On 01.03.2007 20:09, Luis C. Busquets PĂ©rez wrote:
Why not having both? Running a forum does not exclude continuing with the mailing lists and could add users and developpers who find more easy coordinate through a forum.
Configuring phpBB (www.phpbb.com) does not take more than 1 hour . I have made a try in 30 minutes starting from not knowing anything about this package:
Why not trying both systems?
Simple. phpBB has had dozens of security holes in the past. Most other forum solutions have had the same share of problems. Now imagine a breakin on a site hosted on winehq. The consequences would be far worse than for the average toy project. Wine depends on people trusting us that the code is legally clean (especially due to various FUD campaigns claiming otherwise). A breakin will always result in claims that the codebase has been polluted with MS code. Such a PR disaster is not something we need. You're of course free to import all mails to this mailing list into your own private forum and make that somehow accessible. Regards, Carl-Daniel -- http://www.hailfinger.org/
Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006(a)gmx.net> writes:
Now imagine a breakin on a site hosted on winehq. The consequences would be far worse than for the average toy project. Wine depends on people trusting us that the code is legally clean (especially due to various FUD campaigns claiming otherwise). A breakin will always result in claims that the codebase has been polluted with MS code.
You cannot modify the codebase even if you break into the server. Everything in the git repository is authenticated by its SHA-1, so any change would be immediately noticed. -- Alexandre Julliard julliard(a)winehq.org
On 01.03.2007 23:25, Alexandre Julliard wrote:
Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006(a)gmx.net> writes:
Now imagine a breakin on a site hosted on winehq. The consequences would be far worse than for the average toy project. Wine depends on people trusting us that the code is legally clean (especially due to various FUD campaigns claiming otherwise). A breakin will always result in claims that the codebase has been polluted with MS code.
You cannot modify the codebase even if you break into the server. Everything in the git repository is authenticated by its SHA-1, so any change would be immediately noticed.
I know about this special feature of git (basically not only every file is identified by its SHA-1 hash, but also the complete timeline and with that the complete repository are secured with SHA-1). There was a post on the linux-kernel list some time ago about this topic. However, in case of a breakin there will always be somebody without this knowledge writing about the breakin. And nobody will read what we have to say about the security of git because the first article has always more readers than any followup or response. Regards, Carl-Daniel -- http://www.hailfinger.org/
participants (2)
-
Alexandre Julliard -
Carl-Daniel Hailfinger