Hello all - My name is David Newkerk, and have posted under the user name Keyz on Dag's blog post regarding Drupal. Dag requested that I post directly to the mailing list instead so that the info I am compiling can be more readily seen by everyone. Apologies if I have posted incorrectly with this first reply, as I'm not yet accustomed to using the mailing list. I will post several longer replies once I'm sure I've posted correctly. Thanks! - David On Tue, Sep 30, 2008 at 2:04 PM, Karanbir Singh <kbsingh at centos.org> wrote: > > Dag Wieers wrote: >> >> At least there is a process of reporting out-of-core security problems. > > I dont see how that is relevant, CVE's are open to anyone to report against / for ? so whats your point ? > >> Why should the Drupal team be responsible of code they clearly do no support ? Go and talk to the module's developers to see what processes they have before you use it. > > Sure, that should be something that whoever decided to test and look after drupal ( should we select it ) should do, if the built in core modules are unable to handle the issues we need it to. > > > -- > Karanbir Singh > CentOS Project { http://www.centos.org/ } > irc: z00dax, #centos at irc.freenode.net > _______________________________________________ > CentOS-devel mailing list > CentOS-devel at centos.org > http://lists.centos.org/mailman/listinfo/centos-devel