On 9/13/06, Chris Zakelj <[EMAIL PROTECTED]> wrote: > > Adam wrote: > > Chris Zakelj <[EMAIL PROTECTED]> wrote: > > > >>> He said "good and secure". Phpbb is neither. > >>> > >> Perhaps you would like to offer an alternative > >> > > Nope. > > > Then you are a useless troll. This will be my last reply to your filth.
Why is that a troll? He offered an opinion on Phpbb. It is neither good nor secure. [see below] Just because he cannot offer an alternative (there may not be a secure alternative even!) >> Your definition of "good" is probably different, and phpBB might not > >> meet it. > >> > > My definition of good includes secure. "If you are a very low traffic > > obscure site and only have to worry about publicly released exploits > > you can patch, and you are willing to patch all the damn time" doesn't > > qualify as secure. Read the subject again. > > > Eleven patches in 26 months, or 0.4 patches/month. How does that > compare to your typical Linux distro, or the typical corporate How does that compare to OpenBSD? Maybe he was using the OpenBSD standard of secure? I believe his statement holds true, patching once every two months does not seem secure to me. > environment? How many patches has MSFT released in that timespan? Bad comparison. MSFT's patches are across an entire product line. You are talking about one specific product here. In order to get a valid comparison, you will have to count patches for a product of similar size and complexity. Which, if my memory serves me right, is actually smaller than phpbb's track record, which actually supports Adam's stance that phpbb is insecure. > Compared to maintaining even my gaming rig (and its never-ending > onslaught of 64bit driver issues), following phpBB's security list is > incredibly easy. That may be. It is still not secure. We are talking about security, not ease of patching, or following patch releases.