[csw-maintainers] The source code of www.opencsw.org
Trygve Laugstøl
trygvis at opencsw.org
Sat Jul 25 20:25:02 CEST 2009
Philip Brown wrote:
> On Fri, Jul 24, 2009 at 11:08:04AM +0200, Trygve Laugstøl wrote:
>> If the code can't be shown to the world without being a security risk,
>> and Phil doesn't believe that we can write secure code, I'd like to
>> replace the application with something that we all can work on and
>> extend.
>
> There is no "*THE* application".
> Additionally pretty much any web application, reguardless of language, has
> the potential for security holes. So changing the framework, does not
> definitively eliminate the underlying problem here.
>
> This shows a fundamental non-understanding of what is going on in our web
> space (and security, for that matter).
It's impossible for us to know what's the current issue with the current
application when your entire reply is "security".
I don't see how it should be hard to write a secure application to show
the information that we currently display on the site.
> Just as people who arent actually maintaining packages, should not get to
> tell active maintainers how to package... I think that people who arent
> actually DOING WEB WORK, should not be telling those who are, how to do it.
It's a good thing that I do web development for a living then so I have
the right to speak.
> If people want to actually do work, then great! please speak up with what
> area you want to work on. Then after that, talk about how you think the
> working environment could be improved.
I'd like to improve the package info page, the first thing would be to
remove the "doesn't work yet" comments etc.
--
Trygve
More information about the maintainers
mailing list