On Tuesday 20 March 2007 06:16 am, Octave Orgeron wrote: > Perl and PHP are often targeted on the internet. It's sad and > unfortunate, but it's the reality of things. When I use to work for a > web hosting company, we'd constantly have to deal with crackers and > script kiddies hijacking customer websites. In many cases, poorly > written perl or php code was to blame. The worst part is that most of > the code people use comes from other sites that have pre-packaged > forums, ordering systems, mailing list etc. So I think we'll be > upgrading and patching(once 11 comes out) the web stack on a regular > basis. But at the same time, it would provide a lot of value to > customers in the web space.
When you say, "So I think we'll be upgrading and patching(once 11 comes out) the web stack on a regular basis.", so you mean the community will need to keep upgrading the package(s)? I'm not sure who "we'll" refers to. Yes, the packages will need to be updates, and most likely we won't be able to get things updated quick enough for folks that are running this stuff in production, they'll need to be tracking that themself, IMO. At least the way the current system works, it takes some work to build, test, and package the software up. If this needs to be done everytime a security module is released, that will cause a lot of work. If we had an online repository that could update over the net, that would be easier, but it would still be work to build, test, and package. I'd be curious to hear if Blastwave is able to keep up with security patches on PHP, they would be in the same situation, but less as they probably don't do as much testing as Sun has done in packaging up the software themself. Maybe Dennis can comment on that and/or how the users of Blastwave PHP keep themself secure from attacks. OTOH, maybe Blastwave has figured out a way to get updates for PHP in place on in a timely fashion that that isn't a problem. Regardless, someone will need to track these security problems on a daily basis. -- Alan DuBoff - Solaris x86 Engineering - IHV/OEM Group Advocate of insourcing at Sun - hire people that care about our company! _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
