[development] Think there's a security problem in your module? Here's what to do.
Khalid Baheyeldin
kb at 2bits.com
Fri Jan 18 04:28:50 UTC 2008
> Given our distro system, if we're really worried about hackers
> sniffing commit logs, I would rather remove anonymous CVS access.
We can't do that. Many users rely on cvs access to deploy sites.
We can in theory shut that down. But what about http://drupal.org/cvs?
That way you stop the vulnerability sniffing all together. Like I
> said I know I'm in the minority here and don't really expect to
> change your mind on this one.
>
If we shut down both, then it is no longer an open source project.
Didn't see any major project shut down like that.
> I been involved with enough volunteer organizations to know that it's
> always an uphill battle to manage workload. I don't begrudge that,
> but I try and keep my expectations tempered.
>
> I really hope no-one on the security team is offended. I mean no
> such offense. I really do respect and appreciate the service that
> they provide and yes, I do consult with them when I do my security
> related fixes.
No offense taken at all, from you or from others. We are always open
to suggestions (and even recruiting for the security team!)
--
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080117/b17e6072/attachment.htm
More information about the development
mailing list