Re: [Phplib-users] Ruminations on the Situation
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Ruminations on the Situation
|
From: Bob B. <bo...@iN...> - 2002-06-30 18:28:22
|
Gian -- Don't be so defensive ...! As I said, I appreciate the work EVERYONE has=20 done on phpLib, and that certainly includes you. My point was not personal - it was rather directed at the situation as it=20 now exists, where anyone (it seems) can re-invent basic parts of the=20 library, name it after themselves, and post it in the CVS - without review= =20 by anyone as to its compliance with the rest of the code, its suitability=20 to purpose, its stability, or even its concurrence with any "master=20 plan". This now happens because, sadly, no one is running the show any= more. Your auth scheme is quite possibly the way to go ... but has anyone (as KK= =20 et al used to do in the "old days") actually spelled out what the "way to=20 go" really is? Has anyone thought through the near- and long-term goals=20 ...? You've patched the library for yourself and published the work ...=20 the very fact that you can fork the library and name it after yourself and= =20 PUBLISH THE WORK WITHIN THE PHPLIB CVS - that's what is very sad to me ... Please don't miss the point, Gian - your code may be what everyone wants in= =20 the library, it may be tight, and right ... but self-publishing within the= =20 boundaries of an existing project, IMHO, is not the way to go. Put the=20 patches on your own web site, and submit them to the CVS for consideration= =20 for inclusion in the next release, yes ... the fact that you didn't (or=20 couldn't, or wouldn't) do it this way is a telling symptom of the issue=20 that I called "sad" in the first place. Bob. At 11:04 PM 6/29/2002 +0200, you wrote: >I have to reply, and I am frank. > >I have recently resigned my 'write access' as a phplib core developer, so= =20 >I cannot be accused of imposing anything. >So there is NO anarchy. > >I have been following and contributed to phplib since version 4 or 5, and= =20 >please note that the actual structure of the session->start method has=20 >been my idea, I let you imagine how comprehensible was before. That made=20 >extending to php4 session pretty easy. > >Now I have devised a similar rationalization of $auth->start, which is an= =20 >example doc of spaghetti code. That nobody can maintain. > >It will make auth a more maneageable class, in line with modern nuke type= =20 >needs >it is a drop replacement, backwards compatible. > >For the rest there's nothing than better security, because these things=20 >evolve quick, can you imagine? and there constantly lots of new threats. A= =20 >library whose core functions are session and authentication cannot be=20 >static. Sorry. > >But it is nothing that should worry those who are not interested. And=20 >those who are interested should document and participate, please. >And if really nobody is interested then it means all this doesn't mind. > >So my choice should clearly let you understand that I am on the user side,= =20 >if not ours. > >Gian > > > Bob Bowker <bo...@iN...> a =E9crit le 29/6/02 11:08: > > >It's sad to see what used to > >be a very stable, usable > >library descend into > >chaos, confusion and > >anarchy ... people heading > >off in their own > >directions, claiming the > >umbrella of phpLib but > >naming their rewrites after > >themselves, all with > >seemingly no coordination or > >direction or vision > >whatsoever. No wonder the > >need for PEAR was so > >immediately obvious to so > >many people - not that PEAR > >was the best choice (in many > >ways worse than > >phpLib), but I really do > >understand why the core > >PHP developers decided on > >something other than > >phpLib. > > > >The CVS is in such a mess > >that someone has to write a > >how-to and post it on > >a personal web site! Then > >Giancarlo writes and releases > >several scripts > >(Nathan - did I miss the > >announcement that he is > >now a new "committee of 1" > >determining the philosophy > >I made you aware of facts you ignored. > > >and direction of the > >project?) and there goes > >Donncha's roadmap again ... > > > >Giancarlo, before you > >immediately flame me, I > >appreciate and admire your > >work - and this is nowhere > >near "personal". I just don't > >think your > >unilateral actions > >Actions? > >have a > >place in the overall scheme > >of things. We > >desperately need someone, > >or a group of "someones", > >who will coordinate > >this project. > > > >I say this knowing full well > >that the immediate > >response is "Why don't you > >do it, Bob?" and that my > >answer is the same as > >everyone else's - "I don't > >have the time" ... which, I > >suppose, in many people's > >minds, removes my > >right to complain. But that's > >why the subject is > >"Ruminations" and not > >"Problems" ... > > > >KK has moved on to other > >projects, but his hand on the > >tiller and his > >vision are sorely missed, > >imho. We've been using > >phpLib in our work here > >for almost 4 years now, and > >in spite of the lack of > >"official" progress and > >register_globals and PHP4 > >and all the meanderings of > >this past 18 months or > >so, we still rely on the library > >-- but on our own very > >highly modified > >version of 7.2 -- on every > >site we do ... regardless of > >the installation, > >regardless of the OS, and > >regardless of all the latest > >and greatest > >MyCodeIsBetter streams > >that are cropping up. > > > >A lot of people have spent > >long hours on this library, > >I have been one of them. > > >and for their code > >(as well as the learning > >experience that they've > >provided me), I'm very > >grateful. But my company > >can't afford to base our > >work on something that > >is no longer predictably > >(please note that I said > >"predictably") reliable ... > >Security is an evolving process. > > > > >Above all, after all, and with > >personal appreciation -- > >thanks, KK ... > > > >Bob. |
