End of last year I analyzed composer for a few attack vectors, which make use of Packagist to target Projects with own Repositories.
Surprisingly I found one Vector, which still produces a danger, even if you disable
the default packagist repository for your project.
A lot of people know the annoyed feeling,
when they need to push the third security fix to the same stuff in just a few months.
Thats also around the same time, when news portals start with topics about how many security holes this software
has, which results in people thinking it is insecure as a whole.
This comes from a increased awareness and has also some positive effects on the project.
With every found vulnerability the interest of some people gets stronger,
leading them to look more or in different ways over the code of the project.
Since the MeetMagento in New York everyone again discuss about the Community, the role of the company behind Magento,
how they should do more for the Community and so on.
A lot of words, partly initiated from persons who want to defend their leading positions in the area of paid Modules,
Hosting or similar Magento related business.
Then spread by a lot of frustrated community members who have barely knowledge
what it means to lead an (open) Software Project/Product.
And when we talk about community, most people only include the english speaking and experienced magento developers.
Today @elena_a_leonova asked about the magento mobile app feature
and why merchants use them or dont use them.
a bit later she tweeted about an article
which thematised HTML5 vs native mobile apps.
And, one the one side, it does not really target the usecase online shop,
on the other side its not this objective it could be.
So I now write some thoughts about this article and the whole mobile App thing.
Some of you may know the Blender Open Projects,
or at least some of their results like Big Buck Bunney.
Goals of this projects were to create examples/demos of whats possible with Blender, and on the other side
help to improve the working with Blender.
I want this for Magento, too.
I want build a demo Store which implements a real world scenario,..
completely as open source, so everyone can use it as example.
Magento still has a bad reputation if it comes to strong customizations,
mostly because inexperienced developers fail to implement the requirements in a correct way.
This project will show, how to effectively and in the right way integrate special requirements into a magento store.