* Moritz Muehlenhoff ([EMAIL PROTECTED]) [061215 21:46]: > On 2006-12-14, Isaac Clerencia <[EMAIL PROTECTED]> wrote: > > I've just uploaded a new moodle version which only includes a new > > patch for a XSS security problem. > > Isaac, this is the 34th security problem in Moodle since 2004. (Counting > by CVE assignments, many of them represent multiple security problems) > > It's already more or less unsupportable in Sarge (AFAICT fixes for about > a dozen vulnerabilities need to be analysed, extarcted and backported, > as upstream doesn't provide clean information; this is roughly 0.5-1 > man days of work) > > I don't think we should repeat the mistake to include it in a stable > release again.
In case you think moodle is unsuitable for a stable release because of | 5. General | | (a) Supportable | | Packages in the archive must not be so buggy or out of date we | refuse to support them. you should submit an serious bug report because of this. Cheers, Andi -- http://home.arcor.de/andreas-barth/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
