Hi everyone, An important subject was discussed in the IRC channel today, and I want to bring it to the attention of the community.
Over the course of a discussion about the long-standing desire to integrate Nextcloud into FreedomBox (and, as a precondition, into the Debian ecosystem), Jonas brought up a broader criticism of software written in PHP. Here it is in brief: software written in PHP cannot be reliably run without supervision. Since FreedomBox is designed to be a server system that requires no administration, PHP's occasional requirement of supervision conflicts with our goal of self-administration. I want to make sure that we don't ignore this point the next time we discuss packaging Nextcloud, WordPress, or any other software written in PHP. I know that we have plenty to discuss pertaining to the Buster freeze in the coming weeks, but we should add this concern to an upcoming call agenda. Jonas shared some helpful resources to explain the criticism: https://security.stackexchange.com/questions/643/why-do-people-say-that-php-is-inherently-insecure https://eev.ee/blog/2012/04/09/php-a-fractal-of-bad-design/ Best, Danny -- Danny Haidar* Vice-President for Product & Development FreedomBox Foundation * Not admitted to practice in any jurisdiction. Nothing in this email constitutes legal advice. I cannot establish any attorney-client relationships.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
