Bug#312413: ITP: serendipity -- PHP Weblog/Blog software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Moritz, on 8/6/05 11:07 PM Moritz Muehlenhoff said the following: | Plus a disturbing constant flow of security vulnerabilities; eight alone for | 2005. Do they have a clear policy of documenting issues or do they only | provide new releases without documenting the vulnerabilities? (This would | make support for a stable release close to impossible). Fair question, from a discussion on their dev mailing list [1,2]: - -- Security issues are documented in both our NEWS file (aka ChangeLog) and announced publically after the fix has been committed. Any other way would really be bad for any end-users as we do not want them to be unaware of outstanding bugs in old releases. Of course, this is already much, and we"re very sorry about this. But if you look at the security trackers you will see that many, many web-applications have had similar bugs in 2005. This seems to be the year of many people testing XSS. Look at WordPress, they have had similar problems. But we take our security problems serious, and for errors that come to our attention we have provided fixes in less than 12 hours in the past. - -- They also have a security section on their blog [3] with an RSS feed I can subscribe to. In addition, they maintain a stable branch in their svn tree [4], which just gets bug & security fixes. So identifying relevant security patches should be quite trivial as I can pick them from this branch rather than trying to find them from within the trunk. I hope this is somewhat reassuring. Cheers Penny 1: http://sourceforge.net/mailarchive/forum.php?thread_id=7468268&forum_id=31275 2: http://sourceforge.net/mailarchive/forum.php?thread_id=7473550&forum_id=31275 3: http://blog.s9y.9rg/ 4: http://svn.berlios.de/viewcvs/serendipity/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCr1pcGHUSCqMOwisRAniXAJ9bPz4AquLHKK3bF+HNV5IksX4FjQCcCIcQ JCuYaIGGkvrAq4bHIj23BPE= =p3ab -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#312413: ITP: serendipity -- PHP Weblog/Blog software
[Penny Leach] > PHP blog with all the common features (comments,track/pingbacks,RSS) > plus cool extras:Click'n' blog admin,extensible event-driven plugin > API,easy styling, multiuser,image management,static pregeneration and > a nifty installer: unpack, open in browser! So nice to mention how cool the installer is in the debian package description. If it didn't have such a slick installer people might want to install it using aptitude. signature.asc Description: Digital signature
Bug#312413: ITP: serendipity -- PHP Weblog/Blog software
Penny Leach wrote: > Package: wnpp > Severity: wishlist > > > * Package name: serendipity > Version : 0.8.1 > Upstream Author : Jannis Hermanns <[EMAIL PROTECTED]> > * URL : http://www.s9y.info/ > * License : BSD > Description : PHP Weblog/Blog software > > > PHP blog with all the common features (comments,track/pingbacks,RSS) > plus cool extras Plus a disturbing constant flow of security vulnerabilities; eight alone for 2005. Do they have a clear policy of documenting issues or do they only provide new releases without documenting the vulnerabilities? (This would make support for a stable release close to impossible). Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#312413: ITP: serendipity -- PHP Weblog/Blog software
Package: wnpp Severity: wishlist * Package name: serendipity Version : 0.8.1 Upstream Author : Jannis Hermanns <[EMAIL PROTECTED]> * URL : http://www.s9y.info/ * License : BSD Description : PHP Weblog/Blog software PHP blog with all the common features (comments,track/pingbacks,RSS) plus cool extras:Click'n' blog admin,extensible event-driven plugin API,easy styling, multiuser,image management,static pregeneration and a nifty installer: unpack, open in browser! -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.25-1-386 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
