[Typo3-dev] Welcome back in the "goto-age"?

Michael Scharkow mscharkow at gmx.net
Tue Mar 22 15:44:52 CET 2005 

Kraft Bernhard wrote:

> I don't like to say it but somehow I "fear" contributing to the core.
[...]
> I wouldn't like to see that this goes into the core and afterwards I'm 
> the bad guy because
> of openeing a big security hole.
> Of course this risk gets reduced by having several people review the 
> code but it is still there.

The security risk is always there, but the risk of being the bad guy is 
drastically reduced by reviewing stuff that goes into the core. The 
responsibility is shared, that's why most projects require at least one 
or two reviewers to put upstream. More eyes see more, and more shoulders 
carry more weight, so to say...

> If I make an extension it is a "use on your own risk" thingy.
> 
> I personally really like the concept of hooks as they offer the 
> flexibility to do many things while still
> keeping the core clean. I nicely worked together with Ingmar Schlecht 
> for introducing some hooks in the newloginbox
> which allows the MD5 FE Password extension to use newloginbox without 
> completly overwritting the classes ... This
> will save a lot of work cause I won't need to update the extension on 
> every new version of newloginbox ...

But even with hooks stuff might become unmanageable if there are two 
dozen extensions that extend this and that. Good, clean, generally 
useful stuff should get into the core. Kasper made a great decision when 
making practically everything extensible again, but this was when TYPO3 
as a framework and community was a lot smaller. Consolidation is may be 
a buzzword, but that's basically the point.

I do tend to find the extension inflation unbearable. Do you remember 
tt_news before Rupi took over and integrated stuff, we had news+, 
news++, morenews, betternews, mininews. We even wrote news+- in order to 
have some functionality but not other...

> Pherhaps the problem with many extension authors is that they don't 
> react upon mails sent to them regarding some
> of their extensions... Pherhaps they even aren't in the Typo3 world 
> anymore ... Such extensions should get marked
> "Unsupported"

Yes, this requires manual work, in order to
a) ask the authors to withdraw their obsolete extensions
b) merge with others for one complete solution
c) review extensions and
d) merge some back into -core

> I really like the feature richness of Typo3 and that it is configurable 
> in every corner ...

Where's the flexibility lost when we might gain more reliability and 
security?

Greetings,
Michael

More information about the TYPO3-dev mailing list