If you're keeping track of symfony for the past years you know that symfony has an excellent track record as it comes to security. Where security is important for Open Source applications, it is possibly even more so important for a framework, because when an issue is found in a framework there may not just be a single point that can be abused, but the hole might be present throughout the application built on top of this framework.
An excellent advantage of Open Source is the fact that many people read the project code. Many people reading the code makes the chance much bigger that bugs and security vulnerabilities are caught. And symfony as a project is no exception to that, we have many people to thank for creating tickets and even contributing code patches.
However, there is always a chance that something slips. And of course that isn't good. Since security is one of our main concerns, we have decided to have a security audit done on both the Symfony2 and the Twig code. Both codebases are such an important part in the future of symfony, that we don't want to take a risk. And when you're talking about security and PHP code, there is one logical party to approach to do such an audit: Sektion Eins. Sektion Eins are one of the major experts when it comes to PHP and security.
Obviously, such an audit has a price. The price in this case is 6000 euro. For this specific cause, we decided to turn to the community and ask for your donation towards a secure future of Symfony2 and Twig. Every contribution is important for a project such as ours, whether it is code, reporting bugs, documentation, anything is possible. Yet another way is to contribute by donating some money towards this security audit. And this is what we're currently asking from you. And don't be afraid that your donation isn't enough for this, every single Euro, Dollar, Pound, Yen, or whatever currency you pay with is more than welcome! So please, donate now. If we raise over 6000 euro from the donations, don't be afraid. We will use the additional money to order more audits for libraries that Symfony2 uses. Doctrine for instance would be a good candidate for such an audit.
And to make it even more interesting, you can also show off your donation! If you are interested in being listed together with all the other people who donated, please forward your Paypal payment confirmation, accompanied with a name and URL, to Stefan (dot) Koopmanschap [at] symfony-project (dot) org, and when the donation drive ends, I will publish a blogpost listing those that have donated. Note: Only your name and URL will be published, not the donated amount or any additional information.
Thank you for your donation and support of the project!
Security's good, mkay?
Donated. :)
I'd probably donate, but not via PayPal, sorry. If there's any other way, let me know.
Let all of us donate for this important issue
Is there another way to donate? Pay pal f****d up my account and I don't want to work with them any more. Could I send some money by post mail? May be at Sensio offices?
there is a minimum ?
Done :)
let the Symfony2 become the fastest and most secure framework. donated.
Donated!
I agree about PayPal, can we just send a check?
Just donated for this very great framework! :)
This is perhaps the best reason for donating that I've ever seen...
I would happily contribute to a security audit of symfony2.
Stan: There is no minimum amount, any amount is welcome! :)
Done :-) I am so far a plain sf 1.4 developer and didn't look at Symfony2 so far. But looking forward to it...
Donated. This is my first non-charity donation. How long is the donation drive? I would like to see more statistical data, e.g. raised funds/count of people, raised funds by day, ..etc.
As of now (2011-01-14 08:00), we have raised 1.600 EUR from 55 people.
phpBB has just donated 5.000 EUR! Let's see if we can raise enough money to also order a security audit for Doctrine2.
hmpf.. paypal...
they did not accepted my phone number.. what a shame
I meant to see the data after the donation drive end. Wow!,you raised the funds in 17 hours after the blog post.
Done \o/
Done!
A small contribution for us, a great step for sfSecurity !
Donated
Donated, I won't have the opportunity to come to the symfony live in Paris but hope there will be other symfony2 trainings soon
Donated!
Denoted!
Let's audit Doctrine2!, donated!
Done!
done
Done ;)
Just donated !
Donated!
I'd also donate if there's a different way than PayPal. Sorry guys, but you really cannot trust PayPal, I'd never use it. A normal bank account to transfer money to would also do, at least from within Europe.
Done.
As of now (2011-01-18 08:00), we have raised 8.200 EUR from 100 people. I'm going to ask SektionEins a quote to audit Doctrine2!
Donated!
As I don't have a credit-card it is impossible for me to donate using PayPal. Donating using a normal bank-transfer would be a good alternative, and it's free within Europe.
Maybe someone could add the BIC/IBAN codes for the bank account behind the Paypal account to the donate page? That would make life much easier!