[Fwd: Re: CMS Option: Zikula]

Toshio Kuratomi a.badger at gmail.com
Fri Jan 30 01:44:56 UTC 2009


Stephen John Smoogen wrote:
> 2009/1/29 Toshio Kuratomi <a.badger at gmail.com>:
>> I sent this to the docs list when they started considering Zikula.  Now
>> that we're setting up a test instance and getting some people on the
>> infrastructure team to work on it it seems like a good point in time to
>> forward it here.
>>
>> -------- Original Message --------
>> Date: Fri, 23 Jan 2009 16:55:03 -0800
>> From: Toshio Kuratomi <a.badger at gmail.com>
>> To: fedora-docs-list at redhat.com
>>
>> Paul W. Frields wrote:
>>> I think we should also be considering the other major players in the
>>> CMS game, if there are people available to deploy and maintain them.
>>> Drupal and Joomla! immediately come to mind, the latter especially
>>> because it actually has some DocBook XML support.  Features aren't
>>> particularly compelling, though, if we have no one around to help with
>>> the maintenance.
>>>
>> One of the things I didn't know until I did some browsing around their
>> website is that Zikula started off as PostNuke but that they changed the
>> name in June.  So they are a long term player in the CMS market.
>>
>>> None of this has any bearing on the quality of Zikula, which I'm sure
>>> is excellent.
>>>
>> I was impressed by a few of the things I've learned since this morning
>> :-)  The answers to how proactive the security is was a nice change from
>> the usual thoughts I've seen::
>>   https://fedoraproject.org/wiki/Zikula_IRC_Chat_Interview#t12:20
>>
>> Here's my naive search of cve.mitre.org for issues reported in 2008.
>> Note that some people would say to exclude plugins from this but my view
>> is that we're going to be running plugins as part of our deployment and
>> we'll want to know if we can expand our capabilities by pulling in
>> functionality via plugins without compromising security.  So knowing
>> this does a *little* towards understanding whether the Core provides an
>> API for writing secure plugins and the plugin community is security
>> minded as well as Core developers.  And like I say, this is naive :-)
>>
>> 91 Joomla -- Lots of plugins a few in core
>> 79 Drupal -- Lots of plugins a few in core
>> 60 Wordpress -- Lots of plugins, a few in core
>> 53 Mambo --Lots of plugins, at least one in core
>> 4 zikula + postnuke -- 1 in Core, 3 in plugins
> 
> That sounds awfully low for Postnuke. Doing a quick google search of
> postnuke security fixes and just looking at different releases.. there
> should be about 20 with some amount in core and a lot in plugins. My
> information about the current state of PostNuke is not good. I am
> betting that they are doing a lot more for security but a number of 4
> problems just was too low for the amount of systems I have had to
> 'clean' since 2002.
> 
Is that 20 for 2008?

-Toshio

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20090129/a1c3f6a5/attachment.bin 


More information about the infrastructure mailing list