discuss: Re: vlist wildly inaccurate
Subject:
Re: vlist wildly inaccurate
From:
"V. Alex Brennen" ####@####.####
Date:
15 Jul 2004 16:36:32 -0000
Message-Id: <40F6B23E.6060702@cryptnet.net>
Jaroslaw Fedevych (UALUG wrote:
> While it may be true for some of them, most wikis are written in
> the way that doesn't require any web server recompilation.
For a PHP wiki, you will need the PHP web server module. For a
perl wiki on a site the size of LDP, you would probably need
mod_perl.
> Do your words mean that all people writing in scripting languages
> are inexperienced or/and non-professional? Foo!
In my experience, yes. I wanted to set up a wiki but couldn't find a
good one. None of the wiki code I have looked at was professional
quality. Professional quality meaning no security holes, abstracted
calls to APIs, documented code, updateable code, and scalable project
design. No projects seemed to be doing extensive regression testing or
back porting of fixes. They had no clear trunks and project plans like
Mozilla.
I've never seen a scripting language project with clear trunks and
project plans that did regression testing and backported fixes.
> Please define "secure".
Not including exploitable code.
Most recently:
http://www.securityfocus.com/archive/1/368925/2004-07-12/2004-07-18/0
Also, searching security focus advisories for PHP - 534 results.
You can also take a historical look at PHP Nuke, which was a
security disaster for many of the first "blog" sites. It
resulted in many great sites being shut down permanently after
being hacked. Allot of content disappeared.
Other scripting languages have similar problems.
> Do you want to say that you update very often production server software?
> If it works well enough, why upgrade? And if an upgrade is ever justified,
> you will have most probably paid the price.
People are often forced to upgrade because of security
vulnerabilities.
I had once written allot of database interface code and data
collection web forms in PHP. When PHP4 came out and I need
to upgrade from PHP3 because of security problems, most of my
code didn't work and there where such bad library dependencies
that I need to upgrade my version of RedHat which I couldn't
do because of other ISV software dependencies.
I really don't want to get into a language debate with you
this isn't the right list for that. I just want to share
my very bad experiences and I want the LDP to be aware that
there are major design problems with the wiki stuff that's
out there and they may be getting themselves into a major
time investment to try and get and keep a wiki stuff working.
No matter if it is ibiblio's time or LDP volunteers, it would
be better spend writing and reviewing documentation.
We have the repository and mailing lists to collaborate and
a set processes for collaborating on the authoring of HOWTO's.
A wiki doesn't really fit this project, in my opinion.
Let's not use technology just for the sake of using
technology. Especially, if it's not good technology.
- VAB
