[Owncloud] [Alpha] mod_security rules for ownCloud 5.0

Sebastian Kügler sebas at kde.org
Tue May 7 21:21:38 UTC 2013


Hi ownClouders,

On Monday, May 06, 2013 15:29:56 Lukas Reschke wrote:
> I just released a custom mod_security ruleset for ownCloud 5.0. - I've
> rewritten the whole set yesterday which means that it most probably still
> has some bugs inside ;-)

Let me state the obvious here: You _released_ a security critical feature 
which has not been thoroughly tested (or even reviewed critically?) and is 
less than 24 hours old.

Looking at the amount of CVE numbers in ownCloud's changelogs and this email, 
this suggests a fundamental process problem.

Having seen ownCloud being ridiculed for its amount of regressions and 
security problems more than once in the past two weeks alone makes me sad. I 
think the software and its underlying ideas has great potentials, but the 
problems it's currently fighting will simply not go away if this way of 
putting code out into the open is the norm.

Cheers,
-- 
sebas

http://www.kde.org | http://vizZzion.org | GPG Key ID: 9119 0EF9



More information about the Owncloud mailing list