[colug-432] June COLUG Meeting Announcement

Pat Collins pat at linuxcolumbus.com
Tue Jun 26 14:17:22 EDT 2012 

On Tue, 26 Jun 2012 13:36:47 -0400 (EDT) R P Herrold <herrold at owlriver.com>
wrote

> On Tue, 26 Jun 2012, Pat Collins wrote:
> 
> > I doubt you have seen repeated exploits on Drupal sites, care to offer
> > proof on
> > a site being run by professionals?  The Drupal core is always being
> > improved and
> > they have a very good security team.  Delegation of authoring is extremely
> > good
> > (role based).  I'm rarely in "site maintenance mode" and even then, the cli
> > makes it pretty easy to automate.
> 
> Trivially easy. If they are so hot, why are they always 'in
> the news?'  Why is their module system not confined to a
> 'sandbox' and so not protective of third-parties?
> 
> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=drupal
> 

You see a lot because the policy is to be open about security issues and to
report them (get a cve # for them).  A majority of the issues listed are for
contributed modules, so contributed code is being reviewed, which a lot of
projects don't do until they are exploited.  Furthermore, the Drupal core is
substantially rewritten between major revisions so a security issue with 4.x
doesn't mean that the 7.x version will have the same problem.

Since Drupal is very modular you can turn off what you don't want.  Just running
with the core system gives you a majority of the functionality you need.  The
add-ons just make it better, your choice to use them or not.


> > Now, the next question.  Since COLUG is about open source
> > why is this group so close minded?
> 
> If the comment is directed at me, I am conservative in what I
> deploy at the COLUG site, to avoid workload (as mentioned in
> my initial post) -- I choose to think of it as perlishly
> virtuious
>
Sorry, if you took it that way, it was meant to the group as a whole.
We all want to avoid workload.  A good way of doing that is to seek out
knowledge that others may have.

> I would make the counter-argument that only cowboys and kids
> play with fragile, 'latest is greatest', high-maintenance kit

So, everybody else is a cowboy or a kid?  I choose cowboy!  Yeee Haaaaw!

Pat

More information about the colug-432 mailing list