opensourcing a website code [closed]

Closed. This question needs to be more focused. It is not currently accepting answers. 开发者_如何学编程

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 8 years ago.

Improve this question

I'm writing a little website (webapp) in php+codeigniter, I'd really like to make it open source (to attract collaborators and to have a free VCS hosting).

• Is that a good practice?
• This mine security?
• Which are the best tools to change important data before uploading? (like config files with db names and passwords used for testing etc..)

---

Is that a good practice? Will this mine security?

Yes, it can be a good practice. If your project is interesting and you think that is has potential for attracting contributors, and you are comfortable with your source code not being "your ownership", then this is a good move.

It has benefits, but of course it has its drawbacks. You'll get new ideas, you can learn much, you will have someone to talk to about the project and ideas, and with a bit of luck you can create a great team. You won't be alone doing the work. Your project may grow, and become important.

Any drawbacks? Well, the fact, as I mentioned, that your code is not your own property anymore. Then the fact that you will be forced to confrontation, and sometimes to arguments among the contributors: you will start a community, with all the related challenges. I think it is worth it, anyway. Then, for example, security. In the medium term, if you have contributors, your security will increase for sure, because more people will be looking at the code and can spot problems, and fix them. In the short term however, someone malicious may look into it and find a weak spot and use it. So you should have your code reviewed by some contributors first, with a private disclosure, before going fully open source.

Which are the best tools to change important data before uploading?

You should put all the important data into a single configuration file, which is client-dependent, and distribute a template for it. If this file is called "config.php", then EXCLUDE this file from the distribution, and distribute a "config-dist.php" file, with example values: at first installation, the user will fill the data, and they will stay there even if you update.