Re: CMS Option: Zikula

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Paul W. Frields wrote:
> I think we should also be considering the other major players in the
> CMS game, if there are people available to deploy and maintain them.
> Drupal and Joomla! immediately come to mind, the latter especially
> because it actually has some DocBook XML support.  Features aren't
> particularly compelling, though, if we have no one around to help with
> the maintenance.
> 
One of the things I didn't know until I did some browsing around their
website is that Zikula started off as PostNuke but that they changed the
name in June.  So they are a long term player in the CMS market.

> None of this has any bearing on the quality of Zikula, which I'm sure
> is excellent.
> 
I was impressed by a few of the things I've learned since this morning
:-)  The answers to how Proactive the security is was a nice change from
the usual thoughts I've seen::
   https://fedoraproject.org/wiki/Zikula_IRC_Chat_Interview#t12:20

Here's my naive search of cve.mitre.org for issues reported in 2008.
Note that some people would say to exclude plugins from this but my view
is that we're going to be running plugins as part of our deployment and
we'll want to know if we can expand our capabilities by pulling in
functionality via plugins without compromising security.  So knowing
this does a little towards understanding whether the Core provides an
API for writing secure plugins and the plugin community is security
minded as well as Core developers.  And like I say, this is naive :-)

91 Joomla -- Lots of plugins a few in core
79 Drupal -- Lots of plugins a few in core
60 Wordpress -- Lots of plugins, a few in core
53 Mambo --Lots of plugins, at least one in core
4 zikula + postnuke -- 1 in Core, 3 in plugins
1 midgard
0 zikula
0 enano

For reference, mediawiki, which we think has an acceptable
security-to-benefit ratio, had 8 vulnerabilities reported in 2008 using
the same naive count.

-Toshio

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
fedora-docs-list mailing list
fedora-docs-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-docs-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Red Hat 9]     [Yosemite News]     [KDE Users]

  Powered by Linux