Its not easy to focus on the business challenges and the software development at the same time especially in such a community where there are lots of people whose lively hood is from STEEM. So personally I would say, understanding is a good starting point and this can be the beginning of a new era. By adapting a model similar to Wikipedia and true to FOSS principles, IMHO this project can set standards in the blockchain software development.
including real adherence to Agile development
Agile, yes -- but need "Test Driven Agile Development". This is the ONLY shortfall and everything else will fall in place auto-magically.
Few points:
- Lets make sure that every commit is tested on the TESTNET (blackbox)
- if possible write white box testing can be introduced
- start using CI - CD
Your biggest strength is an incredible community & wishing STEEM all the best!
@bobison, If you want to set standards, then start by following the lead of existing mature FOSS projects. For example Drupal (the biggest dev-focused FOSS project worldwide). It is 17 years old, Drupal adopted TDD 10 years ago and had its own moments of radical changes, but Drupal has tradition of communicating change pretty well! (starting from its founder & project lead)! In short, there is no need to reinvent the wheel @ned, if you really want to keep steem for the long run, make it formal, and if you know that you can't hold the technical weight of the project, then hire a competent CTO ;)
Agree @develcuy
Drupal is not alone. gcc, Bash, emacs etc are even older than drupal and are still holding up. I would prefer to go Python's route though (as opposed to even Linux's). Why I said Python instead of Drupal is because of the recent CVEs against Drupal which was lurking there for so many years. But in general, we are saying the same thing :-)
If you are stating that a programming language makes a final product more secure, then I think that we aren't on the same page, nor on the same book either. Review your statements and try again
no - I didn't say anything about programming languages. I was talking about how
Also I feel communities are the biggest strength of STEEM blockchain. No other blockchain has a community interacting with each other on the blockchain.
@bobinson, what does the Drupal association has to to with Drupal CVEs?
@develcuy - If my memory is correct, the CVEs were lurking for many years. That means, the existing structure had short comings and unless they have revised and improved the process, there definitely is a short coming in the organization and it needs to evolve. Now the same has happened with OpenSSL too but then the community was out numbered and not as active as Drupal or any of the other vibrant communities.
I can take the example of a Free Software project I am involved with for last 17 years - we went dormant and now we are very active for last 11 years. We have hosted GSoc, contributed to Unicode etc. We could never fix certain short comings in the Unicode definition even though it was against the basic rules of "Indic Languages". Personally I feel this is a short coming and we need to become more influential (like Google and Microsoft's influence in Unicode committees) and as we speak we are trying get government involved to correct the errors. We are doing PR, we have some of the most downloaded Android Apps etc - this will increase the visibility will eventually help to correct mistakes. So communities must evolve and get better.
btw, followup on the original action items is here : https://hackmd.io/s/ByT1BuG5m
There are few people helping out and suggestions/critics/assistance in the true community fashion is much needed.
Security bugs have nothing to do with the Drupal Association (DA), there is an specialized team on charge of security AND the head of all Drupal development is Dries, he has a long and very well structured list of core committers, with clear duties, reporting straight to him, although everyone belongs to different companies or are self-employed. That is normal practice in community backed Open Source projects btw. Contrary to that, in STEEM we have a team of guys from the company, on charge of releasing the code, along a band of 20 guys with no clear structure and duties. What do one is supposed to expect from that? Or better said:
Valuable input. Thank you.
@ned : followup work & status https://hackmd.io/s/ByT1BuG5m