|
|
Boost : |
From: Dominique Devienne (ddevienne_at_[hidden])
Date: 2022-04-06 12:58:28
On Wed, Apr 6, 2022 at 2:15 PM Niall Douglas via Boost
<boost_at_[hidden]> wrote:
> On 06/04/2022 12:42, Dominique Devienne wrote:
> > I'd quickly mention [Fossil-SCM-based forum]
> I don't want lots of stuff in one overarching solution. I want one thing
> solved well, and I want it to plug nicely into the most popular tooling.
> Which is git for SCM and github for issue tracking.
Well, when that overarching solution weighs less than most Boost libraries :)
Some people are using Fossil solely for the forum. Ignore the rest.
Heck, you could even subset the code needed, if you wanted.
The ML is not integrated with Git or GitHub, yet works fine. Think of
it that way.
> So that's a big turnoff for me at least, it reminds me of that
> all-in-one integrated thingy which Boost had yonks ago and we were never
> able to get off some very ancient version of it full of known security
> holes. I **really** don't want to go back to that.
It's actually because Mr Hipp cares a lot about security that he
controls the whole stack...
I can guarantee you, from having witnessed it, that he's very reactive
to any report about issues.
And if you actually look into the sources of althttpd, you'd see
clearly stated the code is kept simple
on purpose, to make it auditable from A to Z in a single sitting of a
couple hours. All requests are
handled in a forked child on purpose (works best/fastest on Linux for
that reason), with the whole thing
running in a chroot jail by default. I.e. the attack surface is kept
small on purpose. I'm sure it could further
be secured in a container or nanovm or whatever the Cloud'y people
will invent next.
Again, I doubt Fossil will gain traction here. And I'm just a (happy)
user of it, I have no skin in this game.
But please don't go about writing about security holes or abondonware
or bloat for things Dr Hipp does...
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk