Forum OpenACS Development: Re: AOLserver Security Audit

Collapse
Posted by Jon Griffin on
As Tom stated in the above, his security patch has been ignored. I find that still almost all communication is ignored.

Yes I think we should fork because AOL isn't responsive. Scott G. has improved the site somewhat but it is still not much better.

What about 4.x it was supposed to be released real soon now, months ago. The cvs browser on sourceforge (IMHO the biggest mistake to date was putting stuff there), shows nothing having been done recently etc.

I waited several months since the last time this was mentioned and AOL still hasn't released OR fixed an obvious security flaw that was submitted with a patch. There are other deprecated/insecure calls in the tree that need to be addressed and I don't see any response from the AOL core team.

Collapse
Posted by Jamie Rasmussen on
Jon - I'd suggest voicing your concerns at one of the next AOLserver AIM chats.  There are usually many experienced developers and members of the ACT at them, and you get much better response time than you do with email!  Unfortunately I have to miss the chat tomorrow, but hopefully you can make it.  I too am curious why this problem wasn't completely fixed.

A 4.0 release has been delayed for many reasons, including the formation of the ACT, documenting what we have, and coding for 3.5 and now 3.6.  Those actions are largely in response to community requests.

The AOLserver code base is *already* forked.  There are at least a half-dozen distributions available, causing untold confusion for new users.  (Yes, I am part of the problem. 😊  The distribution OpenACS is currently recommending is missing numerous bugfixes and features, and has no clear maintainer(s).  I think a revived OpenNSD would probably meet a similar fate.  There are lots of good things happening in the SourceForge tree, let's focus our efforts on integration instead of further division!