There has been a Twitter exchange between David Straus and Alexander that has escalated onto Straus's blog regarding the relative security merits of Drupal and Plone.
In my last comment I seem to have hit a nerve because David replied, "Does Plone even have a system for reporting vulnerabilities in modular, community-maintained code?" While I'm aware of Plone's bug tracking system and security-at-plone.org, I'm not actively involved with security issues as a core developer or an add-on product developer. I thought I'd turn to the community for a reasoned reply to him. Would someone kindly hop over to http://fourkitchens.com/blog/2009/04/03/vulnerability-reports-are-not-indications-weakness and set the record straight? Thanks in advance -- View this message in context: http://n2.nabble.com/Plone-vs-Drupal-Security-tp2582469p2582469.html Sent from the Evangelism mailing list archive at Nabble.com. _______________________________________________ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism