FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 05-06-2011, 03:14 PM
Tshepang Lekhonkhobe
 
Default Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website

On Fri, 2011-05-06 at 11:00 -0300, Ben Armstrong wrote:
> On 05/06/2011 10:49 AM, Tshepang Lekhonkhobe wrote:
> > What's up with the hate? It's always convenient to have a package in
> > Debian, instead of hunting for it upstream. If it rots in Debian, then
> > it can easily be removed again (or left in Unstable).
>
> Wrong. Every additional package costs the whole Debian project in
> numerous ways. That's why we have these discussions up front on all
> ITPs, so objections can be voiced.

Q: How many content management systems written in php does Debian need?
A: How about zero?

Not exactly helpful.

That was before discussing if the guy filling the ITP mentioned his
readiness to respond to any RC bugs.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1304694881.20397.7.camel@debian.tauspace.local">ht tp://lists.debian.org/1304694881.20397.7.camel@debian.tauspace.local
 
Old 05-06-2011, 03:23 PM
Tshepang Lekhonkhobe
 
Default Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website

On Fri, 2011-05-06 at 09:11 -0400, Scott Kitterman wrote:
> On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
> > Programming Lang: PHP
> > Description : ocPortal is a Content Management System for building
> > and maintaining a dynamic website
>
> How many content management systems written in php does Debian need?

It's not kool that you didn't even ask about how good it is. Maybe it's
better than whatever exists in Debian currently, have you checked? My
point is your question isn't helpful. It smacks of flaming.



--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1304695430.20397.10.camel@debian.tauspace.local">h ttp://lists.debian.org/1304695430.20397.10.camel@debian.tauspace.local
 
Old 05-06-2011, 03:29 PM
Scott Kitterman
 
Default Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website

On Friday, May 06, 2011 11:23:50 AM Tshepang Lekhonkhobe wrote:
> On Fri, 2011-05-06 at 09:11 -0400, Scott Kitterman wrote:
> > On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
> > > Programming Lang: PHP
> > > Description : ocPortal is a Content Management System for
> > > building
> > >
> > > and maintaining a dynamic website
> >
> > How many content management systems written in php does Debian need?
>
> It's not kool that you didn't even ask about how good it is. Maybe it's
> better than whatever exists in Debian currently, have you checked? My
> point is your question isn't helpful. It smacks of flaming.

The question I should have asked is what is it's security record like. This
is an area that's rife with applications that have 'poor' security records.
Adding more to that pile would be an unfortunate burden on the security team.
That's probably the most significant of the project wide costs adding a package
like this brings with it.

Scott K


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201105061129.34693.debian@kitterman.com">http://lists.debian.org/201105061129.34693.debian@kitterman.com
 
Old 05-06-2011, 03:34 PM
Chris Warburton
 
Default Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website

On Fri, 2011-05-06 at 17:14 +0200, Tshepang Lekhonkhobe wrote:
> On Fri, 2011-05-06 at 11:00 -0300, Ben Armstrong wrote:
> > On 05/06/2011 10:49 AM, Tshepang Lekhonkhobe wrote:
> > > What's up with the hate? It's always convenient to have a package in
> > > Debian, instead of hunting for it upstream. If it rots in Debian, then
> > > it can easily be removed again (or left in Unstable).
> >
> > Wrong. Every additional package costs the whole Debian project in
> > numerous ways. That's why we have these discussions up front on all
> > ITPs, so objections can be voiced.
>
> Q: How many content management systems written in php does Debian need?
> A: How about zero?
>
> Not exactly helpful.
>
> That was before discussing if the guy filling the ITP mentioned his
> readiness to respond to any RC bugs.
>
I should probably point out that I am an upstream ocPortal developer, so
I should be as capable as anyone in fixing technical bugs, and as a
long-time Debian user I don't count Debian bugs as any less important
than core ocPortal bugs.
With this said, I'm obviously incapable of some things. As an example,
ocPortal uses "swfupload" which may require me to wait on ITP bug
#609110, although I don't mind taking over its packaging if its activity
has ceased (I'm not familiar with the protocol for handling such cases).

Thanks,
Chris Waburton


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1304696077.20621.37.camel@linuxfedora">http://lists.debian.org/1304696077.20621.37.camel@linuxfedora
 
Old 05-06-2011, 03:50 PM
Tshepang Lekhonkhobe
 
Default Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website

On Fri, 2011-05-06 at 11:29 -0400, Scott Kitterman wrote:
> On Friday, May 06, 2011 11:23:50 AM Tshepang Lekhonkhobe wrote:
> > On Fri, 2011-05-06 at 09:11 -0400, Scott Kitterman wrote:
> > > On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
> > > > Programming Lang: PHP
> > > > Description : ocPortal is a Content Management System for
> > > > building
> > > >
> > > > and maintaining a dynamic website
> > >
> > > How many content management systems written in php does Debian need?
> >
> > It's not kool that you didn't even ask about how good it is. Maybe it's
> > better than whatever exists in Debian currently, have you checked? My
> > point is your question isn't helpful. It smacks of flaming.
>
> The question I should have asked is what is it's security record like. This
> is an area that's rife with applications that have 'poor' security records.
> Adding more to that pile would be an unfortunate burden on the security team.
> That's probably the most significant of the project wide costs adding a package
> like this brings with it.

Thanks for putting your objection in a more readable/friendly form.



--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1304697006.20397.12.camel@debian.tauspace.local">h ttp://lists.debian.org/1304697006.20397.12.camel@debian.tauspace.local
 
Old 05-06-2011, 03:56 PM
Chris Warburton
 
Default Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website

On Fri, 2011-05-06 at 11:29 -0400, Scott Kitterman wrote:
> On Friday, May 06, 2011 11:23:50 AM Tshepang Lekhonkhobe wrote:
> > On Fri, 2011-05-06 at 09:11 -0400, Scott Kitterman wrote:
> > > On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
> > > > Programming Lang: PHP
> > > > Description : ocPortal is a Content Management System for
> > > > building
> > > >
> > > > and maintaining a dynamic website
> > >
> > > How many content management systems written in php does Debian need?
> >
> > It's not kool that you didn't even ask about how good it is. Maybe it's
> > better than whatever exists in Debian currently, have you checked? My
> > point is your question isn't helpful. It smacks of flaming.
>
> The question I should have asked is what is it's security record like. This
> is an area that's rife with applications that have 'poor' security records.
> Adding more to that pile would be an unfortunate burden on the security team.
> That's probably the most significant of the project wide costs adding a package
> like this brings with it.
>
> Scott K

Hi Scott. ocPortal isn't massively widespread compared to other systems,
so there's obviously less experimental proof of security. We had a
security hole a few years ago; this was before I got involved, but
there's details here http://en.wikipedia.org/wiki/OcPortal#Criticisms

Official ocPortal releases are managed by ocProducts, a company set up
around ocPortal (and who pay my salary), and we have a clear security
policy which can be found here
http://ocportal.com/site/maintenance.htm .

We also regularly run static code analysis tools on the codebase and we
test every release with a hacked PHP runtime that 1) triggers errors if
strings are not explicitly sanitised before going through eval, getting
echoed to a browser or being entered into a database, and 2) enforces a
type system on variables and function calls (based on type signatures
written into the PHPdoc of every function), and raises an error if there
is a type mismatch. I actually run this hacked PHP on my system in place
of the distro's own.

If there are specific security concerns I'd be happy to address them.

Thanks,
Chris Warburton


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1304697369.20621.51.camel@linuxfedora">http://lists.debian.org/1304697369.20621.51.camel@linuxfedora
 
Old 05-06-2011, 04:24 PM
Ben Armstrong
 
Default Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website

On 05/06/2011 12:14 PM, Tshepang Lekhonkhobe wrote:
> Q: How many content management systems written in php does Debian need?
> A: How about zero?
>
> Not exactly helpful.

When developers are passionately opposed to a particular technology (and
not without reason here, I think,) they can be a bit blunt in expressing
it. The list of these goes on and on ... and while I certainly would be
more polite myself about expressing reservations about adding any more,
I'm not going to fault others for expressing their dissent. The way you
expressed your support seemed to me to gloss over the real cost of
adding a new package to the archive without any coherent argument as to
why this particular one was going to be no trouble at all (and/or worth
the trouble because it's so special).

Ben


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DC420C1.2080805@debian.org">http://lists.debian.org/4DC420C1.2080805@debian.org
 
Old 05-06-2011, 04:39 PM
Tshepang Lekhonkhobe
 
Default Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website

On Fri, 2011-05-06 at 13:24 -0300, Ben Armstrong wrote:
> On 05/06/2011 12:14 PM, Tshepang Lekhonkhobe wrote:
> > Q: How many content management systems written in php does Debian need?
> > A: How about zero?
> >
> > Not exactly helpful.
>
> When developers are passionately opposed to a particular technology (and
> not without reason here, I think,) they can be a bit blunt in expressing
> it. The list of these goes on and on ... and while I certainly would be
> more polite myself about expressing reservations about adding any more,
> I'm not going to fault others for expressing their dissent. The way you
> expressed your support seemed to me to gloss over the real cost of
> adding a new package to the archive without any coherent argument as to
> why this particular one was going to be no trouble at all (and/or worth
> the trouble because it's so special).

Strange that you read 'support' into my responses. Actually I have never
even heard of the proposed package, but that's not the point. I even
mentioned that if the package sucketh (if the guy proposing it proves
unreliable), then it can either remain in Unstable or be removed.

You don't just blatantly oppose Debian inclusion without mentioning why.
The great Josselin Mouette (yes, I really respect this guy for his
tireless GNOME maintenance) just did that, and the rest of us are
supposed to magically possess the history of PHP in Debian, and laugh it
off.

And no, you should fault others for expressing their dissent in this
unproductive manner.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1304699966.20397.23.camel@debian.tauspace.local">h ttp://lists.debian.org/1304699966.20397.23.camel@debian.tauspace.local
 
Old 05-06-2011, 04:56 PM
Ben Armstrong
 
Default Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website

We can stop CCing the bug# now, as this subthread is apparently no
longer about the ITP itself, but about "proper" conduct in discussing an
ITP.

On 05/06/2011 01:39 PM, Tshepang Lekhonkhobe wrote:
> Strange that you read 'support' into my responses.

By support, I hope you understand I mean the Debian project
infrastructure cost of adding another package to the archive, not user
support. That was my sole objection. Your statement here is what made me
jump in and speak up:

> It's always convenient to have a package in
> Debian, instead of hunting for it upstream. If it rots in Debian, then
> it can easily be removed again (or left in Unstable).

I strongly disagree. Every addition to the archive must be justified.
Your defense seemed implicitly to hinge on "zero cost" of adding a new
one (i.e. convenience trumps other concerns).

> Actually I have never
> even heard of the proposed package, but that's not the point. I even
> mentioned that if the package sucketh (if the guy proposing it proves
> unreliable), then it can either remain in Unstable or be removed.

That's putting the quality control on the wrong end. Nobody gets to
spend our time keeping a package in the archive as a trial of whether
it's good or not. We need to justify its inclusion first.

> And no, you should fault others for expressing their dissent in this
> unproductive manner.

I should? Or maybe you should read it for what it clearly is, a blunt
"minus one" vote due to the technology it's based on. And while you
write your sarcasm-tinged replies calling down other developers for
using the wrong tone, why don't you look in the mirror?

Ben


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DC4283B.3090707@debian.org">http://lists.debian.org/4DC4283B.3090707@debian.org
 
Old 05-06-2011, 05:03 PM
George Danchev
 
Default Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website

On Friday 06 May 2011 19:39:26 Tshepang Lekhonkhobe wrote:
> On Fri, 2011-05-06 at 13:24 -0300, Ben Armstrong wrote:
> > On 05/06/2011 12:14 PM, Tshepang Lekhonkhobe wrote:
> > > Q: How many content management systems written in php does Debian need?
> > > A: How about zero?
> > >
> > > Not exactly helpful.
> >
> > When developers are passionately opposed to a particular technology (and
> > not without reason here, I think,) they can be a bit blunt in expressing
> > it. The list of these goes on and on ... and while I certainly would be
> > more polite myself about expressing reservations about adding any more,
> > I'm not going to fault others for expressing their dissent. The way you
> > expressed your support seemed to me to gloss over the real cost of
> > adding a new package to the archive without any coherent argument as to
> > why this particular one was going to be no trouble at all (and/or worth
> > the trouble because it's so special).
>
> Strange that you read 'support' into my responses. Actually I have never
> even heard of the proposed package, but that's not the point. I even
> mentioned that if the package sucketh (if the guy proposing it proves
> unreliable), then it can either remain in Unstable or be removed.

Upload to 'unstable' and see how it goes could be quite suboptimal tactics
most of the time. I'm not talking about that particular package, but not every
package which flies in the free software skies deserves to be in Debian archive
in my own opinion. Inclusions costs human time.

> You don't just blatantly oppose Debian inclusion without mentioning why.
> The great Josselin Mouette (yes, I really respect this guy for his
> tireless GNOME maintenance) just did that, and the rest of us are
> supposed to magically possess the history of PHP in Debian, and laugh it
> off.
>
> And no, you should fault others for expressing their dissent in this
> unproductive manner.

Well, maybe if you look at that from a different angle, you can find it
productive as in: don't spend your time packaging that particular one, as
chances are very low for upload.

--
pub 4096R/0E4BD0AB <people.fccf.net/danchev/key pgp.mit.edu>


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201105062003.43593.danchev@spnet.net">http://lists.debian.org/201105062003.43593.danchev@spnet.net
 

Thread Tools




All times are GMT. The time now is 12:09 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org