Php why must your apps suck so?
Michael Stahnke
mastahnke at gmail.com
Thu Nov 1 18:00:29 UTC 2007
> identifying and removing security problems?
>
> For #1, compare the number of CVEs_ in mediawiki to moin and drupal to
> zope+plone:
> 2007 2006 2005
> moin 5 0 0
> mediawiki 7 5 12
>
> drupal 36 37 8
> zope(plone) 1(+0) 2(+3) 1(+0)
>
> Now we all know that numbers can be misleading but still this seems to
> highlight something for me: there are projects which care about security
> and there are projects which tack it on as an after thought. No matter
> how much work we put into security locally (SELinux, mod_security, code
> auditing), we don't want to be using a project which belongs to the
> latter camp. *Sending security patches upstream doesn't help if
> upstream will just introduce a new batch of security issues in their
> next release.*
Some of the numbers might have to do with install-base size also. I
realize you did qualify your statment, but I thought it should be
called out explicitly. I know of dozens of mediawiki sites I use
nearly everyday, whereas moin, I know of one. Also, why is mediawiki
ok for 108 and et.redhat.com but not for fedora? I would think some
type of review/assesment was done for those sites.
I am not trying to troll and/or flame, I really am just curious.
stahnma
More information about the infrastructure
mailing list