Is there a current project aimed at replacing the MT install? I'd like to register my involvement even if it happens I have nothing useful to contribute... :)
]]>And personally I don’t want us to just do something, anything to get away from where we are now – that is the exact strategy that landed us in this bind in the first place. (We didn’t have the time but 6A donated theirs so we took it. (To be fair, the others did not yet have negative experiences with MT at the time, and none of us could foresee how the handling of the enterprise edition would turn out on top of that. (I must add that in spite of everything, we are still in 6A’s debt and I am very grateful to them. It is well likely that b.p.o would never have come to be without their donation, and however troubled a gift it has been, a large part of those troubles is due to the company going under, which they cannot be faulted for not foreseeing at the time they helped us out. Had the company survived, b.p.o’s history would almost certainly have turned out very differently. So whatever I say about MT may be said with regrets but also with anything but bitterness.)))
If we’re going to be busy without getting into a fundamentally better position, we might as well do nothing. At YAPC::EU we bandied about some ideas for how to address this state of neglect. The events of last week have me seriously considering some of them again…
]]>
Our Wall would not accept such code.
The same thing would have happened if braces were used like this:
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
{ goto fail; }
{ goto fail; }
Only if the braces were on a different line would we either have gotten a
detectable merge conflict, or a second goto operation that did no harm:
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) {
goto fail;
goto fail;
}
But the thesis of this blog post missed something even more important about this security flaw: WHERE WERE THE TESTS? If there was a unit test covering this function, it would have been immediately obvious that the outcome was not the same as the intention, by way of a test failing as soon as the developer ran the tests himself or an integration server ran the tests.
Personally i have not yet succeeded with it.
]]>cpan Event::Lib
Instead they'll need to install it like:
cpan CRUX/Event-Lib-1.04.tar.gz
Then, if you become maintainer later you can re-release as 1.05 and it will be indexed. Or if Tassilo von Parseval re-appears, he'll be able to pick up maintenance using your fixed version as a base for his next release.
]]>