Stephen John Smoogen wrote: > 2009/1/29 Toshio Kuratomi <a.badger@xxxxxxxxx>: >> I sent this to the docs list when they started considering Zikula. Now >> that we're setting up a test instance and getting some people on the >> infrastructure team to work on it it seems like a good point in time to >> forward it here. >> >> -------- Original Message -------- >> Date: Fri, 23 Jan 2009 16:55:03 -0800 >> From: Toshio Kuratomi <a.badger@xxxxxxxxx> >> To: fedora-docs-list@xxxxxxxxxx >> >> Paul W. Frields wrote: >>> I think we should also be considering the other major players in the >>> CMS game, if there are people available to deploy and maintain them. >>> Drupal and Joomla! immediately come to mind, the latter especially >>> because it actually has some DocBook XML support. Features aren't >>> particularly compelling, though, if we have no one around to help with >>> the maintenance. >>> >> One of the things I didn't know until I did some browsing around their >> website is that Zikula started off as PostNuke but that they changed the >> name in June. So they are a long term player in the CMS market. >> >>> None of this has any bearing on the quality of Zikula, which I'm sure >>> is excellent. >>> >> I was impressed by a few of the things I've learned since this morning >> :-) The answers to how proactive the security is was a nice change from >> the usual thoughts I've seen:: >> https://fedoraproject.org/wiki/Zikula_IRC_Chat_Interview#t12:20 >> >> Here's my naive search of cve.mitre.org for issues reported in 2008. >> Note that some people would say to exclude plugins from this but my view >> is that we're going to be running plugins as part of our deployment and >> we'll want to know if we can expand our capabilities by pulling in >> functionality via plugins without compromising security. So knowing >> this does a *little* towards understanding whether the Core provides an >> API for writing secure plugins and the plugin community is security >> minded as well as Core developers. And like I say, this is naive :-) >> >> 91 Joomla -- Lots of plugins a few in core >> 79 Drupal -- Lots of plugins a few in core >> 60 Wordpress -- Lots of plugins, a few in core >> 53 Mambo --Lots of plugins, at least one in core >> 4 zikula + postnuke -- 1 in Core, 3 in plugins > > That sounds awfully low for Postnuke. Doing a quick google search of > postnuke security fixes and just looking at different releases.. there > should be about 20 with some amount in core and a lot in plugins. My > information about the current state of PostNuke is not good. I am > betting that they are doing a lot more for security but a number of 4 > problems just was too low for the amount of systems I have had to > 'clean' since 2002. > Is that 20 for 2008? -Toshio
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
