NYCPHP Meetup

NYPHP.org

[nycphp-talk] Code cleanliness vs. code popularity

Dan Cech dcech at phpwerx.net
Sat Sep 17 23:45:02 EDT 2005 

Greg Rundlett wrote:
> In my experience, fudforum <http://fudforum.org> is a better forum software 
> than phpBB, and the main author is a PEAR member who has many code 
> contributions to open source beyond fudforum. And, he (Ilya Alshanetsky) is 
> also security conscious so that is a primary requirement of fudforum.

It certainly looks like an interesting alternative to the usual phpBB or 
vBulletin.  I've also heard good things about SimpleMachines Forum.

> I haven't used it in a while, so I just downloaded it again and checked the 
> source to see if it's Object Oriented. I can't be sure because the download 
> only includes an installer, which apparently bootstraps the download of the 
> software. That seems fine, however one major concern that I have is that 
> there is binary content in the installer. I posed a question on the site to 
> find out what it is, and how they could license it under the GPL if the 
> installer itself is part binary.

I was intrigued by your comment so I took a look.  It appears that they 
have essentially created a self-extracting archive with php.  The first 
part of the file contains php code which extracts the gzipped contents 
of the second portion of the file.

The reason for the binary data is twofold.  Firstly the gzipped data is 
binary and secondly they added some extra binary data (apparently an 
extract from linux kernel 2.4.18 to 'trick' windows into thinking it's a 
binary file and avoid line ending conversion.

To my mind it would have been much easier and more transparent to 
separate the gzipped source into its own file rather than lumping it in 
together, but as far as I know once decompressed you have full source so 
it should be fine GPL-wise.

A second approach would have been to base64 encode the gzipped data, 
which would have made it resilient against mangling by ftp clients etc.

> Until that is clarified, I guess I would suggest NOT using it.

I guess that should take care of the issues, I for one would love to 
hear any reports if people do use it for anything.

Dan

More information about the talk mailing list