F Q
Am 08.05.2013 um 00:08 schrieb "Bernhard Posselt" <[email protected]>: > On 05/07/2013 11:21 PM, Sebastian Kügler wrote: >> Hi ownClouders, >> >> On Monday, May 06, 2013 15:29:56 Lukas Reschke wrote: >>> I just released a custom mod_security ruleset for ownCloud 5.0. - I've >>> rewritten the whole set yesterday which means that it most probably still >>> has some bugs inside ;-) >> Let me state the obvious here: You _released_ a security critical feature >> which has not been thoroughly tested (or even reviewed critically?) and is >> less than 24 hours old. >> >> Looking at the amount of CVE numbers in ownCloud's changelogs and this email, >> this suggests a fundamental process problem. >> >> Having seen ownCloud being ridiculed for its amount of regressions and >> security problems more than once in the past two weeks alone makes me sad. I >> think the software and its underlying ideas has great potentials, but the >> problems it's currently fighting will simply not go away if this way of >> putting code out into the open is the norm. >> >> Cheers, > I think you misunderstand the mod_security stuff. Its a basically some kind > of firewall and an addtional layer of security. Basically it has nothing to > do with the current owncloud code. > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
