I sent this to the docs list when they started considering Zikula. Now that we're setting up a test instance and getting some people on the infrastructure team to work on it it seems like a good point in time to forward it here. -------- Original Message -------- Date: Fri, 23 Jan 2009 16:55:03 -0800 From: Toshio Kuratomi <a.badger@xxxxxxxxx> To: fedora-docs-list@xxxxxxxxxx Paul W. Frields wrote: > I think we should also be considering the other major players in the > CMS game, if there are people available to deploy and maintain them. > Drupal and Joomla! immediately come to mind, the latter especially > because it actually has some DocBook XML support. Features aren't > particularly compelling, though, if we have no one around to help with > the maintenance. > One of the things I didn't know until I did some browsing around their website is that Zikula started off as PostNuke but that they changed the name in June. So they are a long term player in the CMS market. > None of this has any bearing on the quality of Zikula, which I'm sure > is excellent. > I was impressed by a few of the things I've learned since this morning :-) The answers to how proactive the security is was a nice change from the usual thoughts I've seen:: https://fedoraproject.org/wiki/Zikula_IRC_Chat_Interview#t12:20 Here's my naive search of cve.mitre.org for issues reported in 2008. Note that some people would say to exclude plugins from this but my view is that we're going to be running plugins as part of our deployment and we'll want to know if we can expand our capabilities by pulling in functionality via plugins without compromising security. So knowing this does a *little* towards understanding whether the Core provides an API for writing secure plugins and the plugin community is security minded as well as Core developers. And like I say, this is naive :-) 91 Joomla -- Lots of plugins a few in core 79 Drupal -- Lots of plugins a few in core 60 Wordpress -- Lots of plugins, a few in core 53 Mambo --Lots of plugins, at least one in core 4 zikula + postnuke -- 1 in Core, 3 in plugins 1 midgard 0 zikula 0 enano For reference, mediawiki, which we think has an acceptable security-to-benefit ratio had 8 vulnerabilities reported in 2008 using the same naive count. -Toshio
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
