In the previous FileSender 1.5 status update we wrote the end of September as our target for the first beta release of FileSender. It is now 30 september, there is no beta package announced so obviously something did not go as targeted.
What happened?
With 1.5 we moved from Flash and JSON to HTML(5) and JavaScript for the UI and data exchange with the server. In addition we added the database abstraction layer. As a result of this the input/output pathways and their behaviour have changed. To give an example, output sanitisation (when data is displayed to a user again) becomes more important once Flash no longer does that job for us.
Checking the input/output pathways and ensuring proper sanitisation and validation is put in exactly the right places, and all the right places, takes us more time then anticipated.
Had it been any other issue causing a delay we could have lived with a known deficiency in the beta. Input/output validation and sanitisation however needs to be done right to prevent security issues.
As a result of all this the code is likely to change subtly in various places which again means the time is not right for putting in the testing and packaging effort of a beta release. Next week we plan to push ahead with the validation/sanitisation problem, an update on the 1.5 status can be expected at the end of the week.
To close this 1.5 status update I’d like to mention that we’ve pencilled in an external code security audit by Pine Security in the 3rd week of October.
Meanwhile for those of you who are interested, you can already install and test the 1.5 code from SVN with little effort and nearly all of it works, and usually stays working after SVN commits. Check the notes for installing 1.5 development code for details. The current FileSender 1.5 bug list will tell you what remains to be fixed.