Hi all, Karanbir Singh wrote: > Dag Wieers wrote: > >> There have been some interesting comments from Drupal users on my >> blog-post that compared the requirements with modules and features. >> http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-972 >> http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-973 >> http://dag.wieers.com/blog/drupal-for-centos-portal-and-forums#comment-978 >> I guess that is a first stop when assessing Drupal's capabilities. >> > > That is good, however they dont say anything more than whats already > available on google searches for these things. What we really would need > before deciding is to have someone offer to take ownership of the > effort to evaluate drupal, do the setup, setup some of these features > and see how usable it really is. > > eg. I am looking at Drupal for my own site and I find venturing into the > modules portion of drupal immediately drops the quality of code, and > even the ownership of security issues. > Drupal core has a greater code quality than Drupal modules since each patch going into core gets reviewed by a lot of developers before it gets committed. Contributed modules however can be authored by anybody. It's the reason why, before using one of them, one should consider the code quality, the author of the module, the issue queue and what people generally say about the module - see http://drupalmodules.com/ for module ratings. Some well know core contributor also author modules. There are some well know contributed modules which are very common and therefore get a lot of review (CCK, Views, Panels, fivestars...). I don't think this is very different from other Open Source projects where anybody can share their plugin/module/code. > It seems Drupal guys dont take on > security issues for things that come from the modules or related > projects that are being used inside drupal. Being a member of the Drupal security team, I can assure you that we also handle the contributed modules hosted on drupal.org (given the resources of our team) and we reply to every legitimate security report and release a security announcement when necessary. see http://drupal.org/security-team for more details. scor.