Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.There is obviously a bit of activity in the ubercart issue queue regarding questions about PCI compliance.
https://drupal.org/project/issues/ubercart?text=PCI&status=All
Recently some colleagues and myself put together a white paper on these issues http://drupalpcicompliance.org, which was supported by several companies in the community http://drupalpcicompliance.org/sponsors. We were even fortunate enough to get support from the Commerce Guys to send a press release and place it on the Drupal Commerce project page (see https://drupal.org/project/commerce). Given that the same paper applies equally to Ubercart, it would be awesome if the project page also linked to the aforementioned paper.
Something similar to the blurb on the commerce project page would be awesome:
"You are responsible to ensure your merchants and customers are protected from online payment fraud. For more information, we recommend you read the Drupal PCI Compliance white paper maintained by third party eCommerce security experts."
This is only a suggestion, but I think it would really be helpful for the Ubercart community.
Comments
Comment #1
TR CreditAttribution: TR commentedOriginal poster has been contacted.
Comment #2
TR CreditAttribution: TR commentedWhile the referenced paper has some very good information about PCI, it also contains some inaccurate and outdated information about Ubercart, as well as some invalid comparisons and conclusions about Ubercart. I attempted to contact the author (as I mentioned in #1) but have not received a response.
Additionally, this paper is being used as a marketing tool by Commerce Guys, who sponsored its author. Because the comparisons in the paper are inaccurate and are used to sell Drupal Commerce over Ubercart, I don't feel it's appropriate to promote the paper here on the Ubercart project page.
Comment #3
rickmanelius CreditAttribution: rickmanelius commentedA quick update. I was contacted and I believe I responded, but let's put that conversation aside for something more fundamentally important.
If the paper has outdated information regarding Ubercart (specifically with respect to examples like https://github.com/rickmanelius/drupalpcicompliance/blob/ver_1_1/DrupalP...), I would like to get it corrected. We're currently getting ready for a version 1.1 release, so I'd like to get any changes in place before it goes live in a month (see https://github.com/rickmanelius/drupalpcicompliance/issues/14).
I would certainly be willing to remove opinions from the paper (such as Drupal Commerce winning out in the long run https://github.com/rickmanelius/drupalpcicompliance/blob/ver_1_1/DrupalP...). My understanding (even as a few years ago) was that most of the Ubercart community was transitioning over to Drupal Commerce and Ubercart would be deprecated. The fact that we're seeing traction of Ubercart for Drupal 8 does change that. Feel free to add any comments in the github issue queue and I'd be more than happy to address questions, concerns, inaccuracies, etc.
Comment #4
end user CreditAttribution: end user commentedWell I think it was mostly developers types moving over and lots of users seem to find that UC does what they need it to. Although I used DC for my last two projects because it was easier then to have some module sported I would still use Ubercart for certain stores as it pretty simple to set up for the non developer.
Comment #5
rickmanelius CreditAttribution: rickmanelius commentedI followed again with TR over email. The new version of the paper will go out in ~ 2 weeks, so if there is any interest in fixing any inconsistencies regarding Ubercart as noted in #2 above, I'd love to get some feedback. Otherwise we'll wait for the next iteration.
Comment #6
longwaveIn what should be a purely informational document it is a shame to see conjecture on the part of the authors. I have posted an issue at Github in the hope that this can be removed.
Ultimately I have no issue with linking this paper from the Ubercart project page but would like TR's agreement before doing so.
Comment #7
TR CreditAttribution: TR commentedIf the new revision addresses the issues with the first, and is an objective discussion of PCI issues and how they affect Drupal/Ubercart users, I have no problem with linking to it. However I have absolutely no free time over the next two weeks to participate in revising the paper. Marking this issue as postponed until the new revision comes out.
Comment #8
rickmanelius CreditAttribution: rickmanelius commentedThanks again to TR and longwave for your time and attention. We are taking this seriously and we have applied changes to the 2 points of contention as noted by longwave.
https://github.com/rickmanelius/drupalpcicompliance/issues/26#issuecomme...
Anyway, we'll complete the conversation and adjustments there, and then note the conclusion of that here for any interested parties.
Comment #9
rickmanelius CreditAttribution: rickmanelius commentedHi @TR and @lonwave. Based on the outcome from this thread (https://github.com/rickmanelius/drupalpcicompliance/issues/26#issuecomme...) I believe @longwave found the changes acceptable and more fact driven than opinion. If it's possible to revisit this, I'd really appreciate it. It doesn't have to anything flashy or in someone's face. Something along the lines of what's on the Drupal Commerce project page (see issue summary above) would be more than sufficient. Let me know either way...
Comment #10
longwaveAdded the suggested text to the project page.
Comment #11
rickmanelius CreditAttribution: rickmanelius commentedHi @longwave. Very much appreciated. Thank you!