You are viewing a single comment's thread from:

RE: HF20 Update: Restoring Continuity

in #steem6 years ago

@bobison, If you want to set standards, then start by following the lead of existing mature FOSS projects. For example Drupal (the biggest dev-focused FOSS project worldwide). It is 17 years old, Drupal adopted TDD 10 years ago and had its own moments of radical changes, but Drupal has tradition of communicating change pretty well! (starting from its founder & project lead)! In short, there is no need to reinvent the wheel @ned, if you really want to keep steem for the long run, make it formal, and if you know that you can't hold the technical weight of the project, then hire a competent CTO ;)

Sort:  

Agree @develcuy

Drupal is not alone. gcc, Bash, emacs etc are even older than drupal and are still holding up. I would prefer to go Python's route though (as opposed to even Linux's). Why I said Python instead of Drupal is because of the recent CVEs against Drupal which was lurking there for so many years. But in general, we are saying the same thing :-)

If you are stating that a programming language makes a final product more secure, then I think that we aren't on the same page, nor on the same book either. Review your statements and try again

no - I didn't say anything about programming languages. I was talking about how

  1. Free Software projects like gcc / bash / emacs & Drupal has evolved
  2. By Python, I meant the foundation not the language. (ie the Python Foundation)

Also I feel communities are the biggest strength of STEEM blockchain. No other blockchain has a community interacting with each other on the blockchain.

@bobinson, what does the Drupal association has to to with Drupal CVEs?

@develcuy - If my memory is correct, the CVEs were lurking for many years. That means, the existing structure had short comings and unless they have revised and improved the process, there definitely is a short coming in the organization and it needs to evolve. Now the same has happened with OpenSSL too but then the community was out numbered and not as active as Drupal or any of the other vibrant communities.

I can take the example of a Free Software project I am involved with for last 17 years - we went dormant and now we are very active for last 11 years. We have hosted GSoc, contributed to Unicode etc. We could never fix certain short comings in the Unicode definition even though it was against the basic rules of "Indic Languages". Personally I feel this is a short coming and we need to become more influential (like Google and Microsoft's influence in Unicode committees) and as we speak we are trying get government involved to correct the errors. We are doing PR, we have some of the most downloaded Android Apps etc - this will increase the visibility will eventually help to correct mistakes. So communities must evolve and get better.

btw, followup on the original action items is here : https://hackmd.io/s/ByT1BuG5m

There are few people helping out and suggestions/critics/assistance in the true community fashion is much needed.

Security bugs have nothing to do with the Drupal Association (DA), there is an specialized team on charge of security AND the head of all Drupal development is Dries, he has a long and very well structured list of core committers, with clear duties, reporting straight to him, although everyone belongs to different companies or are self-employed. That is normal practice in community backed Open Source projects btw. Contrary to that, in STEEM we have a team of guys from the company, on charge of releasing the code, along a band of 20 guys with no clear structure and duties. What do one is supposed to expect from that? Or better said: