Hi Fritz (and anyone else capable of an informed response), There is a discussion going on right now on the SPAM-L list about the potential (in)security and code-quality of ASSP.
I made a post asking what others used, and that I used ASSP and how much I like it, and got slammed heavily. In the discussion that followed, one person actually took a peek at the code (assp.pl), and pronounced it - well, here is the primary comment that most of the others on the list have latched onto to support their anti-ASSP stance: ***************** "Having spent a significant chunk of last night inside the 9000+ lines of its poorly-commented, spaghetti Perl, I can see why you would wish that [I had said something about hoping Fritz lives forever ;: ]: it's very badly structured/written. Oh, some of the ideas are pretty good, but it really needs to be completely recoded from scratch with an eye toward making it maintainable by others." ***************** Also, I'd appreciate comments from those qualified on the potential (in)security of ASSP. There has been a lot of follow-up concern about how secure ASSP is - ie, the potential for holes/exploits for ASSP. Most of these concerns relate to 'what do you do if Fritz gets hit by a bus tomorrow' and then some horrible exploit is discovered by the spammers (who can also look at the assp.pl script) and all of a sudden, everyone's servers that use ASSP are now OWNED by the spammers... The subsequent discussion resulted in concerns that can be summed up as: 1. The code is ugly (while this may be true, it doesn't *automatically* mean anything, in and of itself, beyond it will be difficult to maintain) 2. The code is *potentially* insecure, due to the ugly nature of the code, and due to its dependencies on CPAN modules (again, true enough, but applies to all s/w - without specific pointers to actual, reproducible insecure code, it doesn't mean anything) 3. It is primarily maintained by one person So, Fritz, Michael, anyone else who knows Perl and is familiar with the code - how would you respond to this comment and these concerns? Since I am not a programmer, I am not qualified to respond to these concerns, but I'd love to pass on some quotes from one or more of the developers (Fritz? Przemek? anyone else?)... -- Best regards, Charles ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
