Re: ImpressCMS - Team building

Since we have discussed this together David, of course I agree. Now let's see what our fellow friends have to say about this.

Marc-André Lanciault
Founder and CEO INBOX International inc.
Co-Founder ImpressCMS
Topic | Forum


Re: Auditing Code (security wise)

Very nice initiative Vaughan !

Keep up the good work !

And thanks for the links steve.

Marc-André Lanciault
Founder and CEO INBOX International inc.
Co-Founder ImpressCMS
Topic | Forum


Re: Want to contribute to ImpressCms

Hi saganxis and welcome here !

Have a read of these forums and start implicating yourself. And tel us know if you have any questions.

Nice to have you here !

Marc-André Lanciault
Founder and CEO INBOX International inc.
Co-Founder ImpressCMS


Re: Using the trackers to document changes in the SVN

I agree with this - if I had posted that I was working on the system templates, it would have eliminated a conflict that arose when the latest 2.0.18rc changes were committed.

Let's give it a start



Re: ImpressCMS - Team building

Please note - that some of the ideas here are based on work by the [[Draft Proposal Team]]

They are still working on their plans, and I feel more of their ideas should be looked into seriously for consideration.



ImpressCMS - Team building

Please note: This is only a proposal at the moment - but I am hoping that you will think it of merit to consider.

--------------------------------------------------

We have been very privildged to have some extremely skilled people getting involved in this project.

However in the fast paced development of the new core, it's becoming more obvious that we need to start the groundwork on internal teams to manage the different areas of our project.

So far - several people have stepped up to help in different areas ourside of their ususal ones - and I feel that even with "organised teams" - this still is not a bad thing.

So: what teams do we need to work on?

Essentially we need to gather together:


Core Team: We've a large group of talented developers at the moment - and I feel this number could easily rise.

(BTW: I would suggest that anyone who hasn't done so, perhaps completes their "skills" in Sourceforge?)

I'm unsure of exactly the best requirements of this team myself - but I'm sure someone more knowledgable can add this?


Communications, Documentation & Promotions Team:

These would include people to help relay news from the project development, assist in the production of documentation, and with the promotion of the project.

This team would also include members who can assist with the Wiki site.


Community Forum Moderators:

People willing to assist in the community forum. Trusted members would also have the relevent authority to deal with troublemakers.

Module/Theme Repository Team:

Initially just would be needed to ensure modules are uploaded and categoried correctly. However, this team would evolve later to improve classification and quality control testing.

Site Maintainance Team:

At the current time - responsible for the planning and installation of the new site.

At a later stage, this team would be partly responsible for general maintainance - but also work with other teams in improving the sites.

* * * * * * * * *
Gradually we will need to expand and change these teams, as fits a growing project - and depending on the teams requirements. But for the moment, if we start on the essential parts - we will at least have something practical to build from.

* * * * * * * * *

I can see a need for the following areas to be covered:

Translations: core translations

Module Development: an alternative to dev.xoops - I would perhap make the suggestion that we use a seperate sourceforge site - with seperate forums available?

Akitson has done some groundwork on this with his xoopsmoddev.org site - perhaps he would be willing to assist in such a team?

This could also include Module Security testing, as well as Quality testing as well. (Perhaps a certification program?)

Any feedback on this would be appreciated.


* * * * * * *

Project Management

We are aware from personal experience, that having inflexible management structure is not a good thing.

I have been examing many ideas recently - and have discussed the pros and cons with several people - and I feel the simplest methods the best:

1) Each team has 1 "top man" (manager, team leader, whatever you wish to call the title) - who is chosen from within the team by voting.

This "top man" will serve for a period of 3 months.

At the end of this time, another "top man" is chosen - or if the team wishes, the same person can stand again.

2) Each of the "top men" will form a team - which will act as the co-ordinators for us all.

Again - their position will only last for 3 months - or less if situations require it.

3) We don't have an overall "leader" - we have elected people from the ranks - who have to contribute their best.



Using the trackers to document changes in the SVN

Hi guys,

In order to better document and follow up the changes we do in our SVN, what do you think about the following.

Before coding something new of fixing a bug, we add an item either in the bug tracker, or the feature tracker, or for larger things, in the task tracker.

Then we code it, commit it, and make sure to link our SVN commit message with the ID of the item we created.

That way, changes will truly be documented and opened for commenting by other developer which is a very good thing.

For example, yesterday, I added the multilanguage feature. I did not add an item in the tracker. So today I found out 2 things.

1- Rodriguo already did something similar in Xoopers.
2- I forgot to change the install process to add the new config options in the databse, same thing for the upgrade script.

If I had added a task or feature requesy at SF for this, may Rodriguo could have told me he already did it, and david and nekro could have documented that it was not working.

I'm going to add a task for the ML now

Thoughts ?



Re: Trunk no more working

Are you using SVN from the command line? When it merges changes to a file, I thought it's supposed to warn you, and give you a chance to see the specific changes.



Re: Fix required in css100_morpho theme

Ok the theme as been fixed. Thanks James.

Marc-André Lanciault
Founder and CEO INBOX International inc.
Co-Founder ImpressCMS


Re: Fix required in css100_morpho theme

There is a line in theme.html that refers to backend.php - this has been removed from the trunk because it requires Herve's news module to work.



Re: Trunk no more working

And I understand now. Vaughan added the "exit;" in the original mainfile.php :

// XOOPS is not installed yet. if(! defined('XOOPS_INSTALL')){ header('Location: install/index.php'); exit(); }


For some reason, when I SVN update, the "exit;" was added in my mainfile :

if (!isset($xoopsOption['nocommon']) && XOOPS_ROOT_PATH != '') { include XOOPS_ROOT_PATH."/include/common.php"; } exit(); } ?>

so stopping the process...

Godamn mainfile !

LOL

Marc-André Lanciault
Founder and CEO INBOX International inc.
Co-Founder ImpressCMS


Re: Trunk no more working

Ok found it.

mainfile.php, line 104, there is this :

exit;


Was there a reason ?

Let me know !

Marc-André Lanciault
Founder and CEO INBOX International inc.
Co-Founder ImpressCMS


Trunk no more working

Hi guys, I just updated sandbox of the trunk and nothing is working no more. Just blank page, no debug. I will look into it but if anyone has an idea, please join me in the ImpressCMS IRC Channel, which, by the way, I implore all dev to try and use as much as possible. Will make it easier to help each other.

Thanks !



Re: "New" Feature: GiJoes Easy Multi-language

Yes, the upgrade script need to be done and the MySQL edited. I'm on it

Marc-André Lanciault
Founder and CEO INBOX International inc.
Co-Founder ImpressCMS


Re: "New" Feature: GiJoes Easy Multi-language

Marcan - I can't seem to get this to work?



Re: GoPHP5

I also prefer to use only PHP5 as Marc stated, but i would suggeste leave the first release support PHP4 and for the next major releases focus on PHP5 i have on my servers since months only PHP5 ;)

Predator

- Time is a created thing. To say, "I don't have time" is like saying "I don't want to."
- Lao-Tzu......


Re: Welcome Predator !

Thanks Herko, i had no probs with you in the past ;)

Predator

- Time is a created thing. To say, "I don't have time" is like saying "I don't want to."
- Lao-Tzu......


Re: ImpressCMS Theme

Here's the basic wireframe. I've tested this on IE 6/IE 7/FF 2/Safari 3/Opera 9 all on Windows XP SP2.

If others, on other operating systems could give it a spin and make sure it displays correctly, that would be appreciated.

I figure, the base code we're working on for the iCMS homepage could be the basis for the first new default theme, so I'm throwing in all the block positions initially.

Ana, could you contact me via MSN? I need to talk with you about the graphics. Thanks!

JMorris (aka James Morris)
ImpressCMS Professional Services: INBOX International inc.
James Morris Online | Frolicking on the playground that is the Internet...


Re: Auditing Code (security wise)

Yes, yes, yes!

There are many tools that may assist us in this effort
* http://phpsec.org/projects/phpsecinfo/index.html
* http://www.nessus.org/nessus/
* http://www.security-database.com/toolswatch/PHP-Security-Scanner-1-2-added-to.html

I am not skilled enough in PHP or JS to spot vulnerabilities, so I can only start with tools like these.



Re: Auditing Code (security wise)

just done a quick audit myself.

well i say quick, but it actually took me well over 2 hrs to complete, and that was only a very basic audit looking for 1 particular issue.

issue i have dealt with today is to make sure that header redirects 'header() & redirect_header' are all exited properly with exit();

not an issue for browsers etc, but if the pages were to be viewed via say telnet then it could become an issue as telnet does not understand header functions, so essentially the header redirect is ignored and the rest of the page will be continued on. exiting the script with exit(); after each redirect will prevent that from happening. it protects from those systems like telnet that don't understand the header redirect function.

nothing tedious, just a simple check.

i'll continue with this as i go along, obviously the more complex coding and vulnerabilities will be beyond my knowledge, but for those that i know about, i'll fix as i go.

Live as if you were to die tomorrow, Learn as if you were to live forever

The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together!