Comments (10)
Just wondering if anyone had given this any thought yet ?
from phpcs-security-audit.
Yes a PR on this would be more than welcomed!
As for the impact of what it might break, I think it would be wise to merge it as part of the eventual version 3.0 that supports better documentation.
Note that the actual release with 3.0 will also have to coincide with moving this into an OWASP project. I'll work on that soon and I welcome everyone that wants to be part of the project to contact me (twitter dm: jonathanmarcil is the quickest way).
from phpcs-security-audit.
BTW I noticed you specified that this change wouldn't break anything, and I believe that, but if we're currently into a broken state I'm afraid that some people implemented workarounds that might actually break once we do it right (especially the symlink part).
3.0 should be a reality soon anyways so I'm very willing to move forward regardless.
from phpcs-security-audit.
@jmarcil I agree it would be best to do in a 3.0
release as, generally speaking, people will pay more attention to the changelog for a major release.
We did something sort of related in the PHPCompatibility standard a while back (for improved compatibility with Composer) and included upgrade instructions mentioning to remove any "hacks" in the changelog and the fall-out of that has been minimal.
See: https://github.com/PHPCompatibility/PHPCompatibility/releases/tag/8.0.0
from phpcs-security-audit.
Either way, have a look at PR #50 ;-)
from phpcs-security-audit.
Note that the actual release with 3.0 will also have to coincide with moving this into an OWASP project.
Just out of curiosity: what will be the practical implications of this project moving to OWASP ? And what would be involved in that from a contributor perspective ?
from phpcs-security-audit.
FloeDesignTechnologies organization is not active anymore, so we simply need a new home for the repo. OWASP can also help with project visibility, long term ownership transfers and funding. I can also see doing that move reviving some sort of documentation initiative for PHP within OWASP.
Everybody that submits GitHub PRs will still be contributors as usual and moving to OWASP won't change that.
However if people wants to join the OWASP project as a "leader" this gives control over some of the OWASP perks mentioned above and it gives admin access on the repo.
That all said, the final decision of proceeding forward with the move to OWASP haven't been made yet.
Sorry if all that bureaucracy slows down contributions. #50 looks neat.
from phpcs-security-audit.
@jmarcil Thanks for your response. So will the repo on GH be removed ? Or moved to another GH organisation ? What does "moving the project" entail in that respect ?
I'm also wondering why the (wait for a) decision, as you say, slows down contributions ? Is there any reason not to merge something while the future is unclear ?
Either way, I'm interested to see this project becoming more active and more comprehensive as I do believe it can be a valuable addition to the PHPCS ruleset for projects.
I also believe there is room for improvement to a number of the sniffs, as well as the CI/unit test process.
If nothing comes of the move to OWASP, you'd be welcome to move it to the PHPCSStandards organisation if needs be. Not a real organisation, just a way to group certain PHPCS related projects I'm working on and to make them more easily findable.
Documentation is lacking a bit at the moment for the repos, but I'm working on that.
from phpcs-security-audit.
There is no plans of removing the GH repo, preventing any interruption is why I want to move it somewhere else in the first place.
The reason not to merge while I'm figuring this out is my own limitations as human being and time management. I can only work on a single thread at a time for this project, sorry 😐.
Thank you for the offer to transfer on your organisation, I'll certainly consider it as a viable option. Any ways this goes, I would gladly welcome you as a contributor as you seem one of the most motivated person around this project nowadays.
I've created #54 if you want to discuss more as I think we're getting pretty much off topic of PHPCS compliance 😉
from phpcs-security-audit.
The reason not to merge while I'm figuring this out is my own limitations as human being and time management. I can only work on a single thread at a time for this project, sorry
Respect.
As there's no automated CI in place, merging now or later won't make much difference anyway, other than in availability of fixes to end-users.
I know from previous experience that if there is CI in place and branches are protected, merging now would generally be better as otherwise the build results often don't get reported properly in the moved repo which would mean that all PRs need to be rebased and rebuild before they can be merged. Either way, not relevant for this repo until CI gets introduced.
I would gladly welcome you as a contributor
Well, I've kept an eye this repo for quite a while now and mentioned it in a number of talks about PHPCS at conferences, but the issue as described above is a blocker for adoption by most standards/projects.
I'd happily contribute more in the future once PR #50 is merged, got plenty of ideas, but that's for discussion after #50.
from phpcs-security-audit.
Related Issues (20)
- Strings as assert expressions are deprecated. HOT 4
- Figure out repo organization and ownership for the future
- Add CI/build testing HOT 6
- Add sniff specific unit tests HOT 6
- PR #50 breaks drupal7 usage HOT 1
- phpcs built from Dockerfile gives an error HOT 9
- $utils::is_token_false_positive is fiddly and unstable HOT 1
- Solving EasyRFI via new EasyRFINotice severity HOT 7
- Create new release to fix deprecation warnings HOT 8
- Unable to view Security coding standard after Composer install HOT 3
- ERROR: Referenced sniff "Security.BadFunctions.Asserts" does not exist HOT 2
- Windows user, Unable to find phpcs command or bin file HOT 1
- Update security rulesets
- Potential vulnerabilities are being hidden with concatenation
- Installation instructions not working HOT 1
- Add support for native function imports
- Callback functions warnings
- file_put_contents warning about dynamic parameter
- Question for ErrMiscIncludeMismatchNoExt
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phpcs-security-audit.