I sent this to the docs list when they started considering Zikula.
Now
that we're setting up a test instance and getting some people on the
infrastructure team to work on it it seems like a good point in time to
forward it here.
-------- Original Message --------
Date: Fri, 23 Jan 2009 16:55:03 -0800
From: Toshio Kuratomi <a.badger(a)gmail.com>
To: fedora-docs-list(a)redhat.com
Paul W. Frields wrote:
> I think we should also be considering the other major players in the
> CMS game, if there are people available to deploy and maintain them.
> Drupal and Joomla! immediately come to mind, the latter especially
> because it actually has some DocBook XML support. Features aren't
> particularly compelling, though, if we have no one around to help with
> the maintenance.
>
One of the things I didn't know until I did some browsing around their
website is that Zikula started off as PostNuke but that they changed the
name in June. So they are a long term player in the CMS market.
> None of this has any bearing on the quality of Zikula, which I'm sure
> is excellent.
>
I was impressed by a few of the things I've learned since this morning
:-) The answers to how proactive the security is was a nice change from
the usual thoughts I've seen::
https://fedoraproject.org/wiki/Zikula_IRC_Chat_Interview#t12:20
Here's my naive search of
cve.mitre.org for issues reported in 2008.
Note that some people would say to exclude plugins from this but my view
is that we're going to be running plugins as part of our deployment and
we'll want to know if we can expand our capabilities by pulling in
functionality via plugins without compromising security. So knowing
this does a *little* towards understanding whether the Core provides an
API for writing secure plugins and the plugin community is security
minded as well as Core developers. And like I say, this is naive :-)
91 Joomla -- Lots of plugins a few in core
79 Drupal -- Lots of plugins a few in core
60 Wordpress -- Lots of plugins, a few in core
53 Mambo --Lots of plugins, at least one in core
4 zikula + postnuke -- 1 in Core, 3 in plugins
That sounds awfully low for Postnuke. Doing a quick google search of
postnuke security fixes and just looking at different releases.. there
should be about 20 with some amount in core and a lot in plugins. My
information about the current state of PostNuke is not good. I am
betting that they are doing a lot more for security but a number of 4
problems just was too low for the amount of systems I have had to
'clean' since 2002.
--
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"