http://www.perlmonks.org?node_id=785560


in reply to Status of Recent User Information Leak

I'm sure there is an answer this somewhere, but after reasonably extensive search i could not find it. As such I'd like to ask here and in relevance to the current events: Is the source code of perlmonks openly and without restrictions available for scrutiny in any place?

If so, where? If not, why?

Thanks in advance to whoever takes the time to type out an answer to this. :)
  • Comment on Re: Status of Recent User Information Leak

Replies are listed 'Best First'.
Re^2: Status of Recent User Information Leak
by ELISHEVA (Prior) on Aug 04, 2009 at 11:32 UTC
    If so, where? If not, why?

    At present not even members of pmdev can get a download of the site and source code to install on their own machines to create a test environment.

    It does indeed seem odd that a site that is part of the open-source community does not itself provide open access to its own site's source code. Much of the problem lies in the way the site is structured. The code used by the site is split between a database and source code files. Bundling up the source code files into a tarball probably wouldn't be so difficult. Extracting the relevant information from the database is another story.

    The code stored in the database is spread across a plethora of database tables. We can't just dump the tables because some of these tables contain many different types of records: some store site content, some store code to layout and "skin" the site, and some contain integrity constraints and processing code for the various pages you see day to day at Perl Monks. For example, almost everything stored in the database has an entry in the "node" table.

    To tease apart the material relating to site structure, process, and look and feel from the actual site content may require a certain amount of hand tagging. Finally a script would have to be written to gather together all the relevant records from each database table. Writing a script wouldn't be such a big deal if it weren't for the fact that the site documentation is spread out all over the place. Simply knowing what is used where is a challenge. It would be all to easy to leave a crucial bit out without good documentation. We are working on trying to improve the documentation situation, but it will take time.

    Even after that script was written we would have another problem to deal with before we could publish the site's nodes: the database portion would (should?) be reviewed for any material that might be a security issue. These nodes would need to be refactored into separate components, one that could be published and one that should not be. There are somewhere between 600 and 1000 units to review.

    I am not saying any of this as an excuse, merely as an explanation. I think the process of creating such an export would be very good practice for us. It would encourage good documentation and confirm the truth of what we had documented so far. It would give us a focused reason to keep publishable and site specific security code separate. That separation would make the site more secure. It would also make it easier to integrate new pmdevs. It would enable much faster implementation of bug fixes and site enhancement suggestions since PM devs could experiment and test their work more freely.

    Best, beth

[reply]
      This is an excellent write-up explaining the situation and i think it should in fact replace the "Can I get the PerlMonks source code?" node in its entirety, not only because its content is much more clear, but also because it approaches the question with a lot more respect.

      Something I'm curious about though is: How is the social situation regarding this? Putting the technical reasons aside, is there resistance from the gods or pmdevs towards moving the code into a direction that would make opening it more easy? Or would they welcome such efforts?

      I'm sure there is a number of people (including me) that would happily contribute to such a movement. However with the current communication regarding the issue it seems to me as if such efforts would not be welcomed and only be a waste of time. (Leaving aside the whole issue of being unable to look at the source and ascertain whether my skill level is up to it before committing to a join request and wasting someone else's as well as my time in going through the motions there.)
[reply]
Re^2: Status of Recent User Information Leak
by jdporter (Paladin) on Aug 04, 2009 at 02:14 UTC
    ...after reasonably extensive search ...

    Something is wrong with your searching abilities if you didn't find this in the PerlMonks FAQ: Can I get the PerlMonks source code?

    Between the mind which plans and the hands which build, there must be a mediator... and this mediator must be the heart.
[reply]
      I looked through that page and expected it to be under "About PerlMonks", which seemed to cover such general topics. When i looked at "Advanced PerlMonks Topics" i pretty much only read the first five titles and then assumed that the rest of it also was "How to do stuff on PM". Not actually anything about PM.

      Since you took no care to be diplomatic or polite, I'll be blunt as well and say straight out that the FAQ is, at least in that respect, badly structured.
[reply]
        ...the FAQ is, at least in that respect, badly structured.

        No argument there! If you have suggestions for how the structure could be improved, they will be gratefully received. Thanks!

        Between the mind which plans and the hands which build, there must be a mediator... and this mediator must be the heart.
[reply]
[reply]
      ... if you didn't find this in the PerlMonks FAQ: ...

      I think this might be in the same category as forgetting to look in the closet for the coat you wore last night. :-)

      Best, beth

[reply]

In Section Perl Monks Discussion