[development] Irresponsible security researcher

Thomas Zahreddin tz at it-arts.org
Wed May 13 08:33:59 UTC 2009


Hallo Karoly, and community,

thank you for beeing accurate:
 
"Drupal security and I have also disagreed over the
severity of security issues which has resulted in patches not being
developed (http://drupal.org/node/372836)"

so he disagreed at least ...

I also don't post fixes, since i see so many patches and issues rotting
in the issue queue.

Sometimes i suggest something and i get 'it is this way by design'. But
how to envole the topic?

Sometimes i write for hours doku and it disappears (or is no longer
accessible for me)

These are expieriences over the last two year, i don't have concrete
topics i can point to - but they exist and force me in a leecher state.

And by the way it is not true, that drupal needs more code, if you think
so take all patches form the issue queues.

And it is allso not true, that drupal is a dookratie, since all the
authors of the patches contributed.

I dislike contributing patches that sit for years or for ever in queues

So i can't see the value of just another patch.

Best
Thomas Zahreddin

Am Mittwoch, den 13.05.2009, 01:20 -0700 schrieb Karoly Negyesi:
> > - this person wants to improve security of drupal
> > - he made a patch, that maybe wasn't accepted or he was disapointed with
> > the procedures of the community
> 
> He made a patch?
> 
> > -> so what's wrong with the person?
> 
> Check his site. Maybe the fact that he never posts a fix on the issues
> he discloses (i might have missed some)?  And his disclosures include
> precise, step-by-step exploits? That's not so nice, is it?
> 
> Regards
> 
> NK



More information about the development mailing list