On Thu, Oct 8, 2009 at 5:01 AM, Kenneth Gonsalves <law...@au-kbc.org> wrote:
> On Wednesday 07 Oct 2009 3:38:25 pm Noufal Ibrahim wrote: > > On Wed, Oct 7, 2009 at 3:16 PM, Kenneth Gonsalves <law...@au-kbc.org> > > wrote: [..] > > > > > django, plone has about one issue every two years - usually minor and > not > > > affecting anything critical. There is something radically wrong in a > > > software that gets one core critical issue a month (even then drupal is > > > better than wordpress that churns out such things 2 or 3 times a > > > month).[..] > > > > One thing to consider is that the number of deployed installations of > > PHP based CMSs like Drupal and Wordpress is much MUCH higher than the > > Python based ones like Plone. That alone will skew the numbers quite a > > bit. > > > > There are cases of course where the software itself was not designed > > with security in mind perhaps for an earlier era (eg. Sendmail) where > > the number of exploits is quite high but I don't think Drupal falls > > into this category. > > > > Your comment however begs the question - do you feel that one of the > > reasons why Drupal is 'insecure' because it's coded in PHP. > Yes. Take a look at the cyber security bulletin from U.S home land security for Jan 09 as an example. http://www.us-cert.gov/cas/bulletins/SB09-033.html I did a quick n dirty count using browser find in Firefox, and counted about 12 vulnerabilities related to Python in total. For PHP, I counted 25 and stopped counting. Of course, there is always the argument that Python is much less used on the web as opposed to PHP, which is the reason for this. You can find an argument in the lines of that here, http://fourkitchens.com/blog/2009/04/03/vulnerability-reports-are-not-indications-weakness He quotes Linus out of context, which is "Given enough eyeballs, all bugs are shallow" which however does not imply , "Not given enough eyeballs, shallow bugs are actually deep pits waiting to be exploited". This is at best a strawman argument. > > -- > regards > Kenneth Gonsalves > Senior Project Officer > NRC-FOSS > http://nrcfosshelpline.in/web/ > _______________________________________________ > BangPypers mailing list > BangPypers@python.org > http://mail.python.org/mailman/listinfo/bangpypers > -- --Anand
_______________________________________________ BangPypers mailing list BangPypers@python.org http://mail.python.org/mailman/listinfo/bangpypers
