Re: Auditing Code (security wise)

yes dave :) but i used telnet as just 1 example.

thanks for the offer of your notes, any information that can help improve security is a bonus.

Live as if you were to die tomorrow, Learn as if you were to live forever

The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together!
Topic | Forum

Re: ImpressCMS Theme

I've got most of the logic, XHTML and CSS done. There is some work needed on fine-tuning the margins and padding, but the hardest part is done.

At this point, the images need sliced, the CSS needs color matched, and the aforementioned fine-tuning needs done.

I won't be around today and much of tomorrow. If somebody else wants to take what I've done so far and continue on it, that would be a great help!!!

Work so far attached.

Let's make this first theme a team effort!!!

JMorris (aka James Morris)
ImpressCMS Professional Services: INBOX International inc.
James Morris Online | Frolicking on the playground that is the Internet...
Topic | Forum

Re: ImpressCMS - Team building

This is important to the longevity of ImpressCMS (or any project). I agree with Herko about what we need to be focusing on at this stage - a list of tasks that need to be completed and a clear overall vision, much like we did here when pulling together at Xi.

Re: GoPHP5

  • 2007/12/9 7:41:21
  • herko

Why not split it up?

I mean this:

the codes that build on just the current xoops 2.0.x code will have its php4 compatbility, but
the *real* impress codes (the ones that will take it away from xoops) will be php5 native.

This is what Skalpa wanted to do with XOOPS anyway: work towards a php5 native codebase. Basically, you'd have till 8.8.08 to create a superduper new php5 only system that will make the current patching xoops work obsolete.


Tomorrow never comes until it's too late

Re: ImpressCMS - Team building

PS: I hope no one takes offense with these ideas - they're not in concrete, but are just raised to discuss ideas.

Re: ImpressCMS - Team building

I agree with Skenow that we should get a finalised structure - ideally based on the Draft Teams work... although I think they think on the same general lines that most people would.

We should still be able to get something arranged properly before launch date.

Until then - we've naturally organised ourselves into teams of people who can concentrate ont he different areas for now - rather like Herko's suggestion.

An important issue that I raised in that team many times is that we should not build walls between teams.

I feel that many people have something to contribute in other areas: an example - Skenow - who has done some great work with templates - but is thought of as a docs man...

The "Management" section of my first post is essentially ideas on how to avoid the "dog in the manger" situation. I think something like this would be an ideal situation... essentially a TEAM responsible - and not simply an individual or individuals.

Re: Auditing Code (security wise)


the pages were to be viewed via say telnet

Do you mean executing the scripts from the command line, as opposed to via HTTP?

I attended a one-day seminar on web applications security last year. I'll dig out my notes and post them.

Re: Trunk no more working

I don't know much about TortoiseSVN. I tried using it briefly, then decided that I preferred using SVN from the command line. One advantage of the latter is that there's comprehensive documentation (the SVN book).

But TortoiseSVN is widely used, so it probably has equivalent functionality and documentation.

Re: ImpressCMS - Team building

  • 2007/12/9 2:25:27
  • herko

My first reaction is: don't make the same mistake I did, and the one that DJ made a thousandfold bigger: organize to get organized.

Teams are a very nice concept, but they have only temporary value. No team I have seen (and I have seen a LOT of teams!) has the stamina to keep working for more then a few months, and that is when it is working at all.
I propose to skip the roll call and name listing games and go right to the heart of the matter: projects.
In stead of creating teams who are responsible for certain sets of tasks (which implicitly means you're excusing everyone else to feel any responsibility for this work!), create projects to get a specific result in a specific way. Then, teams can be formed around these projects, but they'd be temporary and focused. Appoint one project lead who gets the task of making sure that the project is in sync with the rest, and you've got yourself a manageable structure where open collaboration is the standard.
Anyone can start a project, and ask for support from something that manages the assets.


Tomorrow never comes until it's too late

Re: ImpressCMS - Team building

My first reaction was '3 months is too short'. The reason being it adds extra time just to reset and make transitions between the 'top man/woman'. Transitions are always unproductive.

I know the intent is to keep the potential for disaster while a particular person is in that seat, but for someone intent on doing things their way, it only takes a matter of weeks to foul things up.

My second reaction was to hold off until the draft proposal has more definition. It has some good principles and if we appear to be acting without consideration for their efforts, our credibility is at risk.

The task groups in this proposal are very close to what the proposal team is moving forward. And that is a good thing, because it deals with the actual work that needs to be done and applying the resources where needed.

A lot is happening and I feel a bit lost at times. A clear vision, as Herko was saying, is definitely higher on the list of things to be done for me.

Actual work processes (ooh, I hate that I just said that) need to be established, because they are not evident in the current XOOPS environment - security reviews and audits, code review and comment, feature/functionality/benefit analysis, testing and quality assurance, transparency and integrity are all major items.

One thing we need to keep in the front of our minds at all times - we judge ourselves by our intentions, others judge us by our actions.

Re: Trunk no more working

No, using TortoiseSVN. Did I missed something ?

Marc-André Lanciault
Founder and CEO INBOX International inc.
Co-Founder ImpressCMS

Re: ImpressCMS - Team building

Since we have discussed this together David, of course I agree. Now let's see what our fellow friends have to say about this.

Marc-André Lanciault
Founder and CEO INBOX International inc.
Co-Founder ImpressCMS

Re: Auditing Code (security wise)

Very nice initiative Vaughan !

Keep up the good work !

And thanks for the links steve.

Marc-André Lanciault
Founder and CEO INBOX International inc.
Co-Founder ImpressCMS

Re: Want to contribute to ImpressCms

Hi saganxis and welcome here !

Have a read of these forums and start implicating yourself. And tel us know if you have any questions.

Nice to have you here !

Marc-André Lanciault
Founder and CEO INBOX International inc.
Co-Founder ImpressCMS

Re: Using the trackers to document changes in the SVN

I agree with this - if I had posted that I was working on the system templates, it would have eliminated a conflict that arose when the latest 2.0.18rc changes were committed.

Let's give it a start

Re: ImpressCMS - Team building

Please note - that some of the ideas here are based on work by the [[Draft Proposal Team]]

They are still working on their plans, and I feel more of their ideas should be looked into seriously for consideration.

ImpressCMS - Team building

Please note: This is only a proposal at the moment - but I am hoping that you will think it of merit to consider.


We have been very privildged to have some extremely skilled people getting involved in this project.

However in the fast paced development of the new core, it's becoming more obvious that we need to start the groundwork on internal teams to manage the different areas of our project.

So far - several people have stepped up to help in different areas ourside of their ususal ones - and I feel that even with "organised teams" - this still is not a bad thing.

So: what teams do we need to work on?

Essentially we need to gather together:

Core Team: We've a large group of talented developers at the moment - and I feel this number could easily rise.

(BTW: I would suggest that anyone who hasn't done so, perhaps completes their "skills" in Sourceforge?)

I'm unsure of exactly the best requirements of this team myself - but I'm sure someone more knowledgable can add this?

Communications, Documentation & Promotions Team:

These would include people to help relay news from the project development, assist in the production of documentation, and with the promotion of the project.

This team would also include members who can assist with the Wiki site.

Community Forum Moderators:

People willing to assist in the community forum. Trusted members would also have the relevent authority to deal with troublemakers.

Module/Theme Repository Team:

Initially just would be needed to ensure modules are uploaded and categoried correctly. However, this team would evolve later to improve classification and quality control testing.

Site Maintainance Team:

At the current time - responsible for the planning and installation of the new site.

At a later stage, this team would be partly responsible for general maintainance - but also work with other teams in improving the sites.

* * * * * * * * *
Gradually we will need to expand and change these teams, as fits a growing project - and depending on the teams requirements. But for the moment, if we start on the essential parts - we will at least have something practical to build from.

* * * * * * * * *

I can see a need for the following areas to be covered:

Translations: core translations

Module Development: an alternative to dev.xoops - I would perhap make the suggestion that we use a seperate sourceforge site - with seperate forums available?

Akitson has done some groundwork on this with his site - perhaps he would be willing to assist in such a team?

This could also include Module Security testing, as well as Quality testing as well. (Perhaps a certification program?)

Any feedback on this would be appreciated.

* * * * * * *

Project Management

We are aware from personal experience, that having inflexible management structure is not a good thing.

I have been examing many ideas recently - and have discussed the pros and cons with several people - and I feel the simplest methods the best:

1) Each team has 1 "top man" (manager, team leader, whatever you wish to call the title) - who is chosen from within the team by voting.

This "top man" will serve for a period of 3 months.

At the end of this time, another "top man" is chosen - or if the team wishes, the same person can stand again.

2) Each of the "top men" will form a team - which will act as the co-ordinators for us all.

Again - their position will only last for 3 months - or less if situations require it.

3) We don't have an overall "leader" - we have elected people from the ranks - who have to contribute their best.

Using the trackers to document changes in the SVN

Hi guys,

In order to better document and follow up the changes we do in our SVN, what do you think about the following.

Before coding something new of fixing a bug, we add an item either in the bug tracker, or the feature tracker, or for larger things, in the task tracker.

Then we code it, commit it, and make sure to link our SVN commit message with the ID of the item we created.

That way, changes will truly be documented and opened for commenting by other developer which is a very good thing.

For example, yesterday, I added the multilanguage feature. I did not add an item in the tracker. So today I found out 2 things.

1- Rodriguo already did something similar in Xoopers.
2- I forgot to change the install process to add the new config options in the databse, same thing for the upgrade script.

If I had added a task or feature requesy at SF for this, may Rodriguo could have told me he already did it, and david and nekro could have documented that it was not working.

I'm going to add a task for the ML now

Thoughts ?

Re: Trunk no more working

Are you using SVN from the command line? When it merges changes to a file, I thought it's supposed to warn you, and give you a chance to see the specific changes.