On 05/07/2013 11:21 PM, Sebastian Kügler wrote:
Hi ownClouders,
On Monday, May 06, 2013 15:29:56 Lukas Reschke wrote:
I just released a custom mod_security ruleset for ownCloud 5.0. - I've
rewritten the whole set yesterday which means that it most probably still
has some bugs inside ;-)
Let me state the obvious here: You _released_ a security critical feature
which has not been thoroughly tested (or even reviewed critically?) and is
less than 24 hours old.
Looking at the amount of CVE numbers in ownCloud's changelogs and this email,
this suggests a fundamental process problem.
Having seen ownCloud being ridiculed for its amount of regressions and
security problems more than once in the past two weeks alone makes me sad. I
think the software and its underlying ideas has great potentials, but the
problems it's currently fighting will simply not go away if this way of
putting code out into the open is the norm.
Cheers,
I think you misunderstand the mod_security stuff. Its a basically some
kind of firewall and an addtional layer of security. Basically it has
nothing to do with the current owncloud code.
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
