[Phplogcon-dev] release structure
Michael Meckelein
mmeckelein at hq.adiscon.com
Wed Dec 7 13:01:53 CET 2005
> Anyhow, we should remember that the whole thing started when Brian
> detected some security issues. The currently distributed source still
> contains them. So I think it is definitely time to do something
against
> it.
ACK.
> I propose we do the following:
>
> #1 document that limitiations of the current "security model", which
> most importantly means telling people very directly that these are
> profiles and not actual security-safe accounts. Michael mentioned we
had
> such a document. If so, we should dig it out and publish it, if not,
we
> should create at least a small one ;)
I didn't find such document. Probably it was discussed by email or chat.
I know we have discussed, but obviously missed to document. We should
immediately document that out. Beside to mention it in the manual,
should we create a faq e.g. telling how to use .htaccess for example?
>
> #2 fix the most important things without major change (I think about
the
> % userid/password issue). My goal here would be to fix what can be
done
> very quickly and have a better version online.
Timm, please take the current code from the cvs and merge Brian's bug
fixes (http://www.hackthebox.org/) into it as soon as possible. Then we
can make a release of this branch. Note that beside the security fixes
this release will also include some minor fixes which already made and
the Database options page Timm has implemented.
> We could then also fork phplogcon into a stable and a development
> branch, where stable just receives the most important things (but is
> stable ;)) while development would be the (b)leading edge, at which
> allmost all further work is conducted.
Sounds good. It is the common way for open source development, isn't it?
Michael
More information about the Phplogcon-dev
mailing list