Wow, thanks so much to each of you that left comments for my last post! Very helpful, and there are some really good ideas in there. Just to wrap up and respond to a few things:
- The comments need to be scrubbed not because I know there is anything bad in there (I don't think there really is), it's that I can't be sure that there isn't. So getting rid of them completely is a brute-force approach to making sure nothing slips through. You have to understand that I'm operating in a very risk-averse environment.
- Many of you said "only do this if it doesn't delay .NET 2.0" which is right on the money. If this would or could cause any delay, it won't happen. That's why I'm trying to figure out the absolute cheapest proposal here.
- I mentioned the MVPs specifically because some of them have already seen source and whatever is in there. I've been trying to think of ways to leverage the community in general and specifically MVPs so that we can have a more symbiotic relationship. In this case, since there is already an agreement in place for them to view the code, they're seeing it warts and all already.
- There were two great ideas in here: first was Sean Malloy's idea of having us start marking comments in the source code as customer-ready. I like this because we can do it over time and each "drop" of source would have more and more comments. Second was the ideas of setting up a Wiki so that people can either ask "what the heck is this?!?!" or post their descriptions of a given area of code. I love it!
- I don't believe there is a real security risk here beyond where we are already at. If there are bad people looking for security holes in the code, they've already got the tools to do it, and we don't believe that "security by obfuscation" is really security. By that I mean if you have a security hole and you "hope" someone doesn't find it because it's difficult to find, you're in trouble. They'll find it.
- As much I'd like to tell you all of the code in the Framework is well factored and self-explanatory, that's just not the case. Much of it is, but there are many cases that we are working around Windows or ComCtl behavior/bugs, or we're handling some escoteric scenario you'd never think of. There are definitely some dark alleys in Windows Forms land. Bring your flashlight. :)
So I've got what I was looking for (can I call it a 'mandate'???), I'll go see what I can do. No promises but I'm feeling optimistic. Thanks again.