Just to add. He asked for testing and released it for testing within an alpha state. Additionally pushes into a repo doesn't say anything about the age per se. ...
On Wed, May 8, 2013 at 1:32 AM, Appeldorn, Michael <[email protected]> wrote: > F > > Q > > > > > > Am 08.05.2013 um 00:08 schrieb "Bernhard Posselt" <[email protected]>: > >> On 05/07/2013 11:21 PM, Sebastian Kügler wrote: >>> Hi ownClouders, >>> >>> On Monday, May 06, 2013 15:29:56 Lukas Reschke wrote: >>>> I just released a custom mod_security ruleset for ownCloud 5.0. - I've >>>> rewritten the whole set yesterday which means that it most probably still >>>> has some bugs inside ;-) >>> Let me state the obvious here: You _released_ a security critical feature >>> which has not been thoroughly tested (or even reviewed critically?) and is >>> less than 24 hours old. >>> >>> Looking at the amount of CVE numbers in ownCloud's changelogs and this >>> email, >>> this suggests a fundamental process problem. >>> >>> Having seen ownCloud being ridiculed for its amount of regressions and >>> security problems more than once in the past two weeks alone makes me sad. I >>> think the software and its underlying ideas has great potentials, but the >>> problems it's currently fighting will simply not go away if this way of >>> putting code out into the open is the norm. >>> >>> Cheers, >> I think you misunderstand the mod_security stuff. Its a basically some kind >> of firewall and an addtional layer of security. Basically it has nothing to >> do with the current owncloud code. >> _______________________________________________ >> Owncloud mailing list >> [email protected] >> https://mail.kde.org/mailman/listinfo/owncloud > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
