Hi ownClouders, On Monday, May 06, 2013 15:29:56 Lukas Reschke wrote: > I just released a custom mod_security ruleset for ownCloud 5.0. - I've > rewritten the whole set yesterday which means that it most probably still > has some bugs inside ;-)
Let me state the obvious here: You _released_ a security critical feature which has not been thoroughly tested (or even reviewed critically?) and is less than 24 hours old. Looking at the amount of CVE numbers in ownCloud's changelogs and this email, this suggests a fundamental process problem. Having seen ownCloud being ridiculed for its amount of regressions and security problems more than once in the past two weeks alone makes me sad. I think the software and its underlying ideas has great potentials, but the problems it's currently fighting will simply not go away if this way of putting code out into the open is the norm. Cheers, -- sebas http://www.kde.org | http://vizZzion.org | GPG Key ID: 9119 0EF9 _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
