Hello, Am Dienstag, 14. Februar 2012 schrieb Ludwig Nussel:
Christian Boltz wrote:
[...] - webapps that allow to update themself online (like wordpress - and> no, I won't be surprised if I see a *shudder* from Ludwig because this requires write permissions for wwwrun on the whole webapp) Yeah, I always need to have a sick bag handy when thinking about web apps ;-)
;-)
Things aren't as easy as you'd like them to be ;-) and you'll probably end up with lots of symlinks (depending on which webapp you package of course).
I guess some webapps are better and some are worse, depending who wrote it and for what purpose.
Yes, of course. Which leaves the question if we should invest lots of time to force the packaging-unfriendly webapps into the scheme we like for the packaging-friendly webapps, or if we accept the fact that they need everything in one directory. See my reply to Ralf's mail for more details.
for (at least) Joomla, Typo3, S9Y and Mediawiki.
I'm not sure what the number of hits in the CVE database for those candidates tells us about them :-)
That there are people who care about those webapps and check them for security issues? Hmm, I don't remember a CVE for /bin/true - does this mean nobody audited its code? ;-) Oh, and all that is still better than the way the Adobe security chief would like, see http://www.zdnet.com/blog/security/offensive-security-research-community-hel... (money quote: "Finding a bug is pretty straightforward" ;-)) The even more interesting reading is the comment about the article on http://blog.fefe.de/?ts=b1cba1ed (in german - google translate exists) Regards, Christian Boltz -- Aus technischen Grunden befindet sich die Signatur auf der Rückseite dieser Mail. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org