30 Sep
2008
30 Sep
'08
8:48 p.m.
On Tue, 30 Sep 2008, Karanbir Singh wrote:
Dag Wieers wrote:
Surely this is the responsibility of the drupal devteam and not the userbase to ensure stuff like this is not included. That specific module was at some time distributed from the drupal.org website wasent it ?
Does the absense of such bug-reports make a solution more secure ?
well, does a widely circulated known exploit that isnt going to get a fix instill confidence in you ?
At least there is a process of reporting out-of-core security problems.
Why should the Drupal team be responsible of code they clearly do no support ? Go and talk to the module's developers to see what processes they have before you use it.
--
-- dag wieers, dag@centos.org, http://dag.wieers.com/ --
[Any errors in spelling, tact or fact are transmission errors]