On Tue, 30 Sep 2008, Karanbir Singh wrote: > Dag Wieers wrote: >> > Surely this is the responsibility of the drupal devteam and not the >> > userbase to ensure stuff like this is not included. That specific module >> > was at some time distributed from the drupal.org website wasent it ? >> >> Does the absense of such bug-reports make a solution more secure ? > > well, does a widely circulated known exploit that isnt going to get a fix > instill confidence in you ? At least there is a process of reporting out-of-core security problems. Why should the Drupal team be responsible of code they clearly do no support ? Go and talk to the module's developers to see what processes they have before you use it. -- -- dag wieers, dag at centos.org, http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors]