The drop is always movingYou know that saying about standing on the shoulders of giants? Drupal is standing on a huge pile of midgetsAll content management systems suck, Drupal just happens to suck less.Popular open source software is more secure than unpopular open source software, because insecure software becomes unpopular fast. [That doesn't happen for proprietary software.]Drupal makes sandwiches happen.There is a module for that

Why is your avatar a crying Druplicon?

Submitted by nk on Sun, 2014-08-03 07:59

While I had many disagreements over the direction of Drupal 8, is pretty much an end-of-the-world issue. We had security holes before, but this is not only a complete failure on technical grounds but also of process: a secure-by-default system was switched to an insecure-by-default and this was known and documented. Somehow people have architected this, coded this, reviewed this, committed this and documented this across a multitude of issues and all along noone said "wait a minute". Even after I discovered it, there was no aghast naval gazing on how it could happen. Everyone simply continued as if nothing happened. Not even an attempt was made to avoid such catastrophes in the future.

The above was the reason I switched my avatar but it continued. When I have -- 1.5 years after it was filed, mind you -- made the Twig autoescape issue finally happen, it was met with such indifference that when the expected double escape bugs surfaced I got yelled at because "really makes the whole thing look broken and unprofessional and unusable". And again, people have coded and reviewed and set to ready some patches trying to fix these double escape bugs in a way that is advised against in doxygen, change notices and quite a few issues.

Commenting on this Story is closed.