Re: Getting a package added to the debian package repository: WACS

To: thomas@koch.ro
Cc: debian-webapps@lists.debian.org, beaky@beaky.name
Subject: Re: Getting a package added to the debian package repository: WACS
From: "Beaky, The WACS Man" <wacs@beaky.name>
Date: Sun, 21 Feb 2010 00:10:52 +0000
Message-id: <1266711052.2888.64.camel@kennedy.bevteccom.co.uk>
In-reply-to: <201002200918.26489.thomas@koch.ro>
References: <1266482966.13368.48.camel@kennedy.bevteccom.co.uk> <201002200918.26489.thomas@koch.ro>

Thomas

On Sat, 2010-02-20 at 09:18 +0100, Thomas Koch wrote:
> But I've problems with inappropriate software design. From a first glance at 
> your code I find for example trunk > manage > wacssetmgr:
> http://wacsip.svn.sourceforge.net/viewvc/wacsip/trunk/manage/wacssetmgr
> 
> <code>
>    89           print "<h1 align=center>ERROR:</h1>\n";
>    90 			print "<h2 align=center>Set Number ".
>    91 				$cgihandle->param('setno').
>    92 				" Not Found.</h2>\n";
>    93 			print "<p>\n";
>    94 			print "<center>\n";
>    95 			print "<a href=\"".conf_get_attr("server","wacsmain").
>    96 				"\">";
>    97 			print "Back to WACS Main Menu</a>\n";
>    98 			print "</center>\n";
> </code>

OK.

> - mixing of program code and presentation

... is reliable - back when it was written extensive use of tables and
inline formatting was the only way to be sure it worked well with IE5
and IE6 which were then the current versions of IE.  They are still the
versions used by a massive proportion of the internet community.

You may not realise this but the tool you've picked on is a collection
management tool only available to collection administrators.  It's also
one of the oldest pieces of code in the system.

> - bad HTML style:
>   - align=center misses quotes
>   - it should better be style="..."
>   - it would be much better in a separate CSS file

Not if you want it to work with old IE versions and don't have the time
and patience to debug endlessly with IE on a Windoze box where CSS is
next to useless.  I find about 2 minutes of trying to use windows puts
me in the mood to try violent defenestration.

> - smell of code duplication (shouldn't there be a central place to format 
> error messages?

There may well be code duplication.  Over time routines have been
standardised and improved, but not all the tools have caught up with it
yet.  There is a huge codebase to the WACS project.

We've been focusing on functionality and delivering a complete and
functional system.

> - No possibility to hook in internationalization

Not something I've ever looked at.  Either myself or the other developer
with commit privileges will be more than happy to accept patches.

> - Five levels of "if" in this file

If you look at the deltas over the last month or so, you'll see that
some of the oldest of the end user presentation apps, in particular, the
all important model pages have been re-written to significantly reduce
these high levels of conditional code.  This is a massive multi-year
project - it's still most definitely a 0.x release series and there is
still a lot of work to be done.

> These are the problems found after less then 5 minutes of search. I've not yet 
> tested the resistence of the application against common vulnerabilities like 
> XSS attacks.

There may well be problems in that area.  We have code in the API (the
makedbsafe function) that handles that and is being progressively
integrated across the functions.  Right now I believe we're probably 90%
of the way there on end-user visible applications and maybe only 40%
there on the collection management tools which are locked down to
administrative users from known IP addresses only and so pose less of a
threat.  Most production internet sites would not even install them -
there's a discussion of these issues in the Installation Guide and again
in the Administration Guide.

> Please don't take this personaly, but I dare to question the benefit for 
> Debian users of having this application in the archive.

You seem to be implying that you think that they'd honestly be better
off with nothing or having to pay tens of thousands of dollars for a
proprietary alternative with less functionality.  That seems to me an
incredibly odd attitude for a free software developer; I'd really
appreciate an explanation of the rationale here because I certainly
don't see it.

If you can show me something better, or with even half the capabilities,
then fantastic - believe me, I and the other developers would not be
working on it if we could just use some other package already out there.
To the best of our knowledge, and after much research, we think we can
say that there is absolutely nothing out there in the free software
world in the same arena.

Only very expensive, less capable, proprietary packages.  I was
absolutely amazed what some companies were asking for even the simplest
tools to build thumbnail indexes and gallery indexes.  One firm in
Germany was charging over 3,000 Euro per module for tools for each of
those simple activities.  I've been in the computer industry a long time
and thought I'd seen most of the tricks that could be played but I was
truly appalled at how much was being asked for software providing so
piteously little functionality.

> No harm intended,

But you are causing harm if you seek to block out a package that fills a
need and offers a free software solution to oppressed users, merely
because it isn't coded in what you consider the finest style.  That has
to be one of the worst reasons ever to say no.

If you're not going to help them, you might at least not stand in the
way of others who are trying to do so.

Why not volunteer some of your time to help us clean up the code base
and make the package better?  I'd welcome the help; honestly we all
would.

WACS is a very big package by now - it consists of over 60,000 lines of
perl code and well over 10,000 lines of PHP code.  There are also nearly
five hundred pages of documentation.  It is the result of over six years
work by about half-a-dozen software developers.

Functionality and feature-wise it easily betters the very best web sites
in the industry.  The in-house software of the ATK Group is probably one
of the closest in abilities (it's the only other one I know of that can
search by Photographer for instance), but I very much doubt that is even
available on the open market, much less within the financial reach of
ordinary users or small commercial sites.  Others like the sites from
Pulsar Media have better Location search capabilities (although not
two-level like ours in WACS) but lack the photographer search.  Again
I'm not aware of their hosting software being available for sale either.

So come on... come over, give us a hand cleaning up this code and let's
make sure that we give the users and small businesses working in one of
the biggest industries on the internet the chance to see that the free
software community can help them too.

Cheers
Beaky

Reply to:

Follow-Ups:
- Re: Getting a package added to the debian package repository: WACS
  - From: Thomas Koch <thomas@koch.ro>

References:
- Getting a package added to the debian package repository: WACS
  - From: "Beaky, The WACS Man" <wacs@beaky.name>
- Re: Getting a package added to the debian package repository: WACS
  - From: Thomas Koch <thomas@koch.ro>

Prev by Date: Re: Getting a package added to the debian package repository: WACS
Next by Date: Re: Getting a package added to the debian package repository: WACS
Previous by thread: Re: Getting a package added to the debian package repository: WACS
Next by thread: Re: Getting a package added to the debian package repository: WACS
Index(es):
- Date
- Thread