Mike McGrath wrote:
This is a highly inaccurate measure of security but it's something to look at. I wonder if lkundrak and the security team have a preference for blogging/news software :-)On Wed, 20 Feb 2008, seth vidal wrote:On Wed, 2008-02-20 at 19:32 -0700, Stephen John Smoogen wrote:Ok one thing to find out on this.. is what is the security aspects of using wordpress. I am probably not the person to mention this as I partially flamed a Red Hat employee earlier this month about their views on WordPress.. but it would be good to make sure that it isnt going to be a problem security wise.wordpress is actively maintained and widely used. It has a security track record of all php programs but it also has a good record of quick turn around times for issues.Additionally, mod_security will help is deal with 0day exploits and some other things. I think wordpress has an ok security record but thats by reputation, not research, anyone have a moment to look and post to the list?
Number of CVEs listed on http://nvd.nist.gov/nvd.cfm wordpress drupal mediawiki zope plone 2008 30 17 1 0 0 2007 64 37 7 2 1 2006 21 39 4 1 3These numbers show a big difference between mediawiki and drupal or wordpress. The questions are just how valid the numbers are and whether we're confident that the combination of SELinux (which we will then depend on; no more turning it off if we can't figure out a problem) and mod_security will keep our servers and users of the sites safe from the exploits that will appear.
-Toshio
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
