Fork discussion at SMF

AngelinaBelle

  • Still thinking...
  • Posts: 92
Re: Fork discussion at SMF
« Reply #75, on August 30th, 2011, 03:14 AM »
Interestingly, I thought the comment could just as easily be read as a dig at the team.
One of those inkblot problems, I guess.
I'm an SMF doc writer.

tumbleweed

  • Posts: 7
Re: Fork discussion at SMF
« Reply #76, on August 30th, 2011, 09:17 PM »
When I first saw it. It made me wonder about SMF upper managements inability to retain those skillful enough to be core devs.


Nori

  • Posts: 19
Re: Fork discussion at SMF
« Reply #77, on August 31st, 2011, 08:10 PM »
Quote from tumbleweed on August 30th, 2011, 09:17 PM
When I first saw it. It made me wonder about SMF upper managements inability to retain those skillful enough to be core devs.
Maybe they need some management training?  :P
Couldn't resist...

Mark

  • Posts: 2
Re: Fork discussion at SMF
« Reply #78, on August 31st, 2011, 09:38 PM »
Quote from Nao on August 24th, 2011, 09:43 AM
Basically, I think what SMF should be going, if it HOPES to have a chance at surviving, is moving its SVN to git, and allowing anyone to commit patches for the lead devs to check and push into the core.
Completely agreed. Git is the only repository system where you can freely merge various patches across branches. That's *perfect* for supporting dozens of forks.
Quote
Since the SMF devs are obviously unable to do the amount of work they're expected to do, I'm sure the SMF team will eventually rely on this.[nb]
Yes. It's obvious the pace of development is slow. I reported a major XSS attack on SMF last week... still not fixed. I may write the patch myself (of course I will share it here, too, once written). I'm just burnt out with coding lately.

I'd like to make changes, but I don't have time to make massive ones. Using git would encourage me to get more active in SMF/forks development.

Nao

  • Dadman with a boy
  • Posts: 16,079
Re: Fork discussion at SMF
« Reply #79, on August 31st, 2011, 09:44 PM »
Hi Mark,
Could you share the vulnerability itself...?

Mark

  • Posts: 2

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Fork discussion at SMF
« Reply #81, on August 31st, 2011, 10:29 PM »
Would you mind PMing me as well? Thanks in advance :)
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

Nao

  • Dadman with a boy
  • Posts: 16,079

Dismal Shadow

  • Madman in a Box
  • Me: Who is Arantor? Cleverbot: It stands for time and relative dimensions in space.
  • Posts: 1,185
Re: Fork discussion at SMF
« Reply #83, on September 1st, 2011, 03:55 AM »
I am glad the vulnerability itself are taken into account seriously here on Wedge. :)
“I will stand on my ground as an atheist until your god shows up...If my irreligious bothers you much, and if you think everything I do is heresy to your god I don't care. Heresy is for those who believe, I don't. So, it isn't heresy at all!


   Jack in, Wedge,
   EXECUTE!

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Fork discussion at SMF
« Reply #84, on September 1st, 2011, 09:24 AM »
Yup, I spent a couple of hours going through the specifications and trying to make sense of how big - exactly - the vulnerability is.

In this case, it's more that SMF and Wedge are potentially vulnerable because of a specification that came out after them, and more than that, it's one where the specification itself relies on the *browser* implementing security measures. We haven't heard the last of it, I'm sure.

karlbenson

  • Posts: 44
Re: Fork discussion at SMF
« Reply #85, on September 3rd, 2011, 09:45 PM »
Quote
Since the SMF devs are obviously unable to do the amount of work they're expected to do, I'm sure the SMF team will eventually rely on this.[nb]
Can't really see it myself for the development version.  Sure for the stable versions to bug fix etc, but IMO smf needs revolution not evolution.  It needs re-writing from scratch to remove the bottlenecks holding back performance and scalability.
We come in peace, shoot to kill, shoot to kill, shoot to kill; we come in peace, shoot to kill; Scotty, beam me up

JBlaze

  • Boldly going where no idiot has gone before
  • Posts: 67
Re: Fork discussion at SMF
« Reply #86, on September 4th, 2011, 01:46 AM »
A security flaw in SMF? Surely you must be joking...

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Fork discussion at SMF
« Reply #87, on September 4th, 2011, 01:48 AM »
I really hope that's sarcasm.

Any sufficiently complex piece of software has bugs, some of which are possibly security related. This particular one is because technology moved on and applications haven't caught up yet. Interestingly this particular vulnerability probably applies to other forums and other applications.

JBlaze

  • Boldly going where no idiot has gone before
  • Posts: 67
Re: Fork discussion at SMF
« Reply #88, on September 4th, 2011, 01:50 AM »
Quote from Arantor on September 4th, 2011, 01:48 AM
I really hope that's sarcasm.
Dripping.
Quote from Arantor on September 4th, 2011, 01:48 AM
Any sufficiently complex piece of software has bugs, some of which are possibly security related. This particular one is because technology moved on and applications haven't caught up yet. Interestingly this particular vulnerability probably applies to other forums and other applications.
Fair enough. Don't know anything about it, and this is the first I've heard of it.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Fork discussion at SMF
« Reply #89, on September 4th, 2011, 01:52 AM »
To be honest, until it was mentioned to me, I didn't even know the specification of newer technology even existed, though it's something that needs to be attended to.

Given that it's been forwarded to SMF and us, I don't personally see any issue with notifying you about it (though IIRC you should be able to see it on SMF's bug tracker anyway)