On 12/02/10 3:34 AM, Marc Weber wrote:
Excerpts from Ingo Karkat's message of Thu Feb 11 07:32:53 +0100 2010:
On 10-Feb-2010 15:47, Bram Moolenaar wrote:
Ingo Karkat wrote:
So, I would propose putting the vim.org's source code (not the actual
user database and scripts!) into a (Mercurial?) repository (separate
from Vim's source code).
This would also make the site vunerable for hackers. I don't know
enough PHP to locate possible holes and opening it up won't fix that.
I rather not do this. Having only a few maintainers looking at the code
is better.
PHP is very common; there are many Vim users with a lot of PHP
knowledge out there. The vim.org site isn't very complex; I guess one
or two capable contributors would be able to quickly review and fix
any security issues. I certainly would (but I'm afraid my PHP isn't
any better than yours), just out of gratitude for Vim and the great
community.
My PHP is pretty good; MySQL also, though old-fashioned. If I can be of
assistance looking over code, or helping with development for a better
site, I'd be more than happy to.
I agree with Bram and Marc that having a few interested people looking
at the site code rather than making it public is fine. We're a pretty
tech-savvy community, but that doesn't mean everybody has time to devote
to fixing security holes, particularly not with the sort of notice you
get with a hacker attack!
Ben.
--
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
