Marshalrusty wrote:Call me naive, but from the title of the topic, I had expected a bit more... substance. Perhaps some well-researched list of pros and cons or a case study of another pair of relateable projects that merged, with an overall positive outcome. What I instead see is an opinion based on assumptions and supported with generalizations.
A well-researched list or a case study in an Internet "discussion" forum? Surely you jest.
The original post was just one person's opinion. As he said, he didn't realistically expect that it would be acted upon.
For example, here are both:
Son of a Beach wrote:The features that myBB lacks that phpBB has are few, and are not essential to me
i don't think that we have ever compared phpBB to other forum software purely by number of features.
I know, but maybe that's his point -- other people do. In fact, the Devil's Advocate might argue that you don't compare features because
Personally, I would have attacked the statement by saying that other people might find those "few" features essential. Different people have different needs. I would have also called him out for not giving a list of "essential" features that myBB had that phpBB was lacking (beyond the plug-in system and a better warning/banning system -- the latter of which isn't "essential" to me as I'm the only moderator/admin of my board).
Son of a Beach wrote:phpBB 3.x has a very good security record so far. But no system is perfect. I don't consider any system to be flawless. But again, if the merged with another project, they could get a similar security audit done there, and apply the lessons learnt, and the new system should end up just as secure.
We've never claimed that phpBB is "perfect" or "flawless", but unless you have a vulnerability to report, please don't make it sound like one is coming any day now.
I think that you're nitpicking here. He didn't say that phpBB was perfect or flawless, nor did that quote imply that a security problem was just around the corner. It was a correct statement that almost any complex system can
have flaws. And, of course, those flaws could be discovered at any time -- that's what "zero-day" problems are all about.
Again, I would have attacked that part by asking why they haven't had a security audit done already (if they in fact haven't) or (if they have) why their developers haven't taken those lessons heart.
Marshalrusty wrote:Security audits only provide suggestions to make the software more secure than it was before the security audit, nothing more.
Sure because even finding an exploit would still be a "suggestion" -- they can't force the development team to fix it.
The development team would still have to implement the suggestion. That doesn't mean that an audit is worthless, though.
Marshalrusty wrote:vBulletin had tremendously more resources than phpBB and nevertheless has nowhere near the same security record, solidifying the point. It takes much more than a security audit to end up with a record like the one phpBB3 has.
Do you know if vBulletin has had a security audit? I agree that an audit is worthless if you don't act upon it, and that security has to be thought about during development, but if vBulletin never had one, that could be part of the problem.
In fact, as you're the head honcho basically, how about answering what I consider the most important question that he asked:
So what are the goals of phpBB? If it is to provide the best free open source forums software, then perhaps the most efficient way to do this is actually to combine resources and knowledge with another project which is developing at a more acceptable rate, and which already has a good plugins system in place.
the goals of phpBB (both short-term and long-term), not from a feature/development point of view, but at a higher level. And, given that, why wouldn't merging with myBB (or some other project) be for the best?
You can attack individual pieces of his argument all that you want, but if you can't answer those, you haven't really refuted the basic thesis.
And, just for the record, I have no major complaints with phpBB as it exists today and plan to keep using it. I do wish that it had some additional features, though.
As I argued in the locked topic, more frequent feature releases are what keep the project looking alive and vibrant.