[Freedombox-discuss] PHP and security

Jim Tarvid tarvid at ls.net
Wed Sep 7 01:12:54 UTC 2011

Advocating one language over another is sure to cost support in the losing
camp. I can see offering a reading course in Python since many of the system
utilities are written in Python and few in PHP.

On Tue, Sep 6, 2011 at 8:04 PM, ya knygar <knygar at gmail.com> wrote:

> +1 for Sam Hartman's message
> ..
> i think the choice of non-PHP whenever is possible
> should be made by the evidence
> - that - it's often much easier to maintain and actively develop
> something big, still - considerably high quality with a Python, for
> example.
> With all the respect -- we may compare the Drupal and Plone as a reference
> platforms - for this example.
> Both are used for largest governmental portals.
> Both are being professionally developed by a kind of
> foundations/companies behind.
> Both are mature and already, being scaled not a once and trying every
> release, again and again - for 'future' needs.
> here is some old comparison
> https://weblion.psu.edu/trac/weblion/wiki/PloneVersusDrupal
> of security track, latest are pretty the same.
> For Security -
> Python projects always win over PHP in all places/stats i'v seen.
> Win seriously and without a real chance for PHP.
> Since the nice speed of PHP doesn't matter so much as you constantly
> receive the bad code,
>  i don't see any arguments for PHP in FBX's.
> From what i see - people doesn't favor it for any serious, modern
> development, generally.
> I mean all the new interesting projects i see - doesn't use PHP at all
> or only for small bits
> of front-end.
> heh, besides that mailing systems you may try to use in FBX would,
> probably,
> be in PHP.
>  For other that i have in mind now  - you have a better variants,
> often it is Python, because of popularity and speed, but for certain
> applications
> there are other really useful but not so popular languages.
> PS: i recommend to avoid Java also, as it seem like a bad choice for
> wide-community driven projects,
> often leads to enormous size of code, and needs very strict organization
> around,
> since contributing to Java project -- you also may easily code in -
> some faulty or conceptually wrong staff.
> PPS: for FBX's code i could only advice about certain projects that
> may get in FBX,
> or - for certain scalability choices if/when FBXF would start to program
> itself.
> i won't evaluate PHP and non PHP by own hands also :)
> PPPS: when/if we would do UI/UX staff for FBX's i would advice for
> JavaScript and HTML5/CSS3 whenever is possible.
> PPPPS: it is a TAC topic but i can't reply to TAC, can i?
> On Tue, Sep 6, 2011 at 8:46 PM, Sam Hartman
> <hartmans at painless-security.com> wrote:
> > I don't think PHP is a non-starter.  Ther's a lot of really bad PHP code
> > and there are some PHP practices that can make it really easy to write
> > bad apps.
> >
> > However I do'n think there is anything about php that makes it
> > impossible to write good apps. Also, the track record of the php core
> > itself doesn't seem to be too bad in recent years.
> >
> > So, I'd find someone we trust to evaluate PHP and have them examine apps
> > on a case-by-case basis.
> > I'm not volunteering: I have very little PHP experience.
> >
> > --Sam
> >
> >
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

Kindness Works!
Rev. Jim Tarvid, PCA
12897A Grays Pointe Road, Fairfax, Va 22033
38.8778239, -77.392696
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110906/22db6e32/attachment.html>

More information about the Freedombox-discuss mailing list