Allowing live updates by anyone would be silly!
Your real problem with releasing the code seems to be security. I believe opening the site would indefinately improve security! I think the long term goals would be positive. Do you believe there are vulnerabilities in the code? Even if there are some it would be nice to get them found now rather than later.
Phade wrote:If I gave out all the source code to whoever wanted it, security holes could be found
You're strangely assuming that these holes are non-findable without the source code. Most holes in PHP work along exploiting a lack of validation in certain areas (eg inserting 's in http parameters rather than integers, inserting 's into cookies, assuming complex cookies cannot be spoofed, or assuming html form elements such as <select> cannot be spoofed). Further more, although I haven't tried (obviously >_<) some of the site could be open to cross site scripting attacks, which often allows a particularly skilled hacker to do
bad things(tm).
Other problems:
Different servers for test, stable, and live: Sounds complicated. I don't think it's very relevant to releasing the code.
Information baseline: If you demand the data be realistic, couldn't you just export a seperate gzip of say 2000 random videos, and replace the journal entries with repeated words? Or just don't bother - let people make their own test data.
I think a good idea would be an extra forum on this board where people could post the code to patch files. They could then easily be peer reviewed by anyone who fancied having a look. This would expose people posting evil patches. It would also improve the quality of the patches before they got to you. And the code would be cleaner and checked by other people. It would also encourage people to learn about the site - a necessary step before being able to code on it. With the source code out there - a few people might install AMV setups on their servers. And then everyone could check everyone elses patches - it'd be like a massive distributed test server
.
Granted this whole system would be for fairly simple PHP patches, but I think it's a good start in the direction of collobarative development. And you yourself seem to want this
. Further more it would create the culture and social network needed for the "group of programmers" idea to work.
I don't really know whats going on here in all honesty, but all this CVS/Database/live-submissions/programming-group confuses the matter. This topic right now is only the simple little thing of releasing the code so people can submit patches for stuff on the todo list. All that other stuff could be really cool and useful, but again why try and run before we're walking?
I don't mind you saying "NO! MYCODE! GRRR! DAMN HIPPIES!", but if you're worried about security then I think those thoughts are unfounded.
Zarxrax wrote:Couldn't people just say to you, "I would like to implement this into the code" and then you just send them only the source code that is relevant to what they want to do?
Yeah, that'd be cool. But also a lot more effort. For small things it wouldn't reduce Phades workload - just change it from coding to answering emails and checking code.
On the othre hand, people could write the code, but they couldn't check if it would work. So there could be bugs in the code which Phade gets, and then he'd have to send it back, and the whole thing would could end up a bit of a mess.
) but it'd be cool if you could just put it in a gzip file somewhere. You don't even have to write an installer - I'm sure I'd be able to get it runnin with a brief table set up export. If you did this then people could just send in patch files for the more basic things on the todo list, without any hassle or commitment.
