Artificial truth

The more you see, the less you believe.

[archives] [latest] | [homepage] | [atom/rss/twitter]

The medium-term future of Snuffleupagus
Wed 01 September 2021 — download

I've been maintaining Snuffleupagus on my own for around 3 years now, and as can be seen in the changelog, I didn't add any new features, but maintained it in good shape, adding support for PHP7.4, then PHP8, made sure it ran on Alpine, Fedora, Debian, Ubuntu, …, enhanced compatibility with PCRE2, as well as various minor quality of life improvements and bugfixes.

I still have ideas for new mitigations, hardening, and how to make attackers' life more miserable, but I don't have the time nor motivation to implement them, for now.

Fortunately, BeF from SektionEins got a grant from the NLnet foundation to work exactly on this: new features and improvements!

He recently fixed a couple of bugs, implemented a cool new feature and does a lot of interesting experiments on his fork. Unfortunately, he doesn't necessarily have the time to send nicely formatted, tested, documented, split, pull-requests for every single feature/bugfix/… since he's iterating a lot, and has, like I, a busy life.

So the plan for me is, when I find the time for it, to do the grunt work of massaging/integrating BeF's cool new code into my upstream repository via nice self-contained commits. This is a great arrangement, since it means that Snuffleupagus is still maintained (by me) while staying relevant with more features (by BeF).

Of course, as usual, help is more than welcome!