[CentOS-devel] forums + portal for {lang}.centos.org sites

Mon Sep 29 15:07:06 UTC 2008
Ned Slider <ned at unixmail.co.uk>

Karanbir Singh wrote:
> 
> eg. I am looking at Drupal for my own site and I find venturing into the 
> modules portion of drupal immediately drops the quality of code, and 
> even the ownership of security issues. It seems Drupal guys dont take on 
>  security issues for things that come from the modules or related 
> projects that are being used inside drupal.
> 

We (in my day job) see the same security issues for Joomla based sites 
when modules are used to extend core functionality. Site 
developers/owners are quick to extend functionality by installing 
additional plugins but then don't want the responsibility of maintaining 
multiple packages/plugins on the server. It just adds a further layer of 
complexity as any plugins need to also be separately monitored (and 
maintained) for security updates.