[development] Drupal's CVS policies... including 'foriegn' code in TinyMCE module?
Kevin Reynen
kreynen at gmail.com
Mon May 21 19:38:56 UTC 2007
Is the security concern about known exploits of the 3rd party code?
I'm not sure how NOT incorporating 3rd party code makes a module more
secure... unless its a concern that the person uploading the code
doesn't actually know much about what they are uploading.
I'm not trying to be argumentative, but isn't any module where the
maintainer is sloppy, seriously behind, or implementing code they
don't fully understand as much of a security risk?
- Kevin Reynen
On 5/21/07, Karoly Negyesi <karoly at negyesi.net> wrote:
> > I don't understand what's so inconvenient in allowing external files.
>
> It's very simple. When there is a security fix released for the 3rd party code then our repository necessarily will be some time behind -- if the maintainer is sloppy then seriously behind. I do not want Drupal distributing insecure code. Solve this problem and we can move on.
>
More information about the development
mailing list