
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jdd wrote: | Pascal Bleser a écrit : |> Point is, the people who run it should be the people who decide on the |> software they want to use. | | absolutely :-) And why are you contradicting yourself below then ? "the people who run it" = the admins of the forum, not the users If the admins decide to go with vBulletin, then vBulletin it shall be. It's always easy to criticise and say "you must do this" or "you should do that" or even "you have no clue" when you don't have to set it up, make it work and provide a reliable service. Because of that, and purely out of technical reasons, the people who make the service work are the ones to decide on the technology. |> Note that you didn't propose an alternative that would have the same |> feature set as vBulletin or IPB :) | | open source software is what it is. open. and if there is no secure | forum, may be openSUSE could do something for this, as forums are | probably the very most used php software. | my feeling is than it's not a langage problem but a programmer/spirit | problem. Mediawiki and pmwiki, for example, seems very secure (I may be | in error though). They're not "very secure". They're not even "secure". Mediawiki hasn't got a good security record either. And it is also a language problem to a certain extent. But let's try to stay on topic. | having openSUSE run a proprietary software is a bad advertisement for | open source (even, may be mostly, if justifiyed), so IMHO we sould make | some sort of effort to try solving this for the future. Ah, you are proposing to write a new opensource web forum project from scratch, secure from the ground up yourself ? Or to audit and fix and support all of phpBB's source code ? You clearly need a reality check: http://www.ohloh.net/projects/30 phpBB is estimated to 31 person/years of effort, this means over ~ 1 500 000 $ of investment. And it doesn't even have the features of vBulletin or IPB. So a gross estimation of the required effort would be... hmm... 5 m/y at an absolute minimum. | I don't know how is setup the participation Novell gives to various open | source projects, but I'm sure it could be possible to have a "secure | forum" project, let only advertising to the open source community the | need to drive programmers to this direction (google summer of code??) So now you'd like to steer priority on the people and money Novell puts into FOSS projects. GSoC ? Please check the numbers above. | how do the other distribution solve the problem? Just to clarify: the announcement wasn't an invitation to discuss which software should be used. The software to run the forum has already been discussed and selected by the ones who are concerned by its maintenance (primarily Kim, Keith and Wolfgang). It is, of course, absolutely valid to ask why vBulletin has been chosen. And Kim gave enough reasons for that. The people who host it have plenty of experience with it, and they're happy with the service the vendor provides, and they're happy with the security record of vBulletin. And it has more features (such as the NNTP gateway). And they know how to integrate it with iChain. I still fail to see anyone giving reasons why phpBB would be superior on the above mentioned items. Maybe this will clarify the reasons for the decision: ~ | phpBB | vBulletin - -------------+--------------+-------------------------- experience | - none | ++ a lot security | -- awful | 0 acceptable service | 0 unknown | ++ very good features | 0 average | ++ lots (NNTP, roles, ...) opensource | +++ yes | --- no - -------------+--------------+-------------------------- score: | 0 | +++ (and notice that I'm giving a lot of weight to the "opensource" criterion) Yes, choosing an opensource option would be better for certain reasons, but there's no black and white, you have to throw pros and cons into the balance. That's exactly what we did, including taking the fact that it isn't FOSS into consideration, and the outcome was vBulletin. Period. The option of "just" writing our own or having Novell spend insane amounts of money to write a new one is simply ridiculous, to put it mildly. - -- ~ -o) Pascal Bleser <pascal.bleser@opensuse.org> ~ /\\ http://opensuse.org -- I took the green pill ~ _\_v FOSDEM::23+24 Feb 2008, Brussels, http://fosdem.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFH2rvJr3NMWliFcXcRAoe8AJ4vqI6tp7opKTdPDMeEb5HA4+lcUwCfXd08 MxDExhQzDl8YwgrYi61VdLU= =bWBf -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org