Forum OpenACS Development: Re: AOLserver Security Audit

Posted by Andrew Piskorski on
Jon, are you on the AOLserver mailing list?  I suspect not, as I don't
see how the many recent improvements discussed there can jive with
your blunt, "we should fork the code" sounding statement.  E.g.:

Scott Goodwin and others (Jeff Davis, etc.) brought many orphaned
modules, inluding the Oracle driver under maintenance in the AOLserver
SourceForge CVS.  I think various folks have made progres on bringing
all the 3.3+ad13 patches into the latest AOLserver versions.  And AOL
just created a new "AOLserver Core Team" to govern AOLserver, with 3
AOL members and 4 non-AOL community members.

If OpenACS needs more input into the AOLserver development, trying out
this new ACT would seem that best route to try first...  FYI, at least
Dan Wickstrom and Robert Mello were offered as nominees, specifically
because folks on the AOLserver list thought their should be strong
OpenACS representation on the ACT, although both declined due to time

That said, an AOLserver security audit team sounds like a good idea.
Shouldn't you ask for volunteers on the AOLserver list as well?
And likewise, if OpenACS needs to offer a patched version of AOLserver
until the patches make it into the AOLserver, that sounds reasonable.