Excerpts from Ingo Karkat's message of Thu Feb 11 07:32:53 +0100 2010: > On 10-Feb-2010 15:47, Bram Moolenaar wrote: > > Ingo Karkat wrote: > >> So, I would propose putting the vim.org's source code (not the actual > >> user database and scripts!) into a (Mercurial?) repository (separate > >> from Vim's source code). > > > > This would also make the site vunerable for hackers. I don't know > > enough PHP to locate possible holes and opening it up won't fix that. > > I rather not do this. Having only a few maintainers looking at the code > > is better. > > PHP is very common; there are many Vim users with a lot of PHP knowledge out > there. The vim.org site isn't very complex; I guess one or two capable > contributors would be able to quickly review and fix any security issues. I > certainly would (but I'm afraid my PHP isn't any better than yours), just out > of > gratitude for Vim and the great community. > > Leaving aside the whole "security by obscurity" topic, I'd venture that the > tech-savvy vim.org community isn't a prime target for hackers, so IMO it's > worth > a risk. As you can see from the replies to this thread, the current site is > minimal and okay, but there are many ideas for improvements out there. In the > past years, many open source projects have really lifted the bar for > community > sites...
I don't think it's a problem. Bram said he will forward sources to interested people. I just said he won't forward it to everyone. I don't think this is limiting us. We have to know how the "new" (?) site should look like. So let's discuss new features or changes rather than the how to do it. Bram replied and he's listening. So I'm sure we'll find a way to achieve the goals. We have to define those. Marc Weber -- You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php
