Karanbir Singh wrote: > > eg. I am looking at Drupal for my own site and I find venturing into the > modules portion of drupal immediately drops the quality of code, and > even the ownership of security issues. It seems Drupal guys dont take on > security issues for things that come from the modules or related > projects that are being used inside drupal. > We (in my day job) see the same security issues for Joomla based sites when modules are used to extend core functionality. Site developers/owners are quick to extend functionality by installing additional plugins but then don't want the responsibility of maintaining multiple packages/plugins on the server. It just adds a further layer of complexity as any plugins need to also be separately monitored (and maintained) for security updates.