FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 08-08-2012, 06:51 PM
Les Mikesell
 
Default Forums

On Wed, Aug 8, 2012 at 1:39 PM, Nux! <nux@li.nux.ro> wrote:
>
> +1 phpBB
>
> Has a large user base and (I imagine) developer base. The likely
> security issues will be promptly fixed. :-)

And how many years have they been saying that?

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 08-08-2012, 06:57 PM
Karanbir Singh
 
Default Forums

On 08/08/2012 07:51 PM, Les Mikesell wrote:
> On Wed, Aug 8, 2012 at 1:39 PM, Nux! <nux@li.nux.ro> wrote:
>>
>> +1 phpBB
>>
>> Has a large user base and (I imagine) developer base. The likely
>> security issues will be promptly fixed. :-)
>
> And how many years have they been saying that?
>

Also, how many bits on the wishlist does it tick off ?

--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
ICQ: 2522219 | Yahoo IM: z00dax | Gtalk: z00dax
GnuPG Key : http://www.karan.org/publickey.asc
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 08-08-2012, 07:00 PM
Mike Doroshenko
 
Default Forums

To get even basic functionality on
phpBB you have to install lots of mods which is painful if you
have more than one theme and/or need to upgrade it.



On 08/08/2012 12:57 PM, Karanbir Singh wrote:



On 08/08/2012 07:51 PM, Les Mikesell wrote:


On Wed, Aug 8, 2012 at 1:39 PM, Nux! <nux@li.nux.ro> wrote:


+1 phpBB

Has a large user base and (I imagine) developer base. The likely
security issues will be promptly fixed. :-)


And how many years have they been saying that?



Also, how many bits on the wishlist does it tick off ?


--
Mike Doroshenko, Junior Sys Admin
TecKnoQuest Inc.
miked@tecknoquest.com
www.tecknoquest.com


_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 08-08-2012, 07:01 PM
"John R. Dennison"
 
Default Forums

On Wed, Aug 08, 2012 at 01:51:42PM -0500, Les Mikesell wrote:
> On Wed, Aug 8, 2012 at 1:39 PM, Nux! <nux@li.nux.ro> wrote:
> >
> > +1 phpBB
> >
> > Has a large user base and (I imagine) developer base. The likely
> > security issues will be promptly fixed. :-)
>
> And how many years have they been saying that?

-1 phpBB

phpBB has one of the worst track records for forum packages with regards
to security issues and they have, as Les mentioned, been promising to
"fix" the heart of the problem for many, many years now. Quite a few
years ago I grew tired of the "phpBB security hole of the week" game,
transitioned everything to SMF, and never once looked back. I routinely
turn down gigs that want phpBB if I am unable to convince them to go
with SMF - it's just not worth the headaches.





John
--
Basic research is when I am doing what I don't know what I am doing.

-- Wernher von Braun (1912-1977), German-born rocket scientist,
in an interview in the New York Times, 16 December 1957
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 08-08-2012, 07:04 PM
Ned Slider
 
Default Forums

On 08/08/12 19:57, Karanbir Singh wrote:
> On 08/08/2012 07:51 PM, Les Mikesell wrote:
>> On Wed, Aug 8, 2012 at 1:39 PM, Nux!<nux@li.nux.ro> wrote:
>>>
>>> +1 phpBB
>>>
>>> Has a large user base and (I imagine) developer base. The likely
>>> security issues will be promptly fixed. :-)
>>
>> And how many years have they been saying that?
>>
>
> Also, how many bits on the wishlist does it tick off ?
>

See the matrix here:

http://wiki.centos.org/WebsiteVer2/forums

_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 08-08-2012, 07:07 PM
Karanbir Singh
 
Default Forums

On 08/08/2012 08:01 PM, John R. Dennison wrote:
> phpBB has one of the worst track records for forum packages with regards
> to security issues and they have, as Les mentioned, been promising to
> "fix" the heart of the problem for many, many years now. Quite a few
> years ago I grew tired of the "phpBB security hole of the week" game,
> transitioned everything to SMF, and never once looked back. I routinely
> turn down gigs that want phpBB if I am unable to convince them to go
> with SMF - it's just not worth the headaches.

Is it possible to quantify this phpbb security issue ?

--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
ICQ: 2522219 | Yahoo IM: z00dax | Gtalk: z00dax
GnuPG Key : http://www.karan.org/publickey.asc
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 08-08-2012, 07:09 PM
Ned Slider
 
Default Forums

On 08/08/12 20:01, John R. Dennison wrote:
> On Wed, Aug 08, 2012 at 01:51:42PM -0500, Les Mikesell wrote:
>> On Wed, Aug 8, 2012 at 1:39 PM, Nux!<nux@li.nux.ro> wrote:
>>>
>>> +1 phpBB
>>>
>>> Has a large user base and (I imagine) developer base. The likely
>>> security issues will be promptly fixed. :-)
>>
>> And how many years have they been saying that?
>
> -1 phpBB
>
> phpBB has one of the worst track records for forum packages with regards
> to security issues and they have, as Les mentioned, been promising to
> "fix" the heart of the problem for many, many years now. Quite a few
> years ago I grew tired of the "phpBB security hole of the week" game,
> transitioned everything to SMF, and never once looked back. I routinely
> turn down gigs that want phpBB if I am unable to convince them to go
> with SMF - it's just not worth the headaches.
>
>

SMF was rejected a long time ago on the basis of the license not being
friendly. Please check back in the archives or refer to the matrix here:

http://wiki.centos.org/WebsiteVer2/forums

Thanks.

_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 08-08-2012, 07:12 PM
Jeff Sheltren
 
Default Forums

On Wed, Aug 8, 2012 at 12:07 PM, Karanbir Singh <mail-lists@karan.org> wrote:
> On 08/08/2012 08:01 PM, John R. Dennison wrote:
>> phpBB has one of the worst track records for forum packages with regards
>> to security issues and they have, as Les mentioned, been promising to
>> "fix" the heart of the problem for many, many years now. Quite a few
>> years ago I grew tired of the "phpBB security hole of the week" game,
>> transitioned everything to SMF, and never once looked back. I routinely
>> turn down gigs that want phpBB if I am unable to convince them to go
>> with SMF - it's just not worth the headaches.
>
> Is it possible to quantify this phpbb security issue ?
>

Yes, CVEs and looking at release history seems like a way to quantify
it. As I understand it, this was really more of an issue with older
1.x, 2.x versions. phpBB 3.x underwent an external (to the phpBB
team) security review, and as far as I've seen, they've not had a lot
of problems since, and are pretty good/fast about addressing any
potential security issues.

-Jeff
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 08-08-2012, 07:23 PM
Ned Slider
 
Default Forums

On 08/08/12 20:07, Karanbir Singh wrote:
> On 08/08/2012 08:01 PM, John R. Dennison wrote:
>> phpBB has one of the worst track records for forum packages with regards
>> to security issues and they have, as Les mentioned, been promising to
>> "fix" the heart of the problem for many, many years now. Quite a few
>> years ago I grew tired of the "phpBB security hole of the week" game,
>> transitioned everything to SMF, and never once looked back. I routinely
>> turn down gigs that want phpBB if I am unable to convince them to go
>> with SMF - it's just not worth the headaches.
>
> Is it possible to quantify this phpbb security issue ?
>

Sure:

http://secunia.com/community/advisories/search/?search=phpBB
http://secunia.com/advisories/product/17998/?task=statistics

Looks like there's been 6 vulnerabilities (5 advisories) in the lifespan
of the 3.x product (since 2008?). So just over one per year and
importantly all have been fixed.

That seems pretty reasonable for a web based application to me. I was
expecting it to be much higher than that.

In contrast, the current forum software (Xoops 2.x) has had 36
vulnerabilities:

http://secunia.com/advisories/product/327/

of which 8% remain unpatched. Oops!

_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 08-08-2012, 07:26 PM
Karanbir Singh
 
Default Forums

On 08/08/2012 08:04 PM, Ned Slider wrote:
> See the matrix here:
>
> http://wiki.centos.org/WebsiteVer2/forums

I was looking at that this morning, and it seems to have not been
updated in a very long time. I guess your statement implies that its
still accurate.

--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
ICQ: 2522219 | Yahoo IM: z00dax | Gtalk: z00dax
GnuPG Key : http://www.karan.org/publickey.asc
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 

Thread Tools




All times are GMT. The time now is 05:04 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org