[PLUG-Devel] Security Audit of Joomla!

Darrin Chandler dwchandler at stilyagin.com
Tue Sep 12 06:41:33 MST 2006


On Mon, Sep 11, 2006 at 09:27:11PM -0700, Alan Dayley wrote:
> 
> Why is it out of our control?  If we did an audit, based on a known tag
> or version of the source, within the submission guidelines of the
> project, I'd think we have much control to see our fixes into Joomla! or
> any other FS project.
> 
> Perhaps that is not as true as I think but I still like the idea of this
> project, if someone were to take it on.

Some projects are more friendly than others when it comes to submissions
from "outside" the normal developer community. I suspect the Joomla!
people would be mostly happy to accept security fixes. If they're not
then you can always publish the fixes alongside disclosure of
vulnerabilities. That always works. ;)

-- 
Darrin Chandler            |  Phoenix BSD Users Group
dwchandler at stilyagin.com   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |


More information about the PLUG-devel mailing list