Photo gallery
Toshio Kuratomi
a.badger at gmail.com
Fri Aug 8 00:53:50 UTC 2008
Martin Sourada wrote:
> Thanks for the info. Looks like the gallery2 would satisfy our needs
> pretty good. The only two issues I noticed is the missing integration
> with FAS (which might be already in progress, as noted by Ricky), and
> easy way to handle images sources (which is not a show-stopper for us,
> though it would be nice if we could implement that nicely as well).
>
> I guess we could set-up a test gallery2 implementation on one of our
> fedorapeople accounts and if it works well, ask for transferring it to
> art.fedoraproject.org here?
>
We also need to decide if we want to run the software in Fedora
Infrastructure.
Searching for CVEs was somewhat hard since gallery is a common name for
photo gallery software. I found 5 CVE's against Menalto Gallery this
year and 9 last year. There are other CVE's that weren't picked up in
my search as they did not identify gallery as "menalto" (I googled and
found references...) I'm not sure how this compares to other gallery
software but it is less than phpnuke, drupal, and other things that I
have been against.
We do not yet have SELinux turned on on our app servers (although
lmacken and dwalsh have gotten us much closer recently). I am pretty
sure we do have mod_security deployed. Do we feel comfortable with
this? What are the alternatives that fit the criteria and are they worse?
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20080807/ecf49e93/attachment.bin
More information about the infrastructure
mailing list