Is the security concern about known exploits of the 3rd party code? I'm not sure how NOT incorporating 3rd party code makes a module more secure... unless its a concern that the person uploading the code doesn't actually know much about what they are uploading. I'm not trying to be argumentative, but isn't any module where the maintainer is sloppy, seriously behind, or implementing code they don't fully understand as much of a security risk? - Kevin Reynen On 5/21/07, Karoly Negyesi <karoly@negyesi.net> wrote:
I don't understand what's so inconvenient in allowing external files.
It's very simple. When there is a security fix released for the 3rd party code then our repository necessarily will be some time behind -- if the maintainer is sloppy then seriously behind. I do not want Drupal distributing insecure code. Solve this problem and we can move on.