RE: ampache security audit
Dear Mr. Bernd Zeimetz
Thank you for your comments
> > You can look at ampaches Code Philosophy at
> > https://ampache.bountysource.com/wiki/Code_Philosophy
> >
> > and ampaches Coding Standards at
> > https://ampache.bountysource.com/wiki/Coding_Standards
>
that's nice to read, but people who write the code should not audit it
imho. It's like reading a book you've written, you won't find the
mistakes. Also it's nice to have a philosophy and standards, but there
must be somebody who makes sure that they're enforced.
Especially for such *insert curse words here* languages like php it's
very important that somebody from the outside of the project audits the
code, for example the package maintainer.
Ampache has a team of developers who work on the project which have differing skill sets, hence the need for coding standards and philosophy. It is the responsibility of the Lead Developer to enforce coding standards. Ampaches Lead Developer periodically has an unaffiliated 3rd party (who has *much more* experience with PHP than I do) perform a security audit on the code.
Could you please elaborate more on this statement:
"Especially for such **insert curse words here** languages like php".
Why do you feel that php is a **insert curse words here** language?
If PHP is such a **insert curse words here** language, then why does Debian allow apps such as roundcube and gallery2, to mention a few, into the repos?
Which language would you recommend using and why do you recommend it?
I feel this is a good opportunity for myself and other community members to learn, so please educate us.
Regards
Charlie
Reply to: