On 10-Feb-2010 15:47, Bram Moolenaar wrote:
Ingo Karkat wrote:
So, I would propose putting the vim.org's source code (not the actual
user database and scripts!) into a (Mercurial?) repository (separate
from Vim's source code).
This would also make the site vunerable for hackers. I don't know
enough PHP to locate possible holes and opening it up won't fix that.
I rather not do this. Having only a few maintainers looking at the code
is better.
PHP is very common; there are many Vim users with a lot of PHP knowledge out
there. The vim.org site isn't very complex; I guess one or two capable
contributors would be able to quickly review and fix any security issues. I
certainly would (but I'm afraid my PHP isn't any better than yours), just out of
gratitude for Vim and the great community.
Leaving aside the whole "security by obscurity" topic, I'd venture that the
tech-savvy vim.org community isn't a prime target for hackers, so IMO it's worth
a risk. As you can see from the replies to this thread, the current site is
minimal and okay, but there are many ideas for improvements out there. In the
past years, many open source projects have really lifted the bar for community
sites...
-- regards, ingo
--
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
