.
Priority: -- → P2
Whiteboard: [pending secreview][scheduled: 10/31/11]
(Reporter)

Comment 13

6 years ago
Steven can you take a look at comment 12

Thanks!
The theme code can be found here:
http://viewvc.svn.mozilla.org/vc/projects/blog.mozilla.com/trunk/wp-content/themes/TheDen/

There are only a few simple changes from the theme it is based on, which may have already been reviewed:
http://viewvc.svn.mozilla.org/vc/projects/blog.mozilla.com/trunk/wp-content/themes/Kovacs-Nova/
feel free to punt this back if there is a seperate security review bug.  Otherwise, punt back after it is reviewed.
Component: Server Operations → Server Operations: Security
QA Contact: cshields → mcoates

Comment 16

6 years ago
Hi team,

Thank you all for working with us through this project. 

I want to make sure I understand. So there's an Infrasec review scheduled for Monday, Oct. 31 (thanks for working us in). Barring any issues (it is based on an existing theme, we did it that way on purpose) when would the theme be able to launch?

I see in the comment thread that IT would need 1-2 days AFTER the infrasec review? Are we looking at a launch, barring issues, of November 2, COB? 

I'd like to set a launch date, for communication back to Jane.

Thank you
Carmen

Updated

6 years ago
Blocks: 697152
What is the blog address requested here?  We can at least get that part setup without the custom theme..

blog.mozilla.com/<what?>

thanks
(In reply to Corey Shields [:cshields] from comment #17)
> What is the blog address requested here?  We can at least get that part
> setup without the custom theme..
> 
> blog.mozilla.com/<what?>
> 
> thanks

nevermind, I just saw comment 10..  the talk about "user engagement blog" launch (new?) blog, and gary's blog led me to think this was something new..

If this is just for the main blog site, then the scope of this bug should just be for a new theme.  Changing the subject.
Summary: [User Engagement Blog] Launch Blog → new theme for blog.mozilla.com
(Reporter)

Comment 19

6 years ago
(In reply to Corey Shields [:cshields] from comment #18)
> (In reply to Corey Shields [:cshields] from comment #17)
> > What is the blog address requested here?  We can at least get that part
> > setup without the custom theme..
> > 
> > blog.mozilla.com/<what?>
> > 
> > thanks
> 
> nevermind, I just saw comment 10..  the talk about "user engagement blog"
> launch (new?) blog, and gary's blog led me to think this was something new..
> 
> If this is just for the main blog site, then the scope of this bug should
> just be for a new theme.  Changing the subject.

The scope of this project was to design, code, and implement a custom theme to the existing category "user engagement"  at http://blog.mozilla.com/blog/category/user-engagement/ and to give the product owner access with her ldap to publish content. 

It is a goal to publish within the existing structure instead of opening up a new Wordpress instance for each team's blog request.  The hope being that we strengthen the main blog.mozilla.com site and cut down on the work infrasec, etc. do maintaining and launching lots of small wordpress sites.

One note here is that because the blog doesn't have staging and we were unclear on the technical ownership, we were a little in the dark about the process and who to speak to, so I may not have communicated as well just over bugmail. Please advise on how I can improve here too.
Are you sure that is possible?

I know you can set unique templates for each WP category, but the theme itself would be the same as the parent theme.
(Reporter)

Comment 21

6 years ago
(In reply to Corey Shields [:cshields] from comment #20)
> Are you sure that is possible?
> 
> I know you can set unique templates for each WP category, but the theme
> itself would be the same as the parent theme.

It's possible with the custom post type option in Wordpress. Each custom post type can have it's own theme, see Bug 	 695395

Comment 22

6 years ago
(In reply to Corey Shields [:cshields] from comment #17)
> What is the blog address requested here?  We can at least get that part
> setup without the custom theme..
> 
> blog.mozilla.com/<what?>
> 
> thanks

Can we make the url blog.mozilla.com/theden - rather than /userengagement? It's called "the Den" and user-engagement doesn't mean anything to the end user. Or, can we set up a vanity url that would point to blog.mozilla.com/userengagment?
(In reply to Carmen from comment #22)
> Can we make the url blog.mozilla.com/theden - rather than /userengagement?
> It's called "the Den" and user-engagement doesn't mean anything to the end
> user. Or, can we set up a vanity url that would point to
> blog.mozilla.com/userengagment?

No..  this is going to be a part of blog.mozilla.com as per:

(In reply to mcbmoz from comment #10)
> > Also, is this a new theme for an existing blog or a new blog entirely? 
> 
> A new theme for the existing blog.mozilla.com
> 
> > In other words, if this theme isn't available until later can the posts be made
> > on the existing blog?
> 
> Yes. Carmen can make her posts on the existing blog.mozilla.com, under the
> category "User Engagement" - it just won't have the new branding in the
> specific theme.
(Reporter)

Comment 24

6 years ago
(In reply to Carmen from comment #22)
> (In reply to Corey Shields [:cshields] from comment #17)
> > What is the blog address requested here?  We can at least get that part
> > setup without the custom theme..
> > 
> > blog.mozilla.com/<what?>
> > 
> > thanks
> 
> Can we make the url blog.mozilla.com/theden - rather than /userengagement?
> It's called "the Den" and user-engagement doesn't mean anything to the end
> user. Or, can we set up a vanity url that would point to
> blog.mozilla.com/userengagment?

Carmen, any requests at this point are considered scope creep, please put new requests over here in bug 687383 - this bug is for the landing experience that we'll be building later in the quarter.
(Reporter)

Comment 25

6 years ago
(In reply to Steven Garrity from comment #14)
> The theme code can be found here:
> http://viewvc.svn.mozilla.org/vc/projects/blog.mozilla.com/trunk/wp-content/
> themes/TheDen/
> 
> There are only a few simple changes from the theme it is based on, which may
> have already been reviewed:
> http://viewvc.svn.mozilla.org/vc/projects/blog.mozilla.com/trunk/wp-content/
> themes/Kovacs-Nova/

Steven, can you make an adjustment to the theme today? Replace the email sign-up unit with a simple link to http://www.mozilla.org/newsletter/

We want to reduce any potential delay with infrasec's review and that's the only item taking user information and we were't able to test ourselves on a staging environment, so I'm not sure if it's hooked up to responsys, etc.
(In reply to mcbmoz from comment #25)
> Steven, can you make an adjustment to the theme today? Replace the email
> sign-up unit with a simple link to http://www.mozilla.org/newsletter/

The theme doesn't seem to have a newsletter sign-up element. There is a link in the footer to .org/newsletter, but no form functionality.
(Reporter)

Comment 27

6 years ago
(In reply to Steven Garrity from comment #26)
> (In reply to mcbmoz from comment #25)
> > Steven, can you make an adjustment to the theme today? Replace the email
> > sign-up unit with a simple link to http://www.mozilla.org/newsletter/
> 
> The theme doesn't seem to have a newsletter sign-up element. There is a link
> in the footer to .org/newsletter, but no form functionality.

Uff. In the PSD there was an email sign-up on the right rail. Can you take a screen cap of the coded theme and post back here?
Created attachment 570320 [details]
Screenshot of The Den Theme

Here's a screenshot of the theme. I wasn't sure if the elements in the right sidebar should be part of the theme, or if they are wordpress widgets, etc. They didn't seem to be part of the theme for Gary's blog.
(Reporter)

Comment 29

6 years ago
(In reply to Steven Garrity from comment #28)
> Created attachment 570320 [details]
> Screenshot of The Den Theme
> 
> Here's a screenshot of the theme. I wasn't sure if the elements in the right
> sidebar should be part of the theme, or if they are wordpress widgets, etc.
> They didn't seem to be part of the theme for Gary's blog.

Super helpful Steven, looks great, we'll work on the other items in a future phase with a wordpress dev.
(Reporter)

Comment 30

6 years ago
Cory and Michael, I've been asked to check in to see if you can provide a date when you feel that this can go live. Thank you.

Comment 31

6 years ago
(In reply to mcbmoz from comment #30)
> Cory and Michael, I've been asked to check in to see if you can provide a
> date when you feel that this can go live. Thank you.

Hi there -- yes, please provide a date. We are trying to plan accordingly for planned user comms for next month.
(Reporter)

Updated

6 years ago
Summary: new theme for blog.mozilla.com → [User Engagement Content Project] Infrasec Review & IT Implementation (new theme for blog.mozilla.com)

Comment 32

6 years ago
(In reply to Jane Finette from comment #31)
> (In reply to mcbmoz from comment #30)
> > Cory and Michael, I've been asked to check in to see if you can provide a
> > date when you feel that this can go live. Thank you.
> 
> Hi there -- yes, please provide a date. We are trying to plan accordingly
> for planned user comms for next month.

Guys -- its been 3 days since my comment. Please can you provide a date that we can work off for phase 1 of the blog going live? Need an answer by end of day today (Oct 31). thx.
(In reply to mcbmoz from comment #30)
> Cory and Michael, I've been asked to check in to see if you can provide a
> date when you feel that this can go live. Thank you.

Nothing for us to do here but push it out, which we can do easily once it is approved.
(In reply to mcbmoz from comment #30)
> Cory and Michael, I've been asked to check in to see if you can provide a
> date when you feel that this can go live. Thank you.

The review is scheduled for today (see white board tag). We'll be done with the review by end of day. If there aren't any security issues then we can launch as soon as IT is ready (which sounds easy per comment 33). If there happens to be a security issue that needs to be resolved then that will need to be fixed before the site can launch.
Assignee: server-ops → rforbes
Whiteboard: [pending secreview][scheduled: 10/31/11] → [in-progress secreview][scheduled: 10/31/11]

Comment 35

6 years ago
Thank you Corey and Michael. Will look to hear later today. Appreciate your quick response.
This looks good from a security perspective.
Whiteboard: [in-progress secreview][scheduled: 10/31/11] → [completed secreview][scheduled: 10/31/11]

Comment 37

6 years ago
Does that mean we passed infrasec with flying colors? Are we awaiting any other information or can we launch? And if we can launch, are we talking tomorrow or another date? Thanks for any info you can help the newbie (me) out with.

Comment 38

6 years ago
This theme is enabled for use.

Note that this is effectively useless without Bug 695395 also being completed.

I really believe if we want to get this off the ground we need to nix the whole "Custom Post Type" idea and just make a separate blog for User Engagement, like every other team has.

If we want to go any farther on this, we need to have a meeting about the scope and goal of this project, because it's extremely non-clear to us (IT) what is going on here. First it's just a normal blog, then it's a category inside an existing blog, then it's a theme on that category (which WP can't do), and now I read in that other bug that there's actually a whole high-level plan to eliminate all of the sub-blogs and have just one "master" blog, with custom code to silo things out.

We can't make this kind of sweeping change without a *LOT* more discussion on it.


This theme is installed and usable. I am marking this bug as RESOLVED FIXED. If you wish to have this theme applied to the main "blog.mozilla.com" (or some other blog, like a new blog.mozilla.com/userengagement, as proposed earlier), please re-open and we can do that very easily.
Assignee: rforbes → server-ops
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Component: Server Operations: Security → Server Operations: Web Operations
QA Contact: mcoates → cshields
Resolution: --- → FIXED
Whiteboard: [completed secreview][scheduled: 10/31/11] → [completed secreview]
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.