On Thursday 10 Sep 2009 6:06:44 pm Prem Kurian Philip wrote: > >> As these CMSs are more frequently used, attacks against these CMSs will > >> also be higher and also also the people working on fixing these holes - > >> which is why you see lot more security patches in the more popular CMSs. > > > >plone is a very widely used CMS - where are the security patches? I do not > >think their site even has a security page, feed or mailing list. So the > >logic is flawed > > There is no such thing as a software without vulnerability. Even OpenBSD > has had a few vulnerabilities over the years.
true - but when using good software one can comfortably sleep at night. > > Anyway, here is plone's page: > http://dev.plone.org/plone/search?q=vulnerability&noquickjump=1&ticket=on&c >hangeset=on&milestone=on&wiki=on stunning - 10 holes in 4 years as compared to 63 in drupal for 2009 alone. And looking at the 'holes' in plone, I do not see anything mission critical > > I have given "vulnerability" as the search word. Please try using any of > the others such as "security" etc. > > Also, since Plone is based on Zope, zope's vulnerabilities affect plone as > well. Finding zope's bug reporting page for security vulnerabilities is > left as an exercise for the reader :) actually, Zope is so paranoid about security that even an admin would find it difficult to crack it ;-) -- regards kg http://lawgon.livejournal.com _______________________________________________ To unsubscribe, email ilugc-requ...@ae.iitm.ac.in with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
