(sorry if you're getting a duplicate message) On Sat, 12 Nov 2005 14:59:02 -0600, Patrick Barnes wrote > Do we have any information on Drupal's security track record? PHP has > had its fair share of problems. > > I'm not meaning to bash on Drupal or PHP, but these are important > concerns. I'm not going to pretend that Python and the Python software > currently in use are perfect, but security was one of the considerations > in their selection. It would be helpful to know how spreadfirefox.com > was compromised. If their failures were problems with Drupal or PHP, or > if they were problems elsewhere would be nice to know. Assuming we'll > not learn that, we need to at least thoroughly investigate the security > records of any software we consider. Here is a list of security track records for Drupal 4.x from secunia. http://secunia.com/product/342/ Basically there were 1 security advisory in 2002, 2003 then 5 security advisories in 2005. Also I would suggest to check out the video with title "100% availability, scalability and security with Drupal" from Drupal conference: http://drupal.org/drupalcon-2005-media -- Thomas Chung FedoraNEWS.ORG (http://fedoranews.org) "..where you can free your knowledge for your free community!"
