[PLUG-Devel] Security Audit of Joomla!

Alan Dayley alandd at consultpros.com
Mon Sep 11 21:27:11 MST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian Cluff wrote:
> 
> I don't think there is any doubt where the security problem was...
> Joomla just had a HUGE update to patch a zillion holes in it.

Maybe they did an extensive audit themselves?  I don't know.

> That's not to say that the server is in great condition otherwise, but
> it is, for the most part, out of our control to change anything on it,
> so it really doesn't matter too much.

Why is it out of our control?  If we did an audit, based on a known tag
or version of the source, within the submission guidelines of the
project, I'd think we have much control to see our fixes into Joomla! or
any other FS project.

Perhaps that is not as true as I think but I still like the idea of this
project, if someone were to take it on.

Alan


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFFBjcfDQw/VSQuFZYRAtTeAJ9BbHi7lzzxLVEYS2x0A4yNkp8EnACfQ5jf
3uGSasCEJPbgs3dVvkLTpV8=
=A8Ef
-----END PGP SIGNATURE-----


More information about the PLUG-devel mailing list