Hello all -
My name is David Newkerk, and have posted under the user name Keyz on Dag's blog post regarding Drupal. Dag requested that I post directly to the mailing list instead so that the info I am compiling can be more readily seen by everyone. Apologies if I have posted incorrectly with this first reply, as I'm not yet accustomed to using the mailing list. I will post several longer replies once I'm sure I've posted correctly.
Thanks!
- David
On Tue, Sep 30, 2008 at 2:04 PM, Karanbir Singh kbsingh@centos.org wrote:
Dag Wieers wrote:
At least there is a process of reporting out-of-core security problems.
I dont see how that is relevant, CVE's are open to anyone to report against / for ? so whats your point ?
Why should the Drupal team be responsible of code they clearly do no support ? Go and talk to the module's developers to see what processes they have before you use it.
Sure, that should be something that whoever decided to test and look after drupal ( should we select it ) should do, if the built in core modules are unable to handle the issues we need it to.
-- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos@irc.freenode.net _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel