[Freedombox-discuss] PHP and security
tarvid at ls.net
Wed Sep 7 01:12:54 UTC 2011
Advocating one language over another is sure to cost support in the losing
camp. I can see offering a reading course in Python since many of the system
utilities are written in Python and few in PHP.
On Tue, Sep 6, 2011 at 8:04 PM, ya knygar <knygar at gmail.com> wrote:
> +1 for Sam Hartman's message
> i think the choice of non-PHP whenever is possible
> should be made by the evidence
> - that - it's often much easier to maintain and actively develop
> something big, still - considerably high quality with a Python, for
> With all the respect -- we may compare the Drupal and Plone as a reference
> platforms - for this example.
> Both are used for largest governmental portals.
> Both are being professionally developed by a kind of
> foundations/companies behind.
> Both are mature and already, being scaled not a once and trying every
> release, again and again - for 'future' needs.
> here is some old comparison
> of security track, latest are pretty the same.
> For Security -
> Python projects always win over PHP in all places/stats i'v seen.
> Win seriously and without a real chance for PHP.
> Since the nice speed of PHP doesn't matter so much as you constantly
> receive the bad code,
> i don't see any arguments for PHP in FBX's.
> From what i see - people doesn't favor it for any serious, modern
> development, generally.
> I mean all the new interesting projects i see - doesn't use PHP at all
> or only for small bits
> of front-end.
> heh, besides that mailing systems you may try to use in FBX would,
> be in PHP.
> For other that i have in mind now - you have a better variants,
> often it is Python, because of popularity and speed, but for certain
> there are other really useful but not so popular languages.
> PS: i recommend to avoid Java also, as it seem like a bad choice for
> wide-community driven projects,
> often leads to enormous size of code, and needs very strict organization
> since contributing to Java project -- you also may easily code in -
> some faulty or conceptually wrong staff.
> PPS: for FBX's code i could only advice about certain projects that
> may get in FBX,
> or - for certain scalability choices if/when FBXF would start to program
> i won't evaluate PHP and non PHP by own hands also :)
> PPPS: when/if we would do UI/UX staff for FBX's i would advice for
> PPPPS: it is a TAC topic but i can't reply to TAC, can i?
> On Tue, Sep 6, 2011 at 8:46 PM, Sam Hartman
> <hartmans at painless-security.com> wrote:
> > I don't think PHP is a non-starter. Ther's a lot of really bad PHP code
> > and there are some PHP practices that can make it really easy to write
> > bad apps.
> > However I do'n think there is anything about php that makes it
> > impossible to write good apps. Also, the track record of the php core
> > itself doesn't seem to be too bad in recent years.
> > So, I'd find someone we trust to evaluate PHP and have them examine apps
> > on a case-by-case basis.
> > I'm not volunteering: I have very little PHP experience.
> > --Sam
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
Rev. Jim Tarvid, PCA
12897A Grays Pointe Road, Fairfax, Va 22033
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freedombox-discuss