[CentOS-devel] forums + portal for {lang}.centos.org sites

Tue Sep 30 19:05:09 UTC 2008
Dag Wieers <dag at centos.org>

On Tue, 30 Sep 2008, Karanbir Singh wrote:

> Stephane Corlosquet wrote:
>> >  yes, and its things like this :
>> > 
>> >  http://drupal.org/node/313054
>> > 
>> >  which are quite scary.
>> >
>>  This is what happens when you don't use the Drupal API
>>  <http://api.drupal.org/>, which saves the developers from having to worry
>>  about common security issues like XSS, CSRF, SQL injection etc. In that
>>  way it's very quick to evaluate the quality of a module: you just need to
>>  check whether they make good use of the API or not...
> Surely this is the responsibility of the drupal devteam and not the userbase 
> to ensure stuff like this is not included. That specific module was at some 
> time distributed from the drupal.org website wasent it ?

Does the absense of such bug-reports make a solution more secure ?

--   dag wieers,  dag at centos.org,  http://dag.wieers.com/   --
[Any errors in spelling, tact or fact are transmission errors]