Appendix H Project history

The project started out as a fork of SQL-Ledger (SL)- the open source ERP system developed by Dieter Simader - somewhere between SQL-Ledger versions 2.6 and 2.8. A fork happens when a group of developers can’t - for whatever reason - continue to work as one group on a project. At that time, the project splits into two or more projects and the fork is in effect.

LedgerSMB split off from the SQL-Ledger project (i.e. forked) because there was disagreement between developers about how to go forward both with respect to handling of security vulnerability reports as well as the general state of the code base.

After the fork, between versions 1.0 and 1.2 most energy was spent on making LedgerSMB more secure (i.e. less vulnerable to security attacks). In technical terms, measures were taken to fend off (amongst other things):

  • Cross site scripting attacks

  • Replay attacks

  • SQL injection attacks

Come version 1.3 the development directed toward improvement of the overall quality of the code base as the old SL code was in very poor state: looking very much like web programs as they were written in 1998, the code had grown largely outdated in style and was no longer maintainable by 2007.

The 1.3 effort focused on bringing relief with a new application structure. Modern and important features were realized: separation of duties (for the accounting part of the application) and authorizations to allow distinguishing different roles in a company.

Unfortunately, by the beginning of 2011 the project looked mostly dead from an outside perspective: the team had not brought forward any releases since 2007, there were no signs of development and the mailing lists (a measure of community activity) were completely silent. Subversion Version Control (SVN) commits were continuing, but were being made by ever fewer committers and contributors.

Fortunately development activity was increasing in the first half year of 2011, leading to the release of version 1.3 by September. Between September and the year end in total 10 small bug fixes were released, showing active commitment of the developers to maintain the application.

New committers showed up, indicating revived community interest. Other signs of increased interest are the higher number of bug reports and the creation of the Linux package for Debian 7, which has been included in Ubuntu 12.04 as of October 2012.