[Bf-python] BPyC repository revisited

[Willian Padovani Germano]

Hi again Levi,

levischooley wrote:
> Are you saying that you will eventually use the CVS for *every*
> python script (even "subquality" ones?)?

Probably not. It should be enough to include only working ones that 
don't duplicate functionality and follow the basic guidelines. But 
that's something for all involved people to decide.

BTW: all I write here are just my opinions...

> In other words, CVS for "everyone" isn't the final answer I'm
 > looking for.

No, it wouldn't work well to give cvs access to all authors and force 
them to deal with cvs, as you mention yourself. We only need enough 
people willing to maintain the repository.

>> Your project may be a good frontend for it (and so not
>> need trackers itself), with links to our planned
>> wiki documentation, too.
> 
> Ah! That was one option I had not contemplated: using a versioning
> system such as CVS as a backend and merely managing it with an
> external "wrapper." I'll need to think that over and do some
> research into CVS.

It's a good idea to have a frontend, but as far as integration, I guess 
we only need to link to the files in cvs for downloading, a complete 
integration with write access to the cvs repo doesn't seem needed or 
advisable for our project.

(BTW, is that the best, or should I be looking
> at subversion, too;

 From what we know the idea is to switch to subversion, like many other 
projects are doing / have done. No dates announced, though, the issue 
was with GForge support, from what I recall.

> 1. How easy is it to interact with CVS via a PHP-driven website?

As I said, for the current plans we don't need to go that far, but if 
you're interested, there are projects to *view* cvs online, like cvsweb, 
sandweb and versionary (Perl, cgi) and viewvc (Python).

Anyway, looks like your objectives are a little different from ours 
right now, which doesn't mean we won't benefit from or help each other, 
of course. Let's see how things develop :).

A note about security:

 From my experience you will get a lot of loud complaints from users and 
security boards or whatever if the system isn't reasonably safe and will 
also severely limit your user base. Any chance of a user downloading a 
script that can damage (intentionally or not) or put privacy at risk 
will be considered a critical matter.

Personally I wouldn't risk running scripts from untrusted sources, you 
can do almost anything to someone's system using basic Python. For the 
same reason I only execute scripts in source form. Even bugs have 
potential for serious damage and that may only happen in certain 
configurations (os's, paths, etc), you know.

-- 
Willian