Quality! (Re: [development] LinksDB vs. Links)

Bèr Kessels ber at webschuur.com
Wed Aug 2 11:17:16 UTC 2006 

Op dinsdag 1 augustus 2006 19:20, schreef Morbus Iff:
> So, as I was about to report a SQL injection vulnerability in LinksDB, I
> realized I was looking at only the code in HEAD, and not in the Drupal
> 4.7 branch. That code is marginally better, so I'll retract some, but
> not all, of my earlier comments and scorn.

Though his wording is rather harsh, there is a valid point. But we must 
realize that such a rant is possible for, I think, up to 1/6th of the modules 
in contribs. There are a serious lot of modules that range from plain 
insecure to ReallyDon'tUseOnYourSite. Luckily hardly any of these are 
actually released. Or are released with big fat "alpha code" Don't use it.

On top of that, the snippets repository has some rather ugly or nasty (though 
I found no ones with security issues!) "cut n paste" examples too.

If we - As Drupal- want to maintain high standards, I suggest we expand 
our "quality" beyond just core. For 90% of the users snippets == Drupal. for 
96% contribs === Drupal. Having core "perfect" but the rest low standard 
would be an option if that core could "Do Anything". But for that to happen, 
you need the contribs around. 

I had a long discussion lately with a senior software developer whom came to 
me with the question "why do people actually like Drupal? Its 
code/products/online help ranges from utter cr## to very nice, with a VERY 
heavy weight on the cr## part." After wich I had to explain that Drupal == 
core. And that all the rest is not "really" Drupal. The fact that people 
cannot see trough that, cannot see that Drupal is actually only limited to 
the core is non-communicatable. 
After that discussion, I wrote the planet blog post about this too, in which I 
explain how we could solve this. »» http://webschuur.com/node/640

To illustrate my point:
If you talk about Linux to a friend, do you tell her that linux can't do 
anything at all? That you might be able to get a textfile together using some 
of the gnutools like awk and set, but that that is about it? 
Off course not! If you talk about linux you point out how pretty KDE can look, 
or how usable/easy Gnome is. How feature rich the office suits are! You tell 
that linux has thousands of high quality apps available. Etc etc. 

We do the same with Drupal. We talk about Drupal as if you can create a wiki 
with it. As if it can compete with weblog tools as Wordpress. As if it has 
captcha, buddylists, send-a-friend, advanced content permissions, image 
features, etc. Which is only true, if you talk about Drupal as Drupal + 
contribs.

Bèr -who is aware that his contribs also range fom cr## to, eeuuh - Kessels

More information about the development mailing list