LedgerSMB

From Wikipedia, the free encyclopedia

LedgerSMB

LedgerSMB login screen
OS Any Unix-like, Mac OS, Windows
Platform Cross-platform
Genre double entry accounting system
License GNU General Public License
Website LedgerSMB

LedgerSMB is a free software double entry accounting system. Accounting data is stored in an SQL Database Server and a standard web browser can be used as its user interface. The system uses the Perl language and a Perl database interface module for processing, and PostgreSQL for data storage.

LedgerSMB is distributed under the terms of the GNU General Public License.

Contents

[edit] History

LedgerSMB began as a fork of SQL-Ledger. It has, however, diverged rapidly and the future architecture has very little to do with its ancestry.

[edit] Forking Controversy

The project began when Chris Travers, dissatisfied with the handling of security bugs in SQL-Ledger, partnered with Christopher Murtagh to produce a fix for CVE-2006-4244.[1] This bug was apparently reported to the SQL-Ledger author, Dieter Simader, several months prior[2] to the Chrises working on a patch. The initial release of LedgerSMB has SQL-Ledger 2.6.16 with the fix for CVE-2006-4244 as its base. This release, along with full disclosure of the bug on the main mailing list,[3] strained relations between SQL-Ledger supporters and the members of the nascent LedgerSMB project.

The forking of LedgerSMB is considered by some[4] to be part of the reason for the anti-forking clause[5] in the short-lived SQL-Ledger Open Source License, the licence that was used for SQL-Ledger 2.8.0.

[edit] Next Few Releases

The 1.1.0 release merged in many patches that had been done for other customers but did not change the structure of the code in any significant way. By this time, however, most of the core members were unhappy with the current architecture and had decided to work on refactoring the code.

The 1.2.0 release included a number of very deep security fixes and the beginnings of the refactoring process. The tax and price matrix code was centralized. This release was quite problematic and the core team ended up pulling 1.2.0 and 1.2.1 from public distribution due to a number of issues in integrating old and new code. Many members of the core team have expressed frustration at the level of problems, but Chris Travers has generally likened the problems to those of Apache 2.0,[6] where changes in architecture have caused problematic releases. While it may be too soon to tell, the general hope is that 1.2.x will be the most difficult and problematic release, perhaps of all time.

At the same time, it cannot be denied that a number of the problems in 1.2.0 were the result of trying to do too much too quickly without adequate review. It is difficult to fault the project for this in some cases (removing SQL injection issues) but it remains to be seen whether the project is able to continue to move forward in such a way as to prevent this from being a problem in the future.

[edit] Future Architecture

The original codebase of the project had a number of shortcomings. The Perl code generated both database queries and web pages by concatenating or printing portions of the text so that it came out as a distinct page. While this functioned reasonably well, it made the interface very difficult to modify, and interoperability with projects written in other languages was particularly difficult.

Faced with these challenges, the LedgerSMB team developed a new architecture which addresses these issues by adding support for templates in the user interface, and moving all database calls into stored procedures. Although closely resembling model-view-controller (MVC) in structure, it is not broken down in precisely the same way as other MVC implementations.[7]

1.3 will move several important parts of the software to the new architecture including contact management and administrative interfaces.

[edit] See also

[edit] References and Footnotes

  1. ^ The Full Disclosure of CVE-2006-4244. Retrieved on 2007-07-08.
  2. ^ Tony Fraser's mention of previously reporting the bug. Retrieved on 2007-07-08.
  3. ^ Full disclosure thread on the SQL-Ledger mailing list (some posts may be hidden). Retrieved on 2007-07-08.
  4. ^ Slashdot discussion of the SQL-Ledger licence change of 2.8.0. Retrieved on 2007-07-08.
  5. ^ Linux Weekly News article about the licence change. Retrieved on 2007-07-08.
  6. ^ Travers, Chris (May 31, 2007). web-based accounting. Retrieved on 2008-01-25.
  7. ^ The New Architecture Overview

[edit] External links