[csw-maintainers] The source code of www.opencsw.org

Trygve Laugstøl trygvis at opencsw.org
Sat Jul 25 20:25:02 CEST 2009

Philip Brown wrote:
> On Fri, Jul 24, 2009 at 11:08:04AM +0200, Trygve Laugstøl wrote:
>> If the code can't be shown to the world without being a security risk,  
>> and Phil doesn't believe that we can write secure code, I'd like to  
>> replace the application with something that we all can work on and 
>> extend.
> There is no "*THE* application".
> Additionally pretty much any web application, reguardless of language, has
> the potential for security holes. So changing the framework, does not
> definitively eliminate the underlying problem here.
> This shows a fundamental non-understanding of what is going on in our web
> space (and security, for that matter).

It's impossible for us to know what's the current issue with the current 
application when your entire reply is "security".

I don't see how it should be hard to write a secure application to show 
the information that we currently display on the site.

> Just as people who arent actually maintaining packages, should not get to
> tell active maintainers how to package... I think that people who arent
> actually DOING WEB WORK, should not be telling those who are, how to do it.

It's a good thing that I do web development for a living then so I have 
the right to speak.

> If people want to actually do work, then great! please speak up with what
> area you want to work on. Then after that, talk about how you think the 
> working environment could be improved.

I'd like to improve the package info page, the first thing would be to 
remove the "doesn't work yet" comments etc.


More information about the maintainers mailing list