Should the web app code be public?

[angelPL]

No description provided.

[HermanMartinus]

Open-sourcing a project like Bear Blog is generally seen as a positive move. It's like opening the hood of a car – people can learn from it, customize it, and troubleshoot issues much easier. They can understand exactly what they're using, which is pretty cool.

As for security, you're right that it could potentially expose weak spots. However, it also means that those weak spots can be identified and fixed. It's like a constant peer-review process. But if a project doesn't accept contributions like Bear, it does put the onus on the core team to keep an eye on things. There is no information on Bear (bar email addresses) that isn't already public (it is a blogging platform after all). This means if anything terribly bad happens (Django is pretty secure, so this isn't much of a problem), we patch it and restore a backup.

So, all in all, it's about transparency and trust. Just like any other tool, it's how you use it that matters. You wouldn't want to open-source something without considering the implications, but it's not inherently a bad – or good – thing. It's just a different way of doing things.