On 11/04/14 09:35, Cristovao Jose Domingues Cordeiro wrote:
>
> The XSS vulnerability must be fixed for sure.
While I share your concerns, it is worth emphasizing that some
contributors to the Ganglia project do not use Ganglia in such a way
where these risks are a priority for them.
In recent years, the project has largely evolved based on what people
want to contribute.
The only way this will change is if the project attracts more
participation (including scrutiny of new pull requests) from people with
security awareness/expertise.
The only alternative may be to fork an older version that is considered
secure and cherry-pick new features selectively, screening each of them
for your own security requirements.
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Ganglia-general mailing list
Ganglia-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-general
