On Mon, 26 Oct 2009, Lisa Kachold wrote:

> Moodle announces more security issues.
>
> By sending out this "advance security notice" of known exploits to
> registered Moodle sites before the security fixes and "press release"
> it's clear that Moodle does not fully appreciate the state of web
> security today.   Literally thousands of web systems exploiters are
> already targeting school based Moodle php/mysql sites!

and so ?  so are sendmail and bind and the Linux kernel each 
of which announce their holes as well

> ---------- Forwarded message ----------
> From: martin@moodle.com
> Subject: [securityalerts] New Moodle releases 1.9.6 and 1.8.10: Security fixes
> To: securityalerts@lists.moodle.org

> You are getting this email because you subscribed to the Moodle security alerts
> list when you registered your Moodle site.   (Thanks for registering, by the
> way!)

I would read this that moodle cares enough to run a security 
alerts ML exploder, and that they care enough to use it.  It 
seems like sour grapes to complain that the 'free soup' is not 
seasoned as you like it.

-- Russ herrold
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss