I got some opinions about how to keep security in open source. Now, in Japan, when a developer who doesn't know the details of security publishes a module that equips security hole, an expert developer warns him to stop publishing and fix the module quickly. Some users mail me about this.
(Umm, why did not they contact the expert developer directly? Why did not they discuss directly? Because they are Japanese! Not that this is anything new.)
That's difficult problem. In xoops.org and jp.xoops.org, security was broken perfectly once. Source was open, but nobody tried to check source. Users faced danger always.
Japan has the same situation. But, a couple of earnest programers began tryng to check modules sometimes. That's difference from xoops.org. Is this happy or unhappy? If they stop checking, we face danger soon. The XOOPS Cube project is Anarchism and Minarchism, so the project doesn't have quality checker.
I think that users need self protection in freedom. But, Anarchism denies governmental method, but not an unique method. If a community has shared protection, it's good. If you have another opinion, do discuss.
But, if you think that opened programs will be fixed by many contributed patches, consider how many patches you have contributed to others' program until now. And, if you plan to make the mood you want, you should write something continually on Japanese community. It's strange thought to counterwork others' continual activity by sending a mail to the third person.
Anyway, community members need to know that all of open source programs is not safety. If community members share the same presupposition, it's possible to go next. What do you do actually?
Especially, many users have long experience about XOOPS than me. I want to hear how much open source code they checked actually and how much patches they contributed actually. My recollection is that anybody did nothing until JM2 came back to review X2.
skip to main |
skip to sidebar
About Me
- minahito
- I'm a Video game developer (programer) in Yokohama, Japan. My spare time is used for various activities --- programing, games, Free Software Movement (open source) and so on.
Twitter Updates
XC Dev Ring -Gigamaster-
Labels
Blogger
Books
Buddha
C++
Carp
CG
COLLADA
Collision Detection
Column
Construction
Cube Doc
cubson
CVS Report
Demoniak3D
Doxygen
E
endian
English
FBX
FLASH
Free Software
Game
Game Engine
Game Programing
Hikari
ImpressCMS
iPhone
Japan
Japanimation
Mac
Middleware
Multi-core
Multi-thread
News
OGRE 3D
OGRE3D
Open Source
OSC
Philosophies
Productivity
Review
Saturday-lav
Shader
Sunday-lab
TBB
Tips
Trigger
Twitter
X68k
XNA
XOOPS Cube
XSI
2 comments:
By the past, PHP language was very permissive, maybe that was good for beginners, but it was really bad compared to those languages a bit more strict alike C or Java, adopted by professionals. People develop bad habits, people share and people learn bad habits. No gate to escape from that!
Well, until a fork - XCL ^^
Open source is a lot of self-learning!
And freedom to choose your source.
Well chosen your source, well learn!
Xoops.org with such huge list of tasks to be done, choose Statism with to much 'officials' teams, titles, etc. Instead, as suggested, it would be better to adopt a light and fast org model. Fact is that people fight for "power and titles" and not for "freedom for creativity". It is a heavy project with a heavy structure, that takes a long time to move on ... too long to follow web technologies evolution.
Since the 2005 audit, it was suggested to fix it to move to new Legacy. But also clean the public space and made it a public archive.
But, in Japan, it is a major opinion that the developer who released security hole module should stop publishing modules. And, they don't want to do self-learning. That's a stalemate.
Post a Comment