On Fri, 2005-12-30 at 16:39, Harry Jackson wrote: > On 12/30/05, Scott Marlowe <smarlowe@xxxxxxxxxxxxxxxxx> wrote: > > > > > > On 12/30/05, Raymond O'Donnell <rod@xxxxxx> wrote: > > > > QUOTE: > > I used it once (2004) because it supported Postgres. It got hacked in > > under a month. I admit that this was a one off but having searched > > around the Internet for various bulletin board software there seem to > > be no end of problems with phpbb with regards security. I have even > > come across articles claiming that the phpbb team try not to publish > > all their exploits but rather blame PHIP [0] itself and they have a > > tendency to ignore certain exploits in any releases that are not > > current. > > UNQUOTE: > > > > That's hardly fair. PostgreSQL also ignores security issues on older > > versions. If you're running 8.0.0 and a security fix came out in 8.0.1, > > it's your fault, not the PGDG folks. > > Actually a security hole being found is not really anyones fault [0] > it just happens and then something has to be done by the user who has > the software on his system. Let me clarify. If you're running 8.0.0 and there's a security fix out for 8.0.1 and you get bitten by said security bug, it IS YOUR fault, because you didn't upgrade. > Would the people on here ignore requests for help regardless of > version. I am sure if the case was stong enough someone would give you > a hand, perhaps they wouldn't but I am not reading on blogs how the Actually, if you're running an old enough version, that's exactly what will happen. We have a fairly large and capable community, but no one's gonna put a lot of effort into fixing / working around a security bug from V 6.5.3 or 7.1 or something like that. PHPBB chooses to maintain, security-wise, the latest main branch, which is quite common for smaller, fast moving projects, and completely understandable. Rather one well maintained, quickly fixed branch than any number that aren't. Of course, we'd all like to see all old versions supported / maintained. And a pony too. But ya get what ya get. And as far as updates to phpbb go, they're pretty timely, if only on the latest main branch. > > I've had nothing but good luck with PHPBB. > > And I am truly happy for you. I would have loved phpBB to have been my > silver bullet. I may yet need to use it again because I can find > nothing else that will do the job. For all its faults its most > certainly filling a gap in the market. > > I don't want to use phpBB and I will need to be dragged kicking and > screaming to drink from that well again but were needs must, better > the devil you know. Have you looked at agora? Not as many fancy features, but it is a nicely threaded message system. For many people the extra features, like attachments and such, that phpBB have make it a must have, but I found agora to be a much nicer bulletin board, in terms of how it displays threads and all.