> identifying and removing security problems? > > For #1, compare the number of CVEs_ in mediawiki to moin and drupal to > zope+plone: > 2007 2006 2005 > moin 5 0 0 > mediawiki 7 5 12 > > drupal 36 37 8 > zope(plone) 1(+0) 2(+3) 1(+0) > > Now we all know that numbers can be misleading but still this seems to > highlight something for me: there are projects which care about security > and there are projects which tack it on as an after thought. No matter > how much work we put into security locally (SELinux, mod_security, code > auditing), we don't want to be using a project which belongs to the > latter camp. *Sending security patches upstream doesn't help if > upstream will just introduce a new batch of security issues in their > next release.* Some of the numbers might have to do with install-base size also. I realize you did qualify your statment, but I thought it should be called out explicitly. I know of dozens of mediawiki sites I use nearly everyday, whereas moin, I know of one. Also, why is mediawiki ok for 108 and et.redhat.com but not for fedora? I would think some type of review/assesment was done for those sites. I am not trying to troll and/or flame, I really am just curious. stahnma _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
